v7.1 is released!

mducharme · Tue Dec 07, 2021 1:51 am

Yes, most people who have MikroTik routers do not use MPLS, VXLAN or OSPFv3. OSPFv3 actually works for me, but I haven't done testing on a big network. I don't know about VXLAN (haven't tried it yet), but MPLS is very problematic for me at the moment. This is not going to be safe for me to use in a service provider environment until it is much more bulletproof.

This release should be considered stable enough for home and homelab use, not necessarily for businesses. A lot of home users don't want to try anything that says "beta" or "release candidate" and MikroTik is probably hoping that calling this release 7.1 stable instead of 7.1 testing or 7.1rc8 that more home users will move to it and help to uncover new bugs to be fixed. Business customers should not be upgrading blindly, but if they do, they may be upset by some features not working right, or not even implemented at all yet (like The Dude server).

r00t · Tue Dec 07, 2021 2:07 am

What is actually considered stable depends on what you use. Some users may not have any issues... while for others it's just unusable. I think most important is to get all functions that are currently present in v6 working without issues in v7. While there's many cool new features in v7, they can wait. This can be frustrating for some users, wanting new stuff, but minimal "it's stable" status is "it can do all of the basic v6 stuff without imploding" which is still probably months away...

aglabs · Tue Dec 07, 2021 6:05 am

Netflow is still broken and completely useless. viewtopic.php?t=178177

shyrwall · Tue Dec 07, 2021 6:18 am

7.1 on CCR1072 crashed after ~5h. Needed manual power cycle.

ufm · Tue Dec 07, 2021 6:55 am

Version 7.1 has been released.

!) support for ZeroTier on ARM and ARM64 devices;

Are there plans to add ZeroTier to other architectures?

ufm · Tue Dec 07, 2021 7:22 am

And anyway - congratulations!

P.S.

I keep this letter fondly. I should check to see if this bug has been corrected or not. :)

Date: Thu, 19 Feb 2015 11:37:35 +0200
To: Fyodor Ustinov <ufm@xxxxxxxx.net.ua>
From: "MikroTik support [Janis M.]" <support@mikrotik.com>

[...]

...This problem will be solved in RouterOS v7, that we are trying to put into beta until
big European MUM.

Jotne · Tue Dec 07, 2021 8:02 am

Are there plans to add ZeroTier to other architectures?

It may be a space problem, so could be hard to get inn to all devices.

irghost · Tue Dec 07, 2021 9:40 am

There are two branches v6 and v7.
Each of them has their own channels, if there is v7 "testing", "stable" or whatever, it does not replace versions in v6 channels.
There is only one released v7 version (7.1), so it basically fills all the channels of v7 branch until newer version is built for specific channel.

 /system/resource> print 
                   uptime: 6m29s
                  version: 7.1 (testing)
               build-time: Dec/01/2021 14:07:27
         factory-software: 6.0
              free-memory: 43.1MiB
             total-memory: 96.0MiB
                      cpu: Intel(R)
                cpu-count: 1
            cpu-frequency: 2400MHz
                 cpu-load: 3%
           free-hdd-space: 72.8MiB
          total-hdd-space: 89.2MiB
  write-sect-since-reboot: 1384
         write-sect-total: 1385
        architecture-name: x86_64
               board-name: CHR
                 platform: MikroTik

stable Or testing?

benoga · Tue Dec 07, 2021 9:42 am

I'm able to generate a kernel panic on a CCR2004-1G-12S+2XS (capsman controller) when I enable caps-mode on a 951Ui-2HnD. If I leave this enabled, the CCR is rebooting in a loop. Cap certificate was just generated, capsman controller is reached via IP, not discovery interface. There's nothing in the logs other than the kernel crash message.
I added a 941-2nD before, using the discovery interface, that works without causing a crash on the controller.

Same Problem here. CCR1009 with Capsman "on" crash and reboot in loop without logging any Problem.

osc86 · Tue Dec 07, 2021 9:58 am

@benoga I got an answer from support.
I’ll try that tomorrow, when I’m in the office.
Here’s the response I got, you may want to check that.
#[SUP-67981]:

Connect a serial cable to this device, open the serial console, and make sure that you have successfully connected to RouterOS CLI.
Now leave the device running and console opened and reproduce the same problem again. After the problem appears, copy serial console output to a text file.
https://wiki.mikrotik.com/wiki/Manual:S ... al_Console
https://wiki.mikrotik.com/wiki/Serial_Port_Usage

Tue Dec 07, 2021 10:38 am

I believe MikroTik did this in part due to complaints: people with routers that have auto upgrade scripts to upgrade to the latest "stable" were complaining that they might have hundreds of devices upgrading to v7 unintentionally when v7 stable was released, and asked for a v7-stable release tree separate from the v6-stable release tree, and MikroTik has done this.

yes, if you run v6, you can't accidentaly upgrade to v7. you have to manually select channel titled "upgrade" to do this. so everyone is safe and nobody is forced to use v7

Quasar · Tue Dec 07, 2021 10:44 am

I just tried to upgrade my hap ac3 but had to downgrade it back to 6.49.2 again. IPv6 throughput on 6.49.2 is 420Mbit/s but on 7.1 it's only 200Mbit/s. So that's a significant regression.

Thanks!

Can anyone else share numbers on IPv6 routing speeds?

I was about to gamble on upgrading a hAP ac to v7.1 hoping it would increase IPv6 routing speeds, but if it only gets worse I'd rather not.

Znevna · Tue Dec 07, 2021 10:47 am

For hAP ac2 all IPv6 traffic is bound to one core, I'm guessing it's valid for all ipq401x devices. You can't push very much through one core.
And your hAP ac has only one core.
I was frustrated with the crappy IPv6 speeds too, but I fixed it, upgraded to RB5009.

rpingar · Tue Dec 07, 2021 10:48 am

any update about ticket opened about x86 platiform: [SUP-67882] [SUP-67221]:
thanks

Jotne · Tue Dec 07, 2021 11:05 am

stable Or testing?

Stable.
Read forum before post.
Example: viewtopic.php?p=895562#p895562

Znevna · Tue Dec 07, 2021 11:14 am

Speaking of IPv6, radvd doesn't wanna work today:

 11:10:43 radvd,debug received Router Solicitation on  interface=bridge
 11:10:43 radvd,debug sending Router Advertisement on bridge
 11:10:43 radvd,debug adding MTU option, MTU=1500
 11:10:43 radvd,debug adding link-layer address option, mac-address=DC:2C:6E:xx:xx:xx
 11:10:43 radvd,debug adding prefix=2a02:2f0d:xxx:xxx::/64
 11:10:43 radvd,debug sendmsg failed on bridge (fe80:3133::de2c:6eff:xxxx:xxxx): Invalid argument

Just spotted the issue.
That LL addr does NOT exist on the bridge currently, no idea why it's trying to use something that's not there.
That LL addr was a leftover from playing with a LL pool for wireguard, I know, my fault.
Good ol'

ipv6/settings/set disable-ipv6=yes
ipv6/settings/set disable-ipv6=no

Fixes it.

SirPrikol · Tue Dec 07, 2021 11:16 am

It is already built in. When you do an in-pace upgrade of a router running v6 the rules will be update to v7.
It is advised to take a close look at them, though.

Unfortunately, it does NOT work. Tested on several different devices

I have not converted a single filter, and also not a single feast has moved. This is a known problem, I am not the only one. Also, on those routers where BGP was configured, it became impossible to add a template with peers

pe1chl · Tue Dec 07, 2021 12:02 pm

I have converted from v6 to v7 but not with RouterOS v7.1 but only with an rc version. So I do not know if it got broken now.
What I understand is that when you upgrade to v7 and then downgrade to v6 (other than by netinstall) the conversion (crossfig) does not run again when you again upgrade to v7 but it re-uses the previous conversion.
However it should be possible to load a backup made in v6 (with the desired configuration) into v7 and it will run the conversion again.
If in doubt, netinstall v6 and import the exported config, make sure all is OK and THEN upgrade to v7.

I have posted the idea that it could be good to have crossfig available offline (e.g. on the mikrotik website) so we can paste our v6 config there and have it converted, and then decide what we want to paste in our v7 installed router. Have seen no response, no idea how difficult it would be to make that (i.e. how independent crossfig is from the router environment. it could be just a perl script...)

mrz · Tue Dec 07, 2021 12:17 pm

+ keep in mind that v6 backup should be created prior to any v7 upgrade, if you had v7 upgrade, then downgrade to v6 and then made a backup it will also save old v7 config.

demopro · Tue Dec 07, 2021 12:54 pm

Is MLAG stable in version 7.1 for use in data centers?
2 x Switch CRS326-24S+2Q+RM configured with one bridge, multiple ports with different PVID and with several ports configured as tagged?

edielson_atm · Tue Dec 07, 2021 1:30 pm

You should only move to v7 if all the needed features are there. A decision was made, that we will not hold v7 release for much longer, because so many people can already use it, and it works great for 90% of users. People with specific needs for specific functions can then test 7.2 or next releases, but those who don't need them, can safely use 7.1 now.

RouterOS 7.2 ? where is the download link

Tue Dec 07, 2021 1:34 pm

Tremor021 · Tue Dec 07, 2021 1:36 pm

Well, upgrading my 3011 to 7.1 was pain in the behind. BGP worked, but src nat stopped working. It marked my public ip as invalid route. using masquerade worked fine, but i need my public ip's exposed....

Tue Dec 07, 2021 1:39 pm

Posting the old and new config would help in such situations

andacb · Tue Dec 07, 2021 1:46 pm

Hello,

As a feedback after upgrading multiple RB 3011 routers and wAP G-5HacT2HnD WiFi APs to 7.1:

- At least one RB 3011 had to be factory reset and configuration backup restored in order to work after 7.1 upgrade. Others didn't have such issue.

- At least one RouterBOARD wAP G-5HacT2HnD WiFi AP started irregular self reboots after 7.1 upgrade. Downgrading it to 6.49.2 solved the issue.

- The DUDE server is not available under 7.1 packages. Therefore we had to leave our CHR and Dude server in 6.49.2.

Andac

RafGan · Tue Dec 07, 2021 2:49 pm

When The Dude server will be implemented in V7 ???

pe1chl · Tue Dec 07, 2021 2:51 pm

I keep this letter fondly. I should check to see if this bug has been corrected or not. :)

Date: Thu, 19 Feb 2015 11:37:35 +0200
To: Fyodor Ustinov <ufm@xxxxxxxx.net.ua>
From: "MikroTik support [Janis M.]" <support@mikrotik.com>

[...]

...This problem will be solved in RouterOS v7, that we are trying to put into beta until
big European MUM.

Well, he did not say "big European MUM 2015", right? Maybe it was planned for the MUM 2021?

buset1974 · Tue Dec 07, 2021 3:34 pm

Soon

Any status for MPLS L3?
I've upgrade 1 MPLS L3 working node from v6.49.1 to v7.1.
After upgrade, all ospf bgp, mpls indeed converted automatically but the L3 connectivity were broken.

I try to downgrade to 6.49.1 again and the L3 connectivity back to works.

thx

StubArea51 · Tue Dec 07, 2021 3:49 pm

Yup, it looks like 7.1 moved to stable.

MikroTik: Was that the exact same build as 7.1 testing or were there some fixes before it went stable?

mrz · Tue Dec 07, 2021 3:50 pm

it is the same build, just updated channels in the web.

anav · Tue Dec 07, 2021 4:02 pm

OpenVPN client doesn't work in 7.1. It was working just fine with 6.49.2 and all previous versions. Here's the log:
Code: Select all
 16:35:38 ovpn,info ovpn-out1: initializing...
 16:35:38 ovpn,info ovpn-out1: connecting...
 16:35:39 ovpn,info ovpn-out1: using encoding - AES-256-CBC/SHA1
 16:35:39 ovpn,info ovpn-out1: terminating... - wrong OVPN data
 16:35:39 ovpn,info ovpn-out1: disconnected
Please help.

Easy Return to 6.49.2, problem solved. Did you send a supout to MT?

ufm · Tue Dec 07, 2021 4:37 pm

Are there plans to add ZeroTier to other architectures?
It may be a space problem, so could be hard to get inn to all devices.

I do not understand why there is no support on the X86 architecture.

mkamenjak · Tue Dec 07, 2021 4:48 pm

Can we expect v7 dude soonish?

Tue Dec 07, 2021 4:55 pm

PDF information: https://mt.lv/RouterOSv7

Video in Spanish: https://youtu.be/fzLxTl6VXRI
Video in English: https://youtu.be/Zp-U7Anv5-0
Video in Russian: https://youtu.be/xRGBbXJc1xA

raymonvdm · Tue Dec 07, 2021 5:08 pm

It seems that Router 7.1 fixed my non-working ethernet interfaces for all but Ether12 on an RB1100 X2 AH
viewtopic.php?t=178341#p880735

anav · Tue Dec 07, 2021 5:10 pm

PDF information: https://mt.lv/RouterOSv7

Video in Spanish: https://youtu.be/fzLxTl6VXRI
Video in English: https://youtu.be/Zp-U7Anv5-0
Video in Russian: https://youtu.be/xRGBbXJc1xA

The video missed the most important point......................
Where do I get that Unicorn MuG!!
Normis email me to get my physical address for mug package!

On a serious note.
community filtering addressing???
zerotier (sdwan) for the home....... what will it allow me to do??

xtaz · Tue Dec 07, 2021 5:16 pm

For hAP ac2 all IPv6 traffic is bound to one core, I'm guessing it's valid for all ipq401x devices. You can't push very much through one core.
And your hAP ac has only one core.
I was frustrated with the crappy IPv6 speeds too, but I fixed it, upgraded to RB5009.

This is fully understood, but doesn't explain why the speed dropped by about 60% going from 6.49.2 to 7.1. I assume both are only using the one core, so why is there such a regression in IPv6 speed in 7.1? If that's not resolved I will be stuck on 6.x until I replace the hap ac3 with something else one day in the far future. I know that 7.1 has a completely new IPv6 stack, but new things are usually an improvement and don't make them worse.

VitohA · Tue Dec 07, 2021 5:16 pm

CCR2004: all channels point to 7.1, graphing through https still broken.

Screenshot 2021-12-07 181504.png

denisun · Tue Dec 07, 2021 5:22 pm

In RB4011 After update from 6.49.2 to 7.1 i have the next problems:
1. ip > fw > service ports
dccp, sctp, updlite have invalid notice
2. $ros variable in script give 7.1 (testing) as result
3. ipv6 > fw > cvonnections
is empty with none connections
4. ipv6 > fw > filter rules
i have accept established/related connections and after that
i have drop invalid.
With above setup, all connections drop as invalid (tcp syn,ack,syn/ack, udp).
The above setup work perfect in 6.x editions.

ormandj · Tue Dec 07, 2021 5:26 pm

NTP webfig UI seems broken, it doesn't display servers, and edits are not applied. 7.1/CCR2004

The release also still says "testing", I assume since it was not rebuilt.

VitohA · Tue Dec 07, 2021 5:35 pm

NTP webfig UI seems broken, it doesn't display servers, and edits are not applied. 7.1/CCR2004

Works well on my CCR2004-1G-12S+2XS

5nik · Tue Dec 07, 2021 5:49 pm

...
3. ipv6 > fw > cvonnections
is empty with none connections
4. ipv6 > fw > filter rules
i have accept established/related connections and after that
i have drop invalid.
With above setup, all connections drop as invalid (tcp syn,ack,syn/ack, udp).
The above setup work perfect in 6.x editions.

I have same issue with ipv6 on hAP AC after upgrade. No connections, filter rules with established/related filter doesn't work. It looks like connection tracking doesn't work properly.

OlofL · Tue Dec 07, 2021 5:51 pm

News letter is not saying this is stable.
Lol

Tue Dec 07, 2021 6:05 pm

Easy Return to 6.49.2, problem solved. Did you send a supout to MT?
I'm not that desperate, yet.. How can I send supout to MT?

See here:
https://wiki.mikrotik.com/wiki/Manual:S ... utput_File

mafiosa · Tue Dec 07, 2021 7:04 pm

VXLAN cannot be configured with unicast addresses but multicast routing is poorly documented and does not seem to work, etc. etc. etc.

Most people would not consider software with so many bugs "stable."

VXLAN with unicast works its not documented properly nor does Mikrotik team bother to check forum. Use any arbitrary multicast id on the vxlan interface. In terminal go to interfaces/vxlan/vteps >add vtep interface=<vxlan interface> remote=<remote address> port=<vxlan port>
This will establish the tunnel.

miklin · Tue Dec 07, 2021 7:19 pm

On hap ac2 with 16 MiB storage can I upgrade directly from 6.49.2 to 7.1 via upgrade channel (if yes will v6.49.2 config be valid for v7.1 ?) or do I have to use netinstall instead and make a fresh install ? Are there any advantages for hap ac2 of version 7 or should i stick with v6 ?

pe1chl · Tue Dec 07, 2021 7:47 pm

On hap ac2 with 16 MiB storage can I upgrade directly from 6.49.2 to 7.1 via upgrade channel (if yes will v6.49.2 config be valid for v7.1 ?) or do I have to use netinstall instead and make a fresh install ? Are there any advantages for hap ac2 of version 7 or should i stick with v6 ?

In case the hAP ac2 is running the single combined package it will probably work, when it is running separate packages you will need to do a netinstall.
This is now a confirmed bug that affects the hAP ac2 and maybe other devices but not all. In some other devices with separate packages I had no problems.

My hAP ac2 is used as a wireless AP in bridge mode, and it works fine with 7.1, no difference observed with 6.49.1

doka · Tue Dec 07, 2021 7:50 pm

Hi guys,

great job, but it still lacks some important features for VPN:
1. VTI support for IPSec. This is important, because open the door to use remote RB as a fully functional router using standardized secure connection. Cisco, for example, don't and, I guess, will never support Wireguard, while IPSec is everywhere.
2. kind of DMVPN. This is great automation tool to build mesh secured networks.

Kindly ask you to consider long-standing community requests and add at least VTI support to ROS.

Thank you.

pe1chl · Tue Dec 07, 2021 8:03 pm

I was kind of waiting for it... after the requests for VTI there would be DMVPN.
But of course IPsec technology and MikroTik routers already support quite easy to deploy mesh networks (especially with 7.1) but not with the Cisco proprietary standards.
When you have only MikroTik or when you have access to the Cisco configuration you can use e.g. GRE over IPsec transport and BGP for the autorouting, and have similar functionality to VTI or DMVPN.
Asking MikroTik for DMVPN is like asking Microsoft to support Apple iOS applications... you can try and keep trying, but they will encounter hurdles and maybe have other priorities.

anav · Tue Dec 07, 2021 8:06 pm

I was kind of waiting for it... after the requests for VTI there would be DMVPN.
But of course IPsec technology and MikroTik routers already support quite easy to deploy mesh networks (especially with 7.1) but not with the Cisco proprietary standards.
When you have only MikroTik or when you have access to the Cisco configuration you can use e.g. GRE over IPsec transport and BGP for the autorouting, and have similar functionality to VTI or DMVPN.
Asking MikroTik for DMVPN is like asking Microsoft to support Apple iOS applications... you can try and keep trying, but they will encounter hurdles and maybe have other priorities.

A birdy whispered this one to me in response to VTI.....
" USE an IPIP tunnel encrypted using IPsec policy in transport mode instead, it has the same overhead like the VTI which is just an IPsec policy in tunnel mode but instead of choosing the traffic by matching it to a traffic selector, it gets the traffic by normal routing as it is linked to the virtual tunnel interface."

Znevna · Tue Dec 07, 2021 8:25 pm

Can birdie "connect IPIP tunnel encrypted using IPsec policy in transport mode" to IPsec VTI?
No, birdie can't connect those two.

Zetle · Tue Dec 07, 2021 8:35 pm

- The DUDE server is not available under 7.1 packages. Therefore we had to leave our CHR and Dude server in 6.49.2.

+1 for The Dude Server...
Did someone try to use 7.1 agents on 6.48.x Dude Server ? I suppose it will not work, as the previous minor version upgrades wasn't compatible with each other

flatbat · Tue Dec 07, 2021 8:38 pm

Upgrading from 6.49.1 worked mostly fine for us, except;

* OSPF areas connected over PPP-links were missing;
This was lost in ROS6:
/routing ospf network
add area=backbone network=10.7.1.0/24
Manually readded in ROS7 after upgrade like this:
/routing ospf interface-template
add area=backbone-v2 networks=10.7.1.0/24 type=ptp

* Metal 2SHPn crashes when wlan1 interface is enabled (using Atheros AR92xx).
Not supported by ROS7 ?

pe1chl · Tue Dec 07, 2021 8:56 pm

Can birdie "connect IPIP tunnel encrypted using IPsec policy in transport mode" to IPsec VTI?
No, birdie can't connect those two.

No, but when you can configure the other end as well you can configure that with IPIP/IPsec or GRE/IPsec and it will work.
Of course you then still have to arrange the routing. As I expected, DMVPN was thrown in as the next "we need to have this or else!"...

When you want to setup a VPN (partly) mesh e.g. for a number of company locations, and you want to use MikroTik routers (possibly combined with Cisco), you can use the standard protocols GRE/IPsec or L2TP/IPsec and BGP. It will work fine.
It is not VTI. It is not DMVPN. But it is not Cisco, the inventor of those proprietary protocols.

manish · Tue Dec 07, 2021 8:58 pm

I tried to upgrade couple of routers to test, and I see TE does not work, has anybody else managed to get it working? Thank you.

Moc · Tue Dec 07, 2021 9:13 pm

Upgraded my RB4011 + wireless as my home router, and the unit would boot loop every minute or so. I do have an EoIP tunnel on it which never passed traffic, and I have 2 Caps client.
I can't play too much with it right now so reverted it back to v6 and it back to normal ! v7 still have a long way to go ! I hope it get there !

denisun · Tue Dec 07, 2021 9:30 pm

Graphing work only in http mode.
In https i get a "Error 404: Not Found".
In the same time the webfig with https work perfect.

Tue Dec 07, 2021 10:24 pm

Support at mikrotik dot com.

Too obvious ?

pe1chl · Tue Dec 07, 2021 10:26 pm

Mail it to support@mikrotik.com
Or better: go to https://help.mikrotik.com/servicedesk/ and create an account.
Create a new ticket, describe the issue, and add the supout.rif file when submitting the ticket.

docmarius · Tue Dec 07, 2021 10:30 pm

Bug: Increasing RIP route timeout, garbage collector and update interval in Routing->Rip->Instance has no effect (unless they are not defined in seconds as I assume)...
Setting GC e.g. to 1200 will still wipe out routes after 3 minutes.

Wish: Add suppress HW offload option to RIP interface template.

Pea · Tue Dec 07, 2021 10:46 pm

What happened? How to upgrade to v7.1?
(this attempt done through Check For Updates from Channel: upgrade)

mkx · Tue Dec 07, 2021 10:53 pm

Didn't you read any of posts in this thread? The only way of installing ROSv7 on de-bundled ROSv6 hAP ac2 is netinstall.

Chupaka · Tue Dec 07, 2021 10:58 pm

They do work. v7 introduced a new limitation: target-scope of your route must be greater than target-scope of the route through which it should be resolved.
Heh, I am not sure if I need to take a philosophy course or go to Hogwarts School of Magic to understand that sentence let alone MTs intentions. Never understood scope anyway (at least nothing sticks in my brain).

Well, easier way of thinking about it is: "target-scope must be lower on each level of recursion"

mducharme · Tue Dec 07, 2021 11:09 pm

This is fully understood, but doesn't explain why the speed dropped by about 60% going from 6.49.2 to 7.1.

How are you testing the IPv6 speed in 7.1? The test method may have something to do with it.

joegoldman · Tue Dec 07, 2021 11:27 pm

News letter has a typo - OSFP at one point - looks like its just as QA'd as ROSv7 :D

I'll be waiting a fair few releases before even considering this. Its not even up to feature parity with v6 correct?

xtaz · Tue Dec 07, 2021 11:38 pm

This is fully understood, but doesn't explain why the speed dropped by about 60% going from 6.49.2 to 7.1.
How are you testing the IPv6 speed in 7.1? The test method may have something to do with it.

Four different speed tests. speedtest.net, fast.com, my ISPs own speedtest server, and one at AWS. I have Gbit fibre. With IPv4 it goes at 920Mbit/s on both 6.49.2 and 7.1. With IPv6 it goes at 420Mbit/s on 6.49.2. Upgrade to 7.1 and it drops to 200Mbit/s on all four different speedtests. Downgrade it back to 6.49.2 and it's back up to 420Mbit/s again.

Quasar · Tue Dec 07, 2021 11:44 pm

...
3. ipv6 > fw > cvonnections
is empty with none connections
4. ipv6 > fw > filter rules
i have accept established/related connections and after that
i have drop invalid.
With above setup, all connections drop as invalid (tcp syn,ack,syn/ack, udp).
The above setup work perfect in 6.x editions.
I have same issue with ipv6 on hAP AC after upgrade. No connections, filter rules with established/related filter doesn't work. It looks like connection tracking doesn't work properly.

Same. IPv6 is broken on hAP ac. Earlier I asked about v7 IPv6 forwarding speed. Guess it's 0 Mbit/s for hAP ac.

IPv6 works on v6. On v7 IPv6 DHCPv6, RA works, but LAN→WAN forwarding fails. I can even ping from the internet to LAN - ICMPv6 is delivered to LAN, but the reply doesn't seem to get forwarded even with an ACCEPT IPv6 on top of FORWARD chain (sniffer shows it on LAN bridge, but not on WAN).

Also, the neighbor discovery list shows all entries stale/noarp, with only sometimes displaying reachable.

Znevna · Tue Dec 07, 2021 11:46 pm

check your routes...
I'm sick of reposting this link everywhere
viewtopic.php?t=177800#p874200

draga79 · Tue Dec 07, 2021 11:54 pm

Tried to update RB4011 from 6.49.1 to 7.1 (very simple setup). Reboot went fine, but after FW update the device went unusable (no IP address on any interface, no access via MAC (even directly connected to the device), but winbox showed is as neighboured). Netinstall ...

Same here with RB4011. I had to restore to factory defaults via console and revert to 6.49

BostjanC · Tue Dec 07, 2021 11:59 pm

Serious question. How to upgrade the flash storage on hAP ac2?
If I want to install a wifiwave2 14MB package to a 16 MB storage size ...
Is it possible that Mikrotik will provide a path where we can have RouterOS v7 with wifiwave2? Or is there a way to desolder stock flash chip and solder a larger - perhaps 32MB flash chip?
Seriously.

gittubaba · Wed Dec 08, 2021 12:12 am

Seems like development channel is deleted? it says file not found. Moved over to "testing" channel.
Any idea about container package availability? Just ordered a RB5009 to play with, its cpu power will mostly sit idle without docker :(

epkulse · Wed Dec 08, 2021 12:22 am

Unable to upgrade from 6.49.2. Stops at "Calculating Download Size" on a RB1100AHx4... Have removed Dude, still no luck...

mducharme · Wed Dec 08, 2021 12:38 am

Four different speed tests. speedtest.net, fast.com, my ISPs own speedtest server, and one at AWS. I have Gbit fibre. With IPv4 it goes at 920Mbit/s on both 6.49.2 and 7.1. With IPv6 it goes at 420Mbit/s on 6.49.2. Upgrade to 7.1 and it drops to 200Mbit/s on all four different speedtests. Downgrade it back to 6.49.2 and it's back up to 420Mbit/s again.

Unfortunately this is expected. Route caching no longer exists in v7 and in v6 it gave an artificial boost (usually double or even more) to the actual real world bandwidth that you could get, for speed tests and bulk downloads. So on RouterOS v6 you are getting a speedtest result of 420Mbps, but the actual real world traffic with normal traffic patterns would probably drop it down to below 200Mbps capacity, because unlike speed tests and big file downloads, normal real world traffic patterns are mostly cache miss events, decreasing performance.

So the good news is that for real world traffic patterns, it is probably faster than your router on RouterOS v6. The bad news is that because v6 gives that artificial boost to the speed test results, you cannot compare this, and v6 appears to be much faster than v7 because of the speedtest results.

This is not "fixable" as it is not a problem, and you should not expect additional v7 releases to make a big difference here in terms of performance. IPv6 fasttrack would of course make a big improvement, but that is unrelated to route caching.

Quasar · Wed Dec 08, 2021 12:46 am

check your routes...
I'm sick of reposting this link everywhere
viewtopic.php?t=177800#p874200

Thanks. That solves it.

If you use PPPoE and DHCPv6 uncheck 'Add Default Gateway' on the latter, or set route distance >1

After your comment I checked my routes:

[admin@router] /routing/route> print detail where afi=ip6 dst-address=::/0
Flags: X - disabled, F - filtered, U - unreachable, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, a - ldp-address, l - ldp-mapping, y - copy; 
H - hw-offloaded; + - ecmp, B - blackhole 
 Av + afi=ip6 contribution=active dst-address=::/0 routing-table=main pref-src="" gateway=pppoe 
       immediate-gw=pppoe distance=1 scope=30 target-scope=10 belongs-to="VPN route" 
       debug.fwp-ptr=0x202423C0 

 Ad + afi=ip6 contribution=active dst-address=::/0 routing-table=main pref-src="" 
       gateway=fe80::ae4e:91ff:fe66:ecc9%pppoe immediate-gw=pppoe distance=1 scope=30 target-scope=10 
       vrf-interface=pppoe belongs-to="DHCP route" 
       debug.fwp-ptr=0x20242360

Somehow both PPPoE and DHCPv6 add a route. Note:

If you disable IPv6 on PPPoE profile (configure explicit no, because default implies yes) DHCPv6 doesn't work anymore either. Is that a bug or a feature?
Why is this marked ECMP? Why doesn't it work?
You can fix it by disabling Add Default Route on DHCPv6 or set DHCPv6 default route distance to >1.

What the hell..

[hr]

As for IPv6 routing speed: my download speed on hAP ac degraded from 36.8 MB/s (v6) to 20.6 MB/s (v7) on a HTTP 1gb.bin speedtest.

Unfortunately this is expected. Route caching no longer exists in v7 and in v6 it gave an artificial boost (usually double or even more) to the actual real world bandwidth that you could get, for speed tests and bulk downloads.

Interesting. Do you have more details on how/why this works?

EDIT: perhaps this: Tuning Linux IPv4 route cache? Also mentions it was dropped in Linux v3.6+

mducharme · Wed Dec 08, 2021 12:56 am

Interesting. Do you have more details on how/why this works? Why is a cache relevant if it's traffic from a single originating IP?

Route caching was a feature in the Linux kernel that was taken out about 10 years ago. It created a "cache" of routes based on source and destination hashes to improve performance. However, the large number of port scanners that started to appear caused the cache to fill up with garbage src-destination pairs, making performance even worse than if it didn't exist. So route caching was removed from the Linux kernel because of this. In RouterOS v6 it makes speedtests faster for one system, or a big file download for one system faster, but with real world traffic for a bunch of clients to a bunch of different destinations is much slower on RouterOS v6 because it has to look in the cache first, and the cache actually slows things down in this case. So RouterOS v7 is actually faster in general, it just appears to be slower because of what route caching does with a speed test. A better way of comparing v6 and v7 performance would be to set up a bunch of systems behind the router and have a bunch of users going to many websites to try to create as much traffic as possible, but that is too much work for most people.

In other words, in situations where the CPU becomes a bottleneck, in RouterOS v6 the speedtest results could show you about double what your router could actually do. In RouterOS v7 it should show what it can actually do.

More details from @raimondsp can be found here: viewtopic.php?p=882867#p882867

Quasar · Wed Dec 08, 2021 1:15 am

Thanks, very interesting!

I think my real-life v6 performance was closer to 20 MB/s than 36 MB/s (which supports your theory), but my gut feeling tells me traffic patterns would be the deciding factor in the end - on a home connection it seems easy to hit the cache on a single download (I'm sure it was slightly faster in practice than my benchmark), whereas if you're an ISP serving many clients v7 would most definitely be faster.

Time to upgrade to RB5009 I guess..

mducharme · Wed Dec 08, 2021 1:34 am

on a home connection it seems easy to hit the cache on a single download (I'm sure it was slightly faster in practice than my benchmark)

Yes, that's true - anything like a speedtest or big file download and similar bulk transfer between an IP pair will mostly hit the cache (100% or close), but usually people only download big files and do speed tests very irregularly and not very often at all, so it does not represent most users typical traffic patterns.

For more people it is going to come down to a psychological thing - it is nice and reassuring seeing big numbers on the speed tests, and going up to v7 and seeing those drop (which will happen to many people) is going to cause some disappointment, even with these explanations given.

networkrevolt · Wed Dec 08, 2021 1:48 am

trying to upgrade a CHR, is anyone getting this too?

@MikroTik] /system package update> download
channel: upgrade
installed-version: 6.49.2
latest-version: 7.1
status: calculating download size..

been like this for hours

anav · Wed Dec 08, 2021 2:22 am

capac doesnt want to upgrade from 6.48.6 so I upgraded it to 6.49.9 thinking maybe it was a step to far same result.
It loads the ARM file 12.3 Size and goes through what looks like a normal cycle process, disconnects and a minute later or so come back up??

Also, once I get it uploaded, where is the safe mode selected (where one can turn off the "feature" that allows someone to bypass the cleansing effects of netinstall).

galaxyaord · Wed Dec 08, 2021 2:36 am

Bootloop in starting kernel with version 6 bonding. I can send my .backup to support for review, just write to me.

mducharme · Wed Dec 08, 2021 2:45 am

Bootloop in starting kernel with version 6 bonding. I can send my .backup to support for review, just write to me.

You should just email support with a supout file, it is preferred to a .backup.

galaxyaord · Wed Dec 08, 2021 2:50 am

Bootloop in starting kernel with version 6 bonding. I can send my .backup to support for review, just write to me.
You should just email support with a supout file, it is preferred to a .backup.

Not possible, the router never starts

bobaoapae · Wed Dec 08, 2021 4:06 am

I just tried to upgrade my hap ac3 but had to downgrade it back to 6.49.2 again. IPv6 throughput on 6.49.2 is 420Mbit/s but on 7.1 it's only 200Mbit/s. So that's a significant regression.

On hEX(RB760iGS) the same issue... in 6.49.2 i can get full 600Mbit/s up and down(without any ipv6 rule on firewall) and 400 Mbit/s up/down(with ipv6 firewall rule)

With 7.1 i can only get 300Mbit/s with ipv6 enabled, with or without rules on ipv6 firewall.

Tested on speedtest and downloading a torrent file

CPU stuck at 30..40% and download speed don't increase more than 20...25 MBs/s

mducharme · Wed Dec 08, 2021 4:18 am

With 7.1 i can only get 300Mbit/s with ipv6 enabled, with or without rules on ipv6 firewall.

Please see my previous response, this is normal and expected:

viewtopic.php?p=896088#p896045

And see the following messages as well where more detail and context was provided.

bobaoapae · Wed Dec 08, 2021 4:24 am

With 7.1 i can only get 300Mbit/s with ipv6 enabled, with or without rules on ipv6 firewall.
Please see my previous response, this is normal and expected:

viewtopic.php?p=896088#p896045

And see the following messages as well where more detail and context was provided.

Yeah i see...

But in previous versions on beta 7, before add ipv6 nat firewall i don't have any drop speed (just if i add some firewall rules on ipv6, but with blank table my speed keep full)

On 7.1 if i disable ipv6 on my machine, i can get full speed too

mducharme · Wed Dec 08, 2021 4:27 am

On 7.1 if i disable ipv6 on my machine, i can get full speed too

Because in both RouterOS v6 and v7, there is fasttrack available for IPv4 and not IPv6. When you use this it decreases the CPU load of IPv4 traffic, and it is enabled by default. So this gives you a "boost" for IPv4 that isn't there for IPv6. In RouterOS v6 there was the route cache that gave an artificial boost to speedtest traffic and similar bulk transfers, which helped the IPv6 speedtest results a bit, but now this is gone in v7. You should get full speed when they finally add fasttrack for IPv6 in RouterOS v7 - I'm sure this is in the pipeline.

Obviously if there were a secondary problem here, it would be hard to diagnose if you can't really use speedtest to verify it, but my suspicion in your case is that there is probably no issue. Even a few months back, I already foresaw when MikroTik did the stable release of v7 that there would be many people popping up to say that there was some major issue because their router was slower than before, but that most of those would be noise and non-issues because of the route caching removal reducing speedtest results. Unfortunately that noise makes it hard to separate the people who are having real issues that they shouldn't be having from the people who are just experiencing the slower speedtest results in v7 due to the route caching change.

mducharme · Wed Dec 08, 2021 4:33 am

Container is missing?

Yes, this is already known - I am guessing it will probably make an appearance in 7.2 as it was not ready, you can use the rc3 if you really need it.

bobaoapae · Wed Dec 08, 2021 5:05 am

On 7.1 if i disable ipv6 on my machine, i can get full speed too
Because in both RouterOS v6 and v7, there is fasttrack available for IPv4 and not IPv6. When you use this it decreases the CPU load of IPv4 traffic, and it is enabled by default. So this gives you a "boost" for IPv4 that isn't there for IPv6. In RouterOS v6 there was the route cache that gave an artificial boost to speedtest traffic and similar bulk transfers, which helped the IPv6 speedtest results a bit, but now this is gone in v7. You should get full speed when they finally add fasttrack for IPv6 in RouterOS v7 - I'm sure this is in the pipeline.

Obviously if there were a secondary problem here, it would be hard to diagnose if you can't really use speedtest to verify it, but my suspicion in your case is that there is probably no issue. Even a few months back, I already foresaw when MikroTik did the stable release of v7 that there would be many people popping up to say that there was some major issue because their router was slower than before, but that most of those would be noise and non-issues because of the route caching removal reducing speedtest results. Unfortunately that noise makes it hard to separate the people who are having real issues that they shouldn't be having from the people who are just experiencing the slower speedtest results in v7 due to the route caching change.

Thank's, i will wait for news on ipv6 fasttrack before report any "no issue" related things. As for now i will keep on 6.x because i really need that speed and i don't want buy a new router just for this rsrs

hknet · Wed Dec 08, 2021 5:14 am

tried bgp with tcp-md5-key with some ciscos - ends up with "%TCP-6-BADAUTH: Invalid MD5 digest from " always.
configuring a new session without md5-key the session gets established just fine...

birendersinghbudhwar · Wed Dec 08, 2021 5:21 am

Hi, Mikrotik Team,

I upgraded one router with 6.49.1 to 7.1 after upgrading internet stopped working and load balancing also stopped working.

Issue is from route side even pppoe connections are up but when try to ping 8.8.8.8 it's not able to ping it. So restored back to 6.49.1

Please update what settings to be updated for load balancing and route side.

Thanks and regards

Birender

mducharme · Wed Dec 08, 2021 5:21 am

Thank's, i will wait for news on ipv6 fasttrack before report any "no issue" related things. As for now i will keep on 6.x because i really need that speed and i don't want buy a new router just for this rsrs

One thing that you could try that would be a good test in RouterOS v7 only would be to try going into your IPv4 firewall, disabling the fasttrack-connection rule, and see how it impacts your IPv4 speed - it should make it the same as IPv6 with about the same number of firewall rules.

Wed Dec 08, 2021 6:16 am

Is MLAG stable in version 7.1 for use in data centers?
2 x Switch CRS326-24S+2Q+RM configured with one bridge, multiple ports with different PVID and with several ports configured as tagged?

In my testing with CRS317 and CRS326 it is stable, just make sure you run RouterOS 7.1 or newer.

hknet · Wed Dec 08, 2021 7:13 am

after adding a full ipv4-table to a RB4011iGS the device itself is running fine, but winbox gets disconnected if you try to open the ip/route window.

trying "/routing/route/print count-only where bgp" to get the number of routes learned takes several minutes;
while "/routing/route/print count-only" answers fast and correct with 868297
this first look BGP into behaviour seems not ready for full-tables right now, especially if one wants to debug things in case something goes sideways.

and one cpu core is always into "routing" according to cpu-profiling, we can savely guess it's bgp as when we disable this connection the cpu-usage goes back to near zero.

this high-cpu-usage-situation is in fact bad, one bgp process should never eat one core fulltime.

mducharme · Wed Dec 08, 2021 7:16 am

still have checksum warnings on ospf with simple auth

OSPF auth is broken, they have said it will be fixed in the next release.

noyo · Wed Dec 08, 2021 8:26 am

Helo Helo. Multiplication does not work.

Script:

:local voltage [/system health get [find where name="voltage"] value=value];
:put ($voltage*10);

Result:
00:02:07

Result is wrong

eworm · Wed Dec 08, 2021 8:35 am

The value is not numeric but a string... If you want to do math you have to convert it before.

(You may be interested in my script Notify about health state. See the source for an idea what I do.)

epkulse · Wed Dec 08, 2021 8:53 am

trying to upgrade a CHR, is anyone getting this too?

@MikroTik] /system package update> download
channel: upgrade
installed-version: 6.49.2
latest-version: 7.1
status: calculating download size..

been like this for hours

Same issue here with a RB1100AHx4. Nothing happens....

aqua39 · Wed Dec 08, 2021 9:23 am

I have 3 AP hAP ac2 managed via CAPsman on HEXs. After upgrading from 6.49.2 to 7.1 I have a problem. On devices that connect to AP the following message is displayed: Connected. Internet connection is unavailable. Despite this message, there is no internet connection on some devices on others. They connect to the same AP. Worse still, there are problems with devices connected by cable. Some have access to the Internet, others do not. They all correctly receive their settings from DHCP. When I go back to 6.49.2 everything works as it should. I just need to upload the settings backup file to hEXs.

Wed Dec 08, 2021 9:46 am

I have 3 AP hAP ac2 managed via CAPsman on HEXs. After upgrading from 6.49.2 to 7.1 I have a problem. On devices that connect to AP the following message is displayed: Connected. Internet connection is unavailable. Despite this message, there is no internet connection on some devices on others. They connect to the same AP. Worse still, there are problems with devices connected by cable. Some have access to the Internet, others do not. They all correctly receive their settings from DHCP. When I go back to 6.49.2 everything works as it should. I just need to upload the settings backup file to hEXs.

Best to create a separate post with export of your config.
I have capsman running under 7.1 without problem. Most likely it is something config related which changed from 6.49.2 to 7.1.

paulct · Wed Dec 08, 2021 10:10 am

The new CRS9015 running V7.1 is excellent ;)

Jotne · Wed Dec 08, 2021 11:29 am

Version information showing 7.1 (testing)

Yes it does. Even if its stable.
Have you read the forum, you would have seen why.

Jotne · Wed Dec 08, 2021 11:32 am

Helo Helo. Multiplication does not work.

This works for me:

{
local volt [/system health get voltage]
:put ($volt/10)
}

or 
:put ([/system health get voltage]/10)

I need to devide voltage by 10, not multiply in Splunk for Mikrotik to graph voltage. See link in signature.

Edit.

I do see that this does not work in 7.1 on my SXT 5HPnD r2 even if Winbox shows voltage

Edit 2

Mikrotik does not work with decimal numbers, so you can not use :tonum with values like 24.2.
Will investigate
Info from Mikrotik: viewtopic.php?p=118476#p118476

:put [/system health get [find where name="voltage"] value=value]
12.2

So here solution is to remove the . and then divide by 10 outside Mikrotik.

Edit 3

Here is how I fixed it i a new version of script that would work bot with 6.x and 7.x

do={
	:do {
		# New version
		:foreach id in=[/system health find] do={
			:local health "$[/system health get $id]"
			:set ( "$health"->"script" ) "health"
			:log info message="$health"
		}
	} on-error={
		# Old version
		:if (!([/system health get]~"(state=disabled|^\$)")) do={
			:local health "$[/system health get]"
			:set ( "$health"->"script" ) "health"
			:log info message="$health"
		}
	}
}

Pea · Wed Dec 08, 2021 11:42 am

Didn't you read any of posts in this thread? The only way of installing ROSv7 on de-bundled ROSv6 hAP ac2 is netinstall.

I did, but obviously not all :)
Thank you for hint, I will try netinstall tonight...

angriukas · Wed Dec 08, 2021 11:47 am

After upgrade from long-term (probably was 6.47.10) to 7.1 - PIM config was cleared. Seems to be no conversion occurred, PIM is empty after upgrade.
Update: downgraded to 6.48.6 - PIM config in place.

pe1chl · Wed Dec 08, 2021 11:51 am

Didn't you read any of posts in this thread? The only way of installing ROSv7 on de-bundled ROSv6 hAP ac2 is netinstall.
I did, but obviously not all :).

You could at least have opened the topic and do a Ctrl-F search for "hAP ac2"... it is mentioned several times already.

SirPrikol · Wed Dec 08, 2021 11:52 am

Same Problem here. CCR1009 with Capsman "on" crash and reboot in loop without logging any Problem.

Confirm on CCR2004

denisun · Wed Dec 08, 2021 11:53 am

check your routes...
I'm sick of reposting this link everywhere
viewtopic.php?t=177800#p874200

I have the same settings as your attachment.
All the connections mark as invalid and if i have the next rules in fw, all traffic drops to "forward drop invalid" rule.

add action=accept chain=forward comment=\
    "Forward accept established, related connections" connection-state=\
    established,related
add action=drop chain=forward comment="Forward  drop invalid connections" \
    connection-state=invalid
add action=accept chain=forward comment="Forward accept ICMP" protocol=icmpv6
add action=drop chain=forward comment="Forward drop all not from LAN" \

I i disable the drop invalid rule then, icmp traffic work perfect, but all others packets drop to "all not from lan' rule.
All above conf work perfect in ros 6.

Znevna · Wed Dec 08, 2021 12:02 pm

I didn't post any settings. The screenshots are obviously from the non-working scenario, read what I wrote there.
Also what Quasar wrote above: viewtopic.php?t=180831&start=300#p896048
Post your routes too.

epkulse · Wed Dec 08, 2021 12:51 pm

trying to upgrade a CHR, is anyone getting this too?

@MikroTik] /system package update> download
channel: upgrade
installed-version: 6.49.2
latest-version: 7.1
status: calculating download size..

been like this for hours
Same issue here with a RB1100AHx4. Nothing happens....

Anyone else having these issues - and possibly a resolution? I have created a support ticket, but no response yet. Would like to upgrade, but it is impossible....

denisun · Wed Dec 08, 2021 12:55 pm

I didn't post any settings. The screenshots are obviously from the non-working scenario, read what I wrote there.
Also what Quasar wrote above: viewtopic.php?t=180831&start=300#p896048
Post your routes too.

Flags: D - DYNAMIC; A - ACTIVE; c, d, v, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAv ::/0 pppoe-out1 1
DAd 2a02:587:1917:e200::/56 1
DAc 2a02:587:1917:e200::/64 bridge1 0
DAc fe80::%ether1/64 ether1 0
DAc fe80::%bridge1/64 bridge1 0
DAc fe80::%pppoe-out1/64 pppoe-out1 0

Jotne · Wed Dec 08, 2021 1:22 pm

Anyone else having these issues - and possibly a resolution? I have created a support ticket, but no response yet. Would like to upgrade, but it is impossible....

I do see many post here about this, that you can download the package and copy it to files and reboot.
Have your tried that?

Example this post:
viewtopic.php?t=181021

Znevna · Wed Dec 08, 2021 1:24 pm

@denisun I see nothing wrong in the bits and pieces provided.
Enable logging on that invalid fw rule and try to figure out why those packets are considered invalid.
Is bridge1 still in LAN interfaces list?

netbus · Wed Dec 08, 2021 1:41 pm

Hello Team,
After upgrading to RouterOs7, IPv6 Firewall Tracking is not working anymore.
In other words, the IPv6 Firewall is not statefull anymore. All return traffic is dropped because there is no session existing.
I dis/enabled IPv6, IPv6 Forwarding but without success. Any Idea?

kblazewicz · Wed Dec 08, 2021 1:42 pm

NTP webfig UI seems broken, it doesn't display servers, and edits are not applied. 7.1/CCR2004

The release also still says "testing", I assume since it was not rebuilt.

Can confirm both on hAP ac2 migrated from v6.49.1

Zrzut ekranu 2021-12-8 o 12.40.58.png

Actual configuration is present:

Zrzut ekranu 2021-12-8 o 12.47.48.png

Also routes configuration doesn't work in WebFig:

Zrzut ekranu 2021-12-8 o 12.41.54.png

From terminal:

Zrzut ekranu 2021-12-8 o 12.49.02.png

denisun · Wed Dec 08, 2021 1:47 pm

@denisun I see nothing wrong in the bits and pieces provided.
Enable logging on that invalid fw rule and try to figure out why those packets are considered invalid.
Is bridge1 still in LAN interfaces list?

bridge1 include all ethers except the ether1 in which is connected the modem (bridge mode).
When logs in drop invalid con is enable i have this:
2021-12-06 23:08:18 XXXXX firewall,info forward: in:pppoe-out1 out:bridge1, src-mac 00:c1:64:XXXXXXX, proto TCP (SYN,ACK), [2606:2800:133:f17:19e8:2356:251b:2a9]:443->[2a02:587:1917:4000:ecbc:51d3:4e66:df7a]:25139, len 32

maigonis · Wed Dec 08, 2021 1:49 pm

PDF information: https://mt.lv/RouterOSv7

Video in Spanish: https://youtu.be/fzLxTl6VXRI
Video in English: https://youtu.be/Zp-U7Anv5-0
Video in Russian: https://youtu.be/xRGBbXJc1xA
The video missed the most important point......................
Where do I get that Unicorn MuG!!
Normis email me to get my physical address for mug package!

On a serious note.
community filtering addressing???
zerotier (sdwan) for the home....... what will it allow me to do??

Yes, where is das mug link?!?

Znevna · Wed Dec 08, 2021 1:56 pm

@denisun, I've asked if your bridge, "bridge1" is in LAN interfaces list.

/interface/list/member/print 
Columns: LIST, INTERFACE
# LIST  INTERFACE 
0 LAN   bridge    
1 WAN   pppoe-wan1

schtaaf · Wed Dec 08, 2021 2:46 pm

I have 2-two CRS112-8P-4S-IN in production, one 120 kms away, the other 2500 kms away. Yesterday I upgraded several Routerboards to version 7.1 with no trouble, but when I upgraded one of the switches it did not come back up again!

Luckily it was the closest, but I have to go to the installation and manually reset the power and maybe downgrade the switch to 6.49.2 on which it runs fine.

Has anyone else experienced anything like this?

pe1chl · Wed Dec 08, 2021 2:53 pm

Has anyone else experienced anything like this?

No, I would not dare to do such an upgrade on a remote device! At least I would first make sure there is someone available near the device to do things like powercycling and preferable also able to recover it using netinstall.

Jotne · Wed Dec 08, 2021 3:21 pm

Has anyone else experienced anything like this?

If there are no need for function from 7.1 do not upgrade yet.
When upgrade, do it on a 100% equal unit with same configuration and same RouterOS as the remote.
If that goes well, it may be that you can upgrade the remote device.

Ullinator · Wed Dec 08, 2021 3:40 pm

Has anyone else experienced anything like this?
If there are no need for function from 7.1 do not upgrade yet.
When upgrade, do it on a 100% equal unit with same configuration and same RouterOS as the remote.
If that goes well, it may be that you can upgrade the remote device.

I totally agree with Jotne: do NOT upgrade on business critical systems yet!
And make sure you have physical access to the devices you want to upgrade to 7.1 to be prepaired to downgrade via netinstall, if nessesary.

schtaaf · Wed Dec 08, 2021 3:43 pm

Oh boy, some totally useless replies.
Of course I learnt the lesson, that was not my point!

Ullinator · Wed Dec 08, 2021 3:45 pm

Ahh, MikroTik cleans up the DOWNLOAD section :-)
It´s now separeted between ROS V6 and ROS V7.
Makes it more clear!!
@MikroTik: one remark: in the device lists over the chip section the RB5009 is still missing at ARM64 ;-)

evbocharov · Wed Dec 08, 2021 3:46 pm

7.1rc7 version is newer than final 7.1?
or iclude all changes in 7.1 from rc7?

fragtion · Wed Dec 08, 2021 3:50 pm

Has anyone else experienced anything like this?
No, I would not dare to do such an upgrade on a remote device! At least I would first make sure there is someone available near the device to do things like powercycling and preferable also able to recover it using netinstall.

Remote devices need to be upgraded too at some point and it is not always possible to have someone on site to hard reset or even netinstall. I'm sure there are many, many of us who manage remote Mikrotik devices (especially in home & soho environment) on behalf of dumb users on the other side. In such cases it could be a nightmare if the upgrade fails catastrophically. Hopefully reliability of upgrades will continue to be improved..

Znevna · Wed Dec 08, 2021 4:00 pm

So you also use Windows Insider and complain to Microsoft when your PC crashes?

denisun · Wed Dec 08, 2021 4:10 pm

@denisun, I've asked if your bridge, "bridge1" is in LAN interfaces list.
Code: Select all
/interface/list/member/print 
Columns: LIST, INTERFACE
# LIST  INTERFACE 
0 LAN   bridge    
1 WAN   pppoe-wan1

Hi @Znevna .
No i have not use any interface list.

Znevna · Wed Dec 08, 2021 4:13 pm

So how do you expect your firewall to function properly?
You have two rules that use the LAN interface list

add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

epkulse · Wed Dec 08, 2021 4:25 pm

Anyone else having these issues - and possibly a resolution? I have created a support ticket, but no response yet. Would like to upgrade, but it is impossible....
I do see many post here about this, that you can download the package and copy it to files and reboot.
Have your tried that?

Example this post:
viewtopic.php?t=181021

Will do this evening. Was worried that the reason for this state is connected to an issue with my HW not permitting (supporting) upgrade....

denisun · Wed Dec 08, 2021 4:31 pm

So how do you expect your firewall to function properly?
You have two rules that use the LAN interface list
Code: Select all
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

Where is this post?
Its not mine.
This is my complete rules in fw filter in ipv6:

/ipv6 firewall filter
add action=accept chain=input comment=\
    "Input accept established, related connections" connection-state=\
    established,related
add action=drop chain=input comment="Input drop invalid connections" \
    connection-state=invalid
add action=accept chain=input comment="Input accept ICMP" protocol=icmpv6
add action=accept chain=input comment="Input accept DHCPv6 client" dst-port=\
    546 protocol=udp
add action=drop chain=input comment="Input drop all not from LAN" \
    in-interface=pppoe-out1
add action=accept chain=forward comment=\
    "Forward accept established, related connections" connection-state=\
    established,related
add action=drop chain=forward comment="Forward  drop invalid connections" \
    connection-state=invalid
add action=accept chain=forward comment="Forward accept ICMP" protocol=icmpv6
add action=drop chain=forward comment="Drop no forward IP" dst-address-list=\
    NoForwardIP out-interface=pppoe-out1
add action=drop chain=forward comment="Forward drop all not from LAN" \
    in-interface=pppoe-out1

Ivoshiee · Wed Dec 08, 2021 4:34 pm

Tried on a W60g link - the 60G link is established, but IP-traffic over it is not working. Not ready much for anything it seems.
Edit: It seems that it was putting the station interface to a wrong bridge after upgrade and changing it did bring the IP-traffic up and working for that link.

Note: Make RoMon transfer files as well, that at least it will make it good for bringing firmware files over the non-ip trunk.

pe1chl · Wed Dec 08, 2021 4:45 pm

This is my complete rules in fw filter in ipv6:

First try it with the default firewall rules without your own "improvements".

pe1chl · Wed Dec 08, 2021 4:54 pm

can't input text in this column

That is correct. You need to create new routing tables under the routing->table menu now.

BostjanC · Wed Dec 08, 2021 4:55 pm

Mikrotik says that 7.1 is stable release. Mikrotik labels 7.1 as testing in print command or WinBox.
https://i.ibb.co/6gg3tnn/image-2021-12-08-214324.png

Mikrotik please reply to this. Thank you.

denisun · Wed Dec 08, 2021 4:55 pm

This is my complete rules in fw filter in ipv6:
First try it with the default firewall rules without your own "improvements".

Could you post the default rules?

Znevna · Wed Dec 08, 2021 5:03 pm

Check the default configuration script

/system/default-configuration/print

So many problems in v7 that are just user errors, but no, "v7 is bad!!11 v6 worked fine!!11"

infabo · Wed Dec 08, 2021 5:09 pm

Whay CPU Blank?

Because this stable release needs some public testing. I guess Mikrotik does only some kind of smoke tests. Can't expect to catch all cosmetic issues.

videolab · Wed Dec 08, 2021 5:59 pm

How can my client (hotel, reception) use User manager as he used to?

netbus · Wed Dec 08, 2021 6:04 pm

...
3. ipv6 > fw > cvonnections
is empty with none connections
4. ipv6 > fw > filter rules
i have accept established/related connections and after that
i have drop invalid.
With above setup, all connections drop as invalid (tcp syn,ack,syn/ack, udp).
The above setup work perfect in 6.x editions.
I have same issue with ipv6 on hAP AC after upgrade. No connections, filter rules with established/related filter doesn't work. It looks like connection tracking doesn't work properly.

I have also a hap ac² with same issue
One year ROS7 Beta and then such obviously fail

Winkee · Wed Dec 08, 2021 6:05 pm

OpenVPN is still useless without more secure auth methods, like SHA256. Most VPN providers use this auth method in their ovpn configurations, any chance that it will be added anytime soon?

WildRat · Wed Dec 08, 2021 6:05 pm

Tried this version on my wAP AC and hAP AC. On both I have problem with 5Ghz WiFi in direction from client to router. Receiving fine, but transmitting braking, stops. Tried different devices, LAN and WAN destination - same result.

denisun · Wed Dec 08, 2021 6:21 pm

Check the default configuration script
Code: Select all
/system/default-configuration/print
So many problems in v7 that are just user errors, but no, "v7 is bad!!11 v6 worked fine!!11"

i have exactly the same problem even the default conf.
All traffic in ipv6 forward go to drop invalid.

eworm · Wed Dec 08, 2021 6:31 pm

Possibly I saw the same... That would explain why ipv6 NAT did not work.
I did not diagnose further because of broken ipv6 inside Wireguard tunnel.

whatever · Wed Dec 08, 2021 6:36 pm

You should get full speed when they finally add fasttrack for IPv6 in RouterOS v7 - I'm sure this is in the pipeline.

Last "official" info was that IPv6 fast track is in the backlog but not yet on the roadmap.

See initial posting in this thread: viewtopic.php?t=175513
If you think this feature should be prioritized, please raise your voice there to increase visibility.

pe1chl · Wed Dec 08, 2021 6:41 pm

All traffic in ipv6 forward go to drop invalid.

It works fine here! Are you sure your interface lists (LAN, WAN) are correct?
Maybe it is better that you reset the entire router to default, when you don't have a lot of special config in there this is much easier.

denisun · Wed Dec 08, 2021 6:51 pm

All traffic in ipv6 forward go to drop invalid.
It works fine here! Are you sure your interface lists (LAN, WAN) are correct?
Maybe it is better that you reset the entire router to default, when you don't have a lot of special config in there this is much easier.

i use it with and without interface list.
Without interface list i set as lan the bridge and as wan the pppoe connection.

denisun · Wed Dec 08, 2021 7:04 pm

i disable all rules in filter and raw
and i stay only with accept established/related in forward
and drop invalid.
Even if i have only this two rules, all connections go to drop as invalid
and nothing catch in accept.

pe1chl · Wed Dec 08, 2021 7:14 pm

use /export file=name show-sensitive, download the file, reset router to defaults, setup router with quickset (choose PPPoE there), now verify that everything is working OK.
Now use the downloaded file AS A GUIDE to know what else you NEED to put back. Do NOT blindly put everything back, only what you NEED.
(e.g. port forward, WiFi SSID and password)
That will solve the problem. Now whenever you make "improvements", test them and be prepared to change them back.

noyo · Wed Dec 08, 2021 7:39 pm

Helo Helo. Multiplication does not work.

Script:
Code: Select all
:local voltage [/system health get [find where name="voltage"] value=value];
:put ($voltage*10);
Result:
00:02:07

Result is wrong

i did it like this

:local voltage [/system health get [find where name="voltage"] value=value];
:local volArr [:find $voltage "."];
:local volNum $voltage;

   :if ([:len $volArr] > 0) do={ :set volNum [:tonum "$([:pick $voltage 0 $volArr])$([:pick $voltage 1 $volArr])"]; } else={ :set volNum [:tonum "$($volNum)0"]; }

:put $volNum;

cma1kep · Wed Dec 08, 2021 8:45 pm

After upgrading to 7.1, OSPF doesn't install routes in VRF-routing table.
OSPF LSA are accpted, but routing table is not populated.

doka · Wed Dec 08, 2021 8:52 pm

It is not VTI. It is not DMVPN. But it is not Cisco, the inventor of those proprietary protocols.

VTI supported on plenty of platforms and operating systems, not just Cisco. It is too widespread to find justifications for not implementing it.

And I wrote not "DMVPN", but "kind of DMVPN", which differs ;-) And it's not proprietary. Yes, DMVPN invented Cisco, but protocol itself is open.

Thank you.

mducharme · Wed Dec 08, 2021 8:57 pm

I believe VTI was not present in the Linux kernel that RouterOS v6 used, but it should be in the kernel that RouterOS v7 uses, so theoretically it shouldn't be much harder to implement than Wireguard. Probably they did not want to implement it right away to prevent the ipsec code from diverging between v6 and v7 to make backporting or forward-porting easier, until 7 was stable enough.

ormandj · Wed Dec 08, 2021 9:19 pm

Is anybody else seeing their link dropping with SFP+ interfaces on a CRS328-24P-4S+? Every SFP+ I have is showing link down/up events sporadically. These did not occur prior to update. I cleaned/reinstalled SFPs, but the behavior is the same. FS SFP-10GLR-31 for the SFP+s.

Screen Shot 2021-12-08 at 13.23.08.png

Uplink:

Screen Shot 2021-12-08 at 13.24.04.png

sfpplus2:

Screen Shot 2021-12-08 at 13.24.56.png

4 is the same, so no need for another SS.

Link status:

Screen Shot 2021-12-08 at 13.45.18.png

SUP-68278 in for the link flapping, it's affecting all SFP+s on the switch, which are connected to various other devices/SFPs.

draid · Wed Dec 08, 2021 9:33 pm

Hello guys,

Upgraded to v7.1 a while ago and I'm still struggling to run the recursive fail-over configuration I was using. It's just stating Invalid on multiple rules and refuses to work. Are recursive routes working on v7 at all?

denisun · Wed Dec 08, 2021 9:47 pm

i found the problem with ipv6 connections and drop packets in mangle rules.
If i have any packet mark to post routing, the connections drop as invalid.
If i disable the packet marks, all work perfect: no drop packet and connections tabs show the connections.
But without packet mangle i cant have qos in ipv6.

ksteink · Wed Dec 08, 2021 10:34 pm

Seems there are too many bugs that needs to be baked to have a solid stable release!. I am happy that Mikrotik is finally doing the big push here for RouterOS v7 but needs to polish all these issues that everyone is reporting in this forum

denisun · Wed Dec 08, 2021 10:47 pm

7.2 must release very soon...

felixka · Wed Dec 08, 2021 11:08 pm

After upgrading my RB4011 home router, SSH sessions to remote servers don't work. To make them work again, I have to set on the SSH client another IPQoS (e.g. cs1). Is it normal?
I have a ticket open regarding this: SUP-63430
Support is saying they cannot reproduce it.

Support was finally able to reproduce this and I think we have found the problem. I believe there may be a fix soon.

MikroTikTack · Wed Dec 08, 2021 11:09 pm

In short to ROS 7.1 from my playground:
- Webfig via HTTPS - click Graphics -> still 404 (via unsecured HTTP works...)
- Routing>Filters - no dynamic-in (and others) chain(s), for eg. to check gateway by ping, as it's working OK in ROS 6.x
- why on on official website download section the RB5009 is still not listed under ARM64 arch?...

infabo · Wed Dec 08, 2021 11:13 pm

you have a download button for router os on the rb5009 product page. points to 6.49.2 though.

MikroTikTack · Wed Dec 08, 2021 11:16 pm

you have a download button for router os on the rb5009 product page. points to 6.49.2 though.

oh, come on...

indnti · Wed Dec 08, 2021 11:31 pm

Going back to 6.49.2

Setting a route on a L2TP connection puts the router into a boot loop

IPV6 advertisement does not work correctly

Router tries to get an IP (v4) from it's own DHCP server regardless it has an IP on that interface and DHCP Client is off.

Amm0 · Thu Dec 09, 2021 12:23 am

Totally agree, V7 need to be go forward as it has lots of new features, Normis but I don't have backup now, as updated to 7.1 and LTE stop working. :)
LTE works fine in v7, please make a separate post or contact support via our portal

LTE has been super stable IMO. It's worth mention that if you're using a 4G modem with PPP/"ppp-out" under V6, then upgrading to V7 may be worth trying. The PPP mode in V6 is limited to ~25Mb/s, so if your modem supports "MBIM" or "ECM" (most "4G modems" do) and your carrier faster than than 25Mbs, V7 would get you an instant speed boast with LTE.

Since we've been, waiting, testing, and using the V7 LTE support for a long while, I wrote up a "cheat sheet" for 3rd party modems under V7. Maybe that helps folks struggling with LTE under V7 – in my experience it has mostly "just worked":
viewtopic.php?t=178312#p896342

pe1chl · Thu Dec 09, 2021 12:26 am

Support was finally able to reproduce this and I think we have found the problem. I believe there may be a fix soon.

That would be great! Maybe it fixes my problem as well! (I would need to find a manageble gbit switch to debug it further - to have a mirror port external to the router)

aleavg · Thu Dec 09, 2021 2:27 am

is ZeroTier going to be available on MMIPS devices such as the heX 750g3r? so far i´ve only seen the ARM devices to be suported

dioeyandika · Thu Dec 09, 2021 8:27 am

Winbox Crash after remove bridge port columns on DHCP Lease window

poirus · Thu Dec 09, 2021 8:39 am

I do not recommend using RouterOS7. I tried upgrading different devices 4011, 3011, 1009, 2004 and only the last one was able to work at all with lots of udp problems! And 2004 doesn't work on RouterOS6 at all. If you want to experiment, be sure to backup and physically access the device, some of them not only worked unstably, but required a complete reset. There is a problem with NTP client, vrrp, UDP working terreble, L2TP client, no documentation at all. Things moving to new places, routing table for examle.
If you go to the device and do not see the configuration - this is usually when you upgrade to 7, sometimes the entire configuration is lost, sometimes a random part.

Thu Dec 09, 2021 8:42 am

poirus, what are you talking about? what problems? what does it mean "udp is terrible"? make specific report about each issue, show us the config and the exact results.
there is plenty of documentation http://help.mikrotik.com/docs/

and new features is not a "problem"

Thu Dec 09, 2021 8:45 am

7.1rc7 version is newer than final 7.1?
or iclude all changes in 7.1 from rc7?

7.1 is newer, it includes everyting that was in rc7

Argosy · Thu Dec 09, 2021 8:51 am

I upgrade my RouterBOARD 750G r3 seams to work everything except captive portal which dosn't show up on the guest network. Maybe i just reconfigure it.

bofhgr · Thu Dec 09, 2021 10:28 am

After upgrading to 7.1 in multiple devices (CRS, Audience, cAP) I can not longer disable some services.

Under System -> Packages, I was previously able to disable things like IPv6, MPLS, WireGuard, Routing, PPP, hotspot, wireless etc

In all systems that have been upgraded to 7.1 under System -> Packages there is now only the routeros version 7.1 package and no longer I can disable separate packages.

So how do I disable/remove unwanted features in 7.1? The systems in question have less free memory than what they used to with 6.49.2 and I am suspecting that loading all the extra packages has to do with this issue. Any ideas how to fix it please?

Thu Dec 09, 2021 10:30 am

If you don't use a feature, it is not consuming resources. Disabling packages did not help before either.

tim427 · Thu Dec 09, 2021 10:42 am

So, I've tried to update my RB4011iGS+5HacQ2HnD-IN yesterday, and this is a summary of me upgrading all day;

System -> Packages -> Check For Updates -> Channel: Upgrade -> results in forever "calculating download size.."
Downloaded "routeros-7.1-arm.npk" -> Uploaded to Files -> rebooted
Reboot (with upgrade) went fast -> within 30 seconds the router was online
Problems I wasn't able to fix:
- CAP and CAPsMAN was in flapping state, with this in the Log:
  - "CAP sent max keepalives without response"
  - "CAP disconnected from router01 (::ffff:10.30.0.1:5246)"
  - directly followed by "CAP connected to router01 (::ffff:10.30.0.1:5246), CommonName 'CAPsMAN-C4AD34XXYYZZ"
  - "removing stale connection [::ffff:10.30.0.1:34689,Run,[C4:AD:34:XX:YY:ZZ]] because of ident conflict with [::ffff:10.30.0.1:34428,Join,[C4:AD:34:XX:YY:ZZ]]"
  - routerosv7_log_caps.png
- BGP was broken, with this in the Log "Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1[0] } }"
- routerosv7_log_bgp.png
- Routing -> BGP -> Peer Cache -> that overview lacks on useful data (number of prefixes, uptime, state (not only a "E"), holdtime, etc.
- Apparently BFD isn't implemented/working at all, despite the fact that the option/checkbox is available in the WebFig and CLI -> any ideas when this will be ready?
- Incomplete useless log entries, only containing "by <user>"
- routerosv7_log_incomplete.png
- no possibility to change "listening interface" or "listening address"
Downloaded "routeros-arm-6.49.2.npk" -> Uploaded to Files -> rebooted
CAP and CAPsMAN remains in flapping state...
Decided to perform a factory reset, but this time with v7.1
Uploaded "routeros-7.1-arm.npk" to Files -> rebooted
System -> Reset Configuration -> all checkbox off, except "No Default Configuration"
Created a *semi*-working router -> CAPsMAN was working again, BGP was also working-ish, without BFD but I could live with that (for a while).
Waking up this morning, no WiFi... According to my NMS; crashed at 6:10 (CEST), with again, *ALL* the problems described above (BGP, CAPsMAN)

Probably spending the rest of the again on downgrading, factory resetting and building a new configuration.

Somehow I hoped this "public release" (stable, huh?) wasn't another "test version". Which is by the way, still showing in the WebFig "RouterOS v7.1 (testing)"

routerosv7_header_version.png

I'm happy to test new beta versions, but I'm heavily in doubt whether or not this should have been released as "stable"

NetVicious · Thu Dec 09, 2021 10:45 am

RouterOS v7 born died. Because kernel 5.6 it's EOL [1]

Mikrotik should change the kernel to a longterm kernel, like 5.10. And as I read it relies on 5.6.3 while the last version it's 5.6.19.

[1] https://9to5linux.com/linux-kernel-5-6- ... el-5-7-now

BostjanC · Thu Dec 09, 2021 10:59 am

Mikrotik releases to the market a product with an outdated kernel. The RouterOS v7.1 is still in the testing phase. When v7 will be really stable the kernel will be ancient. And the cycle will repeat for RouterOS v8. It will take 10 years to complete it, by the time v8 will be stable the kernel will be ancient.
Mikrotik is forcing us to consider other vendors! :(

ErfanDL · Thu Dec 09, 2021 11:16 am

so is 7.1 stable or not ?

onnoossendrijver · Thu Dec 09, 2021 11:18 am

Mikrotik releases to the market a product with an outdated kernel. The RouterOS v7.1 is still in the testing phase. When v7 will be really stable the kernel will be ancient. And the cycle will repeat for RouterOS v8. It will take 10 years to complete it, by the time v8 will be stable the kernel will be ancient.
Mikrotik is forcing us to consider other vendors! :(

You could change to Checkpoint with their 2.6 or 3.10 kernel...
Really...

pe1chl · Thu Dec 09, 2021 11:28 am

You should understand that MikroTik does not use the standard kernel but applies a lot of patches (changes) to it.
That is why it is not so easy for them to "just upgrade to the recent kernel". They spent a lot of work over the past year(s) to apply the patches to the kernel
they have now, and "please use a newer kernel" will set back the v7 release another year.
(ok maybe not so much, because of course a lot of work done on patching the 5.x kernel can still be used in a higher version because the differences are less than with the previous kernel from RouterOS v6)
It is not the same as in your home PC where you are running a standard distribution kernel and can "just" update it when you like.

tim427 · Thu Dec 09, 2021 11:41 am

You should understand that MikroTik does not use the standard kernel but applies a lot of patches (changes) to it.
That is why it is not so easy for them to "just upgrade to the recent kernel". They spent a lot of work over the past year(s) to apply the patches to the kernel
they have now, and "please use a newer kernel" will set back the v7 release another year.
(ok maybe not so much, because of course a lot of work done on patching the 5.x kernel can still be used in a higher version because the differences are less than with the previous kernel from RouterOS v6)
It is not the same as in your home PC where you are running a standard distribution kernel and can "just" update it when you like.

Came here to say this. Lot's of enterprise appliances runs on custom (older) kernels, no problems there. Especially if that kernel is downsized to the bare minimum, which results in a lower attack vector.

What we really want is a stable OS ;)

hapi · Thu Dec 09, 2021 11:51 am

So, I've tried to update my RB4011iGS+5HacQ2HnD-IN yesterday, and this is a summary of me upgrading all day;

really?
A few months on the RC version and now on 7.1. No problem. Problem is in configuration.

[admin@hEX S] > caps-man/radio/print detail 
Flags: L - local; P - provisioned 
 0  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - kuchyn" interface=c2-cAP ac - kuchyn-1 
 1  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - kuchyn" interface=c5-cAP ac - kuchyn-1 
 2  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - obyvak" interface=c2-cAP ac - obyvak-1 
 3  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - obyvak" interface=c5-cAP ac - obyvak-1 
 4  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="hAP lite" interface=c2-hAP lite-1 
 5  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac" interface=c2-cAP ac-1 
 6  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac" interface=c5-cAP ac-1 

[admin@hEX S] > caps-man/remote-cap/print detail 
 0 state="Run" name="[XX]" radios=2 address=x.x.x.x/50930 board="RBcAPGi-5acD2nD" version="7.1" identity="cAP ac - kuchyn" 
 1 state="Run" name="[XX]" radios=2 address=x.x.x.x/45591 board="RBcAPGi-5acD2nD" version="7.1" identity="cAP ac - obyvak" 
 2 state="Run" name="[XX]" radios=1 address=x.x.x.x/47335 board="RB941-2nD" version="6.49" identity="hAP lite" 
 3 state="Run" name="[XX]" radios=2 address=x.x.x.x/38077 board="RBcAPGi-5acD2nD" version="6.49" identity="cAP ac"

pe1chl · Thu Dec 09, 2021 11:58 am

So, I've tried to update my RB4011iGS+5HacQ2HnD-IN yesterday, and this is a summary of me upgrading all day;
[*]BGP was broken, with this in the Log "Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1[0] } }"

This is caused by the setting of "local address" in the connection, where in v6 an interface name was allowed and now it requires an IP address.
In v7.1 it is claimed to be fixed, but for me it still does not work correctly on interface that aren't always up (tunnels).

I agree with you that there are still lots of problem, especially in BGP. It's logging sucks. Some features do not work. The overview of
its connection state is incomplete and partially not working.
Not ready for prime-time!

Still I am running it on my home router to keep track of problems and report them here. I hope it results in improvements.

Paternot · Thu Dec 09, 2021 12:02 pm

You should understand that MikroTik does not use the standard kernel but applies a lot of patches (changes) to it.
That is why it is not so easy for them to "just upgrade to the recent kernel". They spent a lot of work over the past year(s) to apply the patches to the kernel
they have now, and "please use a newer kernel" will set back the v7 release another year.
(ok maybe not so much, because of course a lot of work done on patching the 5.x kernel can still be used in a higher version because the differences are less than with the previous kernel from RouterOS v6)
It is not the same as in your home PC where you are running a standard distribution kernel and can "just" update it when you like.

I think that's a thing of the past. Remember that RoS 7.0.x moved from kernel 5.x (I think it was 5.3) to 5.6? Things are much easier now - I think Mikrotik got rid of 90%* of the inhouse kernel patches.

* 95% of the cited statistics are made up on the spot.

BostjanC · Thu Dec 09, 2021 12:03 pm

Mikrotik can outsource the work on the kernel and they focus on theirs (Mikrotik) part of the product. Somebody else can work on the kernel, so Mikrotik will have more resources to work with.
The new kernel had useful features but Mkt stuck with the old one, so their products couldn't have the features which customers wanted.
Too much time Mkt spends on backporting bug fixes to an old kernel. By the time a new Mkt OS is published, Mkt has to invest a LOT of time into adapting to the newer kernel.From one smaller kernel release to the next are very few changes - or even none for networking. But in major releases in several years of development of the kernel, Mkt has to put in a lot of unnecessary time to align their software to newer kernel.
To whom Mkt can outsource work on kernel? Perhaps Linux kernel developers? Don't waste time on backport and caching up. Invest that time to develop Mkt solutions.

I would love to hear Mkt's reply on this.

eworm · Thu Dec 09, 2021 12:04 pm

... moved from kernel 5.x (I think it was 5.3) to 5.6? ...

No, linux was upgraded from 3.3 to 5.6...

tim427 · Thu Dec 09, 2021 12:21 pm

So, I've tried to update my RB4011iGS+5HacQ2HnD-IN yesterday, and this is a summary of me upgrading all day;

really?
A few months on the RC version and now on 7.1. No problem. Problem is in configuration.

[admin@hEX S] > caps-man/radio/print detail 
Flags: L - local; P - provisioned 
 0  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - kuchyn" interface=c2-cAP ac - kuchyn-1 
 1  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - kuchyn" interface=c5-cAP ac - kuchyn-1 
 2  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - obyvak" interface=c2-cAP ac - obyvak-1 
 3  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac - obyvak" interface=c5-cAP ac - obyvak-1 
 4  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="hAP lite" interface=c2-hAP lite-1 
 5  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac" interface=c2-cAP ac-1 
 6  P radio-mac=XX remote-cap-name="[XX]" remote-cap-identity="cAP ac" interface=c5-cAP ac-1 

[admin@hEX S] > caps-man/remote-cap/print detail 
 0 state="Run" name="[XX]" radios=2 address=x.x.x.x/50930 board="RBcAPGi-5acD2nD" version="7.1" identity="cAP ac - kuchyn" 
 1 state="Run" name="[XX]" radios=2 address=x.x.x.x/45591 board="RBcAPGi-5acD2nD" version="7.1" identity="cAP ac - obyvak" 
 2 state="Run" name="[XX]" radios=1 address=x.x.x.x/47335 board="RB941-2nD" version="6.49" identity="hAP lite" 
 3 state="Run" name="[XX]" radios=2 address=x.x.x.x/38077 board="RBcAPGi-5acD2nD" version="6.49" identity="cAP ac"

It worked for 12 hours flawless, and all at a sudden it crashes. This is all done with a clean factory reset and build op from scratch config. I can see it's the CAPsMAN itself, crashing.

Like PE1CHL, I'm keeping v7 on my home router, just to test, and hopefully improve over time.

pe1chl · Thu Dec 09, 2021 12:28 pm

Mikrotik can outsource the work on the kernel and they focus on theirs (Mikrotik) part of the product. Somebody else can work on the kernel, so Mikrotik will have more resources to work with.

The changes of the kernel are the core business of MikroTik.
(ok there is the configuration interface as well, but for the actual features it is like that)

pe1chl · Thu Dec 09, 2021 12:30 pm

It worked for 12 hours flawless, and all at a sudden it crashes. This is all done with a clean factory reset and build op from scratch config. I can see it's the CAPsMAN itself, crashing.

Yes it is likely CAPsMAN because I have a RB4011 and a hAP ac2 both running 7.1 without CAPsMAN and I have not seen a single WiFi problem.

infabo · Thu Dec 09, 2021 12:41 pm

RouterOS v7 born died. Because kernel 5.6 it's EOL [1]

Mikrotik should change the kernel to a longterm kernel, like 5.10. And as I read it relies on 5.6.3 while the last version it's 5.6.19.

[1] https://9to5linux.com/linux-kernel-5-6- ... el-5-7-now

kernel 5.6 never was a LTS kernel. These versions between LTS go EOL instantly when the next version goes public. So 5.6 was EOL on the day 5.7 launched. I won't put too much focus on that detail. but not receiving security updates may be a critical thing.

They probably chose to upgrade to 5.6, because it is the first kernel to include wireguard directly. But I agree, they should raise to 5.10 LTS - that has support till end of 2026!

Znevna · Thu Dec 09, 2021 12:50 pm

I wonder if the wireguard sources are up to date or in the state they were at 5.6.3

Thu Dec 09, 2021 12:51 pm

We always keep internal code up to date, the kernel version is mostly irrelevant

stricky · Thu Dec 09, 2021 12:54 pm

OK,

for the moment i'm back to 6.49.2 on the ccr1009 and everthing runs fine ....
-------------------------------------------------------------------------------

Hello,
i've got 2 CHR ( v7.1 rc7 ) in 2 different Datacenters ... My ccr1009 ( v6.49.2 ) at home connect via l2tp / eoip tunnel to the devices .... on both chr, wireguard is active for wan access

today i upgraded my ccr and the eoip tunnel is not working :(

l2tp is active / PH2 state establised / eoip ipsec sa installed normally ...
i can ping l2tp addresses, but the eoip tunnel is not running ( it shows running for only around 30s, but no ping possible )

where can i find the prob ? is it ipsec or bridge problem ? any ideas ?

can i get back to 6.49 ? from packages not ... only show 7.1

regards
christian

eworm · Thu Dec 09, 2021 12:55 pm

[...] But I agree, they should raise to 5.10 LTS - that has support till end of 2026!

... or Linux 5.15, which is a LTS release as well and supported till October 2023 at least.

I think a yearly bump for the next LTS release would make sense in future. IMHO that would be a good compromise between constant change with recent linux release and "ancient" linux that requires a release like RouterOS v7 with its huge changes.

tim427 · Thu Dec 09, 2021 1:07 pm

It worked for 12 hours flawless, and all at a sudden it crashes. This is all done with a clean factory reset and build op from scratch config. I can see it's the CAPsMAN itself, crashing.
Yes it is likely CAPsMAN because I have a RB4011 and a hAP ac2 both running 7.1 without CAPsMAN and I have not seen a single WiFi problem.

Current situation; switched off CAPsMAN and configured Wireless by hand, BGP somewhat working, except BGP-redistribution towards a Fortigate (Linux+Bird and a CHR-VM works fine), BFD switched off.

WiFi is stable without the CAPsMAN, but the funny part; it worked with CAPsMAN, and all of sudden it's in a flapping state. Even turning off CAPsMAN, reboot, and turning it on delayed, doesn't work.

hapi · Thu Dec 09, 2021 1:19 pm

to Mikrotik: is it possible to create light main packages to switch from extra v6 packages to v6 / v7 main package? They could only contain the system, dhcp, system, wireless packages. hAP ac2, disk lite5 ac etc. cannot be upgraded to main package remotely due to "system, error not enough space for upgrade"

pe1chl · Thu Dec 09, 2021 2:02 pm

to Mikrotik: is it possible to create light main packages to switch from extra v6 packages to v6 / v7 main package? They could only contain the system, dhcp, system, wireless packages. hAP ac2, disk lite5 ac etc. cannot be upgraded to main package remotely due to "system, error not enough space for upgrade"

Due to a bug you cannot upgrade from separate packages to single package on some devices. This is not really a lack of space.
You need to netinstall either the v6 combined package or the v7 package and then load your backup.

Paternot · Thu Dec 09, 2021 2:12 pm

... moved from kernel 5.x (I think it was 5.3) to 5.6? ...
No, linux was upgraded from 3.3 to 5.6...

Not exactly. Looking through the changelog, we have:
https://mikrotik.com/download/changelog ... lease-tree

7.0beta3 -> Based on Kernel 4.14.131
7.0beta7 -> system kernel has been updated to version 5.6.3;

So, it is possible (now) to upgrade the kernel on a timely manner - these versions were about 8 months apart.

infabo · Thu Dec 09, 2021 2:29 pm

possible yes. But MT should put that to backlog for now.

johnson73 · Thu Dec 09, 2021 2:30 pm

kalamaja,
look below ....

msatter · Thu Dec 09, 2021 2:39 pm

Winbox Crash after remove bridge port columns on DHCP Lease window

Had the same problem but then in firewall. I had double entries in the table and as soon I changed one entry and save Winbox crashed.

Best sent a e-mail to support@mikrotik.com or if you have already a account create a support request. You may refer to SUP-60072 that was resolved earlier.

Ullinator · Thu Dec 09, 2021 2:55 pm

I did a lot of tests on openvpn (udp)
The results are definite.
openvpn udp protocol: (It has many bugs)
max connect time per client ( 1 hours or 01:01:00)
os client: windows , android , ios
all client (ovpn udp) They are disconnect after 61 minutes
After 1 hour and 1 minute openvpn disconnected.
I emphasize that the problems are only in udp protocol.

create ticket in mikrotik support (SUP-57401)
But the Mikrotik support team does not matter

Do you have Graphing active? I had a similar problem with some LACP Bonding fiber connections, which were diconnected every 60 min.
After disableing Graphing the problem has gone.....