Community discussions

 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 221
Joined: Tue Mar 08, 2011 2:52 am
Location: Vaprio d'Agogna (NO) - Italy
Contact:

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Fri Apr 22, 2016 6:02 pm

RC software is for testing purposes, do not complain if your unit doesn't boot after upgrade. If you want to be useful, try to describe your problem to mikrotik's staff, so they can find and fix the bug that caused it.
 
w0lt
Member
Member
Posts: 480
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Fri Apr 22, 2016 6:16 pm

RC software is for testing purposes, do not complain if your unit doesn't boot after upgrade. If you want to be useful, try to describe your problem to mikrotik's staff, so they can find and fix the bug that caused it.
I have every right to complain if the software locks up my router !!
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 221
Joined: Tue Mar 08, 2011 2:52 am
Location: Vaprio d'Agogna (NO) - Italy
Contact:

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Fri Apr 22, 2016 7:15 pm

I have every right to complain if the software locks up my router !!
You have never been a programmer. Test software is far from perfect. Complex software can easily include deadly bugs. If you don't want your device to lock up, don't use RC, there are other two branches that suit you better.
 
w0lt
Member
Member
Posts: 480
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Fri Apr 22, 2016 11:19 pm

Thank you for your comments, but I must say..You do not know who I am, or what I am able to do. The one thing I am though is a customer, and so I EXPECT certain things.
If you don't want your device to lock up, don't use RC, there are other two branches that suit you better.
Are you speaking for Mikrotik as an authority of what will, and what won't lock up? Or should I just roll the dice? :?

If I ran a company like Mikrotik, I wouldn't want people to think that my product might include "deadly bugs". :shock:

Again, I thank you for your constructive(?) comments. :(
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "
 
Nissarin
just joined
Posts: 18
Joined: Fri Feb 20, 2015 4:01 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Sat Apr 23, 2016 1:57 am

Are you speaking for Mikrotik as an authority of what will, and what won't lock up? Or should I just roll the dice? :?
If I ran a company like Mikrotik, I wouldn't want people to think that my product might include "deadly bugs". :shock:
MT might not be rock solid and probably never will, not only it's extremely complicated system but also it's constantly evolving. That being said if you randomly upload RC version on your production system you can't really have right to complain, it says right at the top of the download page - "(...) Release candidate for testing the absolute latest builds in test environments".

Do you want to hear something constructive - use bugfix version in the future.
 
orangetek
newbie
Posts: 44
Joined: Wed Aug 14, 2013 5:19 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Sat Apr 23, 2016 6:14 pm

@w0lt and nadeu,

Do you know what an RC is? It's a "Release Candidate" and its purpose is to be tested so that the developers know what doesn't work beyond the numerous configurations they have tried themselves. They cannot possibly try every config combination before they release a version and if they did, there would be no bugs and no RC. If you are installing these versions on a live production network then you guy's are the monkeys and i feel sorry for your customers.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1702
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Sun Apr 24, 2016 1:14 am

Thank you for your comments, but I must say..You do not know who I am, or what I am able to do.
The only thing we know about you is your bad behaviour.
The one thing I am though is a customer, and so I EXPECT certain things.
You should expect that official software releases work as they should. If not, you have right to complain.
Are you speaking for Mikrotik as an authority of what will, and what won't lock up? Or should I just roll the dice?
You can even roll two dices at once. :-)
If I ran a company like Mikrotik, I wouldn't want people to think that my product might include "deadly bugs".
Who stops you to run your own software company ? Show us how to release software with no errors ? Each time.
Again, I thank you for your constructive(?) comments.
Thank you for your constructive complaints. :(

P.S.

Do you really blindly upgrade your working infrastructure to RC versions without any lab tests ?
Real admins use real keyboards.
 
User avatar
ufm
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Fri Nov 15, 2013 12:02 pm
Location: Ukraine

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Sun Apr 24, 2016 3:34 am

RC software is for testing purposes, do not complain if your unit doesn't boot after upgrade. If you want to be useful, try to describe your problem to mikrotik's staff, so they can find and fix the bug that caused it.
For example:
In forum branch about 6.35 verison MikroTik Support time to time says - "...issues are already fixed in 6.36rc"
My question about 6.35.1 with bugfixes - silent ignore.
 
jarda
Forum Guru
Forum Guru
Posts: 7601
Joined: Mon Oct 22, 2012 4:46 pm

Sun Apr 24, 2016 7:31 am

In rc are some errors fixed but new unknown errors are usually added. Therefore it is not expected to be stable.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1810
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Sun Apr 24, 2016 11:38 am

6.36rc5 kernel panics on boot on CCR 1036 even after a fresh netinstall
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Sun Apr 24, 2016 7:48 pm

Each and every release we have to remind two things.

First of all, rc versions are nightly builds and are not completely tested. It means that each version can and must be tested only on devices which you are willing to Netinstall, if it will be necessary. Basically - just for testing.

Secondary, if you want to complain about specific things, then please create specific topic for that. This is 6.36rc version topic which is created for actual software related discussions to help MikroTik staff and our clients to get rid of problems within specific version - 6.36.

Support staff is actually very open minded and is open for suggestions. Send your requests, suggestions and complaints to support team, if problem is related to software in any way. Otherwise, please create separate topics and do not hijack topic within which people are actually tying to help each other.

As for rc version itself - we are not seeing reboot loops with this version in general. It must/should be related to configuration. Please send supout files and/or serial output to support@mikrotik.com so we can research this particular issue.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 2:21 am

OK So I'm an idiot. Not Reading and just upgrading. What happens if I didn't disable the package?
I have one mAPLite upgraded and now it just boot loops. How do I apply a firmware reset on the unit?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 7:57 am

If you are talking about not disabling wireless package, then you can not upgrade until you have removed it. From which version did you upgrade? As we were telling in previous topics about other versions, there was a problem with upgrade but it is not an issue of 6.36rc. It was a problem with old version on which actually upgrade is performed.

Try to Netinstall device to this same rc version to see if problem was caused by old version or this new one:
http://wiki.mikrotik.com/wiki/Manual:Netinstall
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 9:39 am

Reboot loop with 6.36rc5 version will be fixed within 6.36rc6 version. We will release it later today.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 10:13 am

If you are talking about not disabling wireless package, then you can not upgrade until you have removed it. From which version did you upgrade? As we were telling in previous topics about other versions, there was a problem with upgrade but it is not an issue of 6.36rc. It was a problem with old version on which actually upgrade is performed.

Try to Netinstall device to this same rc version to see if problem was caused by old version or this new one:
http://wiki.mikrotik.com/wiki/Manual:Netinstall
Great Thanks. I will back down to 6.35, disable package and w8 for the new rc to come out. I'm eager to se what have been done with automatic tunnel ip selection..... May solve some of our pressing needs.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 10:58 am

Version 6.36rc6 has been released.

Changes since previous version:
*) ipsec - fix initiator modecfg dynamic dns;
*) nand - improved nand refresh feature to enhance stored data integrity;
*) route - fixed ospf by handling ipv6 encoded prefixes with stray bits;
*) watchdog - fixed reboot loop on startup (introduced in 6.36rc5);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
jarda
Forum Guru
Forum Guru
Posts: 7601
Joined: Mon Oct 22, 2012 4:46 pm

Mon Apr 25, 2016 11:08 am

Nand refreshing was already implemented recently, am I right?
Oh. On kernel partition... Ok, I thought it was general refresh over all nand module.
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 460
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 12:32 pm

*) route - fixed ospf by handling ipv6 encoded prefixes with stray bits;
Looks like OSPF is not working properly with rc6 because of this fix. Please use with caution. This change will hopefully fix problems when two OSPFv3 neighbors are stuck in Exchange/ExStart states.
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1369
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 3:58 pm

I revived the CCR1072 by NetInstall with preserve configuration.

However now there is a problem with LCD: it is white and does not display anything.

6.36rc6
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
raffav
Member Candidate
Member Candidate
Posts: 278
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 6:05 pm

ATTENTION ON CHR

ON CHR under proxmox
after upgrade 6.36rc5 to rc6 cant ping, telnet, winbox
using hypervisor console can access it
but freeze if i try to use the ping tool
ip address print get no output
ip arp print get no output
need to ctrl +c to get back
since I don’t have connectivity to the chr I can’t export the supout file
 
w0lt
Member
Member
Posts: 480
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 6:33 pm

If you have a Routerboard that has the memory allocation to add an additional partition, then before you install any further RC firmware I would accomplish the following procedure.

1. Ensure you have ROS 6.35 (Stable) on Partition-0, if not upgrade or downgrade to it.
2. Select "Partition" off the left hand side menu, and "Add" an additional partition. This will cause the router to reboot, that's ok.
3. Once rebooted, select "Partition" off the menu, then select Partition-0, after that, copy Partition-0 to Partition-1. Once that's done, Save the Partition-0 "Config" to Partition-1
4. When this is done, you can upgrade to the latest RC firmware, and if it locks up, it should fallback to the Partition-1 firmware.

At the very lease, you can recover your box. Hope this might help, it has helped me. :D

-tp
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "
 
alexjhart
Member Candidate
Member Candidate
Posts: 191
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Mon Apr 25, 2016 9:08 pm

Hi.

Is any chance to improve TCP performance on single session over IPSEC on IPIP/GRE tunnel in this version?
Now is max 40-80 Mbps per session regardless of device model (tested on CCR 1009 and CCR 1036).
What encryption are you running?

We see close to 600mbit/s over EoIP/IPSEC with AES256-AES256-CBC on a CCR1036
I have a long open ticket with Mikrotik on this issue. I'm guessing you are using an application that is sensitive to packet loss and/or you have latency above a few milliseconds.

The problem is the hardware encryption driver (on CCR that means aes-*-cbc encryption) encrypts/sends packets out of order. This results in the client seeing packet loss, duplicate acks, out of order packets, etc, which cause performance issues with TCP (some benchmarking/real world traffic shows about 50% of packets are retransmits and duplicate acks). How much depends on a variety of things (like application, tcp window, latency, etc). Because of this, I actually use software encryption (aes-256-ctr) instead because I see about 10x faster single-threaded transfers. Here are some example numbers:

Software/single stream: 75Mbps
Software/multiple stream: 150Mbps (single cpu core maxed)
Hardware/single stream: ~7.5Mbps
Hardware/multiple stream: >500Mbps
Note: Same tests performed. Only difference is toggling (default in /ip ipsec proposal) between CBC (hardware) and CTR (software). Also, you often have to flush installed SAs after changing this on both sides to get the session to actually switch over.

This is unfortunate because the software driver is virtually error-free and performs better on single stream, but means you are cpu bound and can't take advantage of the hardware's builtin decryption capabilities that give you far better multiple stream data rates. If they can fix the hardware driver, we should be able to get the best of both worlds.

This is the last thing I heard when checking up on April 5, 2016:
Hello,

There is no fix yet. When we will fix it, changes will be in the changelog.

Regards,
Maris B.
So I just keep waiting to see it in the changelog. I would welcome others inviting them to make this a higher priority though.

Update on May 20:
We are working on the fix.
Last edited by alexjhart on Fri May 20, 2016 7:11 pm, edited 1 time in total.
-----
Alex Hart

The Brothers WISP
 
nkourtzis
Member Candidate
Member Candidate
Posts: 202
Joined: Tue Dec 11, 2012 12:56 am
Location: Greece

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Tue Apr 26, 2016 12:26 pm

Several RB751's and a 951G have locked up... WTF guys... Please, quit putting out software that locks up our units.
I don't know if Mikrotik hired a monkey to direct the development team, but going from bad to worse. Where is the stability of the branch 5? MikroTik is provoking nightmares to their "carrier users".

Why don't you move to another brand then? Many less features, many less bugs. Or many features, less bugs, 10 times the price. Slow release cycle and no access to beta software. You have a choice. I anyone told you you can have it all, they lied to you my friend.
Passionate about networks
Enthusiastic about Mikrotik
MTCNA | MTCRE | MTCINE

No trees were killed to send this message,
but a large number of electrons were terribly inconvenienced.
 
nadeu
newbie
Posts: 38
Joined: Fri Sep 18, 2015 3:50 am

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Tue Apr 26, 2016 1:21 pm

Several RB751's and a 951G have locked up... WTF guys... Please, quit putting out software that locks up our units.
I don't know if Mikrotik hired a monkey to direct the development team, but going from bad to worse. Where is the stability of the branch 5? MikroTik is provoking nightmares to their "carrier users".

Why don't you move to another brand then? Many less features, many less bugs. Or many features, less bugs, 10 times the price. Slow release cycle and no access to beta software. You have a choice. I anyone told you you can have it all, they lied to you my friend.
We upgraded to RC because MikroTik support indicates, we are following with MikroTik support team.
Did not mean it literally was a joke from the monkeys. We have over 30 CloudCores in production, and more than 200 radiolinks, we trust MikroTik and bet on them, all we ask is more feedback.
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Tue Apr 26, 2016 5:39 pm

Note: wireless-fp package is discontinued in this version. It needs to be uninstalled/disabled before upgrade. Use wireless-rep or wireless-cm2 instead.
The upgrade process of the latests RC and the final version must upgrade automatically wireless-fp to the most reliable alternative wireless package, as it did when plain wireless got replaced by wireless-fp somewhere around v6.30. I understand that this is are initial RC releases and for testing purposes manually uninstalling a package its ok, but this is something that Mikrotik should address before final release to avoid some nightmares their fellow Wisp's...
 
jarda
Forum Guru
Forum Guru
Posts: 7601
Joined: Mon Oct 22, 2012 4:46 pm

Wed Apr 27, 2016 1:03 am

I don't remember any wireless package that was swapped automatically. But it should be.
 
dev246
just joined
Posts: 15
Joined: Thu Jun 26, 2014 4:24 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Wed Apr 27, 2016 5:43 pm

Hi.
nz_monkey wrote:
dev246 wrote:
Hi.

Is any chance to improve TCP performance on single session over IPSEC on IPIP/GRE tunnel in this version?
Now is max 40-80 Mbps per session regardless of device model (tested on CCR 1009 and CCR 1036).



What encryption are you running?

We see close to 600mbit/s over EoIP/IPSEC with AES256-AES256-CBC on a CCR1036
I using default settings and encryption - aes-128-cbc (I use property "IPsec Secret" in IPIP tunnel).
And I also get around 600mbit/s or even 800 mbit/s on IPIP /IPSEC but for >18 simultaneous connections, on single connection I got only 40-80 mbit/s

strods wotre:
dev246 - Is any of CPU cores loaded 100%? Not total CPU load but load per CPU core.
Per cor CPU does not exceed 1-5%, this same with total CPU

alexjhart wotre:
nz_monkey wrote:

dev246 wrote:
Hi.

Is any chance to improve TCP performance on single session over IPSEC on IPIP/GRE tunnel in this version?
Now is max 40-80 Mbps per session regardless of device model (tested on CCR 1009 and CCR 1036).



What encryption are you running?

We see close to 600mbit/s over EoIP/IPSEC with AES256-AES256-CBC on a CCR1036



I have a long open ticket with Mikrotik on this issue. I'm guessing you are using an application that is sensitive to packet loss and/or you have latency above a few milliseconds.
This isn't sensitive application issue and is fully replicable. Application that i'm using is simply iperf with parm "-P" for setting number of parallel connections (result as this same when i using filezilla for FTP traffic , or simple windows file sharing for SMB traffic)
When I use 1 connection i got ~50Mbit/s , using 2 connections ~118Mbit/s, 4 connections ~231Mbit/s, so is strictly related whit number of parallel TCP session. This situation looks like one session could be handled only by one processor (without seeing it on CPU graph). CCR 1009 have 9 cores (with HT would give as 18 cores), connection bandwidth grow until they reach 18 parallel sessions (looks like 2 session per Core, or 1 session per core with HT).

All test was made in lab environment between 2 mikrotik without any other devices.
I have separate threat describing this tests and lab environment http://forum.mikrotik.com/viewtopic.php?f=2&t=106857 but still without answer.
 
jwisch
just joined
Posts: 1
Joined: Thu Apr 28, 2016 12:57 am

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 1:07 am

Each and every release we have to remind two things.

First of all, rc versions are nightly builds and are not completely tested. It means that each version can and must be tested only on devices which you are willing to Netinstall, if it will be necessary. Basically - just for testing.

Secondary, if you want to complain about specific things, then please create specific topic for that. This is 6.36rc version topic which is created for actual software related discussions to help MikroTik staff and our clients to get rid of problems within specific version - 6.36.

Support staff is actually very open minded and is open for suggestions. Send your requests, suggestions and complaints to support team, if problem is related to software in any way. Otherwise, please create separate topics and do not hijack topic within which people are actually tying to help each other.

As for rc version itself - we are not seeing reboot loops with this version in general. It must/should be related to configuration. Please send supout files and/or serial output to support@mikrotik.com so we can research this particular issue.
So on one hand, I have some sympathy for you, with regard to the criticism you are receiving. I agree that in general practice, you should only install RC software (most of the time) on a production system if a) you absolutely need the features in the RC, and b) you have a reasonably good history with the developer that gives you confidence in the stability of their RC releases. As an example, I wouldn't have any problem putting a pfSense RC release in a production environment if, say, it was the only version that would support the NIC I was using, because PFS has a history of releasing betas that are stable enough for production, and RCs that are more stable than other companies' "release" versions.

At the same time, if what you have stated above is correct, I think some of the criticism in the thread is also fair, at least to the extent that you are using "release candidate" in a very different way than most of (at least the English speaking) world. What you have described is often labeled a "snapshot" or "nightly" release. Users downloading a snapshot or nightly have the expectation that things are going to be broken, and that there may be serious regressions between builds. It is absolutely a "caveat emptor" process, where you know you shouldn't flash the build unless you feel comfortable doing low level recovery. On the other hand, a "release candidate" often implies a level of stability that is better than a "beta" release. In other words, when most people see "RC" they have the expectation that as long as no major problems are found, this version is going to be the "final" release - in fact, that the final project might have the same build number, just with the RC dropped.

If you plan on using the structure you outlined above (i.e. builds released with limited or no testing), I would suggest changing the branch name from "release candidate" to "snapshot" or "nightly" to reduce confusion, and bring the terminology more inline with what is used more broadly in the industry.
 
florentrivoire
newbie
Posts: 44
Joined: Wed Feb 25, 2015 12:02 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 11:59 am

If you plan on using the structure you outlined above (i.e. builds released with limited or no testing), I would suggest changing the branch name from "release candidate" to "snapshot" or "nightly" to reduce confusion, and bring the terminology more inline with what is used more broadly in the industry.
Agree !
The releases that are currently named "RC" should be called "snapshot" or "alpha" or "beta".
Because, between a RC1 and RCx, there should not be anymore new feature or change of behaviour, but only some final bugfix that have not been seen before. If Mikrotik continue to add new feature, new patchs (i'm not talking about bugfixes) between releases, we are still in the development phase, so : snapshot/alpha/beta, but not RC.

NB: just one difference with jwisch : I think "nightly" is not the right term, because the builds currently named "RC" are not automatically build and publish every night, but when developers estimate it's ok, so they are "better" (more consistent, so a little more reliable) than "nightly".
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 12:25 pm

Version 6.36rc8 has been released.

*) chr - fixed stalling services (introduced in 6.36rc6);
*) dhcp-server - fixed radius framed route addition after reboot on client renew;
*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only);
*) firewall - added raw table to be able to disable connection tracking on selected packets or drop packets before connection tracking (CLI only);
*) lte - added cinterion pls8 support;
*) lte - improved multiple same model modems identification;
*) route - fixed ospf-v3 crash (introduced in 6.36rc6);
*) traffic-flow - added ipfix support (RFC5101 and RFC5102);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 2:12 pm

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only)
Since 6.36rc8 version there is a possibility to create list of interfaces. It works similar as address-list in firewall. Under "/interface list" you can add multiple interfaces and group under list with a common name. Now this list/zone will be available in firewall. In firewall there are new matchers called in-zone and out-zone implemented. Basically, it is the same thing as in-interface and out-interface, but now by using "/interface list" you can select multiple interfaces on one firewall rule.

*) firewall - added raw table to be able to disable connection tracking on selected packets or drop packets before connection tracking (CLI only)
Since 6.36rc8 it is possible to configure firewall rules in a raw table ("/ip firewall raw", "/ipv6 firewall raw"). These rules have two possible chains - prerouting and output which happens before connection tracking in packet flow.

There is action called "notrack". It means that you can select on which packets you want to use connection tracking. It is also possible to drop packets already before connection tracking.

These rules do not have firewall rule matchers that would depend on connection tracking like "connection-state".

Packets which match rules with action "notrack" also are not being fragmented. In past as soon as you loaded connection tracking packets were fragmented. Now even if connection tracking is on "notrack" packets are not being defragmented.

Now in regular firewall, there is new possible connection-state value called "untracked".

Basically, this raw firewall should be used to protect your devices against DDoS attacks.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1702
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 2:21 pm

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only);
OMG ... no more doubled/tripled rules for each interface ... OMG :-)
Real admins use real keyboards.
 
Ulypka
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Jan 09, 2013 8:26 am

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 2:23 pm

strods
This is amazing
Thanks you
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 3:10 pm

Very good firewall additions
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1810
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 3:13 pm

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only)
Change of the year! :D

Will this make it's way in to WinBox eventually ?
Last edited by nz_monkey on Thu Apr 28, 2016 3:20 pm, edited 1 time in total.
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
andriys
Forum Guru
Forum Guru
Posts: 1111
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 3:15 pm

Under "/interface list" you can add multiple interfaces and group under list with a common name. Now this list/zone will be available in firewall. In firewall there are new matchers called in-zone and out-zone implemented. Basically, it is the same thing as in-interface and out-interface, but now by using "/interface list" you can select multiple interfaces on one firewall rule.
Can I add a single interface into multiple zones?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 3:28 pm

Yes, you can add interface in multiple lists. Of course these both are new features and might contain bugs at the beginning but for now they work for us.

Of course, in future we will implement them in Winbox, but we decided better to start with CLI than just delay whole process and wait for Winbox implementation right away.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1810
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 3:48 pm

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only)
OK I have had a play with it, and it appears to work as advertised :) very nice.

My feedback is:

- Calling it an "interface list" in one part of RouterOS, and a "zone" in another is confusing. Make it either a "zone" or an "interface list" not both.
- Using "in-zone" and "out-zone" is not consistent with the rest of the firewall rule config on RouterOS. It should be "src-zone" and "dst-zone" or "src-interface-list" and "dst-interface-list"
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
florentrivoire
newbie
Posts: 44
Joined: Wed Feb 25, 2015 12:02 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 3:52 pm

My feedback is:

- Calling it an "interface list" in one part of RouterOS, and a "zone" in another is confusing. Make it either a "zone" or an "interface list" not both.
- Using "in-zone" and "out-zone" is not consistent with the rest of the firewall rule config on RouterOS. It should be "src-zone" and "dst-zone" or "src-interface-list" and "dst-interface-list"
Before reading this message from nz_monkey, I was going to say the exact same thing :
=> please, try to use the same word to describe the same concept (consistency is really important to simplify the configuration)

But, this feature sounds great :D
Thanks (in advance) Mikrotik !!
 
diorges
just joined
Posts: 17
Joined: Fri Sep 19, 2014 11:50 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 4:19 pm

*) route - fixed ospf by handling ipv6 encoded prefixes with stray bits;
Looks like OSPF is not working properly with rc6 because of this fix. Please use with caution. This change will hopefully fix problems when two OSPFv3 neighbors are stuck in Exchange/ExStart states.

OSPFv3 still not working with other "system".
09:18:50 route,ospf,info OSPFv3 neighbor 138.97.60.1: state change from Exchange to 2-Way 
09:18:56 route,ospf,info Database Description packet has different options field 
09:18:56 route,ospf,info     received=11001000  (V6|E|R) 
09:18:56 route,ospf,info     mine=11001000  (V6|E|R) 
09:18:56 route,ospf,info OSPFv3 neighbor 138.97.60.1: state change from Exchange to 2-Way 
09:19:01 route,ospf,info OSPFv3 neighbor 138.97.60.1: state change from ExStart to Down
I'm trying to run ospfv3 with an EdgeRouter, is there a way to mikrotik ignore the AF packet?

I really need this working!
 
jarda
Forum Guru
Forum Guru
Posts: 7601
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 4:33 pm

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only)
OK I have had a play with it, and it appears to work as advertised :) very nice.

My feedback is:

- Calling it an "interface list" in one part of RouterOS, and a "zone" in another is confusing. Make it either a "zone" or an "interface list" not both.
- Using "in-zone" and "out-zone" is not consistent with the rest of the firewall rule config on RouterOS. It should be "src-zone" and "dst-zone" or "src-interface-list" and "dst-interface-list"
I vote for interface list naming convention. Should be in and out as the interfaces are also called in and out. Src and dst is about the addresses in the packet not about interfaces of the router.
Please don't implement new word zone. It is not necessary.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1702
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 4:51 pm

Or "interface group" but "interface list" is consistent with the rest of ROS.
Real admins use real keyboards.
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 5:50 pm

as for "interfaces list" addition - how about adding "ports list" aswell then for similar purposes ?
ie to make bit more streamlined/shortened, transparet and fast config
 
Nissarin
just joined
Posts: 18
Joined: Fri Feb 20, 2015 4:01 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 6:11 pm

TLDR:
Perhaps it would be more consistent to rename the list to zones and move it under firewall prefix, i.e. /ip firewall zones.

Long story:
The name 'list' is not that bad but the command 'interface list' suggest something different than it should really do in this case (like list of all interface but I might be nitpicking here), 'interface group' is better but on the other hand it might suggest some kind of physical grouping (bonding) rather than abstract classification.
The name 'zone' is quite fitting when you think about implementing firewall - most of you might be familiar with term DMZ, in fact if you type the term in search engine you will get quite a few hits, not only in terms of some abstractions (internet/local/administration/etc zones) but also some real technologies - see http://packetlife.net/blog/2012/jan/30/ ... d-firewall (looks familiar, eh ?). So since at the end of the day it all has to do with the firewall just keep it all there.
 
alexjhart
Member Candidate
Member Candidate
Posts: 191
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 6:16 pm

I'm guessing they put in under /interfaces because they plan on being able to use that list/group/zone in other areas outside of firewall, like queues. I agree naming should be consistent. Also, regardless of context/naming issues and not being available in winbox yet, I am happy to see this new feature. Long desired feature :)
-----
Alex Hart

The Brothers WISP
 
irghost
Member Candidate
Member Candidate
Posts: 277
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 6:37 pm

Version 6.36rc8 has been released.

*) chr - fixed stalling services (introduced in 6.36rc6);
*) dhcp-server - fixed radius framed route addition after reboot on client renew;
*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only);
*) firewall - added raw table to be able to disable connection tracking on selected packets or drop packets before connection tracking (CLI only);
*) lte - added cinterion pls8 support;
*) lte - improved multiple same model modems identification;
*) route - fixed ospf-v3 crash (introduced in 6.36rc6);
*) traffic-flow - added ipfix support (RFC5101 and RFC5102);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
Does route marking problem fixed?(bug in 6.35.1 and 6.36rc6)
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
JanezFord
Member Candidate
Member Candidate
Posts: 262
Joined: Wed May 23, 2012 10:58 am

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 10:47 pm

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only);
This is great! ...

I hope we get "mac address lists" implemented some day ...

JF
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 11:05 pm

Spoiler alert - alexjhart was correct. This new feature for now is available in firewall only, but will be available also in other places. That is why it is available under "/interface list" not "/ip firewall interfaces-list".

As for naming - we will discuss and decide which name we should use for firewall matcher.
 
LynxChaus
just joined
Posts: 24
Joined: Tue Jul 08, 2014 2:24 pm

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Thu Apr 28, 2016 11:26 pm

Dear mikrotik developers, add export by SNMP system resource parameters: "write-sect-since-reboot,write-sect-total,bad-blocks,architecture-name,board-name" and all of "/int ethernet monitor" data too.
 
mrtester

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Fri Apr 29, 2016 12:11 am

Awesome. I was just telling to my clients how to create configuration with multiple interfaces and on the next day such improvements. Thank you guys! Great to hear about cinterion lte update. I had few of these modems in my stock. Now I can use them :)

Who is online

Users browsing this forum: No registered users and 5 guests