Community discussions

MikroTik App
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v7.7 [stable] is released!

Thu Jan 12, 2023 2:37 pm

RouterOS version 7.7 is released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during the upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.7 (2023-Jan-12 09:35):

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while the router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 3:00 pm

wow...very nice looong change long...thank you

Did anyone already tested to instsall it on Hap AC3, HAP AX3, HapAX2, Cube60,Wap60,Hap AC2?
 
User avatar
colinardo
just joined
Posts: 18
Joined: Sun Jan 08, 2017 9:02 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 3:25 pm

*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
Mikrotik please also include TXT records in future fixes, see this thread
viewtopic.php?t=187840

Best regards
@colinardo
Last edited by colinardo on Thu Jan 12, 2023 4:16 pm, edited 1 time in total.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 3:43 pm

Thanks, My pppoe problem is fixed since 7.7 rc4, I updated all my devices to 7.7 stable, I saw the same result, Thanks again
 
jovaf32128
just joined
Posts: 24
Joined: Sun Apr 26, 2020 9:22 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 3:51 pm

*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for ChaChaPoly1305 encryption;
equal ChaChaPoly2610)
wow...very nice looong change long...thank you

Did anyone already tested to instsall it on Hap AC3, HAP AX3, HapAX2, Cube60,Wap60,Hap AC2?
ac3 on air
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:09 pm

This bug still exist on v7.7

Huge bug in script compiler: after two calls "[ ]" executes all functions defined in the script.

to find out how I got there:

viewtopic.php?p=976194#p976194

to quickly test the bug:

Example code

{
:local test1 do={:put "test1"}
:local test2 do={:put "test2"}
:local test3 do={:put "test3"}
:local test4 do={:put "test4"}
:local test5 do={:put "test5"}
[]
[]
}
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:17 pm

Just installed on CCR2116-12G-4S+, one border eBGP machine on production, still work all as expected.
(I know the risk, it's in a HA situation with another CCR1036-12G-4S with RouterOS 6.48.6)
 
Hispanicbabushka
just joined
Posts: 2
Joined: Tue Mar 08, 2022 5:08 am

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:38 pm

No issues updating using Check for Updates on Winbox on CR326-24G-2S+, and 3 hAP ac2.
Last edited by Hispanicbabushka on Thu Jan 12, 2023 5:47 pm, edited 1 time in total.
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:41 pm

Already running 7.7 on Hap AC3, HAP AX3, HapAX2, Cube60,Wap60,Hap AC2 and no issue yet.
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:42 pm

(useless comment) If someone with a big PPPoE server has upgraded, I really want to see if it has issues,
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:45 pm

I hope not... upgrade a critical PPPoE server with just published software.............
Is not like a switch or a router, you take down all network for xxx customers without be sure than come up again............
 
gabacho4
Member
Member
Posts: 330
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:47 pm

(useless comment) If someone with a big PPPoE server has upgraded, I really want to see if it has issues,
Popping some popcorn for the big show. Extra butter!
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:50 pm

haha, i might just try it (i have a second partition with v6.48.6 specifically for jumping back if something funny happens) but first I'm going to camp this post to see if there's a serious issue with TILE or anything shared with my router (a CCR1009-7G-1C-PC)

(extra edit to avoid making a new post)
Also since electricity here is horrible and has a lot of spikes, we always blame electricity if a customer router hangs or becomes unresponsive (most of the time it's actually the cause, but that gives us more wiggle room for upgrade issues and stuff like that.
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 4:59 pm

*) l2tp - added VRF support for L2TP Ether interfaces;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
I did not found on Winbox ou CLI the VRF attribute to l2tp-ether, eoip, ipip, gre.
VXLan the VRF Option is really there.
 
User avatar
achu
just joined
Posts: 2
Joined: Mon Mar 30, 2020 11:48 am
Location: PL

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 5:01 pm

No hardware acceleration for openvpn in hAP ax3 router (IPQ-6010 CPU) at least in AES-256-CBC + SHA1 configuration

Image
 
JoshDi
newbie
Posts: 37
Joined: Fri May 21, 2021 4:49 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 5:03 pm

v7.7 working fine on my RBSXTsqG-5acD (upgraded from 7.7rc4)

only issue Ive found is the system->packages "check for update" only works via WinBox. The GUI doesnt show the latest firmware or any changes when clicking "check for updates"
Screenshot 2023-01-12 at 10.01.54 AM.png
You do not have the required permissions to view the files attached to this post.
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 5:39 pm

sorry for offtopic but is openvpn working without public IP?
 
Babujnik
newbie
Posts: 32
Joined: Fri May 05, 2017 2:15 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 5:48 pm

ok.. so how do You import ED25519 SSH keys ?

public keys generated with "ssh-keygen -t ed25519" seems not to import on RoS:
[user@tik] /user/ssh-keys> import public-key-file=id_ed25519.pub user=user
unable to load key file (wrong format or bad passphrase)!
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 5:55 pm

ok.. so how do You import ED25519 SSH keys ?
You can not. This is about ed25519 key exchange. Let's hope host keys and public key authentication will follow...
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 5:59 pm

updated my hap ax3, PoE was not correctly initialized after the reboot, and required the cable in port1 to be unplugged and plugged in again to power the connected CSS610
 
Babujnik
newbie
Posts: 32
Joined: Fri May 05, 2017 2:15 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 6:09 pm

ok.. so how do You import ED25519 SSH keys ?
You can not. This is about ed25519 key exchange. Let's hope host keys and public key authentication will follow...
my bad ! thanks for clarification
 
megabitus
just joined
Posts: 7
Joined: Sun Apr 21, 2019 8:24 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 6:17 pm

Updated: hAP ac, hAP ac 2, LtAP mini, hEX PoE, CRS112, CHR, RB4011, RB5009, hAP ac 3 with no problems so far.
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 6:29 pm

Ok, I upgraded a CCR1009-7G-1C-PC, it didn't explode, updates may follow if something funny happens. Cheers.
 
faxxe
newbie
Posts: 39
Joined: Wed Dec 12, 2018 1:46 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 7:06 pm

After flawless 72 days online on 7.6 i upgraded our CCR1009-7G-1C-1S+...... no fire or smoke. Resumed the old track to full satisfaction

-faxxe
 
User avatar
CTassisF
newbie
Posts: 35
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 7:25 pm

I did not found on Winbox ou CLI the VRF attribute to l2tp-ether, eoip, ipip, gre.

https://help.mikrotik.com/docs/pages/vi ... edfeatures
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 202
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 7:50 pm

I have downloaded. ARM Chateau. But after reboot still 7.6, no upgrade performed. Tried twice. In logs: "router was rebooted without proper shutdown, probably kernel failure".
 
kowal
newbie
Posts: 30
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 8:03 pm

updated : hAP ac3, hAPax3, rb450gx4, cap ac without issues
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 8:04 pm

Sorry! My bad not look at the help docs...

The idea of using the @vrf is great!
After seeing that, I trying to guess why not using the same syntax/method with VXLAN, but putting it on VTEP remote-ip attribute.

Could that be considered as a suggestion?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 8:07 pm

memelchenkov - Please send supout file from your router to support@mikrotik.com. Please note that your router did fail while running v7.6. The issue is not caused by v7.7.
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 202
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 8:33 pm

memelchenkov - Please send supout file from your router to support@mikrotik.com. Please note that your router did fail while running v7.6. The issue is not caused by v7.7.
It seems you are right, that the problem is not related to 7.7 upgrade, thanks! I rebooted without trying to update and the same kernel error—some bug of 7.6, unfortunately: it restores all my Firewall Address List after reboot, which I deleted before, all thousands entries. Oh well, gotta deal with it now...

UPD: it's a nasty bug when too long firewall address list eats all HDD space (free space become 0%) and then you cannot backup/restore. So I did Netinstall, restored from backup and after upgraded to 7.7, and everything went smooth then.
Last edited by memelchenkov on Thu Jan 12, 2023 10:38 pm, edited 1 time in total.
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 8:44 pm

*) dns - do not query upstream DNS servers for matched regex records;
*) dns - query upstream DNS servers for other record types even if static entry exists;
I didn't have time to test rc4, but it looks like the ability to blacklist ipv6 entries has been restored--thank you! It would appear that the 2nd of the above changes counters the 1st; perhaps they should have been omitted from the change log?
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 8:55 pm

Works:
Screenshot 2023-01-12 174409.jpg
You do not have the required permissions to view the files attached to this post.
 
TOD
just joined
Posts: 6
Joined: Tue Mar 13, 2018 10:46 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 9:14 pm

*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
rb4011.png
What did I do wrong? : /

Or is it (for some unknown reason) only for rb4011 version without Wi-Fi ? o_O
You do not have the required permissions to view the files attached to this post.
 
kowal
newbie
Posts: 30
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 9:49 pm

Maybe its visible via CLI?
 
TOD
just joined
Posts: 6
Joined: Tue Mar 13, 2018 10:46 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 10:18 pm

Maybe its visible via CLI?
rb4011_console.png
It doesn't look like.

And somehow it would be very strange, considering that other devices have corresponding items in the same GUI sections.
You do not have the required permissions to view the files attached to this post.
 
User avatar
sirbryan
Member
Member
Posts: 303
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 10:22 pm

Updated home/office CCR2116 from 7.6 to 7.7. BGP back to main network, Containers, L3HW NAT/FW offloading are all working so far.

Also just got a shiny new hAP AX3 for the lab and upgraded it to 7.7. 2.5Gbps to CRS312 for uplink. Getting just over 100Mbps on 20MHz channel on 2.4GHz, and 800Mbps on 80MHz channel on 5GHz to my iPhone 11.
 
ginojo
just joined
Posts: 6
Joined: Mon Aug 06, 2018 5:42 pm

Re: v7.7 [stable] is released!

Thu Jan 12, 2023 10:32 pm

Setting fixed line rates (auto negotiation disabled) on SFP-RJ45 module to 100mbps not working anymore after 7.7 update on CCR2004-1G-12S+2XS. Always falls back to 1gbps which makes the line unusable when using older devices (like HP ILO).
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 12:14 am

Updated RB5009 with SFP module "S+RJ10" but see in Winbox some "flipping" behaviour, switching between 1G & 10G but the connection (on top of this interface my PPPoE runs) is just fine, 0 errors, maximum performance.
So at this point I'm not sure if this a "Winbox" cosmetic thing because otherwise I would have really glitches on the connection.
Screenshot from 2023-01-12 23-11-30.png
Screenshot from 2023-01-12 23-11-25.png
So these screens are switching between, as is the auto-negotiation is not "stable" but the link is fine.
Same with the screen below, the field like Temp & Supply-Voltage & "Copper Lenght" are flipping visible/not visible


Screenshot from 2023-01-12 23-11-05.png
Screenshot from 2023-01-12 23-10-46.png
You do not have the required permissions to view the files attached to this post.
 
nexusds
newbie
Posts: 30
Joined: Fri Aug 16, 2019 6:51 am

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 2:25 am

Seems update server is unreachable at the moment
 
Shadowman94
just joined
Posts: 1
Joined: Thu Mar 07, 2019 2:25 am

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 2:34 am

CPU Frequency still missing on RB4011 :(
You do not have the required permissions to view the files attached to this post.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 2:46 am

bgp-vpn4 still doesn't work, even though im learning the end user ip-address
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 4:33 am

Now that this is stable, I'm experimenting for the first time with the new wifiwave2 capsman support. I can't find the local-forwarding setting for wifiwave2, and the "bridge" setting in the CAP configuration seems to be missing. I've added the interfaces manually as bridge ports on the CAP and so this seems to be working, but is there a different way of doing this?
 
User avatar
mantouboji
newbie
Posts: 40
Joined: Mon Aug 01, 2022 2:21 pm
Location: Shanghai

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 7:48 am

wireguard ipv6 bug still exists.
 
fluppir
just joined
Posts: 1
Joined: Fri Mar 11, 2022 12:25 am

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 8:50 am

Is it possible to connect from ax3 device back to ros6 for capsman config ? I don't see where you specify the capsman address or the discovery interface in the CLI - thank you.
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 8:55 am

Now that this is stable, I'm experimenting for the first time with the new wifiwave2 capsman support. I can't find the local-forwarding setting for wifiwave2, and the "bridge" setting in the CAP configuration seems to be missing. I've added the interfaces manually as bridge ports on the CAP and so this seems to be working, but is there a different way of doing this?
Local forwarding is the only type of forwarding available for wifiwave2 capsman currently, so there is no setting to switch between local and capsman forwarding.
Adding an interface to a bridge on the cap can be done by
#all commands executed on cap
/interface/wifiwave2/datapath 
add name=datapath-br bridge=bridge0
/interface/wifiwave2
set [find where !dynamic] datapath=datapath-br
#for dynamic interfaces
/interface/wifiwave2/cap
set slaves-datapath=datapath-br
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:02 am

Is it possible to connect from ax3 device back to ros6 for capsman config ? I don't see where you specify the capsman address or the discovery interface in the CLI - thank you.
Devices running the wifiwave2 package (like the hAP ax^3), can only be managed by capsman from other devices running with wifiwave2 package. So a ROSv6 CAPsMAN from the bundled wireless package cannot manage a hAP ax^3.
CAPsMAN address in wifiwave2 settings can be set with `/interface/wifiwave2/cap set caps-man-address=`
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:03 am

Thank you for the explanation! That makes sense now.
 
accarda
Member Candidate
Member Candidate
Posts: 208
Joined: Fri Apr 05, 2019 4:06 pm
Location: Italy

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:21 am

I'd like to report some behaviour that I have noticed while updating couple of devices, a CHR and RB4011.
On both I'm running VXLAN where I have attached PPPoE interface.
Initially after upgrading CHR first, VXLAN didn't work properly with RB4011, so PPPoE server was not reached.
After updating also RB4011 to v7.7, then VXLAN started to work again and now PPPoE connection is working again.
So not really sure whether there was any incompatibility for VXLAN between Ros 7.6 and 7.7, so I'm just reporting this here.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:29 am

I have an audience as a wave2 cap. When I reboot it, the two CAP interfaces do not start getting managed by capsman properly until I disable them and re-enable them, and after that they work fine. It seems to be a bug.
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:52 am

I'm unable to reproduce the issue going just by the description.
Please open a support ticket and include supouts from both capsman and the affected cap.
Last edited by BartoszP on Fri Jan 13, 2023 10:15 am, edited 2 times in total.
Reason: no need to quote whole previous post ... we can follow the stream of discussion
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:57 am

I'm unable to reproduce the issue going just by the description.
please pass this on to the programmers, I think it hasn't been done yet:
viewtopic.php?t=192427#p976967
Thank you.
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 10:44 am

hAPAC3 + RB4011iGS+5HacQ2HnD-IN update to v7.7 seems fine.

*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
This one fix 'error hotspot profile queue' usually occur after router restart. Thx Mikrotik Team.

EDITED :
Same problem with RB4011iGS+5HacQ2HnD-IN, CPU Frequency at System>Resource not show, while at hAPAC3 shown.
Last edited by rumahnetmks on Sat Jan 14, 2023 3:30 pm, edited 1 time in total.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 11:06 am

x86 7.7 doesn't support Mellanox ConnetX6 cards, it see the pci but the interface are not shown
 
User avatar
jimmer
just joined
Posts: 19
Joined: Wed Mar 06, 2019 10:06 am
Location: Tasmania, Australia

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 11:56 am

Is it possible to connect from ax3 device back to ros6 for capsman config ? I don't see where you specify the capsman address or the discovery interface in the CLI - thank you.
Devices running the wifiwave2 package (like the hAP ax^3), can only be managed by capsman from other devices running with wifiwave2 package. So a ROSv6 CAPsMAN from the bundled wireless package cannot manage a hAP ax^3.
CAPsMAN address in wifiwave2 settings can be set with `/interface/wifiwave2/cap set caps-man-address=`

So does that mean if you had a RB3011-RM Running RouterOS 7 without any WiFi interfaces then you cant manage a hAP ax^3 or does it mean you need to install the wifiwave2 package on the RB3011-RM to manage such a device?

Kind Regards,
Jim
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 11:58 am

If the wifi2 package is available for that device, that's the way to go.
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 12:09 pm

You need to install the wifiwave2 package on the RB3011, yes.
 
User avatar
jimmer
just joined
Posts: 19
Joined: Wed Mar 06, 2019 10:06 am
Location: Tasmania, Australia

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 12:13 pm

If the wifi2 package is available for that device, that's the way to go.
Yeah, it uses the ARM packages so same as the hapAC2 and I am guessing the hAPax2 and hAPax3

Flash is OK and it has a gig of RAM so that wont be a prob.

Will just mean I wouldnt be able to use a smaller device for CAPsMAN for the hAPax series such as the RB750Gr3 even though it has the RAM it doesnt have the flash for the wave2 package.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 12:46 pm

Hex should be sufficient to be used.
Ofcourse you need to see if enough flash space is available.
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 12:46 pm

The storage requirement for architectures that do not require local wifi interface drivers and firmware files is significantly lower.
The mmips package for the RB750Gr3 is 200kB.
 
juniorespow
just joined
Posts: 2
Joined: Thu Feb 24, 2022 10:06 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 1:12 pm

working fine on CCR2216 v7.7
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 1:22 pm

I just tried setting up VLANs with the wifiwave2 CAPsMAN like how I would with the older CAPsMAN (putting the VLAN ID into the datapath settings on the CAPsMAN unit) and I get this error for the interfaces for remote CAPs:

"interface does not support assigning vlans"

Does wave2 capsman not currently support VLAN tagging for slave interfaces on remote CAP devices?
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 1:34 pm

Only 802.11ax wifiwave2 interfaces support vlan tagging by the wireless interface.
I suppose the changelog entry regarding this could have been clearer.
All VLAN tagging in wifiwave2 is 'per-user' VLAN tagging. Setting datapath.vlan-id, you set the default VLAN id for users connecting on that interface. The default can be overriden by the access list.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 1:39 pm

Is there any way around this for non-ax interfaces with wave2, where you want different SSIDs on different VLANs?
 
Qper
just joined
Posts: 18
Joined: Wed Nov 12, 2014 11:57 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 1:42 pm

LHGG LTE died after the update...
Last edited by Qper on Fri Jan 13, 2023 8:46 pm, edited 1 time in total.
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 1:53 pm

A workaround for non-ax interfaces would be to have static interface configurations and manually add wifi interfaces as bridge ports with the desired pvid like in this example https://help.mikrotik.com/docs/display/ ... ccessPorts
 
yo3gjc
just joined
Posts: 12
Joined: Sat Mar 05, 2011 4:30 pm
Location: Mississauga ON

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 2:13 pm

Another old bug is back. In routing/table marks are doubled in 4011 model
screenshot here
https://1drv.ms/u/s!AjSrHqFnTgKVg8YC7it ... w?e=tZF4J2
Last edited by yo3gjc on Fri Jan 13, 2023 2:37 pm, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 2:26 pm

what and where exactly is doubled? As far as I can see routing marks are exactly the same number as being added, nothing is doubled.
 
User avatar
kehrlein
newbie
Posts: 48
Joined: Tue Jul 09, 2019 1:35 am

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 2:30 pm

wireguard ipv6 bug still exists.
Could you please provide any details about the bug?
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 4:04 pm

I have updated a bunch of devices:

- hAP AC2
- RB951Ui-2HnD, RB450Gx4, RB2011, RB3011, RB4011 and RB5009
- CRS326-24G, CRS328-24P
- hEX S
- cAP

All upgraded without issues.
 
jplitza
just joined
Posts: 9
Joined: Mon Sep 20, 2021 4:12 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 4:17 pm

We are having issues with wireless mode=station-pseudobridge-clone and ARP replies. With 7.6, the Mikrotik RB951G-2HnD would reply to ARP requests for its own IP address with the cloned MAC address. Now it doesn't always do that, leading to very intermittent connectivity.

Luckily only an unimportant device. We worked around it by adding a static ARP entry to the router.
 
arash88
just joined
Posts: 12
Joined: Wed Oct 31, 2018 1:33 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 4:27 pm

Hey guys,
Updating to 7.7 from 7.6 (x86) has corrupted my container or to be more specific, I think it has corrupted a file inside the workdir.(/usr/local/bin)
Downgrading to 7.6 didn't help but Reinstalling the container fixed the problem.
This was the docker image: https://hub.docker.com/r/enwaiax/x-ui
And I got this error after upgrading: open bin/config.json: permission denied
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 5:21 pm

Hi

My both WAP R with ZT can't be upgrade due to missing zerotier package


/system/package/update> download
channel: stable
installed-version: 7.6
latest-version: 7.7
status: zerotier-7.7-arm.npk missing, use ignore-missing or disable package(s)
 
Spidermila
just joined
Posts: 9
Joined: Wed May 19, 2021 12:37 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 5:25 pm

I have experienced several messages like "private-dhcp offering lease 192.168.111.50 for 94:EA:32:35:52:98 without success" after upgrading to 7.7. The result was that the clients were unable to access the network nor Internet. Clients are mostly connected via CAP managed APs.
This happened for different clients with different OSes (e.g. Lenovo laptop with Windows 10 and iPhone SE 2020).
I have two bridges, each with a different dhcp server on my RB3011UiAS. Only one of the dhcp servers behaved like that. There were no other messages indicating what the problem could be. The configuration looked fine, just like before the upgrade.
I have downgraded to 7.6 but the problem persisted. Only after restore of configuration from before the upgrade to 7.7, the problem is gone.
This is only a heads up. If someone else gets into trouble with DHCP server, I hope you will have possibility to investigate deeper. I wasn't that lucky. I needed to get rid of the issue ASAP.
Last edited by Spidermila on Fri Jan 13, 2023 5:34 pm, edited 1 time in total.
 
AllexRo
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri Nov 22, 2019 4:24 pm
Location: Bucharest, RO

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 5:26 pm

Hi

My both WAP R with ZT can't be upgrade due to missing zerotier package


/system/package/update> download
channel: stable
installed-version: 7.6
latest-version: 7.7
status: zerotier-7.7-arm.npk missing, use ignore-missing or disable package(s)
You can find zerotier package in all_packages-7.7 zip file. Extract it from there and, with routeros-7.7 npk file, drag both files into Files window. Upon restart, it should update.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 5:34 pm

ROS v7.7 stable is still generating link-local addressing for *disabled* VPN interfaces such as GRE or WireGuard. When will MikroTik fix this?
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 5:41 pm

Hi

My both WAP R with ZT can't be upgrade due to missing zerotier package


/system/package/update> download
channel: stable
installed-version: 7.6
latest-version: 7.7
status: zerotier-7.7-arm.npk missing, use ignore-missing or disable package(s)
You can find zerotier package in all_packages-7.7 zip file. Extract it from there and, with routeros-7.7 npk file, drag both files into Files window. Upon restart, it should update.
Thanks buddy, I have already updated that was just to MT team to fix for the rest.
 
sbr
just joined
Posts: 12
Joined: Thu Dec 03, 2009 10:38 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 6:41 pm

Upgradet two

One bricked it's a hAP ac2
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 8:16 pm

LHG LTE died after the update...
Netinstall
https://help.mikrotik.com/docs/display/ROS/Netinstall
 
User avatar
diamuxin
Member
Member
Posts: 319
Joined: Thu Sep 09, 2021 5:46 pm
Location: Alhambra's City

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:33 pm

In RB4011 with 7.7 the CPU Frequency has disappeared and it is not possible to see it in Winbox and neither by CLI (in 7.7beta3 it worked fine).

*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto"; ==> NOT working

In the other routers (ac2, ac3, mAP) it works fine, it only fails in RB4011.

Any solution or patch?

BR.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 9:37 pm

ROS v7.7 stable is still generating link-local addressing for *disabled* VPN interfaces such as GRE or WireGuard. When will MikroTik fix this?
I understand that's a bug. But is it important? What's the problem of having one link-local address on a disabled interface?

Genuine question.
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 11:01 pm

Hi,
my hikvision cameras are not able to connect HDD thorough samba v1 on hAP AX3. When I use the same HDD in ASUS router cameras are able to connect he samba.. [SUP-104510] sent.

Image
 
lvader
just joined
Posts: 11
Joined: Tue Mar 27, 2018 8:10 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 11:23 pm

ipv6 netmap seems to be still broken in this release
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.7 [stable] is released!

Fri Jan 13, 2023 11:41 pm

ipv6 netmap seems to be still broken in this release
It's probably your configuration. Works fine for me, including NPTv6 via mangle which is better than netmap as it is stateless.
add action=netmap chain=srcnat out-interface-list=WAN src-address=2400:cb00:75::/64 to-address=2400:cb00:75:1::/64
add action=netmap chain=dstnat in-interface-list=WAN dst-address=2400:cb00:75:1::/64 to-address=2400:cb00:75::/64
add action=snpt chain=postrouting comment=Test dst-prefix=2400:cb00:75:1::/64 src-address=2400:cb00:75::/64 src-prefix=2400:cb00:75::/64
add action=dnpt chain=prerouting comment=Test dst-address=2400:cb00:75:1::/64 dst-prefix=2400:cb00:75::/64 src-prefix=2400:cb00:75:1::/64
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 12:08 am

Are there any people with a broken ZeroTier setup in this release ?? ZT on my RB5009 is broken.
Stuck in the state "Requesting_Configuration" it seems. Worked just fine on 7.6
My LAB-3011 was also upgraded (first) and ZT is working fine here, that's the strange thing.
The "LEAF" node remain empty.
Screenshot from 2023-01-13 23-02-42.png

** EDIT ** : After a reboot it seems the config came through, but then the containers started to mis-behave.
** EDIT ** : There is definitely something with this release and containers ... less stable ... after stopping Pi-hole I could not start it anymore !! Needed to delete + recreate the container again before I could start the instance.
You do not have the required permissions to view the files attached to this post.
Last edited by jvanhambelgium on Sat Jan 14, 2023 12:21 am, edited 1 time in total.
 
dvoijen
just joined
Posts: 7
Joined: Fri Mar 23, 2018 2:01 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 12:19 am

I have an issue with version 7.7 on my router i have a OpenVPN Client interface, it is setup to not create a default route.
After updating from 7.6 to 7.7 it creates a default route altough it is setup not to do that.
Even when i disable the interface and re-enable it creates this route.
 
lvader
just joined
Posts: 11
Joined: Tue Mar 27, 2018 8:10 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 1:19 am

ipv6 netmap seems to be still broken in this release
It's probably your configuration. Works fine for me, including NPTv6 via mangle which is better than netmap as it is stateless.
Please double check what you really getting on network side. right now netmap behaves like masquerade.
/ipv6 firewall nat add action=netmap chain=srcnat out-interface=he src-address=fd66:xxxx::/48 to-address=2600:xxxx:xxxx::/48
/ipv6 firewall nat add action=netmap chain=dstnat dst-address=2600:xxxx:xxxx::/48 in-interface=he to-address=fd66:xxxx::/48
and this is what I observe on network:

ping 2001:xxx:xx:xxx:5c1c:19a5:93f:a082 -I fd66:xxxx:0:2008::1

tcpdump:
01:11:50.482601 IP6 (flowlabel 0x7f8c4, hlim 61, next-header ICMPv6 (58) payload length: 64) 2600:xxxx:xxxx:: > 2001:xxx:xx:xxx:5c1c:19a5:93f:a082: [icmp6 sum ok] ICMP6, echo request, id 9, seq 3
outgoing source is 2600:xxxx:xxxx:: instead of expected 2600:xxxx:xxxx:0:2008::1.


and vice versa in opposite direction:
PING6(56=40+8+8 bytes) 2001:xxx:xx:xxx:5c1c:19a5:93f:a082 --> 2600:xxxx:xxxx:333::1

tcpdump:
23:13:14.678833 IP6 (flowlabel 0x20000, hlim 61, next-header ICMPv6 (58) payload length: 16) 2001:xxx:xx:xxx:5c1c:19a5:93f:a082 > fd66:xxxx::: [icmp6 sum ok] ICMP6, echo request, id 50383, seq 13
destination fd66:xxxx:: instead of expected fd66:xxxx:333::1
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 2:29 am

There's a bug in the DNS static vs caching implementation here. A/AAAA/SOA records can not coexist with CNAME records. If one of them is static, the other set needs to be filtered from the upstream.

Edit: it appears that CNAMEs in general can't coexist with all other record types, so if something other than a CNAME is static, any upstream CNAME needs to be filtered out, and vice versa.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 4:57 am

can anyone confirm whether bgp -vpn4 works on v7.7?
 
mmc
newbie
Posts: 41
Joined: Wed Dec 29, 2004 1:44 am

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 5:35 am

ros 7.7 on ccr2116, rb2004... still don't establish stable 10g ethernet links when connected via DAC breakout cables to devices like cisco nexus, arista, juniper.

on the switch the links are flapping infinite after reboot of the mikrotik device or re-connect of the link. this happesn randomly and affects more than 50 percent of all links connected with 10g breakouts (we tested qsfp/sfp+ breakouts from cisco, gtek, fs and mikrotik - all the same result).

it worked without problems till ros 7.2.3. since 7.3 it's broken with above described non-production ready / non-stable result.

reported to support and updated under #[SUP-95119].

just be aware, in case you want to connect the high-end devices via breakouts.
 
User avatar
mantouboji
newbie
Posts: 40
Joined: Mon Aug 01, 2022 2:21 pm
Location: Shanghai

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 8:36 am

wireguard ipv6 bug still exists.
Could you please provide any details about the bug?
viewtopic.php?t=185055
 
jimint
just joined
Posts: 18
Joined: Fri Aug 11, 2017 12:58 am

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 10:30 am

*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
rb4011.png
What did I do wrong? : /

Or is it (for some unknown reason) only for rb4011 version without Wi-Fi ? o_O
Same issue with my RB4011
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 10:44 am

upgrade border eBGP routers CCR2216 + CCR1072 without issues...
 
Widmo
just joined
Posts: 7
Joined: Thu Sep 14, 2017 2:02 am

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 12:31 pm

Hi,

upgrade from 7.6 to 7.7
OSPF links have stopped working.

downgrade to 7.6 make everything working.

If Support need more details - please let me know.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 3:14 pm

Please double check what you really getting on network side. right now netmap behaves like masquerade.
/ipv6 firewall nat add action=netmap chain=srcnat out-interface=he src-address=fd66:xxxx::/48 to-address=2600:xxxx:xxxx::/48
/ipv6 firewall nat add action=netmap chain=dstnat dst-address=2600:xxxx:xxxx::/48 in-interface=he to-address=fd66:xxxx::/48
and this is what I observe on network:

ping 2001:xxx:xx:xxx:5c1c:19a5:93f:a082 -I fd66:xxxx:0:2008::1

tcpdump:
01:11:50.482601 IP6 (flowlabel 0x7f8c4, hlim 61, next-header ICMPv6 (58) payload length: 64) 2600:xxxx:xxxx:: > 2001:xxx:xx:xxx:5c1c:19a5:93f:a082: [icmp6 sum ok] ICMP6, echo request, id 9, seq 3
outgoing source is 2600:xxxx:xxxx:: instead of expected 2600:xxxx:xxxx:0:2008::1.


and vice versa in opposite direction:
PING6(56=40+8+8 bytes) 2001:xxx:xx:xxx:5c1c:19a5:93f:a082 --> 2600:xxxx:xxxx:333::1

tcpdump:
23:13:14.678833 IP6 (flowlabel 0x20000, hlim 61, next-header ICMPv6 (58) payload length: 16) 2001:xxx:xx:xxx:5c1c:19a5:93f:a082 > fd66:xxxx::: [icmp6 sum ok] ICMP6, echo request, id 50383, seq 13
destination fd66:xxxx:: instead of expected fd66:xxxx:333::1
You are right, it is behaving like a masquerade. It's a bug for sure. But also I recommend you avoid NAT66 crap and use NPTv6 instead via mangle, it will preserve the end-to-end princple which NAT of any kind cannot.
 
EgidijusL
just joined
Posts: 12
Joined: Fri Feb 07, 2020 1:25 am

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 4:19 pm

Hap ax3 - Wifi 5Ghz speed down from ~800Mbs to max ~400Mbs and speed no stable. :(
Update from 7.6 to 7.7
Last edited by EgidijusL on Sat Jan 14, 2023 6:04 pm, edited 1 time in total.
 
voytec
just joined
Posts: 3
Joined: Mon Feb 06, 2017 10:39 am

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 4:37 pm

CCR1009-7G-1C-1S+ router OS v7.7
USB port still not working. I can't connect to UPS.
 
steginger
just joined
Posts: 8
Joined: Sat Apr 11, 2020 2:26 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 6:13 pm

I think this change
*) dns - query upstream DNS servers for other record types even if static entry exists;
creates some big problem for me.

For my local network I have some static A entries in my MT router for local services.
They don't have any static AAAA records as I don't want to use IPv6 for those services.
With 7.6 everything is fine.
After updating to 7.7 resolving the static A entries from within docker containers completely seems to be broken (e.g., ping gives just a bad address error).
Reverting back to 7.6 without changing anything else fixes lookup in the containers.

For 7.6 I got a valid (NOERROR) but empty response trying to resolve an AAAA record for a static A entry:
root@james:~# host -t AAAA -v mqtt.xxx.home 192.168.0.254
Trying "mqtt.xxx.home"
Using domain server:
Name: 192.168.0.254
Address: 192.168.0.254#53
Aliases: 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48407
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;mqtt.xxx.home.		IN	AAAA
This correctly indicates that there is no IPv6 address to best of my knowledge.

With 7.7 I get a NXDOMAIN error (which is of course valid from an upstream server point of view as upstream server doesn't know anything about my local entries):
root@james:~# host -t AAAA -v test.xxx.home 192.168.0.253
Trying "test.xxx.home"
Using domain server:
Name: 192.168.0.253
Address: 192.168.0.253#53
Aliases: 

Host test.xxx.home not found: 3(NXDOMAIN)
I guess this NXDOMAIN at least confuses name resolution within my docker containers (docker DNS proxy?).
It seems to be no generic problem in host linux (I can ping a static entry from host but not from within container, ping by IP is fine in container).

Any ideas or any possibility to create an "empty" static AAAA entry?

I dont't really want to create real AAAA entries as I had some problems with docker and IPv6 in the past.

Thanks!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 6:50 pm

CCR1009-7G-1C-1S+ router OS v7.7
USB port still not working. I can't connect to UPS.
Do other version works? Are there written anything in change log that it should work?
If other version works, make a support case.
 
East2
just joined
Posts: 4
Joined: Wed Apr 14, 2021 6:50 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 10:27 pm

hAP ac^2 7.6 (router was rebooted without proper shutdown, probably kernel failure)...
 
h17
just joined
Posts: 17
Joined: Wed Apr 16, 2014 10:01 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 10:32 pm

Hap ax3 - Wifi 5Ghz speed down from ~800Mbs to max ~400Mbs and speed no stable. :(
Update from 7.6 to 7.7
I'm seeing the same thing, even worse (down from 630Mbps to 180Mbps).
There's no one else on frequencies used by me (5700/ax/eeCe, Poland).

Didn't change anything. On v7.6 all my devices were connected at 1200Mbps,
now on v7.7 they all are around 260-280Mbps in registration table.
 
lvader
just joined
Posts: 11
Joined: Tue Mar 27, 2018 8:10 pm

Re: v7.7 [stable] is released!

Sat Jan 14, 2023 11:05 pm

You are right, it is behaving like a masquerade. It's a bug for sure. But also I recommend you avoid NAT66 crap and use NPTv6 instead via mangle, it will preserve the end-to-end princple which NAT of any kind cannot.
NPTv6 unfortunately is also buggy. In my experiments it is matching the firewall rule
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log=yes
Here what is in logs:
23:03:10 firewall,info forward: in:bridge out:he, connection-state:invalid src-mac b8:27:eb:xx:xx:xx, proto ICMP (type 129, code 0), fd66:xxxx:x:2008::1->2001:xxx:xx:x:xxx:baff:fe35:149a, len 64

and in connection state tracking it has only one direction entry:
      protocol=icmpv6 src-address=2001:xxx:xx:x:xxxx:baff:fe35:149a dst-address=2600:xxxx:xxxx:1000::1
        reply-src-address=2600:xxxx:xxxx:1000::1 reply-dst-address=2001:xxx:xx:x:xxxx:baff:fe35:149a icmp-type=128 icmp-code=0
        icmp-id=104 timeout=29s

Upd: adding in raw table bunch of "no track" rules helps, but looses some part of firewall functionality... that's why netmap might be a better solution anyway...
 
dave3
newbie
Posts: 45
Joined: Mon Feb 07, 2022 8:06 am

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 3:50 am

I did the upgrade from v7.6 to v7.7 on my RB750gr3 yesterday. It's a pretty basic setup, but so far, so good.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 9:45 am

NPTv6 unfortunately is also buggy. In my experiments it is matching the firewall rule
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log=yes
Here what is in logs:
23:03:10 firewall,info forward: in:bridge out:he, connection-state:invalid src-mac b8:27:eb:xx:xx:xx, proto ICMP (type 129, code 0), fd66:xxxx:x:2008::1->2001:xxx:xx:x:xxx:baff:fe35:149a, len 64

and in connection state tracking it has only one direction entry:
      protocol=icmpv6 src-address=2001:xxx:xx:x:xxxx:baff:fe35:149a dst-address=2600:xxxx:xxxx:1000::1
        reply-src-address=2600:xxxx:xxxx:1000::1 reply-dst-address=2001:xxx:xx:x:xxxx:baff:fe35:149a icmp-type=128 icmp-code=0
        icmp-id=104 timeout=29s

Upd: adding in raw table bunch of "no track" rules helps, but looses some part of firewall functionality... that's why netmap might be a better solution anyway...
That is not a bug, that is expected. You are using stateful rules to filter NPTv6 traffic which is stateless. To begin with IPv6 restores the end-to-end principle therefore removing NAT and stateful-ness along with it. You are not supposed to create state-full ness for IPv6 if you want maximum possible end-to-end performance and eliminate STUN/TURN completely from the network.

This is off-topic, I will not go further than this, but I suggest you learn network engineering further to understand better.

For IPv6 firewalling, use the raw table, remove all filter/NAT rules. The raw table aka prerouting chain is powerful and you can use various ACLs and parameters like src or dst address type.

Statefulness makes sense only for an IoT VLAN. Everything else, filter on host or not like an iPhone where nothing is running on any port, it doesn't matter.
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 12:24 pm

x86 Router with Atheros AR9300 WiFi adapter installed
Update from 7.6 to 7.7
WiFi clients stopped see WiFi network. I was forced to rollback to 7.6. After that WiFi works again.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 12:51 pm

To begin with IPv6 restores the end-to-end principle therefore removing NAT and stateful-ness along with it.

I don't agree. Stateful-ness has nothing to do with NAT, it's the other way around (it's not possible to perform sensible NAT without being aware of connection state). When it comes to NPTv6, it can indeed work as stateless ... but that doesn't prevent firewallv6 from work in stateful manner. And stateful firewall has quite a few advantages over stateless firewall (speed is obviously not one of them).

The packet flow explanation doesn't differentiate between IPv4 and IPv6 (in some places it explicitly mixes them ... "IPv4 or IPv6"), doesn't explicitly mention netmap - it uses generic "DST NAT" and "SRC NAT" boxes and I assume netmap is covered (as a special case) with that functionality. And I assume NPTv6 is covered there as well.
If my assumptions are correct, then using NPTv6 (or netmap) doesn't change functioning of firewallv6, one only has to be carefull about which addresses are being used when packets are passing firewall (according to packet flow diagrams the "internal" addresses are seen by firewall).

But then my assumptions can be wrong. And I don't need NPTv6 (or netmap) so I'm not going to test it myself.
 
Nadol
just joined
Posts: 3
Joined: Tue Dec 21, 2021 9:33 am

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 1:25 pm

I have downloaded. ARM Chateau. But after reboot still 7.6, no upgrade performed. Tried twice. In logs: "router was rebooted without proper shutdown, probably kernel failure".
I can confirm this. I was trying to upgrade several times without luck. Each time at log I'm getting: "router was rebooted without proper shutdown, probably kernel failure"
Last edited by Nadol on Sun Jan 15, 2023 5:03 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 2:01 pm

There's a bug in the DNS static vs caching implementation here. A/AAAA/SOA records can not coexist with CNAME records. If one of them is static, the other set needs to be filtered from the upstream.

Edit: it appears that CNAMEs in general can't coexist with all other record types, so if something other than a CNAME is static, any upstream CNAME needs to be filtered out, and vice versa.
That is according to DNS spec. CNAME and other data on the same name is not allowed in DNS. Sure it is sometimes inconvenient.
Maybe you need to cut back on clever use of static DNS records to override what outside DNS is telling you. That is never going to work well.
Static DNS records should only be used for names that you manage yourself.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 4:16 pm

This problem with spamming the logs continues in this version unfortunately. OSPF otherwise works without problems, but because of this I have to disable logging.
ROUTE,OSPF,WARNING { version: 2 router-id: 10.107.*.* } backbone-v2 { 0.0.0.0 } interface { broadcast 10.107.*.*%vlan1030 } neighbor { router-id: 10.107.*.* state: Full } crypto sequence invalid	notice
ROUTE,OSPF,WARNING { version: 2 router-id: 10.107.*.* } backbone-v2 { 0.0.0.0 } interface { broadcast 10.107.*.*%vlan1030 } neighbor { router-id: 10.107.*.* state: Full } crypto sequence invalid	notice
ROUTE,OSPF,WARNING { version: 2 router-id: 10.107.*.* } backbone-v2 { 0.0.0.0 } interface { broadcast 10.107.*.*%vlan1030 } neighbor { router-id: 10.107.*.* state: Full } crypto sequence invalid	notice
ROUTE,OSPF,WARNING { version: 2 router-id: 10.107.*.* } backbone-v2 { 0.0.0.0 } interface { broadcast 10.107.*.*%vlan1030 } neighbor { router-id: 10.107.*.* state: Full } crypto sequence invalid	notice
ROUTE,OSPF,WARNING { version: 2 router-id: 10.107.*.* } backbone-v2 { 0.0.0.0 } interface { broadcast 10.107.*.*%vlan1030 } neighbor { router-id: 10.107.*.* state: Full } crypto sequence invalid	notice
+
received wrong LS Ack for network
received wrong LS Ack for router
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 5:49 pm

updated from 7.6 to 7.7:
CRS326-24G-2S+
hAP AC
hAP ac²

and a friend of mine:
CRS326-24G-2S+
RB3011
hAP ac²


so far no funky stuff appeared.

wireguard, bgp peering (hAPac² to my friends RB3011 via wireguard tunnel), queues and vlan-filtering bridges working so far
 
FIBRANETPLUS
just joined
Posts: 6
Joined: Fri May 13, 2022 2:42 am

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 5:50 pm

I have CCR2004-1G-12S+2XS v6.49.7
Upgrade to 7.7
After upgrade no work
https://www.porvenir.com.co/
http://s16.movilsp.co/

And others webpage

No work apps DirecTVGO and HBOGO

Return to 6.49.7 and work fine again

I have CCR2116-12G-4S+ v7.1.5
After upgrading to any higher version, have same problem.

Andy idea?
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 6:03 pm

WiFi speed on hap AX2 is OK on 7.7, the same as on 7.6
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 9:23 pm

I don't agree. Stateful-ness has nothing to do with NAT, it's the other way around (it's not possible to perform sensible NAT without being aware of connection state). When it comes to NPTv6, it can indeed work as stateless ... but that doesn't prevent firewallv6 from work in stateful manner. And stateful firewall has quite a few advantages over stateless firewall (speed is obviously not one of them).
Stateful-ness doesn't need NAT. But NAT requires stateful-ness to work. NPTv6 isn't NAT, it is stateless, it doesn't need the conn_track module.

You should stop pretending to be a know-it-all expert and do some reading.
This document describes a stateless, transport-agnostic IPv6-to-IPv6 Network Prefix Translation (NPTv6) function that provides the address-independence benefit associated with IPv4-to-IPv4 NAT (NAPT44) and provides a 1:1 relationship between addresses in the "inside" and "outside" prefixes, preserving end-to-end reachability at the network layer.
https://www.rfc-editor.org/rfc/rfc6296
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The packet flow explanation doesn't differentiate between IPv4 and IPv6 (in some places it explicitly mixes them ... "IPv4 or IPv6"), doesn't explicitly mention netmap - it uses generic "DST NAT" and "SRC NAT" boxes and I assume netmap is covered (as a special case) with that functionality. And I assume NPTv6 is covered there as well.
If my assumptions are correct, then using NPTv6 (or netmap) doesn't change functioning of firewallv6, one only has to be carefull about which addresses are being used when packets are passing firewall (according to packet flow diagrams the "internal" addresses are seen by firewall).

But then my assumptions can be wrong. And I don't need NPTv6 (or netmap) so I'm not going to test it myself.
You are not entirely wrong about the stateful firewall, it has its place, and is useful for non-advanced users or engineers who lack the expertise to configure a stateless firewall that covers A to Z. I can filter out unsolicited traffic or in other words traffic that could for example try to SSH into the router or my hosts or whatever, using purely the stateless firewall by exploiting the various parameters supported in legacy iptables. But as I stated this is advanced and not everyone can do this, or should, because chances are, they may leave loopholes or break stuff on layer 3/4 (been there, done that).

But if an organisation or business or even a home user, wants true native IPv6 end-to-end principle restored, then they should make the efforts to learn advanced iptables and exploit everything there is in the prerouting chain to filter all the crap they want without harming the end-to-end principle and advantage of IPv6 therefore nearly zero performance loss compared to stateful firewall with severe performance loss when trying to route line-rate.

The packet flow diagram hasn't been updated in decades since the NetFilter project became “public” (mass adoption), which is unfortunately a problem for experts such as yourself that assume it is flawless. It does not differentiate between NAT66 and NPTv6 because both didn't even exist back then, when the original diagram went public. Unfortunately for non-experts like myself and other folks, this has been problematic in the field when we deal with experts that believe blindly the packet flow diagram is flawless, it is not. I recommend, you actually look at the Linux kernel source code, focus on the NPTv6 code and compare it to NAT66, they aren't remotely similar short of “translation”, but the mechanism varies between Earth and Mars. I could be wrong, the diagram could be wrong, but the source code does not lie. It is C programming, so easier to parse for non-programming folks like myself, C being procedural and all.

Now, hopefully someone in the Linux NetFilter project will eventually update both the docs and the diagram to reflect the new changes. Especially since everyone (except MikroTik and other vendors) is moving away from NetFilter for filtering (leaving packet assembly and dis-assembly/sk_buff etc still to NetFilter) to either XDP or entire kernel bypass using DPDK. A proper packet-flow diagram including these technologies to properly represent their flow in the process along with NPTv6 is more important now than ever to prevent misinformation from plaguing the networking industry.

The Wikipedia version of the diagram, is slightly more accurate as it does represent XDP, but does not cover the NPTv6 which is in “mangle” (after conn_track), but is supposed to stateless (can be proven by no_tracking in the raw table that it works). You need to realise it's all just hooks, the different “chains” can be hooked stateless_ly without conn_track under the hood. Performance wise, no_tracking doesn't guarantee performance-loss=zero if you use anything short of prerouting/raw table:
iptables has multiple pre-defined tables and base chains, all of which are registered even if you only need one of them. There have been reports of even unused base chains harming performance.
Source: https://wiki.nftables.org/wiki-nftables ... h_iptables

And hopefully, MikroTik migrates to nftables at the least and perhaps give us XDP support (ASIC offloaded or native mode) or DPDK, and we can all dump the stateful-ness bullshit (mostly but not entirely) and filter at the NIC level. ROSv7 took decades, we can expect this in Tik in about 60 years lol.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 9:41 pm

You should stop pretending to be a know-it-all expert and do some reading.

Since you're such an expert, why are you writing same thing as I did but using different words ... and then show as if you're writing sonething completely different and that what I wrote is wrong? As far as your latest posts in this thread go, you're trolling. And I'm done discussing with you since you can't seem to handle opinions not supporting your own beliefs.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.7 [stable] is released!

Sun Jan 15, 2023 11:39 pm

Which part of all this is v7.7 release-related?
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 1:28 am

I have CCR2004-1G-12S+2XS v6.49.7 + stuff was here from FIBRANETPLUS (quoting moderator always gets mad when I quote more than a line of information)
I have the same device with no issues with any of the sites you mentioned on 7.7. It is very likely to be some of your configuration and a change from v6 to v7.
 
FIBRANETPLUS
just joined
Posts: 6
Joined: Fri May 13, 2022 2:42 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 1:35 am

My CCR2116 no have any firewall for test this url
Only: IP, Route, NAT, PPPoE secrets, PCC balance.
Last edited by BartoszP on Mon Jan 16, 2023 8:25 am, edited 1 time in total.
Reason: no need to quote whole previous post ... we can follow the stream of discussion .. can you?
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 2:28 am

Try disabling PCC balancing, and then a netinstall/basic config, and work your way back. Eventually you'll find out what's causing your problem.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 2:31 am

im not to sure that vrf works well on v7.7
 
lluu131
just joined
Posts: 14
Joined: Sun Jan 15, 2023 9:18 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 3:23 am

ospf v3 does not work in 7.7, reverts back to 7.6 and everything is fine,CRS317-1G-16S HW enable
/routing ospf instance
add disabled=no name=ospf-instance-v2-ipv4 router-id=id-1
add disabled=no name=ospf-instance-v3-ipv6 router-id=id-1 version=3
/routing ospf area
add disabled=no instance=ospf-instance-v2-ipv4 name=ospf-area-0-ipv4
add disabled=no instance=ospf-instance-v3-ipv6 name=ospf-area-0-ipv6
/routing ospf interface-template
add area=ospf-area-0-ipv4 disabled=no networks=10.1.1.3/32 type=ptp
add area=ospf-area-0-ipv4 disabled=no networks=10.1.1.4/30 type=ptp
add area=ospf-area-0-ipv4 disabled=no networks=10.1.1.16/28 type=ptp
add area=ospf-area-0-ipv4 disabled=no networks=10.1.1.32/28 passive type=ptp
add area=ospf-area-0-ipv4 disabled=no networks=10.1.1.48/28 passive type=ptp
add area=ospf-area-0-ipv4 disabled=no networks=10.1.1.64/28 passive type=ptp
add area=ospf-area-0-ipv4 disabled=no networks=192.168.1.0/24 passive type=ptp
add area=ospf-area-0-ipv6 disabled=no networks=fd00::2/128 passive type=ptp
add area=ospf-area-0-ipv6 disabled=no networks=fd00:0:0:1::/64 type=ptp
add area=ospf-area-0-ipv6 disabled=no networks=fd00:0:0:11::/64 passive type=ptp
add area=ospf-area-0-ipv6 disabled=no networks=fd00:0:0:12::/64 passive type=ptp
add area=ospf-area-0-ipv6 disabled=no networks=fd00:0:0:20::/64 passive type=ptp
add area=ospf-area-0-ipv6 disabled=no networks=fd00:0:0:30::/64 passive type=ptp
add area=ospf-area-0-ipv6 disabled=no networks=fd00:0:0:100::/64 type=ptp
Nothing has changed in the configuration, in 7.7 the ipv6 neighbours are gone, but the ipv4 neighbours are fine, so ospf v3 has stopped working
Last edited by BartoszP on Mon Jan 16, 2023 9:47 am, edited 1 time in total.
Reason: Use proper tags: quote to quote, code for code - keep forum tidy
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 7:57 am

V 7.7 BGP vpn4 routing withdraw still problem.
 
ilmars
just joined
Posts: 4
Joined: Thu Jun 21, 2018 11:19 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 9:38 am

After upgrading to RouterOS v7.7 from v7.6 for CRS354 connected to vPC (CRS354 has a link to each of two Cisco Nexus 9xxxx that form vPC domain) - links start to flap. Issue goes away after downgrading to v7.6.

As was the case with RouterOS v7.7rc5 also with RouterOS v7.7, using serial cable (have tried only with CRS354 for now) error is shown at startup of switch:
insmod: /lib/modules/5.6.3/drivers/char/music_dog.ko failed: 22 Invalid argument
Stopped experiments with MLAG at v7.6 - does not go well with Cisco Nexus vPC - if there is instruction that would lead to stable MikroTik MLAG <> Cisco vPC connection that would be useful.
 
R3quiem3
just joined
Posts: 2
Joined: Sat Jan 14, 2023 8:05 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 9:48 am

I have a problem with SRC-NAT, it is not matching all the connections so there are connections that are passing through the router without being NATed.
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 10:50 am

I have a problem with SRC-NAT, it is not matching all the connections so there are connections that are passing through the router without being NATed.
This problem persist since 6.xx.xx.
 
dakobg
Member Candidate
Member Candidate
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 10:51 am

Any idea when we can expect BFD ?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 12:02 pm

I have a problem with SRC-NAT, it is not matching all the connections so there are connections that are passing through the router without being NATed.
You mean "connections"? Or actually you mean only some packets belonging to a previous connection?
There is a wellknown bug (actually a bug in the Linux kernel) where the connection state is removed too early, and late packets like repeated ACK-FIN or RST belonging to an earlier connection are passed through without NAT.
The default firewall rule to block packets with connection state "invalid" is an attempt to block those packets, but it causes other problems as well.
Apparently the Linux developers have chosen to live with this problem (as it is present for decades) so I think it is best to do the same.
 
shavenne
just joined
Posts: 16
Joined: Wed Dec 11, 2019 4:27 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 12:38 pm

I think this change
*) dns - query upstream DNS servers for other record types even if static entry exists;
creates some big problem for me.
[...]
I'm having the same problem. Since 7.7 my home assistant instance (not on MT, but also in Docker) can't resolve my internal hostnames anymore. I also see AAAA-requests and then a "bad address" in home assistant.
 
easyswiss
just joined
Posts: 13
Joined: Tue Mar 08, 2016 9:49 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 1:34 pm

We have CCR2216 routers. 3x BGP Full, 1+k DHCP, 1+k NAT Rules. CPU Load range 15-25%.

After the upgrade to RouterOS 7.7 (7.6 before) we have reports for package loss from our clients.
There is also a message in the logs that did not appear before 7.7:

L3HW: Route HW table FULL

Is there a bugfix available?
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 1:42 pm

We have CCR2216 routers. 3x BGP Full, 1+k DHCP, 1+k NAT Rules. CPU Load range 15-25%.

After the upgrade to RouterOS 7.7 (7.6 before) we have reports for package loss from our clients.
There is also a message in the logs that did not appear before 7.7:

L3HW: Route HW table FULL

Is there a bugfix available?
given the HW table size of ~140k prefixes you have to play with filter rule to "set suppress-hw-offload yes" on the prefixes that don't do traffic.

regards
Ros
 
mmc
newbie
Posts: 41
Joined: Wed Dec 29, 2004 1:44 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 3:49 pm

After upgrading to RouterOS v7.7 from v7.6 for CRS354 connected to vPC (CRS354 has a link to each of two Cisco Nexus 9xxxx that form vPC domain) - links start to flap. Issue goes away after downgrading to v7.6.

As was the case with RouterOS v7.7rc5 also with RouterOS v7.7, using serial cable (have tried only with CRS354 for now) error is shown at startup of switch:
insmod: /lib/modules/5.6.3/drivers/char/music_dog.ko failed: 22 Invalid argument
Stopped experiments with MLAG at v7.6 - does not go well with Cisco Nexus vPC - if there is instruction that would lead to stable MikroTik MLAG <> Cisco vPC connection that would be useful.
mclag to cisco n3k and n9k work well for us, as long as you don't use breakout cables. with breakout cables you don't get a stable link.
 
easyswiss
just joined
Posts: 13
Joined: Tue Mar 08, 2016 9:49 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 5:03 pm

We have CCR2216 routers. 3x BGP Full, 1+k DHCP, 1+k NAT Rules. CPU Load range 15-25%.

After the upgrade to RouterOS 7.7 (7.6 before) we have reports for package loss from our clients.
There is also a message in the logs that did not appear before 7.7:

L3HW: Route HW table FULL

Is there a bugfix available?
given the HW table size of ~140k prefixes you have to play with filter rule to "set suppress-hw-offload yes" on the prefixes that don't do traffic.

regards
Ros
We have disabled L3HW offloading. No more packet loss measurable.

Interesting fact:
CCR2216 CPU with L3HW offloading: 20%.
CCR2216 CPU WITHOUT L3HW offloading: 10%.

Disabling L3HW Offloading also led to a reduction in CPU usage, which is surprising, especially since L3HW Offloading promises exactly the opposite.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 5:11 pm


We have disabled L3HW offloading. No more packet loss measurable.

Interesting fact:
CCR2216 CPU with L3HW offloading: 20%.
CCR2216 CPU WITHOUT L3HW offloading: 10%.

Disabling L3HW Offloading also led to a reduction in CPU usage, which is surprising, especially since L3HW Offloading promises exactly the opposite.
CCR2216 should have enough cpu power to process this without L3HW offload (which affects the switchport cpu AFAIK)
so the reduced cpu load seems legit
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 5:16 pm

Disabling L3HW Offloading also led to a reduction in CPU usage, which is surprising, especially since L3HW Offloading promises exactly the opposite.
With offloading of CPU tasks to external hardware there is always the tradeoff between performing the actual task on the CPU, and detecting that the task may be performed by external hardware + loading the appropriate information into the external hardware. When there is little traffic, it may well be that loading the route into the switch costs more than doing the routing in the CPU.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 5:18 pm

Upgrade fom 7.6 to 7.7
hEX (RB750Gr3)

6 BGP peers (5 with Wireguard, one with IPSec) and about 3500 IPv6 routes.
 
darkmanlv
newbie
Posts: 35
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 9:27 pm

after upgrade to 7.7 hap ac3 and hex s started to freeze randomly, only power reset helps
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 9:47 pm

I read some comments about higher temperature, nothing about freezing devices.
Couldn't help it, what are freezes in your case? Can you share your config to get some proper feedback?
/export file=anynameyoulike

Make sure to get rid of all personal information.
Last edited by BartoszP on Mon Jan 16, 2023 11:53 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
Ryo
just joined
Posts: 5
Joined: Thu Jan 11, 2018 8:00 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 10:23 pm

after upgrade to 7.7 hap ac3 and hex s started to freeze randomly, only power reset helps
Experienced the same issue as well with hex RB750Gr3, the device will just randomly crashed and rebooted. on next bootup there is warning show "router rebooted without proper shutdown".

Fyi, it don't have this issue with v7.5 and previous version.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 10:35 pm

Maybe you should try to export your config and netinstall the device fresh.
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7 [stable] is released!

Mon Jan 16, 2023 11:44 pm

Hi,

why is this command not working anymore???

/interface/wifiwave2/info country-info Latvia
 
User avatar
sirbryan
Member
Member
Posts: 303
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 6:28 am

We have CCR2216 routers. 3x BGP Full, 1+k DHCP, 1+k NAT Rules. CPU Load range 15-25%.

After the upgrade to RouterOS 7.7 (7.6 before) we have reports for package loss from our clients.
There is also a message in the logs that did not appear before 7.7:

L3HW: Route HW table FULL

Is there a bugfix available?
This just means there's no more room for offloading routes. Your CPU's are handling all the routing. Mine does that on 7.4.1 unless I filter out routes to a couple hundred thousand down from 1.4 million. It's not a bug.
 
User avatar
sirbryan
Member
Member
Posts: 303
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 6:32 am

We have disabled L3HW offloading. No more packet loss measurable.

Interesting fact:
CCR2216 CPU with L3HW offloading: 20%.
CCR2216 CPU WITHOUT L3HW offloading: 10%.

Disabling L3HW Offloading also led to a reduction in CPU usage, which is surprising, especially since L3HW Offloading promises exactly the opposite.
I found issues with L3HW offload on >7.4.1 (7.5, 7.6), so I've left my border/core 2116's and 310/317's on 7.4.1. (CRS310's did fine with 7.6, but they have much smaller tables.)

When I filter all but about 200K routes from external peers, everything fits in L3HW tables and CPU goes down to 0% on the core and 5% on the borders.

I wonder if there's a bug introduced somewhere in 7.5/6/7.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 7:20 am

*) ovpn - added hardware acceleration support for IPQ-6010; <<-- from the manu, where can we that?
 
bluntmike
just joined
Posts: 1
Joined: Wed Jun 09, 2021 11:59 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 8:44 am

I think this change
*) dns - query upstream DNS servers for other record types even if static entry exists;
creates some big problem for me.

For my local network I have some static A entries in my MT router for local services.
They don't have any static AAAA records as I don't want to use IPv6 for those services.
With 7.6 everything is fine.
After updating to 7.7 resolving the static A entries from within docker containers completely seems to be broken (e.g., ping gives just a bad address error).
Reverting back to 7.6 without changing anything else fixes lookup in the containers.

For 7.6 I got a valid (NOERROR) but empty response trying to resolve an AAAA record for a static A entry:
root@james:~# host -t AAAA -v mqtt.xxx.home 192.168.0.254
Trying "mqtt.xxx.home"
Using domain server:
Name: 192.168.0.254
Address: 192.168.0.254#53
Aliases: 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48407
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;mqtt.xxx.home.		IN	AAAA
This correctly indicates that there is no IPv6 address to best of my knowledge.

With 7.7 I get a NXDOMAIN error (which is of course valid from an upstream server point of view as upstream server doesn't know anything about my local entries):
root@james:~# host -t AAAA -v test.xxx.home 192.168.0.253
Trying "test.xxx.home"
Using domain server:
Name: 192.168.0.253
Address: 192.168.0.253#53
Aliases: 

Host test.xxx.home not found: 3(NXDOMAIN)
I guess this NXDOMAIN at least confuses name resolution within my docker containers (docker DNS proxy?).
It seems to be no generic problem in host linux (I can ping a static entry from host but not from within container, ping by IP is fine in container).

Any ideas or any possibility to create an "empty" static AAAA entry?

I dont't really want to create real AAAA entries as I had some problems with docker and IPv6 in the past.

Thanks!
7.7 also broke my home static entries when using home assistant, nslookup returns the ipv4 followed by a NXDOMAIN error.

For example - I have an A for paradox.lan to 192.168.88.49 - I just created an AAAA with the IP as 192.168.88.49 in Winbox which just saved as ::ffff:192.168.88.49 and everything works again.

[edit] bit of a ipv6 noob but i see now @ https://www.ripe.net/manage-ips-and-asn ... stypes.pdf that ::ffff/96 is used to map v4's
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 9:10 am

for me 7.7 still has two main pppoe issues:
- some time in case of massive client's diisconnections the dynamic simple queue about pppoe got invalid and the only way to delete them is to reboot the router;
- rarely the dynamic pppoe-client interface don't get running, here you can delete it and let the client reauthenticate.
[SUP-97493] updated with a series of supout and autosupout.

it is critical to fix theme asap
Last edited by rpingar on Tue Jan 17, 2023 11:23 am, edited 1 time in total.
 
User avatar
sniper113
just joined
Posts: 16
Joined: Fri Nov 09, 2018 4:40 am
Location: Cancun Mexico

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 10:46 am

hello
I recently updated my ebs 3011 with 7.7, everything was fine except that in my 3011 that I had as a balancer (pcc with recursive routes) the balancer stopped working, it didn't give me internet I had to return it to 6.48
In rbs with models prior to 3011, all 7.7 is installed without problems, but when doing a reboot they hang, it just happened to me with a RB760IGS and a 2011 all wrong and I couldn't recover them with anything
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 11:03 am

hello
I recently updated my ebs 3011 with 7.7, everything was fine except that in my 3011 that I had as a balancer (pcc with recursive routes) the balancer stopped working, it didn't give me internet I had to return it to 6.48
It is a problem with your configuration. The behavior of recursive routes has changed, as have some other related things (e.g. route marks).
You will need to study the changes and adapt your configuration to it, it will not be automatically done by the conversion done when upgrading.
 
lukik007
just joined
Posts: 21
Joined: Mon May 27, 2019 10:18 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 12:20 pm

We just upgraded from v6.9 to the new v7 were everything was working fine.

For BGP to partially work, we had to disable BFD and now we are currently having issues to advertise networks that are not static assigned within the /ip address or static routes from both ends using eBGP.

Anyone has a solution for this?
 
FIBRANETPLUS
just joined
Posts: 6
Joined: Fri May 13, 2022 2:42 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 12:23 pm

Try disabling PCC balancing, and then a netinstall/basic config, and work your way back. Eventually you'll find out what's causing your problem.
I check and found problem with OLT (ZTEC320) whit 2 OLT same problem.

If I connect any PC o Router to any MikroTik port, this pages and apps work fine

But not work in ONT, very strange.

CCR2004 v6.49.7 no problem
CCR2004 v7.x not work
CCR2116 v7.x not work
Last edited by FIBRANETPLUS on Tue Jan 17, 2023 2:30 pm, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 12:26 pm

we are currently having issues to advertise networks that are not static assigned within the /ip address or static routes from both ends using eBGP.
https://help.mikrotik.com/docs/display/ ... s-Networks
 
TiboGLN
just joined
Posts: 1
Joined: Thu Oct 20, 2022 5:49 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 12:44 pm

Hi Folks,

Route List in /IP/Route
still doesn't work properly on webfig...
 
lukik007
just joined
Posts: 21
Joined: Mon May 27, 2019 10:18 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 2:15 pm

we are currently having issues to advertise networks that are not static assigned within the /ip address or static routes from both ends using eBGP.
https://help.mikrotik.com/docs/display/ ... s-Networks

in v6 we used synchronize as no and did not use any blackhole. Is there a way to keep as is?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 2:20 pm

As it is mentioned in the article you cannot disable synchronisation.
 
lukik007
just joined
Posts: 21
Joined: Mon May 27, 2019 10:18 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 2:21 pm


in v6 we used synchronize as no and did not use any blackhole. Is there a way to keep as is?
The configuration already has the below but still same issue
/ip/firewall/address-list/
add list=bgp-networks address=192.168.0.0/24
 
/routing/bgp/connection
set peer_name output.network=bgp-networks
 
lukik007
just joined
Posts: 21
Joined: Mon May 27, 2019 10:18 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 2:22 pm

As it is mentioned in the article you cannot disable synchronisation.
So this is a bug or the way forward from now onwards to configure BGP?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 2:27 pm

It is not a bug.
 
Simonej
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sun Aug 22, 2021 3:34 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 4:26 pm

*) wifiwave2 - fixed 4-way handshake with TKIP;
This means thath WiFiWave2 devices are capable to be used as repeater in Station mode?
 
rkrisi
Member Candidate
Member Candidate
Posts: 163
Joined: Fri May 08, 2020 11:54 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 5:23 pm

I have experienced several messages like "private-dhcp offering lease 192.168.111.50 for 94:EA:32:35:52:98 without success" after upgrading to 7.7. The result was that the clients were unable to access the network nor Internet. Clients are mostly connected via CAP managed APs.
This happened for different clients with different OSes (e.g. Lenovo laptop with Windows 10 and iPhone SE 2020).
I have two bridges, each with a different dhcp server on my RB3011UiAS. Only one of the dhcp servers behaved like that. There were no other messages indicating what the problem could be. The configuration looked fine, just like before the upgrade.
I have downgraded to 7.6 but the problem persisted. Only after restore of configuration from before the upgrade to 7.7, the problem is gone.
This is only a heads up. If someone else gets into trouble with DHCP server, I hope you will have possibility to investigate deeper. I wasn't that lucky. I needed to get rid of the issue ASAP.
Well it seems I'm having the same issue. All APs on 7.7, controller (which is also the router) is on 7.6. Only my MacBook having this problem, others can connect successfully.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 6:50 pm

It is not a bug.
Well, it is a bit unfortunate that both this and "/routing bgp aggregate" have been removed in v7.
An unsynchronized route would have been a simple way to work around the lack of route aggregation.
(but probably it most cases it was used incorrectly and I can understand why it was removed)
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 7:05 pm

This means thath WiFiWave2 devices are capable to be used as repeater in Station mode?
This has always worked assuming you didn't need bridging and were fine with the repeater using a different SSID than the main network. I think you're probably getting four-way TKIP handshake mixed up with four address mode support, the latter is needed for bridging and extending a network while keeping the same SSID, and is not available yet.
 
supra107
just joined
Posts: 2
Joined: Fri Sep 03, 2021 6:11 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 7:11 pm

Tried upgrading my hAP ac2 via System>Packages, router ended up boot looping. Had to restore it via Netinstall, and the backup I've made prior the foul update hasn't been restored fully and I have to reconfigure a whole bunch of settings to get back to where it was before, for example I had to connect to the router via the MAC address to even realize the backup has restored in any form, and from there I can see that a lot of configuration is missing. VPN secrets, interface names, addresses, which was the reason I couldn't connect to my router via IP, services, and so on and so on. I have no idea how it ended up being so bad, this is the first time I had to deal with a failed update and it ruined almost everything.
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 7:34 pm

Yes, the quality of the latest releases of the 7.x branch leaves much to be desired...
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 8:01 pm

Upgraded RB4011, hAPac2, Rb961, Wap ac. No problems here
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 8:10 pm

Tried upgrading my hAP ac2 via System>Packages, router ended up boot looping. Had to restore it via Netinstall, and the backup I've made prior the foul update hasn't been restored fully
Did it run v6 before and did you upgrade to v7 without ever doing a netinstall of a v7 version?
 
supra107
just joined
Posts: 2
Joined: Fri Sep 03, 2021 6:11 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 8:27 pm

What are you quotting whole preceding post for? Do this help undertending the conversation? No. Use "Post Reply" button.
The factory version was v6, but I upgraded to v7 via WinBox around when it first came out and all the updates since then were going fine, until today. Then I used Netinstall to bring it back to the version it was running before the upgrade, which was v7.6.
Last edited by BartoszP on Wed Jan 18, 2023 8:00 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 8:31 pm

Ok, it would be best to now do a /export show-sensitive file=xxxx to save what you have, download the .rsc file, do the netinstall to 7.7 with blank configuration, then connect via MAC and upload that export file and import it.
That should save you from having this issue again in the future.
(alternatively, when you do not have too much specific local configuration, it can be better to apply "default configuration" and start to manually configure from there)
 
supra107
just joined
Posts: 2
Joined: Fri Sep 03, 2021 6:11 pm

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 8:35 pm

What are you quotting whole preceding post for? Do this help undertending the conversation? No. Use "Post Reply" button.
What I should've done is export the .rsc file before even initiating the update in the first place, that would've saved me a lot of nerves and time. I was misguided to believe that the backup is a universal solution to a botched upgrade, and now I had to rely on an export from last year to try and bring the router back to where it was before.
Last edited by BartoszP on Wed Jan 18, 2023 8:00 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 8:44 pm

It's mentioned as one of the first things to do...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 11:12 pm

I was misguided to believe that the backup is a universal solution to a botched upgrade,
Backup does not work across version and only on same hardware.
You may open the binary backup file and get some information out of it.
 
tova
just joined
Posts: 3
Joined: Sat Jan 27, 2018 1:10 am

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 11:58 pm

CCR1036-8G-2S+
After update from 7.6 to 7.7
IPSEC not working
SSTP not working
After downgrade back to 7.6
IPSEC is working
SSTP still not working
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Tue Jan 17, 2023 11:59 pm

2x hap ac3 and 1 cap lite upgraded from .6 to .7, no problems seen.
 
supra107
just joined
Posts: 2
Joined: Fri Sep 03, 2021 6:11 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 2:01 am

I was misguided to believe that the backup is a universal solution to a botched upgrade,
Backup does not work across version and only on same hardware.
You may open the binary backup file and get some information out of it.
Which is odd, because I rolled back the exact same device to the exact same RouterOS version it was on when I made the backup, yet it ended up being incomplete. Perhaps due to using Netinstall it resulted in it being improper for the device?
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 3:53 am

please check
SUP-104900 regex match issue
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 4:39 am

Details?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 10:16 am

Which is odd, because I rolled back the exact same device to the exact same RouterOS version it was on when I made the backup, yet it ended up being incomplete. Perhaps due to using Netinstall it resulted in it being improper for the device?
No, it should normally be possible to use backup across versions, you could even restore a v6 backup into v7 and it would re-do the conversion to v7.
However, your config was probably corrupt. That is why the upgrade went wrong too. The advise is therefore to use the /export instead of the backup, after starting a fresh config database using the blank netinstall.
Lots of users went through this. You have a router running v6, you upgrade it to v7 and it appears to work OK, then you upgrade and some time after that it sometimes forgets part of the configuration at reboot. This is finally solved when the configuration is re-done using a recent v7 install. I don't know when this issue was fixed, it is a long time ago. But it looks like existing installs that have been upgraded in the past do still suffer from it, as it comes up on the forum quite regularly.
 
tova
just joined
Posts: 3
Joined: Sat Jan 27, 2018 1:10 am

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 10:22 am

CCR1036-8G-2S+
After update from 7.6 to 7.7
IPSEC not working
SSTP not working
After downgrade back to 7.6
IPSEC is working
SSTP still not working
Same problem in 7.6 and 7.7 - lets encrypt update certificate - name changed (to curent date and time), but certificate is still old and expired.
It is neccessary to delete certificate and create new.

In 7.7 it is not neccessary open port 80 on firewall and enable http.

I downgraded to 7.6, because i had no time to investigate IPSEC problem.
SSTP did not work, disable and enable SSTP did not help.
But change parameters in SSTP (certificate none, tls ver any,...) aply and set it back work.
SSTP is working again.
This problem happened on 1 of 2 routers, the seconds upgrades and SSTP works with 7.7.
 
User avatar
benlg
just joined
Posts: 10
Joined: Mon Jan 31, 2022 2:50 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 11:32 am

In 7.7 it is not neccessary open port 80 on firewall and enable http.
Interesting, no more needed to open port 80 to generate a Let'sEncrypt certificate ?
How does RouterOS do then ?
And http service no more needed either ? Certainly they now use the "standalone" certbot method.
But "standalone" method still needs port 80, so rather strange...
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 562
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 5:40 pm

Has been removed the selection "MAKE STATIC" in DHCP Leases, with right-click menu. Now it is in the upper bar.
Please put back because it was placed in a better position.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 7:49 pm

But "standalone" method still needs port 80, so rather strange...

In some implementations (e.g. certbot for linux), script, when running in standalone mode, starts a limited http server on configured port (can be 80 FWIW) only for certificate renewal. After that, service is shut down again.
 
User avatar
benlg
just joined
Posts: 10
Joined: Mon Jan 31, 2022 2:50 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 7:52 pm

Yes, but then it still needs port 80 to be opened in FW :)
tova, a few posts above, seems to say that port 80 does not need to be opened anymore in FW, which then sounds strange :|
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 8:01 pm

Yes, but then it still needs port 80 to be opened in FW :)

Well, if I wrote such a script, then I'd surely also add necessary FW rule (and push it to very top so any rule that might block it, would be evaluated afterwards) ... and remove it after it's not needed anymore. Similarly one can (temprorarily) override DST NAT (which would otherwise redirect packets from chain=input to chain=forward), but can similarly be overshadowed by a action=accept DST NAT rule (again pushed right to the top).
And something similar for IPv6 (if it's enabled on router).
 
User avatar
benlg
just joined
Posts: 10
Joined: Mon Jan 31, 2022 2:50 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 8:06 pm

Sure, there's certainly a MikroTik hack somewhere...
Which is exactly what I do for now in my own renew schedules (I do not rely on MikroTik ones, to avoid leaving port 80 opened) :)
 
User avatar
benlg
just joined
Posts: 10
Joined: Mon Jan 31, 2022 2:50 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 8:07 pm

Doc still mentions about port 80 though :
https://help.mikrotik.com/docs/display/ ... rtificates
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 9:21 pm

Doc still mentions about port 80 though :

Yeah, it does, but in different context. Here what's written:
Note that the DNS name must point to the router and port TCP/80 must be available from the WAN.
None of it is about router config. It says that FQDN set on command line has to point to router (directly or indirectly) and TCP 80 connection has to arrive at router (if router is behind a firewall, that upstream firewall has to allow/forward connection to this router). That's all the quoted part of manual page says.
 
dakobg
Member Candidate
Member Candidate
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: v7.7 [stable] is released!

Wed Jan 18, 2023 11:16 pm

cool a lot new options for VRF :)
 
snowzach
just joined
Posts: 2
Joined: Wed Jan 19, 2022 3:55 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 6:35 am


Any ideas or any possibility to create an "empty" static AAAA entry?

I dont't really want to create real AAAA entries as I had some problems with docker and IPv6 in the past.

Thanks!
Since 7.7 IPV6 lookups now return NXDOMAIN and it makes my docker containers ignore the valid IPv4.

I finally figured this one out.. I created a regex that matches my internal record and created an AAAA record that points to -2001::- fe80::
I'm not sure if it's right or not but it seems to make docker happy enough to ignore the ipv6 record.
It would be nice if there was an option to return nothing...
EDIT: I switched from 2001:: as that's a valid address to fe80:: which is a link local address. It seems to work better and thus far I haven't found it making and random connections.
Last edited by snowzach on Thu Jan 19, 2023 4:38 pm, edited 1 time in total.
 
Tomek85
just joined
Posts: 2
Joined: Wed Dec 07, 2022 11:16 am

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 8:47 am

*) bridge - fixed master port conversion;
Can anyone explain this?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 9:07 am

Can anyone explain this?
Probably handling upgrades from RouterOS 6.40 and before? That is where a master port did exist.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 9:12 am

I finally figured this one out.. I created a regex that matches my internal record and created an AAAA record that points to 2001::
That is a valid global unicast address. I guess a request is routed through the internet now just to find out that the host does not exist.
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 125
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 9:21 am

Bumped from 7.6 to 7.7 on my CRS125-24G-1S-RM. Working as expected.
Only the web UI isn't working any more.
After login I get a neverwnding "Loading ..." animation.
I cleared the cache and the related cookies. No way.
Any way to fix this?
 
Tomek85
just joined
Posts: 2
Joined: Wed Dec 07, 2022 11:16 am

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 10:28 am

Can anyone explain this?
Probably handling upgrades from RouterOS 6.40 and before? That is where a master port did exist.
Yes that makes sense for me also, that's the reason I asked, but is it possible to upgrade directly from 6.40 to 7.7 ?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 10:43 am

Theoretically, yes.
Practically: I wouldn't do that.

Always make proper backups first (digital and export, CHECK completeness of export)
How I would do it: 2 options:
1- first upgrade to latest 6.49, then move to ROS7 (my preference).
2- go all the way and take the big jump

If you experience strange behavior, it might be needed to netinstall device, clean config, and re-import via terminal config from earlier backup (block by block, could be some parts have been re-ordered and may cause errors but that should be pretty obvious)

What device are you aiming for ? Some of the low-resource devices do not feel too happy about ROS7, so be aware of that before you move.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 10:53 am

...
If you experience strange behavior, it might be needed to netinstall device, clean config, and re-import via terminal config from earlier backup (block by block, could be some parts have been re-ordered and may cause errors but that should be pretty obvious)
....
To prevent mistakes: In that context "import from backup" means copying and pasting configuration EXPORTED in a text form with a command:
/export file=filename 
or even better
/export terse file=filename 
as each line is a complete command then
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 10:56 am

Correct. But that should be obvious when you try to open the binary backup ;-)
For completeness however, it doesn't hurt mentioning it again so thank you for the addition.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 11:01 am

It was not a allusion to you but explanation to a whole audience as some tend to interpret words too directly if it comes to technical receipes/explanations. :)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 11:55 am

I think in any case the wisest thing to do is to first upgrade to 6.49.7 and then do an export, try the upgrade to 7.7 and again do an export, and finally netinstall the device to 7.7 and use those exports to re-build the config.
When you are still on 6.40 and it is not some specialized enterprise device but it is your home router, the very best thing to do is to start completely from scratch with default config and to keep that export only as a manual guideline to remember what things you had configured.
DO NOT copy stuff like bridge configuration, firewall rules or IPsec config from that old config, it has all changed and improved so much over time that it is much better to start fresh. Really. You only use the export to pick up things like passwords and general config outline.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 12:07 pm

7.7 stable still freeze CCR2216 with hw-offload enabled after 15gg of operation.
- no console messages or response
- led ports up
- autosupout generated
[SUP-100981] updated with all info I have.
seems that MT knows about the issue.
regards
 
shavenne
just joined
Posts: 16
Joined: Wed Dec 11, 2019 4:27 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 3:42 pm

Beside the DNS problem I've already mentioned here:
Even though I've disabled the NTP server I can't run a wireguard server on Port 123 anymore. It was working with 7.6.
wg_mobil: Could not create IPv4 socket
Port 124 is working so I guess RouterOS is blocking this port even with NTP server disabled somehow.

Edit: It seems to start (and work) if I disable the NTP client. Is this intended? I'm pretty sure I had it enabled on 7.6 too.
 
snowzach
just joined
Posts: 2
Joined: Wed Jan 19, 2022 3:55 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 4:36 pm

I finally figured this one out.. I created a regex that matches my internal record and created an AAAA record that points to 2001::
That is a valid global unicast address. I guess a request is routed through the internet now just to find out that the host does not exist.
You are correct.. I just started to wonder about that this morning... I did a tcpdump and it is indeed firing off a request to the internet... So I tried again using `fe80::` and it seems to work. I didn't see my linux docker container making any requests to that address. I assume it knows it's a local link address maybe? Not sure.
 
ishanjain
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Sep 29, 2020 8:40 am

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 5:09 pm

Hey, I believe this update breaks wireguard for me. I am using RB450GX4 and I am on mikrotik 7.7. I upgraded from ros 7.6.

I can't reach any thing in my internal network from any peer except for one wireguard peer. The wireguard peer that is still working has an endpoint configured and it's a machine on Linode. Every thing else is stuff like Mobile phones//tablets/laptops on public WiFi. These clients do not have an endpoint configured.

In the logs, I see handshake initiation traffic from clients but mikrotik router is not responding to this traffiic.
Screenshot 2023-01-19 203403.png
In the traffic stats in wireguard menu, I see the rx/tx counters are moving, so I captured some packets with packet sniffer(interface=wireguard-interface, no other settings configured, direction=any) and I don't see any traffic at all. I am not sure why is the rx/tx counter moving?
Screenshot 2023-01-19 203528.png
For "Ishan's Phone", Last handshake is stuck at 01:01:34 even as I am typing this but rx/tx stat keeps moving? on the WAN interface, I only see handhsake initiation traffic. I'll try rebooting the router in a few hours and I am guessing that'll fix this but this is really weird.

All wireguard clients except for the machine on linode have this problem.
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 5:42 pm

Maybe best to start a new topic with full config of your setup.
Wireguard works just fine on my devices (also 7.7).

As for tx counters moving, wireguard ALWAYS sends. It's only when you see something coming back that you know it works.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 5:46 pm

Same here, wireguard works just fine.

My guess is that you have one or more wrong ranges in peer's allowed-ips setting.
 
adam234
just joined
Posts: 2
Joined: Thu Mar 04, 2021 12:16 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 5:52 pm

Hello,
routeros-powerpc-7.7.npk missing while trying to upgrade RB1100AHx2.
 
steginger
just joined
Posts: 8
Joined: Sat Apr 11, 2020 2:26 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 5:55 pm



That is a valid global unicast address. I guess a request is routed through the internet now just to find out that the host does not exist.
You are correct.. I just started to wonder about that this morning... I did a tcpdump and it is indeed firing off a request to the internet... So I tried again using `fe80::` and it seems to work. I didn't see my linux docker container making any requests to that address. I assume it knows it's a local link address maybe? Not sure.
In #142 bluntmike mentioned that for an IPv4 a.b.c.d creating IPv6 AAAA record with ::ffff:a:b:c:d works for him.
I gave it a quick try and doing a nslookup in a container I got ::ffff:a:b:c:d back as "real" IPv6 address.
BusyBox ping did work for the entry on IPv4 and failed when forcing IPv6 (address not available).
I did google a bit and for me it looked like treating this IPv6 response as "I don't want to do IPv6" is kind of application dependant (?), so I don't really know how reliable this is (compared to ideally having an "official" empty response for the AAAA record).
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 6:53 pm

Hello,
routeros-powerpc-7.7.npk missing while trying to upgrade RB1100AHx2.
That must be the 3th or 4th time now since ROS7 started something like this happens ... probably they don't like PPC that much ;-)
 
ishanjain
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Sep 29, 2020 8:40 am

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 7:28 pm

Same here, wireguard works just fine.

My guess is that you have one or more wrong ranges in peer's allowed-ips setting.
This still doesn't explain the frozen last handshake values? The exact same config was working perfectly fine in 7.6.
Either way, The other poster is right about asking this in another thread. The issue then is, it'll take much more effort to explain every thing in the config and I honestly do really believe this is some issue that happened after upgrade and now it's acting up. I'll reboot it in a few minutes and see if that fixes it. if that doesn't fix it, I'll create another post.
 
ishanjain
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Sep 29, 2020 8:40 am

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 7:32 pm

As for tx counters moving, wireguard ALWAYS sends. It's only when you see something coming back that you know it works.
This is not entirely accurate. It's true this'll happen _if_ I have specified an endpoint for the other peer but in my setup, I have not done that for most peers because they are all behind CGNATs.
Mikrotik doesn't know an endpoint to send handshake initiation packets and tx counter should not go up unless I connect from the other side
 
ishanjain
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Sep 29, 2020 8:40 am

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 7:47 pm

Nevermind, It might be some thing else. (I didn't make any changes in the config and this just stopped working so still puzzling).
Rebooted the router, rolled back to 7.6 and I still have the issue. I'll look into it in more detail in a few hours.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 8:11 pm

This is not entirely accurate. It's true this'll happen _if_ I have specified an endpoint for the other peer but in my setup, I have not done that for most peers because they are all behind CGNATs.
Same setup here.
And still tx counters on the central device (hub) where all remote peers point to, go up.
If a remote device is without power and I toggle peer status on central device, counters are reset but tx part will start counting.
That's how wg works.
 
Yakko
just joined
Posts: 1
Joined: Thu May 25, 2017 5:51 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 9:34 pm

Crashes continue. This is a huge problem as we moved over to the mikrotik CCR2216-1G-12XS-2XQ (ARM64)
We have had Issues since we purchase it specifically for using 100gig QSFP. We have tried all firmware's with no luck. We have upgraded to 7.7 which seem to just amplify the problem and crash more often so we downgraded to 7.3.1 which seems to crash less... But still crashes. We have put multiple requests in at support@mikrotik.com with support files no replies. We have attempted several things to try to resolve the crashes to no avail. Including offloading hotspot to a stable mikrotik, disabling IPV6, BGP changes and a few other recommended things that worked for others. We have had other mikrotik experts look at the issue. But I need mikrotik to fix the buggy firmware and I cant get them on are device to help figure out the issue. We are at a loss here and we have to purchase another device to handle the 100Gig from are Backhauls and move to older stable mikrotiks combining 25Gig links from it. Not happy that they released a device with beta firmware that is not even stable.

If someone has any suggestions I'm willing to try them. But at this point im positive its an issue with the firmware that is beyond configuration. Could be an issue with OSPF or BGP as once one router crashes this seems to cause others to crash at random, maybe some sort of a overload or DOS type thing as it shoves everything else where. Just a theory.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 11:24 pm

Hello Guys ... i'm CLEARLY seeing a noticeable memory leak after upgrading to v7.7 on some RB2011 boxes. I couldn't see this kind of leak, at least not that noticeable, on the v7.6 on this boxes, with the exact config is running now. No config was recently changed.

EDIT: not seen only on RB2011s, maybe easily seen on those because they just have lower memory specs. Please see new comments below this one


Firmware was upgraded on the 13th, and another reboot was issued (automatic schedule) for the bootloader upgrade. Both reboots are clearly seen on the graphs. And leak is clearly seen after the RouterOS upgrade (first reboot).

MK box 1
mk1-mem.jpg
.
MK box 2
mk2-mem.jpg
.
MK box 3
mk3-mem.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by leonardogyn on Fri Jan 20, 2023 2:10 am, edited 5 times in total.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 11:29 pm

RB750Gr3 also presenting the leak ....
.
mk4-mem.jpg
You do not have the required permissions to view the files attached to this post.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Thu Jan 19, 2023 11:37 pm

RB3011s also showing the problem ....

RB3011 leak
mk5-mem.jpg
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 12:20 am

So you have hotspot on all your routers? I have it on none of mine, and I don't see any increasing memory trend.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 1:10 am

Actually, after some more investigation, I found boxes with the exact same memory leak which DO NOT have hotspot enabled. So it doesn't seem to be hotspot related. Most of my boxes do have hotspot enabled, so it took me some time to find one that doesn't and is showing the behavior.

I suspected something fasttrack related, as some boxes do have it enabled, some don't. But turns out both (fasttrack enabled and disabled) are showing the same memory leak behavior. So no fasttrack related neither.

This is a MK box with NO HOTSPOT enabled, yet the leak is clearly visible, just like the others I posted
mk6-mem.jpg
You do not have the required permissions to view the files attached to this post.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 1:35 am

Data provided to Mikrotik via SUP-105183.

I was able to generate and attach supout files from 5 (five) boxes presenting the leak behavior. RB2011s, RB750GR3s and one RB4011.

EDIT: after changing my Zabbix memory usage graph settings from fixed (0 to 100) to "calculated", to let the graph adjust to the numbers, it becames easier to see other boxes also presenting the leak, not as severe, but clearly presenting it. I could see on some other RB3011s and also CCR1009s. Data attached to Mikrotik on the ticket.

There's something clearly wrong, hope the data provided can help devs find what's happening.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 2:22 am

Is anyone else seeing issues with NVIDIA Shield connecting to capsman on the 7.7 release ?

As soon as I return to 7.6 the problem goes away.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 11:12 am

Actually, after some more investigation, I found boxes with the exact same memory leak which DO NOT have hotspot enabled.
Let's first wait until the usage increases more, to see if it really is an uncontrolled leak, or just some good use of memory.
Remember that memory is there to be used, and only when the device gets in trouble due to all memory being exhausted, it really is a "bug".
I well remember the early days of Linux (1992, 1993) when users were surprised that "almost all of their memory was in use" but in reality it was just the disk cache that left disk blocks in memory for potential future use, ready to discard them if the memory should be required for something else.
I have added a ramdisk to my 4011 (possible from this release - finally) and of course I will not be surprised when memory usage increases when I put files on it.
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 202
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 12:42 pm

@leonardogyn why do you think it's a leak and not a cache? There are many different kinds of memory in Linux kernel. The properly working system should use the whole available memory to maximize its performance and free it only when necessary. So I'd like to know why you decided it's a leak and not a cache, which exactly metrics did you calculate, or, probably, some indirect signs?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 12:46 pm

As pe1chl already said: as long as it is not completely consuming memory nor causing other issues, what's the point of not using that memory ?
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 12:57 pm

I agree with you guys, memory is there to be used, I'm fine with that. I quickly decided it's a leak (I might be wrong, for sure) because it was a sudden and clear change of behavior (on memory usage) with no config nor major version of anything changed. One of my boxes (box 2 from first post) went from 47-48% memory usage on v7.6 to more than 90% on v7.7. These are routing-only boxes, no disk I/O of any kind. Linux is very known (i work with Linux for more than 20 years now) for using all "available" memory for disk caches. For regular system usage, not involving disk caching, this is not a known behavior. This boxes are NOT using any disk operations that explains increasing the memory, the way the graph shows, for caching of any kind.

I had no problems, I got zabbix alert when the first box reached 90% memory usage. I'd need to let the boxes keep raising memory usage until 1) nothing happens or 2) it crashes ... it's hard to keep waiting, and might get into crash and need someone to reboot the box, I might not have the balls to wait for it :(
Last edited by leonardogyn on Fri Jan 20, 2023 3:00 pm, edited 1 time in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 2:43 pm

So what do you figure out about the following graph?

Image

Router is running 6.49.6. The jumps are reboots, most were for ROS upgrades. Even the jump towards higher memory use, which surprises me.

The only "weird" thing happening on the router is daily upload of certain address list with around 8000 addresses ... which in principle adds addresses to the existing list, but entries have timeout=3d, so entries that don't get refreshed should automatically expire (and get purged from the list) ... so the list should not grow with time (not much at least).
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 2:56 pm

So what do you figure out about the following graph?
.
I would figure out that i'm seeing, on a single day, the same memory usage increase you're seeing on a whole month, for example :) And given your description on your usage, there might be a minor leak happening as well! Why not? Not a drastic one, but might be happening as well!

Guys, I might be wrong, but there's no denial the behavior changed drastically from 7.6 to 7.7. I posted the graphs. I already provided Mikrotik detailed data and quite a few supout files. Let's wait for some "official" answer.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:06 pm

That "leak" is something I have seen with EVERY Ros version (OK, I only started around march 2021 with ROS6 but quickly moved to ROS7).
Only when it hits 100%, then there is a problem. Otherwise let it be (thank you Beatles) ... why have the memory otherwise ? To leave it unused ? Doesn't make sense. Will not make a picowatt difference in power usage either, I think (since it needs to be refreshed anyhow, used or not).
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:07 pm

I would figure out that i'm seeing, on a single day, the same memory usage increase you're seeing on a whole month, for example :)

Yeah, my thoughts as well. My "problem" is that with the rate of memory utilization increase and with amount of memory on my device it'll take another 7 months or so for memory consumption to reach ceiling and only then I might tell if leak is real (and will cause problems on my device) or the leak is not really a leak but rather memory "allocated" for some cache which doesn't have to be freed (yet). And probably I'll have device rebooted sooner than that, this device is in queue for upgrade to v7 ...
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:09 pm

Just for comparison, here's a 15 day period memory usage graph from 2 boxes still running v6.49.6. There's a clear difference on daily memory usage increases, caused by traffic and users and everything, than something that looks like a leak. Anyway, that being said, let's wait some official answer. And again, I might be wrong, for sure. But my more than 20 years of Linux indicates me that the memory usage graphs from v7.7 are not OK for Linux boxes that DO NOT have anything to cache in memory, like regular Linux boxes (with lots of data to cache) do have.
.
rosv6-mem1.jpg
.
rosv6-mem2.jpg
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:12 pm

Are you serious ?
On that first graph you're looking at differences between 28 and (what ?) 29? max ?
On the second graph between 5.2 and 5.8%

There is such a thing called "micro-management" which can really cause havoc on lots of things.
Let it be ;-)
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:15 pm

Are you serious ?
On that first graph you're looking at differences between 28 and (what ?) 29? max ?
On the second graph between 5.2 and 5.8%
.
Yes, i'm serious! I posted those to show what I expect regular memory increases and decreases during regular operations. I never said the graphs shows any kind of problem. I posted them to show the difference i'm seeing from v6 and v7.7 boxes. I was dead serious on that :) And those v6 graphs are just fine, no problem whatsoever there!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:21 pm

When you're comparing "minute values" between different ROS versions, it's probably completely normal to see different patterns (even if usage pattern of device is the same) because ROS6 and ROS7 use completely different kernels with some significant differences. And with graphs by @leonardogyn I even doubt these show same usage pattern as they cover the same time period so both graphs are clearly from different devices which are likely used in different use cases.

However when one looks at memory usage, averaged over longer periods (my yearly graph plots daily averages), showing time series of very same ROS version ... and that graph shows consistent trend upwards, then it's a completely different story.
Last edited by mkx on Fri Jan 20, 2023 3:22 pm, edited 1 time in total.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:22 pm

Guys, I might be wrong, but there's no denial the behavior changed drastically from 7.6 to 7.7. I posted the graphs. I already provided Mikrotik detailed data and quite a few supout files. Let's wait for some "official" answer.
Well, it changed for You, but not for us. It would be interesting to check the config, in order to find out what's happening.

This is my memory usage, from the point I installed RoS 7.x on my RB750Gr3. You can see when I upgraded it from 7.6 to 7.7. No change in memory usage. I'm using wireguard (6 peers), BGP (about 3600 IPv6 routes), IPsec (one peer) and DNS resolver - but without DoH.
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:25 pm

Here is one of mine, full month, hap AC3 using 7.6 and 7.7.
9 WG peers (2 different interfaces), limited firewall address list, DHCP server, 4 VLANs, wave2-drivers and 4 different SSIDs.

You see an upward trend, yes, BUT it levels out and even decreases again.
The jump downwards is upgrade from 7.6 tot 7.7. And today it dropped even further down (why ? no clue. Do I care ? No, not a bit)
Mind you, that's on a device having 256Mb of RAM, so I am not even close to 50%.
2023-01-20_14-24-15.jpg
You do not have the required permissions to view the files attached to this post.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:39 pm

Well, it changed for You, but not for us. It would be interesting to check the config, in order to find out what's happening
.
100% agree! That's why I already sent Mikrotik 9 or 10 supout files from boxes that are experiencing the sudden change on memory usage from v7.6 to v7.7. Certainly might be something config-related, that do not affect everybody. Initially I tought it could be hotspot enabled, until I realize some boxes, with NO hotspot, were also experiencing the same behavior. Looked also for fasttrack, which I have enabled in some boxes and not on others, but couldn't find any relation neither.
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:54 pm

ROS 7.7
hAP ac2

Constantly linear increase in memory usage
daily.gif

Earlier in the logs, I saw messages that there was not enough memory and a reboot with a kernel error. Logs are not saved.

Now I'm monitoring the situation.
You do not have the required permissions to view the files attached to this post.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 3:57 pm

ROS 7.7
hAP ac2

Constantly linear increase in memory usage
.
with this memory usage increase rate, you'll likely max out on less than 48h. And you'll either watch the box crash or nothing happens at all. The first option would strongly suggest some memory leak. The second one, would suggest memory usage behavior just changed DRASTICALLY from v7.6 to v7.7.
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:06 pm

with this memory usage increase rate, you'll likely max out on less than 48h. And you'll either watch the box crash or nothing happens at all. The first option would strongly suggest some memory leak. The second one, would suggest memory usage behavior just changed DRASTICALLY from v7.6 to v7.7.

Today I ran the Bandwitch Test and the router rebooted with error "out of memory". After that I started to investigation problem.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:09 pm

ROS 7.7
hAP ac2

Constantly linear increase in memory usage

daily.gif


Earlier in the logs, I saw messages that there was not enough memory and a reboot with a kernel error. Logs are not saved.

Now I'm monitoring the situation.
i have a pair of hap ac2 with 7.7 with a basic configuration and dont exibit this behavior, just basic router doing NAT and wifi, please give more details about your use case to see if its related to a specific feature
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:13 pm

Today I ran the Bandwitch Test and the router rebooted with error "out of memory". After that I started to investigation problem.
.
While generating supout files last night, from boxes that I believe to be having the problem, one of them simply crashed while generating the supout file. It rebooted and came back with "rebooted by watchdog timer" message. Other boxes do generated the supout file without problems, but at least in one of them, I got a crash while doing "something" as well.
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:17 pm


i have a pair of hap ac2 with 7.7 with a basic configuration and dont exibit this behavior, just basic router doing NAT and wifi, please give more details about your use case to see if its related to a specific feature

I use:
  • CAPsMAN (with one local AP);
  • L2TP server - 8 clients
  • EoIP - 1
  • OpenVPN UDP - 1
  • Simple Queues - 4

There is a suspicion about queues... I'll check later.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:20 pm

i have 6 simple queues, traditional queue types: pcq, pfifo, maybe if you are using some new type of queue
 
holvoetn
Forum Guru
Forum Guru
Posts: 5404
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:21 pm

One question to @leonardogyn and @Ocean (maybe it was asked and answered before but I didn't see it)
Did you ever in the past netinstall your devices with ROS7 and clean config ?
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:24 pm

One question to @leonardogyn and @Ocean (maybe it was asked and answered before but I didn't see it)
Did you ever in the past netinstall your devices with ROS7 and clean config ?

I didn't use netinstall with ROS7
Last edited by Ocean on Fri Jan 20, 2023 4:26 pm, edited 1 time in total.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:26 pm

One question to @leonardogyn and @Ocean (maybe it was asked and answered before but I didn't see it)
Did you ever in the past netinstall your devices with ROS7 and clean config ?
.
No ... all boxes i'm running and presenting the memory behavior change from 7.6 to 7.7 were previously installed on v6 and upgraded to v7 (no problem at all), likely v7.3 or v7.4, and later upgraded to v7.7. Most of them quite a few miles from distance, not actually easy to netinstall them and do a fresh install/clean config.
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:28 pm

No ... all boxes i'm running and presenting the memory behavior change from 7.6 to 7.7 were previously installed on v6 and upgraded to v7 (no problem at all), likely v7.3 or v7.4, and later upgraded to v7.7. ...
The situation is similar.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 4:31 pm

I'm expecting a Mikrotik answer from the support ticket I provided lots of supout files. Based on their answer, which I expect to get on the next 24-48 hours, I might be able to arrange getting to one of the boxes and doing a complete format/netinstall right to v7.7 and reconfiguring again (pasting a config done via /export and not via binary backup). I believe that could be considered a "fresh config", simply pasting old config instead of restoring a backup file.

I might be able to arrange that, but i'll need to travel some miles for it. Not easy at all, but can be done.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 8:26 pm

Quick update ... no response from Mikrotik yet.

I took some time to analyze some decoded output from supout files, from different boxes, and I'm seeing, on the boxes presenting the problem, a VERY large heap memory usage for the resolver (DNS) process. It's WAY bigger than expected, given my "Cache Max TTL" setting and the actual number of cached entries on the DNS daemon itself.

The resolver (DNS) daemon experienced some problems on the latest RCs before the v7.7, and it's really known to have been very changed from 7.6 to 7.7.

Again, I might be wrong, but I would place my 2 cents that this is "resolver" (dns daemon) related!

For those *NOT* seeing the problem, are you running the MK box as DNS resolver for your networks, and pointing the MK as DNS via the DHCP server, for example? Or the box is NOT used as DNS resolver for your networks?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 8:37 pm

For those *NOT* seeing the problem
You keep saying there is "a problem", but still you have not provided any evidence of there being a problem at all.
Has any of your router crashed any time, or otherwise had any performance problem, due to this "problem"?
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 8:41 pm

You keep saying there is "a problem", but still you have not provided any evidence of there being a problem at all.
.
OK, for those "not seeing a constant and rapidly increase of memory usage, starting from v7.7, which never occured on v7.6 for example" ... that might be better :)

And i provided LOTS of pictures showing a HUGE change on memory usage behavior from v7.6 and v7.7. Just roll up and you'll see. I'm considering this, and I might be wrong, to be the problem which I believe, again, I might be wrong, a memory leak.

@pe1chl do you have DNS resolver enabled for remote networks on your boxes running v7.7, in which you're NOT seeing a change on memory usage from v7.6 to v7.7?
Last edited by leonardogyn on Fri Jan 20, 2023 8:45 pm, edited 1 time in total.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 8:43 pm

Has any of your router crashed any time, or otherwise had any performance problem, due to this "problem"?
.
Not yet ... as soon as I realized one box had reached 90% memory usage, which never occured before, I rebooted it. Other boxes, lots of other boxes, are also showing increased (and constant increasing) memory usage, but none reached 100% yet. I might wait some of them reach 100% to see what'll happen.
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 9:00 pm

You keep saying there is "a problem", but still you have not provided any evidence of there being a problem at all.
Has any of your router crashed any time, or otherwise had any performance problem, due to this "problem"?
I have problem. My hap ac2 rebooted with error "out of memory": viewtopic.php?p=979009#p978997
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 9:42 pm

...
The resolver (DNS) daemon experienced some problems on the latest RCs before the v7.7, and it's really known to have been very changed from 7.6 to 7.7.
...
I disabled "Allow Remote Requests" and configured provider's DNS server for clients. But the problem remained.

In one hour, 1 MB of memory has leaked and continues to leak.

daily.gif
You do not have the required permissions to view the files attached to this post.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Fri Jan 20, 2023 11:21 pm


I disabled "Allow Remote Requests" and configured provider's DNS server for clients. But the problem remained.

In one hour, 1 MB of memory has leaked and continues to leak.
.
If you didn't try it, try rebooting the MK box after disabling "allow remote requests" just to "clean" everything up. If you already tried, maybe it's not DNS resolver related.
 
hex
just joined
Posts: 9
Joined: Wed Nov 10, 2010 4:32 am

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 2:08 pm

For me web proxy is broken after 7.7 update. No connections.
SOCKS maybe too.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 2:28 pm

OSPFv3 with md5 encryption does not work

Point A: Linux router with Frrouting 8.4.2
ipv6 ospf6 authentication key-id 1 hash-algo md5 key #q2ejetCb@9nESxx

Point B: RB4011 with 7.7
/routing ospf interface-template
add area=backbone-v3 auth=md5 auth-id=1 auth-key=#q2ejetCb@9nESxx cost=100 dead-interval=20s disabled=no hello-interval=5s interfaces=ether6-z321 priority=1


Result: not working:
ROUTE,OSPF,WARNING X001-v3 { version: 3 router-id: 10.11.12.1 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::c7ad:21ff:fe0b:49b4%ether6-z321 } corrupted auth trailer from fe80::42de:b6f8:9b77:f6d7%*6
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 3:59 pm


I disabled "Allow Remote Requests" and configured provider's DNS server for clients. But the problem remained.

In one hour, 1 MB of memory has leaked and continues to leak.
.
If you didn't try it, try rebooting the MK box after disabling "allow remote requests" just to "clean" everything up. If you already tried, maybe it's not DNS resolver related.

i think we can discard DNS resolver as a culprit, i have DNS resolver allowing request from internal network and no memory leak

too much secrecy about your actual setups, that difficult the trouble shooting
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 4:27 pm

If you didn't try it, try rebooting the MK box after disabling "allow remote requests" just to "clean" everything up. If you already tried, maybe it's not DNS resolver related.

I disabled DNS, reboot MT and problem was solved.
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-concurrent-queries=100 \
    max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
    servers="" use-doh-server="" verify-doh-cert=no

daily_dns_dis.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 4:41 pm

I disabled DNS, reboot MT and problem was solved.
Yeah you said that before, but I have DNS enabled and I don't have the problem at all. So there must be more involved than that.
Show a /ip dns export from before you disabled it. Also tell us about the usage of DNS (how many clients, what type of client devices, are they abusing DNS, etc)
(in the meantime I am running 7.8beta2 but it likely should show the same problem when it indeed is DNS)
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 5:13 pm

Possibly DoH and/or certificates are involved?
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 5:25 pm

Possibly DoH and/or certificates are involved?
.
Not on my boxes. The only user-installed certificate is used for an OpenVPN client interface. No DoH or anything fancy DNS related, just plain resolver used by the local networks.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 5:37 pm

Yeah you said that before, but I have DNS enabled and I don't have the problem at all. So there must be more involved than that.
Show a /ip dns export from before you disabled it. Also tell us about the usage of DNS (how many clients, what type of client devices, are they abusing DNS, etc)
(in the meantime I am running 7.8beta2 but it likely should show the same problem when it indeed is DNS)
.
This is my box that reached >90% of memory usage. This is a restaurant, some UniFi APs connected, one SSID for staff and other for customers (with hotspot enabled). No more than 50 simultaneous clients, and no abuse that I know off. Just plain web browsing, and nothing fancy
.
[admin@XXXXXXXXXXXX] > /ip dns export terse
# jan/21/2023 12:32:26 by RouterOS 7.7
# software id = U804-XXXXXX
#
# model = RB2011UiAS
# serial number = 8C1709CXXXXX
/ip dns set allow-remote-requests=yes cache-max-ttl=3h cache-size=16384KiB max-concurrent-queries=2048 max-concurrent-tcp-sessions=256 query-total-timeout=6s servers=1.0.0.3,1.1.1.3
[admin@XXXXXXXXXXX] >
.
From the decoded supout file, NOW, the resolver process is using 22Mb of RAM, while only having 1540 cache entries (see screenshots attached) and having a configured limited of 16Mb
.
MK.jpg
.
MK2.jpg
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 5:57 pm

This is my box that reached >90% of memory usage. This is a restaurant, some UniFi APs connected, one SSID for staff and other for customers (with hotspot enabled). No more than 50 simultaneous clients, and no abuse that I know off. Just plain web browsing, and nothing fancy
Do you see a high rate of DNS traffic? Set a firewall rule that accepts the traffic, then at least you have a counter.
Some people may not like the use of a hotspot and have installed a stealth VPN that operates over DNS so they can use the internet without bothering with your hotspot logon and the restrictions you may have set. That might trigger a much higher number of DNS requests than usual.
Of course it may be that there is a leak in the DNS resolver, but it is not that big that I observe it as a home user. I have observed other DNS problems, and they have been worked on. Maybe new bugs were introduced but I did not notice them.
My cache limit is set to 20MB on a RB4011, with 1h max lifetime.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 6:33 pm

Do you see a high rate of DNS traffic? Set a firewall rule that accepts the traffic, then at least you have a counter.
.
Already have it, and already observed the counters on some boxes that are presenting the constant memory usage increase. DNS firewall rules do not show anything ordinary, rates are 2-3 requests per second at max. Seems absolutely normal to the networks served.
.
I have also changed DNS provided for the clients, via DHCP server, in some boxes, to reduce DNS traffic to the DNS resolver of the MK boxes. Will keep an eye on the memory usage on those. That can only be made on boxes with NO hotspot enabled, as per default, DNS traffic is captured to the local resolver when you enable hotspot. So changing that, on hotspot enabled networks, won't reduce the DNS traffic to the local box. I made that on boxes with NO hotspot enabled.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 6:42 pm

Just for comparison for the memory usage stats I posted by the resolver process ... i took the supout file from a box running v6.49.7, serving about 250-300 clients, with 6k cached entries on the DNS process. Decoded the supout file, find the resolver process, heap memory usage ... it's using 1.5Mb of RAM. The v7.7 box, serving 20% the number of clients, with 25% the cached entries, is allocating 22Mb of RAM (and constantly increasing) ...
Last edited by leonardogyn on Sat Jan 21, 2023 6:51 pm, edited 1 time in total.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 6:49 pm

From the MK box I posted about 1 hour ago, where the resolver process was using at that moment 21976Kb of RAM ... it's using now about 22900Kb ... 1Mb in 1 hour. I really don't consider that normal, specially when much more busy boxes, as posted, are using 1-2Mb of RAM for the same process. This is why, at this moment, I strongly believe this is DNS resolver related.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Sat Jan 21, 2023 10:01 pm

After an uptime of 10 hours (with version 7.8beta2) the heap of the resolver process is 800kB here, with 1344 items in the DNS cache.
So something is clearly going different at your site.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 1:09 am

I disabled DNS, reboot MT and problem was solved.
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-concurrent-queries=100 \
    max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
    servers="" use-doh-server="" verify-doh-cert=no

daily_dns_dis.png

I have one setting different i have cache-max-ttl=1d maybe that can help, you can try 1d o maybe 1 hour to see if that help, be sure of flush dns cache after that
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 12:23 pm

After upgrading to RouterOS v7.7 from v7.6 for CRS354 connected to vPC (CRS354 has a link to each of two Cisco Nexus 9xxxx that form vPC domain) - links start to flap. Issue goes away after downgrading to v7.6.

As was the case with RouterOS v7.7rc5 also with RouterOS v7.7, using serial cable (have tried only with CRS354 for now) error is shown at startup of switch:
insmod: /lib/modules/5.6.3/drivers/char/music_dog.ko failed: 22 Invalid argument
Stopped experiments with MLAG at v7.6 - does not go well with Cisco Nexus vPC - if there is instruction that would lead to stable MikroTik MLAG <> Cisco vPC connection that would be useful.
CRS125-24G-1S-2HnD-IN same problem in console.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 1:09 pm

I have one setting different i have cache-max-ttl=1d maybe that can help, you can try 1d o maybe 1 hour to see if that help, be sure of flush dns cache after that
.
My boxes are already using 3 hours "only" ... doesn't seem related to VERY HIGH max TTLs. Manually flushing cache doesn't seem to affect memory usage. I mean, sure it affects, but doesn't affect the overall "always increasing" situation I'm seeing. It might decrease the memory in a few KBs, for sure, but doesn't change the weird behavior of always increasing memory usage.
Last edited by leonardogyn on Sun Jan 22, 2023 1:22 pm, edited 1 time in total.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 1:18 pm

After an uptime of 10 hours (with version 7.8beta2) the heap of the resolver process is 800kB here, with 1344 items in the DNS cache.
So something is clearly going different at your site.
.
After a busy saturday (as expected) at one of the restaurants I'm facing the problem, heap memory for the resolver process is now at about 39Mb, despite configured to max memory usage to 16Mb. It was 23Mb yesterday at about mid day. It constantly increased during the day, stopping at about 1h30-2h AM today, when the place closed. Funny is also realize that doing the supout file generation creates a memory spike, you can see yesterday at about 12h30 and some minutes later, about 13h50. Those were the supout files I generated to grab the informations I posted here.
.
There's no way I'll wait these boxes reach 100% memory usage. I'm pretty sure, at this point, this is not nornal nor expected. I'm pretty sure the box will crash, maybe reboot itself and resume regular operations. Problem is that it might crash and stop working, requiring some manual intervention. I'm not willing to take that risk.
.
memory.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 2:00 pm

You seem to have headroom for another day before hitting the ceiling, your device seems to increase memory consumption with rate of 20% (of total RAM) per busy "half day". So you coukd wait to see if RAM consumption starts to increase with same pace.

OTOH I fully understand your uneasiness, I'd probably schedule an early morning reboot as well.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 3:10 pm

My boxes are already using 3 hours "only" ... doesn't seem related to VERY HIGH max TTLs. Manually flushing cache doesn't seem to affect memory usage. I mean, sure it affects, but doesn't affect the overall "always increasing" situation I'm seeing. It might decrease the memory in a few KBs, for sure, but doesn't change the weird behavior of always increasing memory usage.
Due to the way in which user processes allocate memory from the main memory pool, it may very well be that decreasing the max ttl solves your problem even when flushing the cache does not.
I had not noticed the 'cache-max-ttl=1w' in your config, overlooked that because I have 'cache-max-ttl=1h' and I think the default is like 1d.
In a setup as you have, it is unreasonable to have a 1w max ttl, set it to 1h, reboot, and watch again how it unfolds.
Also consider to upgrade one router to 7.8beta2 to see if it has been fixed there. It may be that late DNS fixes did not make it into the release.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 5:12 pm

please check
[SUP-85337] lost Free HDD space every hours, until it become zero. on hAP ac2
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 7:31 pm

Hmm, I'm seeing the same problem with DNS memory usage increasing, but I had set cache-max-ttl=16d, right now I set it to 1d and rebooted, and set cache size to 16 MB, let's see how it goes, I have a CCR-1009-1C-7G-PC, DNS managed to almost fill the memory in 8 days (it serves hundreds of hotspot users) and I got scared.
 
User avatar
Ocean
just joined
Posts: 9
Joined: Mon Sep 03, 2012 11:10 am

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 7:54 pm

...
Also consider to upgrade one router to 7.8beta2 to see if it has been fixed there. It may be that late DNS fixes did not make it into the release.

I updated to 7.8beta2. The memory leak continues.
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 8:10 pm

Well, the next thing will probably be to find under what circumstances it actually leaks. Thinking back to the problem I had in the 7.7rc that can be difficult.
I recommended them to drop this resolver and use an existing opensource package like "unbound". That has DNSSEC support too. And it can do what the MikroTik resolver can do (forward zones, local zones etc) in a much cleaner way.
Probably not gonna happen... it seems like MikroTik is steering away from opensource products as much as possible, except maybe the kernel.
 
User avatar
josser
just joined
Posts: 10
Joined: Tue Nov 08, 2022 4:37 pm
Location: Kharkiv, Ukraine

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 8:44 pm

Maybe somebody can tell where is
/interface/wifiwave2/info country-info "Country" 
now?

It 100% worked on 7.6
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 9:48 pm

I recommended them to drop this resolver and use an existing opensource package like "unbound". That has DNSSEC support too. And it can do what the MikroTik resolver can do (forward zones, local zones etc) in a much cleaner way.
Sure, but I wonder how to make hotspot use an external resolver on a different server (I have two DNS cache servers in my network) instead of it forcefully redirecting DNS requests from unauthenticated users to itself. Maybe I can find out myself, but if someone has already achieved this or knows if it's possible at all, I'll appreciate it.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 10:16 pm


Sure, but I wonder how to make hotspot use an external resolver on a different server (I have two DNS cache servers in my network) instead of it forcefully redirecting DNS requests from unauthenticated users to itself. Maybe I can find out myself, but if someone has already achieved this or knows if it's possible at all, I'll appreciate it.
.
Enabling hotspot seems to automatically create DNS-intercept rules, pointing them to the MK box itself. To avoid that, I'd say you need to create appropriate rules on IP/Firewall/Nat/pre-hotspot table. Simply changing DHCP-provided DNS servers won't solve it, as requests as intercepted anyway.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 10:21 pm

You seem to have headroom for another day before hitting the ceiling, your device seems to increase memory consumption with rate of 20% (of total RAM) per busy "half day". So you coukd wait to see if RAM consumption starts to increase with same pace.
OTOH I fully understand your uneasiness, I'd probably schedule an early morning reboot as well.
.
Yeah, will likely reboot it by monday morning. Memory usage is still growing, as "expected", starting sunday midday, when customers starts arriving and using the guest WiFi provided network.
.
mem.jpg
You do not have the required permissions to view the files attached to this post.
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 10:24 pm

Maybe somebody can tell where is
/interface/wifiwave2/info country-info "Country" 
now?

It 100% worked on 7.6
Hi, I was already asking when was 7.7 in beta...it is just not working in 7.7
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 10:40 pm

Enabling hotspot seems to automatically create DNS-intercept rules, pointing them to the MK box itself. To avoid that, I'd say you need to create appropriate rules on IP/Firewall/Nat/pre-hotspot table. Simply changing DHCP-provided DNS servers won't solve it, as requests as intercepted anyway.
A'ight, I'm testing it now, let's see how it goes. How come I hadn't figured it before? (lol)
 
darkmanlv
newbie
Posts: 35
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v7.7 [stable] is released!

Sun Jan 22, 2023 11:22 pm

already said about freezes of my hex s and hap ac3 with 7.7, now i found when it happen, if i start torrenting and doing more than 500mbit/s downloads... on hap ac3 there is not rules at all, it works like access point, hex s have default rules, nothing unreal...

what i have done to the moment: lowered cpu speed by 2-3 steps from max Mhz, now it is more stable.

will try 7.8 beta.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7 [stable] is released!

Mon Jan 23, 2023 12:07 pm

what i have done to the moment: lowered cpu speed by 2-3 steps from max Mhz, now it is more stable.
Don't complain about crashes when you are overclocking! The CPU speed should be set to "auto" and it will max to the certified speed.
 
User avatar
tron
just joined
Posts: 21
Joined: Thu Nov 01, 2012 9:20 am
Location: EU

Re: v7.7 [stable] is released!

Mon Jan 23, 2023 12:45 pm

Image

RB2011, v7.7 is unstable :-/ v7.6 was OK all the time...
 
GambarottoM
just joined
Posts: 3
Joined: Fri Jun 21, 2019 3:18 pm

Re: v7.7 [stable] is released!

Mon Jan 23, 2023 2:12 pm

Walled-garden is not functional in almost all versions of routerOS 7 (tested 7.7, 7.6 and 7.5)
If you are under an hotspot, you can't load any website added in walled-garden entries.

Anyone have the same problem?
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Mon Jan 23, 2023 3:56 pm

Image

RB2011, v7.7 is unstable :-/ v7.6 was OK all the time...
.
At this point, it seems pretty obvious that we're having memory problems of some kind starting on v7.7, and I suspect a dns resolver memory leak. Mikrotik hasn't replied yet to the support ticket I opened and provided LOTS of information on that one.
 
sutrus
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Fri Jun 30, 2017 11:27 pm

Re: v7.7 [stable] is released!

Mon Jan 23, 2023 9:47 pm

Hello,
After updating to v7.7 I have a problem with MTU greater than 1024 on hAP ac3.
Before I open a ticket can someone confirm this behavior.
ping1500.png
ping1200.png
ping1024.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 12:37 am

Hello,
After updating to v7.7 I have a problem with MTU greater than 1024 on hAP ac3.
Before I open a ticket can someone confirm this behavior.
ping1500.pngping1200.pngping1024.png
please provide more information what you pinging from which interface to what other interface or the flow this should go
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 4:49 am


A'ight, I'm testing it now, let's see how it goes. How come I hadn't figured it before? (lol)
Ok, it works, the big ramp (on the attached image) is when DNS enabled and it ended when I rebooted the router. The second small ramp (past the Sat-Sun line) had the DNS working but with reduced max-ttl and cache-size. The flat after that was because I completely disabled the router's DNS server and forced hotspot users to use one of our DNS servers in our network. So my leak is related to the DNS server. (Just in case someone needed extra confirmation).
You do not have the required permissions to view the files attached to this post.
 
sutrus
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Fri Jun 30, 2017 11:27 pm

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 8:09 am

Hello,
After updating to v7.7 I have a problem with MTU greater than 1024 on hAP ac3.
Before I open a ticket can someone confirm this behavior.
ping1500.pngping1200.pngping1024.png
please provide more information what you pinging from which interface to what other interface or the flow this should go
At the beginning I found that the MTU on the computer is small.
I next pinged from the mikrotik to the switch and back to the computer.
The pictures are pings on the interface of the Mikrotik itself.
In all cases the maximum value is 1024.
The switch is also a microtik CRS v7.7 and there the detected size is 1500.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 8:37 am

huge memory usage after upgrade from 7.6 to 7.7 on RB2011UiAS-2HnD. please fix this problem.
screenshot from grafana:
Screenshot 2023-01-24 100456.jpg
You do not have the required permissions to view the files attached to this post.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 4:48 pm

Almost 5 days from my initial report for "very weird" memory usage (which I strongly believe to be a memory leak) starting on v7.7, confirmed by other users here, some reports of it really looking to be DNS resolver related, support ticket alteady opened, at least one user already posted box really crashed by "out of memory" ... and yet radio silence from Mikrotik :(
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 5:01 pm

Almost 5 days from my initial report for "very weird" memory usage (which I strongly believe to be a memory leak) starting on v7.7, confirmed by other users here, some reports of it really looking to be DNS resolver related, support ticket alteady opened, at least one user already posted box really crashed by "out of memory" ... and yet radio silence from Mikrotik :(
are you still on 7.7 ??

i downgraded to 7.6 when this situation arised
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 5:20 pm

are you still on 7.7 ??

i downgraded to 7.6 when this situation arised
.
I set up alarms on Zabbix, and will schedule reboots when needed. Not all boxes are reaching high memory usage (>90%) that fast, it's fine to me to "manage" that. I'll keep them at v7.7, not willing to downgrade yet. Anyway, looking for some Mikrotik answer on that one.
 
prmfeddema
newbie
Posts: 29
Joined: Sun Aug 23, 2020 1:53 pm

Re: v7.7 [stable] is released!

Tue Jan 24, 2023 11:15 pm

Hi Mikrotik support,

Installed ROS on my HexS with all the packages - and the Capsman menu entry has disappeared. Is this by design or is this a bug?

Kind regards,

Pascal
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7 [stable] is released!

Wed Jan 25, 2023 7:26 am

This happens if you install the wifiwafe2 package.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v7.7 [stable] is released!

Wed Jan 25, 2023 12:42 pm

are you still on 7.7 ??

i downgraded to 7.6 when this situation arised
.
I set up alarms on Zabbix, and will schedule reboots when needed. Not all boxes are reaching high memory usage (>90%) that fast, it's fine to me to "manage" that. I'll keep them at v7.7, not willing to downgrade yet. Anyway, looking for some Mikrotik answer on that one.
viewtopic.php?t=192962
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7 [stable] is released!

Wed Jan 25, 2023 1:39 pm

.
Running the command made no difference on the boxes I'm experiencing the problem.
 
darklord
just joined
Posts: 22
Joined: Wed Mar 09, 2022 11:43 am

Re: v7.7 [stable] is released!

Wed Jan 25, 2023 7:08 pm

Is there any chance that this certificate chain issue viewtopic.php?t=188947#p957046 will be fixed in 7.8 ? I am using certificates in IPSec with no problems (Custom CA, intermediate and end-user cert) but I wan to upgrade CA (and intermediate + enduser ofc) but I am not able to use new certs due to error
Jan 24 23:17:33 gateway ipsec,error unable to get issuer certificate(2) at depth:1 cert:C=*censored*
Jan 24 23:17:33 gateway ipsec,error can't verify peer's certificate from store
Certificates are imported, CRL is working, but mikrotik is unable to verify... When I use SAME certs in ncat, I am able to successfully verify chain with openssl s_client, so certificates are really not the problem.
 
User avatar
Ferrograph
Member Candidate
Member Candidate
Posts: 154
Joined: Wed Mar 07, 2012 4:05 am

Re: v7.7 [stable] is released!

Thu Jan 26, 2023 2:06 pm

After updating LHG-LTE6 to 7.7 and config reset LTE no longer gets an address but does connect to the tower. Restored from backup onto 7.7 and working again. I made sure firmware was updated and rebooted before config reset. Grrrrr
 
darkmanlv
newbie
Posts: 35
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v7.7 [stable] is released!

Fri Jan 27, 2023 3:36 pm

already said about freezes of my hex s and hap ac3 with 7.7, now i found when it happen, if i start torrenting and doing more than 500mbit/s downloads... on hap ac3 there is not rules at all, it works like access point, hex s have default rules, nothing unreal...

what i have done to the moment: lowered cpu speed by 2-3 steps from max Mhz, now it is more stable.

will try 7.8 beta.
UPDATE: dont have any problems with 7.8beta2, 1 week, working stable, with huge traffic, etc.
 
User avatar
Ullinator
just joined
Posts: 8
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.7 [stable] is released!

Fri Jan 27, 2023 5:17 pm

Sorry MT, but I have still a problem with L3HW-offloading with IPv6 in this release. After activating on a CRS326-24G-2S+ the switch reboots spontanious without any obvious reason.
After the reboot the LOG shows:
hc_401.jpg
I opened a ticket with this problem also with 7.6Beta (SUP-92398), and it seems to be fixed with one of the newer 7.7BetaXX, but it wasn´t.
And even not with 7.7 stable. :-/

There´s nothing special on the switch, only 3 VLANS, IPv4 and IPv6 addresses, that´s all.
The connection to the rest of the network is established via a 10GBit fiber connection.

Has anybody else similar experiences??
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: BillyVan, Netstumble, pmcsill and 18 guests