Community discussions

MikroTik App
  4. RouterOS
  5. RouterOS beta

Missing routing options (routeros 7.1rc4)

Post Reply
 
jdMobiusIT
just joined
Topic Author
Posts: 12
Joined: Thu Nov 04, 2021 11:52 am

Missing routing options (routeros 7.1rc4)

Thu Nov 04, 2021 12:32 pm

I actually want to use my Mikrotik router as a router. But the "type" option has been omitted for the routes as an example.
How do I set a network block to be unreachable?
Code: Select all
#      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A SU xxxx:xxxx:xxx::/48                                        1
 
 /ipv6 route
add distance=1 dst-address=xxxx:xxxx:xxx::/48 type=unreachable

Options 6.x:
Code: Select all
bgp-as-path  bgp-atomic-aggregate  bgp-communities  bgp-local-pref  bgp-med  bgp-origin  bgp-prepend  check-gateway  comment  copy-from  disabled  distance  dst-address  gateway  route-tag  scope  target-scope  type
[admin@MikroTik] /ipv6 route> add

Options 7.1rc4:
Code: Select all
blackhole  check-gateway  comment  copy-from  disabled  distance  dst-address  gateway  pref-src  routing-table  scope  suppress-hw-offload  target-scope  vrf-interface
[admin@MikroTik] /ipv6/route> add

A function that I used very intensively no longer exists:
Code: Select all
/ip(v6) route check

In addition, in many places (or everywhere?) it no longer works by entering a question mark to display the available options. Does it work differently now?
6.x:
questionmark.PNG
7.1rc4:
questionmark2.PNG
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7198
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Missing routing options (routeros 7.1rc4)

Thu Nov 04, 2021 2:28 pm

* Routes are for fast traffic black-holing. If you want to return specific ICMP messages then you will have to use firewall.

* Use F1 instead of ?
Top
 
jdMobiusIT
just joined
Topic Author
Posts: 12
Joined: Thu Nov 04, 2021 11:52 am

Re: Missing routing options (routeros 7.1rc4)

Fri Nov 05, 2021 2:30 am

* Routes are for fast traffic black-holing. If you want to return specific ICMP messages then you will have to use firewall.
Sorry for my maybe stupid question.
But how can i mimic this behaviour as simply as possible as a firewall rule?
Code: Select all
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A S  2000::/3                 fe80::333:8400:fb0e:7...        1
 1 A SU 2001:db8::/32                                                    1
 2 A S  2001:db8:bec0::/48       ether2                            1
 3 A S  2001:db8:bec1::/48       ether3                            1
 4 A SU 2001:db8:bec2::/48                                   1
 3 A S  2001:db8:bec2:beef::/64       ether4                            1
 
 /ipv6 route
add distance=1 dst-address=2000::/3 gateway=fe80::333:8400:fb0e:7c0%ether1
add distance=1 dst-address=2001:db8::/32 type=unreachable
add distance=1 dst-address=2001:db8:bec0::/48 gateway=ether2
add distance=1 dst-address=2001:db8:bec1::/48 gateway=ether3
add distance=1 dst-address=2001:db8:bec2::/48 type=unreachable
add distance=1 dst-address=2001:db8:bec2:beef::/64 gateway=ether4
I know how I would do it, but that would inflate my firewall further.
* Use F1 instead of ?
Thanks
Top
 
rplant
Long time Member
Long time Member
Posts: 554
Joined: Fri Sep 29, 2017 11:42 am

Re: Missing routing options (routeros 7.1rc4)

Fri Nov 05, 2021 7:55 am

There is a good option here (and discussion below it)
it's for ipv4, presumably similar is applicable to v6

viewtopic.php?t=173567#p853978
Top
 
jdMobiusIT
just joined
Topic Author
Posts: 12
Joined: Thu Nov 04, 2021 11:52 am

Re: Missing routing options (routeros 7.1rc4)

Fri Nov 05, 2021 11:09 am

There is a good option here (and discussion below it)
it's for ipv4, presumably similar is applicable to v6

viewtopic.php?t=173567#p853978
Thank you for your answer, but using a bridge looks like a bloody hack/ugly workaround to me.
I can't understand why mikrotik removes a working solution...
I am upset
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7198
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Missing routing options (routeros 7.1rc4)

Fri Nov 05, 2021 11:42 am

The reasons are also mentioned in the topic linked above.
Top
 
jdMobiusIT
just joined
Topic Author
Posts: 12
Joined: Thu Nov 04, 2021 11:52 am

Re: Missing routing options (routeros 7.1rc4)

Fri Nov 05, 2021 12:26 pm

The reasons are also mentioned in the topic linked above.
The question "Is blackhole or unreachable better?" cannot be answered clearly for all users. My concern is that the DECISION whether you WANT blackhole or unreachable should be in the hands of the respective network administrator. There are certainly legitimate reasons for both.

I don't see any reason to delete features that were already implemented in the substructure (Linux kernel / Netfilter / IPRoute2).

There are various ways to protect yourself from abuse.

rate_limit.PNG
https://www.kernel.org/doc/Documentatio ... sysctl.txt

icmp/*:
ratelimit - INTEGER
Limit the maximal rates for sending ICMPv6 messages.
0 to disable any limiting,
otherwise the minimal space between responses in milliseconds.
Default: 1000

https://man7.org/linux/man-pages/man7/icmp.7.html
Linux limits the rate of ICMP error packets to each destination.
ICMP_REDIRECT and ICMP_DEST_UNREACH are also limited by the
destination route of the incoming packets.
You do not have the required permissions to view the files attached to this post.
Top
Post Reply
  4. RouterOS
  5. RouterOS beta