Community discussions

MikroTik App
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Netinstall and Windows 11

Sun Jun 19, 2022 9:43 am

Hi folks, I have posted this on Reddit under /r/Mikrotik but I'm also posting it here with slightly different language.

However I will say that I am seriously miffed at Mikrotik for the way that Netinstall actually works and why it's broken on Windows 11. Put simply, the package transfer mechanism in Netinstall uses all broadcast traffic - including the package transfer itself. Putting aside the utter ridiculousness of using broadcast storms to transfer data under ANY circumstances, the system completely fails on Windows 11 because the initial "offer" broadcast packet is send via UDP using Source port 5000 and Destination port 5000, which is silently blocked on Windows 11 regardless of Firewall status, network interfaces enabled or any other setting I can (so far) find.

Mikrotik, this is a complete box of frogs and you need to fix this. I understand why you have used broadcasts, and it's so that many (hundreds even) of routers could all receive the same package file at once. I suppose you may even do this in your factory as the means of flashing ROS to boards before they are shipped.

But honestly, it is wrong to require a broadcast-storm method of file transfer in Netinstall. It should use unicast methods, and there is no reason this is not possible because the first stage of Netinstall uses BOOTP and TFTP unicast already.
Last edited by Kaldek on Wed Jun 22, 2022 3:46 am, edited 1 time in total.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Sun Jun 19, 2022 9:46 am

In addition to the first post, this whole problem just causes a massive amount of confusion because Mikrotik's troubleshooting notes for Netinstall all focus on the BOOTP/TFTP stage of Netinstall. If that stage works but the second package transfer stage fails, all troubleshooting guidance keeps pointing back to "Firewalls" and "clean Layer-2 networks" which is bad advice and all caused because Netinstall has two separate communication mechanisms in use, with very poor documentation (if at all) on this.
 
ivicask
Member
Member
Posts: 422
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Netinstall and Windows 11

Sun Jun 19, 2022 11:24 am

I just did netinstall yesterday on win11 I had to disable firewall completly and also disable any other adapter like wifi even they where not connected, then it worked fine.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Sun Jun 19, 2022 1:54 pm

I just did netinstall yesterday on win11 I had to disable firewall completly and also disable any other adapter like wifi even they where not connected, then it worked fine.
I have done the same, and yet with no offer packet exiting the network stack (even though Process Monitor stated the packet was sent by the Netinstall process). It may also depend on your OS build revision, as there are many depending on whether you have applied all the updates or if you are on the insider preview.

The point here is that none of this should matter. Netinstall is coded in a manner which exposes it to these kinds of potential issues and it should not.

Edit: I also forgot to mention it works on Windows 10 even with the Firewall enabled (with the "allow this app" option ticked of course). The issue is Windows 11 specific but should not be impacted by OS versions. Netinstall should use unicast transfer methods that don't rely on other vendors not changing anything.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Netinstall and Windows 11

Sun Jun 19, 2022 4:34 pm

I'm not even trying anymore with windows.
I have a dinosaur-old Dell laptop (2008) with Linux.
Works first time right each and every time.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Mon Jun 20, 2022 12:08 am

I'm not even trying anymore with windows.
I have a dinosaur-old Dell laptop (2008) with Linux.
Works first time right each and every time.
I get that, but I'm trying to focus on the use of broadcast packets as a means of file transfer. For lab and home users,there needs to be a better option.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Mon Jun 20, 2022 4:52 am

Here's the YouTube video showing the details of how Netinstall works, with a Windows 11 host failing, and a Windows 10 host succeeding:
https://youtu.be/-mOGD1-Uv2Y
Last edited by Kaldek on Tue Jun 21, 2022 2:52 am, edited 1 time in total.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: Netinstall and Windows 11

Mon Jun 20, 2022 8:12 am

However I will say that I am seriously pissed at Mikrotik for the way that Netinstall actually works and why it's broken on Windows 11.

the system completely fails on Windows 11 because the initial "offer" broadcast packet is send via UDP using Source port 5000 and Destination port 5000, which is silently blocked on Windows 11 regardless of Firewall status, network interfaces enabled or any other setting I can (so far) find.
So this is a Windows defect, not a Mikrotik one..

Personally, I've had hit/miss for NetInstall based on the NetInstall version in Windows.. Different version, .4 instead of .5 worked vs failed, on the same host.

The command line Linux version though, first time, everytime..
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Mon Jun 20, 2022 8:46 am

Personally, I've had hit/miss for NetInstall based on the NetInstall version in Windows.. Different version, .4 instead of .5 worked vs failed, on the same host.
I did think that might be an issue so I tried a range of versions, even going back to 6.48. On the fully patched Windows 11 systems I have (two separate PCs), it always failed. On the three Windows 10 hosts I tried, it always worked.

Mikrotik could try to ignore this and hope the problem goes away, but as everyone slowly migrates to Windows 11, they will have to face it head-on.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Mon Jun 20, 2022 8:53 am

So this is a Windows defect, not a Mikrotik one..
No, and saying things like that just lets poor code off the hook. I've provided empirical evidence here that the use of UDP broadcasts for file transfer is a bad idea. Putting this back on Microsoft for what could be a security improvement to their network stack is not justified as it's not backed by any data.

If you use unicast based file transfers - even if those are MAC unicast (a good example here is Winbox using MAC address), then you're much less likely to have these kinds of issues.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: Netinstall and Windows 11

Mon Jun 20, 2022 9:16 am

So this is a Windows defect, not a Mikrotik one..
use of UDP broadcasts for file transfer is a bad idea. Putting this back on Microsoft for what could be a security improvement to their network stack is not justified as it's not backed by any data.
You allow and traffic and it is still being blocked by the firewall, that is very shitty Microsoft software, regardless of the transfer method. Worse if you disable the firewall completely and it still is not allowed.

You have said that UDP broadcasts are bad, you have not provided any evidence that they are, especially in this case.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Mon Jun 20, 2022 2:29 pm


use of UDP broadcasts for file transfer is a bad idea. Putting this back on Microsoft for what could be a security improvement to their network stack is not justified as it's not backed by any data.
You allow and traffic and it is still being blocked by the firewall, that is very shitty Microsoft software, regardless of the transfer method. Worse if you disable the firewall completely and it still is not allowed.

You have said that UDP broadcasts are bad, you have not provided any evidence that they are, especially in this case.
No, it has been tested with the Firewall on or off with no change. My post over at Reddit is longer and perhaps provides more detail that you are focusing on. Transferring data via broadcast storm on a layer-2 network should never be done, and has (less so these days of course with higher bandwidth) the potential to cause network collapse. This is literally the reason "multicasting" was invented, so that it is possible to send a single stream of data to multiple devices without flooding every port/device in the broadcast domain.

The Linux netinstall doesn't even support sending packages to more than one device, and yet still uses the UDP broadcast method.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: Netinstall and Windows 11

Mon Jun 20, 2022 3:16 pm

“Packages” or “packets”, like they aren't synonyms and mean completely different things.

Netinstall itself is a “package” of code, packets are a networking term.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: Netinstall and Windows 11

Mon Jun 20, 2022 5:36 pm

No, it has been tested with the Firewall on or off with no change.
Transferring data via broadcast storm on a layer-2 network should never be done, and has (less so these days of course with higher bandwidth) the potential to cause network collapse.
No, just no.

Computer and RouterBoard is the network and transferring a file less than 20MB.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Netinstall and Windows 11

Mon Jun 20, 2022 11:19 pm

Transferring data via broadcast storm on a layer-2 network should never be done, and has (less so these days of course with higher bandwidth) the potential to cause network collapse.

As @kevinds already hinted: netinstall is intended to be used in network where only RB device being netinstalled and PC running netinstall are connected. Preferably directly by patch cable or (if shooting some troubles) via a (two port) dumb switch.

Netinstall is clearly not intended to be used in a populated network, if not for other reasons exactly because of fragility of the whole process (OS firewall is one of things). Since netinstall is last resort for reviving a bricked device, expecting it to be run in an isolated environment doesn't seem unreasonable to me.

Sure, there might be a better way of delivering those few megabytes from PC to RB ... but for that MT would have to recode the netinstall code in routerboard flash files for all supported platforms ... and by the way introduce new bugs to otherwise pretty stable piece of code. I'm not sure it's worth it.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Tue Jun 21, 2022 3:01 am

Well, safe to say I disagree with the responses.

Having to re-code something that "just works": I disagree with this because for many people it doesn't "just work", hence the existence of this thread.

"It's only meant to be directly connected":
That is the position Mikrotik has currently taken but it's not how the app was coded. The Netinstall application was coded directly in a manner which allows one instance of netinstall to support file transfer to many (hundreds even) of devices at once. The fact that you can un-tick the "Boot server enabled" option is direct evidence of this. By disabling this option and having a separate device handle all of your BOOTP bootloader stuff, you can use Netinstall to wait for multiple routers to appear in the list of devices, select them all along with the package you want to deploy and click "Install".

Now the Linux instance of Netinstall was obviously not coded that way and is definitely intended for one-device-at-a-time. It is a reflection of how Netinstall is intended to be used today, but it is not a reflection of how the code was originally written to function.

My TL;DR position is and remains that Mikrotik should not be using ethernet broadcasts for file transfer.
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: Netinstall and Windows 11

Tue Jun 21, 2022 3:21 pm

So MS upgrade 10 to 11. MT is in the wrong. Just.... Really. Use linux for all I care.
About the broadcast stuf I stand with MKX.
 
Kaldek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: Netinstall and Windows 11

Wed Jun 22, 2022 3:51 am

So MS upgrade 10 to 11. MT is in the wrong. Just.... Really. Use linux for all I care.
You should not default to a position of "MS is wrong, because MS" rather than considering that non-RFC compliant use of UDP and IP is the real problem.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: Netinstall and Windows 11

Wed Jun 22, 2022 4:56 am

You should not default to a position of "MS is wrong, because MS" rather than considering that non-RFC compliant use of UDP and IP is the real problem.
If you are turning off the M$ firewall or allowing a program, and it is still blocked, yes, M$ issue.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Netinstall and Windows 11

Wed Jun 22, 2022 3:10 pm

So MS upgrade 10 to 11. MT is in the wrong. Just.... Really. Use linux for all I care.
You should not default to a position of "MS is wrong, because MS" rather than considering that non-RFC compliant use of UDP and IP is the real problem.
So which particular RFC forbids using UDP broadcasts to transfer pieces of information between two end points? Just because it's not customary it doesn't mean it's forbidden. Just because sender knows receiver's (MAC) address doesn't mean broadcasts are forbidden. Yes, some FW architects might have feeling that sending out broadcasts with non-typical payload could be a security threat, but that doesn't mean such use is illegitimate (probably the same FW architects feel that torrent as technology is illegal and should be blocked regardless of contents).
 
Raymondello
just joined
Posts: 1
Joined: Tue Jan 03, 2023 3:27 pm

Re: Netinstall and Windows 11

Tue Jan 03, 2023 3:28 pm

You shouldn't be offended by Mikrotik because there are a lot of bugs on windows 11 that haven't been fixed yet. However, this operating system has been around for about a year, if not more.

Who is online

Users browsing this forum: lktompkins, menyarito and 71 guests