Community discussions

Search found 12 matches

by ohitz
Fri Oct 27, 2017 10:03 am
Forum: General
Topic: Site-to-site IPsec with VRFs
Replies: 0
Views: 340

Site-to-site IPsec with VRFs

Hi all, I have a Mikrotik CCR I would like to use as central IPsec hub for site-to-site VPNs for multiple customers. In order to isolate the different customers, I would like to place them in different VRFs. For each customer, I have a VLAN interface I place in that VRF. The customers in question do...
by ohitz
Tue Oct 24, 2017 1:04 pm
Forum: Forwarding Protocols
Topic: Create BGP Peer within VRF
Replies: 8
Views: 4112

Re: Create BGP Peer within VRF

For our use case we're actually just defining a simple catch-all Route Rule of "0.0.0.0/0 lookup table:backbone" as this of course also takes care of issues with some other non-VRF aware management/control plane protocols. You could just specify /32 rules for the BGP peer IPs though if that is all ...
by ohitz
Fri Aug 18, 2017 8:58 am
Forum: General
Topic: Redundant IPsec tunnels
Replies: 5
Views: 1453

Re: Redundant IPsec tunnels

Thanks for your suggestion. I will see if my peer allows me to do that.
by ohitz
Fri Aug 18, 2017 12:09 am
Forum: General
Topic: Redundant IPsec tunnels
Replies: 5
Views: 1453

Re: Redundant IPsec tunnels

Oh, I forgot to write that when I tear down the active peer, I lose connectivity, so no redundancy there, which is what I was expecting. The policy which is marked "Invalid" and "Active" doesn't become "Active" automatically. It stays "IA", until I disable and re-enable it. But this is not what I ex...
by ohitz
Thu Aug 17, 2017 5:46 pm
Forum: General
Topic: Redundant IPsec tunnels
Replies: 5
Views: 1453

Redundant IPsec tunnels

Hi all, In order to create two redundant IPsec tunnels to two destinations, I have created two IPsec policies with the same src-address and dst-address, but with a different sa-dst-address. This results in two properly set up SA's to the two destinations, but for some reason one of the policies show...
by ohitz
Tue Mar 29, 2016 6:38 pm
Forum: General
Topic: Sudden 100% CPU load and packet loss when handling large amounts of packets
Replies: 7
Views: 1359

Re: Sudden 100% CPU load and packet loss when handling large amounts of packets

Have you understand what was the problem? No, unfortunately not. I haven't been able to reproduce it reliably in order to file a bug report. I still have this on my to-do list, but at this moment my customer doesn't want me to conduct more tests with his infrastructure since they will go into produ...
by ohitz
Fri Mar 18, 2016 1:21 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 106607

Re: v6.35rc [release candidate] is released, new wireless package!

*) snmp - fix getbulk result ordering with multiple request OIDs;
Excellent! I confirm this works, you can therefore close Ticket#2016030366000916.

Thanks,
Oliver
by ohitz
Wed Mar 16, 2016 9:26 pm
Forum: General
Topic: Bonding of bonded interfaces
Replies: 3
Views: 994

Re: Bonding of bonded interfaces

Just a short follow-up on this topic, in case somebody else has this problem. We ended up bridging the two LAGs and using RSTP to avoid loops. This works quite well.

Best regards

Oliver
by ohitz
Wed Mar 16, 2016 6:01 pm
Forum: General
Topic: Sudden 100% CPU load and packet loss when handling large amounts of packets
Replies: 7
Views: 1359

Re: Sudden 100% CPU load and packet loss when handling large amounts of packets

Thanks for the quick reply! There is no firewalling, mangling or QoS configured, and I haven't changed any of the queueing settings. We use LACP, bridging, VRRP and BGP. I have the feeling that the problem is less likely to happen when the router is rebooted. Before the last reboot, the problem arri...
by ohitz
Wed Mar 16, 2016 5:32 pm
Forum: General
Topic: Sudden 100% CPU load and packet loss when handling large amounts of packets
Replies: 7
Views: 1359

Sudden 100% CPU load and packet loss when handling large amounts of packets

Hi all, We are currently stress testing our CCR1016-12G in order to see where its limits are. We are sending more than 1M PPS (64-byte UDP packets) from a host directly connected to the CCR. The router happily routes all this traffic, CPU load is between 0 and 10%. Very suddenly (after a random time...
by ohitz
Wed Feb 24, 2016 10:37 pm
Forum: General
Topic: Bonding of bonded interfaces
Replies: 3
Views: 994

Re: Bonding of bonded interfaces

You should probably use RSTP on the bridge itself, and let spanning tree do the active/passive failover behavior. I'm surprised that this even worked in the first place - are the two switches configured as a stack or are they standalone switches? Thanks for the quick reply! The switches are standal...
by ohitz
Wed Feb 24, 2016 10:21 pm
Forum: General
Topic: Bonding of bonded interfaces
Replies: 3
Views: 994

Bonding of bonded interfaces

Hi all, I have the following situation: - CCR1016-12G running 6.34.2 - 2 LAGs (bonding1, bonding2) with four 1 GigE links each, connected to two switches. - 1 active-backup bonding interface (bonding3) to provide a fault tolerant connection to the switches. The configuration looks as follows: Flags:...