Community discussions

MikroTik App
 
Style
just joined
Topic Author
Posts: 4
Joined: Fri Nov 04, 2022 7:46 pm

Intermittent packet loss

Fri Nov 04, 2022 11:57 pm

Hello!

I'm experiencing a strange intermittent packet loss on my network.
I have an RB4011 as my router and a CRS305 switch next door connected via an OM3 fibre cable with two 10gb sfp+ modules.
I am getting intermittent packet drops when pinging the CRS305 or devices connected to it from the router or the other way. What will happen is that every other ping starts to fail for a bit of time and then stop failing.
It can be intermittent on which device gets the packet drops too, my PC could ping the CRS305 and get drops but the router has no drops. Other times it's the other way around.
Even when using netwatch on my router - netwatch might say the device is up but pinging from a terminal gets the packet loss.
If I reboot the router or briefly disconnect the CRS305 - the issue completely goes away for a few hours before coming back again.

I am sure that this is a router issue because I have tried the following and the issue persists:
  • Changing the SFP modules to 1GB modules
  • Changing the CRS305 to a RB206GS
  • Replacing the fibre cable
  • Testing using an ethernet cable plugged into an ethernet port not the SFP port on the router
I do not have the same issue on either of my internet connections connected in LAN 1/2 using PPPOE.
CPU usage remains under 10% when having these issues.

Packetloss example:
  SEQ HOST                                     SIZE TTL TIME       STATUS                  
 5380 192.168.88.6                               56  64 272us     
 5381 192.168.88.6                               56  64 247us     
 5382 192.168.88.6                               56  64 221us     
 5383 192.168.88.6                               56  64 213us     
 5384 192.168.88.6                               56  64 269us     
 5385 192.168.88.6                               56  64 263us     
 5386 192.168.88.6                               56  64 269us     
 5387 192.168.88.6                               56  64 270us     
 5388 192.168.88.6                               56  64 272us     
 5389 192.168.88.6                                                 timeout                 
 5390 192.168.88.6                               56  64 266us     
 5391 192.168.88.6                                                 timeout                 
 5392 192.168.88.6                               56  64 269us     
 5393 192.168.88.6                                                 timeout                 
 5394 192.168.88.6                               56  64 266us     
 5395 192.168.88.6                                                 timeout                 
 5396 192.168.88.6                               56  64 272us     
 5397 192.168.88.6                                                 timeout                 
 5398 192.168.88.6                               56  64 225us     
 5399 192.168.88.6                                                 timeout                 
    sent=5400 received=4339 packet-loss=19% min-rtt=123us avg-rtt=253us max-rtt=7ms478us 
  SEQ HOST                                     SIZE TTL TIME       STATUS                  
 5400 192.168.88.6                               56  64 198us     
 5401 192.168.88.6                                                 timeout                 
 5402 192.168.88.6                               56  64 212us     
 5403 192.168.88.6                                                 timeout                 
 5404 192.168.88.6                               56  64 199us     
 5405 192.168.88.6                                                 timeout                 
 5406 192.168.88.6                               56  64 284us     
 5407 192.168.88.6                                                 timeout                 
 5408 192.168.88.6                               56  64 262us     
 5409 192.168.88.6                                                 timeout                 
 5410 192.168.88.6                               56  64 237us     
 5411 192.168.88.6                                                 timeout                 
 5412 192.168.88.6                               56  64 222us     
 5413 192.168.88.6                                                 timeout                 
 5414 192.168.88.6                               56  64 236us     
 5415 192.168.88.6                                                 timeout                 
 5416 192.168.88.6                               56  64 237us     
 5417 192.168.88.6                                                 timeout                 
 5418 192.168.88.6                               56  64 233us     
 5419 192.168.88.6                                                 timeout                 
    sent=5420 received=4349 packet-loss=19% min-rtt=123us avg-rtt=253us max-rtt=7ms478us 
  SEQ HOST                                     SIZE TTL TIME       STATUS                  
 5420 192.168.88.6                               56  64 191us     
 5421 192.168.88.6                                                 timeout                 
 5422 192.168.88.6                               56  64 226us     
 5423 192.168.88.6                                                 timeout                 
 5424 192.168.88.6                               56  64 237us     
 5425 192.168.88.6                                                 timeout                 
 5426 192.168.88.6                               56  64 252us     
 5427 192.168.88.6                                                 timeout                 
 5428 192.168.88.6                               56  64 178us     
 5429 192.168.88.6                                                 timeout                 
 5430 192.168.88.6                               56  64 178us     
 5431 192.168.88.6                                                 timeout                 
 5432 192.168.88.6                               56  64 244us     
 5433 192.168.88.6                                                 timeout                 
 5434 192.168.88.6                               56  64 175us     
 5435 192.168.88.6                                                 timeout                 
 5436 192.168.88.6                               56  64 274us     
 5437 192.168.88.6                                                 timeout                 
 5438 192.168.88.6                               56  64 223us     
 5439 192.168.88.6                                                 timeout                 
    sent=5440 received=4359 packet-loss=19% min-rtt=123us avg-rtt=253us max-rtt=7ms478us 
  SEQ HOST                                     SIZE TTL TIME       STATUS                  
 5440 192.168.88.6                               56  64 183us     
 5441 192.168.88.6                                                 timeout                 
 5442 192.168.88.6                               56  64 236us     
 5443 192.168.88.6                                                 timeout                 
 5444 192.168.88.6                               56  64 233us     
 5445 192.168.88.6                                                 timeout                 
 5446 192.168.88.6                               56  64 266us     
 5447 192.168.88.6                                                 timeout                 
 5448 192.168.88.6                               56  64 277us     
 5449 192.168.88.6                                                 timeout                 
 5450 192.168.88.6                               56  64 275us     
 5451 192.168.88.6                                                 timeout                 
 5452 192.168.88.6                               56  64 244us     
 5453 192.168.88.6                                                 timeout                 
 5454 192.168.88.6                               56  64 301us     
 5455 192.168.88.6                                                 timeout                 
 5456 192.168.88.6                               56  64 225us     
 5457 192.168.88.6                                                 timeout                 
 5458 192.168.88.6                               56  64 232us     
 5459 192.168.88.6                                                 timeout                 
    sent=5460 received=4369 packet-loss=19% min-rtt=123us avg-rtt=253us max-rtt=7ms478us 
  SEQ HOST                                     SIZE TTL TIME       STATUS                  
 5460 192.168.88.6                               56  64 227us     
 5461 192.168.88.6                                                 timeout                 
 5462 192.168.88.6                               56  64 243us     
 5463 192.168.88.6                                                 timeout                 
 5464 192.168.88.6                               56  64 261us     
 5465 192.168.88.6                                                 timeout                 
 5466 192.168.88.6                               56  64 287us     
 5467 192.168.88.6                                                 timeout                 
 5468 192.168.88.6                               56  64 271us     
 5469 192.168.88.6                               56  64 250us     
 5470 192.168.88.6                               56  64 260us     
 5471 192.168.88.6                               56  64 224us     
 5472 192.168.88.6                               56  64 271us     
 5473 192.168.88.6                               56  64 262us     
 5474 192.168.88.6                               56  64 261us     
 5475 192.168.88.6                               56  64 265us     
 5476 192.168.88.6                               56  64 282us     
 5477 192.168.88.6                               56  64 229us     
 5478 192.168.88.6                               56  64 229us     
 5479 192.168.88.6                               56  64 245us     
    sent=5480 received=4385 packet-loss=19% min-rtt=123us avg-rtt=253us max-rtt=7ms478us 
  SEQ HOST                                     SIZE TTL TIME       STATUS                  
 5480 192.168.88.6                               56  64 273us     
 5481 192.168.88.6                               56  64 268us     
 5482 192.168.88.6                               56  64 246us     
 5483 192.168.88.6                               56  64 216us     
 5484 192.168.88.6                               56  64 254us     
 5485 192.168.88.6                               56  64 260us     
 5486 192.168.88.6                               56  64 222us     
 5487 192.168.88.6                               56  64 248us     
 5488 192.168.88.6                               56  64 215us     
 5489 192.168.88.6                               56  64 213us     
 5490 192.168.88.6                               56  64 224us     
 5491 192.168.88.6                               56  64 286us     
 5492 192.168.88.6                               56  64 258us     
 5493 192.168.88.6                               56  64 313us     
 5494 192.168.88.6                               56  64 224us     
 5495 192.168.88.6                               56  64 271us     
 5496 192.168.88.6                               56  64 325us     
 5497 192.168.88.6                               56  64 190us     
 5498 192.168.88.6                               56  64 272us     
 5499 192.168.88.6                               56  64 271us     
    sent=5500 received=4405 packet-loss=19% min-rtt=123us avg-rtt=253us max-rtt=7ms478us 

Router config:
# nov/04/2022 16:54:31 by RouterOS 7.6
# software id = ....
#
# model = RB4011iGS+5HacQ2HnD
# serial number = ....
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name="2GHz Channel 1"
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name="2GHz Channel 6"
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2462 name="2GHz Channel 11"
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee \
    frequency=5180 name="5Ghz - Channel set 1" skip-dfs-channels=yes
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=eCee \
    frequency=5200 name="5Ghz - Channel set 2" skip-dfs-channels=yes
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=eeCe \
    frequency=5220 name="5Ghz - Channel set 3" skip-dfs-channels=yes
/interface bridge
add admin-mac=66:66:66:66:66:66 auto-mac=no comment=defconf \
    ingress-filtering=no name=bridge.local vlan-filtering=yes
add name=dockers
/interface ethernet
set [ find default-name=ether1 ] comment="Vodafone Gigafast"
set [ find default-name=ether2 ] comment="BT Infinity"
set [ find default-name=ether5 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether7 ] comment="Devolo Magic Powerline Ethernet" \
    rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether8 ] comment="Phillips Hue Bridge"
set [ find default-name=ether9 ] comment="HP Deskjet 6840"
set [ find default-name=ether10 ] auto-negotiation=no comment=\
    "Mikrotik CRS305" rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
    rx-flow-control=auto speed=1Gbps tx-flow-control=auto
/interface wireless
# managed by CAPsMAN
# channel: 5220/20-eeCe/ac/P(17dBm)+5775/80/DP(17dBm), SSID: wifi_ssid, local forwarding
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
    frequency=auto mode=ap-bridge name="wlan1 - 5ghz" secondary-frequency=\
    auto ssid=wifi_ssid station-roaming=enabled wireless-protocol=802.11
# managed by CAPsMAN
# channel: 2437/20/gn(17dBm), SSID: wifi_ssid, local forwarding
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united kingdom" disabled=no distance=indoors frequency=auto \
    mode=ap-bridge name="wlan2 - 2.4ghz" ssid=wifi_ssid station-roaming=\
    enabled wireless-protocol=802.11
add mac-address=76:4D:28:05:C7:6F master-interface="wlan2 - 2.4ghz" name=\
    wlan45
add mac-address=76:4D:28:05:C7:70 master-interface="wlan2 - 2.4ghz" name=\
    wlan46
add mac-address=76:4D:28:05:C7:71 master-interface="wlan2 - 2.4ghz" name=\
    wlan53
add mac-address=76:4D:28:05:C7:72 master-interface="wlan2 - 2.4ghz" name=\
    wlan54
add mac-address=76:4D:28:05:C7:73 master-interface="wlan2 - 2.4ghz" name=\
    wlan55
add mac-address=76:4D:28:05:C7:74 master-interface="wlan2 - 2.4ghz" name=\
    wlan56
/interface veth
add address=172.17.0.2/16 gateway=172.17.0.1 name=veth1
/interface wireguard
add comment=IPad listen-port=13231 mtu=1420 name=wireguard1
add comment=IPhone listen-port=13232 mtu=1420 name=wireguard2
/interface vlan
add comment="Gigafast Internet VLAN" interface=ether1 name=ether1.911 \
    vlan-id=911
add comment="LAN VLAN" interface=bridge.local name=vlan1.lan vlan-id=1
add comment="IoT VLAN" interface=bridge.local name=vlan20.iot vlan-id=20
add comment="Guest VLAN" interface=bridge.local name=vlan30.guest vlan-id=30
/caps-man datapath
add bridge=bridge.local local-forwarding=yes name=datapath1 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name="security - wifi_ssid"
/caps-man configuration
add channel.band=2ghz-b/g/n country="united kingdom" datapath=datapath1 \
    installation=indoor mode=ap name=cfg-2.4ghz-wifi_ssid security=\
    "security - wifi_ssid" ssid=wifi_ssid
add channel.band=5ghz-a/n/ac .skip-dfs-channels=yes country="united kingdom" \
    datapath=datapath1 installation=indoor mode=ap name=cfg-5ghz-wifi_ssid \
    security="security - wifi_ssid" ssid=wifi_ssid
add channel="2GHz Channel 1" country="united kingdom" datapath=datapath1 \
    installation=indoor mode=ap name=cfg-2.4ghz-ch1-wifi_ssid security=\
    "security - wifi_ssid" ssid=wifi_ssid
add channel="2GHz Channel 6" country="united kingdom" datapath=datapath1 \
    installation=indoor mode=ap name=cfg-2.4ghz-ch6-wifi_ssid security=\
    "security - wifi_ssid" ssid=wifi_ssid
add channel="2GHz Channel 11" country="united kingdom" datapath=datapath1 \
    installation=indoor mode=ap name=cfg-2.4ghz-ch11-wifi_ssid security=\
    "security - wifi_ssid" ssid=wifi_ssid
add channel="5Ghz - Channel set 1" country="united kingdom" datapath=\
    datapath1 installation=indoor mode=ap name=cfg-5ghz-ch36-wifi_ssid \
    security="security - wifi_ssid" ssid=wifi_ssid
add channel="5Ghz - Channel set 1" country="united kingdom" datapath=\
    datapath1 installation=indoor mode=ap name=cfg-5ghz-ch42-wifi_ssid \
    security="security - wifi_ssid" ssid=wifi_ssid
add channel="5Ghz - Channel set 1" country="united kingdom" datapath=\
    datapath1 installation=indoor mode=ap name=cfg-5ghz-ch48-wifi_ssid \
    security="security - wifi_ssid" ssid=wifi_ssid
/caps-man interface
add channel="2GHz Channel 1" configuration=cfg-2.4ghz-ch1-wifi_ssid disabled=\
    no l2mtu=1600 mac-address=48:8F:5A:51:69:26 master-interface=none mtu=0 \
    name="2.4-MikroTik wAP ac Bedroom" radio-mac=48:8F:5A:51:69:26 \
    radio-name=488F5A516926
add channel="2GHz Channel 11" configuration=cfg-2.4ghz-ch1-wifi_ssid disabled=\
    no l2mtu=1600 mac-address=48:8F:5A:51:92:01 master-interface=none mtu=0 \
    name="2.4-MikroTik wAP ac Kitchen" radio-mac=48:8F:5A:51:92:01 \
    radio-name=488F5A519201
add channel="2GHz Channel 6" configuration=cfg-2.4ghz-ch6-wifi_ssid disabled=\
    no l2mtu=1600 mac-address=74:4D:28:05:C7:6F master-interface=none mtu=0 \
    name="2.4-Mikrotik Router BMH RB4011" radio-mac=74:4D:28:05:C7:6F \
    radio-name=744D2805C76F
add channel="5Ghz - Channel set 1" configuration=cfg-5ghz-ch36-wifi_ssid \
    disabled=no l2mtu=1600 mac-address=48:8F:5A:51:69:25 master-interface=\
    none mtu=0 name="5.0-MikroTik wAP ac Bedroom" radio-mac=48:8F:5A:51:69:25 \
    radio-name=488F5A516925
add channel="5Ghz - Channel set 2" configuration=cfg-5ghz-ch48-wifi_ssid \
    disabled=no l2mtu=1600 mac-address=48:8F:5A:51:92:00 master-interface=\
    none mtu=0 name="5.0-MikroTik wAP ac Kitchen" radio-mac=48:8F:5A:51:92:00 \
    radio-name=488F5A519200
add channel="5Ghz - Channel set 3" configuration=cfg-5ghz-ch42-wifi_ssid \
    disabled=no l2mtu=1600 mac-address=74:4D:28:BD:C8:C6 master-interface=\
    none mtu=0 name="5.0-Mikrotik Router BMH RB4011" radio-mac=\
    74:4D:28:BD:C8:C6 radio-name=744D28BDC8C6
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=Caps
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip dhcp-server option
add code=15 name=option-lan value="'mynetwork.local'"
add code=15 name=option-iot value="'iot.mynetwork.local'"
add code=15 name=option-guest value="'guest.mynetwork.local'"
/ip dhcp-server option sets
add name=set-lan options=option-lan
add name=set-iot options=option-iot
add name=set-guest options=option-guest
/ip pool
add comment="Standard DHCP Pool" name=dhcp_lan ranges=\
    192.168.88.80-192.168.88.200
add name=dhcp_iot ranges=192.168.89.2-192.168.89.254
add name=dhcp_guest ranges=192.168.90.2-192.168.90.254
/ip dhcp-server
add address-pool=dhcp_lan dhcp-option-set=set-lan interface=vlan1.lan \
    lease-script="# When \"1\" all DNS entries with IP address of DHCP lease a\
    re removed\r\
    \n:local dnsRemoveAllByIp \"1\"\r\
    \n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
    \n:local dnsRemoveAllByName \"1\"\r\
    \n# When \"1\" addition and removal of DNS entries is always done also for\
    \_non-FQDN hostname\r\
    \n:local dnsAlwaysNonfqdn \"1\"\r\
    \n# DNS domain to add after DHCP client hostname\r\
    \n:local dnsDomain \"mynetwork.local\"\r\
    \n# DNS TTL to set for DNS entries\r\
    \n:local dnsTtl \"23:59:59\"\r\
    \n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
    \_lease attribute, like \"host-name\" or \"comment\"\r\
    \n:local leaseClientHostnameSource \"lease-hostname\"\r\
    \n\r\
    \n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
    ostnameSource\"\r\
    \n:local leaseClientHostname\r\
    \n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
    \n  :set leaseClientHostname \$\"lease-hostname\"\r\
    \n} else={\r\
    \n  :set leaseClientHostname ([:pick \\\r\
    \n    [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
    me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
    \n    0]->\"\$leaseClientHostnameSource\")\r\
    \n}\r\
    \n:local leaseClientHostnameShort \"\$leaseClientHostname\"\r\
    \n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
    \n:if ([:len [\$dnsDomain]] > 0) do={\r\
    \n  :set leaseClientHostname \"\$leaseClientHostname.\$dnsDomain\"\r\
    \n  :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
    \n    :set leaseClientHostnames \"\$leaseClientHostname,\$leaseClientHostn\
    ameShort\"\r\
    \n  }\r\
    \n}\r\
    \n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\"]\r\
    \n}\r\
    \n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
    \n  :if (\$dnsRemoveAllByName = \"1\") do={\r\
    \n    /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
    \" and name=\"\$h\"]\r\
    \n  }\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
    \n  :if (\$leaseBound = \"1\") do={\r\
    \n    :delay 1\r\
    \n    /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
    \" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
    \n  }\r\
    \n}" lease-time=23h59m59s name=dhcp.lan
add address-pool=dhcp_iot dhcp-option-set=set-iot interface=vlan20.iot \
    lease-script="# When \"1\" all DNS entries with IP address of DHCP lease a\
    re removed\r\
    \n:local dnsRemoveAllByIp \"1\"\r\
    \n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
    \n:local dnsRemoveAllByName \"1\"\r\
    \n# When \"1\" addition and removal of DNS entries is always done also for\
    \_non-FQDN hostname\r\
    \n:local dnsAlwaysNonfqdn \"1\"\r\
    \n# DNS domain to add after DHCP client hostname\r\
    \n:local dnsDomain \"iot.mynetwork.local\"\r\
    \n# DNS TTL to set for DNS entries\r\
    \n:local dnsTtl \"23:59:59\"\r\
    \n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
    \_lease attribute, like \"host-name\" or \"comment\"\r\
    \n:local leaseClientHostnameSource \"lease-hostname\"\r\
    \n\r\
    \n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
    ostnameSource\"\r\
    \n:local leaseClientHostname\r\
    \n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
    \n  :set leaseClientHostname \$\"lease-hostname\"\r\
    \n} else={\r\
    \n  :set leaseClientHostname ([:pick \\\r\
    \n    [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
    me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
    \n    0]->\"\$leaseClientHostnameSource\")\r\
    \n}\r\
    \n:local leaseClientHostnameShort \"\$leaseClientHostname\"\r\
    \n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
    \n:if ([:len [\$dnsDomain]] > 0) do={\r\
    \n  :set leaseClientHostname \"\$leaseClientHostname.\$dnsDomain\"\r\
    \n  :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
    \n    :set leaseClientHostnames \"\$leaseClientHostname,\$leaseClientHostn\
    ameShort\"\r\
    \n  }\r\
    \n}\r\
    \n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\"]\r\
    \n}\r\
    \n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
    \n  :if (\$dnsRemoveAllByName = \"1\") do={\r\
    \n    /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
    \" and name=\"\$h\"]\r\
    \n  }\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
    \n  :if (\$leaseBound = \"1\") do={\r\
    \n    :delay 1\r\
    \n    /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
    \" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
    \n  }\r\
    \n}" lease-time=23h59m59s name=dhcp.iot
add address-pool=dhcp_guest dhcp-option-set=set-guest interface=vlan30.guest \
    lease-script="# When \"1\" all DNS entries with IP address of DHCP lease a\
    re removed\r\
    \n:local dnsRemoveAllByIp \"1\"\r\
    \n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
    \n:local dnsRemoveAllByName \"1\"\r\
    \n# When \"1\" addition and removal of DNS entries is always done also for\
    \_non-FQDN hostname\r\
    \n:local dnsAlwaysNonfqdn \"1\"\r\
    \n# DNS domain to add after DHCP client hostname\r\
    \n:local dnsDomain \"guest.mynetwork.local\"\r\
    \n# DNS TTL to set for DNS entries\r\
    \n:local dnsTtl \"23:59:59\"\r\
    \n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
    \_lease attribute, like \"host-name\" or \"comment\"\r\
    \n:local leaseClientHostnameSource \"lease-hostname\"\r\
    \n\r\
    \n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
    ostnameSource\"\r\
    \n:local leaseClientHostname\r\
    \n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
    \n  :set leaseClientHostname \$\"lease-hostname\"\r\
    \n} else={\r\
    \n  :set leaseClientHostname ([:pick \\\r\
    \n    [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
    me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
    \n    0]->\"\$leaseClientHostnameSource\")\r\
    \n}\r\
    \n:local leaseClientHostnameShort \"\$leaseClientHostname\"\r\
    \n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
    \n:if ([:len [\$dnsDomain]] > 0) do={\r\
    \n  :set leaseClientHostname \"\$leaseClientHostname.\$dnsDomain\"\r\
    \n  :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
    \n    :set leaseClientHostnames \"\$leaseClientHostname,\$leaseClientHostn\
    ameShort\"\r\
    \n  }\r\
    \n}\r\
    \n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\"]\r\
    \n}\r\
    \n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
    \n  :if (\$dnsRemoveAllByName = \"1\") do={\r\
    \n    /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
    \" and name=\"\$h\"]\r\
    \n  }\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
    \n  :if (\$leaseBound = \"1\") do={\r\
    \n    :delay 1\r\
    \n    /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
    \" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
    \n  }\r\
    \n}" lease-time=23h59m59s name=dhcp.guest
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add dns-server=192.168.88.1 local-address=192.168.88.1 name=OpenVPN \
    remote-address=dhcp_lan use-encryption=yes
add change-tcp-mss=yes name=Gigafast on-down=":global gigafaststatus\r\
    \n\r\
    \n:if (gigafaststatus = true) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_Vodafone Gigafast connection is down\" body=\"Gigafast connection discon\
    nected.\"\r\
    \n}\r\
    \n:set gigafaststatus false" on-up=":global gigafaststatus\r\
    \n\r\
    \n:if (gigafaststatus = false) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_Vodafone Gigafast connection is up\" body=\"Gigafast connection establis\
    hed.\"\r\
    \n}\r\
    \n:set gigafaststatus true"
add change-tcp-mss=yes name="BT Infinity" on-down=":global btinfinitystatus\r\
    \n\r\
    \n:if (btinfinitystatus = true) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_BT Infinity connection is down\" body=\"BT Infinity connection disconnec\
    ted.\"\r\
    \n}\r\
    \n:set btinfinitystatus false" on-up=":global btinfinitystatus\r\
    \n\r\
    \n:if (btinfinitystatus = false) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_BT Infinity connection is up\" body=\"BT Infinity connection established\
    .\"\r\
    \n}\r\
    \n:set btinfinitystatus true"
/interface pppoe-client
add add-default-route=yes comment="BT Infinity" default-route-distance=3 \
    disabled=no interface=ether2 name="BT Infinity" profile="BT Infinity" \
    service-name="BT Infinity" user=internet_username
add add-default-route=yes comment="Vodafone Gigafast 900" \
    default-route-distance=2 disabled=no interface=ether1.911 name=GigaFast \
    profile=Gigafast user=internet_username
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/system logging action
add email-to=email@address.com name=email target=email
/user group
add name=ftp policy="ftp,read,sensitive,!local,!telnet,!ssh,!reboot,!write,!po\
    licy,!test,!winbox,!password,!web,!sniff,!api,!romon,!rest-api"
/caps-man access-list
add action=reject allow-signal-out-of-range=10s comment=\
    "Reject devices with a bad signal so they connect to another AP" \
    disabled=yes signal-range=-120..-71 ssid-regexp=""
add allow-signal-out-of-range=10s client-to-client-forwarding=yes comment=\
    "Apple TV 4K" disabled=no mac-address=66:66:66:66:66:66 ssid-regexp="" \
    vlan-id=1 vlan-mode=use-tag
add allow-signal-out-of-range=10s client-to-client-forwarding=no disabled=no \
    ssid-regexp="" vlan-id=30 vlan-mode=use-tag
/caps-man manager
set ca-certificate=ca-certificate certificate=auto enabled=yes \
    require-peer-certificate=yes upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled comment="5ghz Kitchen" hw-supported-modes=\
    ac,an master-configuration=cfg-5ghz-ch36-wifi_ssid name-format=\
    prefix-identity name-prefix=5.0 radio-mac=48:8F:5A:51:92:00
add action=create-dynamic-enabled comment="5ghz Bedroom" hw-supported-modes=\
    ac,an master-configuration=cfg-5ghz-ch36-wifi_ssid name-format=\
    prefix-identity name-prefix=5.0 radio-mac=48:8F:5A:51:69:25
add action=create-dynamic-enabled comment="5ghz Hallway" hw-supported-modes=\
    ac,an master-configuration=cfg-5ghz-ch36-wifi_ssid name-format=\
    prefix-identity name-prefix=5.0 radio-mac=74:4D:28:BD:C8:C6
add action=create-dynamic-enabled comment="2ghz Bedroom" hw-supported-modes=\
    gn master-configuration=cfg-2.4ghz-ch1-wifi_ssid name-format=\
    prefix-identity name-prefix=2.4 radio-mac=48:8F:5A:51:69:26
add action=create-dynamic-enabled comment="2ghz Hallway" hw-supported-modes=\
    gn master-configuration=cfg-2.4ghz-ch6-wifi_ssid name-format=\
    prefix-identity name-prefix=2.4 radio-mac=74:4D:28:05:C7:6F
add action=create-dynamic-enabled comment="2ghz Kitchen" hw-supported-modes=\
    gn master-configuration=cfg-2.4ghz-ch11-wifi_ssid name-format=\
    prefix-identity name-prefix=2.4 radio-mac=48:8F:5A:51:92:01
add action=create-dynamic-enabled disabled=yes hw-supported-modes=b,gn \
    master-configuration=cfg-2.4ghz-wifi_ssid name-format=prefix-identity \
    name-prefix=2.4 slave-configurations=*6,*7
add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac,an \
    master-configuration=cfg-5ghz-wifi_ssid name-format=prefix-identity \
    name-prefix=5.0
/container
add dns=172.17.0.1 envlist=msmtpd_envs interface=veth1 logging=yes root-dir=\
    disk1/msmtpd
/container config
set ram-high=200 registry-url=https://registry-1.docker.io tmpdir=disk1/pull
/container envs
add key=SMTP_PORT name=postfix_envs value=587
/interface bridge port
add bridge=bridge.local comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge.local comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge.local comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge.local comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge.local comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge.local comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge.local comment=defconf ingress-filtering=no interface=ether9
add bridge=bridge.local comment=defconf ingress-filtering=no interface=\
    ether10
add bridge=bridge.local comment=defconf ingress-filtering=no interface=\
    sfp-sfpplus1
add bridge=bridge.local ingress-filtering=no interface=vlan20.iot pvid=20
add bridge=bridge.local ingress-filtering=no interface=vlan30.guest pvid=30
add bridge=bridge.local ingress-filtering=no interface=vlan1.lan
add bridge=dockers interface=veth1
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=!WAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge.local tagged="2.4-MikroTik wAP ac Bedroom,bridge.local,2.4-M\
    ikroTik wAP ac Kitchen,2.4-Mikrotik Router BMH RB4011,5.0-MikroTik wAP ac \
    Bedroom,5.0-MikroTik wAP ac Kitchen,5.0-Mikrotik Router BMH RB4011,ether7,\
    sfp-sfpplus1,wlan1 - 5ghz,wlan2 - 2.4ghz,ether10" vlan-ids=20
add bridge=bridge.local tagged="2.4-MikroTik wAP ac Bedroom,bridge.local,2.4-M\
    ikroTik wAP ac Kitchen,2.4-Mikrotik Router BMH RB4011,5.0-MikroTik wAP ac \
    Bedroom,5.0-MikroTik wAP ac Kitchen,5.0-Mikrotik Router BMH RB4011,ether7,\
    sfp-sfpplus1,wlan1 - 5ghz,wlan2 - 2.4ghz,ether10" vlan-ids=30
add bridge=bridge.local tagged="2.4-MikroTik wAP ac Bedroom,bridge.local,2.4-M\
    ikroTik wAP ac Kitchen,2.4-Mikrotik Router BMH RB4011,5.0-MikroTik wAP ac \
    Bedroom,5.0-MikroTik wAP ac Kitchen,5.0-Mikrotik Router BMH RB4011" \
    untagged=ether3,ether4,ether5,ether6,ether8,ether9,sfp-sfpplus1 vlan-ids=\
    1
/interface detect-internet
set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add comment=defconf interface=bridge.local list=LAN
add comment=defconf interface=ether1 list=WAN
add interface="BT Infinity" list=WAN
add interface=ether2 list=WAN
add interface=GigaFast list=WAN
add interface="2.4-MikroTik wAP ac Bedroom" list=Caps
add interface="2.4-MikroTik wAP ac Kitchen" list=Caps
add interface="2.4-Mikrotik Router BMH RB4011" list=Caps
add interface="5.0-MikroTik wAP ac Bedroom" list=Caps
add interface="5.0-MikroTik wAP ac Kitchen" list=Caps
add interface="5.0-Mikrotik Router BMH RB4011" list=Caps
/interface ovpn-server server
set auth=sha1 certificate=server-certificate cipher=aes128,aes256 \
    require-client-certificate=yes
/interface wireguard peers
add allowed-address=10.255.254.2/32 comment=\
    iPhone X 10.255.254.2/24" endpoint-port=13232 interface=\
    wireguard2 public-key="key"
add allowed-address=10.255.255.3/32 comment=\
    "iPad Pro 12.9\" 5th Gen 10.255.255.3/24" endpoint-port=13231 \
    interface=wireguard1 public-key=\
    "key"
/interface wireless access-list
/interface wireless cap
# 
set bridge=bridge.local caps-man-addresses=127.0.0.1 certificate=request \
    discovery-interfaces=bridge.local enabled=yes interfaces=\
    "wlan1 - 5ghz,wlan2 - 2.4ghz" lock-to-caps-man=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=vlan1.lan network=\
    192.168.88.0
add address=192.168.89.1/24 comment="IoT VLAN" interface=vlan20.iot network=\
    192.168.89.0
add address=192.168.90.1/24 comment="Guest VLAN" interface=vlan30.guest \
    network=192.168.90.0
add address=10.255.255.1/24 comment="Wireguard network" interface=wireguard1 \
    network=10.255.255.0
add address=172.17.0.1/16 interface=dockers network=172.17.0.0
add address=10.255.254.1/24 comment="Wireguard network" interface=wireguard2 \
    network=10.255.254.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1 use-peer-dns=no
/ip dhcp-server lease
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 domain=\
    mynetwork.local gateway=192.168.88.1
add address=192.168.89.0/24 comment=iot dns-server=192.168.89.1 domain=\
    iot.mynetwork.local gateway=192.168.89.1
add address=192.168.90.0/24 comment=guest dns-server=192.168.90.1 domain=\
    guest.mynetwork.local gateway=192.168.90.1
/ip dns
set allow-remote-requests=yes use-doh-server=\
    https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=2606:4700::6810:f8f9 name=cloudflare-dns.com type=AAAA
add address=2606:4700::6810:f9f9 name=cloudflare-dns.com type=AAAA
add address=104.16.248.249 name=cloudflare-dns.com
add address=104.16.249.249 name=cloudflare-dns.com
/ip firewall address-list
/ip firewall filter
add action=accept chain=input comment="DNS access from LAN/OpenVPN" dst-port=\
    53 in-interface-list=!WAN protocol=udp
add action=accept chain=input disabled=yes protocol=tcp src-address=\
    192.168.88.110
add action=accept chain=input disabled=yes protocol=udp src-address=\
    192.168.88.110
add action=drop chain=forward comment=\
    "Only internet access for the guest vlan" in-interface=vlan30.guest \
    out-interface-list=!WAN
add action=accept chain=forward comment=\
    "Allow IoT access to an allowed list of devices" dst-address-list=\
    IoT_Access_List in-interface=vlan20.iot
add action=drop chain=forward comment="Only internet access for the IoT vlan" \
    in-interface=vlan20.iot out-interface-list=!WAN
add action=accept chain=input comment="Winbox access from LAN VLAN/OpenVPN" \
    dst-port=8291 protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input comment="Winbox access from WireGuard" \
    dst-port=8291 protocol=tcp src-address-list="Wireguard IP's"
add action=accept chain=input comment="https://access from Wireguard" \
    dst-port=443 protocol=tcp src-address-list="Wireguard IP's"
add action=accept chain=input comment="FTP access from LAN VLAN/OpenVPN" \
    dst-port=21 protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input comment="https://access from LAN VLAN/OpenVPN" \
    dst-port=443 protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input comment="LetsEncrypt HTTP Access" disabled=yes \
    dst-port=80 protocol=tcp
add action=accept chain=input comment=\
    "Allow mail relay access for specific sources" disabled=yes dst-port=25 \
    protocol=tcp src-address-list="VPS Server"
add action=accept chain=input comment="Allow SNMP access from QNAP NAS" \
    disabled=yes dst-port=161 protocol=udp src-address=192.168.88.6
add action=accept chain=input comment="Allow OpenVPN" dst-port=1194 protocol=\
    tcp
add action=accept chain=input comment="Allow WireGuard" dst-port=13231,13232 \
    protocol=udp
add action=accept chain=input comment="Allow WireGuard" disabled=yes \
    dst-port=13232 protocol=udp
add action=accept chain=input comment=\
    "Allow local wifi interface CAPsMAN access" dst-port=5246,5247 protocol=\
    udp src-address=127.0.0.1
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related,untracked hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN log=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="PLEX for QNAP" dst-port=32400 log=\
    yes protocol=tcp to-addresses=192.168.88.6 to-ports=32400
add action=dst-nat chain=dstnat comment="FTP for QNAP" disabled=yes dst-port=\
    21,55536-56559 log=yes protocol=tcp src-address-list="FTP Access" \
    to-addresses=192.168.88.6
add action=dst-nat chain=dstnat comment="CS:Source TCP" disabled=yes \
    dst-port=27014-27050,27015-27030,27036-27037 log=yes protocol=tcp \
    to-addresses=192.168.88.110
add action=dst-nat chain=dstnat comment="CS:Source UDP" disabled=yes \
    dst-port=1200,3487,4379-4380,27000-27030,4380,27000-27031,27036 log=yes \
    protocol=udp to-addresses=192.168.88.110
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=\
    192.168.88.0/24 log=yes protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="Hairpin NAT" disabled=yes \
    dst-address=192.168.90.0/24 log=yes protocol=tcp src-address=\
    192.168.90.0/24
add action=masquerade chain=srcnat comment="Hairpin NAT" disabled=yes \
    dst-address=192.168.89.0/24 log=yes protocol=tcp src-address=\
    192.168.89.0/24
add action=masquerade chain=srcnat src-address=172.17.0.0/16
add action=dst-nat chain=dstnat comment="SMTP relay server" dst-port=25 \
    protocol=tcp src-address-list="Email Relay Permit" to-addresses=\
    172.17.0.2 to-ports=2500
/ip route
add comment="Netwatch packet loss monitoring for gigafast" disabled=no \
    distance=1 dst-address=9.9.9.9/32 gateway=GigaFast pref-src="" \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Netwatch packet loss monitoring for BT Infinity" disabled=no \
    distance=1 dst-address=76.76.10.0/32 gateway="BT Infinity" pref-src="" \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Netwatch packet loss monitoring for gigafast" disabled=no \
    distance=1 dst-address=76.76.2.0/32 gateway=GigaFast pref-src="" \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Netwatch packet loss monitoring for BT Infinity" disabled=no \
    distance=1 dst-address=9.9.9.10/32 gateway="BT Infinity" pref-src="" \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set www disabled=yes
set ssh disabled=yes
set www-ssl address=192.168.88.0/24,10.255.255.0/24 certificate=\
    letsencrypt-autogen_2021-12-29T11:36:25Z disabled=no tls-version=only-1.2
set api disabled=yes
set api-ssl address=192.168.88.0/24 certificate=server-certificate disabled=\
    yes tls-version=only-1.2
/ip ssh
set forwarding-enabled=remote
/ppp secret
add name=iOS profile=OpenVPN service=ovpn
add name=Laptop profile=OpenVPN service=ovpn
/system clock
set time-zone-name=Europe/London
/system identity
set name="BMH RB4011"
/system leds
add interface="wlan2 - 2.4ghz" leds="wlan2 - 2.4ghz_signal1-led,wlan2 - 2.4ghz\
    _signal2-led,wlan2 - 2.4ghz_signal3-led,wlan2 - 2.4ghz_signal4-led,wlan2 -\
    \_2.4ghz_signal5-led" type=wireless-signal-strength
add interface="wlan2 - 2.4ghz" leds="wlan2 - 2.4ghz_tx-led" type=\
    interface-transmit
add interface="wlan2 - 2.4ghz" leds="wlan2 - 2.4ghz_rx-led" type=\
    interface-receive
/system logging
set 0 disabled=yes
add action=email prefix="BMH RB4011" topics=critical
add disabled=yes topics=firewall
add topics=snmp
add topics=wireless
add disabled=yes topics=pppoe
add disabled=yes topics=dhcp
add topics=caps
add disabled=yes topics=ovpn
add disabled=yes topics=stp
add topics=container
add disabled=yes topics=netwatch
add topics=stp
/system resource irq rps
set sfp-sfpplus1 disabled=no
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes
/system scheduler
add interval=1d name=Backups on-event="/system script run \"Daily_Backups\"" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/10/2019 start-time=00:00:00
add interval=1d name="Check for Updates" on-event=\
    "/system package update\r\
    \ncheck-for-updates\r\
    \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
    start-date=aug/10/2019 start-time=00:00:00
add interval=1d name="Firmware Update Checker" on-event=\
    "/system script run \"Firmware Update Check\"" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    aug/10/2019 start-time=04:00:00
add interval=4w2d name=Update_CA_certs on-event=\
    "/system script run \"Download_CA_Certificates\"" policy=\
    read,write,policy start-date=apr/23/2022 start-time=22:30:43
add name="Start containers on bootup" on-event="/container/start 0" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=no name=Daily_Backups owner=admin_acc policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Set local variables. Change the value in \"\" to reflect your environmen\
    t.\r\
    \n\r\
    \n:local hostname [/system identity get name];\r\
    \n\r\
    \n# Set Filename variables. Do not change this unless you want to edit the\
    \_format of the filename.\r\
    \n\r\
    \n#:local time [/system clock get time];\r\
    \n:local date ([:pick [/system clock get date] 0 3]  \\\r\
    \n. [:pick [/system clock get date] 4 6] \\\r\
    \n. [:pick [/system clock get date] 7 11]);\r\
    \n#:local filename \"\$hostname-\$date-\$time\";\r\
    \n:local filename \"\$hostname-\$date\";\r\
    \n:log info \"Backup filename: \$filename\"\r\
    \n\r\
    \n#remove old backup files\r\
    \n\r\
    \n/file remove [find type=\"script\"]\r\
    \n/file remove [find type=\"backup\"]\r\
    \n\r\
    \n:log info \"Local Backup Files Deleted Successfully\"\r\
    \n\r\
    \n\r\
    \n# Create backup file and export the config.\r\
    \n\r\
    \nexport compact file=\"\$filename\"\r\
    \n/system backup save name=\"\$filename\"\r\
    \n\r\
    \n:log info \"Backup Created Successfully\"\r\
    \n"
add dont-require-permissions=no name="Firmware Update Check" owner=admin_acc \
    policy=read,write,policy,test,password,sniff,sensitive source="# variables\
    \_needed\r\
    \n:local routername\r\
    \n:local currentv\r\
    \n:local updatev\r\
    \n:local rbcurrentv\r\
    \n:local rbupdatev\r\
    \n:local bodytext \"\"\r\
    \n\r\
    \n# Note the name of the router\r\
    \n/system identity\r\
    \n:set routername [get name]\r\
    \n\r\
    \n/system package update\r\
    \n:set currentv [get installed-version]\r\
    \n:set updatev [get latest-version]\r\
    \n\r\
    \n:if ([get installed-version] != [get latest-version]) do={\r\
    \n:set \$bodytext (\$bodytext.\"Current software version =  \$currentv\r\
    \nUpdate software version = \$updatev\\n\\n\")\r\
    \n}\r\
    \n\r\
    \n#/system routerboard\r\
    \n#:set rbcurrentv [get current-firmware]\r\
    \n#:set rbupdatev [get upgrade-firmware]\r\
    \n#:if ([get current-firmware] != [get #upgrade-firmware]) do={\r\
    \n#:set \$bodytext (\$bodytext.\"Current #Routerboard firmware version =  \
    #\$rbcurrentv\r\
    \n#Update Routerboard firmware version = #\$rbupdatev\")\r\
    \n#}\r\
    \n\r\
    \n:if (\$bodytext != \"\") do={\r\
    \n/tool e-mail send to=\"email@address.com\" subject=\"\$routername - \
    An update is available\" body=\"\$bodytext\"\r\
    \n}"
add dont-require-permissions=no name=RenewLetsEncrypt owner=admin_acc policy=\
    read,write,policy,password,sensitive source="# Enable port 80 firewall rul\
    e\r\
    \n/ip/firewall/filter/enable [find chain=\"input\" action=\"accept\" dst-p\
    ort=\"80\" comment=\"LetsEncrypt HTTP Access\"]\r\
    \n\r\
    \n# Enable WWW service\r\
    \n/ip/service/enable [find name=www]\r\
    \n\r\
    \n# Pull new cert\r\
    \n/certificate/enable-ssl-certificate dns-name=network.co.uk\r\
    \n\r\
    \n# Disable port 80 firewall rule\r\
    \n/ip/firewall/filter/disable [find chain=\"input\" action=\"accept\" dst-\
    port=\"80\" comment=\"LetsEncrypt HTTP Access\"]\r\
    \n\r\
    \n# Disable WWW service\r\
    \n/ip/service/disable [find name=www]\r\
    \n"
add dont-require-permissions=no name=Download_CA_Certificates owner=admin_acc \
    policy=read,write,policy source="/tool fetch url=https://curl.se/ca/cacert\
    .pem\r\
    \n/certificate import file-name=cacert.pem passphrase=\"\""
add dont-require-permissions=no name=Download_msmtpd owner=admin_acc policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Recommend you clear the current container first\r\
    \n\r\
    \n/container/config/set registry-url=https://registry-1.docker.io tmpdir=d\
    isk1/pull\r\
    \n\r\
    \n/container/add remote-image=crazymax/msmtpd:latest interface=veth1 root-\
    dir=disk1/msmtpd envlist=msmtpd_envs dns=172.17.0.1 logging=yes"
/tool e-mail
set address=172.17.0.2 from=email@address.com port=2500
/tool graphing interface
add allow-address=192.168.88.0/24
/tool graphing queue
add allow-address=192.168.88.0/24
/tool graphing resource
add allow-address=192.168.88.0/24
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add comment="BT Infinity quad9 dns" disabled=no down-script="#:global btinfini\
    typacketslost\r\
    \n#:set btinfinitypacketslost (\$btinfinitypacketslost +1)\r\
    \n\r\
    \n#:if (btinfinitypacketslost = 2) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_BT Infinity is experiencing packetloss\" body=\"BT Infinity connection i\
    s experiencing packetloss over two separate monitored IP's\"\r\
    \n#}" host=9.9.9.10 http-codes="" interval=20s test-script="" \
    thr-loss-count=2 thr-loss-percent=10% type=icmp up-script="#:global btinfi\
    nitypacketslost\r\
    \n#:if (btinfinitypacketslost> 0) do={\r\
    \n# :set btinfinitypacketslost (\$btinfinitypacketslost - 1)\r\
    \n#}\r\
    \n\r\
    \n#:if (btinfinitypacketslost = 1) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_BT Infinity is no longer experiencing packetloss\" body=\"BT Infinity co\
    nnection is no longer experiencing packetloss over two separate monitored \
    IP's\"\r\
    \n#}"
add comment="Gigafast quad9 dns" disabled=no down-script="#:global gigafastpac\
    ketslost\r\
    \n#:set gigafastpacketslost (\$gigafastpacketslost +1)\r\
    \n\r\
    \n#:if (gigafastpacketslost = 2) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_Vodafone Gigafast is experiencing packetloss\" body=\"Gigafast connectio\
    n is experiencing packetloss over two separate monitored IP's\"\r\
    \n#}" host=9.9.9.9 http-codes="" interval=20s test-script="" \
    thr-loss-count=2 thr-loss-percent=10% type=icmp up-script="#:global gigafa\
    stpacketslost\r\
    \n#:if (gigafastpacketslost > 0) do={\r\
    \n# :set gigafastpacketslost (\$gigafastpacketslost - 1)\r\
    \n#}\r\
    \n\r\
    \n#:if (gigafastpacketslost = 1) do={\r\
    \n # Get the name of the router\r\
    \n :local routername\r\
    \n :set routername [/system identity get name]\r\
    \n\r\
    \n /tool e-mail send to=\"email@address.com\" subject=\"\$routername -\
    \_Vodafone Gigafast is no longer experiencing packetloss\" body=\"Gigafast\
    \_connection is no longer experiencing packetloss over two separate monito\
    red IP's\"\r\
    \n#}"
add comment="CRS305 switch" disabled=no down-script="" host=192.168.88.2 \
    http-codes="" interval=20s test-script="" thr-loss-count=1 \
    thr-loss-percent=15% type=icmp up-script=""
add comment="RB260GS switch" disabled=no down-script="" host=192.168.88.24 \
    http-codes="" interval=20s test-script="" thr-loss-count=1 \
    thr-loss-percent=15% type=icmp up-script=""
add comment="QNAP TS-653B" disabled=no down-script="" host=192.168.88.6 \
    http-codes="" interval=20s test-script="" thr-loss-count=1 \
    thr-loss-percent=15% type=icmp up-script=""
add comment="wAP AC Bedroom" disabled=no down-script="" host=192.168.88.3 \
    http-codes="" interval=20s test-script="" thr-loss-count=1 \
    thr-loss-percent=15% type=icmp up-script=""
add comment="wAP AC Kitchen" disabled=no down-script="" host=192.168.88.4 \
    http-codes="" interval=20s test-script="" thr-loss-count=1 \
    thr-loss-percent=15% type=icmp up-script=""

Any help would be greatly appreciated.

Thanks!
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 232
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: Intermittent packet loss

Mon Nov 07, 2022 5:23 pm

Any chance of a duplicate ip somewhere?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Intermittent packet loss

Tue Nov 08, 2022 7:26 am

extremely easy:
ping the same ip and check arp table

advance, run sniffing
 
Style
just joined
Topic Author
Posts: 4
Joined: Fri Nov 04, 2022 7:46 pm

Re: Intermittent packet loss

Fri Nov 11, 2022 4:28 pm

Any chance of a duplicate ip somewhere?
I can't see any evidence of a duplicate IP address, I'll definitely keep this in mind.
 
Style
just joined
Topic Author
Posts: 4
Joined: Fri Nov 04, 2022 7:46 pm

Re: Intermittent packet loss

Fri Nov 11, 2022 4:30 pm

extremely easy:
ping the same ip and check arp table

advance, run sniffing
Thank you, I have the Mac Address from ARP for it, I'm not sure what I should be looking for with the packet sniffing results, do you have any guidance?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Intermittent packet loss

Sat Nov 12, 2022 3:05 am

try this
/tool sniffer quick ip-address=192.168.x.y ip-protocol=icmp

once u get sama tada just check with this command:

/tool sniffer packet print
 
Style
just joined
Topic Author
Posts: 4
Joined: Fri Nov 04, 2022 7:46 pm

Re: Intermittent packet loss

Sun Nov 13, 2022 8:34 pm

Thanks for the tip,

Last night I disabled RSTP on the bridge on the RB4011, so far all is working well, not a single drop and it been 20 hours. Normally I would start seeing drops in a couple of hours.
Any idea why this might be the case?
 
alexandrecorrea
just joined
Posts: 22
Joined: Fri Sep 22, 2006 6:18 pm
Location: Sacramento, MG, Brasil
Contact:

Re: Intermittent packet loss

Tue Jun 13, 2023 6:45 pm

Hello,

I've been seeing packet loss for some time now. My home-network is very simple.

Home-gateway-> CRS226-24G-2S+ <-> RB960PGS (hex PoE)

CRS and HEX working as switch (all ports are bridged).

Just disabled the "hardware offload" for all interfaces in the bridge solved the problem.

CRS running RouterOS V7.6 no firewall, no queues, just simple bridge.
HEX running RouterOS V7.9.2 no firewall, no queues, just simple bridge

Who is online

Users browsing this forum: TeWe, UkRainUa and 92 guests