RouterOS v5.7 released

ste · September 16, 2011, 5:41am

I’ve seen this. Vanished after a while. Please send to support@mikrotik.com
If you can reproduce it.

martini · September 16, 2011, 6:05am

This performance only fo routerboard ? or for x86 ? or fo both platform ? And what is simple configuration - only one default route or full BGP table without firewall ?

macgaiver · September 16, 2011, 6:28am

I think there is only one way to find out for sure - write down CPU loads and throughput with v5,6, upgrade and write down more, then compare. Post results in forum.

Beccara · September 16, 2011, 6:50am

That really doesnt say much, Are you inferring that DHCPv6 is in 5.7, You might wanna add DHCPv6 to the changelog if it is! What about DHCPv6-PD, Still in 5.8 or is it in 5.7?

normis · September 16, 2011, 6:51am

It says that we have started to write the manual about it, so it’s very close. v5.8 will have it.

Chupaka · September 16, 2011, 7:25am

xD 16+32=46 - IPv6 is so difficult…

elgo · September 16, 2011, 8:34am

Is it me, or didn’t I read this type of fix recently in a changelog of a previous release? (some console and ssh crash related issue)

Nah, I’m not complaining, I just thought when reading this “hey, they fixed frontstab again”, but then I remembered Valve is not latvian

ste · September 16, 2011, 8:44am

Finished testing for 5.7 waiting for 5.8:

Just tested one CPE to AP in lab.

Connections hang in all modes (801.11/nstreme/nv2) when there is interference.
Connection is up but no traffic. After a while connection drops and comes back up.
Interference is generated by an ap 4m distance with 10db lower power without a cpe
connected. I’m not sure this is a wireless problem as the connection stays up for a while
while pings do not pass.
ping suddenly did not work from CPE to AP. I have to enter source ip. Looking at
packets CPE has chosen the wrong (ethernet IP) to send packets over wlan1
dhcp sometimes hog cpu
Winbox crashes on win7
CPE crashes and needs a power cycle

CPE is RB711-5Hn-MMCX, AP is RB411AH with R52nM chain1+2 enabled.

I’ve only done ping and bandwidth test between CPE and AP and change protocols
between 802.11,nstreme and nv2. Testing 20MHz Channel, 5GHz-A/N, no rate settings.
security profile wpa2 PSK. AP bridges between wlan1 and ether1.

After the CPE crash I stopped …

May be someone at MT should do some testing. I dont think I’ve done extensive tests
to run into a lot of problems.

normis · September 16, 2011, 8:52am

my opinion - something is really wrong with your setup, or hardware. it’s not normal that you are the only one with problems all the time.

zanetti · September 16, 2011, 9:24am

I installed 5.7 on two routers which are connected with a wireless bridge.

The core router is an RB1100 which has about a dozen vlans. After rebooting the RB1100 the device was unresponsive. I drove down to the NOC and found that the ethernet port connecting the wireless bridge to my house did not have a link. This specific port was set up static as 100/full and would not reconnect to the 100/full wireless bridge until I disabled and re-enabled the port.

After restoring access to the router, I noticed that the CPU utilization was pegged at 100%. At that point I forwarded a supout to support, then downgraded to 5.6. No problems there.

When I arrived back home I logged into my RB493. That also was pegged at 100% CPU utilization. I have not downgraded it back to 5.6 yet.

Hope this helps!

ste · September 16, 2011, 10:03am

May be I'm the one wining more than some others. But following this thread I read that I'm not the only one
with problems:

The problems in the bridge mode RB433AH been fixed?
I disable snmp and random lockups stop
Found another nv2 bug I could not fix. When I downgraded to 5.4 all my customers were stable
some snmp problems.

My setup is quite simple and always the same on some hundred cpes. Find config below.
In short it does DHCP Server on LAN, NAT and gets an IP on wlan1.

AP bridges wlan1 and ether1. CPE gets wlan IP from Routerboard to which the AP is connected
on ether1 (RB450G, RB1100, ...).

When I do lab testing I take an AP, CPE from the shelf, update to the newest version (including FW),
connect my LAP to the CPE the AP to my office LAN, do bandwidth tests and use this connection for
a while for emailing/surfing/.. to see how it behaves. To see interference behavior I start a second
AP in some distance on the same/nearby channel with different power levels and watch what happens
while doing bandwidth tests.

So nothing special here.

I just post my observations ...

Why I am whining: Crashing CPEs would give me a crazy lot of phone calls and a really bad time.
May be it's a hardware fault but it is not likely as I took the same CPE for my last tests
without crashing.

To make it clear: ROS is the best system building a Wisp and I like it very much. I dont want
to talk it down. I am happy if someone on the list warns on things that dont work so he
saves me the time running into the same problems.

So what I wanted to say: I dont think 5.7 is ready for prime time now.

############ CPE Config #######
/ interface wireless security-profiles
add name="security" mode=dynamic-keys authentication-types=wpa2-psk
unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key=""
wpa2-pre-shared-key="xxxxxx"
eap-methods=passthrough tls-mode=no-certificates
tls-certificate=none static-algo-0=none static-key-0="" static-algo-1=none
static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none
static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none
static-sta-private-key="" radius-mac-authentication=no group-key-update=5m

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no
antenna-gain=18 area="" arp=enabled band=5ghz-a/n basic-rates-a/g=6Mbps
basic-rates-b=1Mbps comment="" compression=no country=germany
default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=
0 default-forwarding=yes dfs-mode=radar-detect disable-running-check=no disabled=
no disconnect-timeout=3s frame-lifetime=0 frequency=5180 frequency-mode=
regulatory-domain hide-ssid=no ht-ampdu-priorities=0 ht-amsdu-limit=8192
ht-amsdu-threshold=8192 ht-basic-mcs=
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-extension-channel=
above-control ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,
mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12
,mcs-13,mcs-14,mcs-15" ht-txchains=0 hw-fragmentation-threshold=disabled
hw-protection-mode=none hw-retries=8
l2mtu=2290 mode=
station mtu=1500 name=wlan1 on-fail-retry-time=100ms
periodic-calibration=default periodic-calibration-interval=60
preamble-mode=both proprietary-extensions=post-2.9.25
rate-set=default scan-list=default security-profile=security ssid=myssid
station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=
1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default update-stats-interval=
disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=
100 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled
wireless-protocol=any nv2-security=enabled nv2-preshared-key=
xxxxxxx

/ ip pool
add name="home" ranges=192.168.0.2-192.168.0.254
/ ip upnp
set enabled=yes allow-disable-external-interface=no show-dummy-rule=yes
/ ip upnp interfaces
add interface=ether1 type=internal disabled=no
add interface=wlan1 type=external disabled=no

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 servers=x.x.x.x,y.y.y.y

/ip address print
/ip address remove 0

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255
interface=ether1 comment="" disabled=no
/ ip neighbor discovery
set ether1 discover=yes
set wlan1 discover=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment=
"phone" disabled=yes
dst-port=5004-5009,5060-5069,7077-7087,10000 in-interface=wlan1 protocol=
udp to-addresses=192.168.0.254
add action=masquerade chain=srcnat comment="" disabled=no out-interface=wlan1
/ ip firewall filter
add chain=input action=accept src-address=192.168.0.0/16 comment=""
disabled=no
add chain=input action=accept src-address=213.185.128.0/19 comment=""
disabled=no
add chain=input action=drop comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s
tcp-established-timeout=1d tcp-fin-wait-timeout=10s
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
tcp-syncookie=no
/ ip dhcp-client
add interface=wlan1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes
comment="" disabled=no
/ ip dhcp-server
add name="server1" interface=ether1 lease-time=3d address-pool=home
bootp-support=static authoritative=yes disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=192.168.0.0/24 comment="" dns-server=192.168.0.1
gateway=192.168.0.1 netmask=24

\

access for tool

/ip service enable api
/user group add name="apigroup" policy="read,winbox"
/user add name="apiuser" group="apigroup" password="xxxxx"
/ip firewall filter add chain=input protocol=tcp dst-port=8728
in-interface=!ether1 action=drop place-before=0

\

Detect Fritzbox

/system scheduler
add comment="" disabled=no interval=0s name=fritzSchedule on-event=fritz
policy=reboot start-time=startup
/system script
add name=fritz policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="
{\r
\n:delay 10s;\r
\n:local avmMacAdr [:toarray ("00:04:0E","00:15:0C","00:1A:4F","00:
1C:4A","00:1F:3F", "00:24:FE","BC:05:43")]; \r
\n:local isFritz "false";\r
\n\r
\n#a sagt wieviele dyn. und eventuelle FritzBox Eintraege es gibt\r
\n#b wieviele stat. FritzBox Eintraege es gibt\r
\n:local a [/ip dhcp-server lease print count-only where host-name~"Fritz
|fritz" and dynamic=yes];\r
\n:local b [/ip dhcp-server lease print count-only where dynamic=no and co
mment~"FritzBox"];\r
\n\r
\n\r
\n:log info "Es gibt $a dynamische Leases namens Fritz";\r
\n:log info "Es gibt $b statische Leases namens Fritz";\r
\n########################################################################
###################################################\r
\nif ($a>1) do={:log info "Script wird beendet, da mind. zwei FritzBox G
eraete angesteckt sind"} else={\r
\n########################################################################
###################################################\r
\nif ($a=1 and $b=1) do={:log info "1 statisch eingetragene FritzBox vo
rhanden, sowie ein weiterer Fritz Host-Name -> Eventuell wird FritzBox get
ausch";\r
\n:local mac [/ip dhcp-server lease get [find host-name~"Fritz|fritz" an
d dynamic=yes] mac-address]; :put $mac;\r
\n\r
\n\r
\n:local submac [:pick $mac 0 8];\r
\n\r
\n#falls die Mac Adresse des Hosts im avmMacAdr Array vorkommt -> setze is
Fritz auf true\r
\n\r
\n:for i from=0 to=([:len $avmMacAdr]-1) do={ :if ($submac=[:pick $avmM
acAdr $i]) do={:set isFritz "true"}}\r
\n\r
\n:if ($isFritz!="true") do={:put "Keine Fritzbox, lediglich Username
Fritz -> exit"} else={\r
\n:log info "Erstelle NAT-Regel fuer FritzBox!";\r
\n\r
\n#loesche nun statischen DHCP-Server Lease und NAT-Rule der vorherigen Fr
itzBox\r
\n:local oldMac [/ip dhcp-server lease get [find comment~"FritzBox" and
dynamic=no] mac-address]; \r
\n\r
\n#finde den alten NAT sowie DHCP Lease Eintrag anhand der MAC-Adresse des
_alten Geraets, welche als Kommentar mit angegeben wurde und loesche dies
e\r
\n/ip firewall nat remove [find comment~"$oldMac"];\r
\n/ip dhcp-server lease remove [find comment~"$oldMac"];\r
\n\r
\n\r
\n#Mache neue FritzBox statisch und setze einen Kommentar versehen mit der
_MAC-Adresse\r
\n/ip dhcp-server lease make-static [/ip dhcp-server lease find host-name~
"Fritz|fritz" and dynamic=yes];\r
\n/ip dhcp-server lease comment [find host-name~"Fritz|fritz"] "$mac -\

statisch FritzBox";\r
\n\r
\n#erstelle NAT Regel \r
\n:local q [/ip dhcp-server lease get [find host-name~"Fritz|fritz" and
comment~"$mac"] address]; \r
\n/ip firewall nat add chain=dstnat action=dst-nat to-addresses=$q to-por
ts=0 protocol=tcp in-interface=wlan1 dst-port=!8291 comment="$mac NAT-Ru
le FritzBox";\r
\n}\r
\n}\r
\n########################################################################
####################################################\r
\nif ($a=1 and $b=0) do={:log info "Fritz Host-Name als dynamischer DHC
P Lease vorhanden -> schaue ob FritzBox";\r
\n\r
\n:local mac [/ip dhcp-server lease get [find host-name~"Fritz|fritz" an
d dynamic=yes] mac-address]; :put $mac;\r
\n:local submac [:pick $mac 0 8];\r
\n\r
\n#falls die Mac Adresse des Hosts im avmMacAdr Array vorkommt -> setze is
Fritz auf true\r
\n\r
\n:for i from=0 to=([:len $avmMacAdr]-1) do={ :if ($submac=[:pick $avmM
acAdr $i]) do={:set isFritz "true"}}\r
\n\r
\n:if ($isFritz!="true") do={:put "Keine Fritzbox, sondern lediglich U
sername Fritz -> exit"} else={\r
\n:log info "FritzBox vorhanden -> Erstelle NAT-Regel fuer FritzBox!";\r
\n\r
\n:local natRule [/ip firewall nat print count-only where comment~"$mac
"];\r
\n:if ($natRule>0) do={:log info "NAT-Regel bereits vorhanden" } else={
\r
\n\r
\n#mache FritzBox statisch\r
\n:local d [/ip dhcp-server lease get [find host-name~"Fritz|fritz" and
dynamic=yes] address];\r
\n/ip dhcp-server lease make-static [/ip dhcp-server lease find address=$
d and dynamic=yes];\r
\n/ip dhcp-server lease comment [find host-name~"Fritz|fritz"] "$mac -
statisch FritzBox";\r
\n\r
\n/ip firewall nat add chain=dstnat action=dst-nat to-addresses=$d to-por
ts=0 protocol=tcp in-interface=wlan1 dst-port=!8291 comment="$mac NAT-Ru
le FritzBox";\r
\n/ip firewall nat add chain=dstnat action=dst-nat to-addresses=$d to-por
ts=0 protocol=udp in-interface=wlan1 dst-port=!8291 comment="$mac NAT-Ru
le FritzBox";\r
\n\r
\n########################################################################
####################################################\r
\n}\r
\n}\r
\n}\r
\n}\r
\n}"

!!!! Change here !!!!

/ interface wireless set wlan1 antenna-gain=18 radio-name="c334"
/ system identity set name="c334"

/interface wireless print
/interface ethernet print
############################

richinuk · September 16, 2011, 10:06am

I’m getting a 0 byte file downloading the X86 ISO. Tried both Chrome and IE.

hellweiss · September 16, 2011, 11:00am

Whats so difficult to understand ?!? I’ve a performance gain on my RouterBoards with ROS 5.7.

One of them is e.g. a RB750 L2TP VPN Server. Connecting to the Mailserver and syncing my
Mailbox now works a lot faster.

Regards

vr2vdt · September 16, 2011, 12:09pm

I tried in factory default setting.
When “switch all port” is set to NO in 5.7, the CPU usage would go to high in dhcp package.
With the same setting in 5.6, CPU is ran around below 3 to 5.

normis · September 16, 2011, 12:11pm

of course using “switch” will decrease CPU load, as connections are not going through RouterOS, but switched directly.

mramos · September 16, 2011, 12:19pm

Hi …

I upgraded untill now only 3 boards:

RB411AR (ufl version, no voltage monitor series)
RB433
WRAP (Geode X86 266MHz)

The only issue untill now was the X86. It hung up after a couple of hours and was necessary to power cycle it. Now it’s up for 18h. Watchdog timer + auto supout was disabled (I even don’t know if this feature works on X86 the same way it does on RBs e.g. just HW watchdog)

Still waiting to upgrade the 433UAHs.

Regards;

WirelessRudy · September 16, 2011, 1:29pm

You are repeating yourself in making no sense statements. “Syncing my Mailbox now works a lot faster”?? Maybe there were less mail to process.

If you want to make a statement that something works much better you have to give some proper example.
Like; before 10Mb of mails took me 75 seconds and now 10Mb of mails take me only 55 seconds.

dallas · September 16, 2011, 2:06pm

Yes I did email them about it with the supout. They kept having me try 3 different revisions of the 5.7 and the last one also had an additional problem with NV2. I don’t want to bug my customers too much. I will take a break then come back and help you guys later. But it is very clear when I upgrade my 100+ aps to 5.7 with snmp enabled I have many many issues. I disable snmp and lots of problems go away. The routerboards that dont run NV2 never lock up with snmp. Just the aps with NV2 on it. Its almost like they are connected in some way. Anyways I am going to clear my head. Chat you guys later. I did create supouts on this topic.

troy · September 16, 2011, 2:11pm

Are you still considering improvements in VLAN management in both the switch and bridge?

Ticket#2011072966000478

I’ve nearly convinced everyone here that we don’t need to spend big money on Cisco switches when MT will do the trick, but not being able to restrict VLAN trunking without creating 2 rules per vlan is going to really slow things down.

brainy · September 16, 2011, 4:29pm

We also have this problem. I already sent supout file to support but they say the cannot find anything …