Community discussions

MikroTik App

Search found 29 matches

by sbeauchamp
Thu Apr 13, 2017 3:05 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 98235

Re: v6.39rc [release candidate] is released

I seem to be having IPSEC peers acting odd. I haven't noticed this until the last couple RC versions. Peers will show a whole bunch of installed SAs, although only one pair per peer with increment bytes.I have two CCRs(rc62 and rc69) connected back to a CHR (6.37.5), both are doing this. the CHR sho...
by sbeauchamp
Tue Apr 11, 2017 7:14 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 98235

Re: v6.39rc [release candidate] is released

IPIP and GRE interfaces are no longer working. Upgrading to 6.39.rc68, automatically removed all my IPIP tunnels. If i try to add them back via web or CLI the router crashes and reboots. On the cli i can do /int ipip add name=TUN1 and hit enter, i get the prompt for remote address but after i type i...
by sbeauchamp
Mon Apr 10, 2017 8:59 pm
Forum: RouterBOARD hardware
Topic: RB3011UiAS-RM
Replies: 102
Views: 56539

Re: RB3011UiAS-RM

did the encryption hw acceleration ever get turned on for this model?
by sbeauchamp
Mon Apr 10, 2017 8:48 pm
Forum: General
Topic: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)
Replies: 134
Views: 33218

Re: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)

@Jocksor, unfortunately I'm not using EoIP. I'm just using the basic IPSec in tunnel mode. On the IPSec wiki page, there are some optimizations for the RB1100AHx2 to set the irq's, would this help on the CCR? I tried some of those 1100 optimizations on the CCR, but in my case it didn't really make ...
by sbeauchamp
Mon Apr 10, 2017 6:41 pm
Forum: General
Topic: Optimizing QoS?
Replies: 3
Views: 740

Re: Optimizing QoS?

Did you already try a Queue Tree?
I haven't, it seemed i couldn't do any policing inbound that way. I may or may not need to, not sure yet. I can see if it makes a difference though when i get a chance.
by sbeauchamp
Mon Apr 10, 2017 4:01 pm
Forum: General
Topic: Optimizing QoS?
Replies: 3
Views: 740

Optimizing QoS?

I am in the early stages of designing a service using router OS, and I need to understand how the system handles QoS a bit better. Not specifically how to configure it, but how to optimize it for the least impact on the system. Basic goal is prioritize VOIP and then any other applications the custom...
by sbeauchamp
Thu Apr 06, 2017 2:59 pm
Forum: General
Topic: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)
Replies: 134
Views: 33218

Re: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)

It is like in any other configuration, adding simple queues or software queues on interface will significantly reduce performance. Stream is classified before encryption and all actions with packets from that stream are done on the same core. That makes sense. This issue does indeed seem fixed to m...
by sbeauchamp
Tue Apr 04, 2017 2:48 pm
Forum: General
Topic: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)
Replies: 134
Views: 33218

Re: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)

Heres what im seeing with the CSR1009-8g-1s-1s+ IPIP tunnel with IPSEc, holds ~200mbps turning on QoS takes a pretty big hit down to ~70mbps turning off connection tracking seems to give a 30-60mbps bump depending on the situation no QoS and no connection tracking reaches about 300mbps. upload seems...
by sbeauchamp
Mon Apr 03, 2017 10:46 pm
Forum: General
Topic: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)
Replies: 134
Views: 33218

Re: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)

Should I expect this to be fixed on CCR1009-8G-1S-1S+? I haven't had a chance to test yet, but I ask because i notice this model isn't listed for sale anymore.
by sbeauchamp
Thu Mar 09, 2017 8:32 pm
Forum: Virtualization
Topic: Does routerOS and CHR handle multicore systems differently?
Replies: 3
Views: 3565

Does routerOS and CHR handle multicore systems differently?

On a CHR I have installed, i notice a huge difference in throughput when RPS is turned off. When its on, im lucky to get 35mbps. When its off, I can get at least 300mbps. My understanding is that RPS helps to spread the load of packets across multiple cores. Does it make any attempt to keep single f...
by sbeauchamp
Wed Mar 08, 2017 5:30 pm
Forum: General
Topic: x86 and RPS
Replies: 0
Views: 645

x86 and RPS

I'm looking to find more information about CHR/routerOS. I have a VM running CHR. I have a remote spoke (also x86) using a broadband connection with IPIP+GRE+IPSEC back to the hub. At first I was lucky to get 35mbps over this. I turned off RPS and suddenly get 300mbps+. As I understand it, RPS helps...
by sbeauchamp
Tue Feb 28, 2017 8:34 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 2468

Re: Is routerOS and CHR capable of using Intel AES-NI?

This ones running on Intel(R) Xeon(R) CPU L5640 @ 2.27GHz on XenServer 7 https://www.dropbox.com/s/ebvxrqqzd86pzp1/Screenshot%202017-02-28%2013.45.19.png?dl=0 This ones running on Intel(R) Xeon(R) CPU E3-1245 V2 @ 3.40GHz on OpenSource Xen (Debian) using HVM. https://www.dropbox.com/s/67pl7ev89p3gj...
by sbeauchamp
Tue Feb 28, 2017 5:45 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 2468

Re: Is routerOS and CHR capable of using Intel AES-NI?

Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC. HTH How is the performance? Mind if I ask what hardware you are using? I'm looking to do something similar. A hub and spoke se...
by sbeauchamp
Tue Feb 28, 2017 4:16 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 2468

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors. Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC. HTH How is the performance? Mind...
by sbeauchamp
Tue Feb 28, 2017 3:42 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 2468

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors. Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC. HTH How is the performance? Mind...
by sbeauchamp
Mon Feb 27, 2017 6:58 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 2468

Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors.
by sbeauchamp
Thu Jan 12, 2017 3:32 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 45497

Re: v6.38 [current] is released!

does this fix the out of order packets on the CCR models when using the encryption hardware acceleration?
by sbeauchamp
Thu Dec 08, 2016 9:05 pm
Forum: Virtualization
Topic: Need a recommendation
Replies: 5
Views: 2315

Re: Need a recommendation

the configs are pretty bare, hopefully i didn't miss anything.


spoke-ipsec-only.txt
hub-ipsec-only.txt
by sbeauchamp
Fri Dec 02, 2016 3:22 am
Forum: Virtualization
Topic: Need a recommendation
Replies: 5
Views: 2315

Re: Need a recommendation

tried just plain ipsec tonight. its actually worse than just IPIP (no ipsec). Beginning to thing the CCR just can't handle encryption very well.
by sbeauchamp
Thu Dec 01, 2016 10:48 pm
Forum: Virtualization
Topic: Need a recommendation
Replies: 5
Views: 2315

Re: Need a recommendation

I believe having IPIP+ipsec is not a very wise choice. if your clients need to establish site to site tunnel protocol and at the same time you need encryption i wiuld definitly recomment using IPSEC only. therefore IPIP is very overhead intensivr as it will encapsulates the ip packet in a whole new...
by sbeauchamp
Thu Dec 01, 2016 7:56 pm
Forum: Virtualization
Topic: Need a recommendation
Replies: 5
Views: 2315

Need a recommendation

I am looking for a solution to meet a set of requirements, or close to it. I intend to have a hub router (something virtual), that customer spoke routers can connect to via IP tunnel and IPSEC encryption. At the moment im thinking i need to support 1gb of bandwidth total and allow varrying sizes of ...
by sbeauchamp
Tue Nov 22, 2016 3:46 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ IPIP+IPSEC performance?
Replies: 2
Views: 911

Re: CCR1009-8G-1S-1S+ IPIP+IPSEC performance?

PC -> CCR1009-8G-1S-1S+ withIPSEC (aes128+sha1)+IPIP over300mb cable connection -> CCR1009-8G-1S-1S+ sitting inside an MPLS cloud with multiple gigabit internet connections -> internet I turned off IPSEC entirely last night to test, and was about to get 360Mbps. Looks like this model can't handle en...
by sbeauchamp
Mon Nov 21, 2016 6:57 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ IPIP+IPSEC performance?
Replies: 2
Views: 911

CCR1009-8G-1S-1S+ IPIP+IPSEC performance?

Anyone know what the performance of this board is when using an IPIP tunnel along with IPSEC?

I have been testing using a 300mbps connection, and I am able to only get roughly 150MBPS. Does this seem correct for this model?
by sbeauchamp
Wed Oct 12, 2016 3:51 am
Forum: Forwarding Protocols
Topic: how to QoS BGP?
Replies: 3
Views: 1053

Re: how to QoS BGP?

It appears something odd is going on or i am misunderstanding something. I tried setting up a simple queue this time, to match all packets targeting my tunnel interface, i set it to limit to 50k. Weird thing is when i look at the traffic page on the queue it shows "target download" is hitting 50k in...
by sbeauchamp
Tue Oct 11, 2016 10:19 pm
Forum: Forwarding Protocols
Topic: how to QoS BGP?
Replies: 3
Views: 1053

how to QoS BGP?

Im trying to find a way to protect BGP packets from high utilization outbound from my router. I have queue tree set up that is getting matches setting BGP to priority 1 with limit-at 500k bandwidth. However, doing a bandwidth test from the local router (upload), bgp drops. Doing a bandwidth test TOW...
by sbeauchamp
Tue Sep 27, 2016 8:11 pm
Forum: Scripting
Topic: Removing BGP out and in filter
Replies: 3
Views: 828

Re: Removing BGP out and in filter

See here: http://forum.mikrotik.com/viewtopic.php?f=21&t=110425&p=554009#p554009 They don't want to implement unset for all parameters, even if set "" is most likely the same. Wow thats really strange. Coming from Cisco devices, adding a in/out filter using "none" or possibly even"" can cause the r...
by sbeauchamp
Tue Sep 27, 2016 7:57 pm
Forum: Scripting
Topic: Removing BGP out and in filter
Replies: 3
Views: 828

Removing BGP out and in filter

I'm trying to have a script remove an out or an in filter on BGP. Ive tried several different ways, and I can't get it to remove it. I can easily set using "/routing bgp peer set number=1 set out-filter=XX" but i cant seem to remove that value.
by sbeauchamp
Thu Sep 22, 2016 9:36 pm
Forum: Scripting
Topic: Switching ISPs based on satistics (packet loss, latency, jitty etc)
Replies: 0
Views: 580

Switching ISPs based on satistics (packet loss, latency, jitty etc)

Im just now exploring the functions of the mikrotik routers, and im looking for the best way to measure something like latency or jitter over each connection so that I might run a script to redirect VOIP traffic to another provider if a certain threshold is met. Ive messed with the traffic generator...
by sbeauchamp
Fri Sep 16, 2016 3:38 pm
Forum: General
Topic: Certificate errors and half loading web pages
Replies: 2
Views: 662

Certificate errors and half loading web pages

I am having a few issues using an internet connection with the mikrotik. The current set up is a miktotik router at my house with a broadband connection, with an IP tunnel using IPSec back to a hub at our data center. I get certificate problems on almost every web site i try. Some website like amazo...