Which previous versions are/were affected by this issue?*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
finally, thanks*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
Can you give more information about this?*) wireless - fixed Nstreme wireless protocol performance decrease;
... but is missing from 6.47beta60...*) dns - added support for multiple type static entries;
This can still be configured, but still does not work when DNS over HTTPS is enabled.*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
Is this expected? (If it is I would like to see the severity reduced. "error" and "critical" raise alerts here.)system;error;critical error while running customized default configuration script: no such item
In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
Sad but trueFrankly since 802.11n, but I am curious what exactly they fixed.
I'm a little cautious, but...yes So far so good..at least to the parts of IPSec that I am using.Did someone check if the breakage of IPsec in beta60 has been completely fixed?
(it is not mentioned in the release notes)
agree with you.In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
+1. I'd like to forward internal zones via VPN to an organization DNS and all the rest - to 1.1.1.1 via DoHagree with you.In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
dns forwarding via DOH is a very useful feature.
Exactly my use case.+1. I'd like to forward internal zones via VPN to an organization DNS and all the rest - to 1.1.1.1 via DoH
Ok thanks! I updated one router that is not so critical and it appears to work with L2TP/IPsec (which completely failed in beta60).I'm a little cautious, but...yes So far so good..at least to the parts of IPSec that I am using.Did someone check if the breakage of IPsec in beta60 has been completely fixed?
(it is not mentioned in the release notes)
Most interesting question here is - what would be possible consequences of "NAND memory going into read-only mode or becoming unstable over time" in context of this fix???*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
+1+1. I'd like to forward internal zones via VPN to an organization DNS and all the rest - to 1.1.1.1 via DoHagree with you.In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
dns forwarding via DOH is a very useful feature.
+1 Such configuration (forward for specific zones + DoH for everything else) should be quite common+1. I'd like to forward internal zones via VPN to an organization DNS and all the rest - to 1.1.1.1 via DoHagree with you.In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
dns forwarding via DOH is a very useful feature.
Does it work after half an hour? That is the RA Lifetime defined in IPv6->ND.When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart. When can it be fixed, this problem has been for many years.
[admin@mt] /ip dns static> add forward-to=10.0.0.1 regexp="example.com" type=FWD
[admin@mt] /ip dns static> set regexp="example\\.com\$" [ find where regexp="example.com" ]
[admin@mt] /ip dns static> export
[...]
add address=10.0.0.1 regexp="example\\.com\$" type=A
+1In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
So, is this a bug in ROS or Windows? This is so annoying, my workaround currently is to disable ipv6 protocol in network adapter settings and re-enable it.When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart. When can it be fixed, this problem has been for many years.
On boot system logs:Is this expected? (If it is I would like to see the severity reduced. "error" and "critical" raise alerts here.)system;error;critical error while running customized default configuration script: no such item
hi.When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart. When can it be fixed, this problem has been for many years.
well, to me it seems to be an issue, as dynamic ND prefix entries have their valid-lifetime independently from the dhcpv6 PD lease the system used to generate addresses for the respective interfaces.When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart.
[admin@router] /ipv6 nd prefix> print
Flags: X - disabled, I - invalid, D - dynamic
0 D prefix=2001:1234:5678:b600::/64 6to4-interface=none interface=lan on-link=yes autonomous=yes valid-lifetime=4w2d
preferred-lifetime=1w
1 D prefix=2001:1234:5678:b601::/64 6to4-interface=none interface=internet on-link=yes autonomous=yes
valid-lifetime=4w2d preferred-lifetime=1w
Maybe it will be a larger update vs incremental.Is ROS 7 still being developed?, I wonder since there haven't been new betas since February.
My guess is that they make some changes how the dude interact with routerOS so you need to have winbox policy in order to user the [emoji819] RouterOS in the dude applicationCan someone explain -
"The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices."
It must be the problem of ROS. It is normal to use other routers IPv6.So, is this a bug in ROS or Windows? This is so annoying, my workaround currently is to disable ipv6 protocol in network adapter settings and re-enable it.When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart. When can it be fixed, this problem has been for many years.
The minimum can be set to 10 minutes, the time is too long, everything is meaningless, do not know if it will work.Does it work after half an hour? That is the RA Lifetime defined in IPv6->ND.When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart. When can it be fixed, this problem has been for many years.
A known bug is that the RA services does not send an informational message with zero lifetime for the old address when an address is changed.
Maybe you can mitigate that by lowering the RA lifetime (and interval) to something more acceptable than half an hour.
Thanks for the support, I don't know if the official will ignore it.well, to me it seems to be an issue, as dynamic ND prefix entries have their valid-lifetime independently from the dhcpv6 PD lease the system used to generate addresses for the respective interfaces.When ipv6 changes, win10 can get the new address normally, but it cannot be used. It is necessary to disconnect the network port and restart.
i filed a new support ticket about this.Code: Select all[admin@router] /ipv6 nd prefix> print Flags: X - disabled, I - invalid, D - dynamic 0 D prefix=2001:1234:5678:b600::/64 6to4-interface=none interface=lan on-link=yes autonomous=yes valid-lifetime=4w2d preferred-lifetime=1w 1 D prefix=2001:1234:5678:b601::/64 6to4-interface=none interface=internet on-link=yes autonomous=yes valid-lifetime=4w2d preferred-lifetime=1w
yes, it still sucks. moreover those ND prefix entries are dynamic.The minimum can be set to 10 minutes, the time is too long, everything is meaningless, do not know if it will work.
ok, there should maybe be 3 changes, as the DHCP-PD server in routeros also doesn't care about the lease of dynamic pools if it operates based on them.in reality this isn't a workaround, more like an addition. i collected packet captures from different devices, and they all respect the DHCPv6 lease time in their RA.
so this two changes shall be combined.
Yes, that is what I wrote above as well. But it does not do that.once an interface is getting renumbered (read: it looses a certain previous GUA) either automatically (via pool addressing) or manually (/ipva address remove X)
RouterOS should send a last RA with the disappearing prefix to the network with valid-lifetime = 0. this shall flush all the caches on the nodes that receive it.
The ipv6 of ros is really too bad, even the basic use cannot be guaranteed, everything needs official attention and repair.ok, there should maybe be 3 changes, as the DHCP-PD server in routeros also doesn't care about the lease of dynamic pools if it operates based on them.in reality this isn't a workaround, more like an addition. i collected packet captures from different devices, and they all respect the DHCPv6 lease time in their RA.
so this two changes shall be combined.
sure, you can tune down the lease-time setting in the manually created DHCP-PD entries, but not in the dynamic ones, spawned by /ppp profile configuration.
in either way, you have a change in the pool you receive via PD, and your entire downstream network will lose v6 connectivity.
in this latter case i'd definitely use a simple algorithm to avoid massive leases on all PD clients:
- setting for a default lease time (globally) say SYSTEM_DEFAULT_DHCPV6PD_LEASE (currently it's 3d)
- setting for each PD entry specific lease setting, DHCPV6PD_ENTRY_LEASE (if not specified explicitly then copy over SYSTEM_DEFAULT_DHCPV6PD_LEASE)
- the value derived from the current lease expiration of the referenced pool entry (POOL_LEASE_LEFT)
and the DHCPv6 reply to the PD client shall set th valid lifetime in the IA Prefix option to X, where
X=min(DHCPV6PD_ENTRY_LEASE, POOL_LEASE_LEFT)
this way we'd only have shorter leases than intended if the pool we operate on is running out of lifetime. and we avoid propagating outdated info and potentially cut of parts of the dynamically addressed v6 network from the outside
i'd say there's a lot more to improve, but it is still superior to many other available implementations out there. and i love the flexibility it offers to me. i spent 20+ yrs in networking, working with all kinds of devices. when it comes down to flexibility, only junOS comes near to routerOS. i've grown up using the cisco CLI, still do it in my 'other life'. nothing is perfect.The ipv6 of ros is really too bad, even the basic use cannot be guaranteed, everything needs official attention and repair.
I agree with you.i'd say there's a lot more to improve, but it is still superior to many other available implementations out there. and i love the flexibility it offers to me. i spent 20+ yrs in networking, working with all kinds of devices. when it comes down to flexibility, only junOS comes near to routerOS. i've grown up using the cisco CLI, still do it in my 'other life'. nothing is perfect.The ipv6 of ros is really too bad, even the basic use cannot be guaranteed, everything needs official attention and repair.
you would not believe what kind of pains we endured because of a small packet parser issue in the iOS XR code, and it kept bringing our network to its knees for more than 1 month with absolutely random occurrences. all this was because the microcode identified az IPv4 packet to be IPv6 one which started a chain reaction, and took out sometimes 3-7 ASR9k routers in a row. or when we had to as for an enhancement, because the device was not doing fragmentation and broke PMTUD by silently dropping packets with DF flags.
shit keeps on happening, and sometimes it is totally ridiculous to see what type of junk goes through the software QA of some big brand names.
ROS certainly lacks a lot of things, but it is improving, sometimes in bursts, but some things take a longer time. if we can provide usable feedbacks to dev, they can pretty much nail it down quickly. i once had a feature request with 6.32(?) to add support for DWDM SFPs, and it was done in less than 2 weeks and it was working. if you are specific with the enhancement details or can pinpoint the actual issue, stuff can improve pretty fast.
+1In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
Note from MT about the BtestUpgraded from 6.45.5 to 6.47rc2.
Noticed that btest is taking up more memory causing boards with 32MB RAM to become unresponsive.
I don't know in which version this started. I also tried 6.46.6 with the same results.
Please remember that Bandwidth Test uses a lot of resources. If you want to test real throughput of a router, you should run Bandwidth Test through the tested router not from or to it. To do this you need at least 3 devices connected in chain: the Bandwidth Test server, the router being tested and the Bandwidth Test client.
Would also like to know? Have only been around since N days. One link I could test showed no difference.*) wireless - fixed Nstreme wireless protocol performance decrease;
there was problem with Nstreme wireless protocol?
since when?
Well, since there is no detail on this, I can share our experience of 5 Km PtP Nstream. There is infrequent disconnection that we cannot explain. We tried to move to NV2 when possible but sometimes in the past Nstream would have given better throughput. Not sure if this is related or not.Would also like to know? Have only been around since N days. One link I could test showed no difference.*) wireless - fixed Nstreme wireless protocol performance decrease;
there was problem with Nstreme wireless protocol?
since when?
Not all Microtik devices are affected with this problem. As far I know problem was with LHG5 ac version. Issue was with data throughput speed which was around 100mbs even if link could do much better than that. (in my case around 180mbs). In data monitor you could see something like waves, data speed goes up and down ... When you start test speed was almost ok but after a second or two speed decrease and those waves starts ... This problem was present from all versions 6.46.x everything was fine with all versions 6.45.x*) wireless - fixed Nstreme wireless protocol performance decrease;
/ip socks
set enabled=yes version=5
/ip socks access
add action=allow dst-address=mikrotik.com
add action=deny