Community discussions

Search found 64 matches

  • 1
  • 2
by hknet
Tue Apr 17, 2018 10:20 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 146
Views: 12592

Re: v6.42 [current]

it seems we lost packet fragmentation for EoIPs connecting bridges between two MTs we no longer can transport big pppoe-frames there; was working with 6.41.4
by hknet
Mon Apr 16, 2018 7:34 pm
Forum: Forwarding Protocols
Topic: Access Web SSH through VLAN IP in seperate VRF
Replies: 5
Views: 725

Re: Access Web SSH through VLAN IP in seperate VRF

Web, winbox, ssh etc access to the router works only in main routing table. It isn't totally correct. Because if you've got access to the Internet from main route table, mikrotik gets inbound request on VRF interface and sends reply via Internet interface in main route table. Is it possible to chan...
by hknet
Sun Apr 15, 2018 1:37 am
Forum: General
Topic: MLPPP second link flapping
Replies: 2
Views: 81

Re: MLPPP second link flapping

well after fixing the threshold issue on the ciscos-side we see a MLPPP issue on the mikrotk end... it can be reproduced quite simply: if we max out all our mlppp-pppoe-links (using bw-test) then we see dropped links which are established immediately, but the linkd-down causes loss in bandwidth and ...
by hknet
Sat Apr 14, 2018 12:51 pm
Forum: General
Topic: MLPPP second link flapping
Replies: 2
Views: 81

Re: MLPPP second link flapping

it's a cisco issue, the box believes it has to drop link though fully loaded...
by hknet
Fri Apr 13, 2018 6:14 pm
Forum: General
Topic: MLPPP second link flapping
Replies: 2
Views: 81

MLPPP second link flapping

Hi we test MLPP on ROS 6.41.4 using two ethernet-interfaces and a PPPoE interface that uses those interfaces and connect successfully. We tested using 2 and 4 (i.e. using eth1 twice and eth2 twice) links. the interesting phenomenon is that we always loose the second pppoe-session (pppoe1.2) no matte...
by hknet
Sat Mar 31, 2018 10:05 pm
Forum: Forwarding Protocols
Topic: What Mikrotik product is the fastest for BGP with 10-gig load with 2 BGP feeds ?
Replies: 9
Views: 847

Re: What Mikrotik product is the fastest for BGP with 10-gig load with 2 BGP feeds ?

Did not found how to pm here. Wonna honest answer? Go mx80 for your business.
second that. if you could talk your upstreams into limiting your bgp-view (ie only local routes and no full feed) you might still have fun with CCRs.
by hknet
Sat Mar 31, 2018 9:46 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40140

Re: Urgent security advisory

We see a development (and others too) port scanning for winbox 8291 is dropping while port 2000 (bandwidth-test-service) is going strong.
Also telnet ist still highly active with those hijacked mikrotiks.
by hknet
Thu Mar 29, 2018 3:41 pm
Forum: The Dude
Topic: Dude v6 - Feature request list
Replies: 35
Views: 4493

Re: Dude v6 - Feature request list

please enable the dude to connect to routeros devices on other than the default port (eg. multiple devices on different winbox-ports or multiple devices behind one nat-gateway and portmapping active); connecting to those boxes via winbox is done using ip:port but the dude does not allow this, specif...
by hknet
Wed Mar 28, 2018 11:11 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40140

Re: Urgent security advisory

Just to make it clear: only devices running a not up-to-date RouterOS version are affected, whose HTTP port (TCP/80) are open and provides the login facility and management GUI, right? I never allow unencrypted connections and always disable the HTTP and HTTPS interfaces. Only SSH and Winbox is ena...
by hknet
Sat Mar 17, 2018 1:55 am
Forum: RouterBOARD hardware
Topic: CRS 317 support 802.1ad QinQ
Replies: 12
Views: 1389

Re: CRS 317 support 802.1ad QinQ

as we are approaching v6.42 is no-QinQ-in-hardware still the case with the upcoming release?
by hknet
Sun Sep 03, 2017 9:17 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 86
Views: 16006

Re: IPv6 recursive nexthops via iBGP

Well "Nexthop self" in an bgp environment is an abomination. It should not be needed - agreed, but real world teaches us: One looses an external interface and therefore the nexthop is removed from the IGP. In a small network this converges fast and causes virtually no service disruption. Think about...
by hknet
Sun Sep 03, 2017 3:03 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 86
Views: 16006

Re: IPv6 recursive nexthops via iBGP

Hi. RR's need not to be in data path (most often aren't) so please consider your own setup before fiddeling with above statement. ahem, the nexthop delivered by RRs was not implying the nexthop in fact is the RR, in fact the nexthop is usually the IP set by "next-hop self" (or similar) by BGP-route...
by hknet
Tue Aug 29, 2017 5:39 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 86
Views: 16006

Re: IPv6 recursive nexthops via iBGP

Hi saw this thread reactivated :) The only workaround we have seen so far for iBGP IPv6 routes to get active is to add a static ipv6 route for the loopback IP for the next-hop delivered through the route-reflectors. (again tested with RouterOS 6.40.2) If there is any workaround, I'd be glad to hear ...
by hknet
Wed Feb 22, 2017 3:38 am
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 303
Views: 69992

Re: RouterOS v7.0 beta1 - when?

as we won't get ROSv7 anytime soon, anyone with knowledge how to crosscompile for the CCR platform and build a system to run quagga or similar? But does it support multi thread? Last time I read quaggas docs it says that quagga is planned to support but so does not have the right libs for that... T...
by hknet
Sun Jan 15, 2017 4:09 pm
Forum: Forwarding Protocols
Topic: Redundant / Load Balancing VPN tunnel with 4 routers
Replies: 1
Views: 375

Re: Redundant / Load Balancing VPN tunnel with 4 routers

Hi tunnels sound like a plan, you then could talk ospf on those tunnels and between routers A+B and C+D. In order to get your upstream in the datacenter to make connectivity redundant you would need to speak some routing protocol there too, usually BGP might be an option, alternate you can form VRRP...
by hknet
Sun Jan 15, 2017 1:18 pm
Forum: Forwarding Protocols
Topic: BGP Advertisements Harassing Server
Replies: 2
Views: 365

Re: BGP Advertisements Harassing Server

if you just want to suppress this advertisement - do it using a route-filter.
by hknet
Sat Jan 14, 2017 10:57 pm
Forum: Forwarding Protocols
Topic: BGP Routing Help
Replies: 5
Views: 624

Re: BGP Routing Help

Posting questions and reading answers in forums is already doing some reading. :) Where did you get the two ISP idea? I'd suggest doing some reading on BGP, two ISPs having the same AS is not two ISPs :) probably from: add name=toISP2 add name=toISP1 if you would like to have two links to one ISP a...
by hknet
Sat Jan 14, 2017 12:47 am
Forum: Forwarding Protocols
Topic: Create BGP Peer within VRF
Replies: 7
Views: 1744

Re: Create BGP Peer within VRF

sidenote: you might also notice that you won't see the advertised prefixes in bgp advertisements as vrf advertised prefixes aren't shown there.
by hknet
Sat Jan 14, 2017 12:43 am
Forum: Forwarding Protocols
Topic: BGP Routing Help
Replies: 5
Views: 624

Re: BGP Routing Help

I'd suggest doing some reading on BGP, two ISPs having the same AS is not two ISPs :)
by hknet
Sat Jan 14, 2017 12:32 am
Forum: Forwarding Protocols
Topic: Need Suggestion CCR
Replies: 3
Views: 498

Re: Need Suggestion CCR

The mentioned 154 Mbps by your carrier make the access technology smell like ATM. LACP over ATM might create some issues :) Therefore as you have a CCR you might ask your provider to host a small mikrotik for you at one of their PoPs near you. using eg. EoIP-tunnels over each 100M link you get you c...
by hknet
Sat Jan 14, 2017 12:11 am
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 303
Views: 69992

Re: RouterOS v7.0 beta1 - when?

as we won't get ROSv7 anytime soon, anyone with knowledge how to crosscompile for the CCR platform and build a system to run quagga or similar?
by hknet
Tue Jan 03, 2017 10:25 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 64236

Re: v6.39rc [release candidate] is released

"ppp optimized for multicore" - on all platforms?
by hknet
Tue Jan 03, 2017 10:23 pm
Forum: Announcements
Topic: The Dude, v6.38 [current] release.
Replies: 77
Views: 18507

Re: The Dude, v6.38 [current] release.

Is anyone else having issues with the tools > Winbox tool not showing up on the client for the Dude? I tried version 6.38 and 6.39rc4 and am getting the same result. I upgraded from the previous version 6.37.3 and had no issues. Thanks, Lynn the end of the starting post should help :) -> winbox can...
by hknet
Tue Jan 03, 2017 9:30 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 27190

Re: The Dude, v6.38 [current] release.

any details on the obviously also new RouterBoard Firmware v.3.36?
by hknet
Sat Oct 08, 2016 6:02 am
Forum: Virtualization
Topic: CHR feature requests
Replies: 48
Views: 4622

Re: CHR feature requests

Hi, first of all: loving it ;) specific to CHR I'd ask for a way to automate deployment, be it to do a dhcp-client-request on the first interface found and get a config file specific for this box by eg requesting a tftp-file based on the mac# of this interface. and for an easy system-reset a specifi...
by hknet
Sun Sep 11, 2016 12:50 pm
Forum: Announcements
Topic: v6.36.3 [current] is released!
Replies: 43
Views: 10091

Re: v6.36.3 [current] is released!

Hi
to add to our l2tp-server experience: we have fastpath active - fine.
We also "allow fastpath" for the l2tp-server.

Though as soon as a client connects fastpath is deactivated.

edit: fixed it, got to set "change tcp mss" to no it seems, not quite sure if this is a working way to go...

best,
hk
by hknet
Sun Sep 11, 2016 7:17 am
Forum: Announcements
Topic: v6.36.3 [current] is released!
Replies: 43
Views: 10091

Re: v6.36.3 [current] is released!

Problems with server l2tp!!!
fyi - tested l2tp-server on CHR v6.36.3 - works fine - maybe you should elaborate your problem.

regards
hk
by hknet
Sat Sep 10, 2016 8:20 pm
Forum: General
Topic: mass rollout best practice?
Replies: 4
Views: 536

mass rollout best practice?

We'd like to use some model-configs built for MikroTik CPEs. At the moment a simple way to roll this out is backing up the whole config and restoring it into the new devices, downside is the MAC# are also copied. Is there a sane way to roll out custom "default configs" or more ideally is there a bes...
by hknet
Sat Sep 10, 2016 3:37 am
Forum: Announcements
Topic: v6.36.3 [current] is released!
Replies: 43
Views: 10091

Re: v6.36.3 [current] is released!

ahem, is there by design no dude-client for 6.36.3?
(just let me know if going back to 6.36.2 is the way to go pls)
by hknet
Tue Sep 06, 2016 4:17 pm
Forum: Announcements
Topic: v6.36.3 [current] is released!
Replies: 43
Views: 10091

Re: v6.36.3 [current] is released!

Hi
it seems the dude client is missing for now?

Regards
hk
by hknet
Sun Sep 04, 2016 8:56 pm
Forum: Virtualization
Topic: KVM inside CHR?
Replies: 1
Views: 638

KVM inside CHR?

Hi
I'm also quite impressed with CHR, the only thing that got me thinking so far is the KVM inside the CHR :)

Should this work somehow or should it just be removed?

Regards
hk
by hknet
Fri Aug 12, 2016 9:37 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 605
Views: 65551

Re: Blacklist Filter update script

Hi currently testing your script on four small RBs. 2 x RB750UP - installed and works fine. 1 x hEX PoE lite - installed and works fine. another hEX PoE lite yet fails: /sys scr run updateBlacklist status: failed failure: closing connection: <400 Bad Request> 172.102.241.58:443 (4) Therefore I'd ask...
by hknet
Fri Aug 12, 2016 1:18 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 605
Views: 65551

Re: Blacklist Filter update script

This initiative by IntrusDave makes for an interesting read! I'd ask IntrusDave to consider delivering this blacklist in another format if possible, this would allow different use-cases, especially multiple 10G+ uplinks make it hard to handle stuff using firewall policies and blackhole-routes would ...
by hknet
Fri Aug 12, 2016 12:55 am
Forum: General
Topic: Tunnel to Natted remote lan
Replies: 3
Views: 275

Re: Tunnel to Natted remote lan

http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP

-> only one portforward on your side needed at the firewall you can control and you're done.
(lots of things to config though)
by hknet
Fri Aug 12, 2016 12:42 am
Forum: General
Topic: Fastpath on vlan interface.
Replies: 15
Views: 2262

Re: Fastpath on vlan interface.

and there's one more thing... in case you have routing-marks for anything anywhere in your system, this will prevent fastpath, even if it's an inactive RIP-setting ;) and - as far as I found out - there is no way to clear the routing-mark table in the kernel via RouterOS and therefore you're stuck o...
by hknet
Thu Aug 11, 2016 8:39 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: MLPPP server
Replies: 25
Views: 5660

Re: Feature request: MLPPP server

YMMV, but we usually prefer per packet load-sharing (ppls), especially for customer-connections. typically because: a) lower cpu overhead, b) independent layer3 connections (monitoring is easy), c) policies can decide for different paths in case then again, while activating ppls is just an interface...
by hknet
Thu Aug 11, 2016 2:10 pm
Forum: General
Topic: Fastpath on vlan interface.
Replies: 15
Views: 2262

Re: Fastpath on vlan interface.

well after several support-mails to and from Mikrotik (thanks guys!)
we got fastpath active - the last issue was an ipv6 firewall policy - this also breaks fastpath.
by hknet
Wed Aug 10, 2016 1:24 am
Forum: General
Topic: Fastpath on vlan interface.
Replies: 15
Views: 2262

Re: Fastpath on vlan interface.

I'm a little talking to myself here :) To make the analysis a bit harder in terms of performance, if I read all this stuff correctly one has to have onnectiontracking on auto in order to get fastpath/fasttrack. On the other hand onnectiontracking seems to take cpu cycles, which is again not good for...
by hknet
Tue Aug 09, 2016 11:34 pm
Forum: Forwarding Protocols
Topic: BFD + OSPF + CCR1036 Issue
Replies: 24
Views: 4055

Re: BFD + OSPF + CCR1036 Issue

It is best to avoid BFD until v7 is released.
well, removed it for the time being, as I like stable :)
might try to run it in the future, if MT care to comment on the issue.
by hknet
Tue Aug 09, 2016 11:13 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 38
Views: 11319

Re: MIkrotik BGP Monitoring

Ah has that been implemented? That was a feature I once requested... Will certainly have a look into that! However, currently I am not able to check for new RC version, maybe it has been taken down due to discovering a serious error? releasenote for 6.37rc10 says: snmp - added script table which ex...
by hknet
Tue Aug 09, 2016 1:24 am
Forum: Forwarding Protocols
Topic: ospf interface comment forces reload?
Replies: 1
Views: 335

ospf interface comment forces reload?

we try to be good admins and do comment interfaces, instances and so on... quite unexpected is the behaviour if I add or change a comment of an ospf interface definition via winbox's fancy yellow comment icon. pressing "enter" to finalize the comment kicks the ospf neighbor association and forces a ...
by hknet
Tue Aug 09, 2016 1:16 am
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 38
Views: 11319

Re: MIkrotik BGP Monitoring

well, snmp by the standard would of course be fine, but the current RC promises to have a snmp to script interface which should allow for some interesting private OIDs :)
by hknet
Tue Aug 09, 2016 1:14 am
Forum: Forwarding Protocols
Topic: BFD + OSPF + CCR1036 Issue
Replies: 24
Views: 4055

Re: BFD + OSPF + CCR1036 Issue

just as a "fun fact" note: RouterOS v6.36 on a CCR1036 speaking bfd on a single 1G copper link (OSPF) with a Cisco (IOS 15.2(4)S7) does seem to carry a (at least for now) stable BFD interface (29 minutes and counting)
by hknet
Mon Aug 08, 2016 7:35 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 38
Views: 11319

Re: MIkrotik BGP Monitoring

Sounds in the end you'd monitor your routereflectors :-)
*scnr*
by hknet
Mon Aug 08, 2016 7:03 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 38
Views: 11319

Re: MIkrotik BGP Monitoring

Hi pe1chl,
I bet you, you don't want this hovering-feature on bgp peers transmitting a full v4 (or even v6) table as this would simply take quite long :)

Regards,
hk
by hknet
Mon Aug 08, 2016 6:51 pm
Forum: General
Topic: Fastpath on vlan interface.
Replies: 15
Views: 2262

Re: Fastpath on vlan interface.

Well I'm finally totally puzzled about fastpath/fasttrack - in /ip settings we see this: https://oc.kapper.net/public.php?service=files&t=c28166da8ec363eca0adadfb288edf02&download while on the other hand the interface stats show: https://oc.kapper.net/public.php?service=files&t=80d3e250b65378fb33d16...
by hknet
Mon Aug 08, 2016 6:31 pm
Forum: Forwarding Protocols
Topic: BGP instance suddenly disabled?
Replies: 4
Views: 434

Re: BGP instance suddenly disabled?

Hi,
no language problem here, he still has access ;)

I can only second your opinion on MikroTik's BGP, while it likes restarts for changes to its configuration it on the other hand needs an extra push to use updated filterrules :)

regards
hk
by hknet
Mon Aug 08, 2016 4:49 pm
Forum: Forwarding Protocols
Topic: BGP instance suddenly disabled?
Replies: 4
Views: 434

Re: BGP instance suddenly disabled?

not ruling the junior out, but I'm a quite trusting guy on the other hand, because people at our company are allowed to make errors and not get expelled :)

on the positive side: we now do extensive bgp monitoring for the mikrotik boxes in our network...
by hknet
Mon Aug 08, 2016 3:07 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 38
Views: 11319

Re: MIkrotik BGP Monitoring

Dear Pincio, thank you for updating your code, maybe you'd like to put this together in one command request like this: my @cmd = ("/routing/bgp/peer/print","=status=","?remote-address=". $ng->get('peer'),"=.proplist=prefix-count,state"); this way you can simply check the results like this: result: =...
  • 1
  • 2