v7.18rc [testing] is released!

Tue Feb 18, 2025 12:13 pm

RouterOS version 7.18rc has been released on the "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during the upgrade process;
3) Device has enough free storage space to download all RouterOS packages.

What's new in 7.18rc2 (2025-Feb-21 12:50):

*) cloud - added "Back To Home Files" feature (additional fixes);
*) dhcpv6-relay - added option to create routes for bindings passing through relay (additional fixes);
*) disk - do not allow adding device in raid when major settings mismatch in superblock and config;
*) disk - fixed removing device from raid while resyncing;
*) ethernet - fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices (additional fixes);
*) ethernet - fixed link-down on startup for ARM64 devices (introduced in v7.16);
*) l3hw - added initial HW offloading for VXLAN on compatible switches (additional fixes);
*) lte - added initial eSIM management support (additional fixes);
*) lte - fix R11e-4G modem initialization (introduced in v7.18beta4);
*) lte - fixed cases where the MBIM dialer could get stuck;
*) lte - fixed interface recovery in mixed multiapn setup for MBIM modems (additional fixes);
*) lte - improved initialization for external USB modems;
*) ptp - improved system stability;
*) qos-hw - fixed wred-threshold (introduced in v7.18beta2);
*) ssh - improved channel resumption after rekey and eof handling;
*) wifi-qcom - prevent AP from transmitting broadcast data unencrypted during authentication of first client;
*) winbox - added missing options under "System/Disk" menu (additional fixes);

What's new in 7.18rc1 (2025-Feb-18 08:57):

*) cloud - added "Back To Home Files" feature (additional fixes);
*) console - renamed "back-to-home-users" to "back-to-home-user";
*) disk - allow to set only type=raid devices as raid-master;
*) disk - cleanup raid members mountpoint, improve default name of file base block-device;
*) disk - do not allow configuring empty slot as raid member;
*) disk - fixed setting up dependent devices when file-based block-device becomes available;
*) disk - improved stability;
*) disk - mount multi-device btrfs filesystems more reliably at startup;
*) disk - set non-empty fs label when formatting by default;
*) file - improved handling of filesystems with many files (additional fixes);
*) l3hw - added initial HW offloading for VXLAN on compatible switches (additional fixes);
*) log - added CEF format support for remote logging (additional fixes);
*) lte - fixed interface recovery in mixed multiapn setup for MBIM modems;
*) lte - improved automatic link recovery and modem redial functions;
*) lte - reduce modem initialization time for R11e-LTE-US;
*) lte - reduced SIM slot switchover time for modems with AT control channel (except R11e-LTE) (additional fixes);
*) poe-out - fixed PoE-out not working on first boot after upgrade for CRS354 (introduced in v7.18beta2);
*) rose-storage - fixes for btrfs server;
*) smb - fixes for SMB server;
*) winbox - added "Reset Alert" button under "IP/DHCP Server/Alerts" menu;
*) winbox - added missing options under "System/Disk" menu;
*) winbox - do not show LTE "Antenna Scan" button on devices that do not support it;

Other changes since v7.17:

*) 60ghz - improved system stability;
*) bgp - fixed certain affinity options not working properly;
*) bgp - improved system stability when printing BGP advertisements;
*) bgp - make NO_ADVERTISE, NO_EXPORT, NO_PEER communities work;
*) bond - added transmit hash policies for encapsulated traffic;
*) bridge - added MLAG heartbeat property;
*) bridge - avoid duplicate VLAN entries with dynamic wifi VLANs;
*) bridge - do not reset MLAG peer port on heartbeat timeout (log warning instead);
*) bridge - fixed endless MAC update loop (introduced in v7.17);
*) bridge - fixed missing S flag on interface configuration changes;
*) bridge - improved stability when using MLAG with MSTP (introduced in v7.17);
*) bridge - improvements to MLAG host table updates;
*) bridge - process more DHCP message types (decline, NAK, inform);
*) bridge - removed controller-bridge (CB) and port-extender (PE) support;
*) bridge - show VXLAN remote-ip in host table;
*) btest - allow limiting access to server by IP address;
*) certificate - fixed localized text conversion to UTF-8 on certificate creation;
*) chr - fixed limited upgrades for expired instances;
*) chr/x86 - added network driver for Huawei SP570/580 NIC;
*) chr/x86 - fixed error message on bootup;
*) chr/x86 - fixed GRE issues with ice network driver;
*) chr/x86 - Realtek r8169 updated driver;
*) cloud,bth - use in-interface matcher for masquerade rule;
*) console - added dsv.remap to :serialize command to unpack array of maps from print as-value (additional fixes);
*) console - added file-name parameter to :serialize;
*) console - allow ISO timezone format in :totime command;
*) console - allow tab as dsv delimiter;
*) console - allow to toggle script error logging with "/console settings log-script-errors";
*) console - do not autocomplete arguments when match is both exact and ambiguous;
*) console - do not show numbering in print follow;
*) console - fixed "get" and "proplist" for certain settings;
*) console - fixed issue where ping command displays two lines at the same time;
*) console - fixed issue with disappearing global variable;
*) console - implement scriptable safe-mode commands and safe-mode handler;
*) console - improved hints;
*) console - log errors within scripts to the system log;
*) console - make non-pseudo terminals work with imports;
*) console - put !empty sentence when API query returns nothing;
*) container - add default registry-url=https://lscr.io;
*) container - allow HTTP redirects when accessing container registry;
*) container - allow specifying registry using remote-image property;
*) container - improved image arch choice;
*) container - use parent directory of container root-dir for unpack by default, so that container layer files are downloaded directly on target disk;
*) defconf - added IPv6 FastTrack configuration;
*) device-mode - do not allow changing CPU frequency if "routerboard" is not allowed by device mode (introduced in v7.17);
*) device-mode - fixed feature and mode update via power-reset on PPC devices;
*) dhcpv4-client - allow selecting to which routing tables add default route (additional fixes);
*) dhcpv4-client - fixed default option export output;
*) dhcpv4-server - fixed "active-mac-address" update when client has changed MAC address;
*) dhcpv4-server - fixed framed-route removal;
*) dhcpv4-server - fixed lease assigning when server address is not bind to server interface (introduced in v7.17);
*) dhcpv6-client - added "validate-server-duid" option;
*) dhcpv6-client - allow specifying custom DUID;
*) dhcpv6-client - do not run script on prefix renewal;
*) dhcpv6-relay - add routes for bindings passing through relay;
*) dhcpv6-server - respond to client in case of RADIUS reject;
*) discovery - advertise IPv6 capabilities based on "Disable IPv6" global setting;
*) discovery - improved stability during configuration changes;
*) discovery - report actual PSE power-pair with LLDP;
*) discovery - use power-via-mdi-short LLDP TLV only on pse-type1 802.3af;
*) disk - add disk trim command (/disk format-drive diskx file-system=trim);
*) disk - allow to add swap space without container package;
*) disk - fix detecting disks on virtual machines;
*) disk - fixed showing free space on tmpfs (introduced in v7.17);
*) disk - improved system stability when SMB interface list is used (introduced in v7.17);
*) dns - do not show warning messages for DNS static entries when they are not needed;
*) ethernet - fixed issue with default-names for RB4011 and RB1100Dx4 devices;
*) ethernet - improved link speed reporting on 2.5G-baseT and 10Gbase-T ports;
*) fetch - added "http-max-redirect-count" parameter, allows to follow redirects;
*) fetch - do not require "content-length" or "transfer-encoding" for HTTP;
*) fetch - fixed IPv6 handling in URL (introduced in v7.18beta2);
*) file - added "recursive" and "relative" parameters to "/file/print" for use in conjunction with "path" parameter;
*) file - allow printing specific directories via path parameter;
*) file - fixed missing meta information from special files such as packages (introduced in v7.18beta2);
*) file - hide store directories, such as container (introduced in v7.18beta2);
*) firewall - allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
*) firewall - fixed incorrectly inverted hotspot value configuration;
*) firewall - increased maximum connection tracking entry count based on device total RAM size;
*) hotspot - fixed an issue where extra "flash/" is added to html-directory for devices with flash folders (introduced in v7.17);
*) igmp-proxy - fixed multicast routing after upstream interface flaps (introduced in v7.17);
*) iot - added new "iot-bt-extra" package for ARM, ARM64 which enables use of USB Bluetooth adapters (LE 4.0+);
*) iot - improvements to LoRa logging and stability;
*) iot - limited MQTT payload size to 32 KB;
*) ip - added support for /31 address;
*) ippool - added pool usage statistics;
*) ipsec - added hardware acceleration support for hEX refresh (additional fixes);
*) ipsec - fixed chacha20 poly1305 proposal;
*) ipsec - fixed installed SAs update process when SAs are removed;
*) ipv6 - added ability to disable dynamic IPv6 LL address generation on non-VPN interfaces;
*) ipv6 - added FastTrack support;
*) ipv6 - added routing FastPath support (enabled by default) (additional fixes);
*) ipv6 - added support for neighbor removal and static entries;
*) ipv6 - fixed configuration loss due to conflicting settings after upgrade (introduced in v7.17);
*) l2tp - added IPv6 FastPath support;
*) l3hw - added neigh-dump-retries property;
*) l3hw - fixed /32 (IPv6 /128) route offloading when using interface as gateway;
*) l3hw - fixed partial route offloading for 98DX224S, 98DX226S, 98DX3236 switches;
*) l3hw - respect interface specifier (%) when matching a gateway;
*) log - added option to select TCP or UDP for remote logging;
*) lte - added at-chat support for EC21EU;
*) lte - added basic support for Quectel RG255C-GL modem in "at+qcfg="usbnet",0" USB composition;
*) lte - added confirmation-code parameter for eSIM provisioning;
*) lte - added initial eSIM management support (additional fixes);
*) lte - fixed Huawei ME909s-120 support;
*) lte - fixed missing 5G info for "/interface lte print" command;
*) lte - fixed missing IPv6 prefix advertisement on renamed LTE interfaces;
*) lte - fixed prolonged reboots on Chateau 5G ax;
*) lte - fixed R11eL-EC200A-EU modem RAT mode selection (introduced in v7.18beta2);
*) lte - fixed SIM slot initialization with multi-APN setups;
*) lte - lte monitor, show CQI when modem reports it as 0 - undetectable, no RX/down-link resource block assigned to modem by provider;
*) lte - R11eL-EC200A-EU fixed online firmware upgrade and added support for firmware update from local file;
*) lte - R11eL-EC200A-EU improved failed connection handling and recovery;
*) lte - removed nonexistent CQI reading for EC200A-EU modem;
*) net - added initial support for automatic multicast tunneling (AMT) interface (additional fixes);
*) netinstall - try to re-create socket if link status changes;
*) netinstall-cli - fixed DHCP magic cookie;
*) ospf - fixed DN bit not being set;
*) ospfv3 - fixed ignored metric for intra-area routes;
*) ovpn - added requirement for server name when exporting configuration;
*) ovpn - disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17);
*) ovpn-client - added 1000 character limit for password;
*) pimsm - fixed incorrect neighbor entry when using lo interface;
*) poe-out - added "power-pair" info to poe-out monitor (CLI only);
*) poe-out - added console hints;
*) poe-out - added new modes "forced-on-a" and "forced-on-bt", where old "forced-on" mean "forced-on-bt" (CLI only);
*) poe-out - fixed invalid poe-in status detection for RB5009 (introduced in v7.18beta2);
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - improved handling of USB device plug/unplug events;
*) ppc - fixed HW encryption (introduced in v7.17);
*) ppp - add support for configuration of upload/download queue types in profile;
*) ppp - added support for random UDP source ports;
*) ppp - fixed setting loss when adding new ppp-client interface for BG77 modem from CLI;
*) ppp - properly cleanup failed inactive sessions on pppoe-server;
*) ptp - do not send packets on STP blocked ports;
*) qos-hw - fixed global buffer limits for 98CX8410 switch;
*) queue - improved system stability when many simple queues are added (introduced in v7.17);
*) queue - improved system stability;
*) queue - prevent CAKE bandwidth config from potentially causing lost connectivity to a device;
*) resolver - fixed static FQDN resolving (introduced in v7.17);
*) rip - fixed visibility of added key-chains in interface-template;
*) rose-storage - add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem;
*) rose-storage - add btrfs filesystem balance-start/cancel commands;
*) rose-storage - add btrfs filesystem scrub-start, scrub-cancel commands (CLI only);
*) rose-storage - add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems;
*) rose-storage - add support to add/remove btrfs subvolumes/snapshots;
*) rose-storage - added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc;
*) rose-storage - allow to separately mount any btrfs subvolumes;
*) rose-storage - update rsync to 3.4.1;
*) rose-storage,ssh - support btrfs send/receive over ssh;
*) route - added /ip/route/check tool;
*) route - added subnet length validation on route add;
*) route - do not use disabled addresses when selecting routing id;
*) route - fixed busy loops (route lockups);
*) route - fixed incorrect H flag usage;
*) route - improved stability when polling static routes via SNMP;
*) route - properly resolve imported BGP VPN routes;
*) routerboot - disable packet switching during etherboot for hEX refresh ("/system routerboard upgrade" required);
*) routerboot - improved stability for IPQ8072 ("/system routerboard upgrade" required);
*) routing-filter - improved stability when using large address lists (>5000);
*) routing-filter - improved usage of quotes in filter rules;
*) sfp - fixed missing "1G-baseX" supported rate for NetMetal ac2 and hEX S devices;
*) sfp - improved linking with certain QSFP modules on CRS354 devices;
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices (additional fixes);
*) sfp,qsfp - improved initialization and linking;
*) smb - fixed connection issues with clients using older SMB versions (introduced in v7.17);
*) smb - improved system stability;
*) snmp - added "mtxrAlarmSocketStatus" OID to MIKROTIK-MIB;
*) snmp - added disk serial number through description field;
*) snmp - sort disk list and assign correct disk types;
*) supout - added IPv6 settings section;
*) supout - added per CPU load information;
*) switch - allow entering IPv6 netmask for switch rules (CLI only);
*) switch - fixed dynamic switch rules created by dot1x server (introduced in v7.17);
*) switch - fixed issues with inactive hardware-offloaded bond ports;
*) switch - improved egress-rate on QSFP28 ports;
*) switch - improved system stability for CRS304 switch;
*) switch - improvements to certain switch operations (port disable, shaper and switch initialization) (additional fixes);
*) system - added option to list and install available packages (after using "check-for-updates");
*) system - do not allow to install multiple wireless driver packages at the same time;
*) system - do not cause unnecessary sector writes on check-for-updates;
*) system - enable "ipv6" package on RouterOS v6 downgrade if IPv6 is enabled;
*) system - fixed a potential memory leak that occurred when resetting states after an error;
*) system - force time to be at least at package build time minus 1d;
*) system - improved HTTPS speed;
*) system - improved stability on busy systems;
*) system,arm - automatically increase boot part size on upgrade or netinstall (fixed upgrade failed due to a lack of space on kernel disk/partition);
*) tile - improved system stability;
*) traceroute - added "too many hops" error when max-hops are reached;
*) traceroute - limit max-hops maximum value to 255;
*) user - improved authentication procedure when RADIUS is not used;
*) vxlan - added disable option for VTEPs;
*) vxlan - added IPv6 FastPath support;
*) vxlan - added option to dynamically bridge interface and port settings (hw, pvid);
*) vxlan - added TTL property;
*) vxlan - changed default port to 4789;
*) vxlan - fixed unset for "group" and "interface" properties;
*) vxlan - replaced the "inherit" with "auto" option for dont-fragment property (new default);
*) webfig - added confirmation when quitting in Safe Mode;
*) webfig - do not reload form when failed to create new object;
*) webfig - fixed "TCP Flags" property when inverted flags are set in console;
*) webfig - fixed datetime setting under certain menus;
*) webfig - fixed displaying passwords;
*) webfig - fixed Switch/Ports menu not showing correctly;
*) webfig - hide certificate information in IP Services menu when not applicable;
*) webfig - remember expand/fold state;
*) wifi - added max-clients parameter;
*) wifi - avoid excessive re-transmission of SA Query action frames;
*) wifi - fix issue which made it possible for multiple concurrent WPA3 authentications to interfere with each other;
*) wifi - implement steering parameters to delay probe responses to clients in the 2.4GHz band;
*) wifi - log a warning when a client requests power save mode during association as this may prevent successful connection establishment;
*) wifi - re-word the "can't find PMKSA" log message to "no cached PMK";
*) wifi - try to authenticate client as non-FT client if it provides incomplete set of FT parameters;
*) wifi-qcom - fix reporting of radio minimum antenna gain for hAP ax^2;
*) wifi-qcom - fixed potentially lowered throughput for station interfaces if channel.width property is set (introduced in v7.18beta2);
*) winbox - added "Copy to Provisioning" button under "WiFi/Radios" menu;
*) winbox - added "Last Logged In/Out" and "Times Matched" properties under "WiFi/Access List" menu;
*) winbox - added L3HW Advanced and Monitor;
*) winbox - added TCP settings under "Tools/Traffic Generator/Packet Templates" menu;
*) winbox - do not show 0 Tx/Rx rate under "WiFi/Registration" menu when values are not known;
*) winbox - fixed locked input fields when creating new certificate template;
*) winbox - fixed usb power-reset bus selection for RB924iR-2nD-BT5&BG77 (introduced in v7.18beta2);
*) winbox - show LTE "CA Band" field only when CA info is available;
*) winbox - show warning messages for static DNS entries;
*) x86 - fixed "unsupported speed" warning (additional fixes);

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, please send a supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

rextended · Tue Feb 18, 2025 12:16 pm

Thanks for the improvements.

Larsa · Tue Feb 18, 2025 12:31 pm

Heads-up - breaking changes for management and monitoring:
*) console - put !empty sentence when API query returns nothing;

dksoft · Tue Feb 18, 2025 1:01 pm

*) poe-out - added new modes "forced-on-a" and "forced-on-bt", where old "forced-on" mean "forced-on-bt" (CLI only);

Does this mean that Mode A is going to be possible now or in future?

crosswind · Tue Feb 18, 2025 1:23 pm

*) dhcpv6-relay - add routes for bindings passing through relay;

i'd really appreciate an option to disable this for both relay and server (unless one already exists and i couldn't find it) -- when using DHCPv6 for IA_NA, there's often no need to add these routes and they clog up the routing table.

Jotne · Tue Feb 18, 2025 3:26 pm

Thanks for the RC release.
But what I have mention in the beta channel that should be fixes has been fixed. Like the duplicate name in logs

clambert · Tue Feb 18, 2025 3:43 pm

*) bond - added transmit hash policies for encapsulated traffic;

Nice feature, too bad MPLS isn't on the list of supported protocols.

Reinis · Tue Feb 18, 2025 3:43 pm

*) poe-out - added new modes "forced-on-a" and "forced-on-bt", where old "forced-on" mean "forced-on-bt" (CLI only);
Does this mean that Mode A is going to be possible now or in future?

Only for PSE devices that support 4-pair powering
Documentation was just updated: https://help.mikrotik.com/docs/spaces/R ... rtSettings

Amm0 · Tue Feb 18, 2025 5:24 pm

Heads-up - breaking changes for management and monitoring:
*) console - put !empty sentence when API query returns nothing;

It's still not in docs, which is annoying since we're now at "rc". IMO docs should be done by a "release candidate" (i.e. theoretically shippable). And developing an API client requires accurate docs. I mean it's not entirely clear if it's only if you use .query or any get...

God only knows how many other API clients in the bowels of ISPs networks that are going to run into this one.

fischerdouglas · Tue Feb 18, 2025 7:50 pm

No mention of CVE-2024-54772 fixing?

It was published on cve.org on 2025-02-11.

And the first time it was mentioned here on the forum was in 2025-02-13:

https://www.cve.org/CVERecord?id=CVE-2024-54772

merkkg · Tue Feb 18, 2025 8:15 pm

No mention of CVE-2024-54772 fixing?

It was published on cve.org on 2025-02-11.

And the first time it was mentioned here on the forum was in 2025-02-13:
https://www.cve.org/CVERecord?id=CVE-2024-54772

This repo contains the exploit for CVE-2024-54772 which can enumerate valid usernames in Mikrotik routers running RouterOS v6.43 through v7.17.2. The patch is present in v6.49.18 and it will be available in branch v7.18 but it's now still under testing (as v7.18beta2) and will be released in the near future. Please, check the following link for RouterOS change log

It might not be mentioned in release notes but seems patch already incorporated into 7.18b2 onwards.

dang21000 · Tue Feb 18, 2025 8:30 pm

already RC state ... ? it's fast...

itimo01 · Tue Feb 18, 2025 8:31 pm

No mention of CVE-2024-54772 fixing?

It was published on cve.org on 2025-02-11.

And the first time it was mentioned here on the forum was in 2025-02-13:
https://www.cve.org/CVERecord?id=CVE-2024-54772

on the 6.X release they mentioned that this line means the CVE has been fixed.
Its also present on the RC here.
Still a bit confusing since they dont mention the CVE itself

*) user - improved authentication procedure when RADIUS is not used;

jaclaz · Tue Feb 18, 2025 9:04 pm

Here:
viewtopic.php?t=214751
viewtopic.php?t=214751#p1127084

armandfumal · Tue Feb 18, 2025 9:11 pm

skindesigner solution still not working...

dang21000 · Tue Feb 18, 2025 10:12 pm

Why there no way to disable the quickset menu everywhere... ?

tpedko · Tue Feb 18, 2025 10:15 pm

Please check SUP-172615.

Allieduser · Tue Feb 18, 2025 10:26 pm

Mikrotik is one of the best company doing this Stuff...

bajodel · Wed Feb 19, 2025 12:48 am

I need to check again, but at first glance it seems 7.18rc1 broke my 6to4 tunnel

EDIT: yep, back to 7.18beta6 and 6to4 tunnel is working ok.

Amm0 · Wed Feb 19, 2025 6:25 am

*) console - renamed "back-to-home-users" to "back-to-home-user";

I get y'all use the singular form in commands. But if you were going to rename it "back-to-home-shares" or something that reflect the are the Nth users that some "shared" the VPN in your app. Anyway, how back-to-home was reflected in CLI is weird.

IMO, the first BTH user should move to under the "back-to-home-user" so all the BTH "users" are in one place.

buset1974 · Wed Feb 19, 2025 7:05 am

Hi MT,
from this road map,
https://help.mikrotik.com/docs/spaces/R ... l+Overview

any ETA or which version 6vpe & 6PE will be implemented?

thx

Wed Feb 19, 2025 7:46 am

Please send supout file to support@mikrotik.com (or files, if both end-points are RouterOS) - it is working just fine for me between two RouterOS powered devices running 7.18rc1.

I need to check again, but at first glance it seems 7.18rc1 broke my 6to4 tunnel

EDIT: yep, back to 7.18beta6 and 6to4 tunnel is working ok.

Wed Feb 19, 2025 7:49 am

We will look into this, but the route service crashes that you are experienced were also there on your router in v7.16, so they are not introduced in v7.18.

Please check SUP-172615.

pe1chl · Wed Feb 19, 2025 12:03 pm

Heads-up - breaking changes for management and monitoring:
*) console - put !empty sentence when API query returns nothing;
It's still not in docs, which is annoying since we're now at "rc". IMO docs should be done by a "release candidate" (i.e. theoretically shippable). And developing an API client requires accurate docs. I mean it's not entirely clear if it's only if you use .query or any get...

And why was this change even made?? Only in response to some customer who does not understand that an empty response could be returned on a query?

pe1chl · Wed Feb 19, 2025 12:05 pm

We will look into this, but the route service crashes that you are experienced were also there on your router in v7.16, so they are not introduced in v7.18.

It is clear that in 7.16 some breakage was introduced in the routing... and now we cannot assume that it will ever be fixed?
I presume the window for BGP fixes in 7.18 has again been closed now that we are in rc?
Is "routing" still a priority for MikroTik or do we now only get fixes and additions for stuff like "storage"?

infabo · Wed Feb 19, 2025 12:33 pm

In RC phase usually you see in changelog "(additional fixes)" or bugfixes for bugs introduced in beta only.

savage · Wed Feb 19, 2025 12:35 pm

*) l3hw - added initial HW offloading for VXLAN on compatible switches (additional fixes)

Anyone looked at this one yet? Performance? Also, I recall this was added on one of the 17.x versions, is this now in 17.2?

volkirik · Wed Feb 19, 2025 12:51 pm

Subject: Bug Report Regarding SIP Timeout Configuration in MikroTik RouterOS

Dear MikroTik Support Team,

I am writing to formally report an issue encountered in MikroTik RouterOS related to SIP timeout settings.

When configuring the SIP timeout to 20 minutes, as per the request of our SIP/VoIP operator, the system unexpectedly reduces the TCP/UDP timeout for the same port number. This behavior was neither requested nor intended and is causing conflicts and premature timeouts in other network connections utilizing the same port.

The SIP timeout setting should only increase the connection timeout if the existing timeout in conntrack is lower. It should not override or reduce existing timeout values, as this leads to unintended network disruptions.

We kindly request that this matter be investigated and addressed promptly, as it is impacting network stability. If this is an intended system behavior, we would appreciate detailed clarification on the reasoning behind it and any possible workarounds to prevent unintended consequences.

Thank you for your attention to this issue. We look forward to your response and guidance.

Best regards,

Larsa · Wed Feb 19, 2025 12:54 pm

It is clear that in 7.16 some breakage was introduced in the routing... and now we cannot assume that it will ever be fixed?I presume the window for BGP fixes in 7.18 has again been closed now that we are in rc? Is "routing" still a priority for MikroTik or do we now only get fixes and additions for stuff like "storage"?

Yeah, it’s pretty baffling that something as fundamental as routing still isn’t fixed, despite everyone knowing about the issues. At this point, when and why it broke matters less than the fact that it’s still not resolved.

teslasystems · Wed Feb 19, 2025 1:00 pm

What about adding ":copy" and ":move" commands to copy and move files? You are working on improving file management, but don't have this basic functionality, it's VERY strange.

zabloc · Wed Feb 19, 2025 1:11 pm

Mikrotik team, please solve the problems regarding the network and leave features like storage, container and SMB which are completely unnecessary in routers and switches and can only cause instability. I don't know what's going on, but this is network equipment, not servers.

eworm · Wed Feb 19, 2025 1:13 pm

What about adding ":copy" and ":move" commands to copy and move files? You are working on improving file management, but don't have this basic functionality, it's VERY strange.

You can "move" files by setting their names. 😉

I think there is no clean way to copy, though.

spippan · Wed Feb 19, 2025 1:15 pm

@merkkg

... enumerate valid usernames in Mikrotik routers ...

"enumerate" is a bit of over exaggerated

parham · Wed Feb 19, 2025 1:30 pm

on all the device with R11e-4G sim failure and downgrade to 7.17.2 all working fine, in Iran TD-LTE only support 42 which is not existing in any new card except 5g or million devices has issue, Please do provide the firmware update for R11e-4G and support it till new card release if there will be one.

Thanks
Parham

teslasystems · Wed Feb 19, 2025 1:33 pm

Mikrotik team, please solve the problems regarding the network and leave features like storage, container and SMB which are completely unnecessary in routers and switches and can only cause instability. I don't know what's going on, but this is network equipment, not servers.

If you don't like/need them, just don't use them, what the problem? I'm 100% sure, there are different developer teams for network features/storage features and they don't affect each other productivity.

You can "move" files by setting their names. 😉

I think there is no clean way to copy, though.

Yeah, my bad, thanks for pointing to this. But I mostly need "copy" to transfer between RAM and SMB and making backups.

flapviv · Wed Feb 19, 2025 1:56 pm

Hi,

Kernel failure in previous boot while upgrading from 7.17.2 to 7.18rc1 on CCR2004-1G-12S+2XS.

I send autosupout.rif to support...

volkirik · Wed Feb 19, 2025 2:12 pm

Mikrotik team, please solve the problems regarding the network and leave features like storage, container and SMB which are completely unnecessary in routers and switches and can only cause instability. I don't know what's going on, but this is network equipment, not servers.
If you don't like/need them, just don't use them, what the problem? I'm 100% sure, there are different developer teams for network features/storage features and they don't affect each other productivity.

You can "move" files by setting their names. 😉

I think there is no clean way to copy, though.
Yeah, my bad, thanks for pointing to this. But I mostly need "copy" to transfer between RAM and SMB and making backups.

+1, I couldn't agree more. I use those features, and I am happy with the functionalities they provide...

pe1chl · Wed Feb 19, 2025 2:12 pm

If you don't like/need them, just don't use them, what the problem? I'm 100% sure, there are different developer teams for network features/storage features and they don't affect each other productivity.

Well, the problem is that the network developer team fouled up the routing in 7.16 and now in 7.18rc1 it still has not been fixed.
I have a ticket open since August 2024 and there basically is no progress.
Sometimes I fear the routing developer team has been reduced to zero members.
(in the early days of v7 it was the same, many many versions the wellknown BGP problems were not addressed at all)

In that case one might expect that "routing" gets more priority than "nice features for the home user", but sadly it isn't the case.

pe1chl · Wed Feb 19, 2025 2:14 pm

+1, I couldn't agree more. I use those features, and I am happy with the functionalities they provide...

I use BGP routing, and I am sad it no longer works reliably (as it did in v6 and for some time in v7, I would say between 7.10 and 7.15).

savage · Wed Feb 19, 2025 2:16 pm

+1, I couldn't agree more. I use those features, and I am happy with the functionalities they provide...
I use BGP routing, and I am sad it no longer works reliably (as it did in v6 and for some time in v7, I would say between 7.10 and 7.15).

Our production network is on 7.13, and absolute zero issues with BGP. Some 1.9M routes hapily routing

pe1chl · Wed Feb 19, 2025 2:19 pm

Our production network is on 7.13, and absolute zero issues with BGP. Some 1.9M routes hapily routing

Don't upgrade past 7.15!
We had to do that for other reasons, we use BGP internally on a small network, not for internet routing.
But it now fails to perform is basic task: keeping alternative routes in the table and re-select them when a tunnel is down, and also quick response when tunnels come up.

rzirzi · Wed Feb 19, 2025 2:52 pm

Mikrotik team, please solve the problems regarding the network and leave features like storage, container and SMB which are completely unnecessary in routers and switches and can only cause instability. I don't know what's going on, but this is network equipment, not servers.

I agree with You 1000%
Routers should be routers. Let servers be servers...

mkx · Wed Feb 19, 2025 2:57 pm

Mikrotik team, please solve the problems regarding the network and leave features like storage, container and SMB which are completely unnecessary in routers and switches and can only cause instability. I don't know what's going on, but this is network equipment, not servers.
I agree with You 1000%
Routers should be routers. Let servers be servers...

We all know what's coming next: one of MT staffers telling us (again) that routing development team is separate from "goodies" development team. And that development pace of one team does not affect development pace of the other team.

While this might be true it's still royal PITA to see core functionality of ROS stagnate at some (partially) defunct state while other functionalities (about which some users do care and are enthusiastic while majority of users don't give a s**t) are getting somewhere. I'm pretty sure that many users would understand about complexity (and time demanding) of fixing routing functions ... if MT would publish some (semi)concrete plans about when things are going to be fixed. And then also stick to those plans.

infabo · Wed Feb 19, 2025 3:07 pm

All the new stuff is suffixed by "(additional fixes);". So you get an idea where development effort goes into. Fixing bugs is one of the most time consuming tasks you have as developer. Writing new features is fast. Fixing bugs is consuming all your time.

mrshaba · Wed Feb 19, 2025 3:09 pm

Mikrotik team, please solve the problems regarding the network and leave features like storage, container and SMB which are completely unnecessary in routers and switches and can only cause instability. I don't know what's going on, but this is network equipment, not servers.
I agree with You 1000%
Routers should be routers. Let servers be servers...

I've to second that. I wish MT would focus mainly on the core functionality of their devices, routing and switching in a first instance, and treat this with the highest priority in terms of stability and bug fixing. Once the core functionality is considered to be working and stable (I'm not saying it has to be absolutely free of bugs, but there shouldn't be any major/severe bugs), only then other functions should be added, tested and further improved or extended with the help & contribution of the community.

It makes the impression that there is attempt to concur with DD-WRT, which is rather a sad development to be honest.

teslasystems · Wed Feb 19, 2025 3:13 pm

We all know what's coming next: one of MT staffers telling us (again) that routing development team is separate from "goodies" development team. And that development pace of one team does not affect development pace of the other team.

I've already said about it, though I'm not a staffer. But it seems, that some people don't understand this...

bajodel · Wed Feb 19, 2025 4:28 pm

Please send supout file to support@mikrotik.com (or files, if both end-points are RouterOS) - it is working just fine for me between two RouterOS powered devices running 7.18rc1.

I need to check again, but at first glance it seems 7.18rc1 broke my 6to4 tunnel
EDIT: yep, back to 7.18beta6 and 6to4 tunnel is working ok.

An RB4011 (7.18rc1) on my side <-6to4 tunnel-> HE tunnel broker (Frankfurt, DE 216.66.80.30 node) on the other side.
Was working fine on 7.17.x and also 7.18 untill beta6 (version I went back to).

P.S. I'm sorry, I can't provide supout in this case (I would need to redact/remove 50% of the config before submitting). BUT the config is just basic 6to4 tunnel, a WORKING config until yesterday.

sirbryan · Wed Feb 19, 2025 4:32 pm

Reading the tea leaves, it seems as though there are other products that have been in the pipeline for a while that are going to leverage these features in ways that our existing RB- and CCR-whatevers may not. And likely in different directions/verticals than most forum posters are used to.

That said, I too wish that BGP and other core networking functionality seemed to garner as much internal attention.

(One could surmise that the networking codebases are significantly more difficult to work on than implementing existing Linux solutions, hence the appearance that the "goodies" are getting more attention. It doesn't take much to add GUI knobs and levers for BTRFS, for example, but chasing down BGP oddities that only a few people are reporting is quite seriously the proverbial needle in the haystack. Messaging like "we've heard you and we're looking for the problem" goes a long way in this regard.)

savage · Wed Feb 19, 2025 4:35 pm

(One could surmise that the networking codebases are significantly more difficult to work on than implementing existing Linux solutions, hence the appearance that the "goodies" are getting more attention. It doesn't take much to add GUI knobs and levers for BTRFS, for example, but chasing down BGP oddities that only a few people are reporting is quite seriously the proverbial needle in the haystack.

Adding a GUI and knobs and levers to something like FRR, or Bird which is readily available and stable in linux, doesn't take a lot either :)

merkkg · Wed Feb 19, 2025 4:43 pm

Messaging like "we've heard you and we're looking for the problem" goes a long way in this regard.)

I agree with this, if there was a list of known issues that they are working on (even if they cant give a timeline) it would be super helpful.

pe1chl · Wed Feb 19, 2025 4:57 pm

While this might be true it's still royal PITA to see core functionality of ROS stagnate at some (partially) defunct state while other functionalities (about which some users do care and are enthusiastic while majority of users don't give a s**t) are getting somewhere.

Yes, what is so bad about it is that around version 7.10 things were working fine again, after having been broken or incomplete in the early v7 releases, I already started recommending people to upgrade from v6.49 to v7.10 where before I recommended v6 for stable operation, then that was OK until 7.15.x and in 7.16 it was broken again.
I would think that once the developers got a signal that there were problems, they would be able to check what was changed in 7.16 and how that could affect the operation, and maybe even rollback the changes.
Instead, we got 7.17 and now we will get 7.18 all with the same problems still present.
And as users we do not have the option to remain on 7.15 for routing and update other features to newer releases that provide useful changes and fixes...

savage · Wed Feb 19, 2025 5:22 pm

So not quite sure here whether it is, or isn't hardware offloaded :-)

Cha0s · Wed Feb 19, 2025 6:13 pm

(One could surmise that the networking codebases are significantly more difficult to work on than implementing existing Linux solutions, hence the appearance that the "goodies" are getting more attention. It doesn't take much to add GUI knobs and levers for BTRFS, for example, but chasing down BGP oddities that only a few people are reporting is quite seriously the proverbial needle in the haystack.
Adding a GUI and knobs and levers to something like FRR, or Bird which is readily available and stable in linux, doesn't take a lot either :)

That would be awesome! Like the good old v2.9.x days with Quagga! :D

baragoon · Wed Feb 19, 2025 6:24 pm

An RB4011 (7.18rc1) on my side <-6to4 tunnel-> HE tunnel broker (Frankfurt, DE 216.66.80.30 node) on the other side.
Was working fine on 7.17.x and also 7.18 untill beta6 (version I went back to).

P.S. I'm sorry, I can't provide supout in this case (I would need to redact/remove 50% of the config before submitting). BUT the config is just basic 6to4 tunnel, a WORKING config until yesterday.

No problems with 6to4 tunnels on my CHRs with rc1 (but not HE).

armandfumal · Wed Feb 19, 2025 7:58 pm

Our production network is on 7.13, and absolute zero issues with BGP. Some 1.9M routes hapily routing
Don't upgrade past 7.15!
We had to do that for other reasons, we use BGP internally on a small network, not for internet routing.
But it now fails to perform is basic task: keeping alternative routes in the table and re-select them when a tunnel is down, and also quick response when tunnels come up.

good to know...

armandfumal · Wed Feb 19, 2025 8:01 pm

Mikrotik team, please solve the problems regarding the network and leave features like storage, container and SMB which are completely unnecessary in routers and switches and can only cause instability. I don't know what's going on, but this is network equipment, not servers.
I agree with You 1000%
Routers should be routers. Let servers be servers...

no sense on a market completly saturated...
MikroTik ADN is network, why spend so time to storage when network features is becoming unstable...

dang21000 · Wed Feb 19, 2025 8:37 pm

MikroTik ADN is network, why spend so time to storage when network features is becoming unstable...

I agree... lot of not really oriented network routers/switching/firewall features, but since this release, when seeing ipv6 fast tracking, i can say it's a great thing.

infabo · Wed Feb 19, 2025 10:59 pm

*) cloud - added "Back To Home Files" feature (additional fixes);

I'd like to request a YouTube video on this feature.

infabo · Wed Feb 19, 2025 11:09 pm

*) system - improved HTTPS speed;

Any details on this?

CGGXANNX · Wed Feb 19, 2025 11:22 pm

So not quite sure here whether it is, or isn't hardware offloaded :-)

Those two are not the same thing. "Hardware Offload" is a setting that you can turn on or off to tell RouterOS whether you want hardware offloading to be enabled if possible. And Hw. Offload is the actual status whether Hardware offloading is currently supported by the hardware and actively working.

In the Bridge -> Ports table they are two separate columns (you can toggle their visibility). Hw. Offload also corresponds to the "H" flag of the entry.

bajodel · Thu Feb 20, 2025 12:09 am

An RB4011 (7.18rc1) on my side <-6to4 tunnel-> HE tunnel broker (Frankfurt, DE 216.66.80.30 node) on the other side.
Was working fine on 7.17.x and also 7.18 untill beta6 (version I went back to).
No problems with 6to4 tunnels on my CHRs with rc1 (but not HE).

Thanks for your feedback; I've tried again to upgrade to 7.18rc1 (on 2nd partition for quick restore) and .. now it works (no config changes have been made).
There is something I'm missing for sure.. but for now let's hope it's a stable state.

Kurgan · Thu Feb 20, 2025 12:13 am

*) ovpn - disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17);

I suppose this is why using GCM on a CCR2004 with 7.17.2 I get a lot of "AEAD Decrypt error: cipher final failed"?

teslasystems · Thu Feb 20, 2025 12:15 pm

Disk editor window has become very overloaded with tons of unneeded fields and flags and now looks like a garbage container...

For example, tmpfs or smb disk types definitely don't need temperature statistics, power cycles, power up time and I think many other fields, because they simply don't have such parameters. And they don't need raid/nvme/iscsi and other non-related flags.
BTW, statistics is absolutely empty. At least, for smb and tmpfs, not sure about other types.

Please, leave only those fields and flags that are related to current disk type!
.

DiskEditor.png

buset1974 · Thu Feb 20, 2025 2:11 pm

MikroTik ADN is network, why spend so time to storage when network features is becoming unstable...
I agree... lot of not really oriented network routers/switching/firewall features, but since this release, when seeing ipv6 fast tracking, i can say it's a great thing.

What the point MT selling CCR with the best network chip inside and people buy it for SMB?
I think people choose to buy CCR for complex network/ routing /mpls purposes to support their business and put their hope with MT hardware. But to see all of this, its very frustrating.

Thx

Rox169 · Thu Feb 20, 2025 2:50 pm

Any real improvements in 60 Ghz?

sirbryan · Thu Feb 20, 2025 5:15 pm

For all you storage haters:

https://youtu.be/g1wpIIfYpZA?feature=shared

mada3k · Thu Feb 20, 2025 5:33 pm

For all you storage haters:

https://youtu.be/g1wpIIfYpZA?feature=shared

Well, that explains a bit :)

Larsa · Thu Feb 20, 2025 5:47 pm

For all you storage haters: https://youtu.be/g1wpIIfYpZA?feature=shared

Fun, but was this intended for April 1st? 😉

Anyway, I’d never ever trust MT ROS for business-critical data storage — for pretty obvious reasons! Now please go back and fix those routing issues. But maybe the development team that used to work with routing and protocols has switched to the new "now we're pretending to be a storage provider" department.

blacksnow · Thu Feb 20, 2025 6:16 pm

For all you storage haters:

https://youtu.be/g1wpIIfYpZA?feature=shared

This is cool, the audience is probably for homelabbers and even then probably the more novice homelabbers or individuals without serious performance needs. Listed below are my concerns and why I don't think this is at the level of enterprise and/or why it won't be used for high performance applications.

Performance
1) How many PCIe lanes are dedicated to each U.2 drive? To drive 20 NVME drives and access their full bandwidth especially if this is PCIe gen 4 or gen 5 you will need more than 16 arm cpus and more than 32gb ram for high performance applications.
2) What is the clock speed of the arm cpu? Why not do an Ampere build if you want Arm related CPUs but even then you need 50-60-70 cores.

Maintenance and Updates
1) How long does it already take for upstream kernel commits to be brought into ROS, now how long do you think it will take for upstream fixes on any storage related implementation to make it's way into ROS?
2) How many developers (out of the limited pool of developers) will be dedicated to fixing nuanced storage related issues?

And honestly, why would I buy this if I can simply buy a supermicro server with 9005 epyc, 20+ nvme gen 5 bays, full PCIe bandwidth on all drives, and I can run ROS in a vm? Not to mention I have a full upgrade path with a dedicated mainstream server that can accept any kind of future implementation I want and that's just talking hardware, not to mention I can mod the kernel, or update any storage implementation as soon as upstream has it available?

Thu Feb 20, 2025 6:22 pm

For all you storage haters:

https://youtu.be/g1wpIIfYpZA?feature=shared

So if i read it correctly it is CCR2216 basically - cheaper, green, different port set and with drivebays, but still CCR2216, right?

sirbryan · Thu Feb 20, 2025 6:24 pm

And honestly, why would I buy this if I can simply buy a supermicro server with 9005 epyc, 20+ nvme gen 5 bays, full PCIe bandwidth on all drives, and I can run ROS in a vm? Not to mention I have a full upgrade path with a dedicated mainstream server that can accept any kind of future implementation I want and that's just talking hardware, not to mention I can mod the kernel, or update any storage implementation as soon as upstream has it available?

This is a good question/discussion to start, but it's out of scope for 7.18rc. I merely shared the link to help explain why we're seeing a surge in BTRFS (and other storage-related fixes) in 7.18.

(I will point out that the advantage this likely has over other traditional hyperconverged platforms is that you have a wire-speed Layer 3 switch running ROS on the bare metal. It sounds like a CCR2116 or CCR2216 on storage steroids.)

sirbryan · Thu Feb 20, 2025 6:37 pm

So if i read it correctly it is CCR2216 basically - cheaper, green, different port set and with drivebays, but still CCR2216, right?

Yes, Rose Data Server (RDS2216). I built something similar using a CCR2116.

Screenshot 2025-02-20 at 9.32.34 AM.png

Here's how it looked racked up as part of the home lab with ESXi on the Macs:

Screenshot 2025-02-20 at 9.33.02 AM.png

pe1chl · Thu Feb 20, 2025 6:59 pm

I'm not against storage features or container support, only I think it should be a side project that gets done when the main features like routing and wireless are working OK.

leonardogyn · Thu Feb 20, 2025 7:26 pm

For all you storage haters:
https://youtu.be/g1wpIIfYpZA?feature=shared

.
This video is "unlisted" on YouTube, and the YouTube Mikrotik account already commented asking people how they found the video, saying it's an unreleased product.
.
This was really leaked OR maybe it's an April Fools video ready with quite some time in advance :)

volkirik · Thu Feb 20, 2025 7:29 pm

To: MikroTik Development Team
Subject: Request for MTU/MRU Parameter Separation, TCP MSS Clamping, and Improved PPPoE MTU Behavior
Ticket Number: SUP-179779

Best regards,
VOLKAN SALİH

massinia · Thu Feb 20, 2025 7:38 pm

Every discussion of releases always ends up in OT
It's really annoying…

TrevinLC1997 · Thu Feb 20, 2025 7:55 pm

**To: MikroTik Development Team**
**Subject: Request for MTU/MRU Parameter Separation, TCP MSS Clamping, and Improved PPPoE MTU Behavior**
**Ticket Number: SUP-179779**

Dear MikroTik Development Team,
........
Thank you for your time and dedication to improving RouterOS. I look forward to your response.

**Best regards,**
VOLKAN SALiH

This is good information, you should create an account here https://help.mikrotik.com/servicedesk/s ... r/portal/1 and post it under the "Suggest a new feature". I believe that's your best bet at someone reading it and implementing those changes.

pe1chl · Thu Feb 20, 2025 8:22 pm

In fact you can already set a lower MTU for IPv6 by configuring it in IPv6->ND.
Your end devices which receive IPv6 addresses via SLAAC will pick up the reduced MTU and will use it for their transmitted packets.
I have never encountered MTU=1488 on PPPoE over VLAN. Normally the 4 bytes of a VLAN header do not count towards the maximum packet size. PPPoE MTU on max-1500 networks is normally 1492, not 1488. I agree with you that PPPoE should fallback to 1492 MTU when required, not to 1480. But also, modern subscriber networks that use PPPoE usually support RFC4638 and allow MTU 1500 for both IPv4 and IPv6.
TCP MTU clamping for any packets being routed can be configured in the Firewall Mangle chains.

volkirik · Thu Feb 20, 2025 8:28 pm

I wish you all best of success;
Best Regards and Best Wishes.

Larsa · Thu Feb 20, 2025 9:57 pm

This was really leaked OR maybe it's an April Fools video ready with quite some time in advance :)

Yeah, @sirbryan totally wrecked Mikrotik's April Fool’s prank they’d been planning for over a year! 🤣

CGGXANNX · Thu Feb 20, 2025 10:01 pm

I know, @pe1chl, but, mikrotik has special clamping feature that works without firewall mangle rule and with fasttrack/fastpath afaik.

Thanks for your response anyway, i respect any opinion as we all are humans. Without respecting others we can not be respected

That "Change TCP MSS" feature (for instance in the PPP profiles) only works with IPv4 in RouterOS and has no effect on IPv6 (it's stated in the docs), and of course it only helps TCP connections whereas today even websites are switching to UDP (with HTTP/3 and QUIC). For IPv6 it's better to configure IPv6->ND like pe1chl already wrote.

And changing TCP MSS with mangle has no conflict with fasttrack, because the mangle rule only applies to the SYN and SYN/ACK packets. One is when the connection state is still new (and thus not yet affected by the fasttrack rule), and the other for the first packet in the "established" state, but because "Mangle Forward" is before "Filter Forward" in the packet flow https://help.mikrotik.com/docs/download ... 451&api=v2, the mangle rule can still change the MSS before the fasttrack rule can match the connection. I know this because I have those mangle rules for both IPv4 and IPv6 right now (needed because I tunnel devices accessing Netflix, both IPv4 and IPv6, inside Wireguard to another household for account sharing) with IPv4 and IPv6 fasttrack working flawlessly.

Fri Feb 21, 2025 1:52 am

I kindly ask all users to keep the topic related to 7.18RC version as much as possible.

sirbryan · Fri Feb 21, 2025 5:34 am

FWIW I'm testing CHR on smaller hardware, such as Intel N100 and N150 4-core machines, as well as a Raspberry Pi CM5. 7.18rc1 performs much better than 7.17 did on both systems. Both devices are able to push 2.5Gbps UDP in both directions, and up to 5Gbps when using a 10G AQC107 NIC.

However, the native Debian underneath is able to do 1Gbps more on CM5 and 3Gbps more on N150 when running iperf3 tests, and both do it on a single core, vs. CHR in KVM/Qemu utilizing 80% of all four cores. It makes me wonder how much is virtualization overhead and how much is RouterOS.

volkirik · Fri Feb 21, 2025 5:51 am

For the sake of clarity, I would like to emphasize that the MikroTik team is doing its utmost. Please consider RouterOS as a complimentary software that comes bundled with excellent hardware, along with nearly lifetime updates.

Let us remain optimistic and refrain from discouraging others.

------------------------------------------------------------------------

Best regards and best wishes.

nichky · Fri Feb 21, 2025 6:46 am

@savage

So not quite sure here whether it is, or isn't hardware offloaded :-)

What is the model of that device?

mkx · Fri Feb 21, 2025 8:01 am

However, the native Debian underneath is able to do 1Gbps more on CM5 and 3Gbps more on N150 when running iperf3 tests, and both do it on a single core, vs. CHR in KVM/Qemu utilizing 80% of all four cores. It makes me wonder how much is virtualization overhead and how much is RouterOS.

You have to make sure you're comparing pears to pears (not going to mention apples ;-) ). ROS in principle does firewalling as well and connection tracking machinery (identifying connections to which each packet belongs) is pretty costly operation. OTOH linux kernel might not be doing it. IIRC connection tracking is enabled whenever there's even a single firewall filter rule configured ...

My experience is that virtualization overhead (e.g. Proxmox VE) can be around 1 core, specially when there's lots of I/O using virtualized hardware (vmnet, disks, etc.). You can compare output of /tool/profile cpu=all with output of e.g. top run on physical machine. And keep in mind that mobile variants of CPUs are quite a bit slower than their desktop/server counterparts.

fischerdouglas · Fri Feb 21, 2025 12:12 pm

**Ticket Number: SUP-179779**

Dear MikroTik Development Team,

By implementing these enhancements, MikroTik RouterOS would become **more robust, efficient, and compatible with real-world networking scenarios**. These changes would:
✅ **Reduce packet fragmentation**
✅ **Improve IPv6 interoperability**
✅ **Enhance VPN and PPPoE performance**
✅ **Align RouterOS with industry best practices**

**Best regards,**
VOLKAN SALiH

I found this feature request to be as elegant as a glove slap!
The detail of mentioning the ticket ID in Jira is the cherry on the cake.
Congratulations!
P.S.: At some point I had the patience to do it like that... Like time, realizing that they don't care about it at all. I gave up. But please don't do what I did.

Every discussion of releases always ends up in OT
It's really annoying…

@massinia Your message came right after @volkirik's message.
I want to believe that this isn't the message you were referring to about Off Topic.
I found it extremely On Topic for a Release Candidate! Asking for features.

Just like other colleagues who have been talking about routing problems that they pretend to have fixed by writing "(additional fixes)", but you can see right away that they weren't extensively tested because the same names are repeated in the forum talking over and over and over about the same problems.

Unfortunately, betas and RC threads in this forum are the only place where you can truly reach the MikroTik team. Because they know that if they don't look at this, it will become public shaming. Maybe they should improve this attitude a little.

fischerdouglas · Fri Feb 21, 2025 12:16 pm

In addition, it is also On-Topic for a Release Candidate to talk about:

The lack of 6PE and 6vPE, and BGP-LU.
The lack of progress on Kernel bypass and hardware off-load on issues like VRF, MPLS L2VPN, and L3VPN.
The lack of progress on BGP Flowspec (poor thing... It's been forgotten in the routing overview since the beginning.)

And it is also On-Topic for a Release Candidate to talk about the initial progress with VXLan and Hardware Offload.
Which inevitably leads to questions like:

"Hey, what do you mean I can't pass VLANs over this?"
"Is EVPN coming soon?
- "Will it come with Type 5 Routes?"
- "If yes, how would be possible without VRF hardware offload?"

fischerdouglas · Fri Feb 21, 2025 12:39 pm

What's new in 7.18rc1 (2025-Feb-18 08:57):
*) disk - allow to set only type=raid devices as raid-master;
*) disk - cleanup raid members mountpoint, improve default name of file base block-device;
*) disk - do not allow configuring empty slot as raid member;
*) disk - fixed setting up dependent devices when file-based block-device becomes available;
*) disk - improved stability;
*) disk - mount multi-device btrfs filesystems more reliably at startup;
*) disk - set non-empty fs label when formatting by default;
*) rose-storage - fixes for btrfs server;
Other changes since v7.17:
*) disk - add disk trim command (/disk format-drive diskx file-system=trim);
*) disk - allow to add swap space without container package;
*) disk - fix detecting disks on virtual machines;
*) disk - fixed showing free space on tmpfs (introduced in v7.17);
*) disk - improved system stability when SMB interface list is used (introduced in v7.17);
*) rose-storage - add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem;
*) rose-storage - add btrfs filesystem balance-start/cancel commands;
*) rose-storage - add btrfs filesystem scrub-start, scrub-cancel commands (CLI only);
*) rose-storage - add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems;
*) rose-storage - add support to add/remove btrfs subvolumes/snapshots;
*) rose-storage - added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc;
*) rose-storage - allow to separately mount any btrfs subvolumes;
*) rose-storage - update rsync to 3.4.1;
*) rose-storage,ssh - support btrfs send/receive over ssh;

All of this is related to how Linux interacts with disks, and they still use Kernel 5.6.3 (April 2020) as a base.

If anyone here has had the opportunity to deal with distributed storage in Kubernetes clusters or hyper-converged virtualization, they must have read about significant changes in this regard in several versions of the Kernel after 5.6.3. Mainly regarding DMA.

Just to illustrate, here are two links that provide brief references on this.

https://en.wikipedia.org/wiki/Linux_ker ... on_history
https://btrfs.readthedocs.io/en/latest/ ... rsion.html

infabo · Fri Feb 21, 2025 12:52 pm

I can't imagine they have incorporated all patches for any improvement made to BTRFS in kernel 5.6+ and 6.0+. So what it the point of using outdated ROSE BTRFS when someone can have that on e.g. TrueNAS for example (or any Linux distribution)?

fischerdouglas · Fri Feb 21, 2025 1:09 pm

I can't imagine they have incorporated all patches for any improvement made to BTRFS in kernel 5.6+ and 6.0+. So what it the point of using outdated ROSE BTRFS when someone can have that on e.g. TrueNAS for example (or any Linux distribution)?

I partially agree with you! But what's done won't be undone...
So at least let's use this to make them realize that if they want to continue down this path of adding new features, they'll have to take better care of the building's foundation.

CGGXANNX · Fri Feb 21, 2025 1:35 pm

MikroTik should have already started migrating to 6.6.x, which is LTS and has all the storage improvements. The current OpenWrt is also on this branch. I think MikroTik currently use 5.6.3 because 5.6 is the first release that has WireGuard support in the kernel. Otherwise, they would have used an even older version 🙃.

eworm · Fri Feb 21, 2025 1:42 pm

Well, the latest LTS branch is 6.12.x...

CGGXANNX · Fri Feb 21, 2025 2:02 pm

That's why I wrote "should have already started". If they already started last year, then 6.6 would have been the right candidate (because 6.12 only came at the end of the year).

pe1chl · Fri Feb 21, 2025 2:16 pm

It has been discussed many times before. The trade-off is always between following the kernel releases and applying your in-house patches to ever changing kernel versions (having to adapt them all the time) or keeping the same kernel version+in-house patches and then following the kernel development and applying any security related patches and important bugfixes.
Most Linux distributions to the same thing as MikroTik: at release time they choose a kernel version and all further updates are to that same kernel version (adding some local version ID to it).
Of course the best would be to get local patches accepted into the release kernel so you don't have this issue all the time, but that is both extremely difficult (I have tried to get a 3-line patch into the kernel and have given up) and also probably not desired by MikroTik because they would lose some of their competitive advantage.

oreggin · Fri Feb 21, 2025 2:27 pm

LDP signaled VPLS is still not working at all

over BGP signaled VPLS, IPv4 is ok, but IPv6 isn't [ ping status: "22 (Invalid argument)" ]

VPNv6 is still not works, but at least in RC1 router doesn't crash

mrz · Fri Feb 21, 2025 2:48 pm

LDP signaled VPLS works
BGP signaled VPLS works
VPNv6 works

either misconfiguration or very specific setup.

fischerdouglas · Fri Feb 21, 2025 3:34 pm

LDP signaled VPLS works
BGP signaled VPLS works
VPNv6 works

either misconfiguration or very specific setup.

Could you please share an example config with at least 4 devices RouterOS, being at least one on P.Router Only, with the v7.18rc ?

clambert · Fri Feb 21, 2025 3:41 pm

VPNv6 does indeed work, but only partially, as it does not support an IPv4 backbone as a transport layer.

oreggin · Fri Feb 21, 2025 3:55 pm

LDP signaled VPLS works
BGP signaled VPLS works
VPNv6 works

either misconfiguration or very specific setup.

Its totally basic setup in labs, both CHR and physical routerboards. There is a P router in the middle and 3 PE on that.
This is the MPLS and Routing config from first PE router (RB750Gr3):

[oreggin@rtr1.CPE] > /mpls/export 
/mpls interface
add interface=all mpls-mtu=1500
/mpls ldp
add afi=ip,ipv6 disabled=no lsr-id=10.0.10.11 preferred-afi=ipv6 transport-addresses=10.0.10.11,b00b::10:0:10:11
/mpls ldp interface
add accept-dynamic-neighbors=yes afi=ip,ipv6 disabled=no interface=ether2

[oreggin@rtr1.CPE] > /routing/export 
/routing bgp template
set default disabled=no router-id=10.0.10.11
/routing ospf instance
add disabled=no name=ospfv2 router-id=10.0.10.11
add disabled=no name=ospfv3 router-id=10.0.10.11 version=3
/routing ospf area
add disabled=no instance=ospfv2 name=backbone4
add disabled=no instance=ospfv3 name=backbone6
/routing bgp connection
add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 as=65530 connect=no disabled=no listen=yes local.address=10.0.10.11 .role=ibgp-rr name=rrcl4 nexthop-choice=force-self \
    output.default-originate=if-installed .redistribute=connected remote.address=10.0.10.0/24 .as=65530 router-id=10.0.10.11 routing-table=main
add address-families=ipv6,vpnv6 as=65530 connect=no disabled=no listen=yes local.address=b00b::10:0:10:11 .role=ibgp-rr name=rrcl6 output.default-originate=always .redistribute=connected \
    remote.address=b00b::10:0:10:0/112 .as=65530 router-id=10.0.10.11 routing-table=main
/routing bgp vpls
add bridge=VPLS_B bridge-horizon=4 comment="BGP signaled VPLS" disabled=no export-route-targets=65530:4 import-route-targets=65530:4 name=VPLS_B pw-type=vpls rd=65530:4 site-id=11
add bridge=VPLS_A bridge-horizon=3 cisco-id=33.33.33.11 comment="LDP signaled VPLS" disabled=no export-route-targets=65530:3 import-route-targets=65530:3 name=VPLS_A pw-type=vpls rd=\
    65530:3
/routing bgp vpn
add disabled=no export.redistribute=connected .route-targets=65530:1 import.route-targets=65530:1 .router-id=VRF_A label-allocation-policy=per-vrf name=bgp-mpls-vpn-1 route-distinguisher=\
    65530:1 vrf=VRF_A
add disabled=no export.redistribute=connected .route-targets=65530:2 import.route-targets=65530:2 .router-id=VRF_B label-allocation-policy=per-prefix name=bgp-mpls-vpn-2 \
    route-distinguisher=65530:2 vrf=VRF_B
/routing filter rule
add chain=BGP_out rule=accept
/routing ospf interface-template
add area=backbone4 cost=1000 disabled=no interfaces=ether2 type=ptp
add area=backbone6 cost=1000 disabled=no interfaces=ether2 type=ptp
add area=backbone4 disabled=no interfaces=Loopback0 passive
add area=backbone6 disabled=no interfaces=Loopback0 passive
[oreggin@rtr1.CPE] >

Maybe misconfiguration, but I can't figure out what or where. If you have any proposal, it would be appreciated.

[oreggin@rtr1.CPE] > /interface/vpls/print        
Flags: R - RUNNING; D - DYNAMIC
Columns: NAME, PEER, BGP-VPLS
#    NAME   PEER        BGP-VPLS
0 RD vpls1  10.0.10.13  VPLS_B  
1 RD vpls2  10.0.10.12  VPLS_B  
2  D vpls3  10.0.10.13  VPLS_A  
3  D vpls4  10.0.10.12  VPLS_A  
[oreggin@rtr1.CPE] > /mpls/forwarding-table/print 
Flags: L - LDP, P - VPN, V - VPLS
Columns: LABEL, VRF, PREFIX, NEXTHOPS, VPLS
 #   LABEL  VRF    PREFIX              NEXTHOPS                                                  VPLS 
 0 P    32  VRF_A                                                                                     
 1 P    33  VRF_B  10.0.12.0/29                                                                       
 2 P    34  VRF_B  b00b:10:11:12::/64                                                                 
 3 L    42  main   b00b::10:0:10:1     { nh=fe80::20c:42ff:fe53:1491%ether2; interface=ether2 }       
 4 L    39  main   10.0.10.1           { label=impl-null; nh=10.0.0.25; interface=ether2 }            
 5 L    40  main   10.0.10.12          { label=21; nh=10.0.0.25; interface=ether2 }                   
 6 L    41  main   10.0.10.13          { label=20; nh=10.0.0.25; interface=ether2 }                   
 7 L    37  main   10.0.0.0/30         { label=impl-null; nh=10.0.0.25; interface=ether2 }            
 8 L    38  main   10.0.1.0/30         { label=impl-null; nh=10.0.0.25; interface=ether2 }            
 9 V    29                                                                                       vpls1
10 V    28                                                                                       vpls2
11 L    43  main   b00b::10:0:10:12    { nh=fe80::20c:42ff:fe53:1491%ether2; interface=ether2 }       
12 L    44  main   b00b::10:0:10:13    { nh=fe80::20c:42ff:fe53:1491%ether2; interface=ether2 }       
[oreggin@rtr1.CPE] >

Thanks!

Fri Feb 21, 2025 3:56 pm

What's new in 7.18rc2 (2025-Feb-21 12:50):

*) cloud - added "Back To Home Files" feature (additional fixes);
*) dhcpv6-relay - added option to create routes for bindings passing through relay (additional fixes);
*) disk - do not allow adding device in raid when major settings mismatch in superblock and config;
*) disk - fixed removing device from raid while resyncing;
*) ethernet - fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices (additional fixes);
*) ethernet - fixed link-down on startup for ARM64 devices (introduced in v7.16);
*) l3hw - added initial HW offloading for VXLAN on compatible switches (additional fixes);
*) lte - added initial eSIM management support (additional fixes);
*) lte - fix R11e-4G modem initialization (introduced in v7.18beta4);
*) lte - fixed cases where the MBIM dialer could get stuck;
*) lte - fixed interface recovery in mixed multiapn setup for MBIM modems (additional fixes);
*) lte - improved initialization for external USB modems;
*) ptp - improved system stability;
*) qos-hw - fixed wred-threshold (introduced in v7.18beta2);
*) ssh - improved channel resumption after rekey and eof handling;
*) wifi-qcom - prevent AP from transmitting broadcast data unencrypted during authentication of first client;
*) winbox - added missing options under "System/Disk" menu (additional fixes);

oreggin · Fri Feb 21, 2025 4:00 pm

What's new in 7.18rc2 (2025-Feb-21 12:50):

Oh man, I started to upgrade my routers 5 minutes ago to RC1 :D

Fri Feb 21, 2025 4:07 pm

What's new in 7.18rc2 (2025-Feb-21 12:50):

*) lte - added initial eSIM management support (additional fixes);

Just 0.02$ ... initial + fixes do not fit releasing stable version. That should be in 7.19beta.

sirbryan · Fri Feb 21, 2025 4:44 pm

You have to make sure you're comparing pears to pears (not going to mention apples ;-) ). ROS in principle does firewalling as well and connection tracking machinery (identifying connections to which each packet belongs) is pretty costly operation. OTOH linux kernel might not be doing it. IIRC connection tracking is enabled whenever there's even a single firewall filter rule configured ...

It's a blank install of CHR, so no rules, no filters, nothing. Simply doing bandwidth tests from the VM's to my 2116 and to each other. I'll have to see if I can get 7.16 or 7.15 to work, just for fun.

RPi5 is a Broadcom BCM2712 quad-core Arm Cortex A76 processor @ 2.4GHz. That's better than the 1.4GHz quad-core processor in RB4011 and RB5009, the 1.7GHz processor in CCR2004, and the 2GHz processor in CRS526. The 2004 can bridge and route (fast path) 19Gbps (it obviously has more PCIe lanes to the switch from the CPU), so I would hope to get at least the full 6Gbps out of the CHR on the Pi and 10Gbps out of the Intel processor (4 cores at 3GHz).

Fri Feb 21, 2025 5:06 pm

What's new in 7.18rc2 (2025-Feb-21 12:50):

*) lte - added initial eSIM management support (additional fixes);
Just 0.02$ ... initial + fixes do not fit releasing stable version. That should be in 7.19beta.

And no device yet which supports this ?

buset1974 · Fri Feb 21, 2025 6:00 pm

What's new in 7.18rc2 (2025-Feb-21 12:50):

*) cloud - added "Back To Home Files" feature (additional fixes);
*) dhcpv6-relay - added option to create routes for bindings passing through relay (additional fixes);
*) disk - do not allow adding device in raid when major settings mismatch in superblock and config;
*) disk - fixed removing device from raid while resyncing;
*) ethernet - fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices (additional fixes);
*) ethernet - fixed link-down on startup for ARM64 devices (introduced in v7.16);
*) l3hw - added initial HW offloading for VXLAN on compatible switches (additional fixes);
*) lte - added initial eSIM management support (additional fixes);
*) lte - fix R11e-4G modem initialization (introduced in v7.18beta4);
*) lte - fixed cases where the MBIM dialer could get stuck;
*) lte - fixed interface recovery in mixed multiapn setup for MBIM modems (additional fixes);
*) lte - improved initialization for external USB modems;
*) ptp - improved system stability;
*) qos-hw - fixed wred-threshold (introduced in v7.18beta2);
*) ssh - improved channel resumption after rekey and eof handling;
*) wifi-qcom - prevent AP from transmitting broadcast data unencrypted during authentication of first client;
*) winbox - added missing options under "System/Disk" menu (additional fixes);

I can't find any LTE interface on my dozens of CCRs.
CCR owners don't lose your hope and keep your spirits up

pe1chl · Fri Feb 21, 2025 6:45 pm

I can't find any LTE interface on my dozens of CCRs.
CCR owners don't lose your hope and keep your spirits up

Of course not... until you plug in a LTE USB stick (when your CCR has an USB port).
Unfortunately there is no line with "*) bgp - improved stability;" in sight... that is what CCR users are hoping for.

bajodel · Fri Feb 21, 2025 6:55 pm

@Mikrotik - since you just restored in this version the forgotten "/ip/route/check" feature for ipv4 (similar to "ip route get" in linux), why not complete the task and give ipv6 the same love ?
Thanks.

buset1974 · Fri Feb 21, 2025 8:18 pm

LDP signaled VPLS works
BGP signaled VPLS works
VPNv6 works

either misconfiguration or very specific setup.

Hi mrz, any reason why MT still hide vpn6 afi from winbox?
If there any limitation should we know about?

felixka · Fri Feb 21, 2025 8:35 pm

My IPsec tunnels broke on my RB5009 with 7.18rc1. I had to disable the IPv4 forwarding fasttrack rule to fix it for now. I opened ticket SUP-180137.

infabo · Fri Feb 21, 2025 9:07 pm

Strange. There is not even any ipsec related change in rc1.

fischerdouglas · Fri Feb 21, 2025 9:12 pm

Hi mrz, any reason why MT still hide vpn6 afi from winbox?
If there any limitation should we know about?

By the way, it is worth mentioning that the syntax between routing and routes is still incongruent:

[administrator@fischerdouglas] > /routing/bgp/connection/print where address-families=
ip     ipv6     l2vpn     l2vpn-cisco     vpnv4     vpnv6

[administrator@fischerdouglas] > /routing/route/print where afi=  
bad     ip4     ip6     l2vpn     l2vpn-cisco     l2vpn-link     link     mip4     mip6     vpn4     vpn6

"address-families=" vs "afi="
"vpnv4" vs "vpn4"
"vpnv6" vs "vpn6"

Amm0 · Fri Feb 21, 2025 10:01 pm

*) console - put !empty sentence when API query returns nothing;
And why was this change even made?? Only in response to some customer who does not understand that an empty response could be returned on a query?

If only Mikrotik would actually write in more than partial sentence or have a proper KB-like system for these questions... My only guess is the API changed are for internal use with REST API. I think REST API just proxies to API, but uses cached/pipelined connection (based on login in log)... in which case knowing a tagged API request was !empty might be useful. But just guessing.

*) lte - added initial eSIM management support (additional fixes);

I have ask several times about what modems this works with, no response, now half-dozen times. The lack of clarity around eSIM is quite annoying. From reading the docs, it seems like a working feature on something. If it's nothing, then say that in docs! Since I read the docs, and eSIM came up in another thread, the eSIM docs don't mention if the QR code had a $$1 at the end. Which, I think, means the

confirmation-code=

be required.... and the $$1 part should NOT be in the

matching-id=

- but it wasn't clear at all... And working in theory here...

*) console - added dsv.remap to :serialize command to unpack array of maps from print as-value (additional fixes);
*) console - allow tab as dsv delimiter;

Now the bright spot is the new scripting changes are just wonderful. They made quick work of the theoretical problem eSIM activation codes use the $ dollar as the delimiter. So on the theoretical modem that support eSIM, you can cut-and-paste the eSIM code to CLI. This is possible by the new :deserialize delimiter="\$" specifically to deal with eSIM LPA format (with the new-ish /terminal/ask allowing cut-and-paste). See viewtopic.php?t=214985 for example.

But there should be something like /ip/dhcp-server/setup for the eSIM. Or, Winbox4 could natively use camera to capture the QR code, too.

engycz · Sat Feb 22, 2025 12:08 am

*) dhcpv6-relay - add routes for bindings passing through relay;
i'd really appreciate an option to disable this for both relay and server (unless one already exists and i couldn't find it) -- when using DHCPv6 for IA_NA, there's often no need to add these routes and they clog up the routing table.

There it is

relay.png

felixka · Sat Feb 22, 2025 2:20 am

My IPsec tunnels broke on my RB5009 with 7.18rc1. I had to disable the IPv4 forwarding fasttrack rule to fix it for now. I opened ticket SUP-180137.

Looks like this actually was a configuration error.
The "defconf: fasttrack" rule somehow ended up above the "defconf: accept in ipsec policy" and "defconf: accept out ipsec policy" rules. When I moved the fasttrack rule below those two rules (like they are in defconf) it started working again. Not sure if this is documented anywhere, but that's what is required.

buset1974 · Sat Feb 22, 2025 2:46 am

Hi mrz, any reason why MT still hide vpn6 afi from winbox?
If there any limitation should we know about?
By the way, it is worth mentioning that the syntax between routing and routes is still incongruent:
Code: Select all
[administrator@fischerdouglas] > /routing/bgp/connection/print where address-families=
ip     ipv6     l2vpn     l2vpn-cisco     vpnv4     vpnv6 
Code: Select all
[administrator@fischerdouglas] > /routing/route/print where afi=  
bad     ip4     ip6     l2vpn     l2vpn-cisco     l2vpn-link     link     mip4     mip6     vpn4     vpn6  
"address-families=" vs "afi="

"vpnv4" vs "vpn4"

"vpnv6" vs "vpn6"

+1 , Yes i also notice this

buset1974 · Sat Feb 22, 2025 3:42 am

LDP signaled VPLS works
BGP signaled VPLS works
VPNv6 works

either misconfiguration or very specific setup.
Could you please share an example config with at least 4 devices RouterOS, being at least one on P.Router Only, with the v7.18rc ?

Up

buset1974 · Sat Feb 22, 2025 3:43 am

LDP signaled VPLS works
BGP signaled VPLS works
VPNv6 works

either misconfiguration or very specific setup.

Its totally basic setup in labs, both CHR and physical routerboards. There is a P router in the middle and 3 PE on that.
This is the MPLS and Routing config from first PE router (RB750Gr3):

[oreggin@rtr1.CPE] > /mpls/export 
/mpls interface
add interface=all mpls-mtu=1500
/mpls ldp
add afi=ip,ipv6 disabled=no lsr-id=10.0.10.11 preferred-afi=ipv6 transport-addresses=10.0.10.11,b00b::10:0:10:11
/mpls ldp interface
add accept-dynamic-neighbors=yes afi=ip,ipv6 disabled=no interface=ether2

[oreggin@rtr1.CPE] > /routing/export 
/routing bgp template
set default disabled=no router-id=10.0.10.11
/routing ospf instance
add disabled=no name=ospfv2 router-id=10.0.10.11
add disabled=no name=ospfv3 router-id=10.0.10.11 version=3
/routing ospf area
add disabled=no instance=ospfv2 name=backbone4
add disabled=no instance=ospfv3 name=backbone6
/routing bgp connection
add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 as=65530 connect=no disabled=no listen=yes local.address=10.0.10.11 .role=ibgp-rr name=rrcl4 nexthop-choice=force-self \
    output.default-originate=if-installed .redistribute=connected remote.address=10.0.10.0/24 .as=65530 router-id=10.0.10.11 routing-table=main
add address-families=ipv6,vpnv6 as=65530 connect=no disabled=no listen=yes local.address=b00b::10:0:10:11 .role=ibgp-rr name=rrcl6 output.default-originate=always .redistribute=connected \
    remote.address=b00b::10:0:10:0/112 .as=65530 router-id=10.0.10.11 routing-table=main
/routing bgp vpls
add bridge=VPLS_B bridge-horizon=4 comment="BGP signaled VPLS" disabled=no export-route-targets=65530:4 import-route-targets=65530:4 name=VPLS_B pw-type=vpls rd=65530:4 site-id=11
add bridge=VPLS_A bridge-horizon=3 cisco-id=33.33.33.11 comment="LDP signaled VPLS" disabled=no export-route-targets=65530:3 import-route-targets=65530:3 name=VPLS_A pw-type=vpls rd=\
    65530:3
/routing bgp vpn
add disabled=no export.redistribute=connected .route-targets=65530:1 import.route-targets=65530:1 .router-id=VRF_A label-allocation-policy=per-vrf name=bgp-mpls-vpn-1 route-distinguisher=\
    65530:1 vrf=VRF_A
add disabled=no export.redistribute=connected .route-targets=65530:2 import.route-targets=65530:2 .router-id=VRF_B label-allocation-policy=per-prefix name=bgp-mpls-vpn-2 \
    route-distinguisher=65530:2 vrf=VRF_B
/routing filter rule
add chain=BGP_out rule=accept
/routing ospf interface-template
add area=backbone4 cost=1000 disabled=no interfaces=ether2 type=ptp
add area=backbone6 cost=1000 disabled=no interfaces=ether2 type=ptp
add area=backbone4 disabled=no interfaces=Loopback0 passive
add area=backbone6 disabled=no interfaces=Loopback0 passive
[oreggin@rtr1.CPE] >

Maybe misconfiguration, but I can't figure out what or where. If you have any proposal, it would be appreciated.

[oreggin@rtr1.CPE] > /interface/vpls/print        
Flags: R - RUNNING; D - DYNAMIC
Columns: NAME, PEER, BGP-VPLS
#    NAME   PEER        BGP-VPLS
0 RD vpls1  10.0.10.13  VPLS_B  
1 RD vpls2  10.0.10.12  VPLS_B  
2  D vpls3  10.0.10.13  VPLS_A  
3  D vpls4  10.0.10.12  VPLS_A  
[oreggin@rtr1.CPE] > /mpls/forwarding-table/print 
Flags: L - LDP, P - VPN, V - VPLS
Columns: LABEL, VRF, PREFIX, NEXTHOPS, VPLS
 #   LABEL  VRF    PREFIX              NEXTHOPS                                                  VPLS 
 0 P    32  VRF_A                                                                                     
 1 P    33  VRF_B  10.0.12.0/29                                                                       
 2 P    34  VRF_B  b00b:10:11:12::/64                                                                 
 3 L    42  main   b00b::10:0:10:1     { nh=fe80::20c:42ff:fe53:1491%ether2; interface=ether2 }       
 4 L    39  main   10.0.10.1           { label=impl-null; nh=10.0.0.25; interface=ether2 }            
 5 L    40  main   10.0.10.12          { label=21; nh=10.0.0.25; interface=ether2 }                   
 6 L    41  main   10.0.10.13          { label=20; nh=10.0.0.25; interface=ether2 }                   
 7 L    37  main   10.0.0.0/30         { label=impl-null; nh=10.0.0.25; interface=ether2 }            
 8 L    38  main   10.0.1.0/30         { label=impl-null; nh=10.0.0.25; interface=ether2 }            
 9 V    29                                                                                       vpls1
10 V    28                                                                                       vpls2
11 L    43  main   b00b::10:0:10:12    { nh=fe80::20c:42ff:fe53:1491%ether2; interface=ether2 }       
12 L    44  main   b00b::10:0:10:13    { nh=fe80::20c:42ff:fe53:1491%ether2; interface=ether2 }       
[oreggin@rtr1.CPE] >

Thanks!

Up

buset1974 · Sat Feb 22, 2025 3:45 am

VPNv6 does indeed work, but only partially, as it does not support an IPv4 backbone as a transport layer.

Up

leshe4ka · Sat Feb 22, 2025 9:48 am

It still has broken svgs :)

viewtopic.php?t=213860

oreggin · Sat Feb 22, 2025 10:38 am

VPNv6 is still not works, but at least in RC1 router doesn't crash

7.18RCs also crashing with VPNv6 if router gets longer prefixes then /64, for example /96. It is around early processing of BGP updates as filters doesn't prevent crash. I think this is not a corner case. Unfortunately I didn't get any updates from support from 27th of January, even I provide LAB access for them as they asked.

msatter · Sat Feb 22, 2025 10:49 am

My IPsec tunnels broke on my RB5009 with 7.18rc1. I had to disable the IPv4 forwarding fasttrack rule to fix it for now. I opened ticket SUP-180137.

Why use fasttracking with IPsec?

NoTrack makes IPsec faster with bypassing connection tracking:

However, this can add a significant load to the router's CPU if there is a fair amount of tunnels and significant traffic on each tunnel.

The solution is to use IP/Firewall/Raw to bypass connection tracking, that way eliminating the need for filter rules listed above and reducing the load on CPU by approximately 30%.

/ip firewall raw
add action=notrack chain=prerouting src-address=10.1.101.0/24 dst-address=10.1.202.0/24
add action=notrack chain=prerouting src-address=10.1.202.0/24 dst-address=10.1.101.0/24

https://help.mikrotik.com/docs/spaces/R ... rackBypass

oreggin · Sat Feb 22, 2025 1:36 pm

I agree with You 1000%
Routers should be routers. Let servers be servers...
We all know what's coming next: one of MT staffers telling us (again) that routing development team is separate from "goodies" development team. And that development pace of one team does not affect development pace of the other team.

While this might be true it's still royal PITA to see core functionality of ROS stagnate at some (partially) defunct state while other functionalities (about which some users do care and are enthusiastic while majority of users don't give a s**t) are getting somewhere. I'm pretty sure that many users would understand about complexity (and time demanding) of fixing routing functions ... if MT would publish some (semi)concrete plans about when things are going to be fixed. And then also stick to those plans.

+1
I don't want to offend anyone, those with weaker nerves should close their eyes now.
I don't care if MT adding features which push down other NAS OSes (for unknown reasons) till the core functionalities at least gets as much care as other, not networking functions. As soon as these not core functionalities gets more care, the RouterOS is not Router OS anymore, getting more like a NAS OS. Unfortunately, I only occasionally see routing issues being fixed in changelogs, while features and bug fixes are being flooded into disk and rose-storage and other similar irrelevant features for networking. It's like buying a new futuristic car, but the manufacturer only cares about the eye-catching features of the damn big tablet on the center console in the car. I can spends a lot of time in the car with minecrafting, but the chassis will blown out below me. What a hell is going on?

eddieb · Sat Feb 22, 2025 1:44 pm

We all know what's coming next: one of MT staffers telling us (again) that routing development team is separate from "goodies" development team. And that development pace of one team does not affect development pace of the other team.

While this might be true it's still royal PITA to see core functionality of ROS stagnate at some (partially) defunct state while other functionalities (about which some users do care and are enthusiastic while majority of users don't give a s**t) are getting somewhere. I'm pretty sure that many users would understand about complexity (and time demanding) of fixing routing functions ... if MT would publish some (semi)concrete plans about when things are going to be fixed. And then also stick to those plans.
+1
I don't want to offend anyone, those with weaker nerves should close their eyes now.
I don't care if MT adding features which push down other NAS OSes (for unknown reasons) till the core functionalities at least gets as much care as other, not networking functions. As soon as these not core functionalities gets more care, the RouterOS is not Router OS anymore, getting more like a NAS OS. Unfortunately, I only occasionally see routing issues being fixed in changelogs, while features and bug fixes are being flooded into disk and rose-storage and other similar irrelevant features for networking. It's like buying a new futuristic car, but the manufacturer only cares about the eye-catching features of the damn big tablet on the center console in the car. I can spends a lot of time in the car with minecrafting, but the chassis will blown out below me. What a hell is going on?

+1 too
I really don't care about file sharing and such, there are other companies/OSes that do that for years and are pretty good at it.
Please keep focus on networking ...
How about management updates ? dude ? and stuff like that. Way more important for me ...
IF it must be done, make all those fancy stuff modular, so I can ignore them ...

oreggin · Sat Feb 22, 2025 4:55 pm

over BGP signaled VPLS, IPv4 is ok, but IPv6 isn't [ ping status: "22 (Invalid argument)" ]

Mea culpa, after I fixed the overlapping IPv6 addressing on both VPLS, IPv6 works fine too so BGP signaled VPLS is ok. LDP signaled has other issue as it doesn't work at all. It has no remote-label:

[admin@rtr1.CPE] > /interface/vpls/monitor vpls11
  local-label: 89                                                
     nexthops: { label=31; nh=10.0.1.1%ether2; interface=ether2 }

felixka · Sat Feb 22, 2025 5:19 pm

My IPsec tunnels broke on my RB5009 with 7.18rc1. I had to disable the IPv4 forwarding fasttrack rule to fix it for now. I opened ticket SUP-180137.
Why use fasttracking with IPsec?

I wasn't doing that on purpose:

Looks like this actually was a configuration error.
The "defconf: fasttrack" rule somehow ended up above the "defconf: accept in ipsec policy" and "defconf: accept out ipsec policy" rules. When I moved the fasttrack rule below those two rules (like they are in defconf) it started working again. Not sure if this is documented anywhere, but that's what is required.

Thanks for the pointer to the IPsec Wiki page. It looks like my issue is also documented in the FAQ on that page at the very bottom:

Random packet drops or connections over the tunnel are very slow, enabling packet sniffer/torch fixes the problem?

Problem is that before encapsulation packets are sent to Fasttrack/FastPath, thus bypassing IPsec policy checking. The solution is to exclude traffic that needs to be encapsulated/decapsulated from Fasttrack, see configuration example here.

dang21000 · Sat Feb 22, 2025 6:02 pm

Just trying on my personnal rb5009, this rc2 and enable the most interesting feature : fasttrack6
Its work fine, wait and see...

fischerdouglas · Sat Feb 22, 2025 9:11 pm

My guess:
The advanced storage features in RouterOS were born related to MikroTik's centralized controller.

The best methodology I've found so far to control a large number of MikroTik devices was through eworm scripts (except CPEs, which are logically TR-069). The closest thing I've seen to Intent Driven Design.

And if you think about it, combining the ramdisk+rsync features, or for less demanding scenarios Back-to-Home-Files, is the most appropriate way to have this intent driven design.

So far, these features are something good and necessary.

However, I believe that when they did put good developers to work on this to create a solution, the product team must have gotten a little too excited when they saw what was coming out, and had wet dreams of venturing into this other world beyond routing and switching.

I don't think having these features is a bad thing. What is bad is the stupid decision to neglect important things like dataplane and control-plane separation or routing protocols to focus on delivering the base version of the storage platforms.

The criticism here is about redirecting efforts.
This talk that the routing development team is dedicated specifically to this, in my opinion, is a lie. And I challenge the MikroTik people to prove me wrong through the fun videos on YouTube about the company's backstage. If that happens, I will be happy to acknowledge that my statement is wrong.

I ask again for focus on:
- Ensuring minimum resources, and also limiting them to a certain maximum, for control-plane processes.
- Correcting and optimizing existing network protocols (VRF, L3VPN, 6PE/6vPE, BGP-LU, Flowspec).
- Making Kernel bypass and hardware offload work in these protocols.
- Splitting features in new packages.

And to those that say that this post is Off-Topic.. Well, this is about the release candidate, right? And it is clear that the expectations of most RouterOS users were not met with what will come in 7.18.

oreggin · Sat Feb 22, 2025 9:26 pm

I can't add LDP signaled (cisco-like) VPLS in CLI, but I can add in WinBox4:

[admin@rtr1.CPE] > /routing/bgp/vpls/export                                                                                                                                                  
# 2025-02-22 20:23:16 by RouterOS 7.18rc2
# system id = XXXXXXXXXXX
#
/routing bgp vpls
add bridge=VPLS_A bridge-horizon=3 cisco-id=33.33.33.11 disabled=no export-route-targets=65530:3 import-route-targets=65530:3 name=VPLS_A pw-type=vpls rd=65530:3
add bridge=VPLS_B bridge-horizon=4 disabled=no export-route-targets=65530:4 import-route-targets=65530:4 name=VPLS_B pw-type=vpls rd=65530:4 site-id=11
[admin@rtr1.CPE] > /routing/bgp/vpls/add bridge=VPLS_C bridge-horizon=5 cisco-id=55.55.55.11 disabled=no export-route-targets=65530:5 import-route-targets=65530:5 name=VPLS_C pw-type=vpls rd=65530:5
missing required values
[admin@rtr1.CPE] >

clambert · Sun Feb 23, 2025 12:32 am

It seems to me that the cisco-id parameter is not correctly defined. According to the Mikrotik documentation:

Parameter is a merge of l2-router-id and RD, for example: 10.155.155.1&6550:123

https://help.mikrotik.com/docs/spaces/R ... P#BGP-VPLS

loloski · Sun Feb 23, 2025 2:09 am

I ask again for focus on:
- Ensuring minimum resources, and also limiting them to a certain maximum, for control-plane processes.
- Correcting and optimizing existing network protocols (VRF, L3VPN, 6PE/6vPE, BGP-LU, Flowspec).
- Making Kernel bypass and hardware offload work in these protocols.
- Splitting features in new packages

You are just wasting your energy and time, been there done that in Mikrotik world the order of priority is not routing and switching it's something whatever they desire, they don't even know their core strength as a company they have good hardware but lack focus in the software stack, I won't repeat on the talking points here