I have 2 mikrotiks: (1) RB951Ui-2HnD and (2) hAP AC^2 which was intended as a replacement of the first one.
Config from (1) was copy-pasted to (2) with required adjustments.
I started to dig into the issue after my new device (2) lost LAN connections (all ports including WAN) during torrent download after 2 months of work without any issues. While I still could connect and login to router using Wi-FI (bridged with internal LAN ports).
I was able to (de)activate LAN ports, it showed the state of lan ports and reacted on connect-disconnect ethernet cable events but wasn’t able to communicate thru them including inability to login into ROS using MAC address and WinBox function of detecting Mikrotik devices returned no results. But I could see the packet exchange on the LAN port when client tries to get IP address (of course it fails). I mean the numbers (p/s) in the interface window. Tried to capture any packets using built-in sniffer while trying to negotiate IP, got no packets captured. Wi-Fi based devices are still able to get IP address, so DHCP server is functional. Internal storage is 20% free, RAM is around 200 MB free.
After reboot everything worked just fine under my usual using mode while I don’t use torrents (I’ve tried a few different apps).
Problem persists both if using UPnP or port is forwarded manually or even no port forwarded at all (harder to find leechers that are able to connect, but still).
I’ve tried to disable FastTrack just in case, but no results. ROS version was 6.43.3 at the moment I had transferred the config from (1) to (2) and I’ve seen no issues on it, probably just because I haven’t used torrents at that time. First time I’ve encountered the issue on 6.43.7 and now on 6.43.8 it’s still persists.
Thinking the problem is in my config I’ve tried to reset the device and configured from scratch just a minimal config based on quick set that is enough to use internet. Left torrent app opened and seeding for a few hours without any problems. It seemed the issue gone. At night I put my PC in sleep. Next morning I woke up the PC and the torrent app continues its job. After a minute or so I got the same problem as before. All LAN ports have died. Rebooted, everything is fine again. Next morning after a minute - no LAN. So, now it happens much rarely, but still happens. Normally PC was connected using an Ethernet cable, but on Wi-Fi got the same result.
After some experiments forcing the issue to trigger, I’ve got stable results of losing LAN connectivity. Thus, even on almost default config the issue persists.
ISP uses PPPoE that initializing by mikrotik.
Any ideas, what could be reason of this and what I can check? Will really appreciate your help. Thanks
PS: The (1) router has no problem in this scenario on the same config and firmware (and ROS) versions.
I have encountered similar problem with my hAP ac2. I haven’t deducted the problem from the point if view you have (i.e. wifi works), but my conclusion hints at the same direction: switch chip. My initial config, which had failing me (I enabled watch-dog with pinging of a lan host so that in such cases RB would reboot and I was getting something around 3-10 reboots daily), involved HW-offloaded VLAN config. A few weeks ago I reconfigured the whole lot to the bridge-vlan way which means no HW offload… and upgraded RB to 6.44beta40 (and later to beta50). I didn’t have any problem since, but I can’t tell which of the two changes made the difference.
So my suggestion: switch off HW offload on all ether ports on the bridge:
/interface bridge port
set [ find interface=ether1 ] hw=no
set [ find interface=ether2 ] hw=no
set [ find interface=ether3 ] hw=no
set [ find interface=ether4 ] hw=no
set [ find interface=ether5 ] hw=no
(omit any interfaces not being part of bridge, e.g. ether1 if it’s used as WAN interface).
Thanks for the reply, unfortunately it didn’t help to solve the issue.
But I think I found what in my config was triggering that.
It’s weird, but it seem somehow related to IPv6 that was configured on my router.
I just was trying to remember what could be the reason that on my ‘new’, i.e. default config everything was working fine for a few days and then after some point I start having the issue again. And one thing I’ve done after that is configuring IPv6 as I’ve found that forgot to do that earlier.
So, disabling IPv6 seem to fix the issue as I’m unable to trigger it now even after restoring my old config (and disabling ipv6 there).
Now I even more questioned about that. I’d prefer to have H/W offload turned off than having no IPv6. And of course I don’t want to use my old Mikrotik where that combination worked well.
Looking forward to find any workarounds or, better, get it fixed in the new software update (but have no idea how I can get the devs to look into this issue).
Do you use torrents? As I mentioned before, it only happens when I have active torrents. Since I haven’t used torrents often (after router upgrade never, till now) I haven’t had the issue till now while IPv6 was functional since I’ve transferred the config from my old Mikrotik, i.e. since the 1st day.
Was actively using IPv6 for download/upload large amount of traffic (hundreds of GB) to/from cloud services, had no problems at all.
Maybe somehow it is related to PPPoE as uplink and if have a ISP connection that uses no tunneling for Internet access and IPv6 capable as well, it won’t trigger the issue. But unable to try it now. Maybe next week at my friend’s house, but not sure if his ISP provides IPv6.
torrents running all the time. Most of traffic in UL (24h average is around 2.5Mbps), sometimes also DL occupying all available BW. I have static DST-NAT rule in firewall for forwarding both TCP and UDP for IPv4 and allow rule for IPv6.
I’m running total of 5 different VLANs, configured the bridge vlan-filtering way, so no HW-offload. VLAN setup includes the PPPoE (DSL modem is connected to access port of my WAN VLAN, pppoe-client then runs on vlan interface)
Thanks.
I have a similar setup, only instead of VDSL I have a GPON modem in bridge mode and not using VLANs.
Is there any special firewall rules for IPv6 related to torrents? Honestly, till now I even didn’t think about that and don’t think UPnP added any rules there. Might this will resolve my problem?
I haven’t had much experience with IPv6 yet. As I understand I need to add rules that will allow forward both tcp and udp, but what is the destination? Since my IP’s are dynamic (both v4 and v6), so on my PC it may get changed (ipv6 address). So not really sure about correct rules to apply.
For IPv4 it was enough to add the rule without IP address, but internal interface, something like this
Your IPv6 rules will pass traffic towards those TCP and UDP ports for any IPv6 LAN host. A tad too liberal for my taste.
In my case I have fully static IPv6 address on torrent host … I can afford it as I have static prefix. So my torrent firewall rules look similar to what you constructed, only with added dst-address.
To be honest I don’t know how to properly construct an IPv6 firewall filter with “a moving target”. A well behaved UPnP should help here, I wonder if IPv6 implementations are decent? A full featured DHCPv6 server on ROS would help as well.
Well, still bad news…
Even with firewall rules the issue is there. So, the problem isn’t in that.
My ISP offers a static IP address for a fee. Not sure it includes a static IPv6 prefix too, might be IPv4 only. But even with static prefix I doubt the issue will be fixed.
Mikrotik’s UPnP doesn’t add any rules to IPv6 firewall. And it is placed under IP(v4) section which is kinda obvious.
It isn’t a secret that IPv6 implementation in ROS isn’t complete and don’t follow several RFC’s.
Anyway, if you have no issues while using quite the same setup, maybe there’s something wrong with my Mikrotik on hardware level? Now, after my experiments, I can’t have stable working system even for 5 minutes without losing my LAN connections whenever I have torrent app running. Even have no idea what triggers that now. Had to reboot the router 3 times during writing this post.
So as I can see, my ‘workaround’ in this case is disable IPv6 whenever I wanna use torrents.
Even tried to re-flash the router using netinstall.