Community discussions

MikroTik App

Search found 100 matches

by petrb
Thu Jan 05, 2023 11:02 pm
Forum: General
Topic: Could add new queue tree: too many packet marks in system
Replies: 10
Views: 1533

Re: Could add new queue tree: too many packet marks in system

ROS is not able to add more than 4095 /queue/tree elements with unique MARK matcher,
by petrb
Thu Jan 05, 2023 9:23 pm
Forum: General
Topic: Could add new queue tree: too many packet marks in system
Replies: 10
Views: 1533

Re: Could add new queue tree: too many packet marks in system

Hi, you can replikate issue using (tested on x86 and CCR1036) :local MARK :local OC3 :local OC4 :set MARK 1 :set OC3 1 :set OC4 1 for i from=1 to=6000 do={ /ip firewall mangle add chain=postrouting src-address="192.168.$OC3.$OC4" action=mark-packet new-packet-mark=$MARK /ip firewall mangle...
by petrb
Sat Aug 08, 2020 7:24 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 184
Views: 114218

Re: v6.48beta [testing] is released!

Hi,... bug - IPv6 prefix leases from dhcpv6 server (set via radius) are not marked as used in "ipv6 pool user prefixes". This can create prefix conflict. Works fine for the IPv4 dhcp+radius. /ipv6 pool add name=pool1 prefix=2a01:5e0:501::/48 prefix-length=56 /ipv6 dhcp-server add address-p...
by petrb
Tue Jul 28, 2020 5:45 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 184
Views: 114218

Re: v6.48beta [testing] is released!

Thanks for working on IPv6 ... please implement also "Framed-IPv6-Route" RADIUS attribute for DHCPv6. You are in half away. Thanks. Petr
by petrb
Wed Sep 11, 2019 10:41 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

dhcpv6 PD is not PPPoE PD
by petrb
Thu Jul 04, 2019 9:34 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195541

Re: v6.45.1 [stable] is released!

After Upgrade 6.45.1.... My DHCP server dosent work anymore.. use radius to validate.... roolback...
Fix in 6.46beta
by petrb
Thu Jul 04, 2019 5:32 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 105847

Re: v6.46beta [testing] is released!

DHCPv6 PD from radius works again. Thanks.
by petrb
Thu Jul 04, 2019 2:18 pm
Forum: Announcements
Topic: Winbox v3.19 released!
Replies: 33
Views: 41886

Re: Winbox v3.19 released!

Right click on the file and choose "Download", problem solved.
thanks, good to know. I use ssh/scp terminal most of the time, so this was not big problem for me.
by petrb
Thu Jul 04, 2019 12:15 pm
Forum: Announcements
Topic: Winbox v3.19 released!
Replies: 33
Views: 41886

Re: Winbox v3.19 released!

rushlife: - you can resolve font problem easily, when you install fonts to the wine using winetricks, don't forget to recreate wine prefix to use new fonts - I have no issue with speed - drag and drop for me work only with direction from the desktop environment to the "wine winbox". The op...
by petrb
Wed Jul 03, 2019 10:46 pm
Forum: General
Topic: Hairpin NAT not working as expected
Replies: 5
Views: 3262

Re: Hairpin NAT not working as expected

for dstnat you can specify input interface instead ip + you need public ip at the wan and dyndns
by petrb
Wed Jul 03, 2019 10:33 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195541

Re: v6.45.1 [stable] is released!

Supout file was sent to the support. Thanks
by petrb
Tue Jul 02, 2019 7:53 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195541

Re: v6.45.1 [stable] is released!

DHCPv6 PD with RADIUS not work with dhcp6c in linux/ubnt .... work in 6.44.3. Work with DHCPv6 client with mikrotik. Very simple radius configuration: 744d288d0d1e => Mikrotik DHCPv6 client works ( can fail when prefix is changed and release action is not invoked ) f09fc24af7e8 => UBNT/Ubuntu tested...
by petrb
Tue Jul 02, 2019 9:41 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195541

Re: v6.45.1 [stable] is released!

Hi normis, please explane last line from log. Radius PD DHCPv6, Access-Accept receive but auth failed? What is that? No bindings in dhcpv6. Works in 6.44.3. 00:37:41 radius,debug,packet sending Access-Request with id 27 to 192.168.43.1:1812 00:37:41 radius,debug,packet Signature = 0x31ba2d3f58e4837c...
by petrb
Mon Jul 01, 2019 11:37 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195541

Re: v6.45.1 [stable] is released!

FAIL, RB4011, DHCPv6 PD from RADIUS failed, in 6.44.3 works fine. Some ip changed .... I use trick with replace input username in freeradius to pair "mac username" and "Calling-Station-Id" 00:29:47 dhcp,error item: radius authentication failed for f09fc24af7e8 ::/64: prefix chang...
by petrb
Sat Jun 29, 2019 7:45 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

I gave up the idea of implementing PPPoE delegated-ipv6-prefix and use DHCP and 802.1x for network configuration. How it works: 1. I have a freeradius with 802.1x authentification, store Calling-Station-Id after successful EAP. 2. DHCPv4 and DHCPv6 server at the MK is connected to the radius. 3. At ...
by petrb
Sat Jun 29, 2019 3:00 pm
Forum: General
Topic: DHCP + RADIUS Framed-Route behaviour
Replies: 11
Views: 6001

Re: DHCP + RADIUS Framed-Route behaviour

DONE, it works ... my mistake.

it works, but it was so funny for me :) ...

- for pppoe the declaration is Framed-Route = "192.168.99.0/24"
- for dhcp the declaration must be Framed-Route = "192.168.99.0/24 FRAMED-IP-ADDRESS 1"
by petrb
Sat Jun 29, 2019 2:07 pm
Forum: General
Topic: DHCP + RADIUS Framed-Route behaviour
Replies: 11
Views: 6001

Re: DHCP + RADIUS Framed-Route behaviour

for an example: device 1: linux - freeradius server with user, framed-ip, framed-route and delegated-ipv6-prefix device 2: mikrotik RB - DHCP server with access to the freeradius device 3: CPE dhcp client - CPE device successfully get framed-ip, network, mask, gateway - CPE device successfully recei...
by petrb
Sat Jun 29, 2019 12:44 am
Forum: General
Topic: DHCP + RADIUS Framed-Route behaviour
Replies: 11
Views: 6001

Re: DHCP + RADIUS Framed-Route behaviour

up ..... framed-route from dhcp+radius not installed :(
by petrb
Mon Jun 17, 2019 8:45 pm
Forum: General
Topic: DHCPv6 op 79 - Client Link-Layer Address Option
Replies: 6
Views: 2663

Re: DHCPv6 op 79 - Client Link-Layer Address Option

Thanks. Regards Petr
by petrb
Mon Jun 17, 2019 11:05 am
Forum: General
Topic: DHCPv6 op 79 - Client Link-Layer Address Option
Replies: 6
Views: 2663

DHCPv6 op 79 - Client Link-Layer Address Option

Hello, I'm not able to find any documentation about DHCP relay/server option 79 - Client Link-Layer Address Option. Are plans to implement this function? RFC is from 2013 and the biggest company have this feature implemented (juniper, hpe, cisco,....).


https://tools.ietf.org/html/rfc6939
by petrb
Mon Apr 29, 2019 2:23 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

For anyone looking for alternatives (on x86 hardware), VyOS now includes accel-ppp which supports Delegated-IPv6-Prefix.
vyos not support VPLS :( .... or documentation is poor
by petrb
Thu Apr 11, 2019 12:14 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

I want to deploy a combination of the VPLS+PPPoE+Delegated-IPv6-Prefix. Most of the cheap devices cannot do this at the once :( . Basic linux distribution have poor implementation of the VPLS. MK please implement "Delegated-IPv6-Prefix" attribute for PPPoE. Thanks
by petrb
Fri Feb 01, 2019 12:20 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 2656

Re: Network speed issues

9km is very long distance ...... in my opinion, the wireless device works well for lower distance, depends on the antenna if you can: - use 20MHz channels (Max Ce - 40MHz) - use 2x2 mimo - use nonoverlapping channels at the one site (be careful when you use "Ce" channels) - don't use chann...
by petrb
Thu Jan 31, 2019 7:51 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 2656

Re: Network speed issues

5745/20-Ceee/ac(33dBm) vs 5785/20/an(33dBm) ???? realy??? to much output power and channels overlapping.
by petrb
Thu Jan 31, 2019 4:43 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 2656

Re: Network speed issues

:(

- what type is the connection between R4 to CPE?
- PPPoE full MTU?
- CPU usage at the R4, packet errors, traffic shaper ?
- single TCP test speed test from R4 to CPE?

I have no idea ....
by petrb
Wed Jan 30, 2019 12:15 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 2656

Re: Network speed issues

- what is the channels configuration for R1-R2 and R2-R4?
- 1 tcp connection test R1-R2, R2-R4, R1-R4 ?
- CCQ at the R1-R2 and R2-R4 during TCP test from R4-R1 ?
by petrb
Tue Jan 29, 2019 7:22 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 2656

Re: Network speed issues

R4-R1 Fluctuates between 30MB to 50MB
This is the issue - make some tests using MK TCP 1 (TCP connection count) connection test (or iperf or other single TCP throughput test). What protocol is selected at the wireless links R1-R2,R2-R4 ? (NV2 is not good for p2p).
by petrb
Fri Dec 21, 2018 10:59 pm
Forum: General
Topic: 6.43.8 UPDATE ALERT READ BEFORE UPDATE
Replies: 11
Views: 4734

Re: 6.43.8 UPDATE ALERT READ BEFORE UPDATE

Yes, this is real. :( omg .... where are you going MikroTik ... highway to hell
by petrb
Sun Oct 28, 2018 4:59 pm
Forum: Scripting
Topic: Hysteresis watchdog
Replies: 0
Views: 1003

Hysteresis watchdog

Hi, the example implementation of the watchdog with the hysteresis (for the OSPF routing protocol, it can be easily modified for any other purpose). How it works: - start the cycle in the background that sends ICMP each second to the target. When packet loss is detected, the trigger is called. A scr...
by petrb
Thu Jul 26, 2018 5:57 pm
Forum: General
Topic: Not working: ip ssh forwarding-enabled ?
Replies: 0
Views: 1250

Not working: ip ssh forwarding-enabled ?

Hello, settings: /ip ssh set forwarding-enabled=yes/no does nothing (or I'm doing something wrong? ) Linux: 192.168.7.10 ROS wan ip: 192.168.7.1 ROS lan ip: 192.168.15.1 Device with WWW: 192.168.15.15 Example of SSH command from Linux ssh -L 8080:192.168.15.15:80 admin@192.168.7.1 to the ROS works a...
by petrb
Wed Jul 18, 2018 2:47 pm
Forum: General
Topic: SSH login with certs only [SOLVED]
Replies: 9
Views: 11268

Re: SSH login with certs only [SOLVED]

Yes, I agree, wiki page can be more specific: "/ip ssh set always-allow-password-login=" NO => when "user" have added public key, then you cannot log in with the password for a specific user, only cert (password prompt is still showing, but not accept password) YES => you can con...
by petrb
Wed Jul 18, 2018 2:31 pm
Forum: General
Topic: SSH login with certs only [SOLVED]
Replies: 9
Views: 11268

Re: SSH login with certs only [SOLVED]

Sorry, my mistake - ALL WORKS. I expect different behavior. [admin@HlavniRouter] > /ip ssh print always-allow-password-login: no SSH from Kubuntu to ROS: - login with certs all works - login without cers => PASSWORD is prompted, but NOT ACCEPTED (this made me mistaken) - SSH from Kubuntu to another ...
by petrb
Wed Jul 18, 2018 12:57 pm
Forum: General
Topic: SSH login with certs only [SOLVED]
Replies: 9
Views: 11268

Re: SSH login with certs only [SOLVED]

I allready read wiki. There is no option that can disable password login. Please read my post carefully. Thanks
by petrb
Wed Jul 18, 2018 10:30 am
Forum: General
Topic: NAT with /24 Public IP-Pool
Replies: 4
Views: 2247

Re: NAT with /24 Public IP-Pool

Try to use action "same" with nat. (in your case - do NOT use option "same not by dst")

NAT WAN ip will be select by destination IP address.
by petrb
Wed Jul 18, 2018 10:23 am
Forum: General
Topic: SSH login with certs only [SOLVED]
Replies: 9
Views: 11268

SSH login with certs only [SOLVED]

Hi, Is it possible to disable ssh password login to MikroTik routeros? SSH Example: - user "admin" with password - the public part of my private key computer was successfully added ("/ip ssh import-host-key private-key-file") - login to mk with cert is fully working Question: - H...
by petrb
Mon Mar 26, 2018 10:02 am
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 75
Views: 145374

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

2 normis: thanks for our quick reaction (I have 6.39.3 at the about 500 devices) and I can sleep well now. Just old bug with new wave.
by petrb
Mon Jan 22, 2018 10:30 pm
Forum: General
Topic: PPPoE + use-ip-firewall-for-pppoe issue
Replies: 7
Views: 3197

Re: PPPoE + use-ip-firewall-for-pppoe issue

up ... news - this issue occur when "ip firewall mangle" is set
by petrb
Sun Jan 21, 2018 9:05 pm
Forum: Forwarding Protocols
Topic: ❗❓ MPLS MTU Problem , more than 1500 byte get packet fragmentation error
Replies: 10
Views: 4789

Re: ❗❓ MPLS MTU Problem , more than 1500 byte get packet fragmentation error

Do you have somewhere enabled "use ip firewall for pppoe" at bridge interface?
by petrb
Sat Jan 20, 2018 6:34 pm
Forum: General
Topic: Vlan Interfaces Disappearing
Replies: 9
Views: 4496

Re: Vlan Interfaces Disappearing

CPU stats from incident ..... one or two cpu cores goes up to 100%
https://ibb.co/n0vTWw
by petrb
Sat Jan 20, 2018 6:22 pm
Forum: General
Topic: PPPoE Clients on Neighbors winbox
Replies: 2
Views: 1020

Re: PPPoE Clients on Neighbors winbox

No. It's misunderstand how pppoe works ..... you cannot have pppoe clients in neighbors discovery list, pppoe is kind of L2 tunnel, not ethernet.
by petrb
Fri Jan 19, 2018 3:05 pm
Forum: General
Topic: PPPoE external
Replies: 7
Views: 1795

Re: PPPoE external

Create VLAN/another L2 segment between RB3011 and CPE

RB3011(start PPPoE server here)------ether/vlan------RB433ah(bridge ether/vlan+wlan1/2/3)---------------PPPoE Client CPE
by petrb
Fri Jan 19, 2018 10:55 am
Forum: General
Topic: Vlan Interfaces Disappearing
Replies: 9
Views: 4496

Re: Vlan Interfaces Disappearing

Yes, the same situation at RouterOS 6.34.6 na CCR1036-8G-2S+ FW:3.27 During making changes "ip route rules" all virtual interfaces simply disappear. No bridge, no vpls, no eoip. IP address assigned to this interface stay in the routing table with no assigned interface => but some traffic p...
by petrb
Fri Jan 19, 2018 10:42 am
Forum: General
Topic: PPPoE + use-ip-firewall-for-pppoe issue
Replies: 7
Views: 3197

Re: PPPoE + use-ip-firewall-for-pppoe issue

up .... no idea ? I try some another debug but without success.
by petrb
Fri Jan 19, 2018 10:40 am
Forum: General
Topic: PPPoE external
Replies: 7
Views: 1795

Re: PPPoE external

You can imagine PPPoE as layer 2 protocol, you should bridge interface between PPPoE server and PPPoE CPE to create L2 segment.
by petrb
Mon Jan 15, 2018 7:59 pm
Forum: General
Topic: PPPoE + use-ip-firewall-for-pppoe issue
Replies: 7
Views: 3197

Re: PPPoE + use-ip-firewall-for-pppoe issue

Picture note: Left side = ON, Right side=OFF
https://ibb.co/jiF52R
by petrb
Mon Jan 15, 2018 7:36 pm
Forum: General
Topic: PPPoE + use-ip-firewall-for-pppoe issue
Replies: 7
Views: 3197

Re: PPPoE + use-ip-firewall-for-pppoe issue

up ... linux ping says Frag reassembly time exceed packet capture from CCR with wireshark .... ping from CPE is transported to pppoe server though mantbox bridge use-ip-firewall-for-pppoe=yes - packets are fragmented, only first part (1514) is delivered, second part not use-ip-firewall-for-pppoe=no ...
by petrb
Sat Jan 13, 2018 12:09 pm
Forum: General
Topic: PPPoE + use-ip-firewall-for-pppoe issue
Replies: 7
Views: 3197

PPPoE + use-ip-firewall-for-pppoe issue

Hi, I have MTU issue with packet delivery through the bridge interface with enabled use-ip-firewall-for-pppoe=yes. Linux | CCR with MPLS+PPPoE Server+Radius || VPLS tunnel || mantbox with VPLS and WLAN interface bridged together, used use-ip-firewall=yes (filter input at wlan) | CPE + PPPoE Client F...
by petrb
Fri Nov 03, 2017 11:58 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

you can assign a prefix in the user account and send it as the Radius attribute. With attribute is used in billing system? I mean it is IPv6 framed prefix ... but when is used, you need to configure each customers CPE IPv6 manually and this is the issue. Life is more simple if you used delegated ip...
by petrb
Fri Nov 03, 2017 11:36 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

I can not understand why this takes so long. IMHO this can be implemented easily. Prefix delegation is implemented based on prefix pool and really works. You can send radius attribute mikrotik-delegated-ipv6-pool, but this pool must be prepared in router os. Half of work is done. We need from Mikrot...
by petrb
Sat Aug 26, 2017 12:38 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

If you have a thousand PPPoE users you want to give static /64 IPv6 delegations you must create a thousand pools on the Mikrotik to match.

Also, is IPv6 accounting of an sort working yet?
Yes, it is terrible solution, but is very easy to prepare it.
by petrb
Tue Jul 11, 2017 3:13 pm
Forum: Forwarding Protocols
Topic: MPLS end user problems
Replies: 2
Views: 1152

Re: MPLS end user problems

Send icmp echo from computer behind Tenda router with size set to 1500, must pass and fragmentation will occur. If not, there is point of failure.
by petrb
Sun May 28, 2017 7:04 pm
Forum: General
Topic: Feature request IPv6 radius Accounting
Replies: 3
Views: 2210

Re: Feature request IPv6 radius Accounting

up

hi, any news about accounting for ipv6 radius? I will be nice feature.
by petrb
Tue May 23, 2017 10:30 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Yes, it is static => single poll selected for single pppoe user by using mikrotik-ipv6-delegated-pool atribute in radius
by petrb
Tue May 23, 2017 9:58 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Hi, any news about delegated prefix ? Solution: I have two separated BRAS (mikrotik pppoe servers with radius) and on both of them I create with script 2000 /56 pools wit example parameters /ipv6 pool add name="2a01::/56" prefix="2a01::/56" prefix-length="56" .... and i...
by petrb
Thu Apr 20, 2017 4:33 pm
Forum: Virtualization
Topic: SR-IOV work in CHR ?
Replies: 5
Views: 10908

Re: SR-IOV work in CHR ?

Thanks, I'll use HP VSR1000.
by petrb
Thu Apr 20, 2017 11:59 am
Forum: Virtualization
Topic: SR-IOV work in CHR ?
Replies: 5
Views: 10908

SR-IOV work in CHR ?

Hi, Is it SR-IOV working in RouterOS 6.38? I didn't find actual information about it. Thanks

Regards Petr
by petrb
Mon Apr 17, 2017 1:05 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

hi, great news from latvia

thanks, I'll look closer at erricsson
by petrb
Mon Apr 17, 2017 11:53 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Hi, any changes? Is there any change how to get "IPv6 delegated prefix from pool" information to radius accounting? IPv6 Delegated prefix not implemented IPv6 accounting to radius not implemented or I miss something? We need the data retention function fully work in accordance with local l...
by petrb
Mon Mar 27, 2017 8:59 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

thanks .... yes and no ... I preffer debian, but stable debian (8 - jessie) have kernel that not support mpls in kernel, iproute2 version that cannot configure mpls, debian 9 stretch is now in freeze status, must wait and can be used

edit: we have pppoe in vpls/mpls
by petrb
Fri Mar 24, 2017 11:37 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

I'm sad .... now we try to get some informations about Cisco XRv and use it in VMware esxi like pppoe concentrator. But I'm afraid about high price.

https://mellowd.co.uk/ccie/?p=2777

Mikrotik, please give us some hope. Thanks
by petrb
Thu Mar 23, 2017 6:03 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

idea: in mpls setting, do you have set correct mpls LSR ID and Transprt address as loopback ip? Also ospf Router ID set same as loopback ip?
by petrb
Thu Mar 23, 2017 4:53 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

ospf should not do anythink with L2 vpls tunnels or vlan (only connecttion itself), if icmp not pass over L2 .... vpls/vlan works like L2 (yes i know, it's between L2/L3)
by petrb
Thu Mar 23, 2017 8:52 am
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

happy to help

I make some labour but no :( I cannot reproduce your issue, everything works :(

about ip tv ... sorry, I can not help, I never realise this .... you already create own vlan for iptv traffic, just put there source data and bridge it to your customers as tagged traffic
by petrb
Wed Mar 22, 2017 11:38 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

I didn't see where is vlan vlan_131_iptv and vlan_132_internet bridged? Vpls_13_3 is test vpls? Note: In this configuration vlan_132_internet not pass echo and pppoe fail. If vlan_132_internet is not in bridge2, everythink works. Did you clone configuration from one rb2011 to another? What about mac...
by petrb
Wed Mar 22, 2017 9:29 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

fine, lets try to find misconfigre in RB2011 - export
/interface export

idea - situation:
- vlan not putted into bridge - icmp echo already pass
- vlan created and put in new bridge (empty bridge, add ip) ... vlan interface for test should be part only in one bridge - icmp echo pass ???
by petrb
Wed Mar 22, 2017 3:19 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

On RB2011 you bridge VLAN interface and physical etherXY?

Do you have same bridge horizon setting for both ports in bridge(Vlan and physical ether XY interface)? If yes, problem occur, same value identify ports, that should not pass traffic between them.
by petrb
Wed Mar 22, 2017 3:02 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

You have loop somewhere or incorrect usage of split horizon (if you disable from bridge, you must also add pppoe server interface on it).
by petrb
Wed Mar 22, 2017 7:58 am
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

:( no idea

ad 2 ..... fine, VPLS works
- add new test vlan to same vpls that work, don't put it in bridge, and ip and try icmp. Until it pass, pppoe will not work.
by petrb
Tue Mar 21, 2017 10:24 pm
Forum: Forwarding Protocols
Topic: OSPF Multicast over EoIP
Replies: 5
Views: 4013

Re: OSPF Multicast over EoIP

idea: agree with zerobyte ... you use split horizon and multicast - it's not good combination. Best way is use /30 or you can try configure ospf as nbma network and define neighbors.
by petrb
Tue Mar 21, 2017 9:42 am
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

fine, because I have no idea, lets try this (add some ip address to make test if aren't there): 1. ping from RB2011 to CCR1016 pass ? size 1518 no frag. must pass 2. ping from RB2011 to CCR1016 inside vpls ? size 1504 no frag. must pass 3. ping from RB2011 to CCR1016 inside vlan ? size 1500 no frag ...
by petrb
Mon Mar 20, 2017 9:07 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

first look, you haven't set MTU 1504 at VPLS_13_2 (you set only advertise MTU)

second - add some ip address to RB2011 vlan interface and try icmp echo with 1500b without fragmentation to some test ip at your main RB1016 same vlan interface

3. how is realise bridging at 212 ?

next? I have no idea :(
by petrb
Mon Mar 20, 2017 7:31 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

I create this scenario for you, full work, everything that you need is there. About 3 minutes.

CCR A1 is main with PPPoE
hEX A3 is remote end (like yours RB2011)
pppoe client is connect to ether4 at hEX A3 and fully work
minimal L2 mtu 1532b on ether1 must be supported in full path to exit from vlan
by petrb
Mon Mar 20, 2017 4:20 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

mpls/vpls in vlan
or
vlan in mpls/vpls

??
by petrb
Mon Mar 20, 2017 12:42 pm
Forum: General
Topic: OMNITIK 5 AC POE PROBLEM
Replies: 2
Views: 1200

Re: OMNITIK 5 AC POE PROBLEM

by petrb
Mon Mar 20, 2017 12:13 pm
Forum: Scripting
Topic: how can i get rx/tx-rate of an active user (hotspot)?
Replies: 6
Views: 4812

Re: how can i get rx/tx-rate of an active user (hotspot)?

Hotspot don't control wireless L1 communication .... only osi L2 and upper. You need get this information from capsman or wireless registrion table.
by petrb
Mon Mar 20, 2017 10:04 am
Forum: Beginner Basics
Topic: PPPoE vs Hotspot
Replies: 5
Views: 3278

Re: PPPoE vs Hotspot

you can do it simply of cause, make separated network for every access point and write strict firewall pppoe is overkill hotspot is not necessary, but if you want block some users dynamicly, its preferred way. With hotspot you can make data quotas per mac address and more and more. You don't need ma...
by petrb
Mon Mar 20, 2017 9:58 am
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

again, question 1 - yes or no? it is important in all situation, you must ensure that minimal L2 MTU can pass in final size - 1480 -pppoe is enough for you? => fine, you have standard 1500b - add 4+4 mpls+vpls - add 4 vlan settings in routeros will be: 1480 pppoe mpls interface setting 1508 (without...
by petrb
Sun Mar 19, 2017 11:00 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

next step of fun is when you want to pass full 1500b MTU to your customers behind pppoe (default 1480) without fragmentation
by petrb
Sun Mar 19, 2017 10:38 pm
Forum: Beginner Basics
Topic: PPPoE vs Hotspot
Replies: 5
Views: 3278

Re: PPPoE vs Hotspot

why you want use pppoe? Use Capsman - network manager for this situation. For customers authentication you can use integrated Hotspot feature. https://wiki.mikrotik.com/wiki/Manual:CAPsMAN https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot ad 1. you should make separated wireless network for network h...
by petrb
Sun Mar 19, 2017 6:27 pm
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

questions: 1. do you have mpls/vpls in vlan? if yes, you must ensure, that L2 vlan can pass more than 1500b, need full 1500+4mpls+4vpls (all is in kirnak presentation) 2. ping loopback on other side of vpls exit point is not enough, you need try ping from client, that should communicate thought vpls...
by petrb
Sun Mar 19, 2017 4:11 pm
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

wow, at this forum are no private messages
by petrb
Sun Mar 19, 2017 3:49 pm
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

Happy to help.

Sorry, I haven't skype or facebook. ( I'm not interested to use it :) ) If you want contact me, use private message.
by petrb
Sun Mar 19, 2017 10:55 am
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 8724

Re: OSPF setup

yes, this was example from iptables, but rule is for incoming
by petrb
Sun Mar 19, 2017 10:50 am
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

you can block communication between pppoe sessions simply with firewall

/ip firewall filter add action=drop chain=forward in-interface=all-ppp out-interface=all-ppp
by petrb
Sun Mar 19, 2017 10:27 am
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 8724

Re: OSPF setup

you must have some rules to allow ospf in firewall like

$IPTABLES -A INPUT -i eth1 -p 2 -j ACCEPT # IGMP
$IPTABLES -A INPUT -i eth1 -p 89 -j ACCEPT # OSPF

(its protocol 2-egp and 89-ospf, NOT tcp ports)
by petrb
Sun Mar 19, 2017 10:09 am
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

Sorry, but I don't understand your question. What communication you try to block? Please make some scheme/picture. Split horizont settings "1" is only identification of group of ports, that should NOT pass traffic between them. It should be used when you have complex tunnel VPLS topology l...
by petrb
Sun Mar 19, 2017 9:58 am
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

At first attempt, try some magic with MTU ..... PPPoE in VPLS in VLAN can have easily issue with L2 mtu. MPLS should be reconfigure (at both ends of VLAN/MPLS) to run correctly in vlan. Vlan Tagging add 4 bytes, MPLS add next tagging, VLPS add next tagging, PPPoE add next tagging. You can test it ea...
by petrb
Sun Mar 19, 2017 1:03 am
Forum: Forwarding Protocols
Topic: OSPF with multiples addresses in the same interface
Replies: 32
Views: 6418

Re: OSPF with multiples addresses in the same interface

Multiple network ip address on single interface in ospf? Yes, but only single interface setting is ospf. Bridge port table? PPPoE interface - do you have pppoe server listening at all ports that you need? And on vpls? Are transparent switches have enought mtu size to transport vpls? Your topology no...
by petrb
Sat Mar 18, 2017 9:50 am
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

forgot "a"

of cause, icmp is summary for icmp echo (mpls/vpls) is used as ip accelerator, it is his purpose
my test with icmp show reconnect time from main to backup path
by petrb
Fri Mar 17, 2017 11:29 pm
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

Leter "a" is used as substitute "space" ...... multiple "space" are shown as single. Just for schema.
by petrb
Fri Mar 17, 2017 4:56 pm
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

i make some test .... icmp echo - standard interval from /tools ping Cli-----R2---(vpls)----R1 aaaaaaa \______R3_______/ (ignore "aaa") ping from Cli to R1 with static vpls - Unplug cable between R2-R1 = 23 icmp echo lost - Replug cable between R2-R1 = 20 icmp echo lost this time is caused...
by petrb
Fri Mar 17, 2017 12:39 pm
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

BGP and OSPF are not comparable protocols..... each of one should by used for different scenario. In real world, you need both.
by petrb
Fri Mar 17, 2017 12:02 pm
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

of couse, in simply version scenario ... - you have large network with IGP (like ospf) for connection your internal network - you have border routers (to you ISP / to your customers), peering with other ISP/customers is realized with BGP - BGP need full mesh or route reflector between all border rou...
by petrb
Fri Mar 17, 2017 11:10 am
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

you need use ospf and can use bgp for signalising vpls insted static configuration
by petrb
Fri Mar 17, 2017 9:10 am
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

in scenario from mikrotik .... yes on R1,R2,R3 ... but only if you have bgp signalised vpls (reconnect occur change vpls tunnel in bridge) ... sorry, my mistake
by petrb
Thu Mar 16, 2017 11:26 pm
Forum: Forwarding Protocols
Topic: MPLS-VPLS-OSPF, fallover
Replies: 23
Views: 4202

Re: MPLS-VPLS-OSPF, fallover

Issue is caused by bridge, that join vpls and physical interface to client. There is rstp protocol used. You can try to set spit horizon (same for all vpls) and disable rstp at bridge.
by petrb
Mon Mar 06, 2017 6:59 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

yes, delegated prefix will be great ..... creating pool for every single user and using mikrotik-delegated-pool is not the best solution
by petrb
Mon Feb 06, 2017 8:09 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

thanks, this script could be usefull .... i had same idea, store information about used prefix/pppoe user from routing table ... prefer static ipv6 delegated prefix, most of our client prefer same address (static AAAA dns etc ... )
by petrb
Sat Feb 04, 2017 11:28 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

+1 RC 6.39 nothink new :(
by petrb
Thu Jan 26, 2017 4:21 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 260
Views: 97808

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

yes, please implement Delegated-IPv6-Prefix for PPPoE, we have stuck in implementation of IPv6 using PPPoE (delegated IPv6 pool is not enough)