Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v7.2rc1 is released!

Tue Dec 21, 2021 2:41 pm

RouterOS version 7.2rc1 has been released "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.2rc1 (2021-Dec-17 21:54):

*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.2rc1 is released!

Tue Dec 21, 2021 3:22 pm

What a long list of fixes. A nice x-mas present :)

Still very slow export on some routes with limited CPU

Nearly same "simple" configuration on two test 5Hz routers.

SXT 5HPnD r2 600mHz Export: 4seconds

SXT 5HPnD 400mHz Export: First run: around 4-5 min. Second run after 6min and only 30% of config show, I get this "Console has crashed; please log in again."
Last edited by Jotne on Tue Dec 21, 2021 3:55 pm, edited 2 times in total.
 
winap
just joined
Posts: 20
Joined: Thu Sep 23, 2021 10:57 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 3:31 pm

Thanks,
RB5009 ok and can finnaly see temp.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.2rc1 is released!

Tue Dec 21, 2021 3:54 pm

Thanks,
RB5009 ok and can finally see temp.
Can you post the output of this command, Just to see what info a RB50090 gives out:
{
:put [/system/routerboard/get model]
:foreach id in=[/system health find] do={
	:local health "$[/system health get $id]"
	:put "$health"
}
}
 
winap
just joined
Posts: 20
Joined: Thu Sep 23, 2021 10:57 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 4:27 pm

Thanks,
RB5009 ok and can finally see temp.
Can you post the output of this command, Just to see what info a RB50090 gives out:
{
:put [/system/routerboard/get model]
:foreach id in=[/system health find] do={
	:local health "$[/system health get $id]"
	:put "$health"
}
}
RB5009UG+S+
.id=*11;name=cpu-temperature;type=C;value=35
 
winap
just joined
Posts: 20
Joined: Thu Sep 23, 2021 10:57 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 4:28 pm

Jotne:
But the voltage still missing.
Edit:
Thanks for help with info command.
 
soheilsh
Member Candidate
Member Candidate
Posts: 100
Joined: Fri Nov 26, 2010 3:39 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 4:34 pm

socks5 now ok in 7.2rc1 is, but 7.1.1 still problem
 
huntermic
Member Candidate
Member Candidate
Posts: 111
Joined: Wed Oct 26, 2016 3:42 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 4:48 pm

Unfortunately the issue with RB5009 DHCPv6-PD over pppoe on tagged ethernet link is not fixed
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 872
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.2rc1 is released!

Tue Dec 21, 2021 5:10 pm

CCR1009 running 7.2rc1

MY CPU has gone nuts comparatively speaking .... as shown in the below graphic ...
cpu72rc1.GIF
running 7.1.1 Stable my CPU normally is stable around 1% ... the above is put WAY out of wack ???


Reverted back to 7.1.1 and CPU is back to normal operation .... WoW :D
cpuRoS7.1.1stable.GIF
You do not have the required permissions to view the files attached to this post.
Last edited by mozerd on Tue Dec 21, 2021 5:33 pm, edited 2 times in total.
 
solomon777
just joined
Posts: 5
Joined: Sat Oct 06, 2018 2:48 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 5:15 pm

Does 7.2 fix torch isn't showing ipv6 traffic?
 
jookraw
Member Candidate
Member Candidate
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 5:15 pm

The Wireguard IPv6 peer bug is also still present on this version.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 5:17 pm

socks5 now ok in 7.2rc1 is, but 7.1.1 still problem

Change log of 7.1.1 doesn't mention anything about fixing SOCKS5. So what exactly is your point?
 
slvfibergarrett
just joined
Posts: 4
Joined: Mon Jan 04, 2021 7:24 am

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:05 pm

That's cool and all but ROS7 is a non-starter for me without BFD support. Will we ever see BFD implemented is ROS7?
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:14 pm

This version broke communication between a crs318 and a crs317 with a SFP+ 10Gbase-T adapters (same adapter type on both ends). It works fine with 7.1 and 7.1.1.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:15 pm

That's cool and all but ROS7 is a non-starter for me without BFD support. Will we ever see BFD implemented is ROS7?
Version 7.5 givertake a few decimal places. ;-P
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:23 pm

Updated (Home)LAB RB5009 - All working fine, but the box is extremely basic (but secure) configured with just PPPoE to ISP
At least it did not crash ;-)

I wonder when ZeroTier would be integrated into the Winbox GUI ? At present its all CLI, interface not visible on Winbox etc.
 
irghost
Member
Member
Posts: 302
Joined: Sun Feb 21, 2016 1:49 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:34 pm

The Wireguard IPv6 peer bug is also still present on this version.
1+
::/0 in allowed address
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1493
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:40 pm

Re: RouterOS version 7.2rc1
Can somebody shed some light on the following new features ?
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:43 pm

*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
Upgrade via ZeroTier connection, my Telit 960s now show RSRQ & RSRP - with even CA info, for both AT&T & Verizon in US – great work! Shows signal from these modems now in your iPhone app too.

Image
Image

Didn't get to check the new /tool/speed-test UI in winbox - clearly had some positioning to do with LTE - but now possible. So super useful, thanks.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:47 pm

Re: RouterOS version 7.2rc1
Can somebody shed some light on the following new features ?
*) winbox - added support for "Tool/Speedtest" menu;
The /tool/speed-test now has a UI in winbox in the "Tools" menu:
Image
 
winap
just joined
Posts: 20
Joined: Thu Sep 23, 2021 10:57 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 6:57 pm

RB5009
When I make a SpeedTest on TCP protocol, I get around 950-980Mbit..But when I make UDP I get only 15-3Mbit..Is it my fault?
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1493
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:04 pm

Re: RouterOS version 7.2rc1
Can somebody shed some light on the following new features ?
*) winbox - added support for "Tool/Speedtest" menu;
The /tool/speed-test now has a UI in winbox in the "Tools" menu:
Image
Now that is a nice feature.
I would like to see a slight modification to this new feature where the remote speedtest server has an additional new setting/feature would include the following:
- Test Duration ( where the remote btest server has the ability to set a limit on the speedtest/btest duration a remote btest session can use - and not be overridden remotely.
North Idaho Tom Jones
speedtest-7.2rc1-maximum-duration.png
I would really like to have a setting like this on the public btest server I host.
* North Idaho Tom Jones
You do not have the required permissions to view the files attached to this post.
 
Rfulton
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Aug 08, 2017 2:17 am

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:15 pm

OSPF 100% broken after update.

Not seeing neighbors anymore.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:17 pm

After upgrade from 7.1 a statically configured /ip ipsec identity was gone and the corresponding IPsec tunnel was down until I re-added it.

Edit: it turns out that the same happens when 7.1 is rebooted, I seldomly reboot so did not notice that.
Last edited by pe1chl on Tue Dec 21, 2021 8:09 pm, edited 1 time in total.
 
noradtux
newbie
Posts: 39
Joined: Mon May 24, 2021 6:33 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:18 pm

The Wireguard IPv6 peer bug is also still present on this version.
What is the "Wireguard IPv6 peer bug" you are referring to? I have SUP-65906 open where I have one wireguard interface on my rb5009 with two Linux systems as peers. Since 7.1rc5 I can only ever get one of those peers to work. Turns out the rb5009 is routing all traffic to only one of those peers. So sniffing on both peers and pinging both from the router I see with echo-requests arriving on the peer that established its wireguard tunnel last.
EDIT:
Never mind, I just found the thread.
Last edited by noradtux on Tue Dec 21, 2021 7:23 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:21 pm

/ip route print hangs, IP route screen in windows is blank
(this happens in my router that has policy routing, BGP and a lot of routes. in my hAP ac2 which has only 2 static routes, it works OK)
/export also hangs, after BGP connections (before filters)

I had to go back to 7.1, router is unusable for me like this. Will try 7.1.1 instead. SUP-69560 created with supout.rif and export.
Last edited by pe1chl on Tue Dec 21, 2021 8:08 pm, edited 2 times in total.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:22 pm

RB5009
When I make a SpeedTest on TCP protocol, I get around 950-980Mbit..But when I make UDP I get only 15-3Mbit..Is it my fault?
Probably. Especially if that's your only data point, and without data it's related to the v7.2rc1 specifically... Anyway.

I was just checking Speed Test UI on the iPhone app to pair of RB5009 we've been testing (with VRRP) using 1Gx1G fiber line. So the iPhone app also has the new Speed Test UI, in Advanced/"Gear">Tools>Speed Test.


Image

Note: the "speed test" runs from the router (e.g. not the Mikrotik iPhone app itself – just starts a test from router to internet, not the phone to internet)


In fact, even these results tell me I have something to look at: TCP download shouldn't be faster than UDP download, outside other factors.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:24 pm

Unfortunately the issue with RB5009 DHCPv6-PD over pppoe on tagged ethernet link is not fixed
It's not mentioned to be address in the release notes. But I want to confirm that I have the same result over here.
 
winap
just joined
Posts: 20
Joined: Thu Sep 23, 2021 10:57 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 7:39 pm

Amm0:
Thanks for reply and made a test.
Ok I made Bandwidth test with this..
TCP ok, UDP 44Mbit for 1sec. and than drop to 2-1Mbit..
I am new MK user, so sometimes I don't know, if I made a mistake, or it's a bug..
2021-12-21_183031.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:03 pm

I have SUP-65906 open where I have one wireguard interface on my rb5009 with two Linux systems as peers. Since 7.1rc5 I can only ever get one of those peers to work. Turns out the rb5009 is routing all traffic to only one of those peers. So sniffing on both peers and pinging both from the router I see with echo-requests arriving on the peer that established its wireguard tunnel last.
Exactly this.
SUP-67181 is another ticket on this issue.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:05 pm

Link local addresses for Wireguard interfaces a assigned now, but please note that it happens even if IPv6 is disabled (/ipv6 settings set disable-ipv6=yes). Looks like just another bug. 😜
 
hapoo
newbie
Posts: 45
Joined: Wed Apr 24, 2019 1:35 am

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:09 pm

*) ipsec - added hardware acceleration support for CCR2116;
Does this mean you'll start listing ipsec benchmarks on the "test results" page for the CCR2116?
 
usern
just joined
Posts: 7
Joined: Sat May 30, 2020 2:37 am

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:13 pm

Is there going to be a webfig / winbox update for zerotier or will it be CLI only?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:13 pm

*) bgp - do not export default BGP values;
Actually, default AS number 65530 should always be exported or else import will fail under some circumstances.
(e.g. when you have added an extra BGP template with as=65530)
 
aivarsm
just joined
Posts: 4
Joined: Thu Dec 14, 2017 7:08 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:13 pm

*) ovpn - added SHA2 authentication algorithm support;

Where should find this checkBox?
 
aivarsm
just joined
Posts: 4
Joined: Thu Dec 14, 2017 7:08 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:17 pm

i cannot confirm it... my case disabled Identity still available.

After upgrade from 7.1 a statically configured /ip ipsec identity was gone and the corresponding IPsec tunnel was down until I re-added it.

Edit: it turns out that the same happens when 7.1 is rebooted, I seldomly reboot so did not notice that.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:28 pm

Amm0:
Thanks for reply and made a test.
I am new MK user, so sometimes I don't know, if I made a mistake, or it's a bug..
Apparently sarcasm doesn't translate. If you're a beginner the v7.2rc1 "testing" version may not be best way to learn RouterOS... That mistake one.

Mistake two is you need to post your config and describe you problem more than one test fails, IN A NEW POST in this forum: viewforum.php?f=13. NOT in this thread – this is for specific discussion about issues or sharing notes, at least tangentially, related to the 7.2rc1 release. e.g. I'm pretty sure V6 is going to show the same results in your bandwidth test, that's be something to try before asking for help here.

Might also check out this Mikrotik video on what to do when you face a problem: https://www.youtube.com/watch?v=ZioYTvzohSU
 
Strikysha
just joined
Posts: 2
Joined: Wed Apr 06, 2011 11:11 pm

Re: v7.2rc1 is released!

Tue Dec 21, 2021 8:32 pm

Doesn't load after update CHR from 7.1.1 to 7.2rc1 (hetzner)
Скриншот 21-12-2021 213009.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
blackhandnz
just joined
Posts: 14
Joined: Mon Nov 29, 2021 11:41 pm
Location: New Zealand

Re: v7.2rc1 is released!

Tue Dec 21, 2021 9:16 pm

Unfortunately the issue with RB5009 DHCPv6-PD over pppoe on tagged ethernet link is not fixed
same here :(
 
User avatar
genPSI
just joined
Posts: 12
Joined: Mon Mar 14, 2011 1:07 pm
Location: Kyiv

Re: v7.2rc1 is released!

Tue Dec 21, 2021 10:37 pm

Fully support you ! Hope they will back it soon
 
ivicask
Member
Member
Posts: 422
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.2rc1 is released!

Tue Dec 21, 2021 10:41 pm

Updated from 7.1 hap ac2 crashing after 30mins out of memory, also cpu sticks at 35% with no traffic. Also memory leak on 2 other APs runing nothing but wifi..
Downgraded to 7.1.1 works fine so far.
Last edited by ivicask on Tue Dec 21, 2021 11:36 pm, edited 2 times in total.
 
sfrode
just joined
Posts: 15
Joined: Thu Apr 16, 2020 12:12 am
Location: Oslo, Norway
Contact:

Re: v7.2rc1 is released!

Tue Dec 21, 2021 10:43 pm

7.2rc1 killed L2 connection on all my SFP+ fiber modules on a CRS317 to servers and switches. DAC cable works though. Downgrade to 7.1.1 resolved it.
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v7.2rc1 is released!

Tue Dec 21, 2021 11:29 pm

High cpu load when idle
and memory leak

hap ac2
Снимок экрана 2021-12-21 232959.png
You do not have the required permissions to view the files attached to this post.
 
Ady262
just joined
Posts: 4
Joined: Sat Dec 18, 2021 2:10 am

Re: v7.2rc1 is released!

Tue Dec 21, 2021 11:34 pm

I still have a problem with SFP+ port negotiation on RB5009UG+S+IN with AOC-STGN-I2S(X520-DA2).
 
User avatar
afink
newbie
Posts: 34
Joined: Wed May 29, 2013 7:16 pm
Location: Basel & Freetown
Contact:

Re: v7.2rc1 is released!

Wed Dec 22, 2021 12:25 am

*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
I have 20 VLANS everywhere...
*) l3hw - fixed bonding source MAC address;
And most have bonding...
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
Yes please!
*) ospf - fixed distance if "originate-default" is set to "always";
might have run into this
*) ospf - fixed neighbor stuck in ExStart;
seen that
*) ospf - improved logging;
useful to debug
*) ospf - improved overall stability;
definitively need that
*) ospf - improved stability for very large LSDB;
seen that
*) ospf - improved stability when DR goes down;
seen that
*) ospf - improves stability when handling looped back OSPF packets;
seen that
*) route-filters - fixed possible address list race condition and memory leak;
ouch!
*) upgrade - improved 404 error handling when checking for new versions;
seen that many times.

So all in all big improvements.
I saw totally crazy things these days. Things like you can not ping your own IP. Things like 50% packet loss while pinging your neighbor on the same 10G lan with no other traffic.
Things like ospf routes dissapearing all the time up to the point where there are no ospf routes in the table at all. Things like you have to remove ip and vlan and re-add it to make your ip be able to be pinged again but then 24h later its gone again.


Now theres a few small things left to fix... like this one:

dec/21/2021 18:46:54 system,error,critical router was rebooted without proper shutdown, probably kernel failure
dec/21/2021 18:46:54 system,error,critical kernel failure in previous boot

Its only a small detail disconnecting thousands of users...
Last edited by afink on Wed Dec 22, 2021 12:30 am, edited 1 time in total.
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 138
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 12:29 am

Hi,

High CPU on mAPLite:

Only IKEv2 + Cake.

V7rc2: 100%
V7.1.1: 8%

Regards,
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.2rc1 is released!

Wed Dec 22, 2021 2:06 am

Image

I am experiencing the same issue as above on a CHR running on KVM with virtio-scsi disks. It worked in 7.1 but will not boot in 7.2rc1.

I changed the disk controller type to IDE and the CHR will boot, but this obviously resets the software ID.

It looks like someone forgot to add virtio-scsi support to the new kernel.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Wed Dec 22, 2021 2:22 am

- "Old style" routing filters add (like v6), not only syntax - VERY IMPORTANT!!!
Why is this "very important"? I really can't see them doing this. The new syntax borrows some of the best bits from Cisco IOS-XR syntax with their if-then-else statements and Juniper-style JSON-like braces.
 
aboiles
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sat Nov 07, 2015 6:52 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 2:27 am

7.2rc1 killed L2 connection on all my SFP+ fiber modules on a CRS317 to servers and switches. DAC cable works though. Downgrade to 7.1.1 resolved it.
Same here but only on a CRS317-1G-16S+. worked fine on both CRS309-1G-8S+ and CRS328-24P-4S+.
All CRS units back to 7.1.1

Opened ticket SUP-69682
Last edited by aboiles on Wed Dec 22, 2021 9:00 pm, edited 1 time in total.
 
wojo
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Tue Aug 21, 2018 4:37 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 3:13 am

This version broke communication between a crs318 and a crs317 with a SFP+ 10Gbase-T adapters (same adapter type on both ends). It works fine with 7.1 and 7.1.1.

Ditto, killed all my Fiber Mall SFP-10G-T-CI-80m units. Works on 7.1.1.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 3:19 am

- "Old style" routing filters add (like v6), not only syntax - VERY IMPORTANT!!!
Why is this "very important"? I really can't see them doing this. The new syntax borrows some of the best bits from Cisco IOS-XR syntax with their if-then-else statements and Juniper-style JSON-like braces.
And at the same time, loses the best bits from ROS and Winbox style syntax/UI.
 
wojo
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Tue Aug 21, 2018 4:37 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 3:40 am

Looks like SD cards still do not mount on CCR1009-7G-1C-1S+, same on 7.1.x.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Wed Dec 22, 2021 3:48 am

And at the same time, loses the best bits from ROS and Winbox style syntax/UI.
It is probably way more efficient in terms of CPU cycles to be able to use if - then - else syntax. Any OR or ELSE conditions before would have required more rules, and therefore more loops for handling each route, and that ends up meaning higher CPU usage when loading routes from peers, slower convergence, and all of the things we want to avoid.

Huawei apparently has a similar if-then-else structure: https://support.huawei.com/enterprise/e ... ute-filter
And the BIRD routing daemon also has an if-then-else syntax for filters, although it is closer to traditional programming there.

The more I dig through the routing filter features in v7, I keep finding more and more ways to reduce the number of filter rules by a great deal compared to v6.

Over time they can probably make better GUI helpers for constructing such rules, so that you don't have to type out a lot of different filter rules from the CLI.
Last edited by mducharme on Wed Dec 22, 2021 4:32 am, edited 1 time in total.
 
aoakeley
Member Candidate
Member Candidate
Posts: 171
Joined: Mon May 21, 2012 11:45 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 4:18 am

Good to see lots of bugs fixed. This needs to be the priority, not new features.
Functional parity with v6 should be the objective now (Sorry to anyone who is waiting for Docker to come back)

Just bumping the following
EAP-TLS: viewtopic.php?t=180713
IPv6:viewtopic.php?t=181350
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 7:41 am

*) ovpn - added SHA2 authentication algorithm support;

Where should find this checkBox?
Currently only accessible using command line interface. We will add the new parameters to WinBox.

WireGuard multiple IPv6 tunnel issue is already reported and is waiting for fixing.

Regarding the lost IPsec Identities on reboot/upgrade. I am unable to reproduce such issue. Any additional tips on how to reproduce the issue are welcome. If someone can reproduce the issue every time after rebooting the router, perhaps an unencrypted backup file from such router might help us.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 10:00 am

Hello,
I totally agree: first we need to have more stability. Still, I miss container support... :)
I have upgraded my RB5009 to 7.2RC1 and still my (noname) SFP+ modules don´t work, which did work on 6.x with my CRS309. It won´t "go into production" probably until 7.3.

Despite all the Problems, I do appreciate the pace new releases come out. Also, it´s almost Christmas and we still got so many bugfixes!

Regards

Woland
Good to see lots of bugs fixed. This needs to be the priority, not new features.
Functional parity with v6 should be the objective now (Sorry to anyone who is waiting for Docker to come back)

Just bumping the following
EAP-TLS: viewtopic.php?t=180713
IPv6:viewtopic.php?t=181350
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 11:27 am

The more I dig through the routing filter features in v7, I keep finding more and more ways to reduce the number of filter rules by a great deal compared to v6.
In all my routers and routers I know, there is a 1:1 correspondence between v6 and v7 rules (exactly the same number of rules required).
But maybe my situation is not representative, because I only use BGP on private closed networks (with private AS#) and not for the internet.
My rules are only doing things like setting local-pref based on community, setting preferred-source for the routes, and allowing the IP space I want to route.
Over time they can probably make better GUI helpers for constructing such rules, so that you don't have to type out a lot of different filter rules from the CLI.
Of course this has been made much more complicated by using this new syntax. Remember there also is no GUI helper for constructing scripts.
For the common case of "define some matching criteria and perform some action(s)", where the matching criteria are ANDed, the old way of defining the rules could be brought back and maybe some special marker to know that the rule was constructed this way so it can be edited the same way...
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.2rc1 is released!

Wed Dec 22, 2021 12:27 pm

As there's a conversion tool for v6-to-v7 embedded in RouterOS, they can accept v6-style rules and then automagically convert them to v7 format :D

P.S. They won't
 
soheilsh
Member Candidate
Member Candidate
Posts: 100
Joined: Fri Nov 26, 2010 3:39 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 12:28 pm

openvpn notworking in v7.2rc1
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 12:42 pm

I still have a problem with SFP+ port negotiation on RB5009UG+S+IN with AOC-STGN-I2S(X520-DA2).
Need more information, please open a support ticket and send a supout.rif file. Also specify what kind of SFP modules are you using.
openvpn notworking in v7.2rc1
Need more information, please open a support ticket and send a supout.rif file.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 12:44 pm

For the convenience of winbox management, our colleagues also ask to add it
Well, at least the winbox screen for route filter has finally been fixed (is not in the changelist I think).
Now you can edit/insert/move route filters without going to commandline. But of course you still need to manually type the filter rule :-(
 
soheilsh
Member Candidate
Member Candidate
Posts: 100
Joined: Fri Nov 26, 2010 3:39 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 1:00 pm

I still have a problem with SFP+ port negotiation on RB5009UG+S+IN with AOC-STGN-I2S(X520-DA2).
Need more information, please open a support ticket and send a supout.rif file. Also specify what kind of SFP modules are you using.
openvpn notworking in v7.2rc1
Need more information, please open a support ticket and send a supout.rif file.
no need to open ticket , just try and test with android to mikrotik vpn , or openvpn winodws to mikrotik and then you can see openvpn notworking in tcp mode / udp mode / ip mode / ethernet mode
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 1:11 pm

It works for me without any issues from RouterOS, Linux and Windows clients.
 
evbocharov
newbie
Posts: 26
Joined: Tue May 25, 2021 11:06 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 1:48 pm

Don't understand these change
*) dhcpv4-server - allow adding comments;
What is it? always was a comments or maby new column
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.2rc1 is released!

Wed Dec 22, 2021 1:54 pm

it means that you can now add a "comment" to the dhcp server
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 2:56 pm

And at the same time, loses the best bits from ROS and Winbox style syntax/UI.
It is probably way more efficient in terms of CPU cycles to be able to use if - then - else syntax. Any OR or ELSE conditions before would have required more rules, and therefore more loops for handling each route, and that ends up meaning higher CPU usage when loading routes from peers, slower convergence, and all of the things we want to avoid.

Huawei apparently has a similar if-then-else structure: https://support.huawei.com/enterprise/e ... ute-filter
And the BIRD routing daemon also has an if-then-else syntax for filters, although it is closer to traditional programming there.

The more I dig through the routing filter features in v7, I keep finding more and more ways to reduce the number of filter rules by a great deal compared to v6.

Over time they can probably make better GUI helpers for constructing such rules, so that you don't have to type out a lot of different filter rules from the CLI.
To me the argument of "Cisco does it this way, Juniper does it that way, and so on" is a non-argument.

I understand that the explanation given for ditching the very-much intuitive and usable v6 filters for the new non-user friendly syntax is performance gains, but they could have abstracted that away from the end user and kept the same UI that many of us know and love.
It's not like they haven't done it before specifically for BGP when they used Quagga under the hood.
MikroTik has managed to abstract pretty much all Linux functionality with their superior UI and CLI, and they can't find a solution to this?

Give us the ability to write the rules the same way as before and compile them into the new format under the hood in order to achieve the better performance the new syntax provides.

As it stands now, the usability aspect of it all, to me, defeats any performance benefits.
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v7.2rc1 is released!

Wed Dec 22, 2021 3:43 pm

if you add a lot of addresses (more than 32) to firewall - address list, then a high cpu load and memory leak begins
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 4:35 pm

I understand that the explanation given for ditching the very-much intuitive and usable v6 filters for the new non-user friendly syntax is performance gains, but they could have abstracted that away from the end user and kept the same UI that many of us know and love.
It's not like they haven't done it before specifically for BGP when they used Quagga under the hood.
MikroTik has managed to abstract pretty much all Linux functionality with their superior UI and CLI, and they can't find a solution to this?
When looking at the entire BGP configuration, it seems to me there was a new developer assigned to this task who has a different opinion on how these things should look.
First seeing the BGP in v7 I expected that everything was going to change, but until now that hasn't happened.
Maybe some hefty internal discussions on how this should be done?
It does not seem impossible to keep the old method (with all the different fields that are implicitly ANDed together) in addition to this new "rule=" method, and then have the code internally create a rule from the traditional matching fields and use that.
(it would likely be a bit more difficult to handle this completely inside winbox, i.e. derive the traditional user interface from the rule that is currently in place)
 
soheilsh
Member Candidate
Member Candidate
Posts: 100
Joined: Fri Nov 26, 2010 3:39 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 5:19 pm

It works for me without any issues from RouterOS, Linux and Windows clients.
i found openvpn problem ,
clean install is ok
my backup for 6.42.2 and restore in 7.2rc1 , when backup restore openvpn is broken
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Wed Dec 22, 2021 5:36 pm

I understand that the explanation given for ditching the very-much intuitive and usable v6 filters for the new non-user friendly syntax is performance gains, but they could have abstracted that away from the end user and kept the same UI that many of us know and love.
It's not like they haven't done it before specifically for BGP when they used Quagga under the hood.
MikroTik has managed to abstract pretty much all Linux functionality with their superior UI and CLI, and they can't find a solution to this?
When looking at the entire BGP configuration, it seems to me there was a new developer assigned to this task who has a different opinion on how these things should look. [...]
I think Mikrotik's holiday video has a clue: "Do you want to discuss BGP?" ... "No".
https://youtu.be/RH0bHO1-efo?t=239
Maybe Kwanzaa will bring Quagga.

So they are clearly aware of some unanswered questions.
 
curtdept
just joined
Posts: 2
Joined: Wed Nov 17, 2021 8:00 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 6:09 pm

Any idea on what the status of being able to specify direction on a cake queue is?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Wed Dec 22, 2021 7:22 pm

I think Mikrotik's holiday video has a clue: "Do you want to discuss BGP?" ... "No".
Maybe Viktors is the BGP developer? Eva certainly isn't, she works in the logistics department and is not interested in BGP...
 
User avatar
afink
newbie
Posts: 34
Joined: Wed May 29, 2013 7:16 pm
Location: Basel & Freetown
Contact:

Re: v7.2rc1 is released!

Wed Dec 22, 2021 7:35 pm

I think Mikrotik's holiday video has a clue: "Do you want to discuss BGP?" ... "No".
Maybe Viktors is the BGP developer? Eva certainly isn't, she works in the logistics department and is not interested in BGP...
Guys, face it. BGP and OSPF has changed drastically in RouterOS7. There's no easy way to upgrade without breaking things I believe.
It's the time to rethink your strategy and rewrite filters from scratch by hand instead of just using automated upgrade falling on your feet.
I know its a pain, I been through this in a recent beta and I run into many many issues. On the other hand there's stuff which never worked in RouterOS 6 (like VLANs with ipv6 and OSPFv3 or dealing with full BGP routing tables which are running on 1 single core only) which are now totally fine.

So I can only recommend investing the time into the learning curve instead of moaning that the old filters don't work the way they where before. If the new way is better from a user interface perspective, I can't really say. But I can say that it's important to understand the new logic properly and I see a lot of options and power coming out of them in the long run.

(now going back to figure out why the hell my BGP announces a /32 ...)
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v7.2rc1 is released!

Wed Dec 22, 2021 8:45 pm

Does then BGP stands for Big Glittering Packages???
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 11:12 pm

This version broke communication between a crs318 and a crs317 with a SFP+ 10Gbase-T adapters (same adapter type on both ends). It works fine with 7.1 and 7.1.1.

Ditto, killed all my Fiber Mall SFP-10G-T-CI-80m units. Works on 7.1.1.
I've been having problems since 7.1 with link flapping and SM SFP+ 10G adapters. Setting to 1G and removing auto-negotiation "fixed" it for me, but I want the BW back. At least they appear to be working on it..
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.2rc1 is released!

Wed Dec 22, 2021 11:13 pm

I still have a problem with SFP+ port negotiation on RB5009UG+S+IN with AOC-STGN-I2S(X520-DA2).
Need more information, please open a support ticket and send a supout.rif file. Also specify what kind of SFP modules are you using.
openvpn notworking in v7.2rc1
Need more information, please open a support ticket and send a supout.rif file.
SUP-68278 is in with everything you've requested since Dec. 8, since these problems started with 7.1. It's had no updates or responses. 7.1.1 also did not fix this issue, and it seems like 7.2 also has problems with SFP+s...
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 1:06 am

Give us the ability to write the rules the same way as before and compile them into the new format under the hood in order to achieve the better performance the new syntax provides.

As it stands now, the usability aspect of it all, to me, defeats any performance benefits.
I can't see MikroTik resurrecting the v6 routing filter format at all. I can see MikroTik building a GUI interface for the new syntax, but not for the old syntax. Probably what we will see before that is some kind of auto-complete in Winbox for the filters like we have at the CLI.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 1:13 am

In all my routers and routers I know, there is a 1:1 correspondence between v6 and v7 rules (exactly the same number of rules required).
One big change is the ability to use address-lists now in BGP filter rules. So for bogon filtering, instead of having a rule for each bogon prefix you wish to filter (of which there will be around 20-25), you can use a bogon-prefixes address list with a single filter rule. So, you eliminate at least 19 filter rules this way if you do bogon filtering in BGP. This is just one example of where the new format is improved over the old one. After getting used to the new format and the new features it has, I'm sure we will find many other new ways of reducing the rule count.

Of course this has been made much more complicated by using this new syntax. Remember there also is no GUI helper for constructing scripts.
Scripts are even more complicated than this routing filter format. I think it will be possible for them to build a GUI helper for this format, but doing so will require some architectural changes to webfig and winbox most likely as the current UI field types may not work. But I suspect that doing this will be easier and better in the long run than trying to bring the v6 filter interface forward.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 1:29 am

For the convenience of winbox management, our colleagues also ask to add it
So rather than allow them to build some kind of winbox management for the new format, you want them to bring back the old one? It doesn't make sense. It would be better for them to build a new GUI for the new format as then you could make use of the possibility for "OR" matching and the "ELSE" condition.

As an example of something like this, here is an example of the "Event Trigger" builder from the Zenoss NMS, which makes use of levels with "any" or "all" matching, and drop downs for the options. A GUI design similar to this could be made to accommodate the routing filter syntax. Not the same as the old GUI, no, but something along these lines could still work.
You do not have the required permissions to view the files attached to this post.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 1:34 am

As an example for what could be perhaps done in RouterOS would be to have the filter start with something like just an "if" block with an action block:
if (
   [+]
)
{
   [+]
}
Clicking the + button would give a list of different options, so for the if, it would give the option for what criteria you wanted to match on. Then after choosing that, you would get the comparison operators as a drop down, like "in" or < or > and things like that. Then after choosing the comparison operator, you would enter what you want to be compared (the prefix or whatever). And then you could click a button to add an and criteria for a second matcher, or an or, or parentheses for more complicated rules. So as you add more and more criteria, the rule would expand vertically. Such a graphical builder for the new rule syntax would be quite powerful, and I think easier to make than trying to port the old v6 filters over. You would still be able to do everything with point and click like before, but you would get all the performance advantages of the new syntax.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 9:01 am

It's still a nightmare. How about searching on filters? Nope. Sorting per attribute? Nope.
Everything that made BGP on ROS great, is gone.

I don't care if it takes me months to rewrite everything from the old format to the new. That's not my issue.
My issue is ongoing management and troubleshooting of this thing on production networks.

It is not usable (as in usability). I don't know how else to explain it.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 9:20 am

Everything that made BGP on ROS great, is gone.
Most people hated BGP on RouterOS v6 when it came to performance handling full tables, forcing them to move to other platforms. I wouldn't say that BGP on RouterOS was ever seen as "great".
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 9:22 am

It does not seem impossible to keep the old method (with all the different fields that are implicitly ANDed together) in addition to this new "rule=" method, and then have the code internally create a rule from the traditional matching fields and use that.
(it would likely be a bit more difficult to handle this completely inside winbox, i.e. derive the traditional user interface from the rule that is currently in place)
There is no need to create the rules that we see now. Especially in Winbox.
That's why I said 'compile' them into the new format under the hood.

That is, the code be smart enough to take all 'traditional' rules and simplify them into whatever format and number of them it needs to be as performant as possible. Not being able to even see the new rule syntax.
Like what a good compiler does when you have stupid code and it translates it as efficiently as possible to machine code.
You don't see if your dead code is included or not in your compiled binary. A good/smart compiler will ditch that automatically.

ie: ditch the new rule syntax.

I don't see any comments on how excited they are to have to write code for their router to work.
It's either negative, or neutral.

As it stands, it's just an academic exercise on how to make a fast BGP. Not a usable BGP (as in usability).
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 9:32 am

Everything that made BGP on ROS great, is gone.
Most people hated BGP on RouterOS v6 when it came to performance handling full tables, forcing them to move to other platforms. I wouldn't say that BGP on RouterOS was ever seen as "great".
For smaller or internal networks that didn't use full tables, it was great. It did the job despite its stupid bugs.
It was easy to build complicated stuff with minimal effort. And most importantly than everything else, was that troubleshooting it was sane. Filters were searchable/filterable/sortable and you could find out what's going on easily. Management and troubleshooting is, to me, what sets apart a solution. Not fancy performance numbers alone.

So, yes, the few parts of it that made it differ from other solutions and made it stand out and great, are gone.

And let's be honest, unless you did full tables, it worked almost perfectly fine for 99% of cases.
Sure there were niche applications where it didn't do what you needed to, but practically its main problem was performance when it came to large routing tables.

So, in order to make it work with full tables, it lost all of its usability.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 9:37 am

For smaller or internal networks that didn't use full tables, it was great. It did the job despite its stupid bugs.
There was one really serious bug in v6 route filtering that bit us multiple times. The order of the rules shown in the GUI was not true. You had to do an /export from the command line to make sure that the rule order was the same as seen in the GUI. Otherwise you could think that what you set up was just fine and meanwhile it was in a completely different order than you thought it was. The GUI completely lied to us on multiple occasions about the order of rules and caused major issues.

I would not call a GUI that made it look like the rules were ordered 1,2,3,4,5,6,7,8 good when they were actually ordered 1,3,4,5,8,6,7,2.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 9:55 am

That's why I said 'compile' them into the new format under the hood.

That is, the code be smart enough to take all 'traditional' rules and simplify them into whatever format and number of them it needs to be as performant as possible. Not being able to even see the new rule syntax.
Like what a good compiler does when you have stupid code and it translates it as efficiently as possible to machine code.
You don't see if your dead code is included or not in your compiled binary. A good/smart compiler will ditch that automatically.

ie: ditch the new rule syntax.
Why don't you contact the Cisco IOS-XR developers and tell them that they must be complete and utter idiots because they are using if-then-else syntax when they should be able to come up with super easy magic method to convert simpler IOS style routing filters to perform the same as IOS-XR filters? I bet they would love that feedback.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 10:00 am

Oh my god, are you getting paid by MikroTik?

If 5 years ago I came here asking for MikroTik to ditch their filters syntax for Cisco or Juniper syntax I would get bashed by everyone (rightfully so).
Now that the exact thing has happened, you are defending them.

And stop giving non-arguments about what Cisco or anyone else does. We do not care about Cisco or Juniper or Huawei.
We care about what MikroTik HAS done. Not some hypotheses in some alternate universe.

Jeez...
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.2rc1 is released!

Thu Dec 23, 2021 10:04 am

Guys to stop holy wars on which routing filters are better I can say that it is in our TODO list to make GUI more user-friendly.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 10:08 am

Oh my god, are you getting paid by MikroTik?
No, I'm not, but I don't have to make routing filter changes that often. And my friend who does have to work with BGP routing filters all the time is super excited by the new MikroTik format and loves it compared to the RouterOS v6 format. So in one ear I am hearing existing MikroTik users complaining about the new format, and in the other ear hearing "finally! it is about time that MikroTik did this! Their old format was terrible, this is so much better"
 
User avatar
NAB
Trainer
Trainer
Posts: 542
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK
Contact:

Re: v7.2rc1 is released!

Thu Dec 23, 2021 10:35 am

Hi all,

I posted in the 7.1 thread about the CCR1009-8G-1S-1S+ we have that has problems with kernel errors forcing reboots.

I upgraded it to 7.2rc1 and it got worse...
Screenshot 2021-12-23 082916.png
It got to the point that it came half-way back (you could ping it, it would route traffic, but you couldn't connect to it with SSH, Winbox or RoMON), so I ended up power-cycling it.

And the problems just disappeared.

So what is the difference, as far as ROS is concerned, between a reboot and a power-cycle?
You do not have the required permissions to view the files attached to this post.
 
User avatar
NAB
Trainer
Trainer
Posts: 542
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK
Contact:

Re: v7.2rc1 is released!

Thu Dec 23, 2021 10:38 am

Packet sniffer - it's been broken in Winbox in v6 for a while, but at least when you closed the packet window down and opened it again the IP addresses and ports became visible.

In v7 the IPs/Ports only become visible when you double-click on an entry and on a few machines, the packet list never gets cleared out, so you end up trying to work out whether a line in the list is newly sniffed or was from a previous session.

Anybody else seeing the same?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.2rc1 is released!

Thu Dec 23, 2021 10:44 am


So what is the difference, as far as ROS is concerned, between a reboot and a power-cycle?
From a HW point of view this might be a possible reason:
power cycle clears all dynamic memory (if you wait long enough before applying power again).
On reboot power is still applied on that same memory and it could be some info is kept. If afterwards a bad initialized object references that memory location, it reads something which was left behind.
I could be wrong here but I 've seen this process happen plenty of times in my long-gone past when programming/debugging.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 11:58 am

In all my routers and routers I know, there is a 1:1 correspondence between v6 and v7 rules (exactly the same number of rules required).
One big change is the ability to use address-lists now in BGP filter rules. So for bogon filtering, instead of having a rule for each bogon prefix you wish to filter (of which there will be around 20-25), you can use a bogon-prefixes address list with a single filter rule. So, you eliminate at least 19 filter rules this way if you do bogon filtering in BGP. This is just one example of where the new format is improved over the old one. After getting used to the new format and the new features it has, I'm sure we will find many other new ways of reducing the rule count.
But that is not a property of the new format! It is a capability of the new filter implementation!
Adding address lists would have been possible in the old format as well. Look at the firewall rules, there you have support for address lists without having to write an iptables rule yourself.
Now I certainly recognize the problem that in these statements it is inconvenient that there always is a separate column for literal addresses and address lists, for explicitly named interfaces and interface lists, etc.
But solving that by going back to plain if statements in textmode is a bit to rigorous, now we have lost all the "simple config using GUI" properties of RouterOS (in this section) and in fact are thrown back to the level you have when configuring a plain Linux system.
The reason to use RouterOS instead of a Debian box with packages and editing everyone of the 100 config files in a text editor is precisely to have a consistent config interface and config that is explainable to everyone. For that, I am willing to give up some flexibility. When that property is dropped, why keep using it?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 12:03 pm

There was one really serious bug in v6 route filtering that bit us multiple times. The order of the rules shown in the GUI was not true. You had to do an /export from the command line to make sure that the rule order was the same as seen in the GUI. Otherwise you could think that what you set up was just fine and meanwhile it was in a completely different order than you thought it was. The GUI completely lied to us on multiple occasions about the order of rules and caused major issues.
Really??? I have NEVER seen that in all my use of RouterOS over the years! Are you sure you did not inadvertently click on a table header to sort the rules e.g. by Chain name? THEN it indeed is wrong, and until now (it was fixed in 7.1.1 and 7.2rc1) this thing was happening in v7 because the # column was not there.
But in v6 I have always seen increasing numbers in the # column and the rules the same as in CLI or export, unless mistakenly they were sorted on some other column.
(this usually makes no sense in tables like this, but maybe can be useful to locate some specific item that occurs multiple times and has to be changed)

What I DID experience with v6 filter rules is the commonly known problem that a modification of the rules is not automatically applied until you either disable/enable the rule or do a "forced Refresh/Resent". That is not related to the above.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 3:58 pm

Really??? I have NEVER seen that in all my use of RouterOS over the years! Are you sure you did not inadvertently click on a table header to sort the rules e.g. by Chain name? THEN it indeed is wrong, and until now (it was fixed in 7.1.1 and 7.2rc1) this thing was happening in v7 because the # column was not there.
It was something to do with the sort order, yes, but I don't know exactly what. My former coworker told me of this issue when he first came to work for us and it impacted things a few times when he was entering the routing filters. There were certain weird cases where the number shown in the # column would not be correct and you would not know until exiting winbox and going back in or doing an export. He would be adding more rules and moving them around and they would actually not be in the order that he was seeing them and not with the item # he was seeing them. He would do nothing but exit winbox and go back in and route filter #25 would suddenly become #29 and and #28 would become #24 and things like that. The new numbers after exiting and going back in were correct and what the router was actually using, but showing the item number entirely was misleading. It can be misleading and potentially dangerous when you see rules ascending by # and they seem to be in a certain order but in reality those #'s are wrong and will change if you exit and go back in, or start a new winbox session alongside. I hadn't done much with routing filters until he came to work for us but he made it seem like a known issue that everybody was encountering from time to time with routing filters, so I never really looked into it much more or reported it. Neither of us had this issue with firewall rules, which work in much the same way and we worked with firewall rules much more frequently, so it was something specific to routing filters.
Last edited by mducharme on Thu Dec 23, 2021 4:16 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 4:16 pm

The only scenario where I could imagine that kind of things happening is when two different persons (or two winbox sessions operated by the same person) each are making additions to the routing filters.
To reduce the risk of conflicts in this case, "refresh" the window (F5) before making additions when it has been open for long enough times to let others make additions.
The issue is that windows without active colums (counters etc) are not updated from the router all the time.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 4:20 pm

The only scenario where I could imagine that kind of things happening is when two different persons (or two winbox sessions operated by the same person) each are making additions to the routing filters.
No, in this case only he was making the changes. I remember it happened once when he added the rules and they weren't working as expected and so I logged in to have a look and I saw the rules in the wrong order. So I asked him about rule #96 or something like that but his rule #96 was some completely different rule. Then when he started a new winbox session he saw the same rule #96 as me. It would only have been the two of us creating new route filters and I was not making changes to them at the time. I don't know how to reproduce it though.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 4:31 pm

*) pppoe - use default MTU of 1492;
Wow! Maybe one of my ISPs using MikroTik will finally offer 1492 instead of the current default 1480. And maybe rfc4638 in the current lifetime. (In the next decade when/if they move to v7, but I have a feeling they've been bought already and the new company will start using other equipment till then).
Does this mean that PPPoE "auto" MTU is no longer tied to the underlying ethernet interface MTU -20 Bytes of MikroTik "headers"? as described in viewtopic.php?f=2&t=171390#p838707 and support ticket SUP-38224 ?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 4:45 pm

Does this mean that PPPoE "auto" MTU is no longer tied to the underlying ethernet interface MTU -20 Bytes of MikroTik "headers"?
Probably. I think the only reason for the 1480 default was that in Windows XP when you set up the built in PPPoE dialer it used 1480 and I don’t think you could change it. But these days I don’t think anybody is using Windows XP’s PPPoE dialer to get online, at least I hope not.

Most likely it now defaults to the interface MTU minus 8.
 
ffries
Member Candidate
Member Candidate
Posts: 177
Joined: Wed Aug 25, 2021 6:07 pm

Re: v7.2rc1 is released!

Thu Dec 23, 2021 5:07 pm

Many thanks.
Last edited by ffries on Sun Dec 26, 2021 10:09 am, edited 1 time in total.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Thu Dec 23, 2021 5:30 pm

ATA is unable to register with my VoIP provider, I get "Register Failed: No Response From Server" error on my ATA. Packet capture indicates packets being sent but nothing coming back.

Note this is on an x86 machine. Works on Router OS 6.49.2, doesn't work on any of the 7.x.x series routeros versions including 7.2rc1. I followed the configuration guide here to setup the router https://help.mikrotik.com/docs/display/ ... figuration

I've gone as far as completely disabling the firewall to see if that would work and it changes nothing, sip helper has also been disabled.

I'll admit I'm very new to routeros, I'm either missing something in my config or there's something up with the 7.x.x versions as 6.49.2 allows the ATA to register.
If the SIP/RTP was working in v6, not much should have effected this in v7. I'd make sure everything else in your network was working with V7, otherwise troubleshooting SIP isn't best place to start troubleshooting a network.

So I'd start by looking at your config: similar routes, IPs, firewall rules, etc. – generally the V7 upgrade works to migrate all the settings, but always possible sometime may have been lost/changed in the upgrade that was needed for this to work. Routing was significantly changed in V7, so it possible that the route out may have changed if you have a more complex routing setup than a single LAN/WAN.

If you WERE using the SIP ALG firewall helper in V6, it is possible that has subtle changed in V7. Generally it's not helpful for newer ICE-based SIP sessions, so typically disabled. BUT if it was enabled before, possible something in V7 ALG firewall helper is not right – but you'd be better off looking at the SIP settings on ATA to avoid needing. I'd likely leave that disabled while troubleshooting/collecting traces.

Mikrotik actually does have good tool for looking at SIP problem, v6 or v7. IP>Firewall>Connection is sometime helpful to see the flows without having to use a trace. Similarly, you can add firewall filter rules with log only action (e.g. not block or accept), so can log anything with the src-address of the ATA, or SIP provider, etc. Dunno if your using Wireshark on a PC to collect the traces, but the is Tool>Packet Sniffer on the Mikrotik if you're not already using that.

The only things I can think of that might be different or try in v7:
  • Unlikely, but possible, the ATA is using IPv6. If so, that's enabled by default, so the IPv6 firewall would come into play. But you'd see those in the packet traces.
  • Since your on X86, obviously all the network drivers etc have changed – while these shouldn't matter, the once in a while do in these kinds of problems. Do you have a hardware Mikrotik you can try your configuration with V7 on with say one ATA?
At the end of the day, not a "rc" is best for VoIP path just yet. Sure v7 can work, but more likely there might be a problem since it still pretty new. e.g. you're new to Mikrotik, it might be hard to spot some config error from a v7 bug. And X86 makes v7 even harder since it very well possible you're the very first person to use a particular network card etc.
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 232
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: v7.2rc1 is released!

Thu Dec 23, 2021 5:58 pm

I didn't have time to troubleshoot, but on upgrade ospf stopped working. Was unable to view any routes/nexthops from cli or winbox. downgrade to 7.1 fixed the problem.
 
dakobg
Member Candidate
Member Candidate
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: v7.2rc1 is released!

Thu Dec 23, 2021 6:34 pm

OSPF 100% broken after update.

Not seeing neighbors anymore.
Check if you use authentication ..
In my case this was the problem, neighbor is ros6
I just remove it .. for me this was not requirements (legacy config) so i did not do future tests
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 232
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: v7.2rc1 is released!

Thu Dec 23, 2021 9:37 pm

OSPF 100% broken after update.

Not seeing neighbors anymore.
Check if you use authentication ..
In my case this was the problem, neighbor is ros6
I just remove it .. for me this was not requirements (legacy config) so i did not do future tests
Thanks, no auth here.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Dec 23, 2021 11:03 pm

But that is not a property of the new format! It is a capability of the new filter implementation!
Adding address lists would have been possible in the old format as well. Look at the firewall rules, there you have support for address lists without having to write an iptables rule yourself.
Now I certainly recognize the problem that in these statements it is inconvenient that there always is a separate column for literal addresses and address lists, for explicitly named interfaces and interface lists, etc.
Somewhat. However we are able to do things like "if dst-address is in bogons-list OR dst-address is in rfc1918-list then reject", which saves another rule.

In our case we really want to go DFZ instead of getting a default route from our transit, and can't really do that without RouterOS v7. Even then I will be looking at how to squeeze the best performance out of the routing filters, and the new syntax gives a way of doing that.

As for the ease of use with the graphical stuff, as I said I think they can create a graphical editor that can handle this that would mostly be mouse driven, it would have to be able to expand vertically or horizontally to accommodate nested parentheses or else statements.

I would also say that most simple MikroTik users are not using BGP. Even at the WISP level, many smaller WISPs simply NAT everything and do not do BGP with their upstream, as that may not be an option in some areas. Those users generally wouldn't care about routing filters at all. Once you get up to the size of where you actually run BGP and you start to use routing filters, something like the new syntax should not be too intimidating for someone. I would like to see a graphical interface too, it is pretty useless entering rules in winbox at the moment since you can't even see if there is a syntax problem. I don't like having to drop down to CLI to do this, but I imagine it is just a temporary situation.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Fri Dec 24, 2021 12:06 am

But that is not a property of the new format! It is a capability of the new filter implementation!
Somewhat. However we are able to do things like "if dst-address is in bogons-list OR dst-address is in rfc1918-list then reject", which saves another rule.
What we need is a possibility to have "list:set" address-lists (that is what they are called in ipset, the underlying Linux mechanism of address-lists).
That allows you to define an address-list "unwanted-list" containing bogons-list and rfc1918-list as members, and a match to unwanted-list would match entries from both those lists. I use that sometimes in plain Linux systems configured for routing and firewalling.
There are other useful list types in ipset, like hash:net,ports or bitmap:ports or bitmap:ip.
MikroTik should look at introducing them into RouterOS. It would probably require pre-definition of address lists before populating them, similar to interface lists and (in v7) routing tables.
I would also say that most simple MikroTik users are not using BGP. Even at the WISP level, many smaller WISPs simply NAT everything
Probably. I do use BGP a lot, not internet peering BGP but as an auto-routing protocol on closed networks consisting of VPN tunnels and/or WiFi links. It does not require those complicated filters.
 
User avatar
Smoerrebroed
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Mon Feb 12, 2018 10:21 am

Re: v7.2rc1 is released!

Fri Dec 24, 2021 1:21 pm

*) poe - update PoE firmware only on devices that support it;
How is that supposed to work?
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.2rc1 is released!

Fri Dec 24, 2021 1:41 pm

Updated my hap ac2 both routeros and routerboard firmware.
Any news on wifiwave2 drivers for the ac2 as of yet?
 
User avatar
pekr
Member Candidate
Member Candidate
Posts: 169
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Re: v7.2rc1 is released!

Fri Dec 24, 2021 2:05 pm

Oh my god, are you getting paid by MikroTik?
No, I'm not, but I don't have to make routing filter changes that often. And my friend who does have to work with BGP routing filters all the time is super excited by the new MikroTik format and loves it compared to the RouterOS v6 format. So in one ear I am hearing existing MikroTik users complaining about the new format, and in the other ear hearing "finally! it is about time that MikroTik did this! Their old format was terrible, this is so much better"

What I actually think is, that you don't understand the issue at hand people here are trying to point out. I come from the efficient, well thought out platforms like Amiga and Rebol language, created by the Amiga OS author. The language never got mainstream traction, but at least to me, aproached many areas with the nice abstractions, called DSLs (domain specific languages). Here's some gui code example:
view [
   backdrop silver
   text right "Text to greet:"
   wish: field 100x20 return
   button "Greet" [
       print ["Wishing you a" wish/text]
   ]
]
Can you see any object instantiation or the lower layer stuff exposed at the end user level? No. The system was so straightforward, that it even inspired JavaFX back then and nowadays even Qt GUI provides simplified declarative interface.

I can understand MT trying to attract the big corporate markets and users using Cisco, Juniper and the likes. But you should never forget your roots and the main aspects of why your product became popular and loved by users in the first place.

So - the last thing you need is some nerd in your team, who thinks that the more syntax looks like the BrainF*ck language mixed with some crazy Regexp rules, the better. There should be imo more thoughts put into all of this, abstractions created and compiled down to whatever the underlying engine needs.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Fri Dec 24, 2021 3:55 pm

Maybe MikroTik can consider to send a PADT packet on a PPPoE connection when it appears to be dead, or when there is no response on PADI packets and it gives up.
This is required to work around a bug in some transport networks that sniff the PPPoE setup and add additional info (line identification).
This "proxy" keeps state and does not understand the sudden appearance of PADI packets on a session it believes to be "up and running".
Apparently other router manufacturers implement that workaround already...
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.2rc1 is released!

Fri Dec 24, 2021 5:02 pm

I really hoped the days with broken igmp-snooping were over with ROS7, but apparently they aren't.
I have a CRS328-24P-4S+ that refuses to forward icmpv6 frames between ports, unless I disable igmp snooping.
The igmp querier shown in bridge status is correct, no bridge filter rules, ip firewall disabled, no acls.
Sometimes it works for weeks, then it randomly stops working, and everything that helps is to disable igmp snooping again.
I've reported this problem multiple times for version 6 already, I don't know what else I can do.
Last edited by osc86 on Sat Dec 25, 2021 2:40 am, edited 1 time in total.
 
shavenne
just joined
Posts: 16
Joined: Wed Dec 11, 2019 4:27 pm

Re: v7.2rc1 is released!

Fri Dec 24, 2021 5:49 pm

I just updated my switches to 7.1.1 because of this reason.
I hoped I can enable igmp snooping again and at the moment it's working fine. But I also experienced at v6 that it sometimes works fine for a while and then breaks.
 
shavenne
just joined
Posts: 16
Joined: Wed Dec 11, 2019 4:27 pm

Re: v7.2rc1 is released!

Fri Dec 24, 2021 5:49 pm

I just updated my switches to 7.1.1 because of this reason.
I hoped I can enable igmp snooping again and at the moment it's working fine. But I also experienced at v6 that it sometimes works fine for a while and then breaks.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.2rc1 is released!

Fri Dec 24, 2021 7:01 pm

I’ve now moved to swos, not using any routing functionality on this device anyway.
Currently everything works as it should with igmp snooping enabled.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Fri Dec 24, 2021 11:29 pm

What I actually think is, that you don't understand the issue at hand people here are trying to point out.

So - the last thing you need is some nerd in your team, who thinks that the more syntax looks like the BrainF*ck language mixed with some crazy Regexp rules, the better. There should be imo more thoughts put into all of this, abstractions created and compiled down to whatever the underlying engine needs.
No, I suppose I don't understand the issue. To me these look just like if/then conditions from Javascript or PHP programming, for simple rules at least. If (conditions are met) { do (x) }. I don't find them that complicated. Certainly more complicated than before, but not that complicated. It is like reading Javascript or PHP code and I am quite comfortable with that.

This doesn't even affect the vast majority of MikroTik users. If you use OSPF, you shouldn't generally have to do filtering at all, or else it is a sign that you are doing something the wrong way and you should look at your OSPF design. If you use BGP, you need to do filtering, and in that case you are probably in a position where you have to have more technical skills overall, and can handle the format. MikroTik for the most part makes their GUI so that people with very little skills and training can perform the operations, but people with very little skills and training probably should not be even trying to configure BGP on a public AS on the internet. Otherwise they risk causing route leaks if they do something weird because they don't understand what they are doing, if their upstream also made an error when configuring the filters for the customer.
 
User avatar
pothi
newbie
Posts: 46
Joined: Fri Sep 14, 2018 7:48 pm
Location: Srivilliputhur, Tamil Nadu, India
Contact:

Re: v7.2rc1 is released!

Sat Dec 25, 2021 7:04 am

Updated my hap ac2 both routeros and routerboard firmware.
Any news on wifiwave2 drivers for the ac2 as of yet?
Unfortunately, it may not happen. Please see the requirements at https://help.mikrotik.com/docs/display/ ... quirements .
 
LSan83
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Fri Aug 10, 2018 11:35 am
Location: Italy

Re: v7.2rc1 is released!

Sat Dec 25, 2021 10:47 am

Hap ac2 don't have 14 MB of free flash required for wifiwave2 package....
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Sat Dec 25, 2021 12:45 pm

No, I suppose I don't understand the issue. To me these look just like if/then conditions from Javascript or PHP programming, for simple rules at least. If (conditions are met) { do (x) }. I don't find them that complicated. Certainly more complicated than before, but not that complicated. It is like reading Javascript or PHP code and I am quite comfortable with that.
The issue is not the "if (conditions) { action }" syntax, but the fact you need to learn (or lookup) keywords to use in the conditions and action all the time.
In v6 there is autocompletion or gui dropdown lists. When you want to filter on some network or some community value, you just read along the different matching conditions in the GUI or you press TAB in the CLI, you see them and you select the correct one.
In v7 you need to know or find out that you need to write "dst == 1.2.3.0/24" or "dst in 10.0.0.0/8 && dst-len in 8-32" or "bgp-communities includes 1:2" or "bgp-as-path 1234$" for example. And note the syntax and operators are different for all cases.
That introduces a learning curve that mostly wasn't there in v6.
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.2rc1 is released!

Sat Dec 25, 2021 5:19 pm

Updated my hap ac2 both routeros and routerboard firmware.
Any news on wifiwave2 drivers for the ac2 as of yet?
Unfortunately, it may not happen. Please see the requirements at https://help.mikrotik.com/docs/display/ ... quirements .
No thank you 😂
 
xandros
just joined
Posts: 18
Joined: Sun Nov 04, 2012 5:45 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 12:35 am

Quick overview 7.2rc1: (ac2, comparison on the same hw with v6!)
1. Drastic speed drop (200m optics drop to 120m), cpu does not show load
2. Instability (every now and then (say every 10 minutes) the connection drops by a few seconds)
3.Netflow does not work

The same symptoms are on 7.1.1. version.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Sun Dec 26, 2021 5:32 am

The issue is not the "if (conditions) { action }" syntax, but the fact you need to learn (or lookup) keywords to use in the conditions and action all the time.
In v6 there is autocompletion or gui dropdown lists. When you want to filter on some network or some community value, you just read along the different matching conditions in the GUI or you press TAB in the CLI, you see them and you select the correct one.
In v7 you need to know or find out that you need to write "dst == 1.2.3.0/24" or "dst in 10.0.0.0/8 && dst-len in 8-32" or "bgp-communities includes 1:2" or "bgp-as-path 1234$" for example. And note the syntax and operators are different for all cases.
That introduces a learning curve that mostly wasn't there in v6.
There is autocompletion at the CLI level. In Winbox there would need to be some kind of GUI based rule builder, which I think is entirely doable. But I am getting the sense from this thread that people are saying that even if the filter config could be done 90-95% using the mouse, like with v6, it still would be too complicated.
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 4:45 pm

Tested on CHR
This script crashes the router.
:for e from 1 to 300 do={
/ip firewall mangl add action=mark-packet chain=postrouting  new-packet-mark=$e
}
/queue tree add parent=global packet-mark=test
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v7.2rc1 is released!

Sun Dec 26, 2021 5:28 pm

Tested on CHR
This script crashes the router.
:for e from 1 to 300 do={
/ip firewall mangl add action=mark-packet chain=postrouting  new-packet-mark=$e
}
/queue tree add parent=global packet-mark=test
also 33 adresses in firewall - addresses list crash router
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.2rc1 is released!

Sun Dec 26, 2021 7:11 pm

This not crash an X86 (running on a VmWare Workstation), it takes it down completely and router will not come back up again.
So DO NOT RUN this on a production router.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 7:25 pm

Did that work on v6? There likely is a maximum number of packet marks, and it could be like 256 or so. Maybe the software forgets to check that limit when adding a new one. I never stresstested that.
(never had a need for anywhere near that number of different marks)

Some time ago I discussed the wish to have more than one mark on the same packet. Sometimes useful, e.g. some mark describing the source and another one describing the priority.
But to implement that, the number of different packet marks would have to be limited. Easy implementation would be 32 different marks.
I guess you would not be happy with that???
(with a complicated implementation where you would need to group your packet marks so that members of different groups can be applied at the same time, but members of the same group cannot, it would be possible to have many more different marks and still have a few of them at the same time)

In Linux, packet mark is a 32-bit value but it is possible to AND it with a MASK before comparing it with a value.
I guess, at this time RouterOS keeps a table of packet mark names and assigns them sequential numbers when you first use them (1,2,3,4). The table to hold that name to value translation probably has a fixed size. Maybe like 256 or 300.
When the packet marks would be numbered 1,2,4,8,16,32,64,128 etc you could have more than one mark on the same packet, but there could be max 32.
When there would be multiple groups the 32 bits could e.g. be divided in 4 zones of 8 bits, the marks in the first group would be numbered 1,2,3,4 up to 255, for the second group it would be 256,512 etc. and they could be masked out when using them later.
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 7:37 pm

Did that work on v6?
it's working on v6.49.1 (not crashing)
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 7:49 pm

This not crash an X86 (running on a VmWare Workstation), it takes it down completely and router will not come back up again.
So DO NOT RUN this on a production router.
It also crashes v7.1.1
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 8:00 pm

also 33 adresses in firewall - addresses list crash router
I have 1631 items in my firewall address list (32 definition items, some of them being DNS names expanding to many addresses).
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.2rc1 is released!

Sun Dec 26, 2021 8:38 pm

Here I have a router with around 10 000 addresses in the blocked address list. I have a rule that add any IP that tries any port on my router that is not open, to a bloc list for 24 hour. They have nothing to do on my router. 6.49.2
.
List.jpg
You do not have the required permissions to view the files attached to this post.
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 8:47 pm

On CHR (vmdk), system/resource/total-memory is not read correctly? (256.0 MiB is read 192.0 MiB) unlike v6.
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v7.2rc1 is released!

Sun Dec 26, 2021 8:48 pm

also 33 adresses in firewall - addresses list crash router
I have 1631 items in my firewall address list (32 definition items, some of them being DNS names expanding to many addresses).
confirmed on arm and x86. i can make a video
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Sun Dec 26, 2021 10:41 pm



I have 1631 items in my firewall address list (32 definition items, some of them being DNS names expanding to many addresses).
confirmed on arm and x86. i can make a video
Certainly curious - nothing should cause a crash...

There likely is a maximum number of packet marks, and it could be like 256 or so. Maybe the software forgets to check that limit when adding a new one. I never stresstested that.

I can run your code on an Audience and it doesn't crash. BUT seem there is a limit of 256 unique packet marks possible. After which, ROS flags newly added ones as invalid. If you get below the 256 limit, you need to update/re-add them – once bad, they stay bad in my limited test.

Now if it take take a num type (which is actually what the :for loop is providing)...you'd be close to @pe1chl desired scheme:
In Linux, packet mark is a 32-bit value but it is possible to AND it with a MASK before comparing it with a value.
But what I can see is @pe1chl is right on - limit is 256. But no crash, ROS flags it as a "bad packet mark" - But with a 256 "named" packet-marks limit... that be room "combo" (XOR/OR/AND'ed) packet-marks to allow multiple marks on same packet
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v7.2rc1 is released!

Sun Dec 26, 2021 10:46 pm

After adding 33th address, cpu load and memory leak starts, when memory runs out, the router crashes

https://youtu.be/Yi5_QShkT0Y
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Sun Dec 26, 2021 11:17 pm

But what I can see is @pe1chl is right on - limit is 256. But no crash, ROS flags it as a "bad packet mark"
After creating so many new packet marks, this is the part which crashes the router:
/queue tree add parent=global packet-mark=test
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Sun Dec 26, 2021 11:50 pm

But what I can see is @pe1chl is right on - limit is 256. But no crash, ROS flags it as a "bad packet mark"
After creating so many new packet marks, this is the part which crashes the router:
/queue tree add parent=global packet-mark=test
Not saying the crash isn't a bug - nothing should like this should crash it. What I don't know is if >256 packet-marks limit is expected or not for V7. When you say this "worked in V6", did you mean "it didn't crash" - e.g. under V6 did you run it using >256 packet-marks and had queues running traffic through them?

When I had 256+ FW rules WITH the new-packet-mark= , all the ones after 255th packet-mark get added, but then marked as invalid as a "bad packet-mark". Since,
[when you hit the 256 limit] ROS flags newly added ones as invalid. [Even] if you get below the 256 limit, you need to update/re-add them – once bad, they stay bad in my limited test.


After which...The queue may do a lookup of the known packet-marks – the table of packet-mark names is left afoul somehow or e.g. maybe it expect there be >256 packet markets so doesn't handle the case... So the bug may be in the queue, and the FW has a limit of 256 packet marks.

Image

Be curious if you got the same red marks I see in winbox that made the limit very obvious.. My bet is you do. So the question is if there are not red flags in the FW manage rules, would the queue not crash?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Mon Dec 27, 2021 12:00 am

Maybe the table that maps packet mark names -> numbers has a size of 256, and after you overwrite it by adding more than 256 marks you overwrite some memory used for other purposes.
Or, the fact hat you add a queue tree with a new packet mark name (which it also has to add to the table) for which there is no room results in the crash.
When I would write code like that, I would have a single "lookup_or_add_packet_mark(name)" function that either returns the existing number of the packet mark with the given name, or when it does not exist it would add a new one, and then it would return the newly created packet mark number.
When the add cannot be done, it would return a number like -1.
The code that calls this function would have to handle that special return value and print some error like "cannot add tree item - packet mark cannot be created".
Somewhere in that area something happens that crashes the router. Not good, of course.

What it all boils to, seems to be "you cannot have more than 256 different packet marks".
Under v6, was the limit higher or did it handle the error better?
It could be that the "new" limit of 256 is in preparation of support for multiple marks for a single packet. You could have 4 marks on each packet with this limit, but you would have to indicate beforehand which combinations of packet marks you wish to have, as they have to be separated in the 4 bytes forming the 32-bit packet mark. Maybe they are still contemplating how to do that and remain compatible with the previous situation?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Mon Dec 27, 2021 12:03 am

Needing 256 unique packet marks in total seems a bit excessive - why do you really need so many? There may be a way to reduce this.
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Mon Dec 27, 2021 12:05 am


What I don't know is if >256 packet-marks limit is expected or not for V7. When you say this "worked in V6", did you mean "it didn't crash" - e.g. under V6 did you run it using >256 packet-marks and had queues running traffic through them?
Yes I get 'bad packet-mark' in v7 but the number of packet marks was unlimited and working perfectly in v6
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Mon Dec 27, 2021 12:39 am

Needing 256 unique packet marks in total seems a bit excessive - why do you really need so many? There may be a way to reduce this.
May be there is a better way but i'm using it for shaping each user traffic separately based on their usage. Also for traffic shaping based on 'Connection bytes' for every connection.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Mon Dec 27, 2021 1:12 am

Needing 256 unique packet marks in total seems a bit excessive - why do you really need so many? There may be a way to reduce this.
May be there is a better way but i'm using it for shaping each user traffic separately based on their monthly usage. Also for traffic shaping based on 'Connection bytes' for every connection.
Where that FilterScript when you needed? JK. Not sure there are any "dynamic" HTB queues..."/queue/tree" require mangle, thus FW marking – so yeah 256 possible HTB buckets too in V7 it would seem is the result.

Seems like TWO bugs actually:
[*] Queue config shouldn't crash, full stop.
[*] Nothing is unlimited. But clearly V6 had a higher limit. Maybe 256 is reasonable, or MT planning to allow multiple marks, but a regression from V6 at this point.
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: v7.2rc1 is released!

Mon Dec 27, 2021 1:47 am

It seems to be limited only by the amount of memory/storage. Using the above script I created more than 10000 different packet marks on v6.
 
User avatar
anthonws
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 09, 2016 6:46 pm

Re: v7.2rc1 is released!

Mon Dec 27, 2021 6:32 am

After adding 33th address, cpu load and memory leak starts, when memory runs out, the router crashes

https://youtu.be/Yi5_QShkT0Y
Good catch!! I reverted to 7.1.1 because of the CPU impact (RB4011), and Profiler did not exactly helped understanding where the impact was...
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 138
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.2rc1 is released!

Mon Dec 27, 2021 11:04 am

Hi,

High CPU on mAPLite:

Only IKEv2 + Cake.

V7rc2: 100%
V7.1.1: 8%

Regards,
As indicated in other posts, if I have more than X entries in the address lists, the CPU goes to 100%.

Regards,
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Mon Dec 27, 2021 11:09 am

Try to make a single address list with a local DNS name, and put static entries in your DNS resolver for that name and the addresses you want in the list.
(so you need only a single address list entry which will have an X number of dynamic entries below it)
Of course it is a bug that should be fixed, but this may be a workaround.
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.2rc1 is released!

Mon Dec 27, 2021 3:36 pm

Quick overview 7.2rc1: (ac2, comparison on the same hw with v6!)
1. Drastic speed drop (200m optics drop to 120m), cpu does not show load
2. Instability (every now and then (say every 10 minutes) the connection drops by a few seconds)
3.Netflow does not work

The same symptoms are on 7.1.1. version.
Check your log and see if your SFP+ modules have link flapping at those intervals. I see it at 5 minute intervals on 7.1/7.1.1. I have SUP-68278 open if you'd like to reference it in your own ticket. The only thing that stops it is to manually force speed to 1G instead of 10G, which is very frustrating.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Mon Dec 27, 2021 6:39 pm

Got sudden static routes table crash on 7.2rc1: not displayed both remotely and from local console, telnet command /ip/route/print just hangs, effectively some routes do work, others don't. Router reboot did help.
I have the same problem, reported above. Went back to 7.1.1 which solved it for me, but others tell it does not help and they need to go back to 7.1
 
mobyfab
just joined
Posts: 6
Joined: Tue Jul 03, 2018 4:45 pm
Location: France

Re: v7.2rc1 is released!

Tue Dec 28, 2021 12:14 am

SFPs won't work on a CRS317 with 7.2rc1, flapping all the time and no connection.
Using Cisco 10G-SR on both ends.

Works fine on 7.1.1
 
keaton
just joined
Posts: 10
Joined: Tue Jan 08, 2019 4:05 am

Re: v7.2rc1 is released!

Tue Dec 28, 2021 4:17 am

1.routing table need to go back as in ros6....having problem with load balancing PCC & Failover
2.speed test 150mbps become 75mbps in 7.1.1 & 7.2rc1
3.pppoe clients not working low speed & peer not responding
4.A lot more bugs in the software it have a rebooting problem
Conclusion i have to send all my mikrotik back to 6.48.6 long term...ros7 is not ready a lot more work needed on it.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Tue Dec 28, 2021 4:24 am

1.routing table need to go back as in ros6....having problem with load balancing PCC & Failover
2.speed test 150mbps become 75mbps in 7.1.1 & 7.2rc1
3.pppoe clients not working low speed & peer not responding
4.A lot more bugs in the software it have a rebooting problem
Conclusion i have to send all my mikrotik back to 6.48.6 long term...ros7 is not ready a lot more work needed on it.
1. PCC and failover should both be working fine, but there are some changes in RouterOS v7 with the way policy routing works and the way recursive routing works that may require you to change things.
2. RouterOS v7 has no more route caching, in routerOS v6 this artificially boosted speedtest results and bulk downloads. This will not be coming back, so this change will be permanent. If your issue is to do with route caching you may have to make other config changes to try to regain this speed.
3. PPPoE clients are working for other people, although there are issues on certain devices when the PPPoE client is on a VLAN
4. You haven't even indicated what device you have
 
elgrandiegote
newbie
Posts: 40
Joined: Tue Feb 05, 2013 6:02 am
Location: Buenos Aires, Argentina

Re: v7.2rc1 is released!

Tue Dec 28, 2021 4:44 am

OpenVPN udp mode is unusable, connects (from another mikrotik 7.1.1, 7.2rc1, or ovpn client) and after a while it gives the error of the screenshot

Captura.JPG
You do not have the required permissions to view the files attached to this post.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Tue Dec 28, 2021 5:03 am

1.routing table need to go back as in ros6....having problem with load balancing PCC & Failover
2.speed test 150mbps become 75mbps in 7.1.1 & 7.2rc1
3.pppoe clients not working low speed & peer not responding
4.A lot more bugs in the software it have a rebooting problem
Conclusion i have to send all my mikrotik back to 6.48.6 long term...ros7 is not ready a lot more work needed on it.
Your conclusion may not be wrong. Basically the "stable" label is relative to previous V7 rc/betas at this point ;), not even to V6's definitions of "stable". We still use 6.47.10 as our long-term on most things FWIW – still working like a champ, so I have time to debug V7 things ;).

In fairness, there are likely some workarounds to your issues – but if someone doesn't ACTUALLY need a V7 feature, it just doesn't seem wise to deploy it if existing V6 config is working just fine. I'm sure there are other gotcha people could run into (e.g. no dude, no UPS, and subtle thing like no dynamic-in rules, no /ip/route/check, etc.) too that just be annoying if your router was already working.

Now for stuff like BGP, LTE, etc., trying to make V7 work makes a lot of sense. PPPoE hasn't changed in 20 years - only ways for it to get broken at that age ;). We do use V7 in some production use cases, just with caution and testing, and because we need it for LTE.

Now if didn't need some features (thus familiar with V7's, well, nuances), I'd be waiting for the new queue types (fq_codel/CAKE) to be more vetted in V7 – that will help a lot with the speed issues. Don't recall the specifics but there are certainly MTU issues in V7. So if your router needs PPPoE, yeah V7 may not be very friendly yet.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Tue Dec 28, 2021 6:18 am

I don't think anybody is recommending v7 for business production just yet, but in general for home use it is fine in most cases.
 
User avatar
jimmer
just joined
Posts: 19
Joined: Wed Mar 06, 2019 10:06 am
Location: Tasmania, Australia

Re: v7.2rc1 is released!

Tue Dec 28, 2021 11:26 am

OpenVPN udp mode is unusable, connects (from another mikrotik 7.1.1, 7.2rc1, or ovpn client) and after a while it gives the error of the screenshot


Captura.JPG
I saw the exact same behaviour with 7.1 and some of the earlier betas.. reverted back to TCP OpenVPN for stability.

whole bunch of 'zzz_gw recvd P_DATA packet, dropping' log entries and no traffic passing over the session, killing the session and letting it reconnect would fix it until it randomly occurred again.
 
keaton
just joined
Posts: 10
Joined: Tue Jan 08, 2019 4:05 am

Re: v7.2rc1 is released!

Wed Dec 29, 2021 2:38 am

1.routing table need to go back as in ros6....having problem with load balancing PCC & Failover
2.speed test 150mbps become 75mbps in 7.1.1 & 7.2rc1
3.pppoe clients not working low speed & peer not responding
4.A lot more bugs in the software it have a rebooting problem
Conclusion i have to send all my mikrotik back to 6.48.6 long term...ros7 is not ready a lot more work needed on it.
1. PCC and failover should both be working fine, but there are some changes in RouterOS v7 with the way policy routing works and the way recursive routing works that may require you to change things.
2. RouterOS v7 has no more route caching, in routerOS v6 this artificially boosted speedtest results and bulk downloads. This will not be coming back, so this change will be permanent. If your issue is to do with route caching you may have to make other config changes to try to regain this speed.
3. PPPoE clients are working for other people, although there are issues on certain devices when the PPPoE client is on a VLAN
4. You haven't even indicated what device you have
3.routerboard 1100ahx4
1.routerboard 1100ahx4 dude edition
2.pc x86_x64
policy routing problems i am talking about
I have connected 150mbps straight to mikrotik 75mbps to 80mbps coming out of it ..............when i test it on my pc without the mikrotik i get the full 150mbps/150mbps fiber connection i am using.
Please try the v7.21
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.2rc1 is released!

Wed Dec 29, 2021 10:47 am

OpenVPN udp mode is unusable, connects (from another mikrotik 7.1.1, 7.2rc1, or ovpn client) and after a while it gives the error of the screenshot


Captura.JPG
I saw the exact same behaviour with 7.1 and some of the earlier betas.. reverted back to TCP OpenVPN for stability.

whole bunch of 'zzz_gw recvd P_DATA packet, dropping' log entries and no traffic passing over the session, killing the session and letting it reconnect would fix it until it randomly occurred again.
Try enabling the "disconnect-notify" parameter for the OVPN interface. It is possible that the tunnel is down, but traffic is still sent over the tunnel.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Wed Dec 29, 2021 11:42 am

Try enabling the "disconnect-notify" parameter for the OVPN interface. It is possible that the tunnel is down, but traffic is still sent over the tunnel.
Some reports being made seem to hint in the direction that there is an issue with connection tracking or NAT for UDP traffic.
People report that their UDP-based "connections" (OpenVPN over UDP, IPsec over UDP) die after some fixed amount of time.
Maybe you need to investigate that...
 
bruins0437
newbie
Posts: 33
Joined: Thu Jul 13, 2017 4:30 am
Location: New Hampshire

Re: v7.2rc1 is released!

Wed Dec 29, 2021 4:17 pm

Anyone else with Tilera CPU (Cloud Core Router) experiencing higher CPU and Memory usage on 7.2rc1? I already generated a supout and bug report.

I updated from 7.1.1 to 7.2rc1 and immediately after reboot the memory usage started climbing. The route table was blank and I could no longer reach the RB750gr3 at the other end of an IPSEC tunnel. The RB750gr3 was also seeing higher CPU and Memory as well. I then downgraded both to 7.1.1 and the problems went away.


2021/12/28 - This screenshot shows a high of 12% Memory and 2.5% CPU, but this was just a test to see if I could replicate what happened a couple days ago.
Image


2021/12/23 - Original Stats after upgrading.
Image
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v7.2rc1 is released!

Wed Dec 29, 2021 4:35 pm

bruins0437, I already wrote that this is because of the firewall-address list. If more than 32 addresses
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 872
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.2rc1 is released!

Wed Dec 29, 2021 4:45 pm

Anyone else with Tilera CPU (Cloud Core Router) experiencing higher CPU and Memory usage on 7.2rc1? I already generated a supout and bug report.
@bruins0437, YES after upgrading my CCR1009 to 7.2.rc1 my CPU went nuts ..... I do have many address lists that in total number over 49 thousand entries ... @Grant believes that address lists are the issue .... perhaps .... but under version 7.1.1 my CPU is normal very seldom above 1% in any core ....
 
bruins0437
newbie
Posts: 33
Joined: Thu Jul 13, 2017 4:30 am
Location: New Hampshire

Re: v7.2rc1 is released!

Wed Dec 29, 2021 4:50 pm

@bruins0437, YES after upgrading my CCR1009 to 7.2.rc1 my CPU went nuts ..... I do have many address lists that in total number over 49 thousand entries ... @Grant believes that address lists are the issue .... perhaps .... but under version 7.1.1 my CPU is normal very seldom above 1% in any core ....
Sorry @Grant, I missed that. I have over 1000 entries due to malc0de, dshield, and spamhaus.
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v7.2rc1 is released!

Wed Dec 29, 2021 4:53 pm

These addresses can be temporarily disabled
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 872
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.2rc1 is released!

Wed Dec 29, 2021 5:09 pm

These addresses can be temporarily disabled
@Grant ... Sure but I do not see the value of doing that just prove your assertion ... works well under 7.1 and 7.1.1 ..... Tik had to make changes to RoS that introduced this CPU anomaly .....
Last edited by mozerd on Wed Dec 29, 2021 7:03 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.2rc1 is released!

Wed Dec 29, 2021 6:23 pm

socks5 now ok in 7.2rc1 is, but 7.1.1 still problem
Why do you ask about this here? What is fixed is clear that its fixed for 7.2rc1. Not anything is mention about this in 7.1.1 thread.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Wed Dec 29, 2021 6:32 pm

socks5 now ok in 7.2rc1 is, but 7.1.1 still problem
Why do you ask about this here? What is fixed is clear that its fixed for 7.2rc1. Not anything is mention about this in 7.1.1 thread.
@lywkj, you'll have to use v7.2rc1 even thought not marked as "stable". Eventually this fix will be in a "stable" build. Right now, v7.2rc1 is your only V7 choice, other than going back to the V6.

(In fairness, MT doesn't say it doesn't work in 7.1 and 7.1.1 release notes, those are "flagged" as stable so someone might upgrade to the "stable" thinking their V6 config would work the same...)
 
mafiosa
Member Candidate
Member Candidate
Posts: 266
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: v7.2rc1 is released!

Wed Dec 29, 2021 6:42 pm

CPU utilization even in idle state is crazy on RB3011. Downgraded it to 7.1.1.
 
bruins0437
newbie
Posts: 33
Joined: Thu Jul 13, 2017 4:30 am
Location: New Hampshire

Re: v7.2rc1 is released!

Wed Dec 29, 2021 6:49 pm

These addresses can be temporarily disabled
I don't like the fact that I have to disable those for the memory leak to not occur, but I disabled the scheduler tasks, cleared out the dynamic addresses, and upgraded back to 7.2.rc1. After reboot CPU and memory were stable. So yes, my issue was also linked to the memory leak bug with the address lists.
 
User avatar
petardo
just joined
Posts: 14
Joined: Fri Sep 25, 2015 4:06 pm

Re: v7.2rc1 is released!

Wed Dec 29, 2021 8:25 pm

Auth SHA512 works fine by me :)
When can we calculate with TLS AUTH support? - that is the only missing point regarding openvpn for me by now
Last edited by petardo on Sat Jan 01, 2022 11:25 am, edited 2 times in total.
 
ivicask
Member
Member
Posts: 422
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.2rc1 is released!

Wed Dec 29, 2021 8:54 pm

These addresses can be temporarily disabled
I don't like the fact that I have to disable those for the memory leak to not occur, but I disabled the scheduler tasks, cleared out the dynamic addresses, and upgraded back to 7.2.rc1. After reboot CPU and memory were stable. So yes, my issue was also linked to the memory leak bug with the address lists.
The leak is present even in 7.1.1 and few betas before, its just much slower.My 4011 was using 500mb of ram after 3 weeks on 7.1, i got around 15k lists.
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.2rc1 is released!

Thu Dec 30, 2021 4:29 pm

Audience upgraded without issue.
 
User avatar
petardo
just joined
Posts: 14
Joined: Fri Sep 25, 2015 4:06 pm

Re: v7.2rc1 is released!

Thu Dec 30, 2021 8:13 pm

"ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets"
Doesn't seem to work:

I had to withdraw my statement about "HW encryption not working"
I found out that even with cipher=null I have the same poor result compared that of the Windows Ovpn client (Windows client being about twice faster)
So the question reverts to " why is Mikrotik Ovpn client slower than Windows client"

May be the answer is in connection with the special settings I had in my server config:
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"


Those settings accelerated the speed in case of Windows client but are probably not interpreted by the Mikrotik client.
Last edited by petardo on Sat Jan 01, 2022 3:21 pm, edited 4 times in total.
 
ech1965
just joined
Posts: 23
Joined: Wed Mar 20, 2019 3:53 pm

Re: v7.2rc1 is released!

Fri Dec 31, 2021 11:27 am

SFPs won't work on a CRS317 with 7.2rc1, flapping all the time and no connection.
Using Cisco 10G-SR on both ends.

Works fine on 7.1.1
Also noticed that with mellanox, finsair and blade 10GB sfp+.
I'm rebuilding my home network with a RB5009 at the "core".
Funny enough, I had to downgrade back to 7.1.1 only the CRS305 and the CRS 326 24G SFP+.
The Optics work with RB5009 and 7.2rc1
for what it's worth
 
felixka
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Oct 19, 2020 4:12 am
Location: Canada

Re: v7.2rc1 is released!

Fri Dec 31, 2021 5:06 pm

ATA can register in v6.49.2 without any problems. With V7 everything else on my network works as expected. My setup is a PPPoE internet connection for home use, I followed Mikrotik's first time configuration guide (https://help.mikrotik.com/docs/display/ ... figuration) doing a clean install for each version I tried out.
Do you use your PPPoE connection over a tagged VLAN? If so, you may be hitting the bug where RouterOS erroneously adds priority tags to VLAN packets based on the packet's DSCP marking.

If your ATA supports it try setting it's DSCP value to 0 and see if it works again. If so, you're hitting this bug and MikroTik is already working on a fix. But they haven't given me a timeline on this yet.
 
mobyfab
just joined
Posts: 6
Joined: Tue Jul 03, 2018 4:45 pm
Location: France

Re: v7.2rc1 is released!

Fri Dec 31, 2021 7:54 pm

SFPs won't work on a CRS317 with 7.2rc1, flapping all the time and no connection.
Using Cisco 10G-SR on both ends.

Works fine on 7.1.1
Also noticed that with mellanox, finsair and blade 10GB sfp+.
I'm rebuilding my home network with a RB5009 at the "core".
Funny enough, I had to downgrade back to 7.1.1 only the CRS305 and the CRS 326 24G SFP+.
The Optics work with RB5009 and 7.2rc1
for what it's worth
Yup, I've got a Connectx-3 pro on the other end so that might be a thing.
 
mhugo
Member Candidate
Member Candidate
Posts: 179
Joined: Mon Sep 19, 2005 11:48 am

Re: v7.2rc1 is released!

Sat Jan 01, 2022 6:12 am

Dont forget to keep the routing status page updated so we know what to expect. Its for 7.1 and there is both 7.1.1 and 7.2rc1 now.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.2rc1 is released!

Sat Jan 01, 2022 6:32 pm

Got sudden static routes table crash on 7.2rc1: not displayed both remotely and from local console, telnet command /ip/route/print just hangs, effectively some routes do work, others don't. Router reboot did help.
I have the same problem, reported above. Went back to 7.1.1 which solved it for me, but others tell it does not help and they need to go back to 7.1
Same here on Hex.
/ip route print simply hangs in terminal. Same behavior from SSH.
Also noticed Winbox did not want to connect anymore at a certain point. Webfig takes a looong time before it opens. Android app goes straight away however.
Reboot and it behaves again.
Winbox shows blank window when checking IP/routes.
CPU hovering around 40% whereas before it barely got over 10%. Profile shows "management" being the largest consumer.
I do have the impression memory usage is also quite a bit higher then before (at least that's what graph shows me: 140M @ 7.2rc1, 56M @7.1)
Very strange all this.

Downgrading to 7.1 again... and the sky became blue again.
 
User avatar
amb3r
just joined
Posts: 16
Joined: Fri Oct 31, 2014 8:35 am

Re: v7.2rc1 is released!

Sun Jan 02, 2022 4:31 pm

/ip proxy access add action=deny will revert back to allow after relogging Winbox still existing in v7.2rc1 .. hope you check it..
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.2rc1 is released!

Mon Jan 03, 2022 12:30 pm


I have the same problem, reported above. Went back to 7.1.1 which solved it for me, but others tell it does not help and they need to go back to 7.1
Same here on Hex.
/ip route print simply hangs in terminal. Same behavior from SSH.
Also noticed Winbox did not want to connect anymore at a certain point. Webfig takes a looong time before it opens. Android app goes straight away however.
Reboot and it behaves again.
Winbox shows blank window when checking IP/routes.
CPU hovering around 40% whereas before it barely got over 10%. Profile shows "management" being the largest consumer.
I do have the impression memory usage is also quite a bit higher then before (at least that's what graph shows me: 140M @ 7.2rc1, 56M @7.1)
Very strange all this.

Downgrading to 7.1 again... and the sky became blue again.
AAANND ... also connection issues on Map Lite using 7.2rc1.
Device became COMPLETELY unmanageable, not accessible via Winbox (even tried earlier versions) nor Webfig (page kept loading and loading and loading ...).
And it was just that one mAP Lite I have with a bust Eth port ...

Managed to do a complete reset, downgrade to 7.1.1 and issue cleared (Only for now ? Permanently ? Wait and see ...)
 
elgrandiegote
newbie
Posts: 40
Joined: Tue Feb 05, 2013 6:02 am
Location: Buenos Aires, Argentina

Re: v7.2rc1 is released!

Mon Jan 03, 2022 2:46 pm



I saw the exact same behaviour with 7.1 and some of the earlier betas.. reverted back to TCP OpenVPN for stability.

whole bunch of 'zzz_gw recvd P_DATA packet, dropping' log entries and no traffic passing over the session, killing the session and letting it reconnect would fix it until it randomly occurred again.
Try enabling the "disconnect-notify" parameter for the OVPN interface. It is possible that the tunnel is down, but traffic is still sent over the tunnel.


I tried with the option explicit-exit-notify in the openvpn client, and the same thing keeps happening ...
the same with the parameter disconnect-notify...
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Tue Jan 04, 2022 11:44 pm

I've been having an up/down loop with an RBM33G/RBM11G and LM960A18. The modem is running on MBIM mode and has exhibited this behavior with every release we've tried (7.1RC6 and up).

Current firmware is 32.00.008, and Verizon 32.00.128, but it's also behaved this way with past versions.
Some board have a limit on the number of USB channels they support. This is some bug where the Telit reports double the number of actual channels, Mikrotik is looking into it that problem. But I suspect it be related to why an RBM33 might not work – the RMB11G, not so sure about – that should have enough channels.

If you're looking for a quick fix, you can put the Telit into the "ECM" mode with AT#USBCFG, and see if that work. ECM may actually not be a great mode – the Telit acts like a router puts another NAT infront of the cell network – but may be a workaround. You'd want to make sure LTE Modem is set to "auto" and NOT "mbim".

But I've seen these modems stable, at least on ARM32 and MIPSBE systems.
:put ([/interface/lte/monitor [find running] once as-value]->"session-uptime")
04:41:21
You might want to look at the ports and USB resources in particular to see what's being reports. In my case, it shows 10 ports for the Telit 960, which is wrong – but seem to work.
[user@MT] > /port/print 
Columns: NAME, CHANNELS, BAUD-RATE
#  NAME  CHANNELS  BAUD-RATE
0  usb3        10       9600

[user@MT] > /system/resource/usb print detail 
Flags: I - inactive 
 0   device="2-1" vendor="Telit Wireless Solutions" name="LM960A18" serial-number="6c85ca51" vendor-id="0x1bc7" device-id="0x1041" 
     speed="5000" usb-version=" 3.10" 

 1   device="1-0" vendor="Linux 5.6.3 xhci-hcd" name="xHCI Host Controller" serial-number="xhci-hcd.0.auto" vendor-id="0x1d6b" 
     device-id="0x0002" speed="480" ports=1 usb-version=" 2.00" 

 2   device="2-0" vendor="Linux 5.6.3 xhci-hcd" name="xHCI Host Controller" serial-number="xhci-hcd.0.auto" vendor-id="0x1d6b" 
     device-id="0x0003" speed="5000" ports=1 usb-version=" 3.00"
 

Also, there are multiple firmware on the Telit 960, so that may come into play. Some may need a carrier FOTA update is another possibility here.
[user@MT] > /interface/lte/at-chat [find running] input="AT#FIRMWARE"
  output: HOST FIRMWARE  : 32.00.005_1
          MODEM FIRMWARE : 4
          INDEX  STATUS     CARRIER  VERSION         TMCFG  CNV       LOC
          1                 Generic  32.00.115       1025   empty     1
          2      Activated  Verizon  32.00.124       2020   empty     2
          3                 ATT      32.00.144       4021   empty     3
          4                 TMUS     32.00.153       5004   empty     4
          OK
 
User avatar
Ullinator
just joined
Posts: 8
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.2rc1 is released!

Wed Jan 05, 2022 12:52 pm

Hi,
yesterday I´ve tried a update of one of my CRS326-24G-2S+ Switches from 7.1.1 to 7.2RC1 and it was a complete desaster. Update was made via System/Packages.
After reboot the router hang and was dead. Even with netinstall I wasn´t able to flash the system back (system was not visible in netinstall).
But the factory reset works after x tries and I was able to do a downgrade back to 7.1.1, because even with an empty config the system hangs with 7.2RC1 on every second reboot.
No idea what happend (all previous updates from 6.47.X -> 6.49.X -> 7.1.X worked without problems)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Thu Jan 06, 2022 12:18 am

Verizon aggressively shuts down a connection for Invalid outbound packets. Now that I've disabled those, everything is rock solid.
Ah, Verizon... That makes sense. They are especially tricky... Our older RB953 have been fine in V7 with two modems, but haven't used them much with V7 (mainly using LtAp and wAP with V7) – so your problem had me worried.

To summarize: any packet that escape the Mikrotik that doesn't match the src-address assigned to the Mikrotik by Verizon LTE, will drop the data session, thus the LTE link on the Mikrotik. Basically Verizon expects a hotspot to uses "Strict" as RP Filter, which you can enable on the MT (IP>Settings), but has side-effects of conntrack. And, even still, packets from IP>Cloud and IP>Neighbors will also sometimes cause drops if they are rx'd by Verizon. So the "drop invalid" is best approach, and what Mikrotik does in new default firewall configs (e.g. "drop invalid" rule enabled), so a fresh install of V7 doesn't typically have this issue.

@mthird, seems you got past this one. But the other US Verizon LTE issue is they typically won't activate a SIM with the IMEI from a Mikrotik modem – so you have move a SIM from a supported device to a Mikrotik to use VZW. They have historically required devices be "Verizon certified" device on the network, and typically check the IMEI against their Verizon's DMD database. I keep hoping one day they won't require Band 13 certification, maybe with their 5G rollout they changed this...so I'm curious if you just moved a SIM, or did VZW allow you activate your Mikrotik device with its IMEI/modem number?
 
hel
Member Candidate
Member Candidate
Posts: 199
Joined: Sun Jun 12, 2011 6:31 am
Location: Kirov, Russia

Re: v7.2rc1 is released!

Thu Jan 06, 2022 7:09 am

This version still have high CPU load issue when connecting winbox to hAP Lite.
After some time router reboots itself.
I have reported this issue multiple times since the first v7 limited beta.
You do not have the required permissions to view the files attached to this post.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.2rc1 is released!

Thu Jan 06, 2022 7:45 am

CHR update to 7.2rc1 CPU usage 100%
Something is wrong with OVPN in 7.2rc1
2022-01-06_11-07-31.png
7.1.1
2022-01-06_11-09-21.png
You do not have the required permissions to view the files attached to this post.
 
brotherdust
Member Candidate
Member Candidate
Posts: 130
Joined: Tue Jun 05, 2007 1:31 am

Re: v7.2rc1 is released!

Fri Jan 07, 2022 12:38 am

Is anyone having issues with IPv6 connection tracking?

I set up some basic filters:
/ipv6 firewall filter
add action=jump chain=forward in-interface=pppoe-out1 jump-target=INT1-in
add action=accept chain=INT1-in connection-state=established,related,untracked
add action=drop chain=INT1-in connection-state=invalid
I check the connection table... it's only tracking input connections it seems:
/ipv6/firewall/connection/print 
Flags: S - SEEN REPLY; A - ASSURED
Columns: PROTOCOL, SRC-ADDRESS, DST-ADDRESS, TCP-STATE, TIMEOUT
#    PROTOCOL  SRC-ADDRESS                DST-ADDRESS                TCP-STATE    TIMEOUT  
0 SA tcp       fe80::b0fd:9ea6:2b78:91b4  fe80::de2c:6eff:fe28:e3c1  established  23h59m59s
This is after trying some IPv6 ping tests, some web browser tests... nothing seems to get added to the table. As a result, all traffic hits the drop rule (see config).

This problem is present on 7.1.1 and 7.2rc1.
 
mfrey
newbie
Posts: 36
Joined: Wed Jan 06, 2021 12:31 am

Re: v7.2rc1 is released!

Sat Jan 08, 2022 12:47 am

Is anyone having issues with IPv6 connection tracking?

I set up some basic filters:
/ipv6 firewall filter
add action=jump chain=forward in-interface=pppoe-out1 jump-target=INT1-in
add action=accept chain=INT1-in connection-state=established,related,untracked
add action=drop chain=INT1-in connection-state=invalid
I check the connection table... it's only tracking input connections it seems:
/ipv6/firewall/connection/print 
Flags: S - SEEN REPLY; A - ASSURED
Columns: PROTOCOL, SRC-ADDRESS, DST-ADDRESS, TCP-STATE, TIMEOUT
#    PROTOCOL  SRC-ADDRESS                DST-ADDRESS                TCP-STATE    TIMEOUT  
0 SA tcp       fe80::b0fd:9ea6:2b78:91b4  fe80::de2c:6eff:fe28:e3c1  established  23h59m59s
This is after trying some IPv6 ping tests, some web browser tests... nothing seems to get added to the table. As a result, all traffic hits the drop rule (see config).

This problem is present on 7.1.1 and 7.2rc1.
Do you use queues? Queues break the IPv6 connection tracking in probably all v7.1 releases and cause the traffic to be marked as invalid.
 
pgm
just joined
Posts: 3
Joined: Tue Jan 04, 2022 8:47 pm

Re: v7.2rc1 is released!

Sat Jan 08, 2022 2:23 pm

CHATEAU-LTE12 show this error after few hours of connection.
lte1 mbim: error: >>> E service: connect, command: visible providers, error: 1
 
User avatar
Ullinator
just joined
Posts: 8
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.2rc1 is released!

Sat Jan 08, 2022 3:01 pm

Is anyone having issues with IPv6 connection tracking?

I set up some basic filters:
/ipv6 firewall filter
add action=jump chain=forward in-interface=pppoe-out1 jump-target=INT1-in
add action=accept chain=INT1-in connection-state=established,related,untracked
add action=drop chain=INT1-in connection-state=invalid
I check the connection table... it's only tracking input connections it seems:
/ipv6/firewall/connection/print 
Flags: S - SEEN REPLY; A - ASSURED
Columns: PROTOCOL, SRC-ADDRESS, DST-ADDRESS, TCP-STATE, TIMEOUT
#    PROTOCOL  SRC-ADDRESS                DST-ADDRESS                TCP-STATE    TIMEOUT  
0 SA tcp       fe80::b0fd:9ea6:2b78:91b4  fe80::de2c:6eff:fe28:e3c1  established  23h59m59s
This is after trying some IPv6 ping tests, some web browser tests... nothing seems to get added to the table. As a result, all traffic hits the drop rule (see config).

This problem is present on 7.1.1 and 7.2rc1.
Do you use queues? Queues break the IPv6 connection tracking in probably all v7.1 releases and cause the traffic to be marked as invalid.
Even in 7.0.5 (Factory ROS of RB5009) the problem exists with IPv6 and Queues. I was searching for solutions for myserious problems regarding IPv6 FW-rules until I disable all queues (simple and trees) and all Mangle rules.
Now all FW-rules work as expected.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Sat Jan 08, 2022 5:14 pm

I don't have these issues in my RB4011. Above it was mentioned it can be triggered by having many address-list entries.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.2rc1 is released!

Sat Jan 08, 2022 5:31 pm

I don't have these issues in my RB4011. Above it was mentioned it can be triggered by having many address-list entries.
Not saying you have to see it but ...
I saw that CPU issue on Hex (with approx 50 entries total in 2 address-lists, that's hardly classified as many) and on a stupid mAP Lite (ZERO entries).
Went back to lower version and problem went away. Instantly.
So the only differentiating factor was ROS version.

There is something acting up in that area, that's a certainty with all various notifications being made.
But what triggers it ? That's not known at all.

On those 2 devices I also had serious connectivity issues.
A bit more CPU being used, I can live with ... not being able to access, that's something else.
Which ultimately led to me downgrading those devices.
Coincidence ?

Anyhow, I am not having this version 7.2rc1 on any of my devices for now.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Sat Jan 08, 2022 6:03 pm

I don't have these issues in my RB4011. Above it was mentioned it can be triggered by having many address-list entries.
Not saying you have to see it but ...
I saw that CPU issue on Hex (with approx 50 entries total in 2 address-lists, that's hardly classified as many) and on a stupid mAP Lite (ZERO entries).
Went back to lower version and problem went away. Instantly.
So the only differentiating factor was ROS version.
Wait I confused the versions... I have 7.2rc1 running on my hAP ac2 without issues, but my RB4011 is running 7.1.1 because 7.2rc1 is completely unusable.
It is configured with policy routing, 2 BGP instances maintaining different routing tables. The routing does not work and a command to show the routes hangs.
(reported by others as well... I made a supout.rif and a support ticket SUP-69560 but there has been no reply to it, "waiting for support" since Dec 21)
 
felixka
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Oct 19, 2020 4:12 am
Location: Canada

Re: v7.2rc1 is released!

Mon Jan 10, 2022 10:13 pm

I receive roughly 950-980Mbit when I do a SpeedTest on TCP protocol. However, when I use UDP, I only get 15-3 Mbit. Is it because of me?
It is likely because of you. UDP speed tests usually test using a pre-set low target bitrate (iperf3 uses 1 Mbit/s, for example). UDP does not have congestion control built in, so it does not know when it needs to stop sending faster. Theoretically you could send UDP Traffic from A to B at the highest rate A can send (eg. 1Gbit/s) and see how many bits/s end up on side B, but that is essentially DDoSing yourself. Optimal UDP speed is the number of bits/s you can send at a loss of 0% or near 0%.

What tool are you using to run the UDP Test?
 
mikegleasonjr
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Aug 07, 2018 3:14 am

Re: v7.2rc1 is released!

Thu Jan 13, 2022 1:49 am

Any idea on what the status of being able to specify direction on a cake queue is?
I was told they were porting all the v6 stuff first, then fixing the v7 stuff after.. (referring this specific issue).
 
infabo
Long time Member
Long time Member
Posts: 617
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.2rc1 is released!

Thu Jan 13, 2022 10:09 am

Fixing stuff sounds like a great idea!
 
korzus
just joined
Posts: 3
Joined: Mon Oct 13, 2014 2:18 am

Re: v7.2rc1 is released!

Thu Jan 13, 2022 6:58 pm

With 7.2rc1 i am having problems with route list (which is not showing after a while and mark routing ( RB4011 and hap ac2 )
Image

and mark routing ( the packet is going through the marked route, the destination reply from the same interface but routeros is not delivering to the source. )
 
alijorjani
just joined
Posts: 2
Joined: Fri Apr 08, 2011 8:07 pm

Re: v7.2rc1 is released!

Thu Jan 13, 2022 7:16 pm

vrf or routing table option is missing in /tool/ping winbox menu.
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: v7.2rc1 is released!

Thu Jan 13, 2022 8:49 pm

vrf or routing table option is missing in /tool/ping winbox menu.
That's because it's been explicitly removed in 7.x. We're supposed to use a combination of "IP -> Routes -> Rules", along with using the "Src. Address" when pinging, if you want to ping through different routing tables depending on source IP. Lots of posts about this on the forums already
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.2rc1 is released!

Fri Jan 14, 2022 1:10 am

There IS 'vrf' parameter for /ping in Terminal, so it's definitely not removed.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.2rc1 is released!

Fri Jan 14, 2022 3:35 pm

Does RoMoN work for anyone? No devices are shown in the discovery menu. Haven't seen a report in this thread that there's a problem with romon. Am I the only one?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Fri Jan 14, 2022 4:10 pm

I tested RoMON for you and it works for me. Maybe you need to update winbox.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.2rc1 is released!

Fri Jan 14, 2022 5:07 pm

Edit: ok solved, the romon config was wiped from the other device. Don't know when or why this happened.
Edit2: But I still can't get romon to detect devices if only a vlan Interface is specified.

Example: Router1 == eoip (tagged vlan99) == Router2 - the devices can't see each other in romon (communication between them works), and I'm pretty sure that this worked in v6. If I add the eoip tunnel interface instead it works. So if vlan interfaces don't work (anymore), they shouldn't be selectable from the list.
Last edited by osc86 on Fri Jan 14, 2022 6:10 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Fri Jan 14, 2022 6:03 pm

This now happens when you use /export and then import the config again, because the romon info is omitted when you do not use show-sensitive with /export.
 
BitHaulers
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jun 21, 2018 11:23 am

Re: v7.2rc1 is released!

Sun Jan 16, 2022 6:07 pm

How does one use the new exposed diagnostic channel for LTE modems?

*) lte - expose diagnostics channel for all modems;
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Mon Jan 17, 2022 1:19 pm

How does one use the new exposed diagnostic channel for LTE modems?

*) lte - expose diagnostics channel for all modems;
Previously they only exposed one 1 port, the "AT" channel. Most modems have quite a few ports (e.g. Qualcomm debug, NMEA GPS, add'l AT channels, etc).

So if you look under System>Ports (CLI: /ports), you'll notice more channels for the modem. If your Mikrotik device has a physical serial port, you can map any of the modem ports to the serial port. Or you can also use the next tab in UI, "Remote Access" map one of those channels (or /port/remote-access in CLI) to use TCP to carry the serial data to your PC. Normally the debug port is one of the first channels, but you may have to try a few different "channels" on the port to find the one that's the Qualcomm interface you're looking for.
 
BitHaulers
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jun 21, 2018 11:23 am

Re: v7.2rc1 is released!

Tue Jan 18, 2022 10:27 pm

Got it working with Quectel's QLogger over TCP/IP (needs the DM port exposed). That thing pulls ~10Mbps all day long from the modem, so it fills a drive up very, very fast. It takes several days for the modem to error out, so that's going to require its own +1TB drive just to make it a week. At least it's a technical possibility to find the problem now.
 
RcRaCk2k
Member Candidate
Member Candidate
Posts: 115
Joined: Mon May 07, 2012 10:40 pm

Re: v7.2rc1 is released!

Wed Jan 19, 2022 6:58 pm

Voting for BGP Multipath (ECMP).

Does anyone know what BGP-Daemon is under the hood?

OSPF and MPLS have ECMP capabilities, why BGP have not?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Wed Jan 19, 2022 8:45 pm

I think the BGP daemon was written from scratch... before new features are added, let's first make the existing features working to the level of RouterOS v6.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.2rc1 is released!

Thu Jan 20, 2022 5:49 am

Does anyone know what BGP-Daemon is under the hood?
Mikrotik's own proprietary routing engine that they developed in-house.
 
Tvink
just joined
Posts: 5
Joined: Sun Feb 07, 2010 5:40 pm
Location: Kalahari, South Africa

Re: v7.2rc1 is released!

Thu Jan 20, 2022 5:48 pm

Does anyone have any ideas on migrating the usermanager legacy database, when loading the sqldb from the old user-manager folder it gives the error "Failed to migrate legacy data - Legacy database not found in provided path (6)"
I've attempted this on a backup (*.tar) and on the sqldb from the old usermanager.
(This is both in Stable and 7.2rc1, using testing environment)
 
Louis2
newbie
Posts: 42
Joined: Mon Aug 05, 2019 9:00 pm

Re: v7.2rc1 is released!

Thu Jan 20, 2022 8:08 pm

Hello,

I tried to update my CRS317 from 7.1.1 to 7.2rc1 . Lots of problems:
- system did NOT reboot after the upgrade!
Note that updating software has always been a big risk in the past, since the change that the switch would not properly reboot, was far far too big. However that improved over time. With this version, ... again not OK. (I am really scarred to do updates on this switch, I am also scarred after a power outage!)
- my 2x10G lagg between pfsense (my router) and the CRS317 (my switch), did not work any more a tried to get it back in service, but did not manage
- whole system did not feel OK

So, after spending a few hours resulting in a not working switch, I reloaded 7.1.1. which is luckily possible. That solved the problem.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Thu Jan 20, 2022 8:12 pm

That happens when betatesting... unfortunately that device has only 16MB flash (like so many newer MikroTik devices, unfortunately) so you cannot partition it.
When you have a device with more flash, partition it in 2 partitions and copy 0 to 1 before any upgrade, then you can always revert to the previous version.
 
alibalalo
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Wed Feb 18, 2015 10:48 pm
Contact:

Re: v7.2rc1 is released!

Fri Jan 21, 2022 12:18 am

Has the hotspot page not showing up, the problem of rebooting has been fixed rb 5009 & rb2004?
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.2rc1 is released!

Fri Jan 21, 2022 3:14 am

I think the BGP daemon was written from scratch... before new features are added, let's first make the existing features working to the level of RouterOS v6.
unfortunately v7 is not beta anymore, and still not all BGP feature are works

thx
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.2rc1 is released!

Fri Jan 21, 2022 3:15 am

Any estimation time or in what version L3 MPLS will be ready and working in v7 ?

thx
 
noyp
just joined
Posts: 7
Joined: Tue Jun 21, 2016 2:05 pm

Re: v7.2rc1 is released!

Fri Jan 21, 2022 6:33 am

I can confirm hotspot login page over ssl is working but is broken on its initial loading, you have refresh your browser a few times to view the working login page. And also adding simple queues targeting hotspot interface wont load the login page
Last edited by noyp on Fri Jan 21, 2022 10:25 am, edited 2 times in total.
 
User avatar
Bergante
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Feb 28, 2012 12:27 pm
Location: Bilbao, Spain

Re: v7.2rc1 is released!

Fri Jan 21, 2022 10:20 am

ATA can register in v6.49.2 without any problems. With V7 everything else on my network works as expected. My setup is a PPPoE internet connection for home use, I followed Mikrotik's first time configuration guide (https://help.mikrotik.com/docs/display/ ... figuration) doing a clean install for each version I tried out.

I tried the built in packet sniffer and can see the SIP register being sent but that's all, no reply from the server.

Answers for your list of suggestions
  • ATA doesn't support IPv6
    I do not have any Mikrotik hardware
The first version I tried was v7.1 and noticed the ATA couldn't register with my VoIP provider, so I tried v7.1.1 and v7.2rc1 with the same error. After some digging I found reference to a similar/same issue around v7.1beta3, I tired to find a link to download a copy of v7.1beta3 or beta4 to see if it works but couldn't find one.
Similar experience here. HexS with working configuration updated to 7. VoIP stopped working. The rest worked perfectly.

Rolling back to 6.49.2 everything went back to normal.

I have IPv6 but the VoIP service is IPv4 only.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Fri Jan 21, 2022 10:36 am

Similar experience here. HexS with working configuration updated to 7. VoIP stopped working. The rest worked perfectly.

Rolling back to 6.49.2 everything went back to normal.

I have IPv6 but the VoIP service is IPv4 only.
Considering how difficult it is to get VoIP working (completely) correctly over NAT, and how easy it is to break it due to some unintended change, it is actually quite surprising that so many VoIP services do not offer IPv6!
 
User avatar
Bergante
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Feb 28, 2012 12:27 pm
Location: Bilbao, Spain

Re: v7.2rc1 is released!

Fri Jan 21, 2022 2:05 pm

I am not using PPPoE. It's just VLAN tagged good old IP over Ethernet.

The phone (it's a DECT base station) does not allow me to change DSCP.

Anyway, does the bug apply to *any* VLAN tagged traffic or does it only apply to PPPoE over a VLAN?

Thanks!
 
User avatar
Bergante
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Feb 28, 2012 12:27 pm
Location: Bilbao, Spain

Re: v7.2rc1 is released!

Fri Jan 21, 2022 2:39 pm

Ok I see, I tried with another router and it does apply to any Ethernet traffic over a VLAN, not only PPPoE.

A simple mangle fixed it. Thanks!

add action=set-priority chain=postrouting new-priority=0 out-interface=ether5
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.2rc1 is released!

Sat Jan 22, 2022 3:32 pm

create ticket in mikrotik support (SUP-57401)
But the mikrotik support team did not care
If they didn't close your ticket, it means they'll look at it. It's not the only potential V7 bug outstanding. More saying I can see how a new V7 feature may not top priority in the list of outstanding bugs in V7.

While they now support UDP OpenVPN now, I'd imagine WireGuard get more attention since it's generally better approach. Wireguard may not work for you.

7.2rc1 is a testing build, so it can have bugs. Since believe UDP OpenVPN is in 7.1.1 too, does this happen there too? But that kinda of detail may be good information for your ticket.
 
MTL7
just joined
Posts: 5
Joined: Fri Nov 26, 2021 9:04 am

Re: v7.2rc1 is released!

Tue Jan 25, 2022 4:37 am

Hi there, I am new to Mikrotik and is running v7.2 RC1 on my RB5009 for a few weeks. I note that the router becomes unresponsive around every 2 days. Only the blue power led and ETH1's LED are on but ETH1 LED is dimmed and not flashing. I have to unplug/ replug its power to bring it alive again. The default log doesn't seem to have anything useful to tell what's going on.
So far, I just use it as the gateway (eth1) for my internal network (eth2) with services like DHCP client and server, DOH DNS, NTP client & server. Default firewall setting (the 11 rules). Other ports are not in use.

Any idea how to figure out/ getting more info about the situation with the router? Thx
 
kevinlukas
just joined
Posts: 2
Joined: Sat May 22, 2021 8:50 am

Re: v7.2rc1 is released!

Tue Jan 25, 2022 7:23 am

I am using router hEX - 750 GR3, when I upgrade RouterOS version v7.1.1 (stable) or RouterOS version v7.2rc1 (testing), error occurs as shown below.

Image

Image

Bandwidth test is not full speed 1 Gbps on total Tx/Rx Current, even when I am using bonding ethers with command "send" or "both" , but before that I use RouterOS version 6.48.6 (long-term) this is not the case.

I have tried to reset configuration (back to default) and reconfigure step by step, but the situation is still not fixed.

Is RouterOS v7 not good support for old model routers, specifically architectures: MMIPS, MIPSBE ?!!

Thanks.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Tue Jan 25, 2022 9:50 pm

I am using router hEX - 750 GR3, when I upgrade RouterOS version v7.1.1 (stable) or RouterOS version v7.2rc1 (testing), error occurs as shown below.
Running btest from the device itself will always give you a lower value as the btest process uses a lot of CPU that otherwise would be used for routing. Instead you should test what it can route by doing something like an iperf between two PCs with the mikrotik you are testing in the middle.
 
kevinlukas
just joined
Posts: 2
Joined: Sat May 22, 2021 8:50 am

Re: v7.2rc1 is released!

Wed Jan 26, 2022 5:31 am

I am using router hEX - 750 GR3, when I upgrade RouterOS version v7.1.1 (stable) or RouterOS version v7.2rc1 (testing), error occurs as shown below.
Running btest from the device itself will always give you a lower value as the btest process uses a lot of CPU that otherwise would be used for routing. Instead you should test what it can route by doing something like an iperf between two PCs with the mikrotik you are testing in the middle.
Thanks for the reply.

I understand what you mean, it's testing the speed of data exchange between 2 devices (PC/Laptop/NAS etc.).

But, one thing is confusing that... still the same, I performed earlier with Router OS v6 by disconnecting all devices accessing the network and only testing directly between router RB750 GR3 and Switch CRS125, at this time there are no other accesses or devices using CPU resources, and obviously the speed is still full at 1 Gbps.

And at present (after upgrading to RouterOS v7), this does not happen as it was originally.

Especially, even when I make a pppoe connection from the ISP, the total bandwidth on each ether port only gives out a maximum of 500 Mbps - equivalent to me using Btest between Router & CRS Switch.

This is to my detriment, as I have a total of 3 PPPOE WANs with speeds per WAN = 300 Mbps. But, when configuring load balancing 3 WAN... instead of me having a total of 900 Mbps/3 WAN, there's only 300 Mbps split across the 3 ether ports (meaning, each ether now only receives 100 Mbps).

I still keep the same configuration & parameters as the original when using RouterOS v6, and upgrade RouterOS v7, without changing any parameters.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Wed Jan 26, 2022 7:29 am

But, one thing is confusing that... still the same, I performed earlier with Router OS v6 by disconnecting all devices accessing the network and only testing directly between router RB750 GR3 and Switch CRS125, at this time there are no other accesses or devices using CPU resources, and obviously the speed is still full at 1 Gbps.
Yes, this is to be expected. It is not caused by bugs in RouterOS v7. RouterOS v6 had route caching, which was in very old Linux kernel versions. This gave an artificial boost to speed tests and other bulk traffic like a single client downloading a large file from a single server, including MikroTik btest. Route caching was removed from the Linux kernel nearly 10 years ago, and in RouterOS v7 it is finally gone. The result is that speed tests and a single client downloading a large file from the internet will be slower, but the router will perform the same or faster with more mixed traffic. This is not a bug, and isn't something they can fix.
 
BitHaulers
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jun 21, 2018 11:23 am

Re: v7.2rc1 is released!

Wed Jan 26, 2022 6:53 pm

Any updated ETA on when Docker support will come back to 7.1? On Reddit a month ago they said weeks. So, it's been about four weeks. Are we looking at "soon" (a month?), or are we looking at the summer?
 
bruins0437
newbie
Posts: 33
Joined: Thu Jul 13, 2017 4:30 am
Location: New Hampshire

Re: v7.2rc1 is released!

Wed Jan 26, 2022 7:41 pm

Any updated ETA on when Docker support will come back to 7.1? On Reddit a month ago they said weeks. So, it's been about four weeks. Are we looking at "soon" (a month?), or are we looking at the summer?
I understand your concern there. I am more concerned about memory leak bug with the address lists. Hoping that will get fixed sooner, rather than later.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.2rc1 is released!

Wed Jan 26, 2022 8:04 pm

Yes, instead of working on the new features the current focus should be to get v7.x feature-complete at v6.49 level and the obvious new bugs fixed.
I regularly see people getting into trouble because they see there is an upgrade, perform it, and then drop from the network.
(this is in a BGP routed network)
 
kevinlukas
just joined
Posts: 2
Joined: Sat May 22, 2021 8:50 am

Re: v7.2rc1 is released!

Wed Jan 26, 2022 10:58 pm

But, one thing is confusing that... still the same, I performed earlier with Router OS v6 by disconnecting all devices accessing the network and only testing directly between router RB750 GR3 and Switch CRS125, at this time there are no other accesses or devices using CPU resources, and obviously the speed is still full at 1 Gbps.
Yes, this is to be expected. It is not caused by bugs in RouterOS v7. RouterOS v6 had route caching, which was in very old Linux kernel versions. This gave an artificial boost to speed tests and other bulk traffic like a single client downloading a large file from a single server, including MikroTik btest. Route caching was removed from the Linux kernel nearly 10 years ago, and in RouterOS v7 it is finally gone. The result is that speed tests and a single client downloading a large file from the internet will be slower, but the router will perform the same or faster with more mixed traffic. This is not a bug, and isn't something they can fix.
Thanks for reply.

What if the router would do the same or faster with more mixed traffic, but the data transferred internally between the devices is now limited to about 500 Mbps , although each ether defaults to support up to 1 Gbps.

I've been using bonding ethers together to speed up the internal transfer (LAN Bonding), but it's limited to ~500 Mbps. This means that on RouterOS v7, the transfer speed between devices internally is reduced by about half compared to RouterOS v6.

If that is determined it is not an error, and caching is not applied on RouterOS v7. So is it possible for devices using the following architectures: MMIPS, MIPSBE ... The manufacturer should inform users not to upgrade RouterOS v7, so as not to have to reduce the internal transmission speed ?!

Thanks.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Jan 27, 2022 1:14 am

If that is determined it is not an error, and caching is not applied on RouterOS v7. So is it possible for devices using the following architectures: MMIPS, MIPSBE ... The manufacturer should inform users not to upgrade RouterOS v7, so as not to have to reduce the internal transmission speed ?!
This affects every architecture, not just MMIPS and MIPSBE. They are not likely to tell customers to never upgrade any MikroTik devices to v7.

You can look at things in your config that you might be able to do in order to improve speeds. Are you using bridge VLAN filtering? Bridge VLAN filtering with hardware offload does not work with fasttrack, so if your bridge VLAN filtering is hardware offloaded, then fasttrack will not function. This was the case in RouterOS v6 as well, but what is new in v7 is certain switch chips are now supported by hardware offloaded bridge VLAN filtering that were not supported previously.
 
kevinlukas
just joined
Posts: 2
Joined: Sat May 22, 2021 8:50 am

Re: v7.2rc1 is released!

Thu Jan 27, 2022 8:24 am

If that is determined it is not an error, and caching is not applied on RouterOS v7. So is it possible for devices using the following architectures: MMIPS, MIPSBE ... The manufacturer should inform users not to upgrade RouterOS v7, so as not to have to reduce the internal transmission speed ?!
This affects every architecture, not just MMIPS and MIPSBE. They are not likely to tell customers to never upgrade any MikroTik devices to v7.

You can look at things in your config that you might be able to do in order to improve speeds. Are you using bridge VLAN filtering? Bridge VLAN filtering with hardware offload does not work with fasttrack, so if your bridge VLAN filtering is hardware offloaded, then fasttrack will not function. This was the case in RouterOS v6 as well, but what is new in v7 is certain switch chips are now supported by hardware offloaded bridge VLAN filtering that were not supported previously.
Thanks for the reply

Yes, I'm still using Bridge VLAN Filtering + Fasttrack enable. I understand fasttrack won't work for bridge vlan filtering, and you say "in v7 is certain switch chips are now supported by hardware offloaded bridge VLAN filtering" . Nice to hear this, but now I check that hardware offloaded function is still not supported, it is hidden as shown below.

Image

Am I missing a step that doesn't support hardware offloaded, can you guide me?

Besides, on Switch CRS125, all ether is supported hardware offloaded but only "Bonding LAN" is not supported, specifically I don't see the "H" symbol in front.

Image

If I remove fasttrack, the hardware offloaded feature is still not displayed indicating that it is supported with bridge vlan filtering even on RB750 GR3 or CRS125.

Thanks.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Jan 27, 2022 8:33 am

Am I missing a step that doesn't support hardware offloaded, can you guide me?

Besides, on Switch CRS125, all ether is supported hardware offloaded but only "Bonding LAN" is not supported, specifically I don't see the "H" symbol in front.
CRS1xx/2xx chips do not support bridge VLAN filter hardware offloading, even in RouterOS v7, so you won't see this on the CRS125 no matter what you do.

This new feature was only added for a few switch chips, including the MT7621 which, according to online documentation, is the switch chip in your 750 GR3 device. It may be that you have to disable spanning tree on the bridge to get bridge VLAN filtering hardware offloading with your device.

Bonding may also not be hardware offloaded, depending on the settings and the device you are using. The best chance for hardware offloaded bonding is if you use 802.3ad bonding mode.

What I see in your screenshot above is that you have three different bridges on one device. On a single device only one bridge can be hardware offloaded, so you should always limit yourself to one bridge per device.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.2rc1 is released!

Thu Jan 27, 2022 8:44 am

Fasttrack has nothing to do with bridge vlan filtering.

ROSv7 added HW offload for vlan-filtering to switch chips RT8367 and MT7621 ... so your RB750Gr3 should support it. However, only single bridge (per switch chip) can be HW offloaded.

Another thing is bonding, it is not supported in hardware on MT7621 (it would have to be configured in /interface ethernet switch sub-menu for that), so using bond inevitably involves CPU. Further more, if you bond "wrong" pair of ports, they use same 1Gbps interconnect between switch chip and CPU so you don't gain anything regarding cumulative throughput. You can study block diagram of your RB750Gr3 available from product page.

Edit: I see @mducharme was quicker to answer.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Jan 27, 2022 8:53 am

Fasttrack has nothing to do with bridge vlan filtering.
This is not the case - fasttrack only works in situations where bridge VLAN filtering is not hardware offloaded.

See viewtopic.php?p=898137#p898137
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 267
Joined: Mon Apr 27, 2020 10:14 am

Re: v7.2rc1 is released!

Thu Jan 27, 2022 11:38 am

 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.2rc1 is released!

Thu Jan 27, 2022 11:52 am

Fasttrack has nothing to do with bridge vlan filtering.
This is not the case - fasttrack only works in situations where bridge VLAN filtering is not hardware offloaded.

See viewtopic.php?p=898137#p898137

I was writing a lenghty post, meanwhile @raimodsp wrote a nice article. Which doesn't answer all of my dilemmas, but should do for this thread.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.2rc1 is released!

Thu Jan 27, 2022 8:01 pm

For some reason I thought it was the specific combination of bridge VLAN filtering + hardware offload that fasttrack didn't support, and not just bridge vlan filtering or hardware offload on their own, but it seems from that explanation that I was mistaken and that it is just bridge VLAN filtering that breaks fasttrack.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.2rc1 is released!

Fri Jan 28, 2022 12:35 pm

New version v7.2rc2 has been released:

viewtopic.php?t=182699

Who is online

Users browsing this forum: bschapendonk, gogle, IOException, pe1chl, Ralfu, t3jrH and 18 guests