MikroTik

as rextended says i think is not a memory leak i have some Routers with months of uptime with that version

some missconfiguration
or
you are being ddos attacked

to start check this:

/ip firewall connection tracking print

check the total entries value

I found an issue on v7.9 (also in v7.8): There is an issue in the algorithm used for choosing the (random?) MAC address of a bridge (e.g. loopback). Two switches CRS317 in the same network got the same MAC address on the loopack interface. RoMON Address also is duplicated. Only one of both devices ...

I tested in a CRS 317 Version 7.6 with L3 HW Offload, then Ingress ACL for rate limiting does not work, but in L2 Bridge Vlan Filtering Ingress ACL for rate limiting works OK

that's why i'm asking

i think marketing is backfiring on L009 ,some of us (me included) at first expected to see it as a worthy representative of 2011-3011-4011-5009 Latvian Muscle legendary Router Family when it is far from it We already have the rb4011 and rb5009 This Red Device first appeals to nostalgia then appeals ...

just to close this loop with actual feedback and help I went online facebook MK group and posed the exact same question as I did here. Within 10min I got the answer --- Maybe this can help In v7 it is not possible to turn off synchronization with IGP routes (the network will be advertised only if t...

Greetings, fellow community members! We are glad to announce the beginning of a new project - Quality of Service Hardware Offloading (QoS-HW) , introduced in RouterOS v7.10 . The goal of the project is to perform QoS packet marking (VLAN PCP, IP DSCP, and in the future - MPLS EXP), traffic shaping,...

I noticed the CRS309 has 8 hardware TX queues (tx-queue0-packet) but I didn't see how to classify traffic to use each queue. i was tracking that for a while, now we know this is real keep in mind The current implementation is for QoS Phase 1 - QoS Marking (introduced in RouterOS v7.10). so maybe we...

until now CCR2004-16G-2S+ is the only product using 88E6191X switch chip

maybe you have found a bug

if 154.54.220.138 traffic is not relevant or important to you drop it

/ip firewall raw
add action=drop chain=prerouting src-address=154.54.220.138

lowering tcp timeout can help

/ip firewall connection tracking 
set tcp-established-timeout=16m

looks like was not so urgent after all

and static simple queues

DHCP Offering Lease Without Success

most the time is a simptom of a problem in access network, some times not even related to the router

frequently is a simptom of wireless or wired network issues, not a router failure, most the time router is not culprit

dont shoot the messenger...

sometimes when you open winbox and a window with many elements that consume alot of resources is a matter of clossing that windows and then exit winbox reopen winbox and wait (without opening a window with many elements) some minutes and that 100% core will be gone windows with many elements: simple...

I join the same question

i think is an interesting topic

and a reminder to secure control plane in our Routers

i think in an effort not to "self-compete" with the hap ax3 they have crippled this reference with that CPU come on guys !!! we are in 2023: high performance and single band wi-fi cant be in the same sentence !!! this is practically a hAP ax Lite with a bigger enclosure !!! sorry about my ...

hi guys i have a mikrotik ccr1036-8g-2s +em with revision3. I see the temperature is 28 C while the CPU temperature is 52C.

Is it normal for CPU temperature to go up to 52C.

dont worry its normal temperature

maybe is time for Users to Make their own independent MUMs

Let's accompany this with some crude calculations % of advantage of ax3 over ax2 ax2-vs-ax3.png where you see single digit advantage is because is reaching CPU to SWITCH interface limit not cpu processing limit Could you please create the same conparison for AC3 vs AX3 and post it here? ???? ac3-vs...

I did some speedtest with new ax2 that I recieved, i tested only 5 GHz band TX/RX (default config out of the box, only thing changed SSID pw and admin pw and country set to my country) Server is on laptop, i have Intel AX200 WiFi card, i ran each test for about 5 minutes and distance between laptop...

looks like after a little more than a year the time to mandatorily go to V7.X has come, is not pretty but It is what we have

can be a good idea, but many smartphones does not have enough CPU processing power to do bandwidth test with high speed, add this to the limitations of Wi-Fi connection, then you have the cocktail for many complaints about it

off topic

be aware newer shipments of this router come without USB port

You can buy another CSS106-1G-4P-1S and connect between them using back sfp ports with dac sfp cable S+DA0001 or equivalent, then you will have 8 poe ports plus 2 regular rj45 without poe total 10 gigabit ports

what cpu usage you obtain in that conditions??

just in case

Keep an eye on qsfp module temperature

i think before doing that kind of investment a good idea is to know the product

Welcome

https://help.mikrotik.com/docs/display/ROS/RouterOS

i think You have hit the nail

i have a remote location where skin does not work on winbox and is with a limited user with only the following permisions in his respective user-group:

read, write, web, winbox

some aproximate data about performance advantage of ax3 over ax2

ax2-vs-ax3.png

Passwords are available in CSV format from the distributor accounts. You guys are good with scripts, come up with a script that takes these passwords from CSV as variables and uses them in your SSH mass config scripts :) Or ... just Flashfig routers en-masse with some big switch. [SOLVED] :lol: jus...

Passwords are available in CSV format from the distributor accounts. This seems like it would be a good solution for distributors, but what about a small ISP? And hopefully, the distributors only have the passwords for the routers they bought for resale, i.e. not all routers. distributor know passw...

i think you need a product way beyond consumer

maybe military equipment or something like that

if that is not your case, then off course any civil wireless equipment is vulnerable to jamming so this too

If MikroTik at least supported "show | compare" and "commit confirm xxx" like Juniper, it would be great.

yes that will be great in MikroTik

There is a reason why that device has so many ventilation openings... also for supported ambient temperature up to 50°C Max there is a tiny price to pay for such a versatile and powerfull device in a compact fashion, most electronics works ok up to 90°C or even more so i think 65°C is no problem

maybe output chain

so here should AX3 shine.... Ans: Just the opposite this small CPU's have a narrow memory bus to be cheap and power efficient do you mean that the procesor is bad designed and can use only 4x874??? I dont think so :) Ans: bad designed no, goodfully market segmented i think hap AX3 can shine in speci...

Well, official test results indicate 25% difference in real life (e.g. routing 25 filter rules, 512 byte packets: 1145Mbps ax3 VS 912Mbps ax2). Surely that's a lot less than the difference in CPU clock. But then routing (in v7 specially) can be memory-intensive and it's possible that RAM types (ena...

i think ipsec tests reach the imposed limit of encryption engine before reaching cpu limit because of that the limits are the same

published test cover some different scenarios: one of its is fast-path scenarios with big packets where you reach the limit of CPU to Switch interface the other scenarios are cpu taxing tasks where cpu becomes the limit this small CPU's have a narrow memory bus to be cheap and power efficient but th...

talking about bandwidth management... on a CRS-317 with ROS 7.6 runing a simple L3 HW offload with static routes all runing fine but ACL with Action= Rate (to do some bandwidth management) does not work ACL to drop traffic works ok with L3 HW offload similar ACL with Action= Rate (to do some bandwid...

in most cases, this symptom reflects that there are problems in the access network. Not the router

So, cannot install S-RJ10 in no one of MT with passive cooler. I search for heatsink but as i see it is apply in main surface (not this in outside): https://www.electronics-cooling.com/2016/07/pluggable-optics-modules-thermal-specifications-part-1/ The dimensions of these heatsink they don't fit in...

some days ago i tried Winbox Skin on a remote device and not worked, but reading this topic i tested on local device using 7.6 and worked OK, if i find why does not worked in my remote device i will post it

is good to hear that MC-LAG/MLAG is working ok in your scenario

is a very bad idea to match s+rj10 with a rb4011 or rb5009 compact passive cooled devices even worst on wifi version of 4011 s+rj10 gets very hot and it will transfer heat to the rb4011, maybe temperatures on rb4011 not rise so much but s+rj10 maybe gets hot beyond reliable operation, maybe internal...

"Considerably slower" is relative to the hardware. My ARM, ARM64, and Tile boxes have seen significant improvements. Under 6.48.x my CCR1036 was showing 2-3% on 2Gbps of traffic. Now it shows 0% on the same traffic. take a look using tools profiling using ALL cores option to view individu...

i think CCR2004-1G-12S+2XS is a niche product designed to be a PoP simple router people often misconcept this product when see that ammount of SFP+ interfaces plus 2 SPF28 interfaces, look at it like a golden product to obtain a fiber switch plus a router for a cheap but it is neither of the two, mu...

when you use the 100g interface only the first of four will be active

i dont know if you are the same user with another topic about CRS 518

in that scenario he is using a breakout DAC cable from 100g to 4 x 25g, maybe in that case the situation is different

for me looks legit

Hey All, I need some advice for buying a new home router for my new house. I have the whole house CAT-7 cabling and 2 x 10 GBit Switches providing 1GBit/2.5GBit/5/10GBit for two isolated networks. Both Smart Managed, VLAN support and some SFP+ ports that are unused, as I don't have fiber lying in t...

True but then you need to jump through additional hoops for setting up your own controller web interface, container, etc etc. I'll stick to wireguard, thankyouverymuch :lol: X2 !!! i agree with you there is too much hype with ZT, for those who want to use it fine, but for some people sometimes its ...

this is not useful??

https://help.mikrotik.com/docs/display/ROS/RPKI

if you have an issue with ccr1072, changing it for ccr2116/2216 will not resolve it

1 - A script to block the IP addresses. https://forum.mikrotik.com/viewtopic.php?p=905420#p906705 2 - By adding the allowed address list that contains your location. https://mikrotikconfig.com/firewall/ https://www.iwik.org/ipcountry/ Wireguard https://forum.mikrotik.com/viewtopic.php?t=182340 Peer...

YOu can limit speeds of several gigabits using CRS 3xx switches i have used CRS 317 with Routeros 7.6 to limit using Ingres ACL's rate parameter that way do not use CPU on switch and works ok With CRS 317 in L2 HW offload mode ingress ACL limit works OK, in L3 HW offload mode in 7.6 does NOT work, i...

I think using separated sockets (NUMA Nodes) on a single VM can penalize your obtainable performance in fact a 64 Cores VM can be close to diminishing returns point most 64 core CPU's have a Lower Base Clock to keep Power and Heat under control, in some scenarios a high base clock 32 core CPU can le...

you can try some sort of load outbound balancing without using mangle rules using Route Rules

dhcp-option.png

raw value appear automatically after you sucesfull ingress a value

https://wiki.mikrotik.com/wiki/Manual:I ... er#Example

i think you can try disabling fast-track, that combined with mangle does not work well

if you already disabled it please reboot to remove fast-track dummy rules

maybe your ccr1016 does not have a bottleneck although you have stated that

maybe a miss-configuration specially on load balancing, maybe some internal network problem, maybe a some provider or providers problem

you have too much features on a single router If you want more performance you must separate the wan load balance duties from PPPoE Router to a separate Router When you had the PPPoE router only doing that task you can run it on fast-path mode without connection-tracking, in that way you can obtain ...

according to documentation its supports Bridge Hardware Offloading https://help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-BridgeHardwareOffloading beware of this: Only 802.3ad and balance-xor modes can be HW offloaded. Other bonding modes do not support HW offloading....

if you are using PCC Per connection classifier

set the ValuesToHash to src-address

Is the CCR2204 more powerful than the RB5009 even though it is older? yes CCR2004 is superior to RB5009, in some scenarios can be up to 4x better, in other scenarios only a 30% better ccr2004 has some higher level licensing and other useful things If you really want much more processing power i sug...

Hi there. I just want to share my frustration with the CCR2004-16G-2S+PC. I was super excited about it when I first saw it on the YouTube channel and now I have one. Currently I have a RB5009 running some containers and working as main home router, but I would like to have a second SPF+ just to con...

RB4011 is a v6 device
Uh? https://mikrotik.com/product/rb4011igs_rm "v7 only"?

indeed Latest shipment of rb4011 comes with v7 preinstalled

9b16fb82-ec41-472d-8496-5139c490937a.jpg

unfortunately in that scenario if you lower your power problem can be worst for you, if environment is already dirty you want to use the highest power possible in a way that neighbor AP can hear your AP transmiting and share some airtime for your devices you will never obtain a good performance in s...

i5 - 7400 , 16g ram?

if you already have it available go with it, it will perform better than a rb4011/rb5009

Yes, Dynamic ARP Inspection (DAI), is another standard wide feature not supported by MikroTik switches i am very sure MikroTik has this in the radar I hope in close future we will see it but I think today the priority is towards Layer 3 Hardware Acceleration features which are too much more relevant...

i think maybe it's not so relevant once the connection is marked for fasttrack, most of the subsequent packets of that connection are fast-tracked avoiding processing overhead, placement of fast-track rule does not change anything for those packet (most of them) Fast track rule placement only impact...

AFAIK QUIC traffic is on 443 UDP

i think the most optimal way is:

no connection-tracking
fast-path mode on

for isolation use Route Rules

Out. Bridge Port Filter works only when use-ip-firewall in bridge settings is enabled

Bridging and Switching
Bridge Settings
https://help.mikrotik.com/docs/display/ ... geSettings

most the time this devices are used outdoors

if you open the case be careful when closing it again, if not, you can damage the SXT when water finds its way inside

/system health detect-fans solved the problem!

Faulty unit shows four fans in system health.
After detect-fan, I can see just three fans.

useful info, thank you for sharing

check your system certificate settings, try disabling CRL download, and disabling use CRL

try enabling CLAMP TCP MSS option

Here is the relevant info, as far as I can find. There are only a few things that can be configured in the Synology NAS. I've attached the MT config file.

@dazzaling69

you must pay attention at mkx explanations, he has fully explained why you cannot achieve more speed

You still didn't show exact configuration of both devices in question. Until you do, we can keep talking about weather ...

your patience is admirable

DHCP-PD routes show the HW Flag?

i think CRS-125 is almost EOL go for the CRS-326

so now you may understand that maybe they dont want to make it beyond the fact that can be made or not surelly if you put on advance an order for 10.000 units of that hypoteticall product they will think twice about it, not only for your personal lab needs is not the first time that in this forum so...

i hope MikroTik is working on a 8 x 100g switch but it will take months to come, i think maybe until the next year, and off course it will be far more expensive adittionally an 8 x 100g switch puts MikroTik on a predicament, almost in the obligation to release a possible CCR2316 with 4 x 100g + 12 x...

some times redirection works when you actively reject connection of clients who forgot to pay

change drop action to reject action using

reject-with=icmp-host-prohibited

tcp reset

can help too

you can try different options available on drop rule

is interesting to see that while 98DX8525 in theory can do 6 x 100g that was not implemented, maybe is a power/size requirements thing maybe product segmentation to differentiate it enough from maybe a future 8 x 100g port device 4 x 100g fit for many scenarios, you just need to add a secondary swit...

how much total bandwidth you have available? growt planned? that will be your parameter to define which router to use i dont think in this case a switch can do a proper job for a small installation with around 500mbps i think a rb5009 can do the job, for any bigger go with ccr2116 i look this scenar...

No fast-track but I have just found the solution.. It was 2 fold. 1) IPv6 was being used and thus bypassing the IPv6 target on the simple queue.. Some Ookla servers supported IPv6 and some did not.. obviously the ones that DID support IPv6 were bypassing my original simple queue BECAUSE I had only ...

I would dump PPPoE, but my radius/billing software is limited on other ways to AAA dhe dhcp clients. Same problem here..stuck on radius because of that. and you are not alone, is a very real often situation, but will be useful to put some pressure over radius/billing software vendors to fix this i ...

It would be good if we were more tolerant in this forum make it a nice site to share our findings and experiences with routeros countless times I have chosen not to post an answer, anticipating trolling or arrogant answers, is not worth it I include myself, we have fallen into following a trend towa...

you have Fast-track Enabled?

try enabling flood unknown multicast

MLAG issues have been seen sporadically at the forum, maybe not ready for production yet

i think need to try at least with 7.6 version

keep in mind RB2011 is almost 10 years OLD

2023 hAP ax lite has better performance, and is cheaper with lower power consumption

in that devices is common to pass up to 500-600mbps of internet tráffic without problem by software bridging this is the most common scenario if you want to do it by hardware you can but only using eth1 to eth5, sfp interface is not inside the switching chip so any traffic to and/or from sfp interfa...

i think will be useful to enable more extensive logging on wireless topic

/system logging
add topics=wireless

in that way you can collect info at the moment your client device try to associate with the AP and the possible reason of failing to do so

then you should also be concerned about the thermal contribution of the devices located above and below the 4 x rb5009 combo in each case there may be numerous variables that influence the final result off course you can't expect the same thermal behavior i think the most problematic situation is th...

i think you must return to ccr1072, usually newer platforms take months to optimize plus a new operating system version plus a new hardware architecture plus a new hardware offload using ASICs because of all this concurrent aggravating factors we can expect this process to be even more difficult tha...

maybe Nbase-T support is not that far from 10GBase-T at the end 2.5g ang 5g are almost the same thing as 10gBaseT running at lower frequency Is true that many 10G baseT devices are incompatible with 2.5g or 5g BaseT, specially those on the early ages of 10G base T Compatibility guide gives us some l...

CRS1xx/CRS2xx series do not support hardware acceleration for typical bonding interface neither bridge vlan filtering Bonding configuration on CRS 1xx 2xx uses some kind of chip propietary mode which is not guarantee to be fully compatible with a different device, only guarantee work between 1xx/2xx...

state of art chips work well up to 90°C or even more without problem

please do not create duplicate topics

i think when you use a 40g or 100g link (not breakout cables) you only need to consider the first qsfp interface on configurations

do not expect a TCP test to be able to saturate such a "big" link, try udp test or traffic generator

i think is better to start with a smaller topology (3 switches) to understand basic MSTP behavior

then

aditional switches to divide the lab in 2 regions and understand that specific aditional topic

i personally only have deployed small single region setups

have you tried 7.6? which CRS 326 are you refering to?? CRS326-24G-2S+RM or CRS326-24S+2Q+RM When i was using Routeros 6.48.6 and 6.49.7 traffic shaping was erratic and a cause of service disruption when enabled so i avoided that feature Some weeks ago on a CRS 317 using only L2 VLan (no L3 HW offlo...

What's the best way to monitor for issues with l3hw? Are there any counters I could watch or some other performance metrics? After a long break I've replaced an aging EdgeRouter 4 (behaving flawlessly save for lack of updates) with CCR2116 on 7.8 and started getting complaints of intermittent poor ...

Aditional to previous good advice in the topic

For sucessful netinstall sometimes is useful to put a dumb switch between PC and Routerboard

by the way your configuration is build it will only works running by CPU, you must reconfigure using only bridge vlan filtering to be able to have the benefits of offloading if you already do that please post your "bridge vlan filtering" config and profile usage with it deployed additional...

Don't expect too much performance using CRS326-24G-2S+ as router doing Nat etc because it has a little cpu

Try using tools profile to obtain info About the CPU usage

Sometimes is better to use the setting "all" to see each core usage separately

Clicking on usage column header, allows You to sort by usage and see tasks with most usage at the top

Hello,

does hAP AX Lite has IPSec/AES hw acceleration or not?

Thx.

not

not until now

but, even if that support is announced, dont expect it to be available inmediatly

just today i deployed a CRS 317 doing inter VLAN routing with L3 HW offload 2 gbps of traffic with 1% of CPU usage, working ok with Ros 7.6

in my profile you can contact me to help you to solve the issue

I've read this thread multiples over the months. The real problem here is complexities and unclear visibility of this L3 offloading, what gets offloaded (routes), why, etc. We certainly don't have this much of a headache working with L3 offloading on other vendors. MikroTik needs to make some chang...

the point is that using vlan interfaces as ports inside the bridge since 6.41 are considered Layer2 misconfiguration Similar to this VLAN in a bridge with a physical interface https://help.mikrotik.com/docs/display/ROS/Layer2+misconfiguration#Layer2misconfiguration-VLANinabridgewithaphysicalinterfac...

L3HW Offload (FW - specific) doesn't work with VLANs. Submit a ticket, maybe we can get this pushed to high priority to get fixed. https://forum.mikrotik.com/viewtopic.php?t=193770 As you mentioned, there is hw operation with the bonding interface, but hw does not appear to be active for the vlan i...

what you are requesting is some sort of passive or semmi passive splitter from 40g to 10g even though internally 40g works like a 4 x 10g connection is not a trivial task to split that i dont think you can do that without all the logic included on a switch is not that simple breakout cable relies on...

Layer2 misconfiguration
VLAN in bridge with a physical interface
https://wiki.mikrotik.com/wiki/Manual:L ... _interface

Solution
To avoid compatibility issues you should use bridge VLAN filtering.

i agree about limited single core performance on Tile Architecture, but in the test realized by sirbryan he replicated the situation in a rb4011 which has much better single core performance (it has OoO A15 CPU) at a rate normal for that router doing shapping 200-300mbps

https://mikrotik.com/consultants/europe

i think 2116 can be a good upgrade, just keep in mind that CCR2116 only works on RouterOS Version 7.x if you already have your RB1100 setup working on V 7.x is a good idea but if you are on RouterOS 6.xx you must test your setup on V7.xx before on lab environment to be sure you can migrate to CCR211...

check tools-graphing

RB5009 + AP

i agree

this is a users forum

you must open a ticket with support:

https://help.mikrotik.com/servicedesk/servicedesk

check this topics:

NETINSTALL
https://help.mikrotik.com/docs/display/ROS/Netinstall

FLASHFIG
https://help.mikrotik.com/docs/display/ROS/Flashfig

@IPANetEngineer

thank you for your answer

One thing that would help to disambiguate: l3 hw offload - stateless offload of IPv4/IPv6 routes into hardware l3 fw offload - stateful offload of IPv4 connections and NAT (IPv6 fastpath/fasttrack yet to be implemented) Brief list of what we discovered with fw offload in our lab and in prod for an ...

Try ingress ACL to apply the limits, i made some test with 7.6 on CRS 317 and looks like it worked

Try rebooting

Try disabling ando enabling Global L3 hw offload on switch

Maybe reboot again

try removing this

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes

EDIT
and maybe try adding this

/interface ethernet switch
set 19 l3-hw-offloading=yes

i dont think that more than 25.000 concurrent users per BNG PPPoE server can be a good idea

You can Virtualize several of this BNG on a server capable of doing that massive task, maybe a server of 32 cores (Only real Performance cores not eficiency intel cores)

you are adding 4.000 VLAN tagged to an interface?, can you explain that?

your stable CCR1072 setup is running RouterOS 6 or 7 ?

pleaso confirm what version of routeros are you running on your CRS 317

that kind of problem must be mitigated in access layer (manged switches and/or wireless access-points), the scope of actions you can do from main router is very limited

also retiring UBS deducts some watts from device power budget, another reason to opt on removing it, specially on a passive cooled device

i think that kind of devices do not benefit too much from increased CPU clock speed because already starved on memory bus bandwidth

specs says

Operating System	RouterOS v7

obviously a new product will not be ported to old software

for that situation i think you better consider RB5009

i think another approach can be:
first rule to allow only that mac
second rule to drop any other mac

check this Offloading Fasttrack Connections https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading#L3HardwareOffloading-OffloadingFasttrackConnections info you found on wiki.mikrotik.com is legacy documentation L3 Hardware offloading is a new feature, so is better to stick with help.mikro...

you can write a script to periodically disable queues, you can use certain conditions to choose which queues to disable

first google search result of : wireguard qr code generator

https://www.wireguardconfig.com/qrcode

will be nice to test this hAP ax lite wifi 6 with a client device like ESP32-C6 Wi-Fi 6

Divide-and-conquer

do not concentrate a labor on a single device, when you can is better to have multiple devices to distribute the load specially at the access layer

I haven't used capsman for some time

but with all the recent changes i bet you will be better with a 6.xx version you validated and tested stable and stay with it as long as your devices supports it, until we see how capsman evolve in 7.x and wave2 era

Not sure I understand the post above me... I have a Cambium XE3-4. And I can confirm that my Google Pixel 6 Pro connects to the 6E from my wireless access point. Mikrotik RB5009 + Mikrotik CRS326-24G+2S-RM + Mikrotik S+RJ10 + Cambium L142A + Cambium XE3-4 My phone also connected to a Netgear WAX630...

i think this can help

https://wiki.mikrotik.com/wiki/Manual:C ... Based_VLAN

Power via USB ... check the Mikrotik MQS. Works fine with power bank+ hAP ac Lite. I can even add mAP Lite at the PoE out port of the hAP ac Lite, all powered at the same time. Or just powerbank+mAP Lite for the lightweight travel set. (Config of the mAP Lite is a bit complex, if no ethernet or MQS...

Newbie-- Recursive Routes-- Mangle -- Fasttrack? = Problems

https://help.mikrotik.com/docs/display/ROS/Bandwidth+Test Bandwidth Test uses a lot of resources. If you want to test real throughput of a router, you should run bandwidth test through the tested router not from or to it. To do this you need at least 3 routers connected in chain: the Bandwidth Serve...

if you are so security concerned the first thing you need to do is to buy equipment directly from official distributors you are self exposing you to supply chain problems and after that looking for a fix for it, so fix the problem at their origin the fact of trying to change factory version informat...

bandwidth test run using CPU

switches have an small CPU only for management

for testing 40g you will need several servers on each end of the link to generate traffic

rp-filter in Loose mode does not help?

if you configure the burst-threshold value significantly below max-limit value that do not happen

if you use a burst-threshold value between burst-limit and max-limit is when you end up in the situation you refer to @TomjNorthIdaho

When an ISP has bandwidth bursting configured to their customers , many ( if not all ) customers maxing out their accounts for the bandwidth they have purchased will see their video quality get better, then get worse, then get better, then get worse and sometimes see temporarily frozen video ( or s...

I have a Unifi Enterprise AP with an SSID set to 6Ghz and a unique SSID tied only to it along with a Google Pixel 6. I can confirm it does not detect the WIFI 6E SSID.

try setting the same ssid available on 5ghz and 2ghz radio

very useful info, thank you for sharing

Almost 5 days from my initial report for "very weird" memory usage (which I strongly believe to be a memory leak) starting on v7.7, confirmed by other users here, some reports of it really looking to be DNS resolver related, support ticket alteady opened, at least one user already posted ...

how much chart Keep time you use for:

Raw value:
10 min value:
2 hour value:
1 day value:

Using the windows client to visualize a history graph of a service or a device , have you had trouble when visualizing several days graph?

useful info

thank you for sharing !!!

i normally do not try or install every release on production equipment unless a feature or a fix obliges me to do it, for example in RouterOS 6.x i was on 6.40.8 or 6.40.9 until new bridge vlan filter implementation was mature, then i jumped to 6.42.12, then 6.43.1, then 6.44.6, then 6.46.8, then 6....

Fortinet is one https://www.fortinet.com/blog/industry- ... cell-wi-fi

which comes from acquisition of Meru Networks

OMG great features !!!

that device do not supports it

Bridge Hardware Offloading
https://help.mikrotik.com/docs/display/ ... Offloading

About this matter I have a doubt: Doing Traffic filtering on a switch by using Hardware ACLs before traffic reach the router can be a feasible way to firewall a router without loosing the high performance fast-path mode? Read the official explanation: https://help.mikrotik.com/docs/display/ROS/Brid...

@chechito: it is an excellent way to filter the router, but you need an extra device to do that, and you should have a switch that supports an high number of rules. They are stateless rules and works at wire-speed. Thinking about that another approach can be using the newer 2116/2216 which have an ...

About this matter

I have a doubt:

Doing Traffic filtering on a switch by using Hardware ACLs before traffic reach the router can be a feasible way to firewall a router without loosing the high performance fast-path mode?

if you see the device in ip neighbors maybe you can try mac telnet

I disabled DNS, reboot MT and problem was solved. /ip dns set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-concurrent-queries=100 \ max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \ servers="" use-doh-server="...

you can use a script to mass change all your queues bucket size to the value of your preference
@chechito, do not lost your time again
viewtopic.php?p=944759#p943984
He's just a troll.

Roger That

dont_feed_the_troll.png

i think fast-path is hardware dependent due to variety of x86 hardware possible combinations i dont think will be feasible so for fast-path deployments a fast routerboard can blow an x86 machine x86 can be more useful for heavy processing scenarios in "slow" path, for example heavy queuing

you can use a script to mass change all your queues bucket size to the value of your preference

If you do not drop, for example DDoS attack on RAW side, it consume also: connection-tracking resources (when is enabled) mangle on prerouting resources (when are present) dst-nat resources (when are present) bridge resources (if involved) cpu resources to subtract -1 to TTL (or drop packet) again ...

I disabled "Allow Remote Requests" and configured provider's DNS server for clients. But the problem remained. In one hour, 1 MB of memory has leaked and continues to leak. . If you didn't try it, try rebooting the MK box after disabling "allow remote requests" just to "cle...

i have 6 simple queues, traditional queue types: pcq, pfifo, maybe if you are using some new type of queue

ROS 7.7 hAP ac2 Constantly linear increase in memory usage daily.gif Earlier in the logs, I saw messages that there was not enough memory and a reboot with a kernel error. Logs are not saved. Now I'm monitoring the situation. i have a pair of hap ac2 with 7.7 with a basic configuration and dont exi...

the nowadays very common practice of doing nat without specifying interface

thank you for sharing the solution

thank you for sharing

try changing static ip adressing to dynamic ip adressing

have you tryed V7.6 and V7.7 ?

beautiful machines, a truly workhorse for years, going to some repair and still going

when you Upgrade to routeros 7.x you upgraded routerboot too?

(routerboot is located under system routerboard menu, you must have the actual version in current and upgrade)

routerboot.png

thank you for sharing

is not the same game

CCR 2116 and 2216 hardware offload is using Marvell Switching ASIC's
CRS 3xx and 5xx Switch hardware offload is using Marvell Switching ASIC's too

Hex-S uses a MediaTek SoC (different vendor) so enabling hardware offload on that chip need a separate development

If high disk bandwidth is a MUST! - CCR2116-12G-4S+ is equipped with 1x M.2 slot with 4xPCIe3.0 lanes.

CCR2116-12G-4S+ supports Current PCIe NVMe drives ? classic PCIe AHCI drives ? or both ?

put a dumb switch between your PC and MikroTik ROuter, that can help to make Netinstall see the router to recover

dont forget to disconnect PC from any other network connection including virtual interfaces

take a look at this info

MikroTik SFP module compatibility table
https://wiki.mikrotik.com/wiki/MikroTik ... lity_table

QSFP+/QSFP28 interface supported link rates
https://wiki.mikrotik.com/wiki/MikroTik ... link_rates

this info is for you

S+RJ10 general guidance

https://wiki.mikrotik.com/wiki/S%2BRJ10 ... ce#Summary

DC 12V 2A worked not stable and with errors. i think you are at the lower edge of supported voltages, i think is better to stick with 24volts for PoE and at least 18-19volts on jack for reliable operation if you are trying a 12volt adapter, normal voltage drop because rb4011 can ramp up to 1.5 amp ...

you can influence cliente behavior on AP selection whit:

AP physical location
AP TX power
Taking advantage of environment to limit AP coverage

Last resort will be Access-lists, be ware of testing them properly to avoid degrading user experience

be aware a bonding interface on 2004 will run on software, not hardware accelerated

take a look at this presentation

https://youtu.be/pmtB3LlwquA

Wan1 5/0
Wan1 5/1
Wan1 5/2
Wan1 5/3
Wan2 5/4

Using PCC

If You have the budget make yourself a favor Get ccr2116, You Will not regret it, 995usd of the Best MikroTik can deliver I'm not saying 2004 is a Bad product, but from a ccr1009 i don't think is a relevant upgrade If You still on buying a ccr 2004 get 16g versión no PC CCR2004-1G-12S+2XS is a niche...

i guess /32 route creation is to propagate it on IGP

It's a shame that LACNIC's prices are not so pleasant.

We'll see how much the price goes up.

i think the "single bridge" thing is very relevant mostly on new equipment which includes an integrated Switch like ccr2116/2216 i have the same habit of using a bridge for wan interface even when using only a single port as a useful tool to do some L2 trouble-shooting, if you dont enable ...

one example of wifi6 for iot only on 2.4ghz

https://www.espressif.com/en/news/ESP32_C6

I guess my question is could this be used as a ISP core router running CGNAT? i think its a bad idea, why?: because CG-NAT will be done by Software using CPU on Fast_track mode with many connections tracked beyond what 2 2 16 can do with hardware offload i think 2 2 16 is suited for a specific role...

Search found 3023 matches