Community discussions

Search found 97 matches

by borisk
Sat Mar 09, 2019 7:35 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 152240

Re: RouterOS v7.0 beta1 - when?

Guys, what are you arguing about? Everyone of us knows the v7 release date. Really. Just a mathematics. We are at 6.44 now. Each release requires 3-4 months. So.... 700 - 644 = 56 release cycles. 56 * 4 / 12 = 18,(6) years. So, the year 2037 will be year of 7.00 release!

P.S. Don't thank
by borisk
Sun Oct 22, 2017 2:35 pm
Forum: General
Topic: [6.40.4]: VRF
Replies: 0
Views: 334

[6.40.4]: VRF

Hello! Before I used VRF with Cisco. Now I want to try with Mikrotik. And I wonder. Cisco: interface Loopback0 ip vrf forwarding red ip address 1.1.1.1 255.255.255.255 and I can just ping 1.1.1.1 from main table and can with ping vrf red 1.1.1.1. Mikrotik, my very simple config: # oct/22/2017 11:59:...
by borisk
Fri May 19, 2017 8:29 am
Forum: General
Topic: vlan for CCR1036 and CCR1016 doesnt work!
Replies: 1
Views: 433

Re: vlan for CCR1036 and CCR1016 doesnt work!

What parent for vlan50 did you use?
by borisk
Thu May 18, 2017 9:14 pm
Forum: General
Topic: Vlan interface placement
Replies: 9
Views: 1034

Re: Vlan interface placement

As as usual there are many ways.... and depends on your L2 equipment. I prefer LACP (bonding) and Q-in-Q. May be Q-in-Q will be not suitable for You and even LACP too. To advise something to You please be more specific. For example: 1) I have Mikrotik model XXX 2) It will be used as router / bras / ...
by borisk
Thu May 18, 2017 7:58 am
Forum: General
Topic: Vlan interface placement
Replies: 9
Views: 1034

Re: Vlan interface placement

Would You please give us more information about your task?
In most causes, imho, bridge is a bad idea.

Regards,
Boris
by borisk
Wed May 17, 2017 1:29 pm
Forum: General
Topic: [6.36] High CPU usage behaviour
Replies: 0
Views: 243

[6.36] High CPU usage behaviour

Hello! We have CCR1036-8G-2S+ acting as pure router. Simple routing + OSPF + few simple queues (75 for present), firewall off. Client configured with a simple queue 52 name="175:433" target=VL1.251 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=500M...
by borisk
Mon Apr 17, 2017 9:28 am
Forum: General
Topic: Help with HTB please
Replies: 8
Views: 1004

Re: Help with HTB please

sash7, for the present topology is: CCR-1016 (CR1 core router) -- eth0 - link to BR1 (border router 1) -- eth1 - planned for BR2 -- eth2 - link to DSW1 (distribution switch 1) -- eth3 - link to DSW2 (distribution switch 2) -- eth4 - link to CSW1 (customer switch 1) Each of DSW accumulates links from...
by borisk
Sun Apr 16, 2017 8:36 pm
Forum: General
Topic: Help with HTB please
Replies: 8
Views: 1004

Re: Help with HTB please

sash7, I already trying. But I can't fully understand how to distinguish "local" traffic. I have read https://wiki.mikrotik.com/wiki/How_to_apply_different_limits_for_Local/Overseas_traffic , but Wiki for Queue is outdated and does not fully explain what packet-marks do in this case. Would You expla...
by borisk
Sun Apr 16, 2017 5:05 am
Forum: General
Topic: Help with HTB please
Replies: 8
Views: 1004

Re: Help with HTB please

Why do you want to limit local and a client. Dear Arnolis! I want to limit "internet" traffic and not to limit "local" traffic. Mikrotik is the "core" router where some client are connected directly (VLANs) and other via CPEs (routed). Yes, I know that common practice is to do shaping on CPEs, but ...
by borisk
Sun Apr 16, 2017 4:58 am
Forum: General
Topic: QoS & shaping simultaneously
Replies: 4
Views: 710

Re: QoS & shaping simultaneously

I have explained before how to do this, I suggest you do your homework.
Dear pe1chl! May be am I blind, but where You did it? Somewhere in this forum or wiki? Have googled, but found nothing :( If you remember where your explanation is - would You point please?

Regards,
Boris
by borisk
Sat Apr 15, 2017 3:02 pm
Forum: General
Topic: Help with HTB please
Replies: 8
Views: 1004

Re: Help with HTB please

well it's strange use of queue tree, no limits, parent with one child... There will be many childs. One child is in my example. Limits are set on users queues. You asked about traffic. Yes, there is no mangle rule for pm_tagnet_down_local for the present, but... what if there will be no "local" tra...
by borisk
Sat Apr 15, 2017 2:49 pm
Forum: General
Topic: QoS & shaping simultaneously
Replies: 4
Views: 710

Re: QoS & shaping simultaneously

Sure that is possible.
Dear pe1chl! Would You please point me how to complete my task? May be a short example?

Regards,
Boris
by borisk
Sat Apr 15, 2017 12:56 pm
Forum: General
Topic: Help with HTB please
Replies: 8
Views: 1004

Help with HTB please

Dear gurus! There is something wrong with my understanding of HTB. So I used https://wiki.mikrotik.com/wiki/Manual:HTB as example. I want to build next tree: -- q_down (parent global, no limits) ---- q_down_local (parent q_down, no limits) ---- q_down_user1 (parent q_down, 10Mbit limit) So I configu...
by borisk
Sat Apr 15, 2017 7:49 am
Forum: General
Topic: QoS & shaping simultaneously
Replies: 4
Views: 710

QoS & shaping simultaneously

Hello! Dear Mikrotik gurus! Would You please show me the right way? We need to shape & qos our client at the same time. The criterias are: 1) Each client is shaped by tariff 2) Local traffic is not shaped 3) Other traffic must not exceed tariif limit and QoS must be applied: a) HLS servers got prior...
by borisk
Sun Apr 02, 2017 7:17 pm
Forum: General
Topic: Do I need connection tracking?
Replies: 8
Views: 1259

Re: Do I need connection tracking?

Have read about fasttrack. Restriction for fasttrak is only TCP and UDP pakets, so, not all user packets will be fasttracked and may go to queues.
by borisk
Sun Apr 02, 2017 7:10 pm
Forum: General
Topic: Do I need connection tracking?
Replies: 8
Views: 1259

Re: Do I need connection tracking?

Hello!

address-list ACL_LOCAL serves list of my local networks

Regards,
Boris
by borisk
Sat Apr 01, 2017 10:19 pm
Forum: General
Topic: Do I need connection tracking?
Replies: 8
Views: 1259

Re: Do I need connection tracking?

Would You please give an example? Is connection tracking needed in this case?
by borisk
Sat Apr 01, 2017 12:37 pm
Forum: General
Topic: Do I need connection tracking?
Replies: 8
Views: 1259

Re: Do I need connection tracking?

With mangle I only mark local traffic to put it in unlimited simple queue (if there is another way to not pass local traffic to user queue I will glad to hear about) Yes, I tried auto and got about 200k connetions with a first 10-15 seconds. Router serves about 8k IP's so I suppose total count of ac...
by borisk
Sat Apr 01, 2017 11:15 am
Forum: General
Topic: Do I need connection tracking?
Replies: 8
Views: 1259

Do I need connection tracking?

Hello! I have CCR-1016 used as core router. Only routing (IPv4, OSPF, BGP) and simple queues. No NAT, very few mangle rules for packet marking. System serves about 1.5Gbps. CPU is about 25%. For the time present is set connection tracking to "no". But may be I'm wrong and do I need connection tracki...
by borisk
Fri Mar 31, 2017 8:15 am
Forum: General
Topic: Entries in /ip firewall connection
Replies: 0
Views: 271

Entries in /ip firewall connection

Hello! I have CCR-1016 with ROS 6.38.1 installed. /ip firewall connection tracking is set to "no". I do not use NAT and firewall rules, only mangle section for packet marking and HTB. But I see many active entries in /ip firewall connection print. Why they are there? Is this normal behaviour, or thi...
by borisk
Thu Mar 30, 2017 7:02 pm
Forum: Beginner Basics
Topic: HTB question
Replies: 2
Views: 345

Re: HTB question

But I'm worring for perfomance on my CCR1016. CPU already at 20% without queues.
by borisk
Thu Mar 30, 2017 3:30 pm
Forum: Beginner Basics
Topic: HTB question
Replies: 2
Views: 345

HTB question

Hello! Would You please explain about HTB? I can't understand about queues for upload/download traffic in case where I can't use "interface" as "target", as there are many interfaces traffic may go via. I found previously there was global-in and global-out parent, but they were deprecated. So what i...
by borisk
Mon Jan 02, 2017 6:56 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 36806

Re: v6.38 [current] is released!

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris
by borisk
Thu Oct 27, 2016 2:55 pm
Forum: Forwarding Protocols
Topic: Routing filter. I'm crazy again??
Replies: 0
Views: 533

Routing filter. I'm crazy again??

Hello! Here is the filter: 0 chain=rm-bgp-AS_STD-out match-chain=pl-rfc5735 invert-match=no action=discard set-bgp-prepend-path="" 1 chain=rm-bgp-AS_STD-out prefix=0.0.0.0/0 prefix-length=8-24 bgp-communities=30910:300 invert-match=no action=accept set-bgp-prepend-path="" 2 chain=rm-bgp-AS_STD-out p...
by borisk
Thu Oct 20, 2016 5:12 pm
Forum: General
Topic: BUG: (BGP) Filter community match not working with community 0:0
Replies: 9
Views: 1849

Re: BUG: (BGP) Filter community match not working with community 0:0

The answer of Mikrotik support last week: All your mentioned features and fixes are part of v7 TODO list. Unfortunately I cannot tell you when exactly v7 will be ready, if it will take too much time probably to satisfy customers we will try to improve v6 with most critical requests and bugfixes. Fix...
by borisk
Thu Oct 20, 2016 4:59 pm
Forum: General
Topic: V7 ALPHA/BETA Testers needed?
Replies: 45
Views: 10488

Re: V7 ALPHA/BETA Testers needed?

We ALL are ready! Unfortunatelly - the ROSv7 is "far far away galaxy". And ROSv6 is totally unusable in real BGP ISP enviroment.
by borisk
Wed Sep 21, 2016 9:46 am
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

Chupaka, thanks, your idea is good and have to work. But different relays will do our billing configuration too and unnecessary complicated :(

Regards,
Boris
by borisk
Tue Sep 20, 2016 1:20 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

Hello! The idea is simple - to secure the network and the users and to save the ISP address space. 1) How to save - there is one big supernet for all users instead of small subnets for everyone 2) How to secure - users are L2 isolated (different vlans) and also there is no traffic to user until dire...
by borisk
Sat Sep 17, 2016 9:38 am
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

So, to continue... The Cisco like unnumbered mechanics works in case: 1) empty bridge for supernet 2) unnumbered vlan 3) dhcp relay on unnumbered vlan with local-address=bridge_ip 4) ip route client's with gateway to vlan Unfortunately this works only for one vlan, because local-address must be uniq...
by borisk
Sat Sep 17, 2016 9:24 am
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

Hello!

I got working configuration with bridge and vlan. The only problem is that users are bound to bridge, not the unnumbered vlan, so Cisco like idea isn't work.

Regards, Boris
by borisk
Thu Sep 15, 2016 7:29 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

pukkita? Would You please explain your idea about bridges?

Regards,
Boris
by borisk
Tue Sep 13, 2016 8:05 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

@pukkita, I'm wondering, what ips you're using on pppoe loopbacks? Private ip for loopback and public for users? Yes, this is possible, but violates internet routing policy. I mean - we not use public addresses for unnecessary reasons, for example for management reasons. As I wrote before - assignin...
by borisk
Tue Sep 13, 2016 7:19 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

As for IPv6 - Mikrotik MPLS isn't ready for it. Also no features like NAT64.

Regards, Boris
by borisk
Tue Sep 13, 2016 7:16 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

We don't use public IPs for equipment. We don't use unnecessary subnetting. And to not to do unnecessary subnetting there is Cisco like "IP unnumbered". We can implement it with static and can't with DHCP. I want understand why - this is just a bug and it will be solved, or this is ROS6 limitation a...
by borisk
Tue Sep 13, 2016 6:28 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

And yes, @pukkita, thanks for presentation. I know what MPLS is, I know how to interact with it. But it can solve only one of my problem - client isolation. And this is a little evil in comparision of small IPv4 space which MPLS can't solve. Am I still wrong?

Regards,
Boris
by borisk
Tue Sep 13, 2016 6:18 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

From a view of ISP - there are many disadvantages to use PPPoE or any other form of additional encapsulation. Yes, I agree, it's very simple to admin and hard to solve problems, especcialy if they are on user side and if they are on user's router. And sometimes users use their own tunnels which have...
by borisk
Tue Sep 13, 2016 6:12 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

@pukkita, tried your receipt. Unfortunatelly, after adding vlans to bridge (no matter what horizon value used) traffic stop in this vlans. Removing them from bridge returns normal behaviour. 1 R name="Loopback1" mtu=auto actual-mtu=1500 l2mtu=1576 arp=enabled arp-timeout=auto mac-address=E4:8D:8C:3C...
by borisk
Tue Sep 13, 2016 5:31 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

Now my VLANs are children of Bonding LACP interface and I need they do. May I use this scheme with bonding or may I encapsulate bridge as child of bonding? Why I need this scheme: we are an ISP with a small number of IPv4 addresses. For some reasons we can't use NAT for our users. For security reaso...
by borisk
Tue Sep 13, 2016 3:50 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

Detailed description: One interface (named Loopback) holds /24 supernet. Other interfaces (misc vlans) stay without ip address, with only DHCP relay enabled on it. When there is DHCP Discover request, it must be relayed to our DHCP server. There is a script on our DHCP server, when the address is as...
by borisk
Tue Sep 13, 2016 2:27 pm
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

Re: [BUG?] DHCP relay

I try to repeat Cisco "ip unnumbered" feature. Where there is one supernet interface with ip address, and other interfaces without ip address. But routing is still possible,
by borisk
Tue Sep 13, 2016 9:46 am
Forum: General
Topic: [BUG?] DHCP relay
Replies: 24
Views: 2287

[BUG?] DHCP relay

Hello! I tried to realize "ip unnumbered" with ROS 6.36 and DHCP relay enabled. All was fine while I tested with only one VLAN. When I created 3 VLANs the troubles begin. My configuration: [boris@MikroTik] /routing filter> /interface print detail where name=Loopback1 Flags: D - dynamic, X - disabled...
by borisk
Sun Sep 11, 2016 7:32 pm
Forum: General
Topic: DHCP Relay
Replies: 12
Views: 1269

Re: DHCP Relay

No, dhcp relay in switches is bad idea too from a view of security. Switches are placed in internal secured vlan without access to public internet. They only insert option 82, and relaying is done by Mikrotik. This is exactly I want and it works.

Regards,
Boris
by borisk
Sat Sep 10, 2016 8:27 am
Forum: Forwarding Protocols
Topic: What's wrong with my out filter????
Replies: 5
Views: 1200

Re: What's wrong with my out filter????

ZeroByte, it is common practice for transit ISP, as me. With passing communities on users prefixes I permit users to more precisely route traffic based on upstream policy (for example user do not want to receive some kind of traffic from my upstream). So I can't replace communities, only append. Dro...
by borisk
Sat Sep 10, 2016 8:05 am
Forum: General
Topic: no ip source-route
Replies: 1
Views: 695

Re: no ip source-route

by borisk
Sat Sep 10, 2016 7:53 am
Forum: General
Topic: DHCP Relay
Replies: 12
Views: 1269

Re: DHCP Relay

ZeroByte, I know! But mac authorization isn't suitable for me. I checked, ROS passthrough option 82, so my problem is solved. Thanks to all!

Regards, Boris.
by borisk
Fri Sep 09, 2016 11:29 am
Forum: Forwarding Protocols
Topic: /27 Public Ip Pool
Replies: 4
Views: 1069

Re: /27 Public Ip Pool

If should use right routes:
/ip route add dst-address=172.16.1.0/24 gateway=ip of router2 Wan on first router
/ip route add dst-address=10.20.0.0/24 gateway=ip of router1 on second

Of course if you are not using nat.

Regards, Boris
by borisk
Thu Sep 08, 2016 8:17 pm
Forum: General
Topic: Terrible slow API?
Replies: 0
Views: 279

Terrible slow API?

Hello! CLI version: [boris@MikroTik] /routing filter> /ip route print where dst-address=89.223.20.65/32 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A...
by borisk
Thu Sep 08, 2016 8:11 pm
Forum: General
Topic: DHCP Relay
Replies: 12
Views: 1269

Re: DHCP Relay

Really.... thanks!
by borisk
Wed Sep 07, 2016 9:25 pm
Forum: General
Topic: DHCP Relay
Replies: 12
Views: 1269

Re: DHCP Relay

Dear ZeroByte!

I respect your opinion but I need support of option 82 as it done in many L2 devices. I need opt82 with vlan id encoded, or I need ROS to just passthrough and relay opt82 from my L2 switches. Is this possible?

Regards,
Boris
by borisk
Wed Sep 07, 2016 6:57 am
Forum: Forwarding Protocols
Topic: /27 Public Ip Pool
Replies: 4
Views: 1069

Re: /27 Public Ip Pool

/ip address add interface=eth0 address=192.168.1.94/30 - for ETH0
/ip address add interface=bridge0 address=192.168.1.97/27

If you want WIFI clients to get addresses automaticaly you should configure dhcp server too.

Regards,
Boris
by borisk
Wed Sep 07, 2016 6:53 am
Forum: General
Topic: DHCP Relay
Replies: 12
Views: 1269

Re: DHCP Relay

Yes, I may use MAC, but the client's equipment may change, and it is better to not use MAC. So by your answers there is no possibility to get Option82 with VLANID in it. Only the relay-info-remote-id in dhcp relay? May be I may use some variables in relay-info-remote-id? P.S. I know that I also may ...
by borisk
Tue Sep 06, 2016 7:49 pm
Forum: General
Topic: DHCP Relay
Replies: 12
Views: 1269

Re: DHCP Relay

I will use ip unnumbered analog ☺ so, I need interface name or vlan id to properly identify the user.

Regards,
Boris
by borisk
Tue Sep 06, 2016 6:38 pm
Forum: General
Topic: DHCP Relay
Replies: 12
Views: 1269

DHCP Relay

Hello! I need DHCP relay with RouterOS. No matter - real dhcp or radius. The question is only one: may I send to DHCP/RADIUS server the NAME of user's interface from which discover is received? Docs say the mac is sending, but in my case, where user's are in vlans from one real interface mac will al...
by borisk
Tue Sep 06, 2016 6:08 pm
Forum: Forwarding Protocols
Topic: all ports blocked
Replies: 1
Views: 509

Re: all ports blocked

Firewall?

May You ping your device? If not - is proper arp installed in your local host arp table when you try to ping routerboard?

Regards,
Boris
by borisk
Tue Sep 06, 2016 6:07 pm
Forum: Forwarding Protocols
Topic: What's wrong with my out filter????
Replies: 5
Views: 1200

Re: What's wrong with my out filter????

Dear support!

Please take a look at this too.

Regards,
Boris
by borisk
Tue Sep 06, 2016 6:06 pm
Forum: Forwarding Protocols
Topic: BGP community filter
Replies: 4
Views: 1144

Re: BGP community filter

thank you for clarification!
by borisk
Mon Sep 05, 2016 8:52 pm
Forum: Beginner Basics
Topic: Clarify "numbers" please!
Replies: 4
Views: 755

Re: Clarify "numbers" please!

Ough my brain! Janisk, is there a way (especially for API queries) to exactly identify id of object I need to delete or modify?
by borisk
Mon Sep 05, 2016 7:22 pm
Forum: Forwarding Protocols
Topic: BGP community filter
Replies: 4
Views: 1144

Re: BGP community filter

No, the right version is
/ip route print where bgp-communities ~ "65070:101"

And this is wondering why so different syntax.

Regards,
Boris
by borisk
Mon Sep 05, 2016 7:37 am
Forum: Beginner Basics
Topic: Clarify "numbers" please!
Replies: 4
Views: 755

Re: Clarify "numbers" please!

@pe1chl, of course I know that. As You can see in my example I remove one of item. But in "traditional" (?) scheme I must: /interface list member print /interface list member remove X instead I may use /interface list member remove numbers="qqq" syntax, where qqq is just a comment for an item. So I ...
by borisk
Sun Sep 04, 2016 7:42 pm
Forum: Beginner Basics
Topic: Clarify "numbers" please!
Replies: 4
Views: 755

Clarify "numbers" please!

Hello!

What excatly "numbers" means? I know, this is index returned by print command. But this contruction are correct too:

/interface list member add list=IFL_BILL_DISABLED interface=ether8 comment="qqq"
/interface list member remove numbers="qqq"

Regards,
Boris
by borisk
Sun Sep 04, 2016 12:40 pm
Forum: Forwarding Protocols
Topic: match-chain
Replies: 1
Views: 569

match-chain

Hello!

When the chain accepts the prefix, mach-chain produces true match. Ok. But what means false match? For example:

chain=bgp-in action=discard match-chain=rfc1918
so, if rc1918 accepts prefix - we discard it. But if rfc1918 does not? We passthrough it?

Regards,
Boris
by borisk
Sat Sep 03, 2016 6:13 pm
Forum: Forwarding Protocols
Topic: What's wrong with my out filter????
Replies: 5
Views: 1200

Re: What's wrong with my out filter????

Have read many post about 0:0 community and ROS. And always only one answer: if the route is marked with 0:0 community it is impossible to filter it by bgp-communities. It is always matched. But why? This is (IMHO) definitely wrong. From my point of view this is serious security issue. In real BGP w...
by borisk
Sat Sep 03, 2016 1:46 pm
Forum: Forwarding Protocols
Topic: What's wrong with my out filter????
Replies: 5
Views: 1200

Re: What's wrong with my out filter????

So, I found the problem may be in: bgp-communities (integer:integer | internet | local-as | no-advertise | no-export;) match the COMMUNITIES BGP attribute. Match is done when communities attribute in a route contains all entries from this configured list. But note that if communities list contains '...
by borisk
Sat Sep 03, 2016 11:47 am
Forum: Forwarding Protocols
Topic: What's wrong with my out filter????
Replies: 5
Views: 1200

What's wrong with my out filter????

Hello! [boris@MikroTik] > /routing bgp instance print Flags: * - default, X - disabled 0 * name="default" as=198070 router-id=31.44.12.205 redistribute-connected=yes redistribute-static=yes redistribute-rip=no redistribute-ospf=no redistribute-other-bgp=no out-filter=rm-bgp-local client-to-client-re...
by borisk
Sat Sep 03, 2016 11:05 am
Forum: Forwarding Protocols
Topic: BGP community filter
Replies: 4
Views: 1144

BGP community filter

Hello! Again I'm in troubles: /ip route print detail where dst-address=31.44.12.0/23 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 ADb dst-address=31.44.12.0/23 gateway=31.44.12.203 gateway-s...
by borisk
Sat Sep 03, 2016 8:15 am
Forum: Forwarding Protocols
Topic: /ipv6 route is VERY slow
Replies: 4
Views: 796

Re: /ipv6 route is VERY slow

Thanks!
by borisk
Fri Sep 02, 2016 8:25 pm
Forum: Forwarding Protocols
Topic: /ipv6 route is VERY slow
Replies: 4
Views: 796

Re: /ipv6 route is VERY slow

Ough. Ok, please help, what is wrong with my undestanding of ROS? 1) [boris@MikroTik] > /ipv6 route print where dst-address=2a00:ff20:1::/48 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable # DST-ADDRESS GATEWAY DISTANCE 0 A SU 2a00:f...
by borisk
Fri Sep 02, 2016 8:07 pm
Forum: Forwarding Protocols
Topic: /ipv6 route is VERY slow
Replies: 4
Views: 796

/ipv6 route is VERY slow

Hello! I have CCR1036 with IPv6. 3 ipv6 peers are up with bgp sessions and about 32k routes installed in main table. There is no problem with routing perfomance but all operations like /ipv6 route print where dst-address=2a00:ff20:1::/48 are very very slow! About 40 seconds to answer. Is this bug in...
by borisk
Tue Aug 23, 2016 7:53 pm
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

Re: 32bit BGP community

@pe1chl, you are right... I will use private ASNs for my communities.

With respect,
Boris
by borisk
Tue Aug 23, 2016 7:52 pm
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

Re: 32bit BGP community

@mrz, thank you for explanation.

With respect,
Boris
by borisk
Tue Aug 23, 2016 12:11 pm
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

Re: [BUG] 32bit BGP community

After reading of RFC and docs first sorry to all: mrz and pe1chl. You are right, I can't use ASN4 in regular community. Only extended community must be used.

With respect,
Boris
by borisk
Tue Aug 23, 2016 11:49 am
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

Re: [BUG] 32bit BGP community

@pe1chl - please look at savage's examples. If You need - I may show the real configuration example from one of our Cisco routers where ASN4 are used in BGP communities.

Regards,
Boris
by borisk
Tue Aug 23, 2016 11:46 am
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

Re: [BUG] 32bit BGP community

So, for other vendors there is no difference for community to be "extended' or "standard" from a view of regular user. When I use set community 198070:100 in Cisco, it just works. Ok, I understand - this is not bug, just a unimplemented feature. But from my point of view this mean - I can't use ROS ...
by borisk
Tue Aug 23, 2016 11:35 am
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

Re: [BUG] 32bit BGP community

Dear Savage!

Yes, this is the real problem. Unfortunatelly I heard about magic of ROSv7 many times, but nobody can tell when it will be ready (just alpha, just alpha). But this feature is strongly needed, right now.

Regards,
Boris
by borisk
Tue Aug 23, 2016 11:30 am
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

Re: [BUG] 32bit BGP community

Dear mrz!

I'm wondering how other vendors (Cisco, Juniper, Quagga, Bird and many many other) deal with it? ASN numbers long time ago are 4 bytes long.

Regards,
Boris
by borisk
Tue Aug 23, 2016 9:38 am
Forum: Forwarding Protocols
Topic: 32bit BGP community
Replies: 15
Views: 2188

32bit BGP community

Hello! I'm wondering: [boris@MikroTik] /routing filter> add chain=rm-bgp-local protocol="connect,static" action=passthrough set-bgp-local-pref=900 set-bgp-communities=198070:100 invalid value for argument community: input does not match any value of special value of as out of range (0..65535) This i...
by borisk
Sun Aug 07, 2016 4:58 pm
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)

@docmarius: Thanks for help and explanation. Now all is ok, clients get synchronized too. [boris@MikroTik] /system clock> /system ntp client print enabled: yes mode: unicast primary-ntp: 91.206.16.3 secondary-ntp: 85.21.78.91 dynamic-servers: status: synchronized
by borisk
Sun Aug 07, 2016 4:53 pm
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Bug: ROS 6.36 invalid ntpd stratum

@docmarius:
Ok, do You have an idea how to debug my ntp client and understand what is wrong with it?
by borisk
Sun Aug 07, 2016 4:38 pm
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Bug: ROS 6.36 invalid ntpd stratum

@docmarius: And yes, ROS is synchronized to external NTP: [boris@MikroTik] /system clock> print time: 18:35:50 date: aug/07/2016 time-zone-autodetect: yes time-zone-name: Asia/Yekaterinburg gmt-offset: +05:00 dst-active: no [boris@MikroTik] /system clock> /system ntp client print enabled: yes mode: ...
by borisk
Sun Aug 07, 2016 4:34 pm
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Bug: ROS 6.36 invalid ntpd stratum

I changed thread title to "bug"
by borisk
Sun Aug 07, 2016 4:26 pm
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Feature request: Configurable ntpd stratum

%Aug 07 18:12:58 2016 leap 0, mode 3, version 4, stratum 3, ppoll 6 %Aug 07 18:12:58 2016 rootdelay 0.000ms, dispersion 0.000ms, refid 95.104.192.10 This seams correct. Stratum 3 is as it should be. You missed that first packet is sent from my device to ROS. Yes, this device is already synchronized...
by borisk
Sun Aug 07, 2016 4:16 pm
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Feature request: Configurable ntpd stratum

Dear all! Thanks for clarification. Maybe I really missed something in NTP, but to facts: 1) I have RouterOS 6.36 installed 2) I have NTP client configured with external NTP servers, all are stratum 2 3) I have NTP server configured with RouterOS So, when I point another devices to RouterOS as NTP s...
by borisk
Sun Aug 07, 2016 3:28 pm
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Feature request: Configurable ntpd stratum

My router obtain time via external NTP servers.
by borisk
Sun Aug 07, 2016 7:24 am
Forum: General
Topic: Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)
Replies: 13
Views: 1691

Re: Bug: ROS 6.36 invalid ntpd stratum (RESOLVED)

Hello! According to RFC5905: "Primary servers are assigned stratum one; secondary servers at each lower level are assigned stratum numbers one greater than the preceding level." My RouterOS 6.36 ntpd announces it is at stratum 0. I have a couple of devices that complain stratum must be in range 1-15...
by borisk
Fri Aug 05, 2016 9:53 pm
Forum: Forwarding Protocols
Topic: Filter both with prefix and as-path
Replies: 8
Views: 2175

Re: Filter both with prefix and as-path

Chaos - what ROS do You have? I'm at 6.36. And I tested again - with quotes does not work, without - no problem.
by borisk
Fri Aug 05, 2016 9:50 pm
Forum: Forwarding Protocols
Topic: Filter both with prefix and as-path
Replies: 8
Views: 2175

Re: Filter both with prefix and as-path

ZeroByte - You are absolutely righ! And yes, communities is the only right way to implement such tasks. But this device is migrated from old Cisco 7201 where the community policy was not yet implemented. So I tried to do 1:1 migration. Certanly I'll implement communities ASAP. Unfortunatelly ROS doe...
by borisk
Fri Aug 05, 2016 4:02 pm
Forum: Forwarding Protocols
Topic: Filter both with prefix and as-path
Replies: 8
Views: 2175

Re: Filter both with prefix and as-path

No, I found that as-path MUST not be quoted.
add chain=pl-i-XXX action=accept prefix=X.X.120.0/21 prefix-length=21-24 bgp-as-path=^XXX works as expected.
by borisk
Fri Aug 05, 2016 10:27 am
Forum: Forwarding Protocols
Topic: Filter both with prefix and as-path
Replies: 8
Views: 2175

Filter both with prefix and as-path

Hello!

I need to filter prefixes on both prefix and as-path. Is this possible? I tried:
add chain=pl-i-XXX action=accept prefix=X.X.120.0/21 prefix-length=21-24 bgp-as-path="^XXX"

with no luck.

Regards,
Boris
by borisk
Thu Aug 04, 2016 7:49 pm
Forum: Forwarding Protocols
Topic: BGP announce, please explain
Replies: 6
Views: 1439

Re: BGP announce, please explain

Thanks to all! I understand my mistake. As my task was to set local-as attribute for any route except two, so I found 2 solutions: 1) Very nice, but we can set bgp attributes on static routes with /ip route command without need of any type of filter 2) There is a nice passthroug action, so the rm-bg...
by borisk
Sun Jul 24, 2016 7:32 pm
Forum: Forwarding Protocols
Topic: BGP announce, please explain
Replies: 6
Views: 1439

BGP announce, please explain

Hello! I'm new to ROS. Cisco/Linux/FreeBSD before. Please help me understand my mistake with ROS. The standard trick for other OSes is: 1) We route a whole network (A.A.0.0/20 for example) to blackhole. The reason - to drop incoming traffic for segments we do not route this time. ip route A.A.0.0 25...
by borisk
Wed Jul 06, 2016 3:04 pm
Forum: General
Topic: Feature request for v7.x
Replies: 267
Views: 62830

Re: Feature request for v7.x

The very simple feature we need right now is: ability to delete bgp communitied from prefix by rege. Cisco like:

route-map xxx permit 10
 match ....
 set comm-list XXXX delete
by borisk
Tue Jul 05, 2016 8:04 pm
Forum: Forwarding Protocols
Topic: BGP delete communities
Replies: 7
Views: 1081

Re: BGP delete communities

Ough :( So, what is roadmap for v7?
by borisk
Tue Jul 05, 2016 5:51 pm
Forum: Forwarding Protocols
Topic: BGP delete communities
Replies: 7
Views: 1081

Re: BGP delete communities

May be this is already planned for future version?
by borisk
Tue Jul 05, 2016 2:00 pm
Forum: General
Topic: VRF for management
Replies: 5
Views: 1756

VRF for management

Hello! Is this possible to bind management services to specific vrf? I tried with no success. What I tried: 1) Created vrf named vrf-management  0   routing-mark=vrf-management interfaces=VL1.1 route-distinguisher=30910:1      import-route-targets=30910:1 export-route-targets=30910:1 2) assigned IP ...
by borisk
Tue Jul 05, 2016 9:19 am
Forum: Forwarding Protocols
Topic: BGP delete communities
Replies: 7
Views: 1081

Re: BGP delete communities

Cha0s, your example is good, but not suitable for me. In my example I only need to delete communities started with 30910:, all other communities MUST passthrought
by borisk
Mon Jul 04, 2016 10:09 pm
Forum: Forwarding Protocols
Topic: BGP delete communities
Replies: 7
Views: 1081

BGP delete communities

Hello! I'm sorry, I tried to find this answer on Internet and haven't found. This is my first expirience with Mikrotik. The RouterOS is great, but... the simple task I can do with other software: I need to delete some communities from prefix in filter. In other words I need cisco like: route-map rm-...