Community discussions

MikroTik App
 
ditonet
Forum Veteran
Forum Veteran
Posts: 835
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.39 [current]

Mon May 01, 2017 2:15 pm

@FIPTech
:local leaseHostName;
:set leaseHostName $"lease-hostname";
Then use 'leaseHostName' variable instead of 'lease-hostname'.

HTH,
 
senawalker
just joined
Posts: 1
Joined: Mon May 01, 2017 4:06 pm

Re: v6.39 [current]

Mon May 01, 2017 4:14 pm

Sir i have problem

rules p2p block bit torrent its gone...

some one can help me fix then?

dont say downgrade sir... i need solution for renew OS 6.39 thanks you
 
willglynn
just joined
Posts: 2
Joined: Mon May 01, 2017 4:18 pm

Re: v6.39 [current]

Mon May 01, 2017 4:21 pm

:cry: :cry: :cry: :cry:

Killed my RB2011iL. I managed to downgrade it but it still locks up as soon as a LAN device tries to access WAN.

If I hard reset to factory; will my saved backup config still be there?
I have an RB2011 that never came back from the upgrade. On-site personnel report the screen is stuck at "loading kernel". Working on serial access now.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39 [current]

Mon May 01, 2017 4:36 pm

Sir i have problem

rules p2p block bit torrent its gone...

some one can help me fix then?

dont say downgrade sir... i need solution for renew OS 6.39 thanks you
Those rules did not work anyway.
It is not easy to block such things due to advances in the protocols to avert blocking.
 
CMNET
just joined
Posts: 2
Joined: Mon May 01, 2017 5:46 am

Re: v6.39 [current]

Mon May 01, 2017 5:01 pm

just upgraded one of my 15 RB2011 routers to v 6.39... totally crashed. Was not able log back into it without driving to the site. Upon re-accessing it everything in the programming was wiped back to default. Took multiple trys to get the IP address set to static, kept reverting to automatic. once I got it stay I was able to get it to downgrade to 6.37 bugfix. Never had this issue with a OS upgrade, whats up?

I actually "killed the cat" twice! Once at the site after the first downgrade and got the router back working, I attempted to do the upgrade again, assuming there must have been a glitch the first time, NOPE! same issue. I am not able to send the issue to Mikrotik as is stated to do because when it wipes back to default the router can no longer access the internet.
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: v6.39 [current]

Mon May 01, 2017 5:41 pm

Same here. Bricked my 2011. VERY frustrating. Had to work additional time to restore config on another router, it's on 6.34.5. What's happening? haven't you guys at Mikrotik tested it on the hardware?
 
zojka
just joined
Posts: 20
Joined: Tue Aug 12, 2014 12:26 pm

Re: v6.39 [current]

Mon May 01, 2017 7:27 pm

Sir i have problem

rules p2p block bit torrent its gone...

some one can help me fix then?

dont say downgrade sir... i need solution for renew OS 6.39 thanks you
Those rules did not work anyway.
It is not easy to block such things due to advances in the protocols to avert blocking.
Hi, I also looking for solution, run FW L7 instead of p2p matcher.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39 [current]

Mon May 01, 2017 8:03 pm

L7 matching is becoming more and more difficult due to encryption, and the use of random portnumbers
makes it difficult to apply it to a limited part of the traffic. That results in performance problems and
false positives on traffic you did not want to filter.
I know it is an unwelcome message, but "blocking certain traffic" is becoming less and less viable.
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: RE: Re: v6.39 [current]

Mon May 01, 2017 8:21 pm

L7 matching is becoming more and more difficult due to encryption, and the use of random portnumbers
makes it difficult to apply it to a limited part of the traffic. That results in performance problems and
false positives on traffic you did not want to filter.
I know it is an unwelcome message, but "blocking certain traffic" is becoming less and less viable.
Agree,
There is hardware dedicated for that propose.
Router is was not designed to filter l7

Enviado de meu XT1580 usando Tapatalk
 
kdave
just joined
Posts: 1
Joined: Tue May 02, 2017 1:10 am

Re: v6.39 [current]

Tue May 02, 2017 1:21 am

Upgrading wAP G-5HacT2HnD from 6.38.5 to 6.39 led to factory reset after reboot (I saw a similar report posted). The configuration was lost. Restoring from backup worked, but I observed subjective decrease of connection quality over wifi (noticeable lags, connections stuck). Downgrade to 6.38.5 worked and connection quality was ok again.
 
arturo
just joined
Posts: 2
Joined: Tue May 02, 2017 3:43 am

Re: v6.39 [current]

Tue May 02, 2017 4:07 am

Issues spoted:

1) *CRITICAL* - the same as CMNET and ulysses:
- RB750Gr3 - updated correctly
BUT
- RBwAPG-5HacT2HnD - after upgrade configuration lost, seems router is not saving configuration - applying configuration changes works, but power loss or reboot option ends with factory configuration
- RB941-2ND - as above - after upgrade configuration lost, applying configuration changes works, but power loss or reboot option ends with factory configuration

2) Minor:
WebFig ->Quickset - Country selection
After setting any country, saving and reloading the page shows country one further on the list. Eg - default option "no_country_selected" is shown as "north_korea", seting "poland" after reloading shows "portugal"
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39 [current]

Tue May 02, 2017 10:47 am

I can confirm the above on several devices (mostly LHG5).
There is really something here that has to be fixed!
 
User avatar
morituruz
newbie
Posts: 33
Joined: Fri Oct 17, 2014 9:00 am

Re: v6.39 [current]

Tue May 02, 2017 11:27 am

!) firewall - discontinued support for p2p matcher (old rules will become invalid);
So how we should detect p2p traffic now?
p2p matcher with two-step method (add destination ip to address list and block/prioritize this list) is working very good for me.
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: v6.39 [current]

Tue May 02, 2017 11:37 am

Updated 6.39 OK:
  • two hAP lite (smips RB941-2nD) devices
  • one RB751U-2HnD (mipsbe) device
  • one hEX (mmips RB750Gr3) device
But another hEX RB750Gr3 bricked into bootloop (BEEP, reboot, BEEP, reboot, ... ) and doesn't accept any control actions -- netinstall too.
What can I do with it? RMA?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.39 [current]

Tue May 02, 2017 11:42 am

!) firewall - discontinued support for p2p matcher (old rules will become invalid);
So how we should detect p2p traffic now?
p2p matcher with two-step method (add destination ip to address list and block/prioritize this list) is working very good for me.
It's great that you think it did it's job, but actually it was not doing anything.
It was broken for a long time, and was not actually capturing any modern p2p traffic, instead it was breaking some legitimate traffic.
You can make actually working rules with l7 filters:

https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39 [current]

Tue May 02, 2017 11:50 am

This is applicable only for users using Webfig.

We have managed to reproduce problem with default configuration after reboot. We will try to fix this as soon as possible.
If you have only used Webfig on specific router and have never used CLI or Winbox on this device, then after upgrade/reboot device will be reset to default configuration.

Instructions to avoid this:
1) Connect to device through CLI or Winbox before upgrade to 6.39;
2) Reject default configuration;
3) Upgrade device.
 
User avatar
morituruz
newbie
Posts: 33
Joined: Fri Oct 17, 2014 9:00 am

Re: v6.39 [current]

Tue May 02, 2017 12:41 pm

It's great that you think it did it's job, but actually it was not doing anything.
It's doing its job pretty well actually.
I just checked it again right now on 6.39rc41.

Rules disabled:
Image


Rules enabled:
Image
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: v6.39 [current]

Tue May 02, 2017 1:14 pm

!) firewall - discontinued support for p2p matcher (old rules will become invalid);
So how we should detect p2p traffic now?
p2p matcher with two-step method (add destination ip to address list and block/prioritize this list) is working very good for me.
For BitTorrent traffic (sorry for video only -- that's not my content):
https://www.youtube.com/watch?v=diA-5e7TdZM
This is applicable only for users using Webfig.

We have managed to reproduce problem with default configuration after reboot. We will try to fix this as soon as possible.
If you have only used Webfig on specific router and have never used CLI or Winbox on this device, then after upgrade/reboot device will be reset to default configuration.

Instructions to avoid this:
1) Connect to device through CLI or Winbox before upgrade to 6.39;
2) Reject default configuration;
3) Upgrade device.
How about those who DID upgrade to 6.39 and have bricked/bootlooping devices?
Any special instructions to recover?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39 [current]

Tue May 02, 2017 1:56 pm

Ansy - This problem will reset configuration of device. It will not make device go into bootloop. If you have such problem, then write to support@mikrotik.com. Send backups, export files, supout file so we can try to trace the issue. If device has serial port, then connect to router through it and check what you can see on it.
 
Koli
just joined
Posts: 1
Joined: Thu Dec 15, 2016 9:38 am

Re: v6.39 [current]

Tue May 02, 2017 2:06 pm

Hi Everyone
I have routerboard Hap Ac Lite RB952UI -5AC2ND.. Today i update new version 6.39 and after install
my router still reboot every second.. Can't connect,, i tried to boot with netinstall but doesn't work..
Can you help please!!
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.39 [current]

Tue May 02, 2017 2:24 pm

So how we should detect p2p traffic now?
Personally I haven't found any 100% reliable method without having to do some settings on each torrent client's PC (read bellow).
But I haven't looked into it the last 2-3 years to be honest, so there maybe other solutions now.

The old p2p matcher that mikrotik had only worked for non encrypted bittorrent transfers, which AFAICT are pretty much non-existent nowadays.


What I ended up doing was configure Windows to set a custom DSCP (TOS) tag on all packets generated by uTorrent (or whatever application you want).
Then with a simple mangle rule I can match this DSCP and apply a custom packet mark which in turn is used in my queues.
It works flawlessly and it doesn't care about which ports the client is using or if it has encryption enabled.

A few months back I tried implementing the same solution on a Linux desktop but with little research I didn't find any way to do dscp tagging per process.
So it definitely isn't a universal solution, but it works for me :)
 
User avatar
morituruz
newbie
Posts: 33
Joined: Fri Oct 17, 2014 9:00 am

Re: v6.39 [current]

Tue May 02, 2017 3:16 pm

Thanks, i know about layer7 based solutions.
Personally I haven't found any 100% reliable method without having to do some settings on each torrent client's PC (read bellow).
But I haven't looked into it the last 2-3 years to be honest, so there maybe other solutions now.
Nobody talk about 100% but please take a look at screenshots in my comment #67 — only three simple rules almost stopped uploads in torrent client. No DSCP, no L7.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.39 [current]

Tue May 02, 2017 3:22 pm

Thanks, i know about layer7 based solutions.
Personally I haven't found any 100% reliable method without having to do some settings on each torrent client's PC (read bellow).
But I haven't looked into it the last 2-3 years to be honest, so there maybe other solutions now.
Nobody talk about 100% but please take a look at screenshots in my comment — only three simple rules almost stopped uploads in torrent client. No DSCP, no L7.
My solution does work 100% but it needs for each PC on your network to setup Policy Based QoS via Group Policy editor to apply the DCSP tag.
It's not the easiest to setup and maintain, but since I implemented this about 4-5 years ago I've never ever had any problems with torrents being mis-classified by my firewall/queues. Actually this method doesn't even care if the traffic is bittorrent or not. It will limit whatever that comes out of uTorrent.

I saw your screenshots but they mean nothing to me tbh. I can't see the full rules nor your exact configuration on qBittorrent.
Either way, encryption is the way to go and the old p2p matcher would have stopped working sooner or later anyway. The last 7 years it never worked for me with encryption enabled.

That said, if your goal is to block the bittorrent traffic instead of doing traffic shaping on it, then this has been solved for many years now without using the p2p matcher.. Search on the forum to find the relevant threads on the subject.
 
irghost
Member
Member
Posts: 302
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.39 [current]

Tue May 02, 2017 3:27 pm

loading kernel... OK
setting up elf image... OK
jumping to kernel code
ERROR: no system package found!
Kernel panic - not syncing: Attempted to kill init!
Rebooting in 1 seconds..

RouterBOOT booter 3.33

RouterBoard 2011UiAS-2HnD

CPU frequency: 600 MHz
 Memory speed: 200 MHz
  Memory size: 128 MiB
    NAND size: 128 MiB

Press any key within 5 seconds to enter setup.....

RB2011 Does Not BOOT after Upgrade

This Problem
please help
i recover my RB2011 With netinstall
but i dont know what was wrong with my rb2011
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39 [current]

Tue May 02, 2017 3:33 pm

This is applicable only for users using Webfig.

We have managed to reproduce problem with default configuration after reboot. We will try to fix this as soon as possible.
If you have only used Webfig on specific router and have never used CLI or Winbox on this device, then after upgrade/reboot device will be reset to default configuration.
Ok that probably matches most of the cases where I have seen it fail. Good find!
However, note that there is not only the case of "back to default configuration" but also "no longer able to save any configuration".
Is that covered by this as well?
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 244
Joined: Thu Nov 05, 2015 12:30 pm

Re: v6.39 [current]

Tue May 02, 2017 3:52 pm

Big thanks for script on dhcp-client, it's handy.
BUT, what about script for "dhcp-client" integrated in ppp client / section ?

Thanks guys.
 
myrolm
just joined
Posts: 1
Joined: Tue May 02, 2017 10:27 am

Re: v6.39 [current]

Tue May 02, 2017 3:55 pm

RB750r2: No openvpn interfaces after reboot, no certificates, device went back to defaults. After setup and reboot defaults again.
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: v6.39 [current]

Tue May 02, 2017 4:14 pm

So, what should we do with the bricked devices? Downgrade? I am still to follow the netinstall route... Honestly, last thing I was planning to do on my holiday
 
dadoremix
Member Candidate
Member Candidate
Posts: 133
Joined: Sat May 14, 2011 11:31 am

Re: v6.39 [current]

Tue May 02, 2017 4:17 pm

Try with netinstall
And again set as new
Do not restore old config, make it ad new


Sent from my iPhone using Tapatalk Pro
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: v6.39 [current]

Tue May 02, 2017 5:06 pm

*) dhcp-client - added "script" option which executes script on state changes;
FINALLY!

Now we can make actual stateful DDNS updates whenever they're needed instead of running a script every x minutes!

Lots of enhancements in this version. Kudos!
 
dl1nux
newbie
Posts: 27
Joined: Tue Jan 03, 2017 11:45 am

Re: v6.39 [current]

Tue May 02, 2017 5:26 pm

Well, I should have read that thread before...

just upgraded my RB2011iL-RM yesterday evening, and it crashed...
Will have to go to the location to check what is broken, but I guess, after reading this posts, it has lost its config or I have to netinstall it.....
I always use winbox, also for upgrading (system packages online upgrade)

:-(
 
FIPTech
Long time Member
Long time Member
Posts: 558
Joined: Tue Dec 22, 2009 1:53 am

Re: v6.39 [current]

Tue May 02, 2017 6:54 pm

@ ditonet

Thanks, i did forget to put " " around the lease-hostname variable :(

stupid error.

So the final working script to write a DNS record for each IP lease :

(note that this is a simplified script, it does not verify neither delete DNS multiple registrations and does not delete the DNS recording when the IP is released.)
# DNS record for DHCP lease
:local topdomain;

# Configure your domain
:set topdomain "yourdomain.com";

:if ($leaseBound = 1) do={
/ip dns static add name=($"lease-hostname" . "." . $topdomain) address=$leaseActIP;
}
I would be interested to know if somebody success in deleting a record at IP releasing.

This is something quite standard in DHCP clients (Dibbler for example), this could be coded inside Router OS for simplicity.
 
User avatar
alexcherry
just joined
Posts: 21
Joined: Tue Jan 11, 2011 5:01 pm

Re: v6.39 [current]

Tue May 02, 2017 7:33 pm

Hi guys, we are developers of Radius software - splynx.com and it looks that inside the 6.39 were broken Accounting STOP packets.
It was reported to us by several clients today. The issue is described below :

In case when Mikrotik stops the PPP session, it sends wrong Framed-IP address (10.0.0.0). We work with the Framed-IP address as part of session identification, so our Radius cannot close the session correctly. In all previous versions always correct Framed-IP address came back from Mikrotik to Radius server.

Here is a correct START packet, where Framed-IP is the IP address of customer (192.168.102.5) :

START:
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15728642
NAS-Port-Type = Ethernet
User-Name = "alex"
Calling-Station-Id = "C8:2A:14:2D:05:AE"
Called-Station-Id = "service1"
NAS-Port-Id = "ether3"
Acct-Session-Id = "81300002"
Framed-IP-Address = 192.168.102.5
Acct-Authentic = RADIUS
Event-Timestamp = "May 2 2017 18:15:50 CEST"
Acct-Status-Type = Start
NAS-Identifier = "NAS-SPLYNX"
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.1.36

And here is a STOP packet with broken Framed-IP address :
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15728642
NAS-Port-Type = Ethernet
User-Name = "alex"
Calling-Station-Id = "C8:2A:14:2D:05:AE"
Called-Station-Id = "service1"
NAS-Port-Id = "ether3"
Acct-Session-Id = "81300002"
Framed-IP-Address = 10.0.0.0
Acct-Authentic = RADIUS
Event-Timestamp = "May 2 2017 18:16:38 CEST"
Acct-Session-Time = 48
Idle-Timeout = 0
Session-Timeout = 0
X-Ascend-Data-Rate = 1000000
Ascend-Xmit-Rate = 1000000
X-Ascend-Data-Rate = 500000
Ascend-Data-Rate = 500000
Mikrotik-Rate-Limit = "500000/1000000 0/0 0/0 1/1 5 250000/500000"
Acct-Input-Octets = 55500
Acct-Input-Gigawords = 0
Acct-Input-Packets = 862
Acct-Output-Octets = 6912
Acct-Output-Gigawords = 0
Acct-Output-Packets = 54
Acct-Status-Type = Stop
Acct-Terminate-Cause = NAS-Request
NAS-Identifier = "NAS-SPLYNX"
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.1.36
 
FIPTech
Long time Member
Long time Member
Posts: 558
Joined: Tue Dec 22, 2009 1:53 am

Re: v6.39 [current]

Tue May 02, 2017 8:27 pm

Here is a slightly better script to add a DNS entry for each DHCP lease. Version 6.39 simplify the script thanks to the new lease-hostname variable.

This one check for existence of static DNS entries with the same fully qualified domain names or same addresses and delete them before adding a new DNS entry, if necessary.
If a static DNS entry with the same domain name and same address as the lease exist the script does not update the DNS server.

See https://wiki.mikrotik.com/wiki/Setting_ ... DHCP_lease for more informations (old method, more processor hungry).

This script use the DHCP server lease script function available recently.
# DNS record for DHCP lease

:local topdomain;
:local FullHostName;
:local NoUpdate false;


# Configure your domain
:set topdomain "yourdomain.com";

:if ($leaseBound = 1) do={

:set FullHostName ($"lease-hostname" . "." . $topdomain)

/ip dns static;

:foreach n in [find] do={
# If a static DNS entry is the same as the lease then leave it and mark to not Update it
:if (([get $n name] = $"FullHostName") and ([get $n address] = $leaseActIP)) do={
:set NoUpdate true;
} else={
# If some DNS entry with same fully qualified domain name or same address already exist remove it
:if (([get $n name] = $"FullHostName") or ([get $n address] = $leaseActIP)) do={
   :log info ("Removing from Static DNS : " . [get $n name] .  " @ " . [get $n address]);
    remove $n;
  }
 }
}
# Add new Static DNS Entry if necessary

:if ($NoUpdate = false) do={
:log info ("Adding to Static DNS : " . $"FullHostName" .  " @ " . $leaseActIP);
add name=($"lease-hostname" . "." . $topdomain) address=$leaseActIP;
 }
 
}
Last edited by FIPTech on Wed May 03, 2017 2:32 am, edited 2 times in total.
 
arturo
just joined
Posts: 2
Joined: Tue May 02, 2017 3:43 am

Re: v6.39 [current]

Tue May 02, 2017 9:35 pm

This is applicable only for users using Webfig.

We have managed to reproduce problem with default configuration after reboot. We will try to fix this as soon as possible.
If you have only used Webfig on specific router and have never used CLI or Winbox on this device, then after upgrade/reboot device will be reset to default configuration.

Instructions to avoid this:
1) Connect to device through CLI or Winbox before upgrade to 6.39;
2) Reject default configuration;
3) Upgrade device.
Diagnosis: correct - problems with devices configured by Webfig
Solution: wrong/not working

Description:
RBwAPG-5HacT2HnD yesterday after multiple retries brought to normal operation by reverting to 6.38.5 firmware and reconfiguring to production configuration.
Following strods advice:
- connected to wAP ac via winbox
- winbox without asking reverted configuration of wAP to factory one
- upgraded to 6.39
- connected via Winbox to make initial changes
- configuration finalized via Webfig
- test through "Reboot" option - failed - wAp woke up with factory configuration
- downgrade to 6.38.5, reconfigurig everything, working again as supposed

Learning: if you won't like to be beta tester and spend 4 hours of your time on finding the issues/solutions, wait at least 2 weeks before upgrading to new version of firmware :-(
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.39 [current]

Tue May 02, 2017 10:05 pm

HAP ac lite - After update I can't create SMB share on external drive (usb). Can somebody confirm that?
can confirm with hEX and attached 1 TB USB SSD
also the exisiting shares are inaccessible!

please fix it :)
 
kivimart
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Thu Oct 10, 2013 3:06 pm

Re: RE: Re: v6.39 [current]

Tue May 02, 2017 11:17 pm

HAP ac lite - After update I can't create SMB share on external drive (usb). Can somebody confirm that?
can confirm with hEX and attached 1 TB USB SSD
also the exisiting shares are inaccessible!

please fix it :)
Same here on HapAC

Sent from my SM-G930F using Tapatalk
 
alphahawk
Member Candidate
Member Candidate
Posts: 101
Joined: Fri Mar 28, 2008 6:40 pm

Re: v6.39 [current]

Wed May 03, 2017 2:30 am

!) firewall - discontinued support for p2p matcher (old rules will become invalid);
So how we should detect p2p traffic now?
p2p matcher with two-step method (add destination ip to address list and block/prioritize this list) is working very good for me.
It's great that you think it did it's job, but actually it was not doing anything.
It was broken for a long time, and was not actually capturing any modern p2p traffic, instead it was breaking some legitimate traffic.
You can make actually working rules with l7 filters:

https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7
Normis it actually worked with unencrypted p2p. That was all I really cared for. What I would be interested to know is how does a L7 filter performer compared to the p2p matcher?
 
mmmigoro
newbie
Posts: 39
Joined: Mon Feb 14, 2011 3:48 pm
Location: PRAHOVA, Romania

Re: v6.39 [current]

Wed May 03, 2017 8:02 am

Running 2 BGP Full Routing Table here and 2 additional regional table on a CCR1036-12G-4S and after upgrade from v6.38 to v6.39 I noticed some CPU usage decrease. Previously one CPU core was always 100%, now with v6.39 it fluctuates between 85-95%.
Also power consumption is down by almost 1Wh (this grabbed my attention in the first place, then discovered the lower CPU usage).

Good job guys! Perhaps you can also let us know what was done in BGP area to lower the CPU usage?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39 [current]

Wed May 03, 2017 1:46 pm

Version 6.39.1 has been released:
viewtopic.php?f=21&t=121306

Who is online

Users browsing this forum: BillyVan, Dude2048, edupre, eworm, lurker888, onnoossendrijver and 21 guests