MikroTik

hknet

Hi this might be a tricky one, any food for thought would be appreciated (and consulting offers are welcome too if you know what you're doing). The scenario goes like this: there is one QinQ port that is shared between several users of this shared infrastructure. the s-tags are generated per infrast...

hknet

Hi
feeling a bit dumb, but has anyone ever managed to use a microSD in the ccr1072?

we seem to be unable to solve this riddle.

and while we are at it any tested smartcards for the smart card slot?

thx
hk

hknet

Hi on a cisco router we do something like this: route-map RK permit 50 match ip address RK set ip next-hop 192.168.1.1 this route-map is then bound to an interface that is the incoming gateway for packets like interface vl10 ip policy route-map RK in other words if the source IP matches the RK addre...

hknet

after seeing issues with CRS317 an 1G SFPs (not 10G) not linking with latest 6.43rc44 (getting auto negotiation as incomplete) we tested a downgrade to the current 6.42.6 and see auto negotiation failed. copper 1G SFPs do not see any advertised 10/100/1000M link-speeds while the other end gets auton...

hknet

model: CRS317-1G-16S+
release: v6.43rc44

we use some ports with non-10G SFPs (ie 1G-SX and 1G-TX modules with fiber and copper).

those modules get auto negotiation 'incomplete', while claiming the link is ok but no working datatransmission can be established.

regards,
hk

hknet

I like: "crs3xx - added initial Q-in-Q hardware offloading support (CLI only);"
could someone please point me to the correct manual/wiki entry on this one?

hknet

I don't know the inner workings of CRS3xx but...

q.e.d.

hknet

@RoadkillX you do not test your setup on the mentioned HW therefore it's invalid and not what anybody was asking for. @TestCRS thx for the ethertype reminder from RoadkillX I found the relatively simple case to do: set the vlan added to the bridge with "use service tag" and you should be fine. -> se...

hknet

QinQ requires intervlan. it's a vlan interface inside another vlan interface so revisit the docs ;-), to be more clear QinQ requires 2 vlan interfaces which can't be hw-offloaded because they are L3. you might brush up your knowledge, you are misinformed and did not read the first post to understan...

hknet

it should do 10Gb within the same vlan but not intervlan

the original poster was never talking about inter-vlan-anything maybe you should revisit the original problem-report.

hknet

This is not a bug, its clearly misconfiguration respectfully disagree - the CRS and the new bridge-hardware-accelleration config to use it as a switch and get hardware-forwarding is what the original poster tried to achieve imho (and I see no flaw in the config); you are referencing the implementat...

hknet

I cant se your C tag in your setup. A ctag is a vlan to a vlan interface... You need to paste your complete setup with vlan tagged to another vlan interface. well, I guess there is no specific c-tag configured (as the CRS317 wouldn't support qinq in hardware anyway), therefore the claimed s-tag (vl...

hknet

As other people wonder - Are we/Have we gotten hardware support for QinQ?

Doesn't look like it, though the Marvell 98DX8216 is a metro chipset (marvell's words) which would suggest 802.1ad should be available at the HW level.
But my guess is we won't see this with this HW.

regards,
hk

hknet

Did not found how to pm here. Wonna honest answer? Go mx80 for your business. second that. if you could talk your upstreams into limiting your bgp-view (ie only local routes and no full feed) you might still have fun with CCRs. Would you mind elaborating a bit more in detail, why your suggestion to...

hknet

12 x SFP+ (10G)
4 x QSFP (4x10G)
1 x Management (no PoE)
1 x serial management

second that.

hknet

EoIP Ethernet Frame issue is still there (introduced in 6.42 breaking fragmenting big frames somehow broken) verified on RB2011 and sent supout to MT-support.

hknet

it seems we lost packet fragmentation for EoIPs connecting bridges between two MTs we no longer can transport big pppoe-frames there; was working with 6.41.4

hknet

Web, winbox, ssh etc access to the router works only in main routing table. It isn't totally correct. Because if you've got access to the Internet from main route table, mikrotik gets inbound request on VRF interface and sends reply via Internet interface in main route table. Is it possible to chan...

hknet

well after fixing the threshold issue on the ciscos-side we see a MLPPP issue on the mikrotk end... it can be reproduced quite simply: if we max out all our mlppp-pppoe-links (using bw-test) then we see dropped links which are established immediately, but the linkd-down causes loss in bandwidth and ...

hknet

it's a cisco issue, the box believes it has to drop link though fully loaded...

hknet

Hi we test MLPP on ROS 6.41.4 using two ethernet-interfaces and a PPPoE interface that uses those interfaces and connect successfully. We tested using 2 and 4 (i.e. using eth1 twice and eth2 twice) links. the interesting phenomenon is that we always loose the second pppoe-session (pppoe1.2) no matte...

hknet

Did not found how to pm here. Wonna honest answer? Go mx80 for your business.

second that. if you could talk your upstreams into limiting your bgp-view (ie only local routes and no full feed) you might still have fun with CCRs.

hknet

We see a development (and others too) port scanning for winbox 8291 is dropping while port 2000 (bandwidth-test-service) is going strong.
Also telnet ist still highly active with those hijacked mikrotiks.

hknet

please enable the dude to connect to routeros devices on other than the default port (eg. multiple devices on different winbox-ports or multiple devices behind one nat-gateway and portmapping active); connecting to those boxes via winbox is done using ip:port but the dude does not allow this, specif...

hknet

Just to make it clear: only devices running a not up-to-date RouterOS version are affected, whose HTTP port (TCP/80) are open and provides the login facility and management GUI, right? I never allow unencrypted connections and always disable the HTTP and HTTPS interfaces. Only SSH and Winbox is ena...

hknet

as we are approaching v6.42 is no-QinQ-in-hardware still the case with the upcoming release?

hknet

Well "Nexthop self" in an bgp environment is an abomination. It should not be needed - agreed, but real world teaches us: One looses an external interface and therefore the nexthop is removed from the IGP. In a small network this converges fast and causes virtually no service disruption. Think about...

hknet

Hi. RR's need not to be in data path (most often aren't) so please consider your own setup before fiddeling with above statement. ahem, the nexthop delivered by RRs was not implying the nexthop in fact is the RR, in fact the nexthop is usually the IP set by "next-hop self" (or similar) by BGP-route...

hknet

Hi saw this thread reactivated :) The only workaround we have seen so far for iBGP IPv6 routes to get active is to add a static ipv6 route for the loopback IP for the next-hop delivered through the route-reflectors. (again tested with RouterOS 6.40.2) If there is any workaround, I'd be glad to hear ...

hknet

as we won't get ROSv7 anytime soon, anyone with knowledge how to crosscompile for the CCR platform and build a system to run quagga or similar? But does it support multi thread? Last time I read quaggas docs it says that quagga is planned to support but so does not have the right libs for that... T...

hknet

Hi tunnels sound like a plan, you then could talk ospf on those tunnels and between routers A+B and C+D. In order to get your upstream in the datacenter to make connectivity redundant you would need to speak some routing protocol there too, usually BGP might be an option, alternate you can form VRRP...

hknet

if you just want to suppress this advertisement - do it using a route-filter.

hknet

Posting questions and reading answers in forums is already doing some reading. :) Where did you get the two ISP idea? I'd suggest doing some reading on BGP, two ISPs having the same AS is not two ISPs :) probably from: add name=toISP2 add name=toISP1 if you would like to have two links to one ISP a...

hknet

sidenote: you might also notice that you won't see the advertised prefixes in bgp advertisements as vrf advertised prefixes aren't shown there.

hknet

I'd suggest doing some reading on BGP, two ISPs having the same AS is not two ISPs

hknet

The mentioned 154 Mbps by your carrier make the access technology smell like ATM. LACP over ATM might create some issues :) Therefore as you have a CCR you might ask your provider to host a small mikrotik for you at one of their PoPs near you. using eg. EoIP-tunnels over each 100M link you get you c...

hknet

as we won't get ROSv7 anytime soon, anyone with knowledge how to crosscompile for the CCR platform and build a system to run quagga or similar?

hknet

"ppp optimized for multicore" - on all platforms?

hknet

Is anyone else having issues with the tools > Winbox tool not showing up on the client for the Dude? I tried version 6.38 and 6.39rc4 and am getting the same result. I upgraded from the previous version 6.37.3 and had no issues. Thanks, Lynn the end of the starting post should help :) -> winbox can...

hknet

any details on the obviously also new RouterBoard Firmware v.3.36?

hknet

Hi, first of all: loving it ;) specific to CHR I'd ask for a way to automate deployment, be it to do a dhcp-client-request on the first interface found and get a config file specific for this box by eg requesting a tftp-file based on the mac# of this interface. and for an easy system-reset a specifi...

hknet

Hi
to add to our l2tp-server experience: we have fastpath active - fine.
We also "allow fastpath" for the l2tp-server.

Though as soon as a client connects fastpath is deactivated.

edit: fixed it, got to set "change tcp mss" to no it seems, not quite sure if this is a working way to go...

best,
hk

hknet

Problems with server l2tp!!!

fyi - tested l2tp-server on CHR v6.36.3 - works fine - maybe you should elaborate your problem.

regards
hk

hknet

We'd like to use some model-configs built for MikroTik CPEs. At the moment a simple way to roll this out is backing up the whole config and restoring it into the new devices, downside is the MAC# are also copied. Is there a sane way to roll out custom "default configs" or more ideally is there a bes...

hknet

ahem, is there by design no dude-client for 6.36.3?
(just let me know if going back to 6.36.2 is the way to go pls)

hknet

Hi
it seems the dude client is missing for now?

Regards
hk

hknet

Hi
I'm also quite impressed with CHR, the only thing that got me thinking so far is the KVM inside the CHR

Should this work somehow or should it just be removed?

Regards
hk

hknet

Hi currently testing your script on four small RBs. 2 x RB750UP - installed and works fine. 1 x hEX PoE lite - installed and works fine. another hEX PoE lite yet fails: /sys scr run updateBlacklist status: failed failure: closing connection: <400 Bad Request> 172.102.241.58:443 (4) Therefore I'd ask...

hknet

This initiative by IntrusDave makes for an interesting read! I'd ask IntrusDave to consider delivering this blacklist in another format if possible, this would allow different use-cases, especially multiple 10G+ uplinks make it hard to handle stuff using firewall policies and blackhole-routes would ...

hknet

http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP

-> only one portforward on your side needed at the firewall you can control and you're done.
(lots of things to config though)

Search found 80 matches