Community discussions

Search found 382 matches

  • 1
  • 2
by eflanery
Tue Feb 05, 2019 7:45 pm
Forum: RouterBOARD hardware
Topic: CRS309-1g-8S+IN mixed reaction
Replies: 4
Views: 764

Re: CRS309-1g-8S+IN mixed reaction

Indeed it would, I'd be tempted to forklift my whole transport network for hardware push/pop.

We've already been swapping out 1072s for 317s as P routers at larger sites, but holding out for the 309 before doing smaller sites. I guess we will keep holding out for now.

Thanks,
--Eric
by eflanery
Tue Feb 05, 2019 7:06 pm
Forum: RouterBOARD hardware
Topic: CRS309-1g-8S+IN mixed reaction
Replies: 4
Views: 764

Re: CRS309-1g-8S+IN mixed reaction

The 317 works great as a swap-only P/LSR. Aside from a couple of 'minor' issues (can't seem to get away from implicit nulls on auto-bandwidth TE tunnels, which is bad if the penultimate router is swap-only in hardware with an insufficient CPU; and TTL-expired messages don't seem to be sent for packe...
by eflanery
Tue Jul 31, 2018 9:40 pm
Forum: SwOS
Topic: CRS328-4S-20S-4S+ First Day Fail?
Replies: 12
Views: 2074

Re: CRS328-4S-20S-4S+ First Day Fail?

Such things shouldn't happen in properly designed hardware - proper low voltage reset circuits are cheap and easily available. But as a workaround, add a resistor to discharge the capacitors faster - if the voltage on them during normal operation is 3.3 volts, use something like 100 ohms. Or a smal...
by eflanery
Mon Jul 30, 2018 10:35 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13849

Re: IS-IS

IS-IS can scale much larger than OSPF due to the way it designs the hierarchy of flooding domains and by using Incremental SPF. This is why it's used as the IGP of choice for most large ISPs and Data Centers I have an ISP customer with around 200 POP's and OSPF scalability is a real problem. We hav...
by eflanery
Mon Jul 30, 2018 10:29 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 13849

Re: IS-IS

Regarding the 200+ PoP scaling issue... Yes, IS-IS scales "better", but you shouldn't really be running into issues at that size even with OSPF in a single area... Best practice for a network that large is to put only loopbacks and link-nets into your IGP (be it OSPF, IS-IS, or even EIGRP), while ke...
by eflanery
Mon Jul 30, 2018 10:14 pm
Forum: SwOS
Topic: CRS328-4S-20S-4S+ First Day Fail?
Replies: 12
Views: 2074

Re: CRS328-4S-20S-4S+ First Day Fail?

I'm seeing similar behavior with two CRS328-4C-20S-4S+ boxes, although it takes them a lot longer than 2 minutes unpowered before they will come back up correctly. This is all RouterOS, I have not tried SwOS. On 'first' boot, they work fine. All ports link up and work as they should. On subsequent b...
by eflanery
Tue Nov 28, 2017 8:29 pm
Forum: General
Topic: BGP filters - set pref src with invalid IP - route silently DROPPED without any message
Replies: 1
Views: 698

Re: BGP filters - set pref src with invalid IP - route silently DROPPED without any message

While not addressing your other points, with regards to #1, I think you misunderstand BGP a bit... Nothing that you do with routes received via a BGP session can or should invalidate the session itself. The BGP session is established and perfectly valid, and is exchanging NLRI without issue, even if...
by eflanery
Thu Oct 19, 2017 1:02 am
Forum: Forwarding Protocols
Topic: MPLS-TE auto-bandwidth switches to implicit null?
Replies: 0
Views: 440

MPLS-TE auto-bandwidth switches to implicit null?

In playing with a new CRS317 as a LSR/P-router (with 2 CCR1036's as LERs/PE-routers), trying out the hardware MPLS forwarding, I'm bumping into an issue... Initially, TE tunnel LSPs between the CCRs get established with explicit nulls for the P->egress-PE segment. Awesome! The CRS only has to swap t...
by eflanery
Fri Nov 11, 2016 7:32 pm
Forum: Forwarding Protocols
Topic: MikroTik Ethertype 0x0027 purpose (MPLS)?
Replies: 3
Views: 1601

Re: MikroTik Ethertype 0x0027 purpose (MPLS)?

Seeing 0x0027 in the "EtherType" (bytes 12-13 in the frame) field means that it isn't an "Ethernet II" frame, but rather an 802.3 frame; and that isn't actually an "EtherType", but rather a length field (39 bytes, in this case). To see exactly what sort of packet it is, you would need to look at the...
by eflanery
Mon Jul 28, 2014 11:28 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5698

Re: BGP session over 31 bit subnet

What does the connected route for 212.6.82.0/32 look like? I just tried it, setting up a session between two MTs, one with a /32 mask, and the other with a /31. As I expected, the routes are active on the unit with the /32 mask, and not on the one with the /31. /32 unit: /ip address add address=169....
by eflanery
Mon Jul 28, 2014 7:34 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5698

Re: BGP session over 31 bit subnet

For BGP, you can use a /31 on the Cisco side; and a /32 on the MT side, with the network= parameter set to the Cisco's side of the /31. So, with the Cisco config you have, you would want to change the MT side to: /ip address add address=212.6.82.1/32 interface=vlan-2958 network=212.6.82.0 That won'...
by eflanery
Mon Jul 21, 2014 7:17 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5698

Re: BGP session over 31 bit subnet

For BGP, you can use a /31 on the Cisco side; and a /32 on the MT side, with the network= parameter set to the Cisco's side of the /31. So, with the Cisco config you have, you would want to change the MT side to: /ip address add address=212.6.82.1/32 interface=vlan-2958 network=212.6.82.0 That won't...
by eflanery
Thu Jun 26, 2014 1:21 am
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 21
Views: 9586

Re: WE NEED EIGRP

My 2 cents... EIGRP would be nice to have. Not so much for our internal network, but as a PE-CE protocol. We have a few customers that use EIGRP in their networks, and at the moment we have to provide them with a L2VPN. If EIGRP was supported, we could provide them a natively supported L3VPN. Howeve...
by eflanery
Wed Jun 25, 2014 4:45 pm
Forum: RouterBOARD hardware
Topic: 60KM SFP
Replies: 8
Views: 2408

Re: 60KM SFP

I've been using the fiberstore.com 80km optics in CCRs with great success.

--Eric
by eflanery
Thu Jun 12, 2014 8:32 pm
Forum: General
Topic: Fiber optic PtP link
Replies: 4
Views: 1329

Re: Fiber optic PtP link

Hi, It will travel through Carrier's DWDM network, what do you think about that would be possible to easily upgrade speed just replacing transceivers? Probably not, but it depends on their DWDM design. If the transceivers they provide are tuned to the wavelengths they are allocating to you, and fee...
by eflanery
Sat May 31, 2014 12:28 am
Forum: General
Topic: CCR stop working
Replies: 5
Views: 1003

Re: CCR stop working

We have now seen this happen on two CCR1036-12G-4S unit running 6.9 (will upgrade them when we get a chance). In both cases: The units had been working fine for weeks, then all copper ports went down at the same time, while the SFPs continued to work. A reboot brought everything back in both cases. ...
by eflanery
Tue May 27, 2014 8:00 pm
Forum: Forwarding Protocols
Topic: Shortest Path Bridging (SPB)
Replies: 8
Views: 3527

Re: Shortest Path Bridging (SPB)

+1 on SPB/Trill, and even LISP Regarding LISP, it's technically a great idea, and I would love to see it implemented, but... <rant> LISP is already a well-known acronym, for the venerable "List Processing" language. Why, why, why did 'they' need to overload it? Separation of location and identity wo...
by eflanery
Thu Apr 10, 2014 7:05 pm
Forum: RouterBOARD hardware
Topic: Request for real Cloud Core Router HW (10Gbps)
Replies: 18
Views: 8108

Re: Request for real Cloud Core Router HW (10Gbps)

They have announced the CCR-1072-8S+

72 cores, 8 10G ports, 1 1G port, redundant PSU.

Should be nice, and close to what you are looking for.

Hopefully they will be out sometime this year.
by eflanery
Mon Feb 24, 2014 6:30 pm
Forum: General
Topic: MUM Europe 2014 - Italy, Venice, February 20-21
Replies: 146
Views: 59407

Re: MUM Europe 2014 - Italy, Venice, February 20-21

Will the new RB850Gx2 support MetaRouter?

--Eric
by eflanery
Fri Dec 20, 2013 9:02 pm
Forum: General
Topic: raw table, NOTRACK, SYN flood
Replies: 9
Views: 7112

Re: raw table, NOTRACK, SYN flood

+1, would be a great addition. But, it is currently possible to solve the problem using two MT devices. One closest to the connection where the SYN floods are received, with conntrack disabled, and stateless firewall rules to drop the problematic packets. Then another MT device behind that, with con...
by eflanery
Fri Dec 20, 2013 8:22 pm
Forum: RouterBOARD hardware
Topic: Sound Card interface
Replies: 3
Views: 1261

Re: Sound Card interface

It sounds like what you are looking for is some form of USB over IP, where the USB port on the router would be remotely forwarded to a computer somewhere, so that the computer can make use of the USB device as if it were locally attached (VHCI). MT did attempt to add support for that, but unfortunat...
by eflanery
Wed Nov 27, 2013 12:30 am
Forum: General
Topic: What does "1 Nss & 2 Nss" represent ?
Replies: 3
Views: 867

Re: What does "1 Nss & 2 Nss" represent ?

Yes, it's (N)umber of (s)patial (s)treams, i.e. RF chains.

This can correlate to the number of antennas, but multiple-polarization multiple-feed antennas are common now, so it often won't.

--Eric
by eflanery
Wed Nov 27, 2013 12:19 am
Forum: General
Topic: print a value and devide it
Replies: 2
Views: 654

Re: print a value and devide it

:put ( [ip hotspot user get [find name=david] bytes-out] / 1073741824 )
MT only deals with integers though, and truncates instead of rounding, so you will lose some accuracy.

I.e. if 'david' has moved 450541275240 bytes, you will get 419 (GiB), not 419.599260427 (GiB)

--Eric
by eflanery
Thu Nov 14, 2013 6:37 pm
Forum: RouterBOARD hardware
Topic: SFP only router
Replies: 26
Views: 7067

Re: SFP only router

MT would need to base a model on the Tilera TILE-Gx72 chip in order to be able to deal with 8 x 10 GbE. That's the most a single Tilera chip can handle right now. But Tilera themselves pack up to 8 x36s into a single unit so theoretically we could see multi chip CCRs. But it would need adequate dem...
by eflanery
Wed Nov 13, 2013 6:50 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93991

Re: Feature request: OpenVPN compression LZO and UDP

+1

But, at this point I think we are really beating a dead horse.

--Eric
by eflanery
Mon Nov 11, 2013 7:01 pm
Forum: Forwarding Protocols
Topic: IGMP with PPPoE
Replies: 3
Views: 4623

Re: IGMP with PPPoE

IGMP doesn't deliver the multicast traffic itself, it just signals the path. (It isn't a tunneling protocol.) From the sounds of it, your IPTV is delivered in parallel to the PPPoE internet connection, and that the two are not related except that they are carried on the same medium. There are severa...
by eflanery
Tue Nov 05, 2013 8:12 pm
Forum: Forwarding Protocols
Topic: Maximum VPLS / BGP sessions
Replies: 1
Views: 1584

Re: Maximum VPLS / BGP sessions

Our internal route reflectors (over-powered x86 boxes) maintain ~350 BGP sessions each without breaking a sweat (0-2% typical CPU utilization). These sessions are not very busy or heavy, as they do not carry Internet routes or customer routes, only internal management subnets and L2VPNs. Our PPPoE c...
by eflanery
Tue Nov 05, 2013 7:21 pm
Forum: Forwarding Protocols
Topic: Feature request: BGP flowspec (RFC5575)
Replies: 24
Views: 6768

Re: Feature request: BGP flowspec (RFC5575)

+1 This would be great. Currently we do something similar, in a hackish and rudimentary way, with separate routing tables for src-drop and dst-drop firewalls, and scripts that parse them into firewall rules. This would be _much_ better, and even inter-operable with other providers (if you can find o...
by eflanery
Tue Oct 29, 2013 11:53 pm
Forum: Forwarding Protocols
Topic: BGP - Need some help setting up downstream peer
Replies: 3
Views: 2271

Re: BGP - Need some help setting up downstream peer

The only time you would want to use 'redistribute-other-bgp' is if you have multiple BGP instances (not peers), and wish to leak routes between the instances. Typically, one would not use multiple BGP instances except internally, such as using separate private ASNs for L2/3VPNs and different classes...
by eflanery
Thu Oct 03, 2013 7:20 pm
Forum: RouterBOARD hardware
Topic: CCR 1036 CAM table size
Replies: 8
Views: 2522

Re: CCR 1036 CAM table size

There is no CAM or TCAM in any MT products; the FIB (and everything else) is stored in conventional DRAM.

Despite being quite fast, the CCR is still a software router.
by eflanery
Mon Sep 09, 2013 6:01 pm
Forum: Wireless Networking
Topic: PoE Extender Question
Replies: 10
Views: 2218

Re: PoE Extender Question

Of course you are right, in that a 802.3af (or now/soon .3at) system is 'better' in many cases... If you are trying to come up with a 'cookie-cutter' solution that will work in the widest range of situations. If you are using .3af gear. If you need to go a really long distance. If you have high curr...
by eflanery
Fri Sep 06, 2013 7:43 pm
Forum: Wireless Networking
Topic: PoE Extender Question
Replies: 10
Views: 2218

Re: PoE Extender Question

Sure, but if you are using a 12-ish to 24-ish volt passive PoE device at the end anyway, then the efficiency losses of the DC-DC converter will negate a good bit of that benefit. The power supply that comes with the RB750UP has more than sufficient amperage available to drive several devices, even w...
by eflanery
Thu Sep 05, 2013 7:39 pm
Forum: Wireless Networking
Topic: PoE Extender Question
Replies: 10
Views: 2218

Re: PoE Extender Question

I'd actually suggest using a RB750UP as a 'PoE-extender'.

It uses, and provides, exactly the sort of passive PoE that the RB711 needs; and gives you an active device in the middle to monitor and test from.

Plus, they are fairly cheap.

--Eric
by eflanery
Wed Sep 04, 2013 8:59 pm
Forum: General
Topic: Feature Request: MTR
Replies: 72
Views: 25318

Re: Feature Request: MTR

Yikes. It seems that in the latest build, MPLS labels are entirely missing from /tool traceroute, both on the CLI and in WinBox. Not good. Please restore that functionality, it's really very important for us! Thanks, --Eric I can confirm that this is fixed in the 6.3 release version. Thanks guys! I...
by eflanery
Wed Aug 28, 2013 6:10 pm
Forum: General
Topic: Feature Request: MTR
Replies: 72
Views: 25318

Re: Feature Request: MTR

Yikes.

It seems that in the latest build, MPLS labels are entirely missing from /tool traceroute, both on the CLI and in WinBox. Not good.

Please restore that functionality, it's really very important for us!

Thanks,
--Eric
by eflanery
Tue Aug 27, 2013 11:56 pm
Forum: General
Topic: Feature Request: MTR
Replies: 72
Views: 25318

Re: Feature Request: MTR

So, while this is awesome, there does seem to be a bit of a glitch when running from the command line (particularly when telneting from a DOS window), where the MPLS label column doesn't show. This will make certain troubleshooting tricky in certain circumstances. Would it be possible to ensure that...
by eflanery
Wed Aug 21, 2013 10:56 pm
Forum: General
Topic: Feature Request: MTR
Replies: 72
Views: 25318

Re: Feature Request: MTR

Awesome!

Thanks guys!

--Eric
by eflanery
Tue Aug 06, 2013 6:09 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 41463

Re: Point-to-point (/31) addresses

If the subnet is /31 would you not need to use: 10.10.10.1/31 and 10.10.10.2/31 I have run into this because only two addresses are allowed it will expect the equal amount of Ips in the subnet 10.10.10.3/31 would belong with 10.10.10.4/31 No, you need to stick to VLSM boundaries for /31s... So, 10....
by eflanery
Fri Aug 02, 2013 5:52 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 41463

Re: Point-to-point (/31) addresses

What kind of problems you have with TE? The problem wasn't so much directly with TE and /32 addressing, as it was with PtMP mode and CSPF. For some reason, CSPF would never find a path through a PtMP segment, and broadcast or NBMA modes were less stable with /32 addressing. It's been quite a while ...
by eflanery
Thu Aug 01, 2013 6:52 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 41463

Re: Point-to-point (/31) addresses

Using it in my production network without problems. Of course, Only Mikrotik supports this. That's the only limitation Is this usable in production networks? Where's the catch? BR, M Does this tweak work with OSPF? Yes, it works great with simple OSPF and LDP; but TE doesn't seem to work correctly ...
by eflanery
Thu Jul 18, 2013 6:13 pm
Forum: General
Topic: Mikrotik Base Station using Motorola Canopy SM radios
Replies: 1
Views: 1448

Re: Mikrotik Base Station using Motorola Canopy SM radios

You cannot wirelessly connect Canopy SMs to a Mikrotik AP. Canopy uses a proprietary radio interface, which is not supported by any other vendor's gear (except re-packagers of Canopy equipment, like Last Mile). You can of course use Mikrotik equipment at the base station, for routing, switching, bac...
by eflanery
Wed Jul 10, 2013 8:24 pm
Forum: General
Topic: OSPF loopback problem
Replies: 6
Views: 2203

Re: OSPF loopback problem

No problem, glad it worked.

--Eric
by eflanery
Wed Jul 10, 2013 8:19 pm
Forum: General
Topic: Bond0 looking for an IP address
Replies: 3
Views: 876

Re: Bond0 looking for an IP address

I would suggest taking a different approach to redundancy; or at least actually isolating the 'A' and 'B' networks, so that packets from one do not end up on the other. Duplicating every packet is likely to cause problems, and will certainly make troubleshooting more difficult. Beyond that, you can ...
by eflanery
Tue Jul 09, 2013 1:58 am
Forum: General
Topic: Bond0 looking for an IP address
Replies: 3
Views: 876

Re: Bond0 looking for an IP address

It sounds like you have '/ip dhcp-server alert' configured for either the bonding interface, or for one or both ethernet interfaces; and that whatever you have connected to the ethernet ports is forwarding between them. So, broadcast packets emitted from ether1 end up being received by ether2, and v...
by eflanery
Mon Jul 08, 2013 7:13 pm
Forum: RouterBOARD hardware
Topic: Can I add external antenna in RB951G-2hnd
Replies: 5
Views: 2612

Re: Can I add external antenna in RB951G-2hnd

Actually, those sort of test connectors are fairly common. Just look at most smart phone boards. The reason for the connector, it to interrupt the connection to the antenna while testing. A simple pad won't allow that. There do appear to be solder pads for MMCX connectors directly below those test p...
by eflanery
Mon Jul 08, 2013 7:05 pm
Forum: RouterBOARD hardware
Topic: RB-2011UAS-RM New hardware version, does not work with 5.25
Replies: 23
Views: 7779

Re: RB-2011UAS-RM New hardware version, does not work with 5

I would suggest that when the hardware is revised to the point that it isn't compatible with all the same software versions as the old hardware, or when new hardware features are added, that the product code should be changed. MT used to do this, at least to some extent, with the various incarnation...
by eflanery
Mon Jul 08, 2013 6:42 pm
Forum: General
Topic: OSPF loopback problem
Replies: 6
Views: 2203

Re: OSPF loopback problem

Try setting a static 'admin' MAC address on the bridge. If the port that the bridge is adopting it's MAC address from leaves the bridge (or goes down), the bridge (and all VLANs on the bridge) will adopt a MAC from a different port, causing OSPF to reset. This can be prevented by setting admin-mac='...
by eflanery
Mon Jul 08, 2013 6:23 pm
Forum: Forwarding Protocols
Topic: TE_tunnel+VPLS
Replies: 4
Views: 1449

Re: TE_tunnel+VPLS

The TE tunnel itself needs to be thought of as separate from the 'interface' that appears to represent it. That 'interface' is just one way of getting traffic onto the actual tunnel. It's a bit annoying, as it would be nice to see the traffic accounted for on the TE tunnel 'interface'; but traffic t...
by eflanery
Tue Apr 23, 2013 7:45 pm
Forum: General
Topic: Bridge everything except one specific VLAN
Replies: 4
Views: 703

Re: Bridge everything except one specific VLAN

This should work:
/interface bridge filter add chain=forward mac-protocol=vlan vlan-id=XXXX action=drop
You may want to specify in-bridge, in-interface, out-bridge, and/or out-interface; if you are doing other bridging on the same device.

--Eric
by eflanery
Fri Apr 19, 2013 6:43 pm
Forum: General
Topic: any Null interface?
Replies: 9
Views: 1775

Re: any Null interface?

Yup, that would work. The BGP network statement wouldn't be necessary if you you redistribute the covering (/24) static/connected route into BGP. We don't use network statements, instead relying on redistribution, since doing so allows for greater filtering flexibility (attaching communities and suc...
by eflanery
Thu Apr 18, 2013 5:57 pm
Forum: General
Topic: any Null interface?
Replies: 9
Views: 1775

Re: any Null interface?

Not exactly as such.

The best functional equivalent is to install routes of type unreachable, or type blackhole.

You can also create an empty bridge (like a BVI with no bridge-group members), and use it as a Null or Loopback interface.

--Eric
by eflanery
Tue Apr 16, 2013 6:19 pm
Forum: General
Topic: Feature Request: MTR
Replies: 72
Views: 25318

Re: Feature Request: MTR

MTR (or equivalent) on the routers would come in handy. Running it over a tunnel from a host isn't nearly as useful, for multiple reasons. At a minimum, latency and jitter over the tunnel itself can't be eliminated from the results; and it is very difficult to run the test in multiple directions (ei...
by eflanery
Thu Mar 14, 2013 6:07 pm
Forum: RouterBOARD hardware
Topic: New Hardware! - EU MUM 2013
Replies: 54
Views: 20181

Re: New Hardware! - EU MUM 2013

Any thoughts on making a CCR with more 10g ports?

Ideal for me would be one with two 10g-base-t ports (to connect to two core switches), and one SFP+ port (to connect to fiber running to another site).

--Eric
by eflanery
Thu Mar 14, 2013 5:58 pm
Forum: General
Topic: MUM Croatia NEW PRODUCT ANNOUNCEMENT
Replies: 42
Views: 17288

Re: MUM Croatia NEW PRODUCT ANNOUNCEMENT

Very nice!

Will the hardware forwarding on the CRS support MPLS (at least label-swap, i.e. for P router applications) at wire speed?

L3 at wire speed will be nice, but L2.5 would be even nicer. :-)

--Eric
by eflanery
Wed Feb 13, 2013 6:09 pm
Forum: Forwarding Protocols
Topic: Cisco is opening up its EIGRP as open standard
Replies: 4
Views: 2276

Re: Cisco is opening up its EIGRP as open standard

I would like to see this implemented as well.

I certainly don't want to use it internally, but we do have customers that have asked for it as a PE-CE protocol for L3VPN.

--Eric
by eflanery
Mon Jan 28, 2013 8:56 pm
Forum: General
Topic: Feature request: OpenFlow protocol! Cutting edge feature
Replies: 20
Views: 6965

Re: Feature request: OpenFlow protocol! Cutting edge feature

Possibilities... endless.

Success stories... that will take a few years (and a few dozen ROS revisions, no doubt).

At this point, it's just a new toy, like MPLS was a few years back. Practical applications will likely come later, just as they did for MPLS.

--Eric
by eflanery
Mon Jan 28, 2013 4:29 pm
Forum: General
Topic: Feature request: OpenFlow protocol! Cutting edge feature
Replies: 20
Views: 6965

Re: Feature request: OpenFlow protocol! Cutting edge feature

Wow, suddenly OpenFlow!

Thanks for the belated holiday present; just like MPLS all over again. :-)

You guys never cease to amaze!

--Eric
by eflanery
Fri Nov 09, 2012 5:51 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1016911

Re: CLOUD CORE ROUTER

Yay!

So, what is this CCR1016 model number I see silk-screened onto the board?

16 core version?

--Eric
by eflanery
Mon Oct 29, 2012 6:32 pm
Forum: Forwarding Protocols
Topic: BGP and routing filter improvement suggestions
Replies: 58
Views: 16893

Re: BGP and routing filter improvement suggestions

mrz, what? I want something like /routing filter add all-subprefix-in-prefix=192.168.0.0/24 action=accept /routing filter add all-subprefix-in-prefix=192.168.1.0/24 action=discard If I add /routing filter add prefix=192.168.0.0/24 action=accept /routing filter add prefix=192.168.1.0/24 action=disca...
by eflanery
Fri Oct 05, 2012 6:15 pm
Forum: Forwarding Protocols
Topic: BGP and routing filter improvement suggestions
Replies: 58
Views: 16893

Re: BGP and routing filter improvement suggestions

In that case: BGP Peer Groups would be good too. When you have say 10 peers with common settings, the only thing thats different is the peer IP and remote AS, have them belong to a parent group that defines all the other settings, then when you need to change a setting you only need to change it in...
by eflanery
Fri Sep 21, 2012 6:15 pm
Forum: General
Topic: Feature suggestion: 'Propagate DSCP' option for tunnels
Replies: 2
Views: 1007

Re: Feature suggestion: 'Propagate DSCP' option for tunnels

Oh, look at that! :) I had not noticed, since I don't often use those types, and they aren't what I really want this for. (although they will be useful) I'd still like it added to PPP-type tunnels, particularly PPTP. What I'm really looking for is a way to combine centrally concentrated, radius-auth...
by eflanery
Wed Sep 19, 2012 8:16 pm
Forum: General
Topic: Feature suggestion: 'Propagate DSCP' option for tunnels
Replies: 2
Views: 1007

Feature suggestion: 'Propagate DSCP' option for tunnels

Since I can't seem to find a way to do it currently (even tried l7f), I'll make it a feature suggestion: It would be useful (to us at the very least), to have an option to copy the DSCP bits from the interior header of an IP packet, to the exterior IP header of the tunnel packet, upon encapsulation....
by eflanery
Tue Sep 18, 2012 7:35 pm
Forum: General
Topic: DSCP on tunnels
Replies: 0
Views: 391

DSCP on tunnels

I'm trying to figure out how to set DSCP on the outer IP header of tunneled (PPTP in particular) packets, based on the DSCP of the inner packet. Searching the forum, I found that it apparently 'just happened' on some tunnel types prior to 5.16, although PPTP wasn't among them. Basically, at a MT CPE...
by eflanery
Mon Aug 13, 2012 4:36 pm
Forum: Forwarding Protocols
Topic: vpls-mac-learning-disabled
Replies: 4
Views: 1608

Re: vpls-mac-learning-disabled

The local MACs (from the interfaces that make up the bridge) will always be in the host table; but with external-fdb=yes, MACs of other devices won't be learned. Yes, 'external-fdb=yes' should be set for all ports in the bridge, assuming that's what you want. Be careful if you have more than two por...
by eflanery
Fri Aug 10, 2012 9:35 pm
Forum: Forwarding Protocols
Topic: vpls-mac-learning-disabled
Replies: 4
Views: 1608

Re: vpls-mac-learning-disabled

Actually, that should be: For BGP signaled VPLS, I don't know of a _clean_ solution. You can set 'bridge=none' in the '/interface vpls bgp-vpls' configuration, and create a periodically-run script that automatically maintains '/interface bridge port', by adding the dynamic VPLS interface with 'exter...
by eflanery
Fri Aug 10, 2012 9:25 pm
Forum: Forwarding Protocols
Topic: vpls-mac-learning-disabled
Replies: 4
Views: 1608

Re: vpls-mac-learning-disabled

For BGP signaled VPLS, I don't know of a solution.

For LDP signaled VPLS, set 'External FDB' to 'yes' in the bridge port configuration.

For example:
/interface bridge port
set [find bridge="PW-Bridge"] external-fdb=yes
--Eric
by eflanery
Wed Aug 08, 2012 5:49 pm
Forum: Wireless Networking
Topic: ask....full duplex
Replies: 3
Views: 808

Re: ask....full duplex

RIP could probably be made to work, by sending but not receiving routes on one interface, and receiving but not sending on the other. This wouldn't provide fail over though, and the configuration would likely be more complex than OSPF. Really though, RIP is outdated, and shouldn't be used except for...
by eflanery
Wed Mar 07, 2012 2:53 am
Forum: General
Topic: Multiple VLANS in the same subnet Cisco can can you?
Replies: 7
Views: 3606

Re: Multiple VLANS in the same subnet Cisco can can you?

Hi Rob, This allows you to create a 'subnet' that spans multiple VLANs on the same (or multiple) physical interface(s), while preventing L2 connectivity between hosts on different VLANs. Conceptually, this is similar to default-forward=no (or station isolation) for wireless clients. The router/AP ca...
by eflanery
Wed Feb 08, 2012 3:06 am
Forum: Forwarding Protocols
Topic: OSPF routes unreachable
Replies: 1
Views: 1214

Re: OSPF routes unreachable

/31 networks do not generally work as expected on MT, which makes certain types of integration tricky. For non-OSPF connectivity between MT and Cisco, I assign a /31, and configure it on the Cisco as normal. On the MT side, I setup it's half of the /31 as a /32, with the network address set to the C...
by eflanery
Tue Nov 01, 2011 9:17 pm
Forum: General
Topic: Multiple VLANS in the same subnet Cisco can can you?
Replies: 7
Views: 3606

Re: Multiple VLANS in the same subnet Cisco can can you?

The feature was added to support BGP signaled VPLS, but works great for situations like this. Basically, packets received on a bridge port with a particular non-zero horizon value will not be forwarded out ports with the same non-zero horizon value. The intent is to prevent loops in a fully-meshed d...
by eflanery
Tue Nov 01, 2011 6:41 pm
Forum: General
Topic: Multiple VLANS in the same subnet Cisco can can you?
Replies: 7
Views: 3606

Re: Multiple VLANS in the same subnet Cisco can can you?

It's better if you can do the isolation at the switch, with a private or protected VLAN feature, but it can be done on a MT as well. Create the VLANs, and place them all in a bridge, with the same horizon value assigned to each port. Then, put your IP configuration (or what have you) on the bridge i...
by eflanery
Wed Oct 26, 2011 1:53 am
Forum: General
Topic: DHCP and IP unnumbered
Replies: 4
Views: 3398

Re: DHCP and IP unnumbered

What you can do is put all the VLANs into a bridge, with a shared non-0 horizon value, and then run your DHCP server (and IP address) on the bridge. The non-0 horizon will prevent L2 forwarding from one VLAN to another, while allowing you to treat the aggregate of them collectively. One other option...
by eflanery
Fri Aug 19, 2011 6:05 pm
Forum: General
Topic: Feature request: Enhanced BGP-signaled VPLS
Replies: 1
Views: 921

Re: Feature request: Enhanced BGP-signaled VPLS

I just noticed that 'pw-mtu' was added to the BGP-VPLS configuration.

Thanks guys!
--Eric
by eflanery
Mon Mar 07, 2011 9:05 pm
Forum: General
Topic: Feature suggestion: scripts embedded in radius responses
Replies: 2
Views: 877

Re: Feature suggestion: scripts embedded in radius responses

Excellent idea, thanks! I must experiment. :)

My suggestion for an official method still stands though.
by eflanery
Wed Feb 16, 2011 7:01 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 41463

Re: Point-to-point (/31) addresses

Not I. For MT-MT, I use /32s, and rejoice that the vast majority of my network is extremely efficient address-use wise. For Cisco-Cisco, /31s work great, and are only slightly depressing. For MT-Cisco, /30s seems to be the longest common netmask that works properly with OSPF, so I go with it, and mo...
by eflanery
Tue Feb 15, 2011 1:07 am
Forum: General
Topic: Feature suggestion: scripts embedded in radius responses
Replies: 2
Views: 877

Feature suggestion: scripts embedded in radius responses

Apparently, 'vendor C' has a mechanism whereby basically arbitrary configuration can be passed back through radius, which brings up some interesting possibilities. Currently, we can configure user's basic settings through radius, such as IP address, address list, simple queue based speed restriction...
by eflanery
Tue Jan 04, 2011 6:28 pm
Forum: Forwarding Protocols
Topic: refresh time and k factor for MPLS
Replies: 6
Views: 2111

Re: refresh time and k factor for MPLS

The correct way would be to use BFD for RSVP or TE fast reroute. Unluckily none of these are available at this time yet.
Does this mean they are planned? :D :D
by eflanery
Wed Nov 24, 2010 9:17 pm
Forum: General
Topic: Feature Request: MPLS RSVP-TE AUTOTUNNEL, MPLS LABEL ECMP
Replies: 18
Views: 5979

Re: Feature Request: MPLS RSVP-TE AUTOTUNNEL, MPLS LABEL ECM

Agreed, those would be great features.

--Eric
by eflanery
Wed Nov 10, 2010 11:25 pm
Forum: Wireless Networking
Topic: Radiax Radiating Coax Cable - has anybody tested Radiax ????
Replies: 2
Views: 2029

Re: Radiax Radiating Coax Cable - has anybody tested Radiax

Hi Tom,

I'm guessing you got the radiax idea from Frawley, since you mentioned sticking small antennas on the end, rather than proper termination resistors.

I'm sure we would be happy to help, I'll have Mike give you a call.

--Eric
by eflanery
Wed Nov 03, 2010 12:12 am
Forum: Wireless Networking
Topic: No PPPoE through NV2 ?
Replies: 2
Views: 1077

Re: No PPPoE through NV2 ?

The problem is that NV2 does not work correctly with WDS. While I would think that MT will make it work at some point, for now if you want to bridge correctly across a NV2 link you must tunnel. VPLS is the most efficient method, although EoIP or any of the 'PPP-o-IP' flavors (with BCP) will work too...
by eflanery
Fri Oct 01, 2010 12:51 am
Forum: Wireless Networking
Topic: wireless question
Replies: 2
Views: 696

Re: wireless question

No.

It appears to be RealTek based, so it won't work.

--Eric
by eflanery
Fri Oct 01, 2010 12:37 am
Forum: RouterBOARD hardware
Topic: RB711 OS from 4.11 to 3.30 - lost built-in wireless card?
Replies: 12
Views: 4639

Re: RB711 OS from 4.11 to 3.30 - lost built-in wireless card

ROS v4 (or higher) is required for 802.11n radios, there is no support for those chips in v3.

I'm surprised 3.30 actually works on it at all.

--Eric
by eflanery
Mon Sep 20, 2010 8:03 pm
Forum: General
Topic: 5.0rc1 '/tool profile'
Replies: 2
Views: 7010

5.0rc1 '/tool profile'

Thank you, thank you, thank you! :D

Now, if only 'unclassified' made up a much smaller percentage. :lol:

--Eric
by eflanery
Wed Sep 08, 2010 3:57 am
Forum: General
Topic: feature request : GRE tunnel
Replies: 56
Views: 28154

Re: feature request : GRE tunnel

Glad you're able to get your hands on that before the rest of us.
It's currently running on demo2, so anyone can have a look.
by eflanery
Wed Sep 08, 2010 3:22 am
Forum: General
Topic: feature request : GRE tunnel
Replies: 56
Views: 28154

Re: feature request : GRE tunnel

It looks like 5.0b7 has a "/interface gre" section and a "GRE Tunnel" tab in Winbox.

Awesome!

Thanks guys. :D
by eflanery
Wed Jun 16, 2010 11:49 pm
Forum: Forwarding Protocols
Topic: ospf - route weighting possible?
Replies: 6
Views: 6054

Re: ospf - route weighting possible?

To weight default routes in OSPF, the easiest way is to set distribute-default to Type 2 External, and adjust the "metric-default" for that OSPF instance. Type 2 default distribution will take only the instance "metric-default" into account, so you can set to 1 on your preferred egress router, 2 on ...
by eflanery
Wed Jun 16, 2010 11:24 pm
Forum: Forwarding Protocols
Topic: OSPF and /32 entries
Replies: 4
Views: 1640

Re: OSPF and /32 entries

Yes, PtMP interfaces will inject a /32 route for each adjacency, along with one for the router's own interface address. They will not inject the aggregate. This is done to support discontinuous subnets, where not all routers in that subnet are directly adjacent. It's really only useful for carrying ...
by eflanery
Wed Apr 28, 2010 2:11 am
Forum: General
Topic: Maximum number of VLANs on a 450?
Replies: 8
Views: 1928

Re: Maximum number of VLANs on a 450?

Even with (R)STP turned off, "/interface bridge host print" should show the correct bridge port (VLAN) a MAC was learned on. If not, something else is going on. Did you perhaps set "external-fdb=yes" on the VLANs? If so, be sure to set them back to "external-fdb=no". Also, Fewi is absolutely right. ...
by eflanery
Wed Apr 28, 2010 12:07 am
Forum: General
Topic: Maximum number of VLANs on a 450?
Replies: 8
Views: 1928

Re: Maximum number of VLANs on a 450?

It usually isn't a good idea to bridge together multiple VLANs that reside on the same physical interface. Configurations like that can work, but you must be extremely careful. I would start by ensuring that a frame received on one VLAN will not be forwarded to any other VLAN at layer 2, which is mo...
by eflanery
Wed Apr 07, 2010 2:39 am
Forum: General
Topic: License question *URGENT*
Replies: 2
Views: 419

Re: License question *URGENT*

You should contact support@mikrotik.com ASAP, as we forum users won't be able to help with license problems.

You should also probably start preparing a "plan-b", just in case.
by eflanery
Tue Mar 30, 2010 12:08 am
Forum: Forwarding Protocols
Topic: ospf - route weighting possible?
Replies: 6
Views: 6054

Re: ospf - route weighting possible?

What you are looking for is the ospf interface "cost", not the "metric" or the "distance". The "cost" describes how different interfaces should be weighted. So for example you could set your primary interface to cost=10, while the backup interface could be cost=100. This would cause traffic to exclu...
by eflanery
Fri Mar 26, 2010 1:35 am
Forum: General
Topic: Supout.rif reader available
Replies: 31
Views: 28379

Re: Supout.rif reader available

Sweet, thank you!
by eflanery
Wed Mar 24, 2010 11:48 pm
Forum: General
Topic: feature request: group by in firewall interface
Replies: 5
Views: 1299

Re: feature request: group by in firewall interface

how about:
:foreach INT in=[/int find] do={/ip fir fil pr where in-interface=[/int get $INT name]}
by eflanery
Fri Mar 12, 2010 12:25 am
Forum: General
Topic: Feature request: Enhanced BGP-signaled VPLS
Replies: 1
Views: 921

Feature request: Enhanced BGP-signaled VPLS

It would be nice to be able to specify the L2MTU and encapsulation type for BGP signaled VPLS, just as you already can for LDP signaled VPLS. The ability to filter L2VPN routes would also be nice, as would the ability to examine advertised/received L2VPN routes. Finally, and most importantly to me a...
by eflanery
Thu Sep 24, 2009 8:43 pm
Forum: General
Topic: Feature request
Replies: 12
Views: 2093

Re: Feature request

CoA would be nice, for sure. But in the meantime... It is possible to adjust the limits on dynamically created simple queues. No disconnect/reconnect necessary, only manual attention or scripting. This can be down on the CLI, not in WinBox. No idea if it works via API. /queue simple set <pppoe-fooba...
by eflanery
Fri Sep 04, 2009 10:23 pm
Forum: RouterBOARD hardware
Topic: 2000 Vlan on device ???
Replies: 4
Views: 947

Re: 2000 Vlan on device ???

In that case, you may want to ask them directly (support@), rather than here in the community forum. You shouldn't expect a response (here or directly) until a few days after the MUM is over, though. As for your dilemma, either box should handle it just fine. With so little detail, it's tough to cal...
by eflanery
Fri Jun 26, 2009 11:47 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 41463

Re: Point-to-point (/31) addresses

Interesting concept, quite a hack! I'm pretty sure I can't use that when the other end of the device is a cisco router, so I'm still very much wanting real /31 support. But thanks for your suggestion, it's a really cool hack :) While Ciscos won't allow /32 addressing on broadcasty interfaces, you _...
by eflanery
Fri Jun 26, 2009 4:00 am
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 41463

Re: Point-to-point (/31) addresses

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go. This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple links...
by eflanery
Wed Jan 21, 2009 3:09 am
Forum: General
Topic: Forwarding all traffic over an EoIP interface
Replies: 4
Views: 2179

Re: Forwarding all traffic over an EoIP interface

Actually, I just noticed something. Forcing 'external-fdb' on bridge ports without an external fdb (wireless, perhaps mesh), seems to accomplish exactly this. You could try: /int bridge port set [find bridge=eoipbridge] external-fdb=yes Not 100% sure it will work, but it seems possible. Good luck, -...
by eflanery
Wed Jan 21, 2009 3:00 am
Forum: General
Topic: Forwarding all traffic over an EoIP interface
Replies: 4
Views: 2179

Re: Forwarding all traffic over an EoIP interface

Bridging traffic from a SPAN port can be tricky. It isn't a problem with EOIP that you are seeing, but rather a limitation of intelligent (switch-like) bridging. You would run into the same thing if there were nothing but switches along the path, unless they were all configured for RSPAN. The proble...
by eflanery
Fri Jan 16, 2009 11:42 pm
Forum: General
Topic: Feature request: routing table matchers in firewall
Replies: 1
Views: 698

Feature request: routing table matchers in firewall

While address-lists are great, sometimes it would useful to match on routing tables instead. There are multiple mechanisms (routing protocols) in place for synchronizing information between routers, and it would be nice to use those for things like distributed firewalls. While it is certainly possib...
by eflanery
Fri Jan 16, 2009 10:59 pm
Forum: General
Topic: Feature request: Conditional TTL propagation in MPLS
Replies: 0
Views: 944

Feature request: Conditional TTL propagation in MPLS

It's nice to be able to hide the MPLS cloud with "/mpls set propagate-ttl=no", but it's also nice to be able to use traceroute for trouble shooting the cloud. At the moment, TTL propagation is basically an all-or-nothing decision, but it would be nice if it were a bit more flexible. What I envision ...
by eflanery
Fri Jan 16, 2009 10:09 pm
Forum: General
Topic: A gift to our best forum users
Replies: 23
Views: 8927

Re: A gift to our best forum users

Thanks for the free ticket, unfortunately I won't be able to make it. Hopefully I'll be able to make it to the next north american event.
by eflanery
Fri Jan 16, 2009 9:56 pm
Forum: General
Topic: Feature request: BGP confederation range or mask
Replies: 1
Views: 772

Re: Feature request: BGP confederation range or mask

Wow, that was quick! What's new in 3.19: ... *) allow to enter range in BGP instance confederation peers; ... Thanks guys, you are amazing! BTW, it should be noted that this only appears to be in routing-test (probably a good idea), and it seems that the ranges cannot be entered or displayed in winb...
by eflanery
Fri Jan 02, 2009 11:04 pm
Forum: General
Topic: Feature request: BGP confederation range or mask
Replies: 1
Views: 772

Feature request: BGP confederation range or mask

It would be nice to be able to specify large numbers of confederation peers in a form other than an explicit list. For example, if you want to specify all the ASNs between 65280 through 65287, and 65296 through 65299, you currently need to specify: /routing bgp instance set INSTANCE confederation-pe...
by eflanery
Mon Oct 13, 2008 8:35 pm
Forum: General
Topic: Another request for Sangoma S518 card support
Replies: 1
Views: 869

Re: Another request for Sangoma S518 card support

Sure an internal card like that would be nice and tidy, but... Why not just use external units? Many LECs like to give them away with every line, and failing that they are cheap on eBay. Be very careful about reselling cheap DSL bandwidth though, at that price you would almost certainly be violating...
by eflanery
Wed Jun 11, 2008 1:55 am
Forum: General
Topic: virtualization
Replies: 60
Views: 21962

Re: virtualization

I love you guys, first MPLS, and now Xen! :shock:

Now just add un-modified DomU support so we can run Windows on MT (yuck, I know), and iSCSI support so the OS images don't need to be local, and I may just be able to replace _EVERYTHING_ with MikroTiks.

Truly awesome work! :D
by eflanery
Fri Dec 07, 2007 8:22 pm
Forum: General
Topic: MPLS?
Replies: 4
Views: 2068

Re: MPLS?

Holy crap! :shock:

Thanks guys!
by eflanery
Fri Oct 26, 2007 12:01 am
Forum: General
Topic: OT: www.mikrotik.com down?
Replies: 5
Views: 1428

Re: OT: www.mikrotik.com down?

Cogent Communications went down, so fsr.net went down, and so did Mikrotik's US proxy.
While it does appear that Cogent had troubles at the same time, FSR has _nothing_ to do with Cogent.

--Eric
by eflanery
Tue Jul 17, 2007 7:05 pm
Forum: Scripting
Topic: Rapid VLAN Creation Script
Replies: 4
Views: 2899

Re: Rapid VLAN Creation Script

:for i from 1 to 50 do={
     /int vlan add name=("Laner" . $i) vlan-id=$i interface=ether1
     }
by eflanery
Wed Dec 20, 2006 3:21 am
Forum: General
Topic: 2.10 suggestion - Xen port
Replies: 8
Views: 3282

I haven't had the time, but I think there are still problems. I don't think ROS will run as a standard DomU, since the kernel wouldn't have been compiled for Xen. It should run as an unmodified DomU, if you have VX/Pacifica, but at the moment I don't think PCI address spaces can be mapped correctly ...
by eflanery
Wed Dec 20, 2006 3:01 am
Forum: General
Topic: VMWare Nics
Replies: 3
Views: 2014

If you can run 64bit VMs, you can use the virtual Intel PRO 1000, which seems to work quite well. Probably not as good as vmxnet, but it definately faster than than the virtual lance.
by eflanery
Tue Nov 21, 2006 8:34 pm
Forum: Scripting
Topic: Compare time values!
Replies: 4
Views: 2065

Weird, both work for me, as does your original (copy and paste, for both true and false).

Perhaps the version you are using returns something different for "/sys clock get time"? :?

[admin@EricsHome] > :put [/sys clock get time]
11:24:01

--Eric
by eflanery
Mon Nov 20, 2006 9:03 pm
Forum: Scripting
Topic: Compare time values!
Replies: 4
Views: 2065

Re: Compare time values!

When I want to compare two time values like this: :if ([/system clock get time] < 15:00:00) do={:put true} else={:put false} I'm getting following error: cannot compare if string is less than time interval Try this: :if ([/system clock get time] < [:totime "15:00:00"]) do={:put true} else={:put fal...
by eflanery
Tue Oct 24, 2006 3:07 am
Forum: General
Topic: idiot's guide to is this a valid firewall construct?
Replies: 2
Views: 1027

It's AND; for a packet to match, all enabled matchers must match.

If you want OR, you will need to use two rules.

--Eric
by eflanery
Mon Oct 23, 2006 10:52 pm
Forum: General
Topic: Cisco to MT VLAN trunking
Replies: 5
Views: 2778

I have tried: 1) assigning an IP address 192.168.1.2 to ether1, creating 2 VLANS 101 and 102 under ether1, creating a bridge, bridge1, and then adding the two vlans to the bridge ports Bridging VLANs that reside on the same parent interface is usually a bad idea. Many devices will get quite confuse...
by eflanery
Mon Oct 23, 2006 9:02 pm
Forum: Scripting
Topic: enhance this script
Replies: 5
Views: 2534

Re: enhance this script

I need script to get ping result to http://www.yahoo.com e.g 60ms or 60, how to get this?

:put [/ping http://www.google.com count=1]
result is 1
Try this:
/tool flood-ping [ :resolve www.google.com ] count=1 do={ :global PingTime $avg-rtt }
:put $PingTime
--Eric
by eflanery
Fri Oct 20, 2006 8:54 pm
Forum: General
Topic: Feature Request: Event Handling
Replies: 8
Views: 2955

I'll sixth that. :D

Something like this would be great.

Perhaps as something similar to the "log" actions, with some fancy new marchers (regex!), and some prepopulated relevant variables. :) Just a thought.

--Eric
by eflanery
Tue Sep 05, 2006 8:46 pm
Forum: Scripting
Topic: How to AND :IF sentences
Replies: 2
Views: 1080

Try this:
:local R1S [/tool netwatch get [/tool netwatch find host=$R1] status]
:local R2S [/tool netwatch get [/tool netwatch find host=$R2] status]
:if ($R1S = up && $R2S = up) do={
     /ip route set [/ip route find comment=fail-over-route] gateway=$R1
}
--Eric
by eflanery
Mon Aug 28, 2006 8:22 pm
Forum: Scripting
Topic: Warning about high connection numbers.
Replies: 5
Views: 1467

Try this:
:local abcd [:len [/ip firewall connection find]]
--Eric
by eflanery
Mon Aug 28, 2006 8:16 pm
Forum: General
Topic: winbog: expiration time for address list
Replies: 2
Views: 1398

Or both.

It would also be usefull to be able to manually set the expiration time, for manually (not by firewall) created entries.

--Eric
by eflanery
Wed Aug 16, 2006 9:00 pm
Forum: General
Topic: Double-click required for all forum links?
Replies: 18
Views: 2366

I'm seeing the same thing here, but I did notice a pattern: If the page successfully loads, it's always on a new TCP connection (SYN, SYN/ACK, ACK, and go). On the other hand, if the browser is attempting to re-use an established connection, it always seems to fail (hangs after I get a couple of ACK...
by eflanery
Wed Aug 09, 2006 6:47 pm
Forum: General
Topic: Routing-Test
Replies: 148
Views: 30753

IIRC, the kernel tables are quite simple, and would not take into account BGP (or other routing protocol) specific information. MT's "/ip route" tables seem to show more than I would expect the kernel to understand though. Perhaps the best way to get AS-path-length to matter from different BGP insta...
by eflanery
Mon Aug 07, 2006 9:23 pm
Forum: General
Topic: what does 127.0.0.1 mean ??
Replies: 4
Views: 1350

127.0.0.1 is the standard IP-level loopback address. Port 53 is DNS.

I.e. it looks like your router is asking itself to resolve a domain name.

--Eric
by eflanery
Mon Aug 07, 2006 7:47 pm
Forum: General
Topic: Local Loopback
Replies: 14
Views: 3240

I don't really see how a reachability problem would be fixed with a loopback, but you can create a pseudo-loopback with an empty bridge (that acts for all intents and purposes as a real loopback, aside from some extra resource consumption).

--Eric
by eflanery
Mon Jul 31, 2006 7:15 pm
Forum: Wireless Networking
Topic: wds and dfs
Replies: 1
Views: 938

DFS is not used with wds-slave, so it doesn't matter. Wds-slave will seek out a master, in order to choose it's channel. Same for station-wds. The only time it matters, is when you have multiple "ap-bridge" units in a wds system. Since those devices in ap-bridge mode will select the least used chann...
by eflanery
Fri Jul 28, 2006 7:31 pm
Forum: General
Topic: Mikrotik API
Replies: 1
Views: 1040

MT has indicated that they will be releasing an API at some point, probably with version 2.10. Until that time, it is rather easy to remotely script the command line. You can do it with either an Expect-like system (Expect/Tcl itself, Python, Perl, Ruby, or whatever), or you can setup SSH keys and i...
by eflanery
Thu Jul 27, 2006 10:13 pm
Forum: General
Topic: ppp source interface
Replies: 6
Views: 1701

Which route would I filter and modify the pref-src?
Whichever route is followed to reach the other tunnel end point (maybe the default).

Perhaps a src-nat rule could be used for the same purpose; I don't know if it would actually work, or just confuse things even more, though.

--Eric
by eflanery
Thu Jul 27, 2006 9:57 pm
Forum: General
Topic: PPPoE User Profile Change
Replies: 6
Views: 2097

It doesn't work in Winbox, but it does on the command line (and in scripts).

--Eric
by eflanery
Thu Jul 27, 2006 8:38 pm
Forum: General
Topic: ppp source interface
Replies: 6
Views: 1701

With routing-test, you can use "set-prefsrc=" on the dynamic-in, connected-in, and any routing protocol "in" chains.

--Eric
by eflanery
Thu Jul 27, 2006 8:33 pm
Forum: General
Topic: PPPoE User Profile Change
Replies: 6
Views: 2097

You can modify the queue settings on the fly, without disconnecting anyone.

It also shouldn't be too hard to come up with a periodic script that compares queues to profiles, and adjusts queues as needed,

--Eric
by eflanery
Wed Jul 26, 2006 6:06 am
Forum: Wireless Networking
Topic: WTF Senaro problem?
Replies: 6
Views: 1086

Correct is in the eye of the beholder, so to speak. 23dBm should be safe, though. I wouldn't call them junk, but they are touchy little sobs. I've got dozens running just fine, in one case four of them in a single RB532 (with multi-month uptime). Once you have things tweaked and stable, it should be...
by eflanery
Wed Jul 26, 2006 4:38 am
Forum: Wireless Networking
Topic: WTF Senaro problem?
Replies: 6
Views: 1086

Welcome to the wild, wild world of xMP-8602 cards! (it is a 8602, not a 2511, right?) Often, it seems, this little bit of joy is related to transmit power levels. If you adjusted the TX-power, that was likely your downfall. If not, you may need to do so (downward!). To get things stable enough to ad...
by eflanery
Wed Jul 26, 2006 3:46 am
Forum: General
Topic: PPPoE to VLANs
Replies: 7
Views: 2030

I'm not quite sure I understand what you are trying to do, but I'll take a shot/guess: You want to bridge multiple VLANs together, which exist on the same parent interface, together with a WDS-ish uplink. You don't want to just bridge the ethernet as a whole, but want to keep each customer on a sepa...
by eflanery
Tue Jul 25, 2006 10:19 pm
Forum: General
Topic: Routing-Test
Replies: 148
Views: 30753

Prefix length takes a range, i.e.:
/routing filter add chain=foo prefix-length=17-32
Works in Winbox too.

--Eric
by eflanery
Tue Jul 25, 2006 7:54 pm
Forum: Scripting
Topic: pptp connection 1-pinging fail do disconnect then reconnect
Replies: 6
Views: 2460

Why not just leave the (match) address out of the dst-nat rule?

Match on incoming interface, protocol, and port; and you should be good to go.

--Eric
by eflanery
Tue Jul 25, 2006 7:48 pm
Forum: Wireless Networking
Topic: RSTP - path cost and root port question
Replies: 34
Views: 16079

Just yesterday, I did notice similar strangeness. After a root bridge reboot, it did not resume acting as the root bridge. It's priority was still 7000, but the root bridge role remained with another unit at 8000. Upon changing the intended bridge's priority to 6000, things began working as they sho...
by eflanery
Fri Jul 21, 2006 11:22 pm
Forum: Scripting
Topic: Name Resolving
Replies: 4
Views: 1198

An easier way would be to use the web-cache (instead of firewall+scripting), and have it log all requests. But... You could do this by using the router as a DNS cache, and forcing all the internal machines to use it for DNS resolution. Have your address list timeout fairly quickly, like five minutes...
by eflanery
Fri Jul 21, 2006 8:39 pm
Forum: Wireless Networking
Topic: RSTP - path cost and root port question
Replies: 34
Views: 16079

It's acceptable, if you accept it. :) Changing the WDS interfaces to static gives you more manual control, and perhaps makes it a _bit_ more stable. But, it makes the system less dynamic. Personally, I leave things dynamic. If a particular WDS link goes bad (but remains up), RSTP will avoid it when ...
by eflanery
Fri Jul 21, 2006 7:23 pm
Forum: General
Topic: setting MTU sizes larger than 1500 -- having problems
Replies: 3
Views: 849

MT is not inherently limited to 1500 mtu (under 2.9), but it does have such a limit on many types of interfaces. Exceptions to that, that I know of, are: (at least some) Atheros interfaces can be set as high as 1600. (at least some) Intel pro-1000 interfaces can be set to 16110. I don't know of any ...
by eflanery
Fri Jul 21, 2006 3:28 am
Forum: Scripting
Topic: pptp connection 1-pinging fail do disconnect then reconnect
Replies: 6
Views: 2460

Put something like this in a script (named something like pptp-reset): :local PPTP-INT [/int pptp-client find name=XXXX] :while true do={ /int pptp-client disable $PPTP-INT /int pptp-client enable $PPTP-INT :delay 10 } Then in netwatch, do something like this: On Down: /system script run pptp-reset ...
by eflanery
Fri Jul 21, 2006 3:05 am
Forum: Wireless Networking
Topic: RSTP - path cost and root port question
Replies: 34
Views: 16079

In RSTP, the bridge device with the lowest priority becomes the "root bridge", and all calculations are done relative to it. I'm not sure what is used to break a tie, but there will only be a single "root bridge". The port "role" is determined by it's relation to the "root bridge": A "root port" has...
by eflanery
Fri Jul 21, 2006 2:26 am
Forum: General
Topic: Layer 7 protocol identification
Replies: 8
Views: 1618

I've briefly looked into matching HTTPS packets - everything appears to be binary only during a https/ssl transfer, so I am not sure if you can use a text match. Has anyone done this? Umm, it would completely defeat the point of https/ssl if you could do that. The "s" in https (and the first "s" in...
by eflanery
Mon Jul 10, 2006 6:58 pm
Forum: Scripting
Topic: how to run Nighty firewall
Replies: 7
Views: 2742

/ip firewall filter set [/ip firewall find comment=day] time=10h1m-23h,sat,fri,thu,wed,tue,mon,sun
--Eric
by eflanery
Thu Jun 29, 2006 2:07 am
Forum: Scripting
Topic: Resolve hostname, return several ip Address
Replies: 3
Views: 5262

That will fail if the A record is significantly different from your request. You may want to try something like this (quick hack, needs sanity checks): :local DNS-NAME "www.google.com" :local IPS "" :local FIRST-IP [:resolve $DNS-NAME] :local REAL-NAME [/ip dns cache get [/ip dns cache find address=...
by eflanery
Wed Jun 28, 2006 8:03 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75637

Regarding multicast protocols, IGMP at layer 2 (when MTs are used as bridges) would be a good start. After that, PIM-DM is probably the most useful for IPTV (fast channel switching, and such). If someone wanted to _try_ delivering IPTV over wireless, they would likely appreciate PIM-SM. For non-IPTV...
by eflanery
Tue Jun 27, 2006 8:08 pm
Forum: General
Topic: SNMP
Replies: 54
Views: 26943

add or delete user and change their permissions. We have tech support that come and go. They take a look from the tower at the client which is very helpful. Big pain to go do this to every access point we have manually. You can use a radius server for administrator authentication, quite easily. Lin...
by eflanery
Sat Jun 10, 2006 1:52 am
Forum: Scripting
Topic: Unable to locate email settings in MT 2.9.23
Replies: 3
Views: 1242

In WinBox, you don't.

The e-mail tool is command line (and script, same thing) only.

--Eric
by eflanery
Thu Jun 08, 2006 11:57 pm
Forum: Scripting
Topic: Filtering a command output
Replies: 17
Views: 10403

well, if you would use ssh key authentication, than you could get easy search in ROS: ssh 10.5.8.1 /ppp active print | grep -E "Your regular expression goes here" Eugene And, if you want to do it with a live session, with telnet, or ssh without key-auth, you can do something (with a pair of termina...
by eflanery
Thu Jun 08, 2006 8:51 pm
Forum: Scripting
Topic: Filtering a command output
Replies: 17
Views: 10403

True, and I don't have much of a problem composing cryptic statements, but the same cannot be said for everyone. There are many times when our tech support group has expressed frustration at the difficulty of searching in RouterOS. I usually end up telling them to use Winbox, sort on the column of t...
by eflanery
Thu Jun 08, 2006 7:09 pm
Forum: General
Topic: minor HCI usability wishes
Replies: 27
Views: 9171

Under 2.9, print works a bit differently under much of the '/ip firewall' hierarchy.

/ip firewall filter print all detail

works, while:

/ip firewall filter print detail

does not.

--Eric
by eflanery
Thu Jun 08, 2006 6:44 pm
Forum: Scripting
Topic: Filtering a command output
Replies: 17
Views: 10403

I would point this out as another example of why something like 'grep' would be a wonderful addition.

/ppp active print detail without-paging | grep ex

would be much quicker, and so much more obvious to many people.

--Eric
by eflanery
Thu Jun 08, 2006 6:32 pm
Forum: General
Topic: WinBox improvements.
Replies: 9
Views: 2977

How about a radius attribute, "Mikrotik-Framed-Comment", or some such, that would add comments to anything controled via radius?

That could include wireless registration, DHCP, the various PPPs, and even such things as dynamic queues and mangle rules.

--Eric
by eflanery
Sat May 27, 2006 1:59 am
Forum: General
Topic: Now this is something odd
Replies: 0
Views: 501

Now this is something odd

I just put 2.9.24 (x86) on a production router, upgrading from 2.8.28, in order to get some better firewalling. I did not load routing-test, nor has routing-test ever been on this box. Prior to this, everything I had running 2.9.24 was MIPS. To my surprise, the Routing Filter winbox screen (ala rout...
by eflanery
Fri May 26, 2006 1:38 am
Forum: General
Topic: Network Browsing
Replies: 3
Views: 1084

Ports 137-139 are only part of what is needed for windows shares, you also need port 445 (and 135, I think). The reason your wireless clients can see each other, is that they have forwarding enabled for them in your access list (or default forwarding is enabled, for the whole interface). That partic...
by eflanery
Thu May 25, 2006 11:03 pm
Forum: General
Topic: how to hide my network
Replies: 13
Views: 2134

Get it a fake moustache?

Or:
/int wireless set [/int wireless find] hide-ssid=yes
--Eric
by eflanery
Thu May 25, 2006 11:00 pm
Forum: Scripting
Topic: How to automate updating one rule in many mikrotiks?
Replies: 18
Views: 3756

Distributed real-time multi-ISP firewall, I like it. :twisted:

--Eric
by eflanery
Thu May 25, 2006 9:54 pm
Forum: Scripting
Topic: How to automate updating one rule in many mikrotiks?
Replies: 18
Views: 3756

Yup, they are quite similar. The major difference is that the bogon one modifies the config, and does not break on non-/32 routes; while the ping-based one is just the opposite. I wanted to avoid modifying the config, and take advantage of the address-list-timeout option. But, you can't ping a /24 a...
by eflanery
Thu May 25, 2006 2:55 am
Forum: General
Topic: PPTP Tunnel and Getting Inside
Replies: 3
Views: 1169

If you don't have any IP on ether2, and you aren't bridging to it, how would you expect it to work? Magic? For proxy-arp to be of any help, you will need _some_ IP on that interface (preferably one in each of the networks you are trying to access, so the MT will know where to send the packets out). ...
by eflanery
Thu May 25, 2006 2:43 am
Forum: Scripting
Topic: Stat of CPU Load , how to ?
Replies: 3
Views: 1152

The internal graphing system, perhaps? /tool graphing resource add allow-address="your.management/net" store-on-disk=yes Then looking at: http://"your.router"/graphs/ Or, MRTG looking at these OIDs: ? uptime: .1.3.6.1.2.1.1.3.0 total-hdd-space: .1.3.6.1.2.1.25.2.3.1.5.1 used-hdd-space: .1.3.6.1.2.1....
by eflanery
Wed May 24, 2006 1:36 am
Forum: Scripting
Topic: How to automate updating one rule in many mikrotiks?
Replies: 18
Views: 3756

Basically, yes. What I have been doing is something like this: /routing filter add chain=rs-bgp-in bgp-communities=65009:666 set-routing-mark=drop-me set-disabled=yes /ip firewall filter add chain=output src-address=0.0.0.1 action=add-dst-to-address-list address-list=drop-me address-list-timeout=10m...
by eflanery
Tue May 23, 2006 9:12 pm
Forum: Scripting
Topic: How to automate updating one rule in many mikrotiks?
Replies: 18
Views: 3756

Ahh, I see. Sorry, I misunderstood. I will also echo the request for wget, or even better curl. One avenue you may wish to explore, would be linking a BGP instance to the address-list(s), with a frequently run script (I use a funky ping, and a firewall rule that detects it, to avoid writing to flash...
by eflanery
Tue May 23, 2006 8:38 pm
Forum: General
Topic: Feature Request (improvement)
Replies: 11
Views: 3844

Indeed, I know of no way to initiate safe mode from within local MT scripts.

Would be quite useful.

--Eric
by eflanery
Tue May 23, 2006 8:20 pm
Forum: Scripting
Topic: How to automate updating one rule in many mikrotiks?
Replies: 18
Views: 3756

Are you suggesting that http is more secure than ssh?

Hint: it isn't.

--Eric
by eflanery
Tue May 23, 2006 8:17 pm
Forum: Scripting
Topic: Stat of CPU Load , how to ?
Replies: 3
Views: 1152

Is something like this what you want: ?
:put [/system resource get cpu-load]
:put [/system resource get free-memory]
--Eric
by eflanery
Tue May 23, 2006 8:12 pm
Forum: General
Topic: Feature Request (improvement)
Replies: 11
Views: 3844

It is quite possible to take safe mode in remote scripts, this little chunk of python (similar constructs are possable in other languages, of course) is what I use: def lock(self, take): tries = 0 success = -1 modes = [["] > "], ["] <SAFE> "]] try: self.refreshconnection() while success != 0: if tri...
by eflanery
Sun May 21, 2006 9:18 pm
Forum: General
Topic: DHCP question/feature request
Replies: 2
Views: 1556

While not a bad idea, if you (MikroTik) do implement this, please make it optional.

There are quite a few cases, where I want the MTs to hand out DHCP addresses for networks that they are not themselves a part of.

--Eric
by eflanery
Sun May 21, 2006 6:51 pm
Forum: Scripting
Topic: E-mail and scripting quesiton..
Replies: 14
Views: 6010

Unfortunately, MT seems to be missing the '/ip dhcp-server alert get ' command, which would be needed to do it exactly as you describe, but... You can do something very similar using the logger directly, no script needed: / system logging action add name="DhcpAlert" target=email email-to="foo@bar.co...
by eflanery
Thu May 18, 2006 10:33 am
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75637

one more vote for OLSR
Incase no one had yet noticed, the "other guys" just got OLSR. :(

Patiently waiting. :?

--Eric
by eflanery
Wed May 03, 2006 3:10 am
Forum: Scripting
Topic: weird results when pasting a long script on cmd line
Replies: 6
Views: 1480

Thanks for your feedback eflanery. Not to seem rude, esp. since I will see you guys Thurs and Fri, but... No offence taken, and none intended. 1) Breaking out the code to multiple lines for human purposes is not a solution to the editor bug, that is a work around. If I was looking for codeing recom...
by eflanery
Tue May 02, 2006 8:31 pm
Forum: Scripting
Topic: weird results when pasting a long script on cmd line
Replies: 6
Views: 1480

For one, I would advise against trying to fit all your code on one line. In addition to being more like to bring out bugs, long lines make the code practically unreadable, and will seriously hamper your debugging efforts. By a quick glance at your script, you may find this useful: http://forum.mikro...
by eflanery
Tue May 02, 2006 3:45 am
Forum: General
Topic: Per-packet load balancing
Replies: 1
Views: 852

Via the bonding driver: http://www.mikrotik.com/docs/ros/2.9/interface/bonding , Using the rr scheduler.

It's great, but tread carefully.

--Eric
by eflanery
Sat Apr 29, 2006 6:34 pm
Forum: General
Topic: play list
Replies: 4
Views: 734

Lovely. I had not noticed that all those junk lines were links, just figured it was someone in need of a quick clue-by-four hit.
by eflanery
Sat Apr 29, 2006 6:28 am
Forum: General
Topic: play list
Replies: 4
Views: 734

Perhaps you should look for a WinAmp forum somewhere, this isn't one. :roll:

--Eric
by eflanery
Sat Apr 29, 2006 6:26 am
Forum: General
Topic: A bunch of questions for my wisp operation
Replies: 19
Views: 3047

Re: PPPoE

Customers that need a routable IP? No problem, Cisco PIX static rule with conduits. Customers that want to run servers? No problem, Cisco PIX static rule with conduits. That works, expensive, but good. Customers that multi-home? i.e. Two ISP's? Never had a problem. Yet you NAT them, must not be doi...
by eflanery
Sat Apr 29, 2006 5:30 am
Forum: General
Topic: what's the correct mtu/rmu in wireless interface?
Replies: 3
Views: 1202

Generally, we have found 1492 to be a good maximum, for the PPPoE tunnels. For the wireless interface (or ethernet), you should leave it at 1500, at a minimum. Cleints will usually negotiate lower on their own, if they don't like it. I'm not really clear on what you see as the problem, though. In wh...
by eflanery
Sat Apr 29, 2006 5:07 am
Forum: Scripting
Topic: Hi to all - need some advice !
Replies: 2
Views: 916

Yes, you could do that with a script. But, if you were to upgrade to 2.9, you could use the "connect list" feature, and be done with it. 2.7 is old . If you don't upgrade, you will be missing many features, and support will be hard to come by. --Eric (That is one weird provider you got there, IMHO)
by eflanery
Sat Apr 29, 2006 4:44 am
Forum: General
Topic: A bunch of questions for my wisp operation
Replies: 19
Views: 3047

IMHO, PPPoE just confuses things. Our network is fully firewalled and NAT'td, with just simple static IP's assigned by the installer. If your CPE has the right IP and WEP key, you're on. MikroTik keeps it running smoothly with bandwidth control, and the ability to knock non-paying users offline. Er...
by eflanery
Sat Apr 29, 2006 12:07 am
Forum: Wireless Networking
Topic: DFS Does not work
Replies: 1
Views: 612

It is likely selecting a frequency which doesn't cut it, like 5180, since there will be almost nothing there (in addition, the SR5 will scale back it's power, and your antenna patterns will likely become strange). Try listing the frequencies you _know_ work (try them manually, first), in the "scan l...
by eflanery
Fri Apr 28, 2006 8:26 pm
Forum: General
Topic: pppoe-relay
Replies: 29
Views: 18357

By PPPoE-relay you probably meant PPPoE to L2TP relay like this: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d2b1f.html http://www.rfc-archive.org/getrfc.php?rfc=3817 That was what I was referring to way-back-when. :) Not what others seem to want though. ...
by eflanery
Thu Apr 27, 2006 10:54 pm
Forum: Wireless Networking
Topic: Superchannel feature
Replies: 4
Views: 1825

It is separate from the "level" licences.

You need to contact MT sales.

--Eric
by eflanery
Thu Apr 27, 2006 10:49 pm
Forum: The User Manager
Topic: Mikrotik User Manager
Replies: 41
Views: 21325

I can see us using this for small systems, where we wish to delegate access control to the local administrators. Right now, we set them up with their own Radius/database servers. Or, if small enough, bridge everything back to a single concentrator, and use it's built-in authentication systems. When ...
by eflanery
Thu Apr 27, 2006 10:31 pm
Forum: General
Topic: Load Balancing T1's/Traffic
Replies: 7
Views: 1861

It's probably working in most cases because there is a cisco on both ends and they just deal with it right? If you had a mikrotik on both ends you could use bonding to do the same I believe... not 100% though. Sam If you create EoIP tunnels which travel over each T1, and bond those using the rr sch...
by eflanery
Thu Apr 27, 2006 10:02 pm
Forum: General
Topic: A bunch of questions for my wisp operation
Replies: 19
Views: 3047

Re: A bunch of questions for my wisp operation

Hi there I am trying to move everything on my wisp network over to mikrotik. I am going to put a router at every tower location with pppoe to dish out the ip's and do shaping. That is largely what we do. First off I need to know if certain routers do not work well with pppoe. I have used cheap d-li...
by eflanery
Thu Apr 27, 2006 9:24 pm
Forum: General
Topic: license email
Replies: 3
Views: 1785

That would be useful, but I don't think it would require a new feature.

It should be quite possable to create a script to do such a thing.

--Eric
by eflanery
Thu Apr 27, 2006 6:35 am
Forum: General
Topic: Debug possibilities for system not booting?
Replies: 6
Views: 1129

Strange indeed... Maybe try a different m/b then and see if that solves it... Never seen it myself yet, but I suppose at this stage anything is possible for you :D C Which would thus render the topic (debugging a particular MB) moot, no? :? Perhaps another MT can add to the next release... Give us ...
by eflanery
Thu Apr 27, 2006 6:23 am
Forum: General
Topic: WF2Q - how to ?
Replies: 1
Views: 525

by eflanery
Thu Apr 27, 2006 6:03 am
Forum: General
Topic: has 2.9.22 fixed 2 x 8602 on RB532?
Replies: 5
Views: 1015

I did, however, just notice that the signal level reading is a bit whacked: [admin@ProvCT-N] > int wir reg pr # INTERFACE RADIO-NAME MAC-ADDRESS AP SIGNAL... TX-RATE UPTIME 0 5gig-Omni 00026F3D907E 00:02:6F:3D:90:7E no -57dBm... 54Mbps 4w2d6h32m45s 1 5gig-Omni 00026F3D90AD 00:02:6F:3D:90:AD no -51dB...
by eflanery
Thu Apr 27, 2006 5:53 am
Forum: General
Topic: has 2.9.22 fixed 2 x 8602 on RB532?
Replies: 5
Views: 1015

Yup: [admin@ProvCT-N] > /int wir pr ; :put "" ; /int wir inf pr ; :put "" ; /sys reso pr Flags: X - disabled, R - running 0 R name="PC_N" mtu=1500 mac-address=00:02:6F:3D:90:B9 arp=enabled disable-running-check=no interface-type=Atheros AR5413 radio-name="00026F3D90B9" mode=ap-bridge ssid="PC_N" are...
by eflanery
Thu Apr 27, 2006 3:37 am
Forum: General
Topic: Load Balancing T1's/Traffic
Replies: 7
Views: 1861

I must being the only one out there still using T1 circuits or something. In a Cisco its as simple as adding "ip load-sharing per-packet" to the T1 config to equally balance T1's. Matthew Actually, I would guess that it has more to do with PPLB being a major can of worms, that no one (myself includ...
by eflanery
Wed Apr 26, 2006 11:53 pm
Forum: General
Topic: MUM: USA
Replies: 68
Views: 11294

I will sign you up, you two (Eflannery and KennyB), so that we can make some estimate of how many are interested.
Thanks, I saw that you wanted people to "sign up", but not any instructions for doing so.

BTW, there is only one 'n'. :P

--Eric
by eflanery
Wed Apr 26, 2006 11:46 pm
Forum: General
Topic: MAC and IP pairing
Replies: 1
Views: 728

If you aren't using the MT as the gateway, static ARP will not help. First, be sure you turn "default forwarding" off for your wireless interfaces, to prevent the clients from directly communicating. Then, in the firewall, create rules to drop packets that don't match your intentions: /ip firewall f...
by eflanery
Wed Apr 26, 2006 4:50 am
Forum: Wireless Networking
Topic: CDMA/EV-DO or CDMA
Replies: 1
Views: 958

I have not, could be cool though. I would guess that such a thing won't exist unless/until some large laptop maker wants to bundle one with their machines, given the target market for such things (i.e. not router users, nor users of hacked-up/custom laptops). Depending on the lengths you are willing...
by eflanery
Wed Apr 26, 2006 2:56 am
Forum: General
Topic: has 2.9.22 fixed 2 x 8602 on RB532?
Replies: 5
Views: 1015

I'm not sure how you came by that belief. We have had some issues with xMP-8602s, but those appear to be related to card revisions, and power settings / consumption. Not quite sure what to make of that, but most have been just fine. Off hand, at one installation, I have 2 RB532s running 2.9.17, with...
by eflanery
Wed Apr 26, 2006 1:03 am
Forum: General
Topic: minipci cards with expansion card
Replies: 1
Views: 586

It's seems more related to the order of enumeration, than to the actual physical slot. The first card recognised will be wlan1, the second wlan2, and so on. Everything else being equal, and all cards showing up at the same time, I would guess that it would follow the PCI-bus ID (just a guess). If yo...
by eflanery
Wed Apr 26, 2006 12:28 am
Forum: Wireless Networking
Topic: eXtended Range
Replies: 24
Views: 4179

Indeed, it would be beneficial in certain applications, and I would not mind if MT added support.

But, I don't think I would use it much (if at all). And I would encourage others to use it only as a last resort, I'm not eager to see 20Mhz of spectrum eaten up by a 150Kbps network.

--Eric
by eflanery
Wed Apr 26, 2006 12:20 am
Forum: General
Topic: MUM: USA
Replies: 68
Views: 11294

Looks like I will be able to make it afterall, wasn't sure until just now.

I'm really looking forward to it. :)

Now where do we sign up for the Steak Dinner? :D

--Eric
by eflanery
Tue Apr 25, 2006 10:54 pm
Forum: Wireless Networking
Topic: rb112 and throughput
Replies: 8
Views: 2016

Well, I would ditch the backfire antennas, those things are just about worthless. The pac-wireless 2ft solid dishes are inexpensive, and work quite well (other real dish antennas are quite good as well). After changing antennas, I would test modulations (data rates), one at a time. If you start to s...
by eflanery
Tue Apr 25, 2006 10:24 pm
Forum: Wireless Networking
Topic: eXtended Range
Replies: 24
Views: 4179

XR is hardly a standard, it's an Atheros-propritary extension. It's nothing more than a modulation change that makes the symbols "easier" to decode, since a significantly smaller amount of data is being encoded. By thrashing the spectrum, it makes it more likely that super-low-speed super-low-qualit...
by eflanery
Tue Apr 25, 2006 7:46 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75637

Parallel would be new, but for serial there is already: [admin@EricsHome] > :list tool sigwatch List of console commands under "/" matching "tool" and "sigwatch": tool sigwatch tool sigwatch add name= port= pin= on-condition= log= script= copy-from= disabled= tool sigwatch disable <numbers> tool sig...
by eflanery
Fri Apr 21, 2006 1:01 am
Forum: Scripting
Topic: Password script in Hotspot mode
Replies: 4
Views: 1270

:put [/ip hotspot user get [/ip hotspot user find name=username] password ]

--Eric
by eflanery
Wed Apr 19, 2006 9:49 pm
Forum: General
Topic: Do NOT route it in RIP
Replies: 1
Views: 1637

Using the regular routing package, lookup routing prefix-list in the manual.

With the routing-test package, look at the "bgp" routing filters, just use the rip-in and rip-out chains.

--Eric
by eflanery
Mon Apr 17, 2006 7:50 pm
Forum: General
Topic: Ubiquiti SR9 support
Replies: 50
Views: 21317

As with all radios, NLOS performance will be entirely depend on what is causing the NLOS. Trees?, Buildings?, Hills?, Walls?, Multiple?, Thick obstructions?, Thin obstructions?, Fully blocked Fresnel?, 50% blocked Fresnel?, etc.... It is pretty much imposable to pre-determine NLOS performance, witho...
by eflanery
Tue Apr 11, 2006 8:56 pm
Forum: General
Topic: 2.9.20 on demo2.mt.lv
Replies: 3
Views: 2344

Cool, thanks.
by eflanery
Tue Apr 11, 2006 3:04 am
Forum: General
Topic: 2.9.20 on demo2.mt.lv
Replies: 3
Views: 2344

2.9.20 on demo2.mt.lv

I notice that 2.9.20 is on the demo box now.

Think it would be possable to activate routing-test on it, so we can take a look at the new interface?

--Eric
by eflanery
Fri Apr 07, 2006 8:48 pm
Forum: General
Topic: EOIP security
Replies: 6
Views: 1511

Well, if by "security issue", you mean "has security not been addressed at all", then yes.

If you want security with EoIP, you will need to wrap it in something else (IPSec, L2TP, etc...).

--Eric
by eflanery
Thu Apr 06, 2006 10:20 pm
Forum: General
Topic: CPU usage details?
Replies: 9
Views: 1581

Systemtap may be worth keeping an eye on (http://sourceware.org/systemtap/), once it matures a bit, it could likely provide much of this info.

Or, if someone were to do a dtrace port.... :twisted:

--Eric
by eflanery
Thu Apr 06, 2006 9:28 pm
Forum: General
Topic: Winbox support for routing-test package
Replies: 25
Views: 4812

Cool, any idea when routing-test will go "mainstream"/"production-stable"?

--Eric
by eflanery
Wed Apr 05, 2006 2:13 am
Forum: General
Topic: Radius client and Bandwidth limiting
Replies: 13
Views: 3099

Or, you can go in and manually modify the values in the already-existing dynamically created queue. That lets you apply changes as needed, without bumping the customer.

--Eric
by eflanery
Wed Apr 05, 2006 1:54 am
Forum: Scripting
Topic: Scheduler (delay) what does it do?
Replies: 3
Views: 1886

That would be :delay, what Sten was referring to is "/sys sch find delay=". I'm not clear about this either, since the delay= parameter does not hang around after adding a scheduled item. As far as I can tell, "/sys sch add delay=" simply pushes ahead start-time by the given number of seconds. I can...
by eflanery
Wed Mar 29, 2006 12:07 am
Forum: Wireless Networking
Topic: Let’s talk on 2.9.18!
Replies: 3
Views: 1107

So far, I'm only running it on some test boxes, and haven't deployed it in the wild.

Unlike some recent versions, I have not seen any show stoppers yet.

--Eric
by eflanery
Tue Mar 28, 2006 11:06 pm
Forum: Wireless Networking
Topic: 5mhz width, more or less clients
Replies: 5
Views: 1439

AFAIK, It does indeed require MTs on both ends, but since it is based on an Atheros hardware feature, that may not necessarily always be the case. In theory (I have not actually measured it), 5mhz channels should give you 6dB greater SOM than 20mhz channels, since your spectral power density would b...
by eflanery
Tue Mar 28, 2006 10:01 pm
Forum: Wireless Networking
Topic: Nstreme dual
Replies: 2
Views: 1097

Well, -65dBm is an indication of the signal level, not the quality. It is quite possable to have a very strong, but completely scrambled, signal.

Swapping TX/RX frequencies could give a good indication of where you should look for a problem (over the air issues, configuration issues, etc...).

--Eric
by eflanery
Tue Mar 28, 2006 9:49 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75637

In addition to error handling, as changeip suggests, I would like to see support for printed output based upon regex matches ("vendor C"'s | incl, or even ye-olde grep, for example. Things like large routing tables are awkward to deal with using find, :find, :pick, etc...). Also, more flow control o...
by eflanery
Tue Mar 28, 2006 12:42 am
Forum: General
Topic: Ubiquiti SR9 support
Replies: 50
Views: 21317

Somehow I doubt that, it being 900Mhz and all. :wink:

(Not to mention that no one I know of has seen anything more than a prototype as of yet.)

--Eric
by eflanery
Mon Mar 27, 2006 9:49 pm
Forum: General
Topic: minor HCI usability wishes
Replies: 27
Views: 9171

Another minor interface issue...

It would be nice if Ctrl-D, in winbox terminals, were sent through to the process, rather than closing the window.

--Eric
by eflanery
Fri Mar 24, 2006 10:10 pm
Forum: Wireless Networking
Topic: is it VIRUSES ??
Replies: 4
Views: 1186

Well, since the interface in the log you posted is named in-internet , my guess is that they would be coming in from the internet . Could be wrong though; if you have an IP-enabled toaster, and named the toaster facing interface in-internet , then it would be coming from the toaster. :lol: --Eric
by eflanery
Fri Mar 24, 2006 2:27 am
Forum: Wireless Networking
Topic: is it VIRUSES ??
Replies: 4
Views: 1186

Someone is (or several someones are) trying to establish a TCP connection to your router.

Not really all that unusual.

--Eric
by eflanery
Fri Mar 24, 2006 2:16 am
Forum: General
Topic: 2.9.18 released ...
Replies: 3
Views: 957

It didn't, just make your terminal window a bit wider.

Or do "/ip address print detail"

--Eric
by eflanery
Thu Mar 23, 2006 6:10 am
Forum: Scripting
Topic: Bug in /ip firewall filter print without-paging
Replies: 1
Views: 970

Unlike 2.8, you have to tell it what sort of rules you want printed.

This works:
/ip firewall filter print all without-paging
--Eric
by eflanery
Thu Mar 23, 2006 6:08 am
Forum: Scripting
Topic: get contents of a file
Replies: 2
Views: 1687

Well, it does seem to give the contents: [admin@EricsHome] file> :put [/file get someips.txt contents ] 1.2.3.4 100.200.200.100 4.3.2.1 But, it does appear to be crlf terminated in the DOS style, and when I try looping through it with :foreach, I get this: [admin@EricsHome] file> :foreach x in [/fil...
by eflanery
Thu Mar 23, 2006 5:53 am
Forum: General
Topic: VLAN & Hotspot | Radius Questions
Replies: 5
Views: 893

Nice, I had not noticed that.

--Eric
by eflanery
Wed Mar 22, 2006 1:36 am
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75637

Not to mention 6% packet loss. :roll: eflanery@wireless:~$ mtr -rc 100 usa2.mikrotik.com HOST LOSS RCVD SENT BEST AVG WORST 12.127.79.9 0% 100 100 9.59 10.91 17.38 gbr1-p70.st6wa.ip.att.net 0% 100 100 60.54 61.88 63.94 tbr2-cl10.sffca.ip.att.net 0% 100 100 59.57 60.98 64.59 tbr1-cl30.sffca.ip.att.ne...
by eflanery
Tue Mar 21, 2006 10:02 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75637

some people say the opposite about it's speed :) we will check this Well, since 2.9.18 was just released, I downloaded it from both. From the "Latvian"* link (http://www.mikrotik.com), it took 7sec, at a rate of 1534KBps (big B). From the USA link (usa2.mikrotik.com), it took 7min 30sec, at a rate ...
by eflanery
Tue Mar 21, 2006 9:02 pm
Forum: General
Topic: VLAN & Hotspot | Radius Questions
Replies: 5
Views: 893

Well, it does not just "contain" the name/number, you have to put it there. This is not using the feature as it was intended (and is thus rather hack-ish), but it can be made to work.

--Eric
by eflanery
Tue Mar 21, 2006 8:47 pm
Forum: General
Topic: SNMP
Replies: 54
Views: 26943

actually we are also preparing an open API for configuration of the router, so you can develop your own applications that connect to the router and configure/control it. this is not connected to SNMP but i guess you will also like that
Sweet!

Thank you, thank you, thank you!!!!!!

--Eric
by eflanery
Tue Mar 21, 2006 7:15 am
Forum: General
Topic: VLAN & Hotspot | Radius Questions
Replies: 5
Views: 893

Funny you mention that.

It's not quite as you describe, but you may find what I just posted here: http://forum.mikrotik.com/viewtopic.php?t=7446 usefull.

--Eric
by eflanery
Tue Mar 21, 2006 5:50 am
Forum: Scripting
Topic: Redirection page/script?
Replies: 9
Views: 3578

Here is a simple one, used as login.html on a MT. This one does not quite work as I described; in this case, the client based redirection only happens on the MT -> server link, does not involve radius, and the server does not send back further javascript. The actual enabling is done via a persistant...
by eflanery
Tue Mar 21, 2006 3:08 am
Forum: Wireless Networking
Topic: Secure vlan trunk and wisp
Replies: 12
Views: 4965

Unlike Cisco, there isn't a need (or a way) to designate a VLAN/SSID as "native", but the rest is easy. You need to be using Atheros cards, but that is the only "special" requirement. Just add VLANs to your ethernet interfaces, and VirtualAPs to your wireless cards. Create a number of bridges, and p...
by eflanery
Mon Mar 20, 2006 11:10 pm
Forum: General
Topic: SNMP
Replies: 54
Views: 26943

Yeah, I've worn a few too many hats in my time. Once upon a time, I even wrote shim code to tie ancient USDA Fortran code in with modern DoD CORBA systems, how wrong is that? :twisted: No, I wouldn't expect the "standard router user" to know about CORBA, but MT isn't exactly a "standard router", nor...
by eflanery
Mon Mar 20, 2006 10:42 pm
Forum: Scripting
Topic: Redirection page/script?
Replies: 9
Views: 3578

For similar situations, we do this: Have the MT redirect the client to the login server, passing along the necessary variables. The server then performs the necessary authentication and setup tasks, including the creation of a proper entry on the radius servers. It then responds to the client with a...
by eflanery
Mon Mar 20, 2006 10:26 pm
Forum: General
Topic: SNMP
Replies: 54
Views: 26943

I would say that it would not just be nice to have everything that has a "print count-only" option, but everything that has a "print" command of any sort. In fact, I would like to see SNMP become as full-featured as the command line. It should be quite possable, even if some parts get a bit confusin...
by eflanery
Mon Mar 20, 2006 9:59 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75637

A MT 'mirror' website
we already have a US mirror, look in the download page
Yea, but how about a _GOOD_ US mirror?

I.e. One that isn't 1/10th the speed of the Latvian server, for those of us in the US (or other places well connected to the US).

--Eric
by eflanery
Sun Mar 19, 2006 6:39 am
Forum: Wireless Networking
Topic: MESH with MikroTik
Replies: 38
Views: 29617

by eflanery
Sun Mar 19, 2006 3:53 am
Forum: General
Topic: Vlans over EOIP ?
Replies: 3
Views: 957

Yes
by eflanery
Sun Mar 19, 2006 3:52 am
Forum: General
Topic: Repeater Site public IP assignment Problem
Replies: 4
Views: 1009

OSPF, with redistribute-connected=yes

--Eric
by eflanery
Sun Mar 19, 2006 3:49 am
Forum: Wireless Networking
Topic: crazy link
Replies: 3
Views: 954

In a situation like that, I would think the 14dBi circular antennas would actually do better than 19dBi linear antennas. I would suggest recieve diversity, or even mimo, but MT dosen't do that. Best bet would be to find a way to get the antenna outside somehow, then switch to higher-gain linear ante...
by eflanery
Sat Mar 18, 2006 8:05 pm
Forum: General
Topic: MT+VMware
Replies: 6
Views: 1114

That should be plenty of computer, guess I am at a loss. At home I will run 5 or so on an old Duron system, without seeing problems like that. And yes, I generally agree that a router should be a dedicated box. But, for experimentation it's great. I think it's also useful as a router/firewall for ot...
by eflanery
Sat Mar 18, 2006 7:52 pm
Forum: General
Topic: dsa keyed SSH
Replies: 20
Views: 9828

Oh, and as for the OPs point, getting the public key from Radius would be great, and I wouldn't think it would be all that hard to add.

How about it MT guys?

--Eric
by eflanery
Sat Mar 18, 2006 7:49 pm
Forum: General
Topic: dsa keyed SSH
Replies: 20
Views: 9828

Generate a pair of DSA keys elsewhere (I am using OpenSSH's ssh-keygen), then copy the public key file to your MT(s). Import the public key file, and tie it to a username (part of the import command). From that point on, when you SSH/SCP/SFTP to the router using that username, you can use DSA authen...
by eflanery
Sat Mar 18, 2006 7:44 pm
Forum: General
Topic: Bulk configuration tool...
Replies: 12
Views: 5794

Complete SNMP support would be great, but there are some additional complications with sophisticated systems like MT. The thought of trying to control things like the hotspot, queues, policy routing, or the routing filter via SNMP gives me shivers. As for exectuing a script from a file, you can just...
by eflanery
Sat Mar 18, 2006 2:23 am
Forum: General
Topic: Bulk configuration tool...
Replies: 12
Views: 5794

SSH driven by shell/python/perl/etc... scripts is the newbie-friendy way, it uses exactly the same commands as the MT command line.

I would love to see an open-source API, but I think that would generally be considered the advanced thing for coolhackers. :twisted:

--Eric
by eflanery
Fri Mar 17, 2006 9:33 pm
Forum: General
Topic: TOP URGENT problem: L2TP server with 2 or more wan interface
Replies: 7
Views: 1515

Actually, it is based on the source IP of the return packets. If you attempt to establish a tunnel to an IP on your router, which is not the IP it will source the response from, many clients (including windows) will get confused, and it will fail. You can solve this by making sure that l2tp/pptp res...
by eflanery
Fri Mar 17, 2006 9:18 pm
Forum: Wireless Networking
Topic: Staion with Ntreme and bridging
Replies: 5
Views: 1218

"Nstreme AP-Bridge WDS" to "Nstreme AP-Bridge (or WDS-slave) WDS" does not work, but "Nstreme AP-Bridge WDS" to "Nstreme Station-WDS WDS" works fine.

It makes sense, in a polling AP to polling AP situation, who would control the polling?

--Eric
by eflanery
Fri Mar 17, 2006 9:12 pm
Forum: General
Topic: RFC 3021 and ROS
Replies: 5
Views: 2565

And you can use OSPF on these links to. Just don't forget to specify the interface as being point-to-point.
Or, on older (2.8) systems where that isn't an option, encapsulate it in a PPP link of some sort (l2tp, etc...), works like a charm (usually).

--Eric
by eflanery
Fri Mar 17, 2006 9:09 pm
Forum: General
Topic: MT+VMware
Replies: 6
Views: 1114

Don't know whats wrong with your setup, weak computer perhaps?

MT works on VMWare just fine, even if it is of somewhat limited practical usefulness. But, for experimentation, it is nice to be able to quickly fire up a dozen level 0 MTs on a single box, and try crazy things out.

--Eric
by eflanery
Thu Mar 16, 2006 9:33 pm
Forum: Scripting
Topic: Scripting.. missing :unset command
Replies: 4
Views: 2610

:unset only works in 2.8. In 2.9, just use :set without a new value:

> :global foo 17
> :env pr

Global Variables
foo=17
Local Variables

> :set foo
> :env pr

Global Variables
Local Variables

--Eric
by eflanery
Thu Mar 16, 2006 9:04 pm
Forum: General
Topic: RFC 3021 and ROS
Replies: 5
Views: 2565

I don't know, never tried it. But, MT does support an even more efficient method. You can just use /32s, the addresses don't have to be adjacent, and they can be reused on multiple interfaces. i.e.: router1 /ip address add address=1.1.1.1/32 network=2.2.2.2 interface=to-router2 /ip address add addre...
by eflanery
Wed Mar 15, 2006 9:28 pm
Forum: General
Topic: How to avoid dst-nat masquing origin IP address...
Replies: 5
Views: 1034

Your rule:
chain=srcnat action=masquerade
Will match everything.

Since you can't match on outgoing interface, due to your routing, just match on the IPs you want to MASQ:
chain=srcnat src-address=10.154.24.0/24 action=masquerade
--Eric
by eflanery
Fri Mar 10, 2006 2:08 am
Forum: Wireless Networking
Topic: 900MHz
Replies: 4
Views: 1241

Right now, about the only thing that would fit are 2.4->900 down converters. If you really wanted it to frequency hop, you could probably dig up some old 2Mbit 802.11 (not a b or g) cards.

I wouldn't recomend it though. I would just wait for the SR9s.

--Eric
  • 1
  • 2