Community discussions

MikroTik App
 
jansat
just joined
Topic Author
Posts: 9
Joined: Tue Jul 09, 2013 1:33 pm
Location: Netherlands

Feature request for v7.x

Sun Feb 09, 2014 9:30 pm

Need a setting in routeros and userman to change the log writing.
I have setup a hotspot and userman but when a user connect to the hotspot userman write every minut a log I want to have the possibility for some logging to change the write time to disk or usb disk.
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Feature request for v7.x

Sun Feb 16, 2014 7:18 am

Directions for changing the settings for the log can be found here:
http://wiki.mikrotik.com/wiki/Manual:System/Log
Unfortunately, you can move the log to a USB device and that is documented here:
http://wiki.mikrotik.com/wiki/Manual:Store

You can move the log to a remote log server and you can use the not (!) feature (i.e. not the hotspot).
 
tfn220189
just joined
Posts: 5
Joined: Sun Feb 09, 2014 12:48 am

Re: Feature request for v7.x

Wed Mar 12, 2014 12:41 am

Have a chance to read more than 4096B of files using command strings
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Wed Mar 12, 2014 1:27 am

Let me just start my broken record...

It would be great for RouterOS 7 to have:
- IPSEC Virtual Tunnel Interfaces (Like Cisco/Juniper/Fortinet/Vyatta/Ubiquiti)
- Xauth + RADIUS support
- Encrypt/IPSEC Policy action
- VRF aware PPP
- VRF aware services (WinBox, SSH, DNS)
- RIPv2 as a PE-CE protocol (RIP instances)
- Make IPv6 loopback/ospf behavior the same as Cisco/Juniper
- Equivalents of the Cisco/JunOS commands:
show ip bgp vpnv4 vrf vrf-blah-wan neighbors 172.16.95.1 advertised-routes       (Routes advertised)
show ip bgp vpnv4 vrf vrf-blah-wan neighbors 172.16.95.1 received-routes (Routes received)
show ip bgp vpnv4 vrf vrf-blah-wan neighbors 172.16.95.1 routes          (Routes inserted)
- MPLS Fast Re-Route capability
- Routing filter action "Add to Address List"

Im sure the great team at Mikrotik are going to give us at least a couple of the above features :)
 
phil
just joined
Posts: 19
Joined: Fri Feb 15, 2013 7:27 pm

Re: Feature request for v7.x

Fri Mar 14, 2014 8:25 am

Can extend format of EOIP remote-address be a FQDN, not only IPv4?

Many thanks!!
 
User avatar
crtee
just joined
Posts: 13
Joined: Wed Nov 14, 2012 2:00 am
Location: Germany

Re: Feature request for v7.x

Fri Mar 14, 2014 9:40 am

It would be great for RouterOS 7 to have:
- IPSEC Virtual Tunnel Interfaces (Like Cisco/Juniper/Fortinet/Vyatta/Ubiquiti)
[...]
- Encrypt/IPSEC Policy action
- VRF aware PPP
- VRF aware services (WinBox, SSH, DNS)
+1 for all of those and I may add:
- Ability to create PPP interfaces in a specific VRF via RADIUS-Attribute
- full L2TP LAC functionality (for forwarding PPPoE sessions via L2TP)
- OSPFv3 for IPv6 and IPv4 address families
- maybe a longer evaluation period, 1 week or so, 24h just aren't enough sometimes for evaluation of some features.
 
User avatar
EMOziko
Member Candidate
Member Candidate
Posts: 129
Joined: Mon Aug 23, 2010 9:42 pm
Location: Georgia

Re: Feature request for v7.x

Sun Mar 16, 2014 7:29 pm

 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Mon Mar 17, 2014 3:54 am

- Ability to create PPP interfaces in a specific VRF via RADIUS-Attribute
- full L2TP LAC functionality (for forwarding PPPoE sessions via L2TP)
- OSPFv3 for IPv6 and IPv4 address families
- maybe a longer evaluation period, 1 week or so, 24h just aren't enough sometimes for evaluation of some features.
Haha, great minds. I should have been more specific on the PPP stuff, yes there should be support for specifying which VRF via a RADIUS VSA.

Im all for the longer eval period, but Mikrotik should introduce and enforce support contracts so they can make some money off RouterOS. They could offer 3 months support with each RouterBoard purchased and then require a valid support contract per device to be able to download updates, and to log tickets. Just like Cisco, Juniper, Fortinet do.

This would allow them to hire more developers, more support staff, and generally kick more ass.
 
enc
just joined
Posts: 16
Joined: Sun Feb 09, 2014 8:30 pm

Re: Feature request for v7.x

Wed Mar 19, 2014 1:24 pm

Interfaces für IPSEC-Tunnels. So that the IN-Interface in the Firewall-rules is not the WAN-Interface and we could better match the ipsec-traffic
 
dfroe

Re: Feature request for v7.x BGP advertise-inactive

Thu Mar 20, 2014 12:59 am

BGP option like Juniper "advertise-inactive".
At the moment it is not possible to advertise learned BGP routes to other BGP neighbors if that particular route is not in the active routing table because it is overriden by OSPF with better administrative distance.
Other bgp impementations (Cisco, Fortinet, Quagga) always advertise all learned BGP routes unless they are explicitly filtered out.
This advertise-inactive option is vital for setups where you run OSPF and iBGP within your AS and redistribute BGP into OSPF.
 
szastan
newbie
Posts: 35
Joined: Sat Aug 06, 2011 7:44 pm
Location: Gdansk, Poland
Contact:

Re: Feature request for v7.x BGP advertise-inactive

Thu Mar 20, 2014 1:08 pm

BGP option like Juniper "advertise-inactive".
At the moment it is not possible to advertise learned BGP routes to other BGP neighbors if that particular route is not in the active routing table because it is overriden by OSPF with better administrative distance.
Other bgp impementations (Cisco, Fortinet, Quagga) always advertise all learned BGP routes unless they are explicitly filtered out.
This advertise-inactive option is vital for setups where you run OSPF and iBGP within your AS and redistribute BGP into OSPF.
+1, apart from that, in my opinin MikroTik should complement its BGP implementation, for example on displaing routing paths. Without that, operators wouldn't be happy to put CCR's in core.
 
maxspeed
newbie
Posts: 27
Joined: Mon Dec 17, 2012 3:19 am

Re: Feature request for v7.x

Mon Mar 24, 2014 1:45 pm

Hi,

It would be a must for mikrotik products ....

please could you add 6RD (ipv6 rapid deployment) available for many ISP :-)

Thank you

maxspeed
 
User avatar
NathanA
Forum Veteran
Forum Veteran
Posts: 829
Joined: Tue Aug 03, 2004 9:01 am

Re: Feature request for v7.x

Tue Mar 25, 2014 6:37 am

Im all for the longer eval period, but Mikrotik should introduce and enforce support contracts so they can make some money off RouterOS. They could offer 3 months support with each RouterBoard purchased and then require a valid support contract per device to be able to download updates, and to log tickets. Just like Cisco, Juniper, Fortinet do.
I strongly, strongly disagree. Although things are far from perfect in MikroTik land and there are clearly some shortcomings with the current support infrastructure and things they could do to improve it, I would argue that the fact that MikroTik doesn't do business "just like Cisco (*gak!*), Juniper, Fortinet do" is exactly one of the reasons why they already "kick ass". Mandatory support contracts would remove one of MikroTik's core competitive advantages. MikroTik should not aspire to be like Cisco (gag me with a spoon), but rather to disrupt Cisco's own business model and perhaps eventually make them irrelevant.

Here's the thing: enterprise support sucks. And we all know it, so why do we enable businesses to practice this sleazy model by rolling over for them instead of challenging it at the customer level (vote with your wallets, people) and at the business level (as MikroTik, thankfully, seems to be doing)? The reason why it sucks is because it lumps in bug reporting and bug fixing with "how do I use your product?" type questions, even though these two types of support tickets are fundamentally different things. Now, I know why most of these companies do it: it is an additional (and often lucrative) revenue stream, it locks the customer in even more, and 90% of the time, people who think they've found a bug are wrong and are just being idiots and not using the product correctly, so these companies might as well charge everybody for support and assume most tickets are not going to be defect reports to start with. Also, companies like Cisco et al. make 99% of their sales to enterprises that need their product in order to even run their business (ISPs, etc.), so it's worth it to them to pay whatever it takes to ensure that Cisco is responsive to them and their needs.

But as a customer, it makes me livid when companies do this, because it essentially penalizes customers who have been legitimately impacted by an actual software bug. It essentially amounts to extortion. Now of course end-users are responsible for their own idiocy, so, sure: go ahead and charge customers to answer their non-defect-related tickets. That's fair game. But charging me, the customer, to fix your own error? That's low. Bug fixes should be free: I bought and paid for this product that you advertized as being able to do X, Y, and Z, but Y is broken because of something wrong that your engineers did and which got shipped because of a lack of sufficient testing and QA on your part, and you're telling me that I now need to pay an additional sum on top of what I already paid in order to gain access to the update that fixes the problem and which actually makes feature Y usable? Where I come from, that's called "bait and switch", and if I bought your product specifically because it had feature Y in it, then you can bet I'm going to be mad as hell when a company responds this way. It also pisses me off to no end when a company tells me that I need to have a paid support contract in place in order to talk to anyone, even if what I'm doing is trying to help both them and myself by demonstrating to them a defect in their own product. You're going to charge ME for the privilege of telling you about YOUR mistake? I don't think so.

MikroTik doesn't pull this kind of crap, and it's one of the reasons why I continue to find myself an advocate for them and their products even when we hit rough patches (and, believe me: we have had our share of them). In fact, not only is MikroTik good about not doing this very thing, but they take the exact opposite approach: they often reward people who report legitimate issues! Imagine that! The last time I found a bug, I spent a good deal of time (hours) replicating the problem in a lab environment, putting together an absolute minimum config that the bug can be reproduced with along with a detailed description of the symptoms, the underlying problem, and how to reproduce the issue, and sent that to MikroTik support, and after they verified my findings, they rewarded me with a gratis RouterOS license key! Now that's a class act! (Oh, and they didn't try to charge me for the fix they developed for the problem, either.)
This would allow them to hire more developers, more support staff, and generally kick more ass.
I have no problem with MikroTik making money, or wanting to find additional ways to make money. In fact, I very much want them to make money and grow their staff and generally be successful and keep on "kicking ass": after all, given how much we use their product, it's in my interest that they be successful, since when they are successful, we are also successful. However, enforcing mandatory support contracts for any kind of communication with your staff or access to any software updates is absolutely not the right way to increase revenue, nor is it a way to endear yourself to me.

There are a lot of legit not-scummy-and-yet-untapped ways of making additional money that I can think of for MikroTik to pursue. Some of them seem painfully obvious to me, and I have to think that these ideas have also occurred to MikroTik but that they have decided not to pursue them for one reason or another. Here are a couple of off-the-top-of-my-head examples:

1) Start charging people again for major version upgrades (e.g., 6.x -> 7.x). I actually have no problem with this: I should be paying for new features. It's just the minor point-releases within a given series (6.1 -> 6.2) that I have a problem with being charged for, since 99% of these are strictly maintenance/bugfix releases. I think that officially, it is MikroTik's policy that you can only upgrade so far before you need to pay for a new license, but ever since they switched from the time-based licenses (remember those?) to the version-based ones, which happened around the end of the 2.9.x series, they have (to my knowledge) never enforced this licensing policy: every time (and I mean EVERY time) we have upgraded to the next major version on a router where the "upgradeable-to" field of the license says that this should be the last major version series we can use, after the upgrade has finished, that number has ALWAYS gone up. So ever since the 2.8.x days have passed, we have never needed to purchase new licenses on any of our routers to upgrade to the next major version that I can remember. I think it is crazy-generous of MikroTik to do this, and I don't take it for granted, and I'm surprised it has gone on for this long, to be honest.

2) Offer support contracts for premium, PRIORITY support, but don't require them of anybody or make having one mandatory to access software updates you are entitled to/licensed for (minor point-upgrades). If MikroTik offered this, believe it or not, we would be first in line to buy! I have no problem with the concept of paying extra for priority/front-of-the-line support, with guaranteed rapid response and faster ticket turnaround times (or even prioritizing my defect reports and fixes above defect reports filed by people who don't have a priority support contract); I just have a problem with feeling like I'm being coerced into paying somebody to correct their own errors. Several years back, there were a couple of show-stopping RouterOS bugs that we were being severely impacted by and which caused us to lose a lot of goodwill with our own customers on account of the network instability that they caused. We filed ticket after ticket, but responses were slow to come and the problems weren't really being addressed in a timely manner. I understand why today MikroTik can't prioritize our needs above those of other customers when they don't have such a product, but if some customers are willing to pay extra to be helped first, I don't think that's something that MikroTik should ignore. There is a legitimate need for that kind of thing, and companies that can't afford the downtime caused by a software defect absolutely will go to Cisco instead because they will be able to get that kind of support from them (the one advantage to that model).

MikroTik actually used to have a paid support contract option SEVERAL years ago, and it even included support by telephone! But for unknown reasons that they never (to my knowledge) bothered to explain, they got rid of it. It was called the Extended Support Program (ESP), and they killed it around the time they started their certification program...now they just point you at certified MikroTik consultants in your area instead if you need "same-day support", but of course certified consultants don't have greater access to the engineering teams to file bug reports with than I do already as a regular customer. So having certified consultants is not really a sufficient replacement for this program. I'd love it if MikroTik were to bring back the ESP, or something like it.

-- Nathan
 
kellogs
Member Candidate
Member Candidate
Posts: 114
Joined: Sun Jan 04, 2009 10:55 am

Re: Feature request for v7.x

Tue Mar 25, 2014 2:07 pm

multi core bgp
"show ip bgp route" command and process it faster than the current one
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request for v7.x

Tue Mar 25, 2014 2:24 pm

Thanks for the great post, Nathan!

As for the ESP program. We don't outsource our support staff, so when people called us, they were calling our Latvian office, not some guys in a 3rd world country. We decided that questions are much quicker answered if we have the config in front of us, and when the customer has summarized his issues. The average phone call took more than an hour. Not many people could be helped with this approach.
 
nosovk
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Jan 25, 2012 11:25 am
Location: Ukraine
Contact:

Re: Feature request for v7.x

Tue Apr 15, 2014 2:10 pm

It would be good to upgrade linux kernel, to have betetter support on VMware ESXi, and to start work in HyperV.
Nowdays we often connect offices via vpn+ospf, but there is no WINS server support in ROS to connect samba shares seamless between offices.
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request for v7.x

Wed Apr 16, 2014 3:52 pm

MacSec and SecureID support in RouterOS for future products with compatible interfaces/PHY.
as mainstream "a must" L2 security thing for both copper and wireless interfaces.
 
timteka
just joined
Posts: 3
Joined: Wed Dec 14, 2011 11:41 am

Re: Feature request for v7.x

Fri Apr 18, 2014 2:10 pm

Firewall based url filtering - the only thing I lack in Mikrotiks.
Up to 36 cores with plenty of RAM and still the need to have Squid for that. Are you kidding on me? :-)
 
andersonlich
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Feb 26, 2009 1:05 pm

Re: Feature request for v7.x

Tue May 06, 2014 12:50 pm

i hope release v7.x it will be support for:
# RFC 4818, was RFC-ietf-radext-delegated-prefix-05.txt
ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix


:)
 
fernandolcx
newbie
Posts: 47
Joined: Fri Sep 06, 2013 6:51 pm

Re: Feature request for v7.x

Thu May 08, 2014 1:17 am

Allow grouping/categorization of stuff (NAT rules, static routes, etc) in WinBox for better organization. Searching for specific rules in middle of dozens/hundreds takes a lot of time (with the risk of picking up the wrong one). Rule comments only worsens the situation.
 
Fil0sOFF
just joined
Posts: 2
Joined: Thu Nov 28, 2013 10:24 am

Re: Feature request for v7.x

Sun May 11, 2014 11:59 pm

Please add ND Proxy support (RFC 4389) in v7.
It is the essential feature for ipv6 users.
 
radman3000
just joined
Posts: 9
Joined: Thu Nov 01, 2012 11:49 am

Re: Feature request for v7.x

Mon May 12, 2014 2:35 pm

Policy Based Routing for IPv6.

Seriously how is this missing?
 
AlexS
Member Candidate
Member Candidate
Posts: 272
Joined: Thu Oct 10, 2013 7:21 am

Re: Feature request for v7.x

Tue May 13, 2014 5:25 am


2) Offer support contracts for premium, PRIORITY support, but don't require them of anybody or make having one mandatory to access software updates you are entitled to/licensed for (minor point-upgrades). If MikroTik offered this, believe it or not, we would be first in line to buy! I have no problem with the concept of paying extra for priority/front-of-the-line support, with guaranteed rapid response and faster ticket turnaround times (or even prioritizing my defect reports and fixes above defect reports filed by people who don't have a priority support contract); I just have a problem with feeling like I'm being coerced into paying somebody to correct their own errors. Several years back, there were a couple of show-stopping RouterOS bugs that we were being severely impacted by and which caused us to lose a lot of goodwill with our own customers on account of the network instability that they caused. We filed ticket after ticket, but responses were slow to come and the problems weren't really being addressed in a timely manner. I understand why today MikroTik can't prioritize our needs above those of other customers when they don't have such a product, but if some customers are willing to pay extra to be helped first, I don't think that's something that MikroTik should ignore. There is a legitimate need for that kind of thing, and companies that can't afford the downtime caused by a software defect absolutely will go to Cisco instead because they will be able to get that kind of support from them (the one advantage to that model).

-- Nathan
Yes, yes

It would be good to upgrade linux kernel, to have betetter support on VMware ESXi, and to start work in HyperV.

yes yes yes yes please please please, there is an open source package, just compile against your source tree. and support vmxnet3.

Then I can get my 10G
 
EnigmAX
just joined
Posts: 18
Joined: Tue May 20, 2014 9:49 pm

Re: Feature request for v7.x

Mon May 26, 2014 4:12 pm

Hi,

It would be a must for mikrotik products ....

please could you add 6RD (ipv6 rapid deployment) available for many ISP :-)

Thank you

maxspeed
I've sent an e-mail to support@mikrotik.com asking for more information.
The official reply I got was:
from: MikroTik support [Janis Krumins] <support@mikrotik.com>
date: Fri, May 23, 2014 at 3:34 PM

Hello,

currently RouterOS does not support 6rd. It is not scheduled anytime soon.

Regards,
Janis Krumins
 
nexgenappliances
just joined
Posts: 1
Joined: Wed May 28, 2014 4:49 am

Re: Feature request for v7.x

Wed May 28, 2014 4:52 am

+1 to the kernel upgrade. We need support for Intel i210 network interfaces!
 
marrold
Member
Member
Posts: 427
Joined: Wed Sep 04, 2013 10:45 am

Re: Feature request for v7.x

Thu May 29, 2014 4:02 am

Mikrotik should introduce and enforce support contracts so they can make some money off RouterOS. They could offer 3 months support with each RouterBoard purchased and then require a valid support contract per device to be able to download updates, and to log tickets. Just like Cisco, Juniper, Fortinet do.

This would allow them to hire more developers, more support staff, and generally kick more ass.
I would genuinely consider this if it was affordable.
 
presianbg
just joined
Posts: 10
Joined: Mon Jun 02, 2014 7:38 am

Re: Feature request for v7.x

Wed Jun 04, 2014 4:00 pm

My suggestion for the future release is that :

OpenVPN client whith options for only certificate authentication. Many Linux OpenVPN servers are based only on certificates.

GOOD LUCK AND CHEERS !
 
infused
Member
Member
Posts: 313
Joined: Fri Dec 28, 2012 2:33 pm

Re: Feature request for v7.x

Wed Jun 11, 2014 12:27 pm

I disagree that enterprise support sucks.

Support can make or break your business. I'm willing to bet that if you are this way inclined, your business is rather small.

IMO Mikrotik need to offer some type of enterprise support. Otherwise it makes products like their 'carrier grade' products worthless.
Thanks for the great post, Nathan!

As for the ESP program. We don't outsource our support staff, so when people called us, they were calling our Latvian office, not some guys in a 3rd world country. We decided that questions are much quicker answered if we have the config in front of us, and when the customer has summarized his issues. The average phone call took more than an hour. Not many people could be helped with this approach.
That's why you charge for it and hire more people.

VMware and Cisco ring me in a matter of minutes if it's a critical failure. Hours if it's just high priority.

I couldn't run my business without this, why is why Mikrotik is not really used within our core, only at customer sites.

Don't get me wrong. I love the gear, it just needs better support. Generally it takes Mikrotik two weeks to come back to me with a support request. The answer is pretty much always "update to the newest version". Then I never get a response back. That's fine when I'm not paying for support, but there needs to be an option.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request for v7.x

Wed Jun 11, 2014 12:35 pm

Such things take time. You want us to grow from a 100 people company to Microsoft in a matter of weeks.
 
infused
Member
Member
Posts: 313
Joined: Fri Dec 28, 2012 2:33 pm

Re: Feature request for v7.x

Wed Jun 11, 2014 12:44 pm

Not at all...

It would just be nice to know it's on the cards somewhere down the line. Mikrotik are getting in to Juniper and Cisco territory now with the CCR's. It seems only fitting.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Wed Jun 11, 2014 12:50 pm

Such thinks take time. You want us to grow from a 100 people company to Microsoft in a matter of weeks.
Nobody expects that (well maybe a few people)

Changing the whole company overnight is not possible, but maybe incremental steps towards a better support model will keep people happy.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request for v7.x

Wed Jun 11, 2014 1:31 pm

Of course we always keep improving in all areas. It's only a question of "how" we will improve, not "if" :)
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: Feature request for v7.x

Wed Jun 11, 2014 8:15 pm

It's only a question of "how" we will improve, not "if" :)
Normis, that last statement is fit for a corporate motto.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Wed Jun 11, 2014 9:54 pm

It's only a question of "how" we will improve, not "if" :)
Normis, that last statement is fit for a corporate motto.
+1

:)
 
pilman
just joined
Posts: 1
Joined: Sun Nov 07, 2010 4:15 pm

Re: Feature request for v7.x

Fri Jun 13, 2014 6:02 pm

1. RouterOS 64Bit version for x86

2. Powerfull Web Proxy ( HTTPS and Video Caching)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11960
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Feature request for v7.x

Fri Jun 13, 2014 8:33 pm

1. RouterOS 64Bit version for x86

2. Powerfull Web Proxy ( HTTPS and Video Caching)

1 :lol: not 64bit version for x86, but 64bit for 64bit...
64bit for what do more than x86? Memory limit 2GByte (RouterOS) or 4GByte (x86) is not sufficent for work...?

2 use squid or other, actual model of routerboard are not good for proxy, but for routing...
I made some research about caching on HTTPS, on my country (and I think obviously some others) are illegal because you broken SSL security and the users and the destination server do not know that...
 
andlommy
just joined
Posts: 22
Joined: Tue Feb 12, 2013 12:14 am

Re: Feature request for v7.x

Sat Jun 28, 2014 12:14 pm

I know what the answer for this is going to be, but it's just to show that the issue is not getting anywhere even if you pretend it does not exist and people still need it.

OpenVPN version update
OpenVPN support for UDP
OpenVPN support for LZO

In openWRT running in MetaRouter it's way too slow
 
sinisa
just joined
Posts: 20
Joined: Sun Apr 17, 2011 12:46 am

Re: Feature request for v7.x

Fri Jul 18, 2014 8:37 pm

I know what the answer for this is going to be, but it's just to show that the issue is not getting anywhere even if you pretend it does not exist and people still need it.

OpenVPN version update
OpenVPN support for UDP
OpenVPN support for LZO

In openWRT running in MetaRouter it's way too slow

+1000 for UDP


Best regards,
Siniša
 
iluvar
newbie
Posts: 29
Joined: Sat Aug 04, 2012 9:31 am

Re: Feature request for v7.x

Sat Jul 19, 2014 9:25 am

MSTP
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: Feature request for v7.x

Sat Jul 19, 2014 1:17 pm

I haven't read all suggestions, but a simple way of filtering the log view on routeros would be nice. A way to only see a curtain PREFIX f.ex from the logfile while its running.

in linux something like this.

tail -30f /var/log/syslog | grep -i FW-DROP-LOG-PREFIX1

or even better to see several things

tail -30f /var/log/syslog | egrep -i 'FW-DROP-LOG-PREFIX2|FW-DROP-LOG-PREFIX3'
 
23q
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Sep 02, 2010 2:54 pm
Location: Ukraine

Re: Feature request for v7.x

Sun Jul 20, 2014 11:40 am

 
User avatar
kometchtech
Member Candidate
Member Candidate
Posts: 194
Joined: Sat Jun 15, 2013 4:25 am
Location: Japan
Contact:

Re: Feature request for v7.x

Fri Jul 25, 2014 10:12 pm

We were also wrote below, please support IPv6 environment in Japan.
I am not even able to get for a hand to the user without this.

http://forum.mikrotik.com/viewtopic.php ... 88#p438726

We understand that it's a special situation, but please realize whether.

After that, I want you to also update the Kernel as SDN future measures.
And I want you to correspond to OpenvSwitch and OpenFlow1.3. OpenFlow is now very popular in Japan, to be able to use OpenFlow in CCR and cost-effective, because you can appeal strongly to the user.

Best regards.
Last edited by kometchtech on Fri Jul 25, 2014 10:18 pm, edited 1 time in total.
 
User avatar
kometchtech
Member Candidate
Member Candidate
Posts: 194
Joined: Sat Jun 15, 2013 4:25 am
Location: Japan
Contact:

Re: Feature request for v7.x

Fri Jul 25, 2014 10:15 pm

Please add ND Proxy support (RFC 4389) in v7.
It is the essential feature for ipv6 users.
+1

This function is mandatory in IPv6 environment in Japan.
 
cheeze
Member Candidate
Member Candidate
Posts: 146
Joined: Tue Jul 31, 2012 7:44 am

Re: Feature request for v7.x

Sat Jul 26, 2014 5:10 am

MPLS TE Fast Re-Route
MPLS TE Link Protection
MPLS TE Link-Node Protection
MPLS TE behavior similar to Cisco Class Based Tunnel Selection
MPLS TE Diffserv-Aware tunnels

MPLS Segment Routing extensions to OSPF/ISIS

ISIS

Multicast separation of RPF table calculation into individual routing table and all things involved with that
Multicast BSR fixes
Multicast Anycast-RP
Multicast MSDP

64-bit for x86

Fast-Path indicator on each interface. Which traffic handlers are enabled or not enabled.

Graceful Restart for OSPF/BGP/PIM/ISIS (if ever implemented)

BGP multicast address family

Cisco IP SLA/Juniper RPM functionality

LLDP and LLDP-MED with integration into SNMP
 
adrianlewis
just joined
Posts: 11
Joined: Tue Oct 14, 2014 6:09 pm

Re: Feature request for v7.x

Thu Oct 16, 2014 6:22 am

- Ability to create PPP interfaces in a specific VRF via RADIUS-Attribute
- full L2TP LAC functionality (for forwarding PPPoE sessions via L2TP)
BIG +1 from me on these two.

CCR Update presentation from MUM US '14 suggests improvements (complete rewrite?) to VRFs which sound like my other main request so hopefully with this effort we'll see VRFs given better support with regards to RADIUS VSAs.

Just need a bit more effort with L2TP to make it work better with Mikrotik customers that buy wholesale PPPoE/PPPoA DSL services from aggregators delivered as L2TP.
 
elgrandiegote
newbie
Posts: 40
Joined: Tue Feb 05, 2013 6:02 am
Location: Buenos Aires, Argentina

Re: Feature request for v7.x

Sun Nov 16, 2014 8:52 pm

I know what the answer for this is going to be, but it's just to show that the issue is not getting anywhere even if you pretend it does not exist and people still need it.

OpenVPN version update
OpenVPN support for UDP
OpenVPN support for LZO

In openWRT running in MetaRouter it's way too slow
+1000000
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Mon Nov 17, 2014 12:47 am

DHCP/RADIUS Improvements

- Use dhcp.dictionary for DHCP-Radius

- On DHCP renew check "running" settings against returned VSA's. If any VSA's have changed then update/add/remove relevant FIB/Queue/AddressList entries. On RouterOS 5/6 entries are added on a Request, then during renews only additional VSA's are actioned, any updated/removed ones are not reflected in the running configuration of the router.

- When running redundant DHCP servers/gateways (Authoritative Delay/Delay Threshold/VRRP), allow the option to have BOTH Authoritive and Non-Authoritive DHCP insert running settings from VSA's, this will allow the primary to fail and have the secondary take over with the same FIB/Queue/AddressList entries. Currently this does not work, if the primary DHCP Server/Gateway fails the Backup will become Master but none of the VSA settings will exist, and due to the above issue will never be created, causing a potential lack of service when running from the Backup router due to lack of FIB entries, or potential other issues due to lack of Queues or Address-List entries.

- Make default behavior of RADIUS VSA's on RouterOS compliant with RFC2865
 
conecting
newbie
Posts: 37
Joined: Sat Jul 12, 2014 11:38 pm

Re: Feature request for v7.x

Tue Nov 18, 2014 3:17 pm

Zero handoff roaming between capsman units,
Also wolud love to see load balancing also between bands from 2,4ghz to 5ghz as on aruba networks becouse now I have to buy really expensive Aruba acess points to do this.
 
riaanmaree
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Aug 31, 2006 10:42 pm
Location: Johannesburg, South Africa
Contact:

Re: Feature request for v7.x

Fri Nov 21, 2014 12:06 am

I also vote for more Radius-Attributes/Replies such as:
- local-address
- dns-server
- VRF/routing-table
 
Glaster
just joined
Posts: 1
Joined: Wed Nov 26, 2014 1:24 am

Re: Feature request for v7.x

Wed Nov 26, 2014 1:27 am

IKEv2 for IPSec
 
Starxcn
just joined
Posts: 6
Joined: Thu Nov 20, 2014 3:28 am

Re: Feature request for v7.x

Thu Nov 27, 2014 10:14 am

It would better if we can make the Webfig skins work better in V7.

Now there are bugs on particularly the Quick Set page.

I was configuring a RB951 for a client and I wanna give him only the right to change his guest network password on the Quick Set page when he logs in from Webfig. So I tick off all other pages. But then on the Quick set page there are ton of stuff to tick off. And they seem to come from different mode settings of the router. And even I tick them off, the page still wouldn't work properly.

Not sure if this is the right place to post about this. My apologies if I'm wrong...
 
Bonz123
just joined
Posts: 15
Joined: Tue Dec 02, 2014 8:26 pm
Location: LV

Re: Feature request for v7.x

Wed Dec 03, 2014 9:29 pm

Queues.
will be nice if in simple queue be possible add ip ''from-to'' like 192.168.3.10-192.168.3.64

Thanks.
 
Zvjer
just joined
Posts: 9
Joined: Tue Nov 25, 2014 3:28 pm

Re: Feature request for v7.x

Thu Dec 04, 2014 6:28 pm

IKEv2 for IPSec
I need this too for easy VPN from Windows Phone 8.1
 
jarda
Forum Guru
Forum Guru
Posts: 7755
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature request for v7.x

Fri Dec 05, 2014 8:50 am

It should be possible everywhere where ip address field is used as condition or restriction.
 
marcof
just joined
Posts: 16
Joined: Thu Dec 22, 2011 5:50 pm

Re: Feature request for v7.x

Tue Dec 09, 2014 12:59 pm

I actually just miss one "feature" in RouterOS 5/6 and it would be awesome to have this in 7: IPv6! .
The current state of IPv6 in RouterOS 6 is maybe partly usable for home users, soho applications, etc. But in no way is it safe or depending on the configuration even possible to use MirkoTik for service provider applications with more than one router.

The reason I put feature in "" is because you cannot name it feature when they officially support ipv6 and 50% of all protocols and services are not or only partly working for ipv6, then those are bugs!

Just to name some missing "features" / bugs in IPv6.
  • IPv6 bgp recursive next-hop. This is a must for any redundant IPv6 service provider backbone! static routes are no alternative!
  • ipv6 blackholing - there must be a way to blackhole the prefix I announce to my upstreams. I simply don't want any TTL exceeded and routing loops! unreachable routes are no alternative!
  • efficient ipv6 routing table lookups on cli (e.g. /ipv6 route print where dst-address=8.8.8.0/24)
  • testing of ipv6 functions and protocols prior to release! basic stuff like VRRP working in one release and then totally unusable in the next release.... come on...
besides IPv6 it would be really great to have working VRF implementation and be able to use it to separate the management plane from the production / customer traffic. currently there aren't any really VRF aware management services like ntp,netflow,ssh,winbox,etc.

In general, I really suggest that MikroTIk reconsider their strategy about software releases and pricing. I would be happy to pay 50% more for the bigger routers like CCRs and in return have a more stable software, means that they differ between bug fix releases and feature releases and also test and bugfix before a release. I mean I totally understand that new features sometimes show bugs not before production use, but stuff that's there for years and suddenly don't work in a 6.x release, come on, you can do this better!
 
2dfx
newbie
Posts: 26
Joined: Tue Mar 05, 2013 6:30 pm

Re: Feature request for v7.x

Tue Dec 16, 2014 2:00 pm

Pls Add functionality to NetWach like this:

Down script, if not available within X times.
Up script if available within Z times.
Now X and Z = 1.
 
mavin
just joined
Posts: 11
Joined: Tue Dec 16, 2014 1:24 pm

Re: Feature request for v7.x

Tue Dec 16, 2014 2:53 pm

- Support for SHA2 Hashs.
CAs starting to only hand out SHA2 certificates and browsers will drop SHA1 soon. I'm kinda wondering why this hasn't already been brought up...

- Openflow 1.3
This might be a bigger problem, but it would really be a big advantage being able to integrate RouterOS in SDN environments. I don't know anything about the code-base but maybe it's possible to add an ovs client and help them with the OF development?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7033
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature request for v7.x

Wed Dec 17, 2014 6:42 pm

You can already use sha256 and sha512 in ipsec phase1. Depending on requirements can be added to other facilities as well.
 
jocover
just joined
Posts: 3
Joined: Thu Dec 18, 2014 1:21 pm

Re: Feature request for v7.x

Thu Dec 18, 2014 1:23 pm

MAC Address List Support :D
 
mavin
just joined
Posts: 11
Joined: Tue Dec 16, 2014 1:24 pm

Re: Feature request for v7.x

Fri Dec 19, 2014 9:54 am

thanks mrz for the info.
I will give that a try. Since I won't have time this year I will give it a look next year.

What I currently need this (SHA2) for is for VPN connections (sstp, pptp, openvpn). Since October my CA only hands out SHA2 certificates.
 
piyokos
just joined
Posts: 9
Joined: Fri Mar 05, 2010 2:29 am

Re: Feature request for v7.x

Mon Dec 22, 2014 12:47 am

  • General - Updated Linux kernel with better support for new SoCs (Celeron J1900 barely works), updated drivers, etc
  • General - 64-bit x86 builds, it's 2014, going on 2015... no performance benefit to routing, but throw KVM users a bone
  • KVM - USB passthrough, so guests can act as bridges for USB peripherals that RouterOS does not support
  • DNS - Flag similar to DNSMASq's bogus-nxdomain, for misbehaving service providers
  • UPNP - Allow server to report a 'fake' external address to clients, for complex routing setups
  • SSH - Fail2ban equivalent, too much log spam
  • OpenVPN - UDP support, with fragment and mssfix, requested so many times the devs must think we're a broken record!
 
phil
just joined
Posts: 19
Joined: Fri Feb 15, 2013 7:27 pm

Re: Feature request for v7.x

Mon Jan 26, 2015 5:42 am

Please extend routing-mark amount limit more than 250.
 
User avatar
wagguRQ
just joined
Posts: 11
Joined: Sun Feb 01, 2015 9:00 am
Location: /RUSSIA/

Re: Feature request for v7.x

Tue Feb 03, 2015 7:07 pm

I would like that you will add a counter of errors (crc,drop,oversitse,collisions, e.t.c.).
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Feature request for v7.x

Wed Feb 04, 2015 10:23 am

I would really like to see graphing show comments with interfaces, queues on web.

JF
 
roli
just joined
Posts: 2
Joined: Wed Jun 28, 2006 9:49 pm

Re: Feature request for v7.x

Thu Mar 12, 2015 12:44 pm

Functionality such as DNETMAP in xtables
 
volga629
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Tue Nov 19, 2013 6:21 am

Re: Feature request for v7.x

Mon Mar 16, 2015 6:23 am

Hello Everyone,
Will be nice to see for RouterOS7

1. 802.11k 802.11r Fast Transition Roaming. Really useful in MAN areas.
2. Routed based vpn ipsec0 klips with libreswan. Better control over vpn traffic.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Mon Mar 16, 2015 9:52 am

2. Routed based vpn ipsec0 klips with libreswan. Better control over vpn traffic.
AKA IPSEC VTI (Virtual Tunnel Interface) support.

This one has been MUCH requested over the years. Hopefully we see it in RouterOS 7 :D
 
amindomao
just joined
Posts: 4
Joined: Tue Sep 23, 2014 9:57 am

Re: Feature request for v7.x

Thu Mar 26, 2015 10:05 am

"Add ARP For Leases" option in dhcp relay would be cool :)
 
eavictor
just joined
Posts: 4
Joined: Mon Sep 08, 2014 8:49 am

Re: Feature request for v7.x

Sun Mar 29, 2015 9:58 am

ADD admin announcement page in USERMAN

then we don't have to send e-mails to notice users every time we made changes.
 
Bas15
just joined
Posts: 11
Joined: Mon Mar 30, 2015 12:27 pm

Re: Feature request for v7.x

Mon Mar 30, 2015 7:23 pm

Would like to see SIIT support, which basically allows to remove IPv4 from internal networks and do DNS64/ NAT64 stateless translation on your edge devices.

https://tools.ietf.org/html/draft-ander ... c-2xlat-00
http://fud.no/talks/20150317-V6_World_C ... entres.pdf
http://jool.mx/

Also in: http://forum.mikrotik.com/viewtopic.php?f=2&t=95377
 
killersoft
Member Candidate
Member Candidate
Posts: 235
Joined: Mon Apr 11, 2011 2:34 pm
Location: Victoria, Australia

Re: Feature request for v7.x

Wed Apr 01, 2015 12:13 pm

+1 for 6rd support .

My isp only supports that at this point and I don't want a tunnel service like HE.
Regards
 
hngjared
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Dec 01, 2011 8:36 pm
Location: NYC USA

Re: Feature request for v7.x

Wed Apr 01, 2015 5:17 pm

It would be nice if there was an option for duration in the "traffic monitor" feature.

Be a great way yo automatically adjust b/w queues.

Also need to start allowing SSH and telnet to be run via scripts or schedulers. Would really make life a little easier on those of us who are administrating thousands of routerboards.

Make it happen MikroTik!
 
willbur
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Wed May 09, 2012 8:58 am

Re: Feature request for v7.x

Wed Apr 01, 2015 6:10 pm

MAC address lookup built in router
Improved Webfig customization (i.e. debranding, etc.)
Tiny web browser built into Mikrotik ROS?
Better Speed Test functionality (i.e. Netgear has speedtest.net functionality built in)
Better script to email functionality for password rotations in hotspot..... (i.e. once again customization, etc.)
The Dude update.....

I might be asking for too much, but that along with many other items are on my wish list.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature request for v7.x

Wed Apr 01, 2015 6:40 pm

Just to name some missing "features" / bugs in IPv6.
  • IPv6 bgp recursive next-hop. This is a must for any redundant IPv6 service provider backbone! static routes are no alternative!
  • ipv6 blackholing - there must be a way to blackhole the prefix I announce to my upstreams. I simply don't want any TTL exceeded and routing loops! unreachable routes are no alternative!
  • efficient ipv6 routing table lookups on cli (e.g. /ipv6 route print where dst-address=8.8.8.0/24)
  • testing of ipv6 functions and protocols prior to release! basic stuff like VRRP working in one release and then totally unusable in the next release.... come on...
+1

Years ago, Mikrotik was the first platform available to me and my company for alpha testing any IPv6 deployment strategies. (the Adtran CPE we were using previously didn't support it at all)

These days, though, ROS feels behind-the-curve on the IPv6 side of things.

My question for you Marcof - why is host unreachable an unacceptable alternative to blackhole routes?
Is it because this reduces ICMP "backscatter" from scans and such?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11960
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Feature request for v7.x

Sat Apr 04, 2015 2:26 am

Please add TCP traceroute
 
troffasky
Member
Member
Posts: 431
Joined: Wed Mar 26, 2014 4:37 pm

Re: Feature request for v7.x

Sun Apr 05, 2015 1:27 am

Control+W in the CLI to delete last word.

'Search engine' in Winbox/Webfig. Eg, you search for '192.168.13', and it will return every route, firewall rule, ARP entry, log entry, *everything* that matches that string.
 
23q
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Sep 02, 2010 2:54 pm
Location: Ukraine

Re: Feature request for v7.x

Thu May 14, 2015 11:31 pm

 
pochbba
newbie
Posts: 26
Joined: Mon Jun 19, 2006 10:00 pm
Location: Argentina

Re: Feature request for v7.x

Sat May 23, 2015 9:21 pm

I would strongly suggest that you add a "Test config for x seconds" function that brings config back to where it was before applying it.

It's necessary for production equipment when (we all aggree on this) some times certain configs seem to work in test benches but out in the field they totally don't. So having something like:

Wireless station working at 20-40mhz width:
/interface wireless set wlan1 channel-width=20/40/80mhz-Ceee test-time=1m

Which would reset to previous config if something goes wrong. I mean.. this station could be 50 km away from you.

Would be extremely helpful for us all.

Thanks in advance.

EDIT: After i posted this something came back to my mind.

Another suggestion would be having zoomable and/or exportable traffic/resource graphing system. It's already there.. just needs that option.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Sun May 24, 2015 12:17 am

I would strongly suggest that you add a "Test config for x seconds" function that brings config back to where it was before applying it.

It's necessary for production equipment when (we all aggree on this) some times certain configs seem to work in test benches but out in the field they totally don't. So having something like:

Wireless station working at 20-40mhz width:
/interface wireless set wlan1 channel-width=20/40/80mhz-Ceee test-time=1m

Which would reset to previous config if something goes wrong. I mean.. this station could be 50 km away.
FYI this feature already exists.
Look up Safe Mode. http://wiki.mikrotik.com/index.php?titl ... #Safe_Mode
 
aigarslv
just joined
Posts: 5
Joined: Mon May 25, 2015 11:24 pm

Re: Feature request for v7.x

Mon May 25, 2015 11:26 pm

Please add openconnect package for accessing Cisco SSL VPNs
http://www.infradead.org/openconnect/


So we don't have to run MetaROUTERs :)
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2988
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Feature request for v7.x

Tue May 26, 2015 12:58 am

Please Mikrotik is a simple one:

Detailed track of configuration changes on logs.

I hope is not that difficult.


That is very usefull to track and audit changes specially when are multiple administrators.
 
petrisimo
just joined
Posts: 14
Joined: Sat Apr 06, 2013 8:15 pm

Re: Feature request for v7.x

Thu May 28, 2015 4:16 pm

Hi Mikrotik,

to be honest, I would highly recommend to fix all bugs before you move to new features (please show some respect to your customers)

once you finish with bugs:
1) DHCP snooping
2) IP source guard
3) dynamic arp inspection
4) IGMP snooping

... and one more very important thing - to fix VLAN performance (drops by 45% just with 2 vlans on tile 6.28)
 
cusco
newbie
Posts: 34
Joined: Tue Jun 29, 2010 2:34 pm

Re: Feature request for v7.x

Tue Jun 09, 2015 8:23 pm

Virtual interfaces....
By this I mean the ability to have the following scenario:


ISP equipment --- rj45 ---> ether1 mikrotik

Now I would like to have several dhcp clients with different MAC addresses to be able to obtain more than one IP address
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2988
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Feature request for v7.x

Fri Jun 12, 2015 6:18 pm

Virtual interfaces....
By this I mean the ability to have the following scenario:


ISP equipment --- rj45 ---> ether1 mikrotik

Now I would like to have several dhcp clients with different MAC addresses to be able to obtain more than one IP address

will be great but, mikrotik its not the only brand who has that limitation because dhcp is mostly used to give access to clients its some kind of trend and too specific scenario to address
 
the.max
just joined
Posts: 9
Joined: Sun Apr 01, 2007 3:47 pm
Location: Czech Republic, Bilina
Contact:

Re: Feature request for v7.x

Sun Jun 14, 2015 8:09 pm

Also join in asking for support 802.11r.

In the foreseeable future will be in our country, the law on electronic records of payments. Very few restaurants it ready for us and they will have to buy new technology. In larger restaurants is not enough for one AP coverage and rapid movement between AP waitress with a payment terminal failures are undesirable and wait for logging in to another AP is unacceptable.
 
User avatar
davidnvega
just joined
Posts: 21
Joined: Wed Aug 28, 2013 11:11 pm
Location: San Juan, Argentina
Contact:

Re: Feature request for v7.x

Sat Jul 25, 2015 11:59 pm

I need Skins for Winbox, just like Webfig. And a Test Button, for apply changes during X seconds.
 
ibm
Member
Member
Posts: 306
Joined: Mon May 12, 2014 5:16 pm

Re: Feature request for v7.x

Sun Jul 26, 2015 12:22 am

I need Skins for Winbox, just like Webfig. And a Test Button, for apply changes during X seconds.
+1 for the apply changes for X seconds.
More precisely like a Safe mode but with a custom timeout.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Sun Jul 26, 2015 8:02 am

I need Skins for Winbox, just like Webfig. And a Test Button, for apply changes during X seconds.
+1 for the apply changes for X seconds.
More precisely like a Safe mode but with a custom timeout.

Sounds like "commit confirmed X" on JunOS. If you dont do another "commit" within "X" minutes it will automagically roll back the config changes.
 
ibm
Member
Member
Posts: 306
Joined: Mon May 12, 2014 5:16 pm

Re: Feature request for v7.x

Sun Jul 26, 2015 9:43 am

I need Skins for Winbox, just like Webfig. And a Test Button, for apply changes during X seconds.
+1 for the apply changes for X seconds.
More precisely like a Safe mode but with a custom timeout.

Sounds like "commit confirmed X" on JunOS. If you dont do another "commit" within "X" minutes it will automagically roll back the config changes.
Exactly
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature request for v7.x

Sun Jul 26, 2015 12:54 pm

- Multicast forwarding between subnets
- Decrease routing slowdown for ports in a bridge, if possible.
- DNS Tool
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2854
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Feature request for v7.x

Mon Jul 27, 2015 1:54 pm

What about "dummy" rule or anything elsa what could be "separator" for firewall rules.
I am testing: http://forum.mikrotik.com/viewtopic.php ... 6b#p492407
and the rules flow will be simpler to read when "subroutines" could be separated with rows which will show comment connected with it.
Here it is simulated with new rules chains' names.
Attacks.PNG
You do not have the required permissions to view the files attached to this post.
 
User avatar
cREoz
just joined
Posts: 10
Joined: Wed Sep 04, 2013 9:51 pm

Re: Feature request for v7.x

Mon Jul 27, 2015 2:50 pm

DNS: forward zones
 
cusco
newbie
Posts: 34
Joined: Tue Jun 29, 2010 2:34 pm

Re: Feature request for v7.x

Tue Jul 28, 2015 3:20 pm

Virtual interfaces....
By this I mean the ability to have the following scenario:


ISP equipment --- rj45 ---> ether1 mikrotik

Now I would like to have several dhcp clients with different MAC addresses to be able to obtain more than one IP address

will be great but, mikrotik its not the only brand who has that limitation because dhcp is mostly used to give access to clients its some kind of trend and too specific scenario to address
Hi, I don't understand what you mean by "some kind of trend"
Is it really so difficult to address? Today it is already working with VIF, if you have a metarouter.

You can add a VIF interface in a bridge. Basically one would just need to extrapolate that functionality to be able to use VIF interfaces outside metarouter.
 
tetecko
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sun Jun 11, 2006 7:44 pm

Re: Feature request for v7.x

Tue Jul 28, 2015 11:25 pm

+1 for 6rd support .

My isp only supports that at this point and I don't want a tunnel service like HE.
Regards

http://forum.mikrotik.com/viewtopic.php?t=99030
 
pmosconi
just joined
Posts: 1
Joined: Sat Aug 01, 2015 4:05 pm

Configuration Management and Cloning

Sat Aug 01, 2015 4:12 pm

Back in v6 Feature Request forum thread there was a a lot of debate about better config export and import for router cloning.
It seems to me that nothing has really been implemented - at least when working with hotspots, firewall rules and remote logging - but apparently nobody is making this request any more.
Have all others given up? I still need this desperately...
Thans
 
dmcken
newbie
Posts: 34
Joined: Fri Mar 24, 2006 8:21 pm

Re: Feature request for v7.x

Sun Aug 02, 2015 9:55 pm

efficient ipv6 routing table lookups on cli (e.g. /ipv6 route print where dst-address=8.8.8.0/24)
I would like this expanded for both IPv4 and IPv6, lookups on my BGP routers take minutes to complete.
 
User avatar
jspool
Member
Member
Posts: 468
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Feature request for v7.x

Thu Aug 06, 2015 7:00 pm

1. Failed login email alerts SSH,Telnet,Web,Etc like everyone else does.
2. I would like to see a country blocking option in the firewall.
3. The ability to load large DNS lists for blocking purposes. Currently all Mikrotiks cannot take whole categories worth of lists.
4. It would be nice to see the IP that made the request in DNS Cache.
 
23q
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Sep 02, 2010 2:54 pm
Location: Ukraine

Re: Feature request for v7.x

Fri Aug 07, 2015 11:03 am

e-mail headers - Content-type: text/html
http://forum.mikrotik.com/viewtopic.php?t=62481
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Fri Aug 07, 2015 11:43 am

MPLS TE Fast Re-Route
MPLS TE Link Protection
MPLS TE Link-Node Protection
MPLS TE behavior similar to Cisco Class Based Tunnel Selection
MPLS TE Diffserv-Aware tunnels

MPLS Segment Routing extensions to OSPF/ISIS

ISIS

Multicast separation of RPF table calculation into individual routing table and all things involved with that
Multicast BSR fixes
Multicast Anycast-RP
Multicast MSDP

64-bit for x86

Fast-Path indicator on each interface. Which traffic handlers are enabled or not enabled.

Graceful Restart for OSPF/BGP/PIM/ISIS (if ever implemented)

BGP multicast address family

Cisco IP SLA/Juniper RPM functionality

LLDP and LLDP-MED with integration into SNMP
It is like you read my mind!

Also add MPLS TE Auto-Tunnel

I also requested to Mikrotik support that they implement RFC7130 https://tools.ietf.org/html/rfc7130 for BFD + Bonding(LAG), this runs a BFD session per bond member, and can detect problems with packet flow via an individual link in a bond. This is very useful when you are running a Leaf/Spine switch architecture between routers and there is a problem with packet flow via one path, the bond + LACP to the Mikrotik will stay up, yet a path beyond the direct LACP link may have a problem and currently this would go unnoticed and cause issues.

RFC7130 aims to prevent such situations.
 
khaled11
just joined
Posts: 24
Joined: Mon Sep 30, 2013 7:09 pm
Location: lebanon

Re: Feature request for v7.x

Sun Aug 09, 2015 2:01 am

USER manager :-refill option client side "like code recharge " on local hotspot page.
- Daily Quota
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Feature request for v7.x

Fri Aug 21, 2015 1:46 pm

Usermanager EAP authentication support, so we can use Usermanager for WPA2 Enterprise configurations.

JF.
 
kaleruka
just joined
Posts: 3
Joined: Tue Oct 07, 2014 12:56 am

Re: Feature request for v7.x

Sun Aug 23, 2015 11:42 am

what about socks 5 support?
 
magnavox
Member
Member
Posts: 357
Joined: Thu Jun 14, 2007 1:03 pm

Re: Feature request for v7.x

Wed Aug 26, 2015 7:01 pm

Implementation in ROS of MLPPP Server side (for ISPs installation).

tnx
 
radman3000
just joined
Posts: 9
Joined: Thu Nov 01, 2012 11:49 am

Re: Feature request for v7.x

Fri Sep 25, 2015 3:21 pm

IPv6 PBR
 
zojka
just joined
Posts: 20
Joined: Tue Aug 12, 2014 12:26 pm

Re: Feature request for v7.x

Mon Oct 05, 2015 8:13 am

Authenticaton by RADIUS for http proxy and socks
 
mezzovide
just joined
Posts: 7
Joined: Tue Jun 11, 2013 8:02 am

Re: Feature request for v7.x

Fri Oct 23, 2015 2:08 pm

Mikrotik-ipv6-address-list radius attributes please. This is the only thing blocking us from ipv6 deployment to user, as we used it to separate QoS between users.
 
andersonlich
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Feb 26, 2009 1:05 pm

Re: Feature request for v7.x

Tue Nov 03, 2015 10:46 am

yes yes!
Mikrotik-IPv6-Address-List
IPv6-Framed-Route - RFC6911
IPv6-Delegated-Prefix - RFC4818


Mikrotik-ipv6-address-list radius attributes please. This is the only thing blocking us from ipv6 deployment to user, as we used it to separate QoS between users.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Wed Nov 04, 2015 9:01 pm

yes yes!
Mikrotik-IPv6-Address-List
IPv6-Framed-Route - RFC6911
IPv6-Delegated-Prefix - RFC4818
+1

We need these too
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Feature request for v7.x

Wed Nov 04, 2015 9:39 pm

yes yes!
Mikrotik-IPv6-Address-List
IPv6-Framed-Route - RFC6911
IPv6-Delegated-Prefix - RFC4818


Mikrotik-ipv6-address-list radius attributes please. This is the only thing blocking us from ipv6 deployment to user, as we used it to separate QoS between users.
+1 for us too!
 
samsung172
Forum Guru
Forum Guru
Posts: 1188
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Feature request for v7.x

Thu Nov 05, 2015 1:49 am

VRF support to features is sooooo missed. The support to choose what routingtable to use for what service. Ability to choose web configuration troug one vrf - and ssh by another. (just as example) . Best would be to support more than one per service.. Also stuff like ospf or bgp - inside a vrf.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7033
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature request for v7.x

Thu Nov 05, 2015 10:26 am

It is already possible to run OSPF and BGP as CE-PE protocols.
 
mezzovide
just joined
Posts: 7
Joined: Tue Jun 11, 2013 8:02 am

Re: Feature request for v7.x

Fri Nov 06, 2015 3:14 pm

BGP feature : advertise-inactive routes please. Its important for route collector services to receive all known routes even if its inactive!
 
PtDragon
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Sun Apr 26, 2009 8:52 pm

Re: Feature request for v7.x

Thu Nov 12, 2015 5:29 pm

I would like to see IP list optimization routines.
I'm often facing massive botnet attacks, in normal mode (adding attackers to list to block them for 60 days) I'm facing GIANT CPU load(all 36 cores are at 100% from just 50Mbit of traffic(SynFlood type traffic).
In some minutes I got around 1.4million of IPs to block.
Surely that list can be optimized by setting "n IPs from subnet means to block subnet" so for example if i got "8.8.8.1 8.8.8.5 8.8.8.10 8.8.8.30 8.8.8.80 8.8.8.99 8.8.8.251" as attackers and in rule I set block subnet /24 if 5 or more IPs on that subnet in list it would transform to IP list entry 8.8.8.0/24 (just single entry instead of many).
And also i wish that option to use rules for /24 /16 /8 subnets.
Similar function I have in CSF on my server in datacenter and it helps nicely against botnets.
 
Skyder
just joined
Posts: 8
Joined: Sun Nov 29, 2015 1:17 pm
Location: Russia. Kemerovo.

Re: Feature request for v7.x

Thu Dec 03, 2015 6:09 pm

Hello!
+1 IGMP snooping.
In Russia, in particular, it is very necessary for IGMP snooping. Popularity equipment soared to at all levels from byudzhenyh Hap summer to expensive models. All of our providers are using IGMP snooping. From me personally - to all its customers happy equipment installed Mikrotik and would advise all familiar.
So far, because of the absence of such functional distribution in Russia is questionable. We are not afraid even places without technical support RouterOS.

I very much hope that you will listen.
While I did not find any answer on the forum: whether to wait for IGMP snooping or leave for other equipment manufacturers. Mixing equipment from different manufacturers to achieve the desired functionality is not always a rational decision.
 
bronx
newbie
Posts: 39
Joined: Wed Feb 11, 2015 1:04 am
Location: Turin, Italy

Re: Feature request for v7.x

Sat Dec 05, 2015 12:35 pm

MPLS TE Fast Re-Route
MPLS TE Link Protection
MPLS TE Link-Node Protection
MPLS TE behavior similar to Cisco Class Based Tunnel Selection
MPLS TE Diffserv-Aware tunnels

MPLS Segment Routing extensions to OSPF/ISIS

ISIS

Multicast separation of RPF table calculation into individual routing table and all things involved with that
Multicast BSR fixes
Multicast Anycast-RP
Multicast MSDP

64-bit for x86

Fast-Path indicator on each interface. Which traffic handlers are enabled or not enabled.

Graceful Restart for OSPF/BGP/PIM/ISIS (if ever implemented)

BGP multicast address family

Cisco IP SLA/Juniper RPM functionality

LLDP and LLDP-MED with integration into SNMP
It is like you read my mind!

Also add MPLS TE Auto-Tunnel

I also requested to Mikrotik support that they implement RFC7130 https://tools.ietf.org/html/rfc7130 for BFD + Bonding(LAG), this runs a BFD session per bond member, and can detect problems with packet flow via an individual link in a bond. This is very useful when you are running a Leaf/Spine switch architecture between routers and there is a problem with packet flow via one path, the bond + LACP to the Mikrotik will stay up, yet a path beyond the direct LACP link may have a problem and currently this would go unnoticed and cause issues.

RFC7130 aims to prevent such situations.

+1
 
alexjhart
Member Candidate
Member Candidate
Posts: 197
Joined: Thu Jan 20, 2011 8:03 pm

Re: Feature request for v7.x

Fri Dec 18, 2015 2:32 am

Few things:
I haven't read all suggestions, but a simple way of filtering the log view on routeros would be nice. A way to only see a curtain PREFIX f.ex from the logfile while its running.

in linux something like this.

tail -30f /var/log/syslog | grep -i FW-DROP-LOG-PREFIX1

or even better to see several things

tail -30f /var/log/syslog | egrep -i 'FW-DROP-LOG-PREFIX2|FW-DROP-LOG-PREFIX3'
While you can achieve this with
/log print follow where message~"^prefix1|^prefix2"
I see the benefit of having grep for the complete output as well. It would be nice to have many Cisco/Juniper pipe commands such as match, begin, exclude, etc.

I would love to see tail. Often times I want to see the last few lines of the log, but not print the entire thing.

Since I brought up Juniper, it would be nice to have a better commit, compare, rollback system. I know you can batch commands and use undo/redo and/or safe mode, but it just isn't quite the same.

More detail in /system history please. "device changed" what specifically? maybe show the command or something.

printing (and ideally searching with ctrl+r) the command history would be handy too. Scrolling up one line at a time is a bit tedious.

real-time syntax painting in editor

save without quit in editor

inline comments in terminal (instead of normal ;;; comment on different line, perhaps by adding a column in standard print view and comment= in detail view so that each item uses oneline). Additionally, I think comment should be the last column or item listed. terse view could be updated to list comment last as well and could also benefit from syntax coloring. the comment value should be quoted in terse view as well.
 
margusl
just joined
Posts: 7
Joined: Mon Jun 16, 2014 3:32 pm

Re: Feature request for v7.x

Sun Jan 17, 2016 12:38 pm

IKEv2 for IPSec
 
User avatar
jspool
Member
Member
Posts: 468
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Feature request for v7.x

Sun Jan 17, 2016 10:39 pm

1. Full cURL support. We need the ability to send data to REST API's with cURL POST and the tool fetch is getting pretty limited for our current times.

2. DHCP-Client needs to have a script that can be executed when it gets an IP address. Would make it way more efficient then running a scheduler constantly looking for a change when the script could actually be executed only when ther eis an actual change.
 
b0m8er
just joined
Posts: 2
Joined: Sun Jan 17, 2016 12:07 pm

Re: Feature request for v7.x

Mon Jan 18, 2016 10:44 am

+1 for IGMP snooping support.
Much needed for IPTV in Russia!
 
brunoviviani
just joined
Posts: 1
Joined: Tue Jan 19, 2016 9:50 pm

Re: Feature request for v7.x

Tue Jan 19, 2016 9:53 pm

Team, please, make the Radius attribute Delegated-IPv6-Prefix to work.. we have more than 100 mikrotik boxes, and we need of this funcionally.
 
Devil
Member Candidate
Member Candidate
Posts: 170
Joined: Thu Jul 21, 2011 9:13 am

Re: Feature request for v7.x

Mon Jan 25, 2016 10:19 am

Ability to exclude some source/destination hosts/subnets from hotspot traffic counter.
And for the love of god, OVPN UDP support.
 
satish143
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Jan 22, 2016 9:54 pm

Re: Feature request for v7.x

Thu Feb 04, 2016 6:21 pm

When it is going to release?

Please in v7 make max-entries adjustable. so we can limit connection so kernel won't get crash :( I have notice in v6.35rc3 kernel crashing when limit reach to max :( I want to reduce max-entires but don't know how to :(

[admin@MikroTik] > /ip firewall connection tracking print

max-entries: 524288
total-entries: 234041
 
SDFadfasdfadsf
just joined
Posts: 23
Joined: Sun Feb 07, 2016 2:21 am

Re: Feature request for v7.x

Sun Feb 07, 2016 2:25 am

MVRP to sync VLAN information
 
mycket
just joined
Posts: 6
Joined: Tue Sep 07, 2010 11:39 pm

Re: Feature request for v7.x

Mon Feb 08, 2016 2:03 pm

yes yes!
Mikrotik-IPv6-Address-List
IPv6-Framed-Route - RFC6911
IPv6-Delegated-Prefix - RFC4818


Mikrotik-ipv6-address-list radius attributes please. This is the only thing blocking us from ipv6 deployment to user, as we used it to separate QoS between users.
+1 for us too!
+1 for me too
and PPPoE IPv6 Accounting
The only two things blocking us from using MK :(
 
User avatar
pants6000
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Fri Sep 26, 2014 5:30 am

Re: Feature request for v7.x

Wed Feb 24, 2016 7:40 am

A source-address option for bandwidth test would be nice!
 
jarda
Forum Guru
Forum Guru
Posts: 7755
Joined: Mon Oct 22, 2012 4:46 pm

Wed Feb 24, 2016 7:43 am

 
mukkelek
just joined
Posts: 7
Joined: Sun Feb 28, 2016 2:51 pm

Re: Feature request for v7.x

Sun Feb 28, 2016 3:15 pm

user manager for ARM system
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature request for v7.x

Fri Mar 18, 2016 12:40 am

Single connection routing @ 2 Gbps on 1036 and up.
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature request for v7.x

Fri Mar 18, 2016 5:56 pm

Single connection routing @ 2 Gbps on 1036 and up.
Make it 5 Gbps.
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature request for v7.x

Fri Mar 18, 2016 6:00 pm

Automatic dynamic power and cooling management for CCR.
 
User avatar
dallas
Long time Member
Long time Member
Posts: 548
Joined: Wed Dec 13, 2006 4:13 am
Location: Minnesota
Contact:

Re: Feature request for v7.x

Fri Mar 18, 2016 7:36 pm

I am requesting for the most basic spectrum analyzer for AC chipset. I will beta test for you. What version can I test on?
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature request for v7.x

Sat Mar 19, 2016 11:23 pm

Realtek WiFi support.
 
Arcticfox
just joined
Posts: 19
Joined: Fri Mar 29, 2013 2:29 pm

Re: Feature request for v7.x

Thu Mar 31, 2016 1:16 pm

LLDP support is highly required.
 
DmitryAVET
Member Candidate
Member Candidate
Posts: 112
Joined: Thu Mar 26, 2015 12:27 am
Location: Ukraine, Mukachevo
Contact:

Re: Feature request for v7.x

Fri Apr 01, 2016 3:31 pm

1. Load balancing mode in QuickSet (simple settings, step by step configuration manager). Actual for all home users (old rb951, and new hAP and hEX series).

2. More userfriendly step-by-step configuration managers, like L2TP Server conf. etc.

3. More powerfull Graphing, like Cacti etc. New graph design, like Google Analitycs

4. Built-in wireless link calculator, that use current device specifications (tx power, modulation, sensitivity).

5. Step-by-step configuration manager for QoS: select WAN-port, enter WAN capacity, enter total users, press 1 button and get configuration. Actual for most small offices.

6. That same as #5, but traffic prioritization for applications (skype etc)
 
nishadul
Member Candidate
Member Candidate
Posts: 161
Joined: Thu Dec 13, 2012 12:04 pm
Location: Bangladesh

Re: Feature request for v7.x

Fri Apr 01, 2016 4:38 pm

NEED HTTPS WITH PROXY
 
satish143
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Jan 22, 2016 9:54 pm

Re: Feature request for v7.x

Mon Apr 04, 2016 5:50 pm

When v7 coming out? is there any beta or testing version available?
 
basic833
just joined
Posts: 10
Joined: Fri Mar 11, 2016 10:06 pm

Re: Feature request for v7.x

Wed Apr 06, 2016 12:01 am

OVPN feature need!!!!!
UDP mode
LZO compression
TLS authentication
authentication without username/password
 
topperh
just joined
Posts: 2
Joined: Wed Aug 19, 2015 7:43 pm

Re: Feature request for v7.x

Fri Apr 08, 2016 11:43 pm

NEED HTTPS WITH PROXY
I second this request
 
mgiammarco
newbie
Posts: 47
Joined: Tue Apr 13, 2010 10:56 pm

Re: Feature request for v7.x

Sun Apr 10, 2016 9:31 am

I know what the answer for this is going to be, but it's just to show that the issue is not getting anywhere even if you pretend it does not exist and people still need it.

OpenVPN version update
OpenVPN support for UDP
OpenVPN support for LZO

In openWRT running in MetaRouter it's way too slow
I agree. Please finish existing feature before adding new ones.
And in CRS models LACP is missing too.
 
BeNoZo
just joined
Posts: 3
Joined: Mon Apr 11, 2016 2:02 pm

Re: Feature request for v7.x

Mon Apr 11, 2016 3:38 pm

TR-069

For auto provision , remote real time diagnostics, quick fast mass upgrades, quick fix roll outs and general monitoring .
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Feature request for v7.x

Mon Apr 11, 2016 8:24 pm

TR-069

For auto provision , remote real time diagnostics, quick fast mass upgrades, quick fix roll outs and general monitoring .
all of those can be put in place using scripting and ros api right now :-)
 
BeNoZo
just joined
Posts: 3
Joined: Mon Apr 11, 2016 2:02 pm

Re: Feature request for v7.x

Tue Apr 12, 2016 8:32 am

TR-069

For auto provision , remote real time diagnostics, quick fast mass upgrades, quick fix roll outs and general monitoring .
all of those can be put in place using scripting and ros api right now :-)

But it's still not TR-069 isn't it . Scripting is per device , and time consuming . Consider managing thousands of RouterBoard , Scripting is good if you have a few CPE , but when your talking about mass deployment you need TR-069, no help desk is going to take a support call and put a customer on hold while you script something up . :shock:
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Feature request for v7.x

Tue Apr 12, 2016 11:12 am

TR-069

For auto provision , remote real time diagnostics, quick fast mass upgrades, quick fix roll outs and general monitoring .
all of those can be put in place using scripting and ros api right now :-)

But it's still not TR-069 isn't it . Scripting is per device , and time consuming . Consider managing thousands of RouterBoard , Scripting is good if you have a few CPE , but when your talking about mass deployment you need TR-069, no help desk is going to take a support call and put a customer on hold while you script something up . :shock:
you're right, it's not TR-069. scripting is a lot more powerful stuff.
of course it needs a head start of coding, it's not something out of the box. but auto-provisioning can be
done using different approaches.

no one stops us to actually create a similar environment/ecosystem with ROS scripting, to provide the same
look & feel as TR-069. if you need it right now, let's make one. when you have to deal with 1000s of devices
it (the home-brew approach) will be a lot more efficient than doing everything manually while waiting for MTIK to implement TR-069 :-)

BTW, i would not compare the average TR-069 governed CPE feature set to something that ROS offers right now.
 
BeNoZo
just joined
Posts: 3
Joined: Mon Apr 11, 2016 2:02 pm

Re: Feature request for v7.x

Wed Apr 13, 2016 1:54 am

TR-069

you're right, it's not TR-069. scripting is a lot more powerful stuff.
of course it needs a head start of coding, it's not something out of the box. but auto-provisioning can be
done using different approaches.

no one stops us to actually create a similar environment/ecosystem with ROS scripting, to provide the same
look & feel as TR-069. if you need it right now, let's make one. when you have to deal with 1000s of devices
it (the home-brew approach) will be a lot more efficient than doing everything manually while waiting for MTIK to implement TR-069 :-)

BTW, i would not compare the average TR-069 governed CPE feature set to something that ROS offers right now.
That is just re-inventing the wheel. Why develop new ecosystem when one already exists . ISP already have TR-069 asset in the business and interfaced with OSS/BSS systems, re-inventing (home-brew) is not feasible.

At the end of the day , this is a feature request , end user should have the option to choose what best fits the network and business. TR-069 is my feature request for V7.
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Feature request for v7.x

Wed Apr 13, 2016 12:05 pm

At the end of the day , this is a feature request , end user should have the option to choose what best fits the network and business. TR-069 is my feature request for V7.
fair enough :-)
 
User avatar
sterling
Member Candidate
Member Candidate
Posts: 111
Joined: Tue Jan 18, 2011 8:55 am
Location: Utah
Contact:

Re: Feature request for v7.x

Thu Apr 28, 2016 6:05 pm

Not sure this one has been mentioned, but I really need fastpath in VPLS endpoints for VPLS faster than 1Gbps.

I've had to switch back to basic OSPF routing to obtain the 8-9Gbps speeds i used to have before implementing end to end MPLS/VPLS.
 
th0massin0
Member Candidate
Member Candidate
Posts: 156
Joined: Sun May 11, 2014 4:16 am
Location: Poland

Re: Feature request for v7.x

Mon May 02, 2016 9:56 am

Small thing: for multiple WAN envoronments it should exists some kind of predefined policy or on/off switch, about incomming and outgoing traffic. When something goes in from WAN1 should go out by WAN1, when something goes in frome WAN2 should go out by WAN2 and so on...
 
jarda
Forum Guru
Forum Guru
Posts: 7755
Joined: Mon Oct 22, 2012 4:46 pm

Mon May 02, 2016 10:08 am

It's easy. Mangle the connection and route the packets back according to the routing marks.
 
th0massin0
Member Candidate
Member Candidate
Posts: 156
Joined: Sun May 11, 2014 4:16 am
Location: Poland

Re: Feature request for v7.x

Mon May 02, 2016 10:54 am

When combining PPPoE Client WAN and static IP address WAN it's not so easy, look
/ip firewall mangle
add action=mark-connection chain=prerouting comment="WAN1 FWD" in-interface=ppp-WAN1 new-connection-mark=wan1_conn passthrough=no
add action=mark-routing chain=prerouting comment="WAN1 FWD" connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=no
add action=mark-connection chain=prerouting comment="WAN2 FWD" in-interface=ppp-WAN2 new-connection-mark=wan2_conn
add action=mark-routing chain=prerouting comment="WAN2 FWD" connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=no
add action=mark-connection chain=input comment="WAN1 IN OUT" in-interface=ppp-WAN1 new-connection-mark=wan1_conn
add action=mark-routing chain=output comment="WAN1 IN OUT" connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=no
add action=mark-connection chain=input comment="WAN2 IN OUT" in-interface=ppp-WAN2 new-connection-mark=wan2_conn
add action=mark-routing chain=output comment="WAN2 IN OUT" connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=no
/ip route
add check-gateway=ping distance=2 gateway=ppp-WAN1 routing-mark=to_wan1
add check-gateway=ping distance=3 gateway=ppp-WAN2 routing-mark=to_wan2
add check-gateway=ping comment=MAIN distance=1 gateway=10.1.0.1
add distance=1 dst-address=10.0.0.11/32 gateway=eth6_WAN1
add distance=1 dst-address=10.0.0.12/32 gateway=eth7_WAN2

... and when I tried to set up routing mark for address 10.1.0.1, the route fails.
Could you help me please?
 
th0massin0
Member Candidate
Member Candidate
Posts: 156
Joined: Sun May 11, 2014 4:16 am
Location: Poland

Re: Feature request for v7.x

Mon May 02, 2016 12:16 pm

Also usable will be some kind of checkbox for hairpin NAT in NAT rule creation.
 
alphalt
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Sat Aug 01, 2009 1:53 pm
Location: Denmark

Re: Feature request for v7.x

Wed May 04, 2016 12:05 am

Hi,

Maybe very old request, but... Metarouter support on microSD card.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature request for v7.x

Wed May 04, 2016 11:39 pm

... and when I tried to set up routing mark for address 10.1.0.1, the route fails.
Could you help me please?
Your problem is that the connection-marking rules need to also have the criteria: connection-mark=no-mark
If not, then you can re-mark connections and break the routing policy.
 
th0massin0
Member Candidate
Member Candidate
Posts: 156
Joined: Sun May 11, 2014 4:16 am
Location: Poland

Re: Feature request for v7.x

Fri May 06, 2016 4:37 pm

Login by ssh key in WinBox will be really helpfull too.
 
radman3000
just joined
Posts: 9
Joined: Thu Nov 01, 2012 11:49 am

Re: Feature request for v7.x

Wed May 11, 2016 6:21 am

Requesting IPv6 policy based routing.
 
User avatar
isolnet
newbie
Posts: 45
Joined: Sat Jan 30, 2016 7:28 am
Location: India

Re: Feature request for v7.x

Wed May 11, 2016 7:54 am

Dear MT Team

I think User manager is most power full tool in future because every isp need radius with accounting, country wise payment gateway, sms api integration, plans flexibility etc.

So Kindly improve in further upcoming updates.
 
hkaiser
newbie
Posts: 41
Joined: Fri Feb 04, 2005 11:11 am

Re: Feature request for v7.x

Fri May 13, 2016 6:02 pm

Hello!

802.11ad cards support, and GPS syncing would be great!
 
maara
newbie
Posts: 44
Joined: Fri Jun 10, 2011 8:42 am

Re: Feature request for v7.x

Sat Jun 04, 2016 5:38 pm

Ovpn tls-auth and improved ovpn client in general so the connection compatibility is better..
 
craterman
just joined
Posts: 22
Joined: Tue Oct 14, 2014 1:26 pm

Re: Feature request for v7.x

Sat Jun 18, 2016 3:47 pm

MPLS TE Fast Re-Route
MPLS TE Link Protection
MPLS TE Link-Node Protection
MPLS TE behavior similar to Cisco Class Based Tunnel Selection
MPLS TE Diffserv-Aware tunnels

MPLS Segment Routing extensions to OSPF/ISIS

ISIS

Multicast separation of RPF table calculation into individual routing table and all things involved with that
Multicast BSR fixes
Multicast Anycast-RP
Multicast MSDP

64-bit for x86

Fast-Path indicator on each interface. Which traffic handlers are enabled or not enabled.

Graceful Restart for OSPF/BGP/PIM/ISIS (if ever implemented)

BGP multicast address family

Cisco IP SLA/Juniper RPM functionality

LLDP and LLDP-MED with integration into SNMP
These functions need definitely. And they need not only to us but also to you - mikrotik team, for that would have a more competitive product and a more extensive sales geography. I think when you had MUM tour in Asia have often been asked about the ISIS protocol. Oh Asians very love it :-)
 
riaanmaree
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Aug 31, 2006 10:42 pm
Location: Johannesburg, South Africa
Contact:

Re: Feature request for v7.x

Sat Jun 18, 2016 7:07 pm

AS & BGP info in Netflow v5 export.

Sent from my SM-G925F using Tapatalk
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Sun Jun 19, 2016 1:02 am

I think when you had MUM tour in Asia have often been asked about the ISIS protocol. Oh Asians very love it :-)
ISIS is very common in large provider networks the world over. It will be great to see ISIS support in RouterOS.

But for now I will be happy to just see RouterOS v7 beta get released :)
 
borisk
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Mon Jul 04, 2016 10:02 pm
Location: Nizhniy Tagil, Russia

Re: Feature request for v7.x

Wed Jul 06, 2016 3:04 pm

The very simple feature we need right now is: ability to delete bgp communitied from prefix by rege. Cisco like:

route-map xxx permit 10
 match ....
 set comm-list XXXX delete
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Wed Jul 06, 2016 10:53 pm

The very simple feature we need right now is: ability to delete bgp communitied from prefix by rege. Cisco like:

route-map xxx permit 10
 match ....
 set comm-list XXXX delete
+1

Being able to delete communities based on a regex would be perfect !
 
mmabob
just joined
Posts: 6
Joined: Wed May 28, 2014 5:46 am

Re: Feature request for v7.x

Thu Jul 14, 2016 6:53 am

 Multi Core BGP to speed up receiving a full BGP routing table
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 227
Joined: Tue Mar 08, 2011 2:52 am
Location: Lugano - Switzerland
Contact:

Re: Feature request for v7.x

Thu Jul 14, 2016 6:44 pm

The major missing feature of ROSv7 that I think would benefit everyone is to be available in the download page.

:-D

I apologize for the cheap humor, but I couldn't resist...
 
jarda
Forum Guru
Forum Guru
Posts: 7755
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature request for v7.x

Fri Jul 15, 2016 7:52 am

Yep. Wondering why none mentioned the torrent client yet... That would be something really widely used. Also tor package would move the ros to new level.
:-)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature request for v7.x

Fri Jul 15, 2016 6:46 pm

You're making fun of it, but ability to have some unusual software could be nice. Not necessarily from MikroTik, some form of custom packages. Probably with limited environment (chroot, user permissions), to prevent them from messing up the router.
There was MetaROUTER, but it was a little heavy and not very easy to use. And it's no longer an option anyway, since MikroTik continues to successfully fix the "excessive storage problem" for more and more devices.
But few small binaries would still fit. So yeah, why not torrent, tor or whatever... :)
 
jarda
Forum Guru
Forum Guru
Posts: 7755
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature request for v7.x

Fri Jul 15, 2016 10:31 pm

Sure, I do.

You know very well that there are still basic gaps in functionality that should be filled first. After that, there will be some space for similar requests, like torrents, tor, speach synthesizer, different magic wands and whatever else. But this will never happen as the resources are scarce and the competitors are still moving forward providing some parts of functionality on better level. It will be never ending story to keep the tempo with them and trying to provide something really useful and special above that.

We are just mortal beings, what we can do more than to try to have fun?
 
maltris
just joined
Posts: 1
Joined: Fri Jul 15, 2016 8:28 pm

Re: Feature request for v7.x

Sat Jul 16, 2016 10:17 am

I just had an idea which I would like to share with the community and maybe someone else also likes it. 

There is this small, not-well-known but very useful tool called "etckeeper" for Linux, which automatically commits all changes you do on your configuration to the version-control-system of your choice (git, svn...). An implementation of that for MikroTik would be interesting because it will save time required for setting up other ways of automated backups.

Further information can be found here: https://github.com/joeyh/etckeeper
 
cusco
newbie
Posts: 34
Joined: Tue Jun 29, 2010 2:34 pm

Re: Feature request for v7.x

Wed Jul 20, 2016 5:13 pm

+1 for IGMP snooping support.
Much needed for IPTV in Russia!
Don't we already have IGMP support?
Just over the weekend I managed to configure IPTV box with IGMP proxy, and 2 firewall rules (one to allow IGMP, another to allow UDP to specific subnets used by my provider)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request for v7.x

Wed Jul 20, 2016 5:17 pm

+1 for IGMP snooping support.
Much needed for IPTV in Russia!
Don't we already have IGMP support?
Just over the weekend I managed to configure IPTV box with IGMP proxy, and 2 firewall rules (one to allow IGMP, another to allow UDP to specific subnets used by my provider)
Can you post the exact rules? Yes, we do have IGMP proxy and it should be enough in most cases. Some people refuse to try it, so a complete example would be nice, to make it easier. 
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Thu Jul 21, 2016 9:48 am

There is this small, not-well-known but very useful tool called "etckeeper" for Linux, which automatically commits all changes you do on your configuration to the version-control-system of your choice (git, svn...). An implementation of that for MikroTik would be interesting because it will save time required for setting up other ways of automated backups.
I fail to see why.
MikroTik does not make the contents of /etc visible to users.  They use a frontend that processes all user commands and makes changes to the underlying Linux configuration in a manner that is not public.
There is no way they will export the contents of /etc outside the router!
When you want to save your exported configs in a version control system, go ahead and do so.  You don't need assistence from MikroTik for that.
Just setup a directory (tree) where you keep your exported configs and check this in to your favority version control system.   I do this all the time.
This "etckeeper tool" can be done in a single "git add -A /etc" command, all the fluff you find in there is just to make it easily installable and configurable for different environments.
 
net365
newbie
Posts: 40
Joined: Sun Feb 14, 2010 5:17 pm

Re: Feature request for v7.x

Tue Jul 26, 2016 1:46 pm

IPv6 Hotspot would be very nice to offer. Not sure if anyone elase has suggested it yet?
 
cusco
newbie
Posts: 34
Joined: Tue Jun 29, 2010 2:34 pm

Re: Feature request for v7.x

Tue Aug 02, 2016 8:05 pm

+1 for IGMP snooping support.
Much needed for IPTV in Russia!
Don't we already have IGMP support?
Just over the weekend I managed to configure IPTV box with IGMP proxy, and 2 firewall rules (one to allow IGMP, another to allow UDP to specific subnets used by my provider)
Can you post the exact rules? Yes, we do have IGMP proxy and it should be enough in most cases. Some people refuse to try it, so a complete example would be nice, to make it easier. 

Hello Normis. In my case, I also struggled, read on the web that i should allow ALL UDP traffic on the firewall. Then I read about my provider (MEO in Portugal) and other people making similar configurations in other equipment, so I found out the addresses I needed to allow UDP.

here follows:
 > /routing igmp-proxy export compact 
# aug/02/2016 17:58:59 by RouterOS 6.35.4
# software id = ADSD-BZLV
#
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan12 upstream=yes
add interface=bridge-lan
 > /ip firewall filter export compact 
# aug/02/2016 17:59:54 by RouterOS 6.35.4
# software id = ADSD-BZLV
#
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related
add action=drop chain=Attacks comment="Drop connections FROM blacklisted hosts" src-address-list=blacklist
add action=drop chain=Attacks comment="Drop connections TO blacklisted hosts" dst-address-list=blacklist
add chain=input comment="Allow Established and Related" connection-state=established
add chain=forward connection-state=established,related disabled=yes
add action=drop chain=input comment="Drop INVALID" connection-state=invalid
add action=drop chain=forward connection-state=invalid
add chain=output comment="Allow LAN" src-address-list=INTERNAL
add chain=input comment=SUPPORT src-address-list=support
add chain=input comment="Allow VPN's" protocol=gre
add chain=input comment=PPTP dst-port=1723 protocol=tcp
add chain=input comment=L2TP dst-port=1701 protocol=udp
add action=reject chain=input comment="prevent ping" disabled=yes in-interface=vlan12 protocol=icmp reject-with=icmp-admin-prohibited
add chain=input comment="Allow Ping" log=yes log-prefix="PING_ " protocol=icmp

#add action=add-dst-to-address-list address-list=MEO-IGMP address-list-timeout=1w3d chain=input comment="IGMP (iptv)" protocol=igmp
add chain=input comment="IGMP (iptv)" protocol=igmp
add chain=input comment="UDP (iptv)" protocol=udp src-address-list=MEO-IPTV
add chain=forward protocol=udp src-address-list=MEO-IPTV

add action=drop chain=input comment="Drop Everything else" log-prefix=DROP_
 > /ip firewall address-list export
# aug/02/2016 18:04:28 by RouterOS 6.35.4
# software id = ADSD-BZLV
#
/ip firewall address-list
# ... other stuff ...
add address=194.65.46.0/23 list=MEO-IPTV
add address=10.173.0.0/16 list=MEO-IPTV
add address=213.13.16.0/21 list=MEO-IPTV
 
User avatar
CyB3RMX
Member Candidate
Member Candidate
Posts: 148
Joined: Thu May 26, 2011 7:08 am

Re: Feature request for v7.x

Fri Aug 05, 2016 8:05 am

- TDD on wireless
- improvements on wireless side like beam forming
-
 
mtuser666
just joined
Posts: 4
Joined: Mon Jul 11, 2016 11:46 am

Re: Feature request for v7.x

Thu Aug 18, 2016 4:02 pm

+1
 Multi Core BGP to speed up receiving a full BGP routing table
But for first v7 need any Ether RING protocol : ITU-T G.8032 Ethernet Ring Protection Switching (ERPS) there is also EAPS(like extreme networks), EPSR(allied telesis)
Without ring every accident takes too long time and don't tell me RSTP is a good solution, because it is not.
 
Yekver
just joined
Posts: 18
Joined: Fri Jan 31, 2014 9:47 pm

Re: Feature request for v7.x

Wed Sep 07, 2016 10:47 am

Here is some useful features that would be great to see!

capsman
 - speed per client in registration table tab
 - show speed in interfaces tab even for that configurations where Local Forwarding option is enabled!

queue
 - show notification if queue couldn’t be processed because of fasttrack

graphs
 - ability to save graphs
 - draw graphs for the following wireless interface settings (this is very helpful to detect long time problems with wifi links):
      - tx/rx signal strengh
      - tx/rx CCQ
      - noise floor
      - signal to noise
  - make static graphs for retina displays, now they look awful
  - total upload/download statistics

web interface
 - new svg icons for retina
 - create mobile device friendly web interface
 - delete/add table columns while designing skin
 - more default skins
 - quick search through whole amount of options
 - reduce the CPU usage (now from 10-15%)
 - log filterable by topics
 - fix "ERROR: Internal Server Error" shown on login screen. Error comes with not expected logout

capsman
 - show "Active Host Name" in "Registration Table" tab (like in DHCP - Lease)

firewall
 - save bytes/packets counters after ROS upgrade or reboot

PS: winbox for MacOS pleeease :)
 
PastuhMedvedey
newbie
Posts: 40
Joined: Fri Jan 13, 2012 1:42 pm
Location: Ukraine

Re: Feature request for v7.x

Wed Sep 07, 2016 2:41 pm

 Multi Core BGP to speed up receiving a full BGP routing table
A very important feature.
 
kleinem
just joined
Posts: 2
Joined: Mon Jan 26, 2015 11:27 am

Re: Feature request for v7.x

Tue Sep 20, 2016 4:37 pm

Definitive must:
Locator Id Separation (LISP) support

Nice to have:
Conditional DNS forwarding, so you don't have to fiddle with L7 inspection and NATing...
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Feature request for v7.x

Tue Sep 27, 2016 3:38 pm

Would be possible to implement option to enable IP firewall per bridge?
So BRIDGE A has ip firewall enabled and i can control fully its traffic (for example controlling ADSL traffic between bridget ports 1-2)
And for example BRIDGE B which would just pass traffic between LAN port3 and WIFI interface/s on which i dont need IP firewall which kills CPU.
 
andreiroos
just joined
Posts: 12
Joined: Sat Oct 01, 2016 8:22 pm

Re: Feature request for v7.x

Sat Oct 01, 2016 8:26 pm

Not sure if this have been mentioned, I would like the ability to change exclusive settings for the LTE wireless cards, eg. Sierra cards. Settings like the LTE band selection and more. Not sure what the card capabilities are, but if all settings are available through winbox it would be fantastic.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: Feature request for v7.x

Sat Oct 01, 2016 10:22 pm

Please add GPS webui (remotlly find router location in webfig)

Sent from my C6833 using Tapatalk
 
crumb
just joined
Posts: 1
Joined: Tue Oct 04, 2016 12:50 pm

Re: Feature request for v7.x

Tue Oct 04, 2016 1:12 pm

Hello! I would really like to see in a future version of the RouterOS possible to install Metarouter to external storage such as a USB-flash. It is very important for hAP AC owners, where the free HDD space is very small.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Tue Oct 04, 2016 3:15 pm

Hello! I would really like to see in a future version of the RouterOS possible to install Metarouter to external storage such as a USB-flash. It is very important for hAP AC owners, where the free HDD space is very small.
I'm sure that will never happen, as it would open the door to breaking into RouterOS...
(you can remove the flash card and look what is on there, modify it, and place it back)
 
hurymak
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Mon Oct 06, 2014 1:31 pm

Re: Feature request for v7.x

Tue Oct 04, 2016 3:42 pm

Please add some type of device / tracking protection.
That when thief will steal it, it will have some code with ability to track, even after hard reset or with remote code activation,
to work in the way as apple icloud lock - unusable without code.
 
Sivics
just joined
Posts: 4
Joined: Thu May 30, 2013 5:48 pm

Re: Feature request for v7.x

Mon Oct 10, 2016 4:45 pm

OpenVPN CRL
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Mon Oct 10, 2016 5:01 pm

Please add some type of device / tracking protection.
That when thief will steal it, it will have some code with ability to track, even after hard reset or with remote code activation,
to work in the way as apple icloud lock - unusable without code.
Secure Routerboot is already available - maybe that is what you wanted?
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: Feature request for v7.x

Tue Oct 11, 2016 3:53 am

Please add some type of device / tracking protection.
That when thief will steal it, it will have some code with ability to track, even after hard reset or with remote code activation,
to work in the way as apple icloud lock - unusable without code.
Secure Routerboot is already available - maybe that is what you wanted?
No, Secure Routerboot does not protect the hardware at all. It only protects the configuration. You can easily reset the router if it has Secure Routerboot and it erases the configuration and then you can use it like it is brand new.

Directly from the Secure Routerboot Wiki:
"As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time. Even if reformat-hold-button time is forgotten, holding the reset button for more than 300s will allow you to perform reformat."
 
User avatar
harvey
Member Candidate
Member Candidate
Posts: 131
Joined: Thu Apr 05, 2012 8:16 pm

Re: Feature request for v7.x

Thu Oct 13, 2016 3:47 pm

I would like to voice my agreement with all the requests for enhanced OpenVPN support including:-

UDP support
auth-tls support
Enhance 'auth' algorithms such as SHA512.
Enhance 'cipher' support.
The ability to push configurations to clients.

Thanks for all the hard work.
 
vonsete
just joined
Posts: 2
Joined: Thu Oct 13, 2016 6:35 pm

Re: Feature request for v7.x

Thu Oct 13, 2016 6:39 pm

ONT password authentication
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature request for v7.x

Thu Oct 13, 2016 7:15 pm

UDP support
UDP was already confirmed for RouterOS v7, no need to keep requesting it. Buy a nice bottle of champagne with long expiration date and be ready! ;)

The other goodies, that's a different question, I don't remember seeing anything else confirmed by MikroTik, and I'm affraid to ask. One thing is clear, it would be real shame to end up with "please add <some still missing OpenVPN feature>" thread(s) after RouterOS v7 gets out.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Fri Oct 14, 2016 11:38 am

it would be real shame to end up with "please add <some still missing OpenVPN feature>" thread(s) after RouterOS v7 gets out.
Hopefully the change will just be "update the OpenVPN binary to the most recent release".
But, note that OpenVPN has serious (and nonsensical) limitations itself!
For example, the server can only listen on TCP or UDP, not on both at the same time.
So when you want to migrate your existing OpenVPN-over-TCP network to UDP once that becomes available,
you "will be facing interesting times".
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request for v7.x

Fri Oct 14, 2016 11:49 am

No, Secure Routerboot does not protect the hardware at all. It only protects the configuration.
Currently true, but we will implement a specific second interval for the reset, so that it will be impossible to reset, unless you know that it is triggered between the 85th and 90th second :)
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: Feature request for v7.x

Fri Oct 14, 2016 4:38 pm

No, Secure Routerboot does not protect the hardware at all. It only protects the configuration.
Currently true, but we will implement a specific second interval for the reset, so that it will be impossible to reset, unless you know that it is triggered between the 85th and 90th second :)
So, you have to know the number within a 5 second range? Up to 300 seconds, divided by 5 = 60. So, worst case scenario is that someone could reset it with 60 tries, and most likely within 30 tries.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Fri Oct 14, 2016 7:44 pm

Of course it would cost several hours to try all those options. When someone is that persistent, just give him the router.
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: Feature request for v7.x

Fri Oct 14, 2016 8:50 pm

A few hours does not equal "impossible".

Some people spend a few hours setting up the router anyway.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature request for v7.x

Fri Oct 14, 2016 10:07 pm

My philosophy has always been: "physical access = root"
 
jarda
Forum Guru
Forum Guru
Posts: 7755
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature request for v7.x

Sat Oct 15, 2016 3:41 pm

Who really suffers by devices being regularly stolen? I have not ever heard of it.
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: Feature request for v7.x

Sat Oct 15, 2016 4:25 pm

Who really suffers by devices being regularly stolen? I have not ever heard of it.
Maybe not stolen, but reused by a competitor... giving the competitor an advantage because they don't have to provide one.

Anyway, the point is that this "Secure Routerboot" feature should be advertised as a configuration protector only, which is seems to be very good at, instead of also a hardware protector, which is currently very easy to reset and in the future will just take longer.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Sat Oct 15, 2016 5:46 pm

Maybe not stolen, but reused by a competitor... giving the competitor an advantage because they don't have to provide one.
That will probably be not a professional competitor, but merely a bunch of hobbyists.
I cannot think of a professional company making a living providing service using left-over routers of competitors and resetting
and re-configuring them (or having their clients do that).
How do you ever want to support such a network?
When you don't want that to happen, provide your routers only on loan with obligation to return them at end of subscription
so you can exercise that right when there appears to be something going on.
 
likid
just joined
Posts: 1
Joined: Sun Oct 16, 2016 6:29 am

Re: Feature request for v7.x

Sun Oct 16, 2016 6:46 am

OpenVPN LZO compression
OpenVPN TLS-Auth
 
veso266
newbie
Posts: 27
Joined: Sat Sep 17, 2016 8:34 pm

Re: Feature request for v7.x

Sun Oct 16, 2016 9:25 pm

Udpxy to relay multicast to unicast for IPTV: http://www.udpxy.com/index-en.html
 
Adam84
newbie
Posts: 28
Joined: Mon Mar 26, 2012 8:46 pm

Re: Feature request for v7.x

Wed Oct 19, 2016 1:51 pm

DHCP Lease assignment based only on partial MAC (i.e. only on OUI) / hostname / received DHCP Option 82 Info (this one is the most important).
IPsec Virtual Interface (that would allow routing to other networks through tunnel)
DNS records based on zones
 
NGL
just joined
Posts: 6
Joined: Wed Aug 24, 2011 10:43 pm

Re: Feature request for v7.x

Sat Oct 22, 2016 2:17 am

I am in desperate need of ISIS... specifically Shortest Path Bridging (SPB)
Or some way to Dynamically route Large TE tunnels down multiple smaller ones.

Here is our problem. We are a WISP and we run MPLS and TE tunnels between sites. We use multiple connections between sites and utilize them with TE tunnels. The problem is that it does not balance well when the sites are needing lots of bandwidth and have many smaller connections. Here is an example.

Lets say site A has 4 connections to it:
1gb path 2 hops
100mb path 2 hops
100mb path 3 hops
200mb path 4 hops
Site A uses 350mbps and it is reserved in the TE tunnel. Great all is working well... until something happens to the 1gb link and it goes down.
When the 1 gb connection goes down the TE tunnel will fail and all of the traffic will then go down the 100mb 2 hops path. the other 2 links will not be used at all and the site will be crippled by lack of bandwidth. It has the bandwidth available but no way to use it.

Option 1: have some way to dynamically route Large TE tunnels down multiple smaller ones.

Option 2: Use multiple TE tunnels using BGP signaled VPLS and throw them all into a bridge that has ISIS and Shortest Path Bridging (SPB) breaks traffic up to allow multiple paths to the same site.

Option 3 (current option) Use multiple TE tunnels using BGP signaled VPLS and throw them all into a bonded interface. write a script that monitors the interface and add back changed VPLS interfaces. They are all dynamically made so when something changes they break out of the bonded interface. Then add the bonded interface into a bridge. You may need to add Nx addresses on both sides to use the fail detection on the interfaces in the bonding to make sure traffic doesn't go down a dead interface. then add another custom script to move the IP addresses to follow the dynamically created interfaces to ensure correct fail over....

Option 3 is not cool.
We really need option 1 or 2
 
troffasky
Member
Member
Posts: 431
Joined: Wed Mar 26, 2014 4:37 pm

Re: Feature request for v7.x

Sun Oct 23, 2016 12:59 am

There is this small, not-well-known but very useful tool called "etckeeper" for Linux, which automatically commits all changes you do on your configuration to the version-control-system of your choice (git, svn...). An implementation of that for MikroTik would be interesting
I suggest you look at RANCID, it does what you've described. Works for me, as well as with much other network equipment.
 
gt4a
just joined
Posts: 18
Joined: Mon Sep 14, 2015 11:14 am

Re: Feature request for v7.x

Tue Oct 25, 2016 6:55 am

1. single ssid for 2.4G & 5G.
users don't have to chose 2.4g or 5g, ap will automatically assign best freqs for client. APs from Ruijie network(China based) have this feature. and some openwrt based firmware can.
2. better Active directory IAS compatibility.
radius+ias, some clients(laptop) can connect but some can't not. but all of them can connect to cisco ap(ms ad/radius).
 
jarda
Forum Guru
Forum Guru
Posts: 7755
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature request for v7.x

Tue Oct 25, 2016 7:46 am

It was always possible to use the same ssid for different wlans.
 
netflow
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Sat Oct 01, 2016 3:53 pm

Re: Feature request for v7.x

Sat Oct 29, 2016 1:01 pm

+1 for IGMP snooping support.
Much needed for IPTV in Russia!
Don't we already have IGMP support?
Just over the weekend I managed to configure IPTV box with IGMP proxy, and 2 firewall rules (one to allow IGMP, another to allow UDP to specific subnets used by my provider)
Can you post the exact rules? Yes, we do have IGMP proxy and it should be enough in most cases. Some people refuse to try it, so a complete example would be nice, to make it easier. 
I have IGMP proxy and still feel the need of IGMP snooping to reduce network bandwidth efficiently and simplify configuration.
My intended setup:
- IGMP Proxy from WAN to LAN and L2TP interface
- Where LAN is defined as bridge between ETH and WLAN

Problems:
- WLAN is polluted once an ETH interface register for UDP streaming
- All physical ETH interfaces linked to the same internal switch are also polluted

Solution I had to use because of lack of IGMP snooping:
- Remove bridge interface, introduce L3 routing between ETH and WLAN (by separating subnet)
- Remove link between ETH interfaces and introduce L3 routing (which as consequence reduce transfer speed between cable computers) or accept network broadcast pollution or use an external switch with IGMP snooping

So OK we can work around and understand it cannot be added to v6.x but since v7 is a rearchitecturing, I think it is completely legitimate to request to add it to the toolbox for those who want/need.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Sat Oct 29, 2016 1:53 pm

It was always possible to use the same ssid for different wlans.
I think what is meant is the "trick" to have a much much longer beacon interval on 2.4 than on 5 GHz
so a client that randomly starts receiving is more likely to connect on 5 GHz when it is supported.
Without this, the majority of clients will connect on 2.4 even when they do support 5, until some
config at the client is changed to prefer 5. (it is usually default to prefer 2.4)
This cannot be done on MikroTik because you cannot configure the beacon interval.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 243
Joined: Thu Nov 05, 2015 12:30 pm

Re: Feature request for v7.x

Tue Nov 01, 2016 12:18 pm

I wish standard bash ( or another command processor ) scripting interface.
Scripting in mikrotik and debugging scripts for mikrotik is horrible.
Sorry but it is just true. I spoken about that with many many colleagues and every single man have this wish for new mikrotik. Please, please consider this. Please.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Tue Nov 01, 2016 5:02 pm

I wish standard bash ( or another command processor ) scripting interface.
Scripting in mikrotik and debugging scripts for mikrotik is horrible.
Sorry but it is just true. I spoken about that with many many colleagues and every single man have this wish for new mikrotik. Please, please consider this. Please.
I think you have chosen the wrong OS. When you want bash scripting and other open access to the Linux system, you should install OpenWRT or another compact Linux system.
In some MikroTik routers you can even do that as a Virtual Machine running under RouterOS.
The RouterOS system is designed to be a closed layer on top of Linux that guards you from direct system access.
 
lukoramu
just joined
Posts: 18
Joined: Mon Jan 07, 2013 11:11 am

Re: Feature request for v7.x

Wed Nov 02, 2016 10:27 am

Interactive command-line packet sniffer, which would print packet headers immediately and without any 'paging'.

Just like tcpdump. For example:

/tool tcpdump interface=ether1 protocol=!udp src=192.168.1.0/24
10:23:49.941810 IP 192.168.1.171.4000 > 192.168.1.240.3565: Flags [P.], seq 35055931:35055951, ack 933641181, win 8192, length 20
...
 
hzsolt94
just joined
Posts: 1
Joined: Mon Nov 07, 2016 11:27 pm

Re: Feature request for v7.x

Mon Nov 07, 2016 11:47 pm

We need a lot of IPv6 features to be able to use it instead of IPv4. Just some examples:

- Working DHCPv6 server for single adresses,
- DHCPv6 with custom addressing schemes, to workaround device IPv6 limitations (Give out adresses based on MAC, give out EUI-like addresses, etc.)
- DHCPv6 DNS advertiesment support
- RA DNS extensions
- NAT66 (Needed for special things like hotspots, DNS-spoofing, captive portals)
- IPv6 policy-routing
- OpenVPN over IPv6 and OpenVPN with IPv6 inside
- IPv6 Layer7 filtering

Also there's the need for IPv6 address local-part matching in firewall rules. I frequently want to allow connections to one specific device, however as the dynamic prefix changed by the provider, the address of that devices is changed. This means there can't be exceptions based on full IPv6 addresses. (There is a dirty workaround with dydns and IPv6 address-lists but ...) The clean solution would be to match the lover bits of an address, something like "inverted /64 or /48 subnet matching".
 
ceesco53
just joined
Posts: 9
Joined: Mon Jun 05, 2006 6:36 pm

Re: Feature request for v7.x

Wed Nov 09, 2016 8:13 pm

BGP4-MIB. Please and thank you.
 
User avatar
jspool
Member
Member
Posts: 468
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Feature request for v7.x

Thu Nov 10, 2016 6:22 am

IKEv2 for IPSec
+1 This is so needed in the industry. Mikrotik would dominate the always on VPN for mobile devices if they had a VPN that fully supported IKEv2.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature request for v7.x

Thu Nov 10, 2016 9:49 am

IKEv2 for IPSec
+1 This is so needed in the industry. Mikrotik would dominate the always on VPN for mobile devices if they had a VPN that fully supported IKEv2.
FYI IKEv2 was just added to 6.38 Release Candidates. See http://wiki.mikrotik.com/wiki/Manual:IP ... 2_RSA_auth for config info.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7033
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature request for v7.x

Thu Nov 10, 2016 9:53 am

IKEv2 for IPSec
+1 This is so needed in the industry. Mikrotik would dominate the always on VPN for mobile devices if they had a VPN that fully supported IKEv2.
Check the changelo of latest rc.
http://forum.mikrotik.com/viewtopic.php ... 00#p566926
 
User avatar
jspool
Member
Member
Posts: 468
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Feature request for v7.x

Thu Nov 10, 2016 10:03 am

IKEv2 for IPSec
+1 This is so needed in the industry. Mikrotik would dominate the always on VPN for mobile devices if they had a VPN that fully supported IKEv2.
Check the changelo of latest rc.
http://forum.mikrotik.com/viewtopic.php ... 00#p566926
Great news! I look forward to a stable version that we can offer to customers.
 
Florian
Member Candidate
Member Candidate
Posts: 117
Joined: Sun Mar 13, 2016 9:45 am
Location: France

Re: Feature request for v7.x

Thu Nov 17, 2016 12:47 pm

Hi !

I would love a equivalent of "llprio" found in OpenBSD6.

"In ifconfig, add the "llprio" parameter to set the priority of packets that do not go through pf."

I believe it would be a way to interact with raw sockets packets. (In my own case, I need to put priority on DHCP packets, which can't be done right now...)

Thx :)
 
jrandombob
just joined
Posts: 5
Joined: Fri Jan 06, 2017 3:08 pm

Re: Feature request for v7.x

Fri Jan 06, 2017 3:25 pm

- Working DHCPv6 server for single adresses,
...
- DHCPv6 DNS advertiesment support
+1 on both of these, I was toying with the idea of switching my wireless infrastructure over to MikroTik, but until there's a DHCPv6 server which does host addressing I'll be putting that on the back-burner.
 
hurymak
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Mon Oct 06, 2014 1:31 pm

Re: Feature request for v7.x

Wed Jan 25, 2017 1:14 pm

No, Secure Routerboot does not protect the hardware at all. It only protects the configuration.
Currently true, but we will implement a specific second interval for the reset, so that it will be impossible to reset, unless you know that it is triggered between the 85th and 90th second :)
when this option will be implemented?
 
Alwest
just joined
Posts: 4
Joined: Sun Jan 29, 2017 4:24 pm

Re: Feature request for v7.x

Sun Jan 29, 2017 4:31 pm

DHCP Lease assignment based on received DHCP Option 82 Info (this one is the most important)
+1
must have!
I believe in Mikrotik)
 
umount
just joined
Posts: 4
Joined: Tue Jan 31, 2017 2:52 am

Re: Feature request for v7.x

Tue Jan 31, 2017 2:56 am

Force sending of DHCP options to clients
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: Feature request for v7.x

Sun Feb 19, 2017 4:00 am

IS-IS would be amazing. The ability to manage more than one routed protocol inside a single routing protocol that does not rely on the protocol it is routing for communication seems like a self evident great idea to me - but i don't have to code it and I get that building ISO/CLNS likely isn't straightforward. Nevertheless, it would significantly change the simplicity of any medium to large sized routed network. Managing OSPF2/3 pretty much stinks as a general rule and does not scale to large sizes like IS-IS does.
Segment routing via IS-IS TLV would be even more amazing. SR is a game changer - but it's dependent on the TLV or IPv6 implementation to function.

nb

I am in desperate need of ISIS... specifically Shortest Path Bridging (SPB)
Or some way to Dynamically route Large TE tunnels down multiple smaller ones.

Here is our problem. We are a WISP and we run MPLS and TE tunnels between sites. We use multiple connections between sites and utilize them with TE tunnels. The problem is that it does not balance well when the sites are needing lots of bandwidth and have many smaller connections. Here is an example.

Lets say site A has 4 connections to it:
1gb path 2 hops
100mb path 2 hops
100mb path 3 hops
200mb path 4 hops
Site A uses 350mbps and it is reserved in the TE tunnel. Great all is working well... until something happens to the 1gb link and it goes down.
When the 1 gb connection goes down the TE tunnel will fail and all of the traffic will then go down the 100mb 2 hops path. the other 2 links will not be used at all and the site will be crippled by lack of bandwidth. It has the bandwidth available but no way to use it.

Option 1: have some way to dynamically route Large TE tunnels down multiple smaller ones.

Option 2: Use multiple TE tunnels using BGP signaled VPLS and throw them all into a bridge that has ISIS and Shortest Path Bridging (SPB) breaks traffic up to allow multiple paths to the same site.

Option 3 (current option) Use multiple TE tunnels using BGP signaled VPLS and throw them all into a bonded interface. write a script that monitors the interface and add back changed VPLS interfaces. They are all dynamically made so when something changes they break out of the bonded interface. Then add the bonded interface into a bridge. You may need to add Nx addresses on both sides to use the fail detection on the interfaces in the bonding to make sure traffic doesn't go down a dead interface. then add another custom script to move the IP addresses to follow the dynamically created interfaces to ensure correct fail over....

Option 3 is not cool.
We really need option 1 or 2
 
lukoramu
just joined
Posts: 18
Joined: Mon Jan 07, 2013 11:11 am

Re: Feature request for v7.x

Fri Mar 17, 2017 3:45 pm

It would be very usefull to have "add to set" and "remove from set" operators in RouterOS commands, on those attributes, which contain some set of elements, i.e., ports:
/interface ethernet switch vlan set [find vlan-id=10] ports+=ether1
/interface ethernet switch vlan set [find vlan-id=11] ports-=ether3,ether4
The attribute "ports" is a set (a data structure) in this example, and operators "+=" and "-=" are hypothetical operators, which adds and removes elements to/from the set "ports". In mathematical terms - union and complement operations. Maybe event an "intersection" operator would be usefull in some cases :-)

Or is it already possible to do such operations? (I don't know RouterOS scripting yet..)
 
lukoramu
just joined
Posts: 18
Joined: Mon Jan 07, 2013 11:11 am

Re: Feature request for v7.x

Fri Mar 17, 2017 4:16 pm

Or even better - replace every "ports" and "tagged-ports" attribute (at least under "/interface ethernet switch") with a list of vlan-port associations in separate submenu (in style of "bridge ports", where you can use "add" and "remove" commands on every bridge-port association).
 
campa4bt
newbie
Posts: 32
Joined: Mon Jul 21, 2014 12:49 pm

Re: Feature request for v7.x

Mon Mar 20, 2017 3:06 pm

For me it is important to obtain a consolidate multi platform VPN:

- For example introducing the IKEv2

But it will be interesting, if is possible, to realize a multiplatform client, or web based VPN client to realize VPN Tunnels over 443 https port from different devices. It will be use SSTP existing Server or something similar.

Exists a roadmap on VPN evolutions on this way?

Thanks a lot for your work.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Feature request for v7.x

Mon Mar 20, 2017 3:31 pm

Force sending of DHCP options to clients
+1
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Feature request for v7.x

Mon Mar 20, 2017 3:40 pm

DHCP Lease assignment based on received DHCP Option 82 Info (this one is the most important)
+1
must have!
I believe in Mikrotik)
+1
Although I believe it is not the best solution on the routerboard.
I already a solution that generates reports and historical of all DHCP requests based on option 82. (something that MT will not do).
Btw will be something to be evaluated.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Feature request for v7.x

Mon Mar 20, 2017 11:47 pm

Automatic Import

In RouterOS it is possible to automatically execute scripts - your script file has to be named anything.auto.rsc - once this file is uploaded using FTP to the router, it will automatically be executed, just like with the '/import' command. This method only works with FTP.

Once the file is uploaded, it is automatically executed. Information about the success of the commands that were executed is written to anything.auto.log

source: https://wiki.mikrotik.com/wiki/Manual:C ... tic_Import

Suggestion for Mikrotik: could migrate the automatic import also to sftp or scp uploads and downloads . (auto execute files *.auto.rsc from anywhere)
Last edited by juliokato on Fri Apr 07, 2017 12:00 am, edited 1 time in total.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Feature request for v7.x

Mon Mar 20, 2017 11:54 pm

How to reset counter interfaces LTE or PPP-Client.

I has find for interfaces ethernet, but not for the LTE nor PPP....

The only way i can do this at the moment is to reboot the mikrotik device...
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: Feature request for v7.x

Thu Apr 06, 2017 11:32 pm

Another potentially easier option for implementing segment routing would be to implement IPv6-SR (and the SRH). I'd personally rather have IS-IS because I believe it is a significantly better protocol, but implementation if SRH would likely be easier since there is already an IPv6 stack and public code exists to extend the protocol.
IS-IS would be amazing. The ability to manage more than one routed protocol inside a single routing protocol that does not rely on the protocol it is routing for communication seems like a self evident great idea to me - but i don't have to code it and I get that building ISO/CLNS likely isn't straightforward. Nevertheless, it would significantly change the simplicity of any medium to large sized routed network. Managing OSPF2/3 pretty much stinks as a general rule and does not scale to large sizes like IS-IS does.
Segment routing via IS-IS TLV would be even more amazing. SR is a game changer - but it's dependent on the TLV or IPv6 implementation to function.

nb

I am in desperate need of ISIS... specifically Shortest Path Bridging (SPB)
Or some way to Dynamically route Large TE tunnels down multiple smaller ones.

Here is our problem. We are a WISP and we run MPLS and TE tunnels between sites. We use multiple connections between sites and utilize them with TE tunnels. The problem is that it does not balance well when the sites are needing lots of bandwidth and have many smaller connections. Here is an example.

Lets say site A has 4 connections to it:
1gb path 2 hops
100mb path 2 hops
100mb path 3 hops
200mb path 4 hops
Site A uses 350mbps and it is reserved in the TE tunnel. Great all is working well... until something happens to the 1gb link and it goes down.
When the 1 gb connection goes down the TE tunnel will fail and all of the traffic will then go down the 100mb 2 hops path. the other 2 links will not be used at all and the site will be crippled by lack of bandwidth. It has the bandwidth available but no way to use it.

Option 1: have some way to dynamically route Large TE tunnels down multiple smaller ones.

Option 2: Use multiple TE tunnels using BGP signaled VPLS and throw them all into a bridge that has ISIS and Shortest Path Bridging (SPB) breaks traffic up to allow multiple paths to the same site.

Option 3 (current option) Use multiple TE tunnels using BGP signaled VPLS and throw them all into a bonded interface. write a script that monitors the interface and add back changed VPLS interfaces. They are all dynamically made so when something changes they break out of the bonded interface. Then add the bonded interface into a bridge. You may need to add Nx addresses on both sides to use the fail detection on the interfaces in the bonding to make sure traffic doesn't go down a dead interface. then add another custom script to move the IP addresses to follow the dynamically created interfaces to ensure correct fail over....

Option 3 is not cool.
We really need option 1 or 2
 
chaplin
just joined
Posts: 3
Joined: Mon Jul 21, 2014 4:30 pm

Re: Feature request for v7.x

Thu May 11, 2017 4:34 pm

Allow header modification.
curl -H
 
gmiller01
just joined
Posts: 3
Joined: Thu Feb 05, 2015 10:09 am

Re: Feature request for v7.x

Mon May 22, 2017 3:58 pm

  • MAC address vendor in IP scan results, like https://macvendors.com/
  • Telnet to other port than 23 (testing if a port is alive)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7033
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature request for v7.x

Mon May 22, 2017 4:12 pm

  • Telnet to other port than 23 (testing if a port is alive)
Already possible
/system telnet address=1.1.1.1 port=222
 
htdbnbj
just joined
Posts: 6
Joined: Sat May 29, 2004 10:42 am
Location: Durban, South Africa

Re: Feature request for v7.x

Thu Sep 07, 2017 2:57 pm

Looking forward to up to date NIC support in v7 x86 and with 64Bit.
ROS x86 looking very dated at the moment and working around it with a VM solution is not the answer when all one wants is a bare hardware solution.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Thu Sep 07, 2017 3:19 pm

[*]MAC address vendor in IP scan results, like https://macvendors.com/
The file for that is rather large, 600K for the file used by nmap, 1300K for the file used by wireshark.
Maybe it could be done in an optional package.
[*]Telnet to other port than 23 (testing if a port is alive)
Already possible:
/system telnet 1.2.3.4 port=80
 
gmiller01
just joined
Posts: 3
Joined: Thu Feb 05, 2015 10:09 am

Re: Feature request for v7.x

Fri Sep 22, 2017 12:26 pm

[*]MAC address vendor in IP scan results, like https://macvendors.com/
The file for that is rather large, 600K for the file used by nmap, 1300K for the file used by wireshark.
Maybe it could be done in an optional package.
[*]Telnet to other port than 23 (testing if a port is alive)
Already possible:
/system telnet 1.2.3.4 port=80

Thank you :-)
 
AnupamPradhan
newbie
Posts: 35
Joined: Wed May 04, 2016 2:44 pm

Re: Feature request for v7.x

Mon Oct 02, 2017 8:23 pm

Hi All,

I have seen lots of post and hell lot of documents available on web for PCC load balancing. But all these documents dont have the one click deployment solution. I mean its great to learn something new but sometimes GUI with one click solution is better for a production environment.

I have seen Mikrotik team has done a tremendous job in developing the ROS. But still, as I believe and I am sure there are lots like me believes that this WAN load balancing is still missing from ROS.

@Normis - I have used Tplink TL-R470T+ for the same purpose. So simple and easy. If they can do it I think its not very big deal for Mikrotik team.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Mon Oct 02, 2017 8:59 pm

I have seen lots of post and hell lot of documents available on web for PCC load balancing. But all these documents dont have the one click deployment solution. I mean its great to learn something new but sometimes GUI with one click solution is better for a production environment.

I have seen Mikrotik team has done a tremendous job in developing the ROS. But still, as I believe and I am sure there are lots like me believes that this WAN load balancing is still missing from ROS.
In general the MikroTik solution is not for those that want "one click solutions". The advantage is that with MikroTik you have a lot more flexibility, the disadvantage is that it requires some insight and experience from you (although in the case of PCC there are ready-to-use examples for the simple case of two equal internet connections).
When you don't have insight and experience and you have no interest in obtaining it, MikroTik may not be for you.
Please don't try to convince MikroTik that they should turn RouterOS into a one-click-system because it will remove the flexibility that the other users require.
 
lalo86
just joined
Posts: 5
Joined: Tue Oct 03, 2017 1:16 pm

Re: Feature request for v7.x

Tue Oct 03, 2017 1:25 pm

Please consider implementing ShadowSocks Client/Server with chacha20 encryption.
It's so bad to use metarouter with OpenWRT or dedicated OpenWRT hardware just beacause RouterOS doesnt have it.


Thanks
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: Feature request for v7.x

Fri Oct 13, 2017 12:32 pm

I will be very glad if there is a tool for cutting the current screen of winbox. Also, if something (text) is copied from the terminal to the colors for greater convenience when looking for a setting. Also have and chat system between two routerboard systems or between two administratos in winbox :)
 
User avatar
shahbazian
Trainer
Trainer
Posts: 169
Joined: Fri Sep 09, 2011 6:22 pm
Location: Iran
Contact:

Re: Feature request for v7.x

Mon Jul 16, 2018 11:52 pm

Implement NAT64 described in RFC6146 https://tools.ietf.org/html/rfc6146 + DNS64

Also, 6RD.
6RD very useful for rapidly deployment of IPv6 in ISPs; some of xDSL modems support 6RD now.
 
campa4bt
newbie
Posts: 32
Joined: Mon Jul 21, 2014 12:49 pm

Re: Feature request for v7.x

Tue Jul 24, 2018 3:30 pm

Cloud Centralized Manager
 
giguard
newbie
Posts: 35
Joined: Mon Oct 01, 2018 7:10 pm

Re: Feature request for v7.x

Mon Oct 08, 2018 6:05 am

Hi,
I would like to request for radius accounting support on IKE2.
Right now it is only supporting access request.

May be this goes without saying but just in case, rate-limit attribute support is necessary also.
As far as rate-limit is concern, it is now being discarded by the RouterOS.

Lastly, thank you guys/gals, your work is appreciated.
 
nopain1573
just joined
Posts: 1
Joined: Mon Oct 08, 2018 6:35 am

Re: Feature request for v7.x

Mon Oct 08, 2018 6:45 am

shadowsocks built in please。
 
TerAnYu
newbie
Posts: 28
Joined: Sun Jun 20, 2010 1:46 pm
Location: Russia, Novosibirsk

Re: Feature request for v7.x

Wed Oct 10, 2018 8:04 am

There is a strong wish to see function similar Dynamic Multipoint VPN (DMVPN)
 
chakphanu
just joined
Posts: 2
Joined: Thu Oct 11, 2018 9:45 am

Re: Feature request for v7.x

Thu Oct 11, 2018 10:03 am

JWT Token: Hotspot without local user or radius.

1.MT install public key or use JWK/JWKS method.
2.when client login via external auth server and send callback token to MT: http(s)://local.hotspot.mt/token=jwt.token.signature.
3.MT using public key to verify jwt token.
4.MT do login with parameter in jwt, without require local user or external radius.
example jwt parameter:
{
"jti": "uuid-xxxx-xxx-xxx",
"iss": "https://auth.provider.com/",
"exp": 1460046123,
"User-Name": "username@realm.com",
"Mikrotik-Rate-Limit": "1M/2M",
"Session-Timeout": 3600
}
 
estas
just joined
Posts: 22
Joined: Sat Nov 03, 2018 8:34 pm

Re: Feature request for v7.x

Mon Nov 05, 2018 4:28 pm

Please, add UDPXY for IPTV stream relay!
 
hairfarmer
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Thu Jan 31, 2008 1:11 am

Re: Feature request for v7.x

Sun Nov 25, 2018 1:26 am

mDNS server for Chromecast/Bonjour/ZeroConfig across VLANs.

WiFi networks are too big to have all the available devices all bridged to the LAN.

Would be nice to then firewall what devices are discoverable.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature request for v7.x

Mon Nov 26, 2018 2:29 pm

Locator Id Separation (LISP) support
RFC6830-6836, please!
 
RackKing
Member
Member
Posts: 380
Joined: Wed Oct 09, 2013 1:59 pm

Re: Feature request for v7.x

Tue Dec 04, 2018 2:23 pm

mDNS server for Chromecast/Bonjour/ZeroConfig across VLANs.

WiFi networks are too big to have all the available devices all bridged to the LAN.

Would be nice to then firewall what devices are discoverable.
m2
 
lygstate
just joined
Posts: 5
Joined: Wed May 01, 2019 4:02 pm

Re: Feature request for v7.x

Wed May 01, 2019 9:13 pm

I hope full SwOS function are merged into RouterOS
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11365
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature request for v7.x

Thu May 02, 2019 10:42 am

I hope full SwOS function are merged into RouterOS
Which functionality can you enable/configure in SwOS that can not be done in ROS?
 
mada3k
Long time Member
Long time Member
Posts: 681
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Feature request for v7.x

Mon May 06, 2019 8:15 pm

mDNS proxy is very useful, both home and medium-enterprise.
 
arily
just joined
Posts: 1
Joined: Sat Jun 16, 2018 3:12 pm

Re: Feature request for v7.x

Fri May 17, 2019 1:47 pm

IPv6 policy routing
IPv6 multiple routing table
IPv6 accounting
Address list subscription
 
eliemacho
just joined
Posts: 22
Joined: Thu May 02, 2019 12:20 pm

Re: Feature request for v7.x

Wed Jun 12, 2019 2:28 am

cant really understand why does PCC require us to mark the connection of the incoming WAN interfaces with the same mark of the incoming LOCAL interface
knowing that the routing mark will take the decision at the where to route the packets to the outside world
like using the "WAN1" & "WAN2" for example as connection mark names for the incoming WANs and using the same connection mark names for the incoming LOCAL and then mark the route for each WAN interface
whats the reason behind having the same cnx mark name of the in WAN and in LOCAL

any clarification whats the relation between them and how does this feature work, CZ as for me i could mark the in LOCAL with a routing mark (using of course the pcc feature 2/0';2/1 for ex) and route every connection being made from the LOCAL to the outside with the specific gateway associated with that routing mark WITHOUT going into routing the output traffic of the router interfaces with a cnx mark of there each WAN etc...
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature request for v7.x

Fri Jun 14, 2019 2:55 am

1) You posted in wrong thread

2) I'm not sure if I'm getting the part about same names, but no such requirement exists. In some cases, it should be possible to skip connection marking completely, but it would only work if you'd have outgoing connections only, no incoming. And even then marking connections first should be more efficient, because connection tracking happens anyway and just checking mark should take less work than doing PCC computing for each packet.
 
rene72
just joined
Posts: 15
Joined: Fri Jun 14, 2019 11:35 am

Re: Feature request for v7.x

Tue Jun 18, 2019 8:29 pm

A solution like ha proxy in router os v7 would be usefull I like to run multiple ssl sites behind my mikrotik router on 1 public ip and lets encrypt support to automaticly secure them with ssl
 
rupeshkafle
just joined
Posts: 3
Joined: Sun Feb 11, 2018 10:44 pm

Re: Feature request for v7.x

Wed Jul 24, 2019 1:24 pm

Is there any timeline for IPv6 route marking? or Is it still impossible to implement on routeros6 due to kernel limitations?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11365
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature request for v7.x

Wed Jul 24, 2019 2:07 pm

A solution like ha proxy in router os v7 would be usefull I like to run multiple ssl sites behind my mikrotik router on 1 public ip and lets encrypt support to automaticly secure them with ssl
The only sensible part of this wish is "letsencrypt support for SSL certificates" ...

If you're running multiple (SSL) sites behind your mikrotik, you can easily use one of those servers to run reverse proxy (haproxy functionality you requested above is essentially this) on it ... PC hardware is much better suited to run such service than average xMIPS/ARM deployed in RBs. Not to mention additional RAM needed by this functionality (it needs to keep list of active connections if load-ballancing functionality of haproxy is used). Plus all encryption/decryption (not sure if that can/will be offloaded to HW on units that have such hardware).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Wed Jul 24, 2019 2:33 pm

PC hardware is much better suited to run such service than average xMIPS/ARM deployed in RBs. Not to mention additional RAM needed by this functionality (it needs to keep list of active connections if load-ballancing functionality of haproxy is used). Plus all encryption/decryption (not sure if that can/will be offloaded to HW on units that have such hardware).
While I did not make this request and do not need such functions, I would say that my CCR routers have so much CPU, crypto accel and RAM capacity that is sitting unused that it would certainly be worth it to load them with something like this, e.g. when the webserver itself gets a little overloaded by the crypto.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11365
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature request for v7.x

Wed Jul 24, 2019 4:46 pm

I'd say that such an expensive hardware (as CCRs are) sitting idle at some cheap enterprise, is a rare species which doesn't warrant developing new functionality. I mean ... having idle CCR costing anywhere between 425€ and 3000€, but saving some 1000€ by not buying a modest x86_64 server which would handle things much better ...

I think devs' time would be better used when implementing full feature set for IPv6 ... for example.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Wed Jul 24, 2019 5:33 pm

I'd say that such an expensive hardware (as CCRs are)
Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.
I think devs' time would be better used when implementing full feature set for IPv6 ... for example.
I agree with that! But talking to MikroTIk staff it became clear to me that nothing is to be expected in that department.
Apparently most of their customers are not interested in IPv6.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11365
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature request for v7.x

Wed Jul 24, 2019 10:06 pm

I'd say that such an expensive hardware (as CCRs are)
Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.
Perhaps not ... but we might have different perspectives. Me, for example, I associate CCRs with decent LAN size which deserves some dedicated boxes to do some things ... such as dedicated server for http/https and in this case CCR should do routing and firewalling. On the other hand I expect to see budget hardware (hEX/hAP) to do stuff where it is sensible to join different tasks on small number of devices.

OTOH I'm quite used to use ICT gear vith price tags ranging from 0 to a few million €uros. (I'm not saying that's their value :wink:)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Thu Jul 25, 2019 12:04 am

I was thinking more in terms of an inexpensive SSL accellerator/loadbalancer that could also perform some other functions like routing and firewalling.
Not that I need one, but maybe some people do.
 
User avatar
ingdaka
Trainer
Trainer
Posts: 452
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: Feature request for v7.x

Thu Jul 25, 2019 12:45 am

+1 for BGP4-MIB (RFC 4273)
 
Gesuino
just joined
Posts: 14
Joined: Mon Jan 21, 2019 5:28 pm

Re: Feature request for v7.x

Fri Jul 26, 2019 9:11 pm

Hi please improve dude settings from cli, i love routeros scripting language. I need some instrument for auto adding devices to graphical map, in routeros style like: /dude network-maps rescan "home" that can be triggered by scripts;
/dude device add name=" " ip-address=" " type=" .... to-map="home" <-And device added can be showed in dude graphical client relative map.

Thanks :)
 
aneroid
just joined
Posts: 9
Joined: Fri Dec 30, 2016 1:07 pm

Re: Feature request for v7.x

Tue Sep 10, 2019 3:40 pm

mDNS server for Chromecast/Bonjour/ZeroConfig across VLANs.

WiFi networks are too big to have all the available devices all bridged to the LAN.

Would be nice to then firewall what devices are discoverable.
m2
also here ... for securing IoT over VLANs, etc.
 
User avatar
kiler129
Member
Member
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: Feature request for v7.x

Mon Sep 23, 2019 3:22 am

I hit the mDNS problem again in an enterprise setting. You know how funny it is to explain that we need a small VM just to run Avahi reflector? It got even more awkward when someone in the meeting mentioned that both Cisco and Ubiquity can do that.

Really, the mDNS/Zeroconf/Bonjour is really needed. While originally it was just merely a helpful gadget in the Apple ecosystem it's no longer the case. Back in the days there was always a manual option to connect to a device - nowadays it's simply not possible in many scenarios. Chromecasts and AppleTVs are used across the industry in conference rooms and currently it's not possible to put them into isolation since mDNS will not cross the subnets.
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 157
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: Feature request for v7.x

Mon Sep 23, 2019 7:58 am

It would be really great if Mikrotik v7.x can include walled-garden like feature for PPPOE also just Like Cisco's.
Because PPPOE with radius create lots of hits when user is suspended of Terminated....

Thanks :)
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 157
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: Feature request for v7.x

Mon Oct 28, 2019 7:16 pm

Dear Mikrotik Team,

Please Include the following features in Mikrotik ROS v7.x

1. DHCPv6 Server
2. Accounting for IPv6 and Radius Parameters (Most Important Requirement for ISP's)
3. Walled Garden Service for PPPOE to prevent unnecessary hits from users. (Just like feature in Cisco Routers).
4. IPv6 Hotspot Service (Optional).
5. IPv6 NAT Service

Looking forward to your valuable response.

Regards
Nithin Kumar
 
deanMKD1
Member
Member
Posts: 366
Joined: Fri Dec 12, 2014 12:06 am
Location: Macedonia
Contact:

Re: Feature request for v7.x

Mon Oct 28, 2019 8:18 pm

Monthly traffic per interface. Dont tell me about graphing. Its not fine for me.
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 157
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: Feature request for v7.x

Mon Nov 18, 2019 11:42 am

Please Include Traget= interface-list in Simple Queues.

Thanks in Advance
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2854
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Feature request for v7.x

Mon Nov 18, 2019 1:24 pm

MAC list ...
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 157
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: Feature request for v7.x

Sun Jul 05, 2020 9:07 pm

Please add the IPv6 Radius accounting. All ISP are looking for the same from very long time.

ISP's are unable to deploy the IPv6 due to No Radius Accounting for IPv6 and it is really SAD:( that Mikrotik team is not taking any actions towards this issue.

Mikrotik is being used by Many ISP's across the world and yes we love ROS and Features but it feels bad that other brands like CISCO, Huwai, Juniper are IPv6 Ready but Majorities who are using Mikrotik are still not ready to deploy IPv6 because it still lags features.

Expecting the Feature at the earliest.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: Feature request for v7.x

Mon Jul 06, 2020 5:11 pm

Feature request for wireless: "airtime fairness": fair-accese / To allocate Airtime evenly across all the clients.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Feature request for v7.x

Tue Jul 07, 2020 12:50 pm

Monthly traffic per interface. Dont tell me about graphing. Its not fine for me.
Log interface traffic counter to a syslog server. There you can see it number or you can graph it if you like.
See link in my signature on how to set up Splunk (syslog server) to log MikroTik Routers.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Tue Jul 07, 2020 12:57 pm

Monthly traffic per interface. Dont tell me about graphing. Its not fine for me.
Log interface traffic counter to a syslog server. There you can see it number or you can graph it if you like.
See link in my signature on how to set up Splunk (syslog server) to log MikroTik Routers.
It may be that he has one of those ISPs that have "limited bundle of traffic". Some other routers offer an option
to set a "day of the month when bundle starts" and it will count traffic and reset it on that date. It may also offer
an alert when the accumulated traffic exceeds some set limit.
It is a feature in the "detect internet" and "kid control" class: people want this because others offer it, and it
is convenient in their home setting. They do not want to setup a syslog analyzer for that.
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: Feature request for v7.x

Wed Jul 08, 2020 2:55 am

I'd say that such an expensive hardware (as CCRs are)
Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.
I think devs' time would be better used when implementing full feature set for IPv6 ... for example.
I agree with that! But talking to MikroTIk staff it became clear to me that nothing is to be expected in that department.
Apparently most of their customers are not interested in IPv6.
This is the conundrum of IPv6 - the "no one is asking for it" line is the weakest excuse for not deploying IPv6. 99.999% of customers won't ask for it, nor should they. If it is done correctly they'll never even notice they are using it. Operators don't deploy it because vendor implementations are incomplete. IPv6 deployment is quite profound in mobile and smartgrid networks, and (at least in the US), nearly all major providers offer it (Comcast, ATT, Spectrum, etc.) and the content has been there for years. If Mikrotik would implement feature parity with IPv4 then the bar is further lowered.
If we put even 1/8 of the effort into doing v6 as we did painting over the rusty carcas of ipv4 we would have been done a decade ago. Come on, Mikrotik, this is fundamental stuff.


nb
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 157
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: Feature request for v7.x

Wed Jul 08, 2020 7:01 am

I'd say that such an expensive hardware (as CCRs are)
Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.
I think devs' time would be better used when implementing full feature set for IPv6 ... for example.
I agree with that! But talking to MikroTIk staff it became clear to me that nothing is to be expected in that department.
Apparently most of their customers are not interested in IPv6.
This is the conundrum of IPv6 - the "no one is asking for it" line is the weakest excuse for not deploying IPv6. 99.999% of customers won't ask for it, nor should they. If it is done correctly they'll never even notice they are using it. Operators don't deploy it because vendor implementations are incomplete. IPv6 deployment is quite profound in mobile and smartgrid networks, and (at least in the US), nearly all major providers offer it (Comcast, ATT, Spectrum, etc.) and the content has been there for years. If Mikrotik would implement feature parity with IPv4 then the bar is further lowered.
If we put even 1/8 of the effort into doing v6 as we did painting over the rusty carcas of ipv4 we would have been done a decade ago. Come on, Mikrotik, this is fundamental stuff.


nb
Yes i agree with you. There is no major concentration to IPv6 Modules from Mikrotik Team.

Come On Mikroitk Team Please add the support for Delegated IPv6 Prefix when using PPPOE Auth for RADIUS CLIENT

Atleast this much we can expect from Team Mikrotik right!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Wed Jul 08, 2020 12:14 pm

This is the conundrum of IPv6 - the "no one is asking for it" line is the weakest excuse for not deploying IPv6. 99.999% of customers won't ask for it, nor should they. If it is done correctly they'll never even notice they are using it.
That is probably the biggest problem in IPv6 adaptation! When you do it correctly, nobody notices it. When you make a mistake, people complain that things that
were working before now are no longer working. So the pre-calculated impact on the network is: "it can only cause problems".

With that situation, it is not so surprising that so many ISPs postpone it over and over again, and most of them are not asking for IPv6 features at MikroTik.
And of course, the major sales of MikroTik routers is triggered by what ISPs do and buy, not the end-user who has bought a single router and tries to config it.
With RouterOS v6, IPv6 is not even enabled by default. So people who do not explicitly try to use it, will never notice it is there.

Fortunately that has changed in v7, but now we still see a large disparity of functionality between IPv4 and IPv6 in RouterOS. Hopefully sometime people will wake
up and align that.
 
sep
newbie
Posts: 25
Joined: Thu Nov 28, 2013 2:34 pm

Re: Feature request for v7.x

Tue Nov 10, 2020 11:31 am

pre covid. when going to a conference, I counted more then 15 people asking a unnamed firewall vendor about ipv6... and every one of them got the answer that "nobody is asking about ipv6"... ; "Nobody is asking about ipv6" is just a silly excuse, many vendors simply do not want to hear the question.

of course, when the users are asking about ipv6, it is a bit late to start thinking about it from the vendor's side. most vendors are on the ipfv6 ball for years already. And mikrotik have rudimentary support. but they are so far behind the ball at this point that working with the quirks is not funny any more.

I have been a mikrotik and routeros user since the the first version 3.x And I really would want to continue using routeros in the future. But that means that mikrotik must have plans to be relevant in the future.

And the (my?) future consists mostly of ipv6-only networks. With some ipv4 bubbles connected with ipv6 tunnels or ipv4 as a service solutions.

We are migrating networks as quick as we can, and unfortunatly in each case that usually means replacing mikrotik. Running dual-stack is a last resort option, since it is more then 2x the work.

Mikrotik as an CPE desperately need RFC8585 support, it contains the common CPE solutions. most importantly NAT64, since that is so widespread already.
All of these have FOSS tools available, so they do not need to reinvent anything. But they do need to integrate them. with TR069 support, DNS64+NAT64 and CLATD mikrotik could be a CPE of choice for many isp's

Mikrotik as a DC/ISP use Need tools such as SIIT-DC and NAT64.
SIIT-DC allow you to provice services to ipv4 internet from an ipv6 only datasenter. DNS64+NAT64 allow ipv6 only hosts to reach ipv4 only services online.
integrating something like JOOL would solve this. ( https://www.jool.mx )

Those are my personal itches. but ipv6 feature parity should be mikrotik's endgoal.

NPTv6 is useful for a small niche as well. But if you have a network so important it need 2x isp's, you could probably send that email and ask one of the isp's for a PI space as well. with ipv6 PI space, announced by the isp's or announced via a privateAS bgp should be the default solution for a small multihomed network, since the address space is so abundant, getting PI space is an email or 2 away. and not the problem it was on ipv4.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Tue Nov 10, 2020 2:23 pm

But if you have a network so important it need 2x isp's, you could probably send that email and ask one of the isp's for a PI space as well. with ipv6 PI space, announced by the isp's or announced via a privateAS bgp should be the default solution for a small multihomed network, since the address space is so abundant, getting PI space is an email or 2 away. and not the problem it was on ipv4.
Do you have any experience with that in practice, or is it only a proposal?
Here we have two different ISPs connected, each with IPv4 and IPv6, we use load-balancing/failover techniques to distribute the traffic over the two lines for IPv4, but for IPv6 that
is not possible due to the lack of NAT/route marking.
Of course even when we had BGP announcement of a PI space, and had the providers advertise only default routes, we would still have no loadbalancing for outbound traffic,
but maybe some for inbound. It could be a solution.
But I think the ISPs would act quite surprised when I propose setting up such a thing. It would be nice when you have some RFC that describes the scenario and practices.
(this does not appear to be in the scope of RFC 8585)
 
magnavox
Member
Member
Posts: 357
Joined: Thu Jun 14, 2007 1:03 pm

Re: Feature request for v7.x

Tue Jun 15, 2021 6:47 pm

There is this small, not-well-known but very useful tool called "etckeeper" for Linux, which automatically commits all changes you do on your configuration to the version-control-system of your choice (git, svn...). An implementation of that for MikroTik would be interesting
I suggest you look at RANCID, it does what you've described. Works for me, as well as with much other network equipment.
Very interesting, can you share some details about Rancid and Mikrotik backup?
 
troffasky
Member
Member
Posts: 431
Joined: Wed Mar 26, 2014 4:37 pm

Re: Feature request for v7.x

Sat Jun 26, 2021 12:05 pm

RANCID is a heap of scripts, with different collector plugins for different target platforms. It logs in on a schedule, executes whatever the native equivalent of "/export compact", "show run", etc, is and stores the output in a version control backend. It can email you a diff of the config.

The "mtlogin" RANCID component takes ROS commands or scripts as an argument, so you can use this from your own scripts for making bulk changes, for example.
 
emunt6
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Fri Feb 02, 2018 7:00 pm

Re: Feature request for v7.x

Sun Jun 27, 2021 3:28 am

1., High Availability (HA) (example: two or more router devices)
Stacking / Clustering - features:
> control-plane states sync ( example: NAT );
> configuration sync ( filesystem );
> upgrade/downgrade firmware ( cluster all members );
> all devices like a "single logical device" ( example: cisco VSS; hpe IRF );
> load-balancing / load-sharing ( master-master; master-slave; other )
2., Linux Namespaces for VRF (virtual routing and forwarding)
3., VRF route leaking with MP-BGP
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 157
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: Feature request for v7.x BGP advertise-inactive

Sat Jul 03, 2021 8:51 am

BGP option like Juniper "advertise-inactive".
+1
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2854
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Feature request for v7.x

Sun Jul 18, 2021 4:00 pm

port list
mac-address list
 
altayr
just joined
Posts: 2
Joined: Tue Feb 15, 2022 9:11 pm

Re: Feature request for v7.x

Wed Feb 16, 2022 8:23 am

A solution like ha proxy in router os v7 would be usefull I like to run multiple ssl sites behind my mikrotik router on 1 public ip and lets encrypt support to automaticly secure them with ssl
+1

And I would mention that it would be enough to have port sense ability, like port forward port 80 to ip list, and use first available of them, and fail over to next available in case health check fails.
This time no need for full ha proxy implementation but only “smart” or “ha port forward” which requires only health check and dynamic port forward rule change.
 
digit
just joined
Posts: 22
Joined: Thu Apr 01, 2010 7:07 pm

Re: Feature request for v7.x

Fri Feb 18, 2022 4:20 pm

WIFI multiple PSK ACL with wildcard MAC.

Here Engenius description on that. Ruckus also have something similar and I think Meraki also do so...
https://www.engeniustech.com/mypsk-a-ne ... porations/

Here discussion about the issue on the forum
viewtopic.php?p=913911&hilit=dpsk#p913911

Basic idea is to have a single SSID and allow multiple PSK and assigned VLAN based on PSK used. That is use in hotel or nursing home application where device does not always play well with WPA2-Enterprise (RADIUS). Basic idea, each room have it's own PSK on a single SSID and VLAN are assign based on PSK used, so device on same "room" can communicate with each other. Alexa, ChromeCast, Tablet...

Right now wifi ACL allow for (almost) that, but MAC need to be know. Also a "wildcard" MAC is allowed, but only the first one is evaluated. Need to have multiple wildcard, if first failed, check the next...

This is working
/interface wireless access-list
add mac-address=01:01:01:01:01:01 private-pre-shared-key=testvlan1
add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
This is also working
/interface wireless access-list
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1
add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
But this is not, and that is requiered
/interface wireless access-list
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
/code]
Last edited by digit on Fri Feb 18, 2022 6:07 pm, edited 3 times in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10170
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request for v7.x

Fri Feb 18, 2022 4:40 pm

You are aware that this feature is patented by Ruckus?
 
digit
just joined
Posts: 22
Joined: Thu Apr 01, 2010 7:07 pm

Re: Feature request for v7.x

Fri Feb 18, 2022 5:10 pm

You are aware that this feature is patented by Ruckus?
Damn... patent... that's why you can't have a toilet that flush properly or a saw that can saw without being over complicated these days...

EDIT:

Found that RUCKUS patent, I don't think it apply
This describe a connection to an open network first, then a PSK is dynamically generated and use for later communication.

https://patents.google.com/patent/US9226146B2/en

Proposed solution is to have multiple STATIC psk on a non open SSID where all PSK are evaluated and if one match, grant access.

Explain why current implementation where first wildcard is allowed is correct and check multiple wildcard infringe Ruckus patent ? Also note that Engenius, Cambium, Aerohive and Meraki have similar solution.

https://www.engeniustech.com/mypsk-a-ne ... porations/
https://community.cambiumnetworks.com/t ... keys/62609
Last edited by digit on Fri Feb 18, 2022 8:54 pm, edited 2 times in total.
 
excession
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Mon May 11, 2015 8:16 pm

Re: Feature request for v7.x

Fri Feb 18, 2022 7:45 pm

Other vendors have this feature.
Doesn’t seem like a patent issue if you don’t try and call it DPSK.
 
tx6376
just joined
Posts: 10
Joined: Tue Feb 02, 2021 8:35 pm

Re: Feature request for v7.x

Sat Feb 19, 2022 2:40 pm

RTSP helper (alg)
Thanks.
 
digit
just joined
Posts: 22
Joined: Thu Apr 01, 2010 7:07 pm

Re: Feature request for v7.x

Thu Feb 24, 2022 12:09 am

route based ipsec vs policy based

ipsec with an interface, so we can do OSPF / BGP / Static routing on Interface without the need of L2 tunneling like GRE when connected to other brand router / Azure.

VTI or XFRM interfaces.
 
CTSsean
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Sep 15, 2017 12:56 pm

Re: Feature request for v7.x

Tue Jul 04, 2023 5:22 pm

Plus 1 for this!
WIFI multiple PSK ACL with wildcard MAC.

Here Engenius description on that. Ruckus also have something similar and I think Meraki also do so...
https://www.engeniustech.com/mypsk-a-ne ... porations/

Here discussion about the issue on the forum
viewtopic.php?p=913911&hilit=dpsk#p913911

Basic idea is to have a single SSID and allow multiple PSK and assigned VLAN based on PSK used. That is use in hotel or nursing home application where device does not always play well with WPA2-Enterprise (RADIUS). Basic idea, each room have it's own PSK on a single SSID and VLAN are assign based on PSK used, so device on same "room" can communicate with each other. Alexa, ChromeCast, Tablet...

Right now wifi ACL allow for (almost) that, but MAC need to be know. Also a "wildcard" MAC is allowed, but only the first one is evaluated. Need to have multiple wildcard, if first failed, check the next...

This is working
/interface wireless access-list
add mac-address=01:01:01:01:01:01 private-pre-shared-key=testvlan1
add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
This is also working
/interface wireless access-list
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1
add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
But this is not, and that is requiered
/interface wireless access-list
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
/code]
[/quote]
 
LaZyLion
newbie
Posts: 32
Joined: Fri May 09, 2014 10:27 am

Re: Feature request for v7.x

Wed Jul 05, 2023 8:49 pm

Hi all

The Zerotier client allows adding static routes but only to the main routing table.
It would be nice to specify a different routing table on the Zerotier interface tab.

This would make handling marked routing-table traffic much easier as one could update routes en-mass from the Zerotier portal, rather than having to update routes manually in each router.


Thanks all.
Keep up the great work.

Who is online

Users browsing this forum: Bing [Bot], Maestrosoft, ogggi and 26 guests