*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules

*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;

@Larsa: Endpoint-Independent NAT: https://help.mikrotik.com/docs/pages/vi ... pendentNAT

ssh - added support for user ed25519 public keys;

*) console - added "terminal/ask" command;

:put [/terminal/ask "Is there going to be BTH for xMIPSx?"]

No IS-IS, no 6VPE. The wait continues...

*) console - improved ":totime" and ":tonum" commands and added ":tosec" command for time value manipulation;

:put [:tonsec [:timestamp]]                           
1692285621621769359

*) console - added ":jobname" command;

after the update from 7.11 stable to 7.12Beta1 my SFP+ module S+RJ10 reports high temperature and is temporary disabled.

Due to excessive heat, produced by RJ45 SFP modules, Mikrotik issued S+RJ10 general guidance, which specifies recomended placement of such modules.

*) ssh - added support for user ed25519 public keys

*) bridge - improved system stability;

A protocol from 1992. Why not change to OSPF

*) mpls - added option to match and set MPLS EXP with bridge and mangle rules; - need more info pls

How long are my 10+ months old hAP ax2s going to be stored in a drawer, because ROS 7 still does not support repeater mode? Tonnes of new features, but still not fully on parity with ROS 6.

How long are my 10+ months old hAP ax2s going to be stored in a drawer, because ROS 7 still does not support repeater mode? Tonnes of new features, but still not fully on parity with ROS 6.

If you have 2 Mikrotiks on each end, it is possible using EOIP on top of the link.
Workaround ? Yes.
But a solution.

Search forum for post from, I think, Amm0 who describes the steps.

In the build it's :tonsec NOT ":tosec", but seems to work:

Code: Select all

:put [:tonsec [:timestamp]]                           
1692285621621

Endpoint-Independent NAT
all world call it Full Cone NAT

What I have found was not EOIP solution, but creating a VXLAN interface on both sides, adding those to local bridges, doing few twists to filtering, etc.

What I have found was not EOIP solution, but creating a VXLAN interface on both sides, adding those to local bridges, doing few twists to filtering, etc.

Well, VXLAN and EOIP are different ways to achieve the same thing: packaging a raw ethernet frame into an IP packet, so you can transfer it over the nontransparent WiFi link and still maintain full functionality like broadcast and VLANs at ethernet level.
Only VXLAN is even more inefficient than EOIP (in terms of header overhead).

... still wondering, how difficult it might be to add 4 address frame support.

Why they did not name it just :toepoch then if it is sec or nsec would be covered.

:put [:totime 60]     
00:01:00

:put ([:totime "2023-08-18"] - [:timestamp]) 
-13:46:04.114613691

:put [:totime "2023-08-18T00:00:00"]
# blank / nothing is output with a T, but a space works...
:put [:totime "2023-08-18 00:00:00"]
2798w1d00:00:00

4-address mode is not standard in 801.11. each manufacturer that offers it has implemented their own hacks to negotiate and support it,

*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;

Interesting. But you have 1500 MTU, exactly, today...so even 16 bytes is too many ;)

I'm surprised you didn't mention the lack of BFD on a static /ip/route via check-gateway=bfd on a wifiwave2/etc interface. ;)

No, you can set a higher MTU on a wireless interface (limit in old wireless is 1600, don't know what it is in wifiwave2) to have some headroom to allow 1500 byte MTU for the tunneled traffic...

Ok I cannot test that here because I have no device that realistically can be used with wifiwave2...

Ok I cannot test that here because I have no device that realistically can be used with wifiwave2...

Me too.. All the wifiwave2 things are in the field right now. I got a RB1100AHx4, wAPacRs and CHRs right now, and all work with the v7.12beta ;)

Endpoint-Independent NAT
all world call it Full Cone NAT

How long are my 10+ months old hAP ax2s going to be stored in a drawer, because ROS 7 still does not support repeater mode? Tonnes of new features, but still not fully on parity with ROS 6.

viewtopic.php?t=172400 please fix this.

What I have found was not EOIP solution, but creating a VXLAN interface on both sides, adding those to local bridges, doing few twists to filtering, etc. Will experiment with that - viewtopic.php?t=180369#p990815

MT, are you going to fix WiFi on x86 platform ? It was broken since ROS 7.7

MT, are you going to fix WiFi on x86 platform ? It was broken since ROS 7.7

For remarks that broad you should at least reference a SUP number.

The new release shouldn't be 7.12beta2?

*) console - added "transform" property for ":convert" command;

:put [:convert [:convert "long live the emperor" transform=rot13 to=hex] transform=rot13 from=hex]
 # long live the emperor
 

console died so far i can reproduce this on a spare CCR1036 and CRS317 so this is not architecture specific

console died so far i can reproduce this on a spare CCR1036 and CRS317 so this is not architecture specific

Is that on a physical console? (serial port and terminal program)
As I cannot reproduce that on a terminal window...

RouterOS version 7.12beta has been released on the "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.12beta3 (2023-Aug-24 12:15):

!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in non-default slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;

What's new in 7.12beta1 (2023-Aug-15 16:14):

*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

Changelog edit:
- changed from ":tosec" to ":tonsec".

*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);

No IS-IS, no 6VPE. The wait continues...

A protocol from 1992. Why not change to OSPF

maybe because is-is performans is a bit better

maybe because is-is performans is a bit better

Betamax was better than VHS ;)

I think We can expect IS-IS in Mikrotik Very Soon!!!

ISIS.png

Happy to Fast Developments from Mikrotik Team............

I'm looking for MD5 to simplify some scripts.

:put [:convert "text to hash to MD5" transform=md5 to=hex]

It would be desirable if mikrotik first restored the same range of functions as in ros 6 and only then implemented new features. I'm mainly waiting for MPLS in HW at least at the same level as in ROS6.

*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);

Thank you very much.

yes. that is a welcome addition - hopefully this will come to winbox (and maybe webgui) too

What MPLS Hardware functionality was in RouterOS v6 that is not in v7 ?

What MPLS Hardware functionality was in RouterOS v6 that is not in v7 ?

If I recall correctly the CRS317 supported MPLS hardware offload when acting as a P router in RouterOS v6. I'm not sure if this has been brought to v7 yet.

Watch out with 7.12beta3 if you have 100G ports on a CCR2216 and you use QSFP28 which are attached to a cable (DAC or AOC or so).

Warning:

Watch out with 7.12beta3 if you have 100G ports on a CCR2216 and you use QSFP28 which are attached to a cable (DAC or AOC or so).
We had several links going out of service after upgrading to 7.12beta3. Going back to 7.11 restored the ports. Other nodes who had a optical LR4 transceiver in them did not show this effect.

Edit: OK, managed to do it via an access list, setting a simple rule for the particular MAC address. But then - I miss the context menu action "Copy to access list", while at the registration table tab.

Miktotik seems to have a special "Testing department" for this and they update the lists on a regular basis as you can see in the Docs history:

https://help.mikrotik.com/docs/pages/vi ... d=13500447

Sadly the SFP sections are not recently being tested or updated.

In the Wiki you can see QSFP...why that is not transferred to the Docs is not know

https://wiki.mikrotik.com/wiki/MikroTik ... patibility

Edit: OK, managed to do it via an access list, setting a simple rule for the particular MAC address. But then - I miss the context menu action "Copy to access list", while at the registration table tab.

A way to do it via ACL works in 7.11(wifiwave2) and worked in 6.x.

This is how it look like, same for 1036,RB4011 i'll try to netinstall them later if i can reproduce the issue
2.PNG

@rpingar, afink - thanks for the feedback. Can you also share the output from "/interface ethernet monitor" for thouse QSFP modules that do not work?

@rpingar, afink - thanks for the feedback. Can you also share the output from "/interface ethernet monitor" for thouse QSFP modules that do not work?

they are enabled on my case

fec is configured on switch and mikrotik using fec92 / rs . this is mandatory for link to come up in 7.11. Auto negotiation failed otherwise.

Switching off auto negotiation and configuring it for 100G-baseLR4-ER4 brought the interface up.
Interesting...

*) wifiwave2 - enable changing interface MTU and L2MTU;
Now if you can only adjust the wireless MTU to 9000+ Bytes for bridging l2 networks for jumbo frame support(e.g MEF 3 carrier grade connections ) in ptp wireless setups :)

In the build it's :tonsec NOT ":tosec", but seems to work:

Code: Select all

:put [:tonsec [:timestamp]]                           
1692285621621

Why they did not name it just :toepoch then if it is sec or nsec would be covered.

:put ([:tonsec 1s]/1000000000)                                  
1    

:put [:tonum 1s]            
1
:put [:tonum [:timestamp]]
1693515184

4-address mode is not standard in 801.11. each manufacturer that offers it has implemented their own hacks to negotiate and support it,

That why I'm not sure using a tunnel isn't such a bad option. It does let you treat wireless same as wired, vs using Wi-Fi specific WDS-like things.

The bigger issue today with doing tunneling over wifiwave2 is the interface won't sent packets larger than 1500*, even if the MTU is set higher – so tunnels get fragmented.

* I don't have any wifiwave2 devices here to check specific in 7.12, so maybe it's fix, but been open 2 years.

eoip and other tunneling protocols would only work if transporting routers along the path fragment packets on the way instead of rejecting and dropping it.

Why in IPv6 DHCP server POOL option do I get a double static-only entry's listed:

If no one make a support case out of it, it will possible stay like this.

mAP - 7.12beta3
when trying to open terminal via winbox connected via ROMON

Code: Select all

terminal is not a TTY
died with signal 11 on Tue Sep 12 09:33:36 2023

Connecting via Winbox / WG does allow terminal to be opened.
It worked before on 7.11.2.

Supout created, support contacted (SUP-127788).

What's new in 7.12beta7 (2023-Sep-13 09:58):

*) wifiwave2 - added station-bridge interface mode (CLI only);

What's new in 7.12beta7 (2023-Sep-13 09:58):

*) wifiwave2 - added station-bridge interface mode (CLI only);

OMG!!!

How long are my 10+ months old hAP ax2s going to be stored in a drawer, because ROS 7 still does not support repeater mode? Tonnes of new features, but still not fully on parity with ROS 6.

* wifiwave2 - added station-bridge interface mode (CLI only);

Can we say, that Station bridge, having two hAP ax2, can serve a repeater purpose?

qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);

The station-bridge mode works together with the AP mode, there is no need for a new type of AP mode. The WifiWave2 station-bridge is only compatible with WifiWave2 APs.
Audience configuration won't be automatically converted in this case.

The station-bridge mode works together with the AP mode, there is no need for a new type of AP mode. The WifiWave2 station-bridge is only compatible with WifiWave2 APs.
Audience configuration won't be automatically converted in this case.

Audience configuration won't be automatically converted in this case.

So I guess I'm screwed and have to use legacy wireless package on Audience forever?

Please, any chance to make the station-bridge mode compatible over the air between different generations of devices?

*) wifiwave2 - added station-bridge interface mode (CLI only);

Complain will not help, appreciate the improvements, it is what it is...