Community discussions

MikroTik App

Search found 48 matches

by AlohaSpark
Mon Dec 23, 2024 12:15 pm
Forum: Forwarding Protocols
Topic: BGP - Adding prefixes to an address list [SOLVED]
Replies: 1
Views: 151

BGP - Adding prefixes to an address list [SOLVED]

Quick question. Is there a way to add prefixes received via BGP to an address list?

I would like to add the prefixes of a specific ASN for example, to an address list.

Alternatively, is there a way I can filter/mangle traffic for a specific AS?
by AlohaSpark
Mon Apr 29, 2024 10:17 am
Forum: General
Topic: Shaping 35Gbps
Replies: 4
Views: 666

Re: Shaping 35Gbps

You don't have an aggregation-layer where you terminate such (very high-speed) customers ? Straight onto your core switch doesn't sound like a very good plan to me. I don't know what CPU-power you have in your coreswitch-device, but perhaps you can iterate from 1Gbps shaping profiles to see howmuch...
by AlohaSpark
Mon Apr 29, 2024 8:47 am
Forum: General
Topic: Shaping 35Gbps
Replies: 4
Views: 666

Shaping 35Gbps

Hello, I have a client that will avail of a 35Gbps line from us with BGP. Is simple queue still the way to go with this? I'm planning to patch them into our core switch but then what? I've only ever tried shaping up to 1Gbps. Our core does not have connection tracking. How do we shape these kinds of...
by AlohaSpark
Sat Feb 17, 2024 1:00 pm
Forum: General
Topic: SNMP Interface Stats on CRS326-24S+2Q+ extremely slow
Replies: 2
Views: 961

Re: SNMP Interface Stats on CRS326-24S+2Q+ extremely slow

Did you get to the bottom of this? I'm seeing the same when we try to walk OID 1.3.6.1.4.1.14988 on our CRS354. Unfortunately not. I just outright skipped those slow OIDs. In my case, I am more concerned about the health of the switch (temps, fan speeds, etc.) rather than the actual interface stats...
by AlohaSpark
Thu Feb 15, 2024 6:58 pm
Forum: General
Topic: Large amount (80-99%) of packet loss, but fixed by ARP Ping
Replies: 0
Views: 444

Large amount (80-99%) of packet loss, but fixed by ARP Ping

Hello, I have a situation I have not encountered before. I have a fairly simple network VLAN setup. A CHR instance has an interface VLAN numbered 123. It has a LAN Address and a DHCP server to establish this VLAN network. CHR (Interface VLAN 123) -> CRS Switch -> CRS Switch -> hAP Lite -> Port 3 (Un...
by AlohaSpark
Thu Feb 01, 2024 3:56 am
Forum: General
Topic: How does IP -> Raw -> Content work?
Replies: 1
Views: 683

How does IP -> Raw -> Content work?

I created a few raw firewall rules with Content set to a domain name (Firewall -> Raw -> Advanced -> Content). For example: /ip firewall raw add action=add-dst-to-address-list address-list=REDIR_FB address-list-timeout=none-static chain=prerouting content=.facebook.com src-address-list=LAN Initially...
by AlohaSpark
Thu Jan 25, 2024 5:08 pm
Forum: Scripting
Topic: Will rapidly enabling/disabling firewall rules cause issues?
Replies: 0
Views: 1308

Will rapidly enabling/disabling firewall rules cause issues?

I would like to enable/disable firewall rules based on criteria, such as how much traffic is passing through an interface (e.g. mark-routing). All other rules are already in place, such that users experience doesn't get affected when it happens, and traffic still flows smoothly (via another interfac...
by AlohaSpark
Thu Jan 11, 2024 10:29 pm
Forum: General
Topic: SNMP Interface Stats on CRS326-24S+2Q+ extremely slow
Replies: 2
Views: 961

SNMP Interface Stats on CRS326-24S+2Q+ extremely slow

I'm collecting statistics using Prometheus and snmp_exporter . I've also hand-picked OIDs to scrape in order to optimize scraping time. So far, all is great. Scraping on my CHRs take milliseconds, CCRs around 2 seconds. The second slowest , CRS326-24G-2S+, takes 4-5 seconds to scrape. The slowest of...
by AlohaSpark
Tue Jan 09, 2024 6:40 am
Forum: Forwarding Protocols
Topic: Mangle routes from OSPF
Replies: 0
Views: 4063

Mangle routes from OSPF

I am implementing sticky connection with guidance from this MUM presentation . In slide 27, it says to exempt mangling LAN routes by adding an accept rule for it above all other mangle rules. The effect of this is if a connection is within LAN only, simply use the main routing table. If not, add a c...
by AlohaSpark
Fri Jan 05, 2024 4:11 am
Forum: General
Topic: Does interface queue use CPU?
Replies: 0
Views: 1572

Does interface queue use CPU?

I am reading Edge Router & BNG Optimisation Guide for ISPs and implementing some of its advice. However, under QoS and Bufferbloat control , it says This means configuration wise, you apply the FQ_Codel queueing to all your physical ports and wireless interfaces across all your network devices. ...
by AlohaSpark
Thu Jan 04, 2024 7:07 am
Forum: General
Topic: VLANs on an interface vs multiple physical interfaces
Replies: 1
Views: 1028

VLANs on an interface vs multiple physical interfaces

I have a CCR2116-12G-4S+. My traffic levels are 3-4Gbit/s during peak hours. My current setup is that I have my downstream and upstreams running on a single SFP+ interface using VLANs. No bridge - this is a core router. Would there be any advantages (e.g. performance, lower CPU load, etc.) if I spli...
by AlohaSpark
Wed Jan 03, 2024 10:10 am
Forum: General
Topic: How do I reduce PPPoE client CPU usage? [SOLVED]
Replies: 6
Views: 3699

Re: How do I reduce PPPoE client CPU usage? [SOLVED]

We get the problem so go around the issue. At these speeds you are not a domestic customer anymore and you don't want a PPPOE connection because you know there is going to be overheads and MTU clamps. You want a transit link from your upstream provider like any normal ISP would take and in this cas...
by AlohaSpark
Wed Jan 03, 2024 5:07 am
Forum: Forwarding Protocols
Topic: How do I "sync" routes between routing tables?
Replies: 0
Views: 2275

How do I "sync" routes between routing tables?

I would like directly connected and static, and OSPF routes on main table to also be reflected in table rtab1 . How would I do that? So far, I have tried making two local BGP instances (connecting to 127.0.0.1) and specifying the routing tables, but the session won't establish. Am I doing this right...
by AlohaSpark
Tue Jan 02, 2024 5:11 pm
Forum: General
Topic: CCR2116 disappointing can't do >2gbps PPPOE, single CPU >95%
Replies: 8
Views: 3343

Re: CCR2116 disappointing can't do >2gbps PPPOE, single CPU >95%

Have you found a solution by any chance? I'm facing the same issue.
by AlohaSpark
Tue Jan 02, 2024 5:07 pm
Forum: General
Topic: How do I reduce PPPoE client CPU usage? [SOLVED]
Replies: 6
Views: 3699

Re: How do I reduce PPPoE client CPU usage? [SOLVED]

For reference, I am having this exact same issue: viewtopic.php?t=200771#p1031293
by AlohaSpark
Tue Jan 02, 2024 1:45 pm
Forum: General
Topic: How do I reduce PPPoE client CPU usage? [SOLVED]
Replies: 6
Views: 3699

How do I reduce PPPoE client CPU usage? [SOLVED]

I'm using RouterOS 7.13. My WAN connections are four 1Gbit PPPoE connections as well as two lightly-used BGP full-table upstreams. The issue I'm facing is that whenever the PPPoE connections are loaded to around 2Gbps total, one of the CPU cores is heavily loaded around 70% on one core while the ave...
by AlohaSpark
Thu Dec 21, 2023 4:08 pm
Forum: Scripting
Topic: CHR x86 - High CPU usage (ssl) when using www-ssl [SOLVED]
Replies: 4
Views: 6958

Re: CHR x86 - High CPU usage (ssl) when using www-ssl [SOLVED]

I have resolved the issue. Thanks for sharing the solution, you b–d. Oh, right, the solution :lol: I made a new certificate with a 1024-bit key. It's more than sufficient, overkill even, for my use case. Initially the key for the SSL certificate was 4096-bit RSA, which I believed was fine coming fr...
by AlohaSpark
Wed Dec 20, 2023 8:56 am
Forum: Scripting
Topic: CHR x86 - High CPU usage (ssl) when using www-ssl [SOLVED]
Replies: 4
Views: 6958

Re: CHR x86 - High CPU usage (ssl) when using www-ssl [SOLVED]

I have resolved the issue.
by AlohaSpark
Tue Dec 19, 2023 11:30 am
Forum: Scripting
Topic: CHR x86 - High CPU usage (ssl) when using www-ssl [SOLVED]
Replies: 4
Views: 6958

CHR x86 - High CPU usage (ssl) when using www-ssl [SOLVED]

The title says it all. I am issuing REST commands via www-ssl. Whenever I am using the SSL REST API, such as listing DHCP clients (~1k) or editing a comment on one of them, CPU usage spikes across all 16 cores (around additional 20%) with one or two pinned at 100%. SSL is also using 100% CPU. Is the...
by AlohaSpark
Thu Dec 14, 2023 5:19 am
Forum: Forwarding Protocols
Topic: BGP - Best Path Selection with Multiple Upstreams [SOLVED]
Replies: 3
Views: 9182

Re: BGP - Best Path Selection with Multiple Upstreams [SOLVED]

RTFM has indeed clarified everything. Thanks :lol:
by AlohaSpark
Wed Dec 13, 2023 5:04 am
Forum: Forwarding Protocols
Topic: BGP - Best Path Selection with Multiple Upstreams [SOLVED]
Replies: 3
Views: 9182

BGP - Best Path Selection with Multiple Upstreams [SOLVED]

Hello, I am about to have several new eBGP upstreams with full routing tables. I unfortunately have little experience on this since for the longest time I only had one. I would like outbound traffic to go via the closest route i.e., best path. Otherwise, if the paths are of the same cost, do ECMP. D...
by AlohaSpark
Sat Dec 02, 2023 3:53 pm
Forum: Scripting
Topic: How fast does traffic monitor react?
Replies: 0
Views: 2726

How fast does traffic monitor react?

Hello, I have a script which runs every second that monitors bandwidth, then selects which appropriate WAN it should go through based on used bandwidth capacity. So far it works great. The only issue though is it has a 1-second reaction time between runs. That is, it takes up to 1 second for the swi...
by AlohaSpark
Sat Nov 25, 2023 9:50 am
Forum: Scripting
Topic: Running script 4 times per second
Replies: 2
Views: 1742

Running script 4 times per second

I can see that the scheduler can only go down to executing a script every second.

How do I run my script every 0.25 or 0.2 seconds?

It's an experimental monitoring script.
by AlohaSpark
Sat Nov 18, 2023 3:12 pm
Forum: Virtualization
Topic: Can I transfer a license to another account?
Replies: 2
Views: 2459

Can I transfer a license to another account?

I'm looking to transfer a CHR license as a birthday gift to a friend of mine. How do I do that?
by AlohaSpark
Fri Sep 01, 2023 2:34 pm
Forum: Forwarding Protocols
Topic: Static Routes + BGP - Routers can ping each other, but won't pass traffic through it (ingress and egress) [SOLVED]
Replies: 4
Views: 9357

Re: Static Routes + BGP - Routers can ping each other, but won't pass traffic through it (ingress and egress) [SOLVED]

Is the peering iBGP or eBGP between the routers? What address are you trying to ping and where does it stop if you traceroute? It's eBGP between ISP my Mikrotik (on their premises). I then tried to set a static route to that remote MT and my local MT. All good now, it seems to have been a Windows i...
by AlohaSpark
Wed Aug 30, 2023 7:08 am
Forum: Forwarding Protocols
Topic: Unable to ping IP on another interface [SOLVED]
Replies: 3
Views: 9382

Re: Unable to ping IP on another interface [SOLVED]

I don't buy the ether2 route table entry: DAc 192.168.1.1/29 ether2 0 I expect it to look like: DAc 192.168.1.0/29 ether2 0 Take a look at corresponding /ip address add network= All good now. I manually edited the entries for privacy; this is related to this other post: https://forum.mikrotik.com/v...
by AlohaSpark
Tue Aug 29, 2023 11:13 pm
Forum: Forwarding Protocols
Topic: Unable to ping IP on another interface [SOLVED]
Replies: 3
Views: 9382

Unable to ping IP on another interface [SOLVED]

Hello, I have set up static IPs on my Mikrotik hEX, set up a DHCP server, and connected my laptop. All is well. My laptop can ping other devices on the LAN (192.168.1.3, etc.) as well as the MT itself (192.168.1.1). However, when I add an IP address on another interface, the laptop cannot ping that ...
by AlohaSpark
Tue Aug 29, 2023 5:49 pm
Forum: Forwarding Protocols
Topic: Static Routes + BGP - Routers can ping each other, but won't pass traffic through it (ingress and egress) [SOLVED]
Replies: 4
Views: 9357

Static Routes + BGP - Routers can ping each other, but won't pass traffic through it (ingress and egress) [SOLVED]

NOTE: All the IP addresses below are examples, and are not my actual public IP addresses. I have a Mikrotik located on my ISP's premises. I also have a /24 block and ASN, which is announced just fine. [admin@MikroTik] > /routing/bgp/advertisements/print 0 peer=bgp1 dst=49.123.123.0/24 afi=ip nexthop...
by AlohaSpark
Tue Aug 29, 2023 12:57 pm
Forum: Beginner Basics
Topic: Static Routes + BGP - Routers can ping each other, but won't pass traffic through it (ingress and egress)
Replies: 0
Views: 3392

Static Routes + BGP - Routers can ping each other, but won't pass traffic through it (ingress and egress)

NOTE: All the IP addresses below are examples, and are not my actual public IP addresses. I have a Mikrotik located on my ISP's premises. I also have a /24 block and ASN, which is announced just fine. [admin@MikroTik] > /routing/bgp/advertisements/print 0 peer=bgp1 dst=49.123.123.0/24 afi=ip nexthop...
by AlohaSpark
Sat Aug 26, 2023 6:18 am
Forum: Forwarding Protocols
Topic: How to prefer OSPF routes over BGP routes
Replies: 3
Views: 3158

Re: How to prefer OSPF routes over BGP routes

Since you got BGP on all devices, why even bother running ospf (except for maybe IGP)?
You could attribute a better local preference to routes learned via your favorite router and prefer these routes.
hth, hk
That's true. You're right.

I set up a static route and got rid of OSPF. All good now.
by AlohaSpark
Fri Aug 25, 2023 8:37 am
Forum: Forwarding Protocols
Topic: How to prefer OSPF routes over BGP routes
Replies: 3
Views: 3158

How to prefer OSPF routes over BGP routes

Hello, My main CHR has 3 main uplinks. Two are via direct BGP, and one is via another Mikrotik (which I have control over) on the ISP's premises. All 3 uplinks receive full table BGP. The issue is, the two providers who are direct BGP peers have high latency. The one that's sharing routes via OSPF i...
by AlohaSpark
Sun Aug 13, 2023 3:58 pm
Forum: RouterBOARD hardware
Topic: Are QSFP28 DACs compatible with QSFP+ Ports? [SOLVED]
Replies: 2
Views: 4949

Re: Are QSFP28 DACs compatible with QSFP+ Ports? [SOLVED]

I just found out Mikrotik has a chart for this exact question. It's over at https://wiki.mikrotik.com/wiki/MikroTik_wired_interface_compatibility In my case, the answer is yes. Not sure about the Mellanox though, but I'm willing to bet it's a yes as well. https://i.ibb.co/9Vvz1vy/Screenshot-2023-08-...
by AlohaSpark
Sun Aug 13, 2023 9:24 am
Forum: RouterBOARD hardware
Topic: Are QSFP28 DACs compatible with QSFP+ Ports? [SOLVED]
Replies: 2
Views: 4949

Are QSFP28 DACs compatible with QSFP+ Ports? [SOLVED]

I have a CRS326-24S+2Q+RM connected to a Mellanox ConnectX-3 (two QSFP+ ports) via a copper cable, specifically a Q+DA0001. I was looking to get another Q+DA0001 to connect the other pair of 40Gbps ports. The problem is, my go-to shop only has XQ+DA0001 available, which is a 40G/100G QSFP28 cable. C...
by AlohaSpark
Thu Jun 08, 2023 5:56 am
Forum: Scripting
Topic: How do I use global variables in Netwatch?
Replies: 1
Views: 2064

How do I use global variables in Netwatch?

It seems like my Netwatch script can't modify a global variable that was created from another script. In my research on this I found that Netwatch runs as another user... that's it. I haven't found any straightforward solutions, only complaints since 2012. https://forum.mikrotik.com/viewtopic.php?p=...
by AlohaSpark
Sat Mar 04, 2023 12:52 pm
Forum: General
Topic: Disable a specific log message?
Replies: 1
Views: 377

Disable a specific log message?

I have a bandwidth monitor that changes mangle rules based on traffic amount.

However, the logs are now filled with "mangle rule changed".

Is there any way to disable this specific message?

Time: Mar/04/2023 18:51:13
Buffer: memory
Topics: system, info
Message: mangle rule changed
by AlohaSpark
Sat Mar 04, 2023 3:36 am
Forum: General
Topic: When should I turn off loose TCP tracking? [SOLVED]
Replies: 19
Views: 7790

Re: When should I turn off loose TCP tracking? [SOLVED]

You should turn off loose TCP tracking when you want to burn your CPU and performance. I had it off to begin with. I turned it on 2 days ago. CPU usage did not decrease. Actually, turning on loose TCP tracking seems to have solved my RDP/Remote Desktop issues. The connection doesn't drop anymore (w...
by AlohaSpark
Thu Mar 02, 2023 10:56 am
Forum: General
Topic: When should I turn off loose TCP tracking? [SOLVED]
Replies: 19
Views: 7790

When should I turn off loose TCP tracking? [SOLVED]

I am implementing sticky connections using connection and routing marks. I'm wondering if loose TCP tracking has any effect on mangles.

1. What is it for?
2. When should I turn off loose TCP tracking?
3. Does it impact performance? By how much?
by AlohaSpark
Sun Jan 29, 2023 8:12 am
Forum: Virtualization
Topic: CHR supported hardware interface list?
Replies: 4
Views: 4369

Re: CHR supported hardware interface list?

Bumping this a bit. Is there something somewhere documenting supported NICs by RouterOS/CHR? We want to see what actually is supported in passthru mode and what type of NIC offloading CHR actually performs. Unfortunately I haven't found any such document. As a small data point, Mellanox ConnectX-3 ...
by AlohaSpark
Sun Jan 29, 2023 7:49 am
Forum: General
Topic: How much of an impact does masquerade have versus src-nat?
Replies: 1
Views: 1746

How much of an impact does masquerade have versus src-nat?

I am trying to figure out why my CCR1009 isn't pushing more than 500Mbps. CPU seems to be lightly loaded according to profiling during peak hours (5-10% total CPU usage, 15% on the highest-loaded core). One advice according to this reply (https://forum.mikrotik.com/viewtopic.php?t=149701#p736982) is...
by AlohaSpark
Sun Jan 29, 2023 7:40 am
Forum: General
Topic: Are disabled firewall rules evaluated?
Replies: 2
Views: 520

Are disabled firewall rules evaluated?

For example, general advice is to have the related/established firewall rule at the very top.

In my case however, I have 20+ firewall rules before that, but all of them are disabled.

Are disabled rules evaluated? Do disabled rules affect performance?
by AlohaSpark
Sat Jan 28, 2023 9:08 pm
Forum: General
Topic: Can I convert my CCR's license to CHR? [SOLVED]
Replies: 2
Views: 624

Can I convert my CCR's license to CHR? [SOLVED]

I have a CCR1009 that I plan to decommission permanently. Can I convert its L6 license to a P-unlimited CHR license?
by AlohaSpark
Fri Jan 20, 2023 2:43 pm
Forum: General
Topic: What is bandwidth test to 127.0.0.1 testing?
Replies: 10
Views: 1458

Re: What is bandwidth test to 127.0.0.1 testing?

This test has one important application. It shows the maximum capability of the processor to generate traffic. And if in the UDP everything is of little use in life, the TCP everything is clear. Many users, when trying to perform such tests, get bogged down by the performance of the processor and s...
by AlohaSpark
Thu Jan 19, 2023 8:16 pm
Forum: General
Topic: What is bandwidth test to 127.0.0.1 testing?
Replies: 10
Views: 1458

What is bandwidth test to 127.0.0.1 testing?

Every time I get big numbers - (UDP) around 80Gbps for my CCR1009 and above 500Gbps for my Xeon E5-2403 server. But what is it testing? How is it significant? How does it translate into the real world? For the above, even though Xeon is more than 5x faster, in production (no FW, just simple cake que...
by AlohaSpark
Sun Dec 11, 2022 1:09 pm
Forum: Virtualization
Topic: CHR supported hardware interface list?
Replies: 4
Views: 4369

CHR supported hardware interface list?

I'm planning to build a VM server then put CHR on it among other things.


1. Would it be better to have hardware interfaces as PCIE passthrough, or bridged via virtio?

2. If it's better to have PCIe passthrough, is there a list somewhere of supported Ethernet/SFP+ cards?
by AlohaSpark
Tue Dec 06, 2022 8:11 am
Forum: Scripting
Topic: Is there a way to get /tool/fetch response time?
Replies: 3
Views: 916

Is there a way to get /tool/fetch response time?

I would like to know how long it takes to fetch a URL. Is there a way to do so within a script?
by AlohaSpark
Mon Nov 21, 2022 4:59 am
Forum: General
Topic: Does having a parent queue affect performance?
Replies: 0
Views: 348

Does having a parent queue affect performance?

Does it matter if I have a parent queue or not in terms of CPU usage?

Would it be better if I have everything (i.e. all clients) as a global queue?
by AlohaSpark
Sat Nov 13, 2021 3:22 am
Forum: Scripting
Topic: Add comment to DHCP rate limit queue
Replies: 2
Views: 4711

Add comment to DHCP rate limit queue

Hello, Is there a way to add a comment to a simple queue created by DHCP server? While testing my script, the command /queue simple set dhcp-ds<XX:XX:XX:XX:XX:XX> comment="hello" gave me the error failure: cannot change dynamic I just want to show the host name on the list of queues. A whi...