v7.3 and v7.3.1 [stable] is released!

Tue Jun 07, 2022 11:26 am

RouterOS versions 7.3 and 7.3.1 are released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during the upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.3.1 (2022-Jun-09 11:58):

*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;

What's new in 7.3 (2022-Jun-06 11:38):

*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while the router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

Chaosphere64 · Tue Jun 07, 2022 12:25 pm

Thanks for that huge update. Just for reference: Detect Internet feature is still broken, meaning not working after a reboot.

lyubomirtraykov · Tue Jun 07, 2022 12:41 pm

I just wont to note that there is still Bug with a lot of TCP retransmissions using IPSec/GRE.

Tue Jun 07, 2022 12:45 pm

There are no changes since rc2.

Chaosphere64 - Yes, you are correct. We have just reproduced the problem and we will try to resolve it as soon as possible.
lyubomirtraykov - Have you reported this to support@mikrotik.com? If not, then open a new ticket and provide supout file from your router.

WeWiNet · Tue Jun 07, 2022 1:08 pm

RouterOS version 7.3 has been released in the "v7 stable" channel!
*) wifiwave2 - fixed VLAN tag handling;

I do not think this has been 100% fixed, I still have VLAN tagging issues and wireless clients get no IP connection
on a setup that works on 7.2!

dioeyandika · Tue Jun 07, 2022 1:23 pm

ah my routing problem is come back, in ROS 7.2.1 i have mangle rule for routing all ip address outside nice address to wireguard, and some ip on routing rules, for conflicting routing bypass using routing rule solve my problem, and in ROS 7.3 it seem routing ignoring the routing rules ip, it routing mangle route first rather than routing rule ip, i am scratch my head now, is there anyone have tips for this kind problem

Tue Jun 07, 2022 1:56 pm

FYI, a CRS328-24P here upgraded the OS fine, but on upgrading the firmware, it didn't reboot properly. I didn't study the LEDs, but my recollection is that all the green ones were off, while the red PoE ones were on, as was the blue power LED. Since it'd been sitting there and not coming up for ~15 minutes, I power-cycled it, and then it came right back up. It's been fine for the past hour.

> /system/routerboard/print
       routerboard: yes
             model: CRS328-24P-4S+
          revision: r2
     firmware-type: dx3230L
  factory-firmware: 6.47.9
  current-firmware: 7.3
  upgrade-firmware: 7.3

andacb · Tue Jun 07, 2022 2:00 pm

Hello,

After the update of multiple RB3011UiAS-RM devices from v7.2.3 (with Routerboard firmware as well on v7.2.3) to v7.3, the devices went into boot loop and we are unable to get them into Etherboot or Bootloader mode either. My colleague is taking them to Mikrotik office as of this moment (in Riga) for a potential solution. Otherwise we will get 2 new routers and will configure them with configuration backups since the locations need to have access.

On the other side, multiple RB3011UiAS-RM devices have been upgraded from 7.2.3 to 7.3 successfully as well. We suspect that the devices that went into boot loop had some kind of configuration detail that might not be fully compatible with v7.3. Unfortunately not able to diagnose what detail that could be.

For your information.

Andaç

Rox169 · Tue Jun 07, 2022 2:00 pm

which HW have you already tried on 7.3? HAP AC3 is working?

andacb · Tue Jun 07, 2022 2:02 pm

Hello again,

Just for information, that multiple wAP G-5HacT2HnD devices have been upgraded from 7.2.3 to 7.3 with no issues. Those wAP G-5HacT2HnD devices are being used under CapsMAN.

Andaç

Rox169 · Tue Jun 07, 2022 2:07 pm

is cake working normaly or only on interface?

Chupaka · Tue Jun 07, 2022 2:19 pm

*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;

Huh... It's sortable for me in 7.2.3... What exactly was changed?

mkx · Tue Jun 07, 2022 2:53 pm

I do not think this has been 100% fixed, I still have VLAN tagging issues and wireless clients get no IP connection
on a setup that works on 7.2!

I did have VLAN tagging issues when running wifiwave2 on audience in version 7.2.1 and earlier (the config had to be inverse of how it works usually). It was fixed (for my use case at least) in 7.2.3. So I wonder if this indicates yet another fix (versus 7.2.3) or only fix versus 7.2.1 ... mind that 7.2.3 was released after 7.3beta started to roll out so the list of changes may actually show differences from early 7.2 version (when code base forked).

own3r1138 · Tue Jun 07, 2022 2:58 pm

Updated successfully.
RB2011UAS-2HnD, RBD53iG-5HacD2HnD, RB951Ui-2HnD, RB952Ui-5ac2nD-TC.

hecatae · Tue Jun 07, 2022 3:03 pm

Updated hAP Lite TC (RB941-2nd TC) successfully.

eddieb · Tue Jun 07, 2022 3:05 pm

Update successfull on
RB1100, RB2011UAS-RM, PWR-LINE-AP
no problems

Ullinator · Tue Jun 07, 2022 3:21 pm

hc_217.jpg

All (ROS and FW) updated successfully without problems!
All came from 7.2.3 or 7.3RC2.

jookraw · Tue Jun 07, 2022 3:28 pm

I've updated both my RB4011 and hap ac3(ww2). all seems fine except the hAPac3 is showing some strange lines each time that it boots:

[me@AC3] > log/print 
 14:11:08 system,info router rebooted
 14:11:08 interface,info Home_vlan link up
 14:11:14 bridge,info "bridge" mac address changed to XX:XX:XX:XX:XX:XX
 14:11:14 system,error,critical error while running customized default configuration script: no such item
 14:11:14 system,error,critical 
...

This did not happen on 7.2.3

Izdatyi · Tue Jun 07, 2022 3:38 pm

ah my routing problem is come back, in ROS 7.2.1 i have mangle rule for routing all ip address outside nice address to wireguard, and some ip on routing rules, for conflicting routing bypass using routing rule solve my problem, and in ROS 7.3 it seem routing ignoring the routing rules ip, it routing mangle route first rather than routing rule ip, i am scratch my head now, is there anyone have tips for this kind problem

the same situation
latest working version was 7.2.1

Rox169 · Tue Jun 07, 2022 4:07 pm

I've updated both my RB4011 and hap ac3(ww2). all seems fine except the hAPac3 is showing some strange lines each time that it boots:
Code: Select all
[me@AC3] > log/print 
 14:11:08 system,info router rebooted
 14:11:08 interface,info Home_vlan link up
 14:11:14 bridge,info "bridge" mac address changed to XX:XX:XX:XX:XX:XX
 14:11:14 system,error,critical error while running customized default configuration script: no such item
 14:11:14 system,error,critical 
...
This did not happen on 7.2.3

Have you tried to upgrade firmware?

Anyone with this issue?

RafZielak · Tue Jun 07, 2022 4:15 pm

What with the APR-Ping? When ARP-Ping will be working in ROSv7?

Tue Jun 07, 2022 4:20 pm

Hello,

After the update of multiple RB3011UiAS-RM devices from v7.2.3 (with Routerboard firmware as well on v7.2.3) to v7.3, the devices went into boot loop and we are unable to get them into Etherboot or Bootloader mode either. My colleague is taking them to Mikrotik office as of this moment (in Riga) for a potential solution. Otherwise we will get 2 new routers and will configure them with configuration backups since the locations need to have access.

On the other side, multiple RB3011UiAS-RM devices have been upgraded from 7.2.3 to 7.3 successfully as well. We suspect that the devices that went into boot loop had some kind of configuration detail that might not be fully compatible with v7.3. Unfortunately not able to diagnose what detail that could be.

For your information.

Andaç

Could you share configuration (support/export etc.) with MikroTik support (support@mikrotik.com)?

Hominidae · Tue Jun 07, 2022 4:37 pm

I've updated both my RB4011 and hap ac3(ww2). all seems fine except the hAPac3 is showing some strange lines each time that it boots:
Code: Select all
[me@AC3] > log/print 
 14:11:08 system,info router rebooted
 14:11:08 interface,info Home_vlan link up
 14:11:14 bridge,info "bridge" mac address changed to XX:XX:XX:XX:XX:XX
 14:11:14 system,error,critical error while running customized default configuration script: no such item
 14:11:14 system,error,critical 
...
This did not happen on 7.2.3

...but had been there in 7.2.1

IntLDaniel · Tue Jun 07, 2022 4:41 pm

ah my routing problem is come back, in ROS 7.2.1 i have mangle rule for routing all ip address outside nice address to wireguard, and some ip on routing rules, for conflicting routing bypass using routing rule solve my problem, and in ROS 7.3 it seem routing ignoring the routing rules ip, it routing mangle route first rather than routing rule ip, i am scratch my head now, is there anyone have tips for this kind problem

The same here, have to stay on 7.2.1 (7.2.3 or 7.3 - the same issue). Not only this, currently when upgraded from 7.2.1 to 7.3 I lost again some parts of configuration (at least all simple queues now), but even though I fix that by restoring saved configuration from 7.2.1, the routing issue still persist. Downgrade to 7.2.1 solve everything again. I have a support ticket SUP-81294 on this since 4.5.2022 but still no relevant solution/help from Mikrotik support :-(

Maggiore81 · Tue Jun 07, 2022 5:14 pm

Upgraded RB3011 from 7.2.3 to 7.3
reboot loop and router unusable

after 50 loops, it booted, the part of the bgp peers is removed... it didnt like keepalive and hold timers.

Tue Jun 07, 2022 5:15 pm

Upgraded RB3011 with 7.2.3 to 7.3
reboot loop

What is the config of your router?
What version was installed prior upgrade?

Maggiore81 · Tue Jun 07, 2022 5:53 pm

Upgraded RB3011 with 7.2.3 to 7.3
reboot loop
What is the config of your router?
What version was installed prior upgrade?

it was 7.2.3 , now 7.3
I managed to downgrade, and everything works

infabo · Tue Jun 07, 2022 6:17 pm

RB5009UG is still reporting the error "cpu not running at default frequency" after upgrading to v7.3.

So it will until you change it to "auto".

JanezFord · Tue Jun 07, 2022 6:42 pm

Upgraded CCR1009-8G-1S-1S+PC without problems. Running nat, few vlans, ipsec, ipip/gre tunnels, ospf, wireguard. So far everything works fine. Also successfully upgraded RB2011-UiAS-2HnD.

JF.

codework · Tue Jun 07, 2022 6:45 pm

Wireless management protection has stopped working

jookraw · Tue Jun 07, 2022 6:51 pm

I've updated both my RB4011 and hap ac3(ww2). all seems fine except the hAPac3 is showing some strange lines each time that it
...
This did not happen on 7.2.3
Have you tried to upgrade firmware?

Anyone with this issue?

Yes, I always do after the update

diamuxin · Tue Jun 07, 2022 7:15 pm

Update successfull on
RB4011, hAP ac3, hAP ac2 (x2) and mAP 2nD, from 7.2.1 to 7.3.
no problems.

BR.

pe1chl · Tue Jun 07, 2022 7:18 pm

What is the config of your router?
What version was installed prior upgrade?
it was 7.2.3 , now 7.3
I managed to downgrade, and everything works

On such a device (with enough flash), always partition the router with 2 partitions and copy the active to inactive partition before upgrading.
Then, when it bootloops at least you have easy (automatic) recovery.

WeWiNet · Tue Jun 07, 2022 7:29 pm

I do not think this has been 100% fixed, I still have VLAN tagging issues and wireless clients get no IP connection
on a setup that works on 7.2!
I did have VLAN tagging issues when running wifiwave2 on audience in version 7.2.1 and earlier (the config had to be inverse of how it works usually). It was fixed (for my use case at least) in 7.2.3. So I wonder if this indicates yet another fix (versus 7.2.3) or only fix versus 7.2.1 ... mind that 7.2.3 was released after 7.3beta started to roll out so the list of changes may actually show differences from early 7.2 version (when code base forked).

Can you give more information how VLAN tagging works on 7.3 (versus 7.2/7.1/7.0)? I migrated from ROS6 to 7.0 and since ever all my VLAN worked...
Also did not see any doc saying VLAN config method changed suddenly.

twingman · Tue Jun 07, 2022 7:32 pm

*) ovpn - fixed hardware offloading support on CHR;

What are conditions to use this feature? I have AES passed to CHR and no HW flag in OVPN server clients. Is there any documentation to this?

Thank you

mafiosa · Tue Jun 07, 2022 7:53 pm

*) ovpn - fixed hardware offloading support on CHR;
What are conditions to use this feature? I have AES passed to CHR and no HW flag in OVPN server clients. Is there any documentation to this?

Thank you

Set your chr vm cpu setting to host

twingman · Tue Jun 07, 2022 8:03 pm

What are conditions to use this feature? I have AES passed to CHR and no HW flag in OVPN server clients. Is there any documentation to this?

Thank you
Set your chr vm cpu setting to host

I have set it, as I write. CHR sees Intel CPU (same as host).

jjmuriel · Tue Jun 07, 2022 8:19 pm

Hello,

After the update of multiple RB3011UiAS-RM devices from v7.2.3 (with Routerboard firmware as well on v7.2.3) to v7.3, the devices went into boot loop and we are unable to get them into Etherboot or Bootloader mode either. My colleague is taking them to Mikrotik office as of this moment (in Riga) for a potential solution. Otherwise we will get 2 new routers and will configure them with configuration backups since the locations need to have access.

On the other side, multiple RB3011UiAS-RM devices have been upgraded from 7.2.3 to 7.3 successfully as well. We suspect that the devices that went into boot loop had some kind of configuration detail that might not be fully compatible with v7.3. Unfortunately not able to diagnose what detail that could be.

For your information.

Andaç

Same here with RB3011 after upgrade to v7.3. I noticed if I disable PPPoE client (to connect to Internet) the router stops rebooting.
Log:

jun/07/2022 15:29:54 system,error,critical kernel failure in previous boot

russelld · Tue Jun 07, 2022 8:50 pm

Upgraded multiple devices inc CCR1009 / CRS317 / RB4011 / RB3011 / wAP AC all OK.

However, I encountered an issue when upgrading my RB5009 from 7.2.3 to 7.3: it has a bonded WAN interface (Ether 2 and 3) connected to a Virgin Media HUB 4 (in modem mode). The bonded WAN interface is configured as a DHCP client and normally gets a 192.168.100.x IP address from the hub with a number of short DHCP lease times, which eventually gets replaced with the public IPv4 address once the cable modem is fully initialised.

However, after upgrading to ROS 7.3 (& firmware 7.3), it gets the initial 192.168.100.x IP addresses via short DHCP leases from the HUB4, but never obtains the final public IPv4 address, even when clicking on the RENEW button in the DHCP client config window.

Support ticket has been raised with Mikrotik.

jerogabe · Tue Jun 07, 2022 9:26 pm

One day this will be fixed...

no-internet_detect.png

pexeforadagua · Tue Jun 07, 2022 9:34 pm

Hello,

After the update of multiple RB3011UiAS-RM devices from v7.2.3 (with Routerboard firmware as well on v7.2.3) to v7.3, the devices went into boot loop and we are unable to get them into Etherboot or Bootloader mode either. My colleague is taking them to Mikrotik office as of this moment (in Riga) for a potential solution. Otherwise we will get 2 new routers and will configure them with configuration backups since the locations need to have access.

On the other side, multiple RB3011UiAS-RM devices have been upgraded from 7.2.3 to 7.3 successfully as well. We suspect that the devices that went into boot loop had some kind of configuration detail that might not be fully compatible with v7.3. Unfortunately not able to diagnose what detail that could be.

For your information.

Andaç

I also had this problem, and it only happens if you have any module on the SFP port, that is, after updating to version 7.3, every time you put an SFP module, the Routerboard goes into looping, test and remove the modules SFP, here I was forced to downgrade.

netzwerghh · Tue Jun 07, 2022 9:36 pm

Hello,

After the update of multiple RB3011UiAS-RM devices from v7.2.3 (with Routerboard firmware as well on v7.2.3) to v7.3, the devices went into boot loop and we are unable to get them into Etherboot or Bootloader mode either. My colleague is taking them to Mikrotik office as of this moment (in Riga) for a potential solution. Otherwise we will get 2 new routers and will configure them with configuration backups since the locations need to have access.

On the other side, multiple RB3011UiAS-RM devices have been upgraded from 7.2.3 to 7.3 successfully as well. We suspect that the devices that went into boot loop had some kind of configuration detail that might not be fully compatible with v7.3. Unfortunately not able to diagnose what detail that could be.

For your information.

Andaç

We had the same problem. Seems to have something to do with installed SFP or not. When we removed the installed SFP-Module the router bootet fine. As soon as we insterted the module again router made a clicking noise and rebooted. Did a downgrade to 7.2.3 with removed SFP. Inserted the SFP again an everything is fine again. Will stay an 7.2.3 on RB3011UiAS-RM so far.

SFP module is a S-85DLC05D

templeos · Tue Jun 07, 2022 10:33 pm

Graphs still not fixed on WebFig with https. Still the same "Error 404: Not Found" message.

graphs.png

Also at the same time you guys managed to break Graphs even more with http. Memory usage and Disk usage is broken: "ERROR: NO ACCESS!"

ERROR.png

Would be nice if these were fixed once and for all. These are broken for ages and it gets worse and worse with every new version.

DarkNate · Tue Jun 07, 2022 11:12 pm

Upgraded an RB3011 & RB450Gx4 from v7.2.3 to v7.3 and now both devices are boot-looping. Great job MikroTik, as always amazing Q/A.

Good thing I took a backup, but now the RB450Gx4 is in a remote site, how the hell do I go fix it now?

In both routers

/system routerboard settings set auto-upgrade=yes

was configured and routerboard firmware version was v7.2.3

Guscht · Tue Jun 07, 2022 11:40 pm

Screenshot 2022-06-07 223630.jpg

One CRS326 hang up on the second boot (Firmware-boot). The LEDs were lit but no blinky-blinky. After a physical power-reset (unplug/plug), it came back.
So far no issues here, but thats my home network, no real fancy stuff configured.

jbl42 · Wed Jun 08, 2022 12:26 am

Updated the RB5009 at home (admittedly also kind of YOLO with 3 teenagers ;-) from 7.2.2 to 7.3.
No new issues so far, config export diff is clean.
Same with two lab RB4011 at work.

anav · Wed Jun 08, 2022 1:16 am

Two questions,
*) dhcpv4-server - added "age" parameter for dynamic leases; What will I be able to do now that I was not able to before??
*) profile - added "wireguard" process classificator; Same what does this provide?

abatie · Wed Jun 08, 2022 2:56 am

I just upgraded from 6.48.6 to 7.3 and while it's a minor nuisance, what possessed someone to change the ? help to F1? I had to figure out how to send an F1 without the OS using it for its own purposes. Definitely a downgrade in usability...

Wed Jun 08, 2022 7:21 am

Everyone...

As also mentioned in previous release topics the error about default configuration when the ww2 package is used is a known issue and will be resolved in the upcoming releases.
ARP ping issue will be fixed in the upcoming releases, however, at the moment there is no ETA for the fix.
Everyone with the RB3011 issues - please, if possible, provide to use supout file from your router if you manage to boot it up and/or serial console output of booting/rebooting process. Our RB3011 devices are running just fine. It must be something specific that triggers this issue and we would like to figure that out as soon as possible.
Everyone who is experiencing problems with ARM devices and wrong default frequency warning. A few versions ago for several ARM devices default value was changed to auto, but we did not touch your configuration. So if the frequency was static in the past and you have not set it to auto or reset configuration since then you will see this warning. Set value to auto, if you really have a problem with this warning.
The issue with Detect Intenet is reported and we will try to fix it as soon as possible.
About bootloader auto-upgrade. It very very rarely contains fixes for already released products and that is why we do not believe that it is worth forcing this upgrade and making a ROS upgrade much, much slower (if the bootloader would be upgraded at the same time).

agilee, codework, russelld - Does not seem to e a version-related issue, however, still please send supout file from this router to support@mikrotik.com.
templeos - Known issue, will be resolved as soon as possible.

fatray747 · Wed Jun 08, 2022 7:38 am

What's new in 7.3 (2022-Jun-06 11:38):
*) x86 - added support for Solarflare SFC1920 NIC;

Is the model number incorrect?
The correct model should be Solarflare SFC9120 NIC

Wed Jun 08, 2022 7:49 am

By some miracle my RB3011's are all performing faultlessly on 7.3

IntLDaniel · Wed Jun 08, 2022 8:00 am

Everyone...

As also mentioned in previous release topics the error about default configuration when the ww2 package is used is a known issue and will be resolved in the upcoming releases.
ARP ping issue will be fixed in the upcoming releases, however, at the moment there is no ETA for the fix.
Everyone with the RB3011 issues - please, if possible, provide to use supout file from your router if you manage to boot it up and/or serial console output of booting/rebooting process. Our RB3011 devices are running just fine. It must be something specific that triggers this issue and we would like to figure that out as soon as possible.
Everyone who is experiencing problems with ARM devices and wrong default frequency warning. A few versions ago for several ARM devices default value was changed to auto, but we did not touch your configuration. So if the frequency was static in the past and you have not set it to auto or reset configuration since then you will see this warning. Set value to auto, if you really have a problem with this warning.
The issue with Detect Intenet is reported and we will try to fix it as soon as possible.
About bootloader auto-upgrade. It very very rarely contains fixes for already released products and that is why we do not believe that it is worth forcing this upgrade and making a ROS upgrade much, much slower (if the bootloader would be upgraded at the same time).

agilee, codework, russelld - Does not seem to e a version-related issue, however, still please send supout file from this router to support@mikrotik.com.
templeos - Known issue, will be resolved as soon as possible.

And what about mentioned routing issue SUP-81294 (three people mentioned above)?

mkx · Wed Jun 08, 2022 8:24 am

Can you give more information how VLAN tagging works on 7.3 (versus 7.2/7.1/7.0)?

Nothings should have changed, however in versions since 7.1beta to 7.2.1 (those I checked) worked incorrectly. Setup: audience running wifiwave2 drivers, configured something like this:

/interface bridge
add name=bridge frame-types=admit-only-vlan-tagged vlan-filtering=yes
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=wifi1 pvid=42  # the 2GHz radio
/interface bridge vlan
add bridge=bridge tagged=ether1 untagged=wifi1 vlan-ids=42

didn't work, wifi interface had to be set with "frame-types=admit-only-vlan-tagged" ... which is obviously wrong as wireless interface nominally doesn't know anything about VLAN tags (wifiwave2 driver doesn't offer the "vlan-mode=... vlan-id=..." properties). This was fixed with 7.2.3 (possibly with 7.2.2, but that release broke wifiwave2 driver completely).

Wed Jun 08, 2022 9:27 am

We have managed to reproduce the problem with RB3011 rebooting with this particular version and are working on a fix for it. The issue is somehow related to the particular SFP module presence. If you do not use SFP, then you should be safe.

Guscht · Wed Jun 08, 2022 9:56 am

Two questions,
*) dhcpv4-server - added "age" parameter for dynamic leases; What will I be able to do now that I was not able to before??
*) profile - added "wireguard" process classificator; Same what does this provide?

"Age" shows me (in a quick test lab) the time how long the lease is active. I assume this will simply count up.
At the moment I see no real use-case for this, its a "nice to know". But teach me more :D

Under Tools -> Profile, I think "Wireguard" has now its own classifier and is not calssified under "uncalssified" or something else. Thats quite nice.

Edit/PS: Updated an in-production RB1100AHx4, no issues so far #callmeYOLOadmin :D

jhbarrantes · Wed Jun 08, 2022 9:59 am

Upgraded multiple devices inc CCR1009 / CRS317 / RB4011 / RB3011 / wAP AC all OK.

However, I encountered an issue when upgrading my RB5009 from 7.2.3 to 7.3: it has a bonded WAN interface (Ether 2 and 3) connected to a Virgin Media HUB 4 (in modem mode). The bonded WAN interface is configured as a DHCP client and normally gets a 192.168.100.x IP address from the hub with a number of short DHCP lease times, which eventually gets replaced with the public IPv4 address once the cable modem is fully initialised.

However, after upgrading to ROS 7.3 (& firmware 7.3), it gets the initial 192.168.100.x IP addresses via short DHCP leases from the HUB4, but never obtains the final public IPv4 address, even when clicking on the RENEW button in the DHCP client config window.

Support ticket has been raised with Mikrotik.

Same here with Movistar Spain and VLAN 3 for getting VoIP service. DHCP client is not even able to get an IP from that VLAN configured in Ether1 (which already have another VLAN configured for internet, delivered vía VLAN6 and PPPoE service). Something weird happening with DHCP Client in that version. I suggest to investigate.

I have also forwarded this vía ticket to Mikrotik support.

jovaf32128 · Wed Jun 08, 2022 10:11 am

I've updated both my RB4011 and hap ac3(ww2). all seems fine except the hAPac3 is showing some strange lines each time that it boots:
Code: Select all
[me@AC3] > log/print 
 14:11:14 system,error,critical error while running customized default configuration script: no such item
 14:11:14 system,error,critical 
This did not happen on 7.2.3

Can confirm that, both 7.3 and 7.4beta

Wed Jun 08, 2022 10:12 am

Mentioned above " default configuration script: no such item" is known, thanks.

joaquinmb · Wed Jun 08, 2022 10:23 am

Upgraded multiple devices inc CCR1009 / CRS317 / RB4011 / RB3011 / wAP AC all OK.

However, I encountered an issue when upgrading my RB5009 from 7.2.3 to 7.3: it has a bonded WAN interface (Ether 2 and 3) connected to a Virgin Media HUB 4 (in modem mode). The bonded WAN interface is configured as a DHCP client and normally gets a 192.168.100.x IP address from the hub with a number of short DHCP lease times, which eventually gets replaced with the public IPv4 address once the cable modem is fully initialised.

However, after upgrading to ROS 7.3 (& firmware 7.3), it gets the initial 192.168.100.x IP addresses via short DHCP leases from the HUB4, but never obtains the final public IPv4 address, even when clicking on the RENEW button in the DHCP client config window.

Support ticket has been raised with Mikrotik.

Same here with Movistar Spain and VLAN 3 for getting VoIP service. DHCP client is not even able to get an IP from that VLAN configured in Ether1 (which already have another VLAN configured for internet, delivered vía VLAN6 and PPPoE service). Something weird happening with DHCP Client in that version. I suggest to investigate.

I have also forwarded this vía ticket to Mikrotik support.

Are you upgrading from 6.x version? did you configure the RIP instance?

/routing/rip/instance add afi=ipv4 disabled=no name=rip
/routing rip interface-template add instance=rip interfaces=vlan3-phone,vlan2-iptv mode=passive

andacb · Wed Jun 08, 2022 10:43 am

We have managed to reproduce the problem with RB3011 rebooting with this particular version and are working on a fix for it. The issue is somehow related to the particular SFP module presence. If you do not use SFP, then you should be safe.

I can confirm that in our case the devices that went to boot loop had XSFP-1.25G-SX (850nm) type of SFP module attached to them and as soon as the module was removed, the router could boot normal. FYI.

Andaç

rplant · Wed Jun 08, 2022 10:50 am

in ROS 7.3 it seem routing ignoring the routing rules ip, it routing mangle route first rather than routing rule ip, i am scratch my head now, is there anyone have tips for this kind problem

Hi,
Routing marks now have higher priority.
One way to make rules work.
Separate the route tables (routing marks) the rules check vs the route tables the rules specify as a lookup.

eg. route mark packets with via-alt table

/routing table
add disabled=no fib name=Rvia-alt
add disabled=no fib name=via-alt

/ip firewall mangle
add action=mark-routing chain=prerouting comment=via-alt new-routing-mark=via-alt passthrough=yes

Rule to select Routing Table (Note lookup table != routing mark)
add action=lookup disabled=no dst-address=0.0.0.0/0 routing-mark=via-alt table=Rvia-alt

In ip route table only have Routing table entries with Rvia-alt (I put in R to indicate goes in routing table)
Do not have entries with via-alt in ip Route Table.

Hopefully that works ok for you.

soheilsh · Wed Jun 08, 2022 11:01 am

WireGuard in 7.3 have problem . connectivity is ok but icmp not working ! how to sloved that?

jhbarrantes · Wed Jun 08, 2022 11:04 am

Same here with Movistar Spain and VLAN 3 for getting VoIP service. DHCP client is not even able to get an IP from that VLAN configured in Ether1 (which already have another VLAN configured for internet, delivered vía VLAN6 and PPPoE service). Something weird happening with DHCP Client in that version. I suggest to investigate.

I have also forwarded this vía ticket to Mikrotik support.
Are you upgrading from 6.x version? did you configure the RIP instance?

/routing/rip/instance add afi=ipv4 disabled=no name=rip
/routing rip interface-template add instance=rip interfaces=vlan3-phone,vlan2-iptv mode=passive

No, I'm not, I'm just coming from 7.2.3. I could reproduce the same issue in RB4011 and mAP, so definitely not ARM related. And RIP is not the problem, it acts later, once client has obtained and IP, to create routing table. With or without RIP, DHCP Client should obtain an IP from VLAN 3.

Regards.

Wed Jun 08, 2022 11:16 am

Help is F1

pe1chl · Wed Jun 08, 2022 11:21 am

HATS OFF for finally posting a warning in the topic for cases of severe breakage. It would be even better when it was shown also on the router itself (i.e. put in the changes list).

nichky · Wed Jun 08, 2022 11:31 am

i have upgraded RouterBOARD 952Ui-5ac2nD, and the router just died.
it keeps rebooting by itself

pe1chl · Wed Jun 08, 2022 12:00 pm

RB4011: When having a bridge with VLAN-filtering (and hw accel), containing ports that have a numbered VLAN set to "untagged", it appears that output going to such a port also "floods" to other untagged ports in the same VLAN, as if it is a HUB instead of a SWITCH. When the second port is on the other hardware switch the leakage is about 100%, when it is on the same switch it is much less than that.
So, when you have had some interval with 20Mbps traffic to port 8 (untagged port on a VLAN), you see the same 20Mbps on port 4 (untagged port in the same VLAN), and like 0.5Mbps on port 7. This is shown in the traffic counters for the interface, and in the graphing. Torch does not show the actual traffic going to the port.

dioeyandika · Wed Jun 08, 2022 12:34 pm

in ROS 7.3 it seem routing ignoring the routing rules ip, it routing mangle route first rather than routing rule ip, i am scratch my head now, is there anyone have tips for this kind problem
Hi,
Routing marks now have higher priority.
One way to make rules work.
Separate the route tables (routing marks) the rules check vs the route tables the rules specify as a lookup.

eg. route mark packets with via-alt table

/routing table
add disabled=no fib name=Rvia-alt
add disabled=no fib name=via-alt

/ip firewall mangle
add action=mark-routing chain=prerouting comment=via-alt new-routing-mark=via-alt passthrough=yes

Rule to select Routing Table (Note lookup table != routing mark)
add action=lookup disabled=no dst-address=0.0.0.0/0 routing-mark=via-alt table=Rvia-alt

In ip route table only have Routing table entries with Rvia-alt (I put in R to indicate goes in routing table)
Do not have entries with via-alt in ip Route Table.

Hopefully that works ok for you.

Thanks for the clue, i try but still some ip not working, i decided too add ip address in firewall address, this work for some other is not, my goal is like this my ISP have a few CDN like netflix,GGC,facebook,akamai for this CDN i need to route to my ISP other than that routing go too wireguard warp Cloudflare VPN, that why i add mangle in ip firewall address list nice addres, mangle rule is like this

add action=mark-routing chain=prerouting comment=International \
    dst-address-list=!nice new-routing-mark=Cloudflare passthrough=yes \
    src-address-list=private-lokal

that mangle have conflicting to some ip so thats why i adding to routing rules for some ip to route to my isp not VPN, on ROS 7.2.1 it works but on ROS 7.3 doesnt work like you say it "Routing marks now have higher priority", this is my config i hope you can give me some advice

dmfr · Wed Jun 08, 2022 2:23 pm

Upgraded one RB5009 to 7.3, no immediate issue, export diff clean.

Edit : had total loss of connectivity some hours after.
Need further check to see if it is related or not.

jimmer · Wed Jun 08, 2022 2:44 pm

As a RB3011 user with an SFP for uplink to my RB260GSP I am glad I held off installing yet another 'STABLE' release :(

Zdenekhb · Wed Jun 08, 2022 3:14 pm

Succesfully upgraded 7.3 to CCR2004, but I have question about BGP route filtering.

I using input.accept-* filter. exactly input.accept.NLRI where i have some prefixes in address list. Prefiltering works good but .. in routing table i have still /32 ipv4 routes as FILTERED and can not deny storing it in memory. Is there trick how to prefilter ipv4 /32 routes? Other higher prefixes is prefiltered perfectly.

THX

--zs

pe1chl · Wed Jun 08, 2022 3:24 pm

I using input.accept-* filter. exactly input.accept.NLRI where i have some prefixes in address list. Prefiltering works good but .. in routing table i have still /32 ipv4 routes as FILTERED and can not deny storing it in memory. Is there trick how to prefilter ipv4 /32 routes? Other higher prefixes is prefiltered perfectly.

Presumingly these /32 routes are part of a subnet that is accepted in the input.accept-nlri address list? You can only filter addresses outside that address list, not smaller (e.g. single) addresses inside the listed networks.

AUsquirrel · Wed Jun 08, 2022 3:25 pm

As a RB3011 user with an SFP for uplink to my RB260GSP I am glad I held off installing yet another 'STABLE' release :(

Unfortunately I tried the upgrade before the warning was released. Had to reset, downgrade then I restored from the backup I made before the upgrade.
Waiting now for V7.3.1 :-)

Zdenekhb · Wed Jun 08, 2022 3:32 pm

I using input.accept-* filter. exactly input.accept.NLRI where i have some prefixes in address list. Prefiltering works good but .. in routing table i have still /32 ipv4 routes as FILTERED and can not deny storing it in memory. Is there trick how to prefilter ipv4 /32 routes? Other higher prefixes is prefiltered perfectly.
Presumingly these /32 routes are part of a subnet that is accepted in the input.accept-nlri address list? You can only filter addresses outside that address list, not smaller (e.g. single) addresses inside the listed networks.

No, These /32 routes is not parts of accepted nlri addresses

-zs

infabo · Wed Jun 08, 2022 4:28 pm

Successfully upgrade Chateau LTE12, mAP lite and hAP lite.

mobyfab · Wed Jun 08, 2022 7:48 pm

Installed on CCR2116
2.5Gbps mode still crashes the switch chip
Switch rules from cpu port still not working

doneware · Wed Jun 08, 2022 11:00 pm

SLAAC configuration in CHR works case by case, but if it works, the autoconfigured dynamic GUA is shown in

/ipv6 address print
Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
#    ADDRESS                                   INTERFACE  ADVERTISE
0 DL fe80::20c:29ff:fe8b:2fc2/64               ether1     no       
1 DL fe80::20c:29ff:fe8b:2fcc/64               vlan20     no       
2 DL fe80::20c:29ff:fe8b:2fcc/64               vlan10     no       
3 DL fe80::20c:29ff:fe8b:2fcc/64               ether2     no       
4 DG xxxx:10d:c089:e002:20c:29ff:fe8b:2fc2/64  ether1     no

with DG flags, which is cool.
even a default gateway is installed based on the received RA, but it is _not_ visible under

[admin@l4stik] > /ipv6/route/print 
Flags: D - DYNAMIC; A - ACTIVE; c, s, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS              GATEWAY                           DISTANCE
  DAc xxxx:10d:c089:e002::/64  ether1                                   0
  DAc fe80::%ether1/64         ether1                                   0
  DAc fe80::%ether2/64         ether2                                   0
  DAc fe80::%vlan10/64         vlan10                                   0
  DAc fe80::%vlan20/64         vlan20                                   0

at all. i was also expecting a route with DA flags there, just as with DHCP.
hopefully this gets fixed soon.

also, it would be nice to have a bit more control over accepting RA messages. say being able to set an interface (list) from where RA messages are accepted under /ipv6 settings
maybe even the possibility to start a script upon successful SLAAC or an expiring RA, just like with DHCP client.

rextended · Wed Jun 08, 2022 11:19 pm

Please keep this forum topic strictly related to this particular RouterOS release.
Not strictly related:
viewtopic.php?t=186627

Sob · Wed Jun 08, 2022 11:35 pm

Still the same Problems with DualWan Config, on 7.2.1 the Config is running smoothly, upgrade to 7.2.3,
Router not accessible through IP only MAC, upgrade to 7.3 is the same behaviour.
If i contact Support, they recommend to call a Consultant.

I probably know what it is, and it's not you, it's RouterOS. I now tested it and it happened between 7.2.1 and 7.2.2. Previously if there were multiple routing tables, local destinations (addresses assigned to router) always had priority and used main routing table, but it doesn't happen anymore. Simplified (incomplete, but shows relevant parts) example:

/ip address
add interface=LAN address=192.168.88.1/24
/ip route
add dst-address=0.0.0.0/0 gateway=x.x.x.x routing-table=WAN2
/ip firewall mangle
add chain=prerouting src-address=192.168.88.20 action=mark-routing new-routing-mark=WAN2
add chain=forward src-address=192.168.88.20 action=log
add chain=input src-address=192.168.88.20 action=log

If 192.168.88.20 connects to 192.168.88.1, in 7.2.1 and older the log will show packets in input. In 7.2.2 and newer they go in forward. It could be intentional, but since I don't see anything like that in changelog, it's probably bug. And annoying one, because it can significantly break some configs.

Edit: Well, it's not strictly about 7.3, but it's still very much broken/changed there, so it's interesting for anyone with such config, because upgrade can easily lock you out.

IntLDaniel · Wed Jun 08, 2022 11:41 pm

Thank you for this post! Please forward it to developers! We suffer from this issue and have to stay on 7.2.1.

pe1chl · Wed Jun 08, 2022 11:50 pm

It would sure be convenient when there was some way to configure, per routing table, that all "connected" routes are to be inserted in that table too (like they are in main).
I think that would solve this issue, but it is also useful when you want to redistribute those routes in a routing protocol.

twamuc · Thu Jun 09, 2022 12:21 am

hEX S upgraded from 7.2.1 to 7.3 and now /ip/ssh> print throwing out: error - contact MikroTik support and send a supout file (2)
Same when exporting config: #error exporting /ip/ssh
Initially set:
strong-crypto: yes
host-key-size: 4096
Even when reverting to strong-cryto: no and host-key-size: 2048 (default values) - same thing.
On 7.2.1 all smooth.
Have another RB4011 running on 7.3 without any issues and all fine with /ip/ssh settings - so it seems to be a phenomenon on hEX S only.

gotsprings · Thu Jun 09, 2022 4:41 am

Zerotier no longer gets an IP address?

Thu Jun 09, 2022 9:19 am

twamuc - Could you please provide supout file to support@mikrotik.com? Generate a file after you have noticed such an error while running v7.3.

Chaosphere64 · Thu Jun 09, 2022 11:33 am

hEX S upgraded from 7.2.1 to 7.3 and now /ip/ssh> print throwing out: error - contact MikroTik support and send a supout file (2)
Same when exporting config: #error exporting /ip/ssh
Initially set:
strong-crypto: yes
host-key-size: 4096
Even when reverting to strong-cryto: no and host-key-size: 2048 (default values) - same thing.
On 7.2.1 all smooth.
Have another RB4011 running on 7.3 without any issues and all fine with /ip/ssh settings - so it seems to be a phenomenon on hEX S only.

Strange Works fine on my hex S.

rplant · Thu Jun 09, 2022 1:51 pm

"Routing marks now have higher priority", this is my config i hope you can give me some advice

Hi,
It's kind of complicated, but I did find the following.

/ip firewall mangle
add action=mark-routing chain=prerouting comment=International \
    dst-address-list=!nice new-routing-mark=Cloudflare passthrough=yes \
    src-address-list=private-lokal

/routing rule
add action=lookup disabled=no dst-address=0.0.0.0/0 routing-mark=Cloudflare \
    table=Balifiber

Because there is a Cloudflare entry in ip route (for 0.0.0.0/0 shown below) the above rule is
overridden I think.

Perhaps
new-routing-mark=balifibre-mark in mangle (instead of Cloudflare)
routing-mark=balifibre-mark in routing rule
Also need balifibre-mark in /routing table

/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wireguard1 pref-src=\
    0.0.0.0 routing-table=Cloudflare scope=30 suppress-hw-offload=no \
    target-scope=10

add check-gateway=ping comment=Balifiber disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=192.168.254.254 pref-src=0.0.0.0 routing-table=\
    Balifiber scope=30 suppress-hw-offload=no target-scope=10

Thu Jun 09, 2022 2:09 pm

Yes that is exactly how it should work, mangle has the highest priority
* you are marking traffic with "cloudflare"
* and there is a route in the "cloudflare" table
* routing decision picks the forwarding path from the cloudflare table

If you remove the default route from "cloaudflare" table so that nexthop cannot be resolved in that table, then routing decision will move to the next adjustments: route rules.

doneware · Thu Jun 09, 2022 3:01 pm

SLAAC configuration in CHR works case by case

just finished an automated testing on this very topic, and the results look pretty disappointing.
500 subsequent runs, each one separated by a device reboot. RA messages are sent every 5 seconds. after the device successfully gets a v4 address using DHCP the code waits 10 extra seconds to see whether SLAAC is successful or not (verified by a periodic ping from the same subnet)

root@l4s:~# grep -c v6 log.mtikslaactest.10s 
500
root@l4s:~# grep  v6 log.mtikslaactest.10s | grep -c 'v6 is OK'
132
root@l4s:~# grep  v6 log.mtikslaactest.10s | grep -c 'slaac failed'
368

am I the only one who wants to use this feature?

dioeyandika · Thu Jun 09, 2022 3:06 pm

Yes that is exactly how it should work, mangle has the highest priority
* you are marking traffic with "cloudflare"
* and there is a route in the "cloudflare" table
* routing decision picks the forwarding path from the cloudflare table

If you remove the default route from "cloaudflare" table so that nexthop cannot be resolved in that table, then routing decision will move to the next adjustments: route rules.

Hi @mrz
few question then, is this routing logic change after ROS 7.2.1 because i dont see in changelog, in ROS 7.2.1 with conflicting mangle and routing rule like that in my config routing rule solve the problem, but i dont see that in ROS 7.3, even i add a static destination route in ip route still it routing to mangle first, i thought ip route is the highest priority i mean it is has the lower cost route

Guscht · Thu Jun 09, 2022 3:23 pm

@MT, have you worked on the PIM-Routing? I see nothing in the cangelog.

In a random Wireshark-Scan, I see the IGMP-Querier is working (from the ROS7.3 device) and sending IGMP Membership Queries.
This happended also with <=ROSv7.2.x but after a few minutes it totally hang up...

Have not tested yet if the actual Multicast-Routing is working too.

ROSv7.2.3 (IGMP Querier not working, a few spikes but no continuous frames):

rosv7.2.png

ROSv7.3 (continuous IGMP-Frames (the wwwww at the bottom of the graph), which - I suspect - are the Queries from the Querier):

rosv7.3.png

hecatae · Thu Jun 09, 2022 3:48 pm

Since 7.2.2 my Chateau 5G was losing LTE connection few hours after reboot. Same problem with 7.2.3.
Locking cells, selecting bands or network didn't change the outcome.
With 7.3 the issue is getting worse: without cell lock I noticed a frantic LTE cells switch during operation and again the frequent complete loss of LTE connection.
I tried also a clean installation of RouterOS with netinstall but no way.
Downgrading RouterOS to 7.2.1 restores the situation back to normal

I opened a ticket with support, enabled LTE logging and sent support file.
The support answer is worst than useless, they wrote to check APN and if my data plan is valid....

Anyone with same nightmare?

Another Chateau 5G owner here, I'm not seeing the issues you mention, I'm connecting to 3 UK, bands n78, b28, b3, b1, b20 + b32.

dg1kwa · Thu Jun 09, 2022 4:24 pm

DOM/DMM at my RB760iGS still not wirk with ROS7 (but with ROS6 no problem)

qatar2022 · Thu Jun 09, 2022 5:53 pm

i also have RB4011iGS+, CRS328-24P-4S+Cloud Router Switch, CRS112-8P-4S-IN Cloud Router Switch, hEXs RB760iGS, hEX PoE RB960PGS from 7.2.3 to 7.3 is still reporting ports flaps and all of these are work as bridge only but also RB5009UG reporting ports flaps and it's connected with ISP and all other MT device that I mention connected to RB5009UG so I decided to downgrade to 7.2.3

neatstranger · Thu Jun 09, 2022 6:18 pm

Okay does anyone else have the following issue?

I am using two Mikrotik Audience's, both running 7.3 with WiFi Wave 2.

It seems as though the wave two interface cannot pass traffic when it is on a bridge. I will try to explain with a breakdown.

Audience 1: Standard Router Config (Ether1 is DHCP Client, all other interfaces in Bridge)

Audience 2:(Standard AP Config, all interfaces in bridge)

When I add Aud2:WIFi3(backhaul) to the bridge on Aud2, no traffic traverses the backhaul between the two audiences. However, if I just add a DHCP client to the Aud2:WiFi3 interface, it gets a lease just fine. It seems as though Wave 2 has some problems with Bridge->Bridge connections.

bda · Thu Jun 09, 2022 9:11 pm

OpenVPN works in UDP-mode, but with very slow speed. Dont know why. Playing with settings on client side - no luck for now...
7.3 upgrade still breaks x86-64 installation to bootloop state... Very bad...

ormandj · Thu Jun 09, 2022 9:23 pm

i also have RB4011iGS+, CRS328-24P-4S+Cloud Router Switch, CRS112-8P-4S-IN Cloud Router Switch, hEXs RB760iGS, hEX PoE RB960PGS from 7.2.3 to 7.3 is still reporting ports flaps and all of these are work as bridge only but also RB5009UG reporting ports flaps and it's connected with ISP and all other MT device that I mention connected to RB5009UG so I decided to downgrade to 7.2.3

At least on the CRS328, there's a bug in the software leading to this. 7.4beta2 has the "fix" (disabling a core) and I've been running it for 3 days with no port flaps on SFP+ links. I was having flaps every few minutes ever since 7.x with these devices, which I was able to make better by disabling all disk-activity possible (no more graphing/lease storage/etc) to hourly or so. 7.4beta2 and I've had no flaps since installation. I'm letting it run until next week and if there's still no flaps, then it's "fixed", even if it means a core is disabled. It's absolutely wild it took over 6 months to fix something causing port flaps on many CRS328s (confirmed by many forum members) when it's such an important function of a switch (link stability) but hey, at least it seems better with the beta.

Not sure on your other devices.

rplant · Fri Jun 10, 2022 2:25 am

I probably know what it is, and it's not you, it's RouterOS. I now tested it and it happened between 7.2.1 and 7.2.2. Previously if there were multiple routing tables, local destinations (addresses assigned to router) always had priority and used main routing table, but it doesn't happen anymore. Simplified (incomplete, but shows relevant parts) example:

Hi,
I think the way it is doing it now does make some sense. In the example you are route marking the packet, and
telling it to use gateway x.x.x.x if it has that route mark. It now does exactly that, and nothing more.

I believe the change was related to VRF's. Previously if your customer paying you for use of a VRF had a device with an IP address that was the same as any of the IP addresses on your router(s), you couldn't (easily?) route packets to that device. This seems likely to work now.

bodleytunes · Fri Jun 10, 2022 10:12 am

Hiya,

I upgraded both my RB4011 and my parents RB3011 last night from 7.2.3 to 7.3 and the dhcp client no longer receives and address from Virgin media.

I have eth1 as the upstream internet facing interface with dhcp client on it nothing out of the ordinary. I could see traffic on the external interface so as a stop gap I gave them both static IP's and static default routes (the last IP's they had before upgrading) and its working again.

Ideally it would be nice to have dhcp working again for the internet facing interfaces - god knows what must have changed to stop the dhcp working as I've upgraded these things for 3 + years no problems and never had to downgrade.

Cheers!
Jon.

Ullinator · Fri Jun 10, 2022 10:18 am

@Tenyun: I use the same switch with 7.3, but I have no problems with my 10 and 40GBit SFP connections. I use the following SFP+ modules:
- BROCADE 57-0000075-01
- MikroTik S+85DLC03D
- MikroTik S+DA0001
- MikroTik XS+DA0003
- MikroTik S+RJ10
- HP J9150A-C
For the QSFP+ connections I use (even with autonegotiation on):
- FS QSFP-AO25

All run without problems.

bodleytunes · Fri Jun 10, 2022 10:48 am

what happened to Zerotier? I can't see it anymore, seems to have gone from the interface and cant see in CLI ? My VPNs are down. :(

WeWiNet · Fri Jun 10, 2022 10:49 am

Okay does anyone else have the following issue?
When I add Aud2:WIFi3(backhaul) to the bridge on Aud2, no traffic traverses the backhaul between the two audiences. However, if I just add a DHCP client to the Aud2:WiFi3 interface, it gets a lease just fine. It seems as though Wave 2 has some problems with Bridge->Bridge connections.

As said in my posts I also have incompatibility between ww2 on 7.2 and 7.3. As I only have one audience and use it as main
device I can not further debug for now. MKX suggested it might be a VLAN issue.
I see problems with clients not getting any IP address, which could be VLAN, DHCP server, bridge etc.

Right now I am stuck on 7.2 and can not move.
Mikrotik support is not even answering/commenting , not providing any information what changed
between 7.2 and 7.3 for ww2 package and interaction with bridge/VLAN etc.

So suggest just do what makes it work for you, in 7.4 it will be again all different and you probably need to start over...

bodleytunes · Fri Jun 10, 2022 11:10 am

It seems Zerotier package is disabled, it has an X against it. When I enable it and it says scheduled, I reboot it and its still got the X against it as disabled ??

Fri Jun 10, 2022 11:35 am

Version 7.3.1 with two quick fixes has been released!

What's new in 7.3.1 (2022-Jun-09 11:58):

*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;

lucasasdelli · Fri Jun 10, 2022 11:42 am

Hi, on an RB450G the 7.3 stops icmp management, while keeping routing ok.
After upgrade, no services (ping, winbox, snmp etc) either from outside or from the router itself towards other networks.
Routerboard is 7.3, but even with 7.2.3 was the same.
RouteroS 7.2.3 was fully ok.

Luca

pe1chl · Fri Jun 10, 2022 11:47 am

@lucasasdelli I think that most likely is a configuration issue on your side, start a new topic with a /export of your configuration.
note that configurations using both "ip route rule" and "mangle mark route" will have to be reworked.

IntLDaniel · Fri Jun 10, 2022 12:07 pm

Version 7.3.1 with two quick fixes has been released!

What's new in 7.3.1 (2022-Jun-09 11:58):

*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;

Any chance to fix this viewtopic.php?p=938339#p938337 issue introduced in 7.2.2 (7.2.3)? I have open a SUP-81294 but still no relevant reply. Above post explain everything. Thanks for care about this.

pe1chl · Fri Jun 10, 2022 12:16 pm

Any chance to fix this viewtopic.php?p=938339#p938337 issue introduced in 7.2.2 (7.2.3)?

but that is not "an issue", it is a change in functionality (albeit badly documented).
you will need to fix that in your configuration, I think.

lucasasdelli · Fri Jun 10, 2022 12:17 pm

@lucasasdelli I think that most likely is a configuration issue on your side, start a new topic with a /export of your configuration.
note that configurations using both "ip route rule" and "mangle mark route" will have to be reworked.

Thanks, I'll do it.
Does it relate to 7.3 only? With 7.2.3 it was fine.
Anyway, it was updated together with other 24 ROS machines, one of them does a similar work but with different hardware (mmips). No issues were noticed yet, except this one.

Luca

IntLDaniel · Fri Jun 10, 2022 12:36 pm

RouterOS versions 7.3 and 7.3.1 are released in the "v7 stable" channel!

Hi, on an RB450G the 7.3 stops icmp management, while keeping routing ok.
After upgrade, no services (ping, winbox, snmp etc) either from outside or from the router itself towards other networks.
Routerboard is 7.3, but even with 7.2.3 was the same.
RouteroS 7.2.3 was fully ok.

Luca

I think it is also related to explanation of issue here above viewtopic.php?p=938339#p938337 .

IntLDaniel · Fri Jun 10, 2022 12:44 pm

Any chance to fix this viewtopic.php?p=938339#p938337 issue introduced in 7.2.2 (7.2.3)?
but that is not "an issue", it is a change in functionality (albeit badly documented).
you will need to fix that in your configuration, I think.

If it was an intention (undocumented), why MikroTik support team does not reply to my opened support ticket with that explanation? For me it still souds like an issue and if not, they should provide a solution while i.e. their documented dualWAN solution https://help.mikrotik.com/docs/pages/vi ... d=26476608 probably does not work now.

pe1chl · Fri Jun 10, 2022 12:52 pm

There are already other topics that explain the change and how you can alter your configuration.

IntLDaniel · Fri Jun 10, 2022 12:56 pm

There are already other topics that explain the change and how you can alter your configuration.

OK, please provide at least one related to this "change" in RouterOS?

pe1chl · Fri Jun 10, 2022 2:02 pm

viewtopic.php?t=186638

jimmer · Fri Jun 10, 2022 2:27 pm

Well, I figured I'd risk it.. Upgraded my RB3011 from 7.1.5 to 7.3.1, nope... connections very flaky, sporadic internet through SFP port, CAPsMAN devices on the other side of the SFP flapping - SFP being used is a Cisco AVAGO MultiMode which has worked and does work flawlessly on 7.1.5 and earlier.

I do have a supout and will submit it, Glad I had the 7.1.5 on the second partition to fall back to.

Edit: Supout sent to mikrotik. MikroTik support #[SUP-84369]

Fri Jun 10, 2022 2:28 pm

Regarding the out-of-memory issues - we can not simply determine from logs the cause of the particular issue. Most of times when we receive such reports simply router/switch have a too complex configuration in order to run RouterOS, process traffic, and do everything that is configured on the device. The beauty of RouterOS is that we do not limit you with random limitations, but at the same time you have to understand that there are as many resources as there are. Please note that v7 requires more RAM than v6 so it is possible that v6 was running fine just below the edge of running out of RAM.

Anyway, please provide supout file to support@mikrotik.com so we can examine each case per case.

mozerd · Fri Jun 10, 2022 3:14 pm

Most of times when we receive such reports simply router/switch have a too complex configuration in order to run RouterOS, process traffic, and do everything that is configured on the device. The beauty of RouterOS is that we do not limit you with random limitations, but at the same time you have to understand that there are as many resources as there are. Please note that v7 requires more RAM than v6 so it is possible that v6 was running fine just below the edge of running out of RAM.

@strods ... heeding your comment above is vitally important especially for those that do not understand the relationship between the given device hardware and the memory RESOURCES provided.

Because RoS is very capable providing superb functionality only when the resources [sufficient MEMORY] is present to exploit that functionality DESIRED.

=====>> RoS capability is limited by how much RAM memory is there to unleash the desired functionality in any given device <<=====

IMO, MT needs to provide a Table that spells out the relationship between Memory Resources and functional capabilities

pe1chl · Fri Jun 10, 2022 3:45 pm

IMO, MT needs to provide a Table that spells out the relationship between Memory Resources and functional capabilities

That is likely not realistically possible. Every config item uses memory but it is difficult to specify exactly how much, some of it may be dynamic. And each new version may change the exact numbers so it will cost (waste) a lot of man-hours to keep that table uptodate.
It is best to graph memory usage and watch it to see if you are (sometimes) running close to maximum, and/or of you see a trend (e.g. the wellknown triangle ramp-up followed by reboot indicative of a memory leak).
Sometimes a memory leak may be internal to RouterOS, sometimes it may be "programmed by the user" e.g. because they use an "add to address list" firewall rule, or use "proxy arp" instead of a default route.

jmrackley1 · Fri Jun 10, 2022 3:56 pm

Hiya,

I upgraded both my RB4011 and my parents RB3011 last night from 7.2.3 to 7.3 and the dhcp client no longer receives and address from Virgin media.

I have eth1 as the upstream internet facing interface with dhcp client on it nothing out of the ordinary. I could see traffic on the external interface so as a stop gap I gave them both static IP's and static default routes (the last IP's they had before upgrading) and its working again.

Ideally it would be nice to have dhcp working again for the internet facing interfaces - god knows what must have changed to stop the dhcp working as I've upgraded these things for 3 + years no problems and never had to downgrade.

Cheers!
Jon.

I have this same problem on my RB4011 upgrading from 7.2.3. I tried both 7.3 and 7.3.1 with no luck. DHCP client status on the internet-facing eth1 interface shows "searching...". My cable modem is ARRIS CM8200A.

sajt · Fri Jun 10, 2022 6:20 pm

I've also upgraded an rb4011 and even moving the dhcp client around on different interfaces the device does not receive an address.
My remote hands couldn't insert a tap device between the modem and the router so that I could capture incoming traffic.

Fri Jun 10, 2022 6:24 pm

enable dhcp logs and see if you get anything back from dhcp server.

Fri Jun 10, 2022 6:49 pm

My remote hands couldn't insert a tap

You don’t need one. RouterOS gives it to you out of the box.

Post a pcap file for one of these failed lease requests, and a solution should follow shortly.

sajt · Fri Jun 10, 2022 9:37 pm

My remote hands couldn't insert a tap

You don’t need one. RouterOS gives it to you out of the box.

Post a pcap file for one of these failed lease requests, and a solution should follow shortly.

Yes, I've tried that; BUT here's the kicker it did not capture ANY incoming dhcp packets, which I found odd. I asked someone to pull out the backup hex from the closet and wire that up.
It worked. I did a packet capture and saw dhcp offer and ack packets.
I copied its mac address to the rb4011 and tried again, but I did not capture anything new. I saw the outgoing packets with the new mac address but nothing coming in.
My hunch is that the two switch chips don't pass the dhcp offer packet along to the cpu which is running the packet sniffer.

I'll head out next week to the site, do a tap and see whats going on.

krtinicfix · Fri Jun 10, 2022 9:40 pm

Can confirm that my Xiaomi Mi 11 Lite 5G can connect to WifiWave2 AP on hAP ac3 with WPA3 PSK only and WPA2 and WPA3 combined!
It couldn't connect before if WPA3 were enabled together with WPA2 or if it was enabled by itself, only on WPA2.
Thanks!!

woodych · Fri Jun 10, 2022 9:49 pm

I have a Samsung Tab A8 (SM-X200) which is unable to connect to WiFi since Update of my two 962UiGS-5HacT2HnT to 7.3.1. while it still can connect on other WiFi networks, so the tablet is not broken.
Other devices still can connect to 7.3.1

CapsMan in use.

Is there a known issue?

Going to downgrade to latest 7.2

kevinlukas · Fri Jun 10, 2022 10:21 pm

Me too.

I had the same problem when I upgraded from ROS 7.1.5 to ROS 7.2 or 7.3.1. Specifically, if I use ROS 7.1.5 with MTU 1480 (default), the access points (ARUBA) use normally, but when I upgrade to ROS 7.2 or 7.3.1 with MTU 1492 (default), except for the MikroTik Access Point works stably, other companies' Access Points and Cameras cannot connect to the internet.

My ISP is using MTU 1492 for PPPOE account.

I've tried adjusting TCP MSS changes but absolutely no difference happens.

redbullsteve · Fri Jun 10, 2022 10:26 pm

Just upgraded a CCR2216 from 7.2.3 to 7.3.1, router rebooted and now lost all connection to it, no L2 or L3 access. Router has 3 x 10Gb DAC connection and 1 BGP peer to a CCR1072.

Will try and get logs and SUPOUT for unit and fire to support just thought I would see if anyone else has had an issue upgrading CCR2216

Update - would appear only things working on the unit was the power lights. Console Port did not respond.
power cycle restored the router

woodych · Fri Jun 10, 2022 10:40 pm

Update on my Issue.

Downgraded the two hAP ac back to 7.2.3 (same Version as the CapsMan Manager on a CCR1009).
Issue persists, attempted to boot the Samsung SM-X200 a couple of times. Still unable to connect to WiFi (neither to the WPA2 protected one, nor to my unencrypted Guest Network). Other devices reconnect, no issue.
Disabled CapsMan Manager and turned one of the hAP ac to an stand alone AP. Issue persists. SM-X200 unable to connect. Other devices connect, no issue.

Disabled WiFi on the two hAP ac. Turned on WiFi Hotspot on a mobile, same SSID, same Password.
Immediately all devices around me connect to it. SM-X200 is not listing my SSID, weird! Reboot of SM-X200 it immediately finds my Hotspot and connects.

Enabling WiFi on the two hAP ac, then turing off HotSpot on Mobile phone => Devices in my Home switch to hAP AP's. Including the SM-X200 which now is connected to one hAP ac!

Switching back the the hAP from stand-alone to CapsMan. SM-X200 is staying connected.

I am puzzled....

And yes, I have a PPPoE connection, but what does the PPPoE MTU have to do with the WLAN MTU?

Fri Jun 10, 2022 11:12 pm

it did not capture ANY incoming dhcp packets…the two switch chips don't pass the dhcp offer packet along to the cpu which is running the packet sniffer.

The only way I can think for that to happen is that you have DHCP option 82 filtering going on, and you haven't marked the DHCP server interface as "trusted."

If that isn't it, post your [scrubbed] configuration for a deeper diagnosis.

rplant · Sat Jun 11, 2022 5:22 am

Some thoughts and workarounds for new Routing

What I think routing might now be doing (This is a guess and could easily be wrong)

Step 1 (New Stuff)
Does packet have a Route Mark/Table specified, and does a Route Exist in IP route tables which matches the destination address for the packet , and is specified for that route Mark/Table.
Yes - Use that route, exactly.
No - Goto Step 2

(Old Existing Routing)
Step 2
Look up packet in Routing Rules
Find first rule (if any) that matches and Follow the Rules Action.
(Eg. Lookup in Routing table, Lookup only in Table, etc)

Step 3 (If didn't find a matching Rule in Step 2)
Look up how to process packet in IP Route Table.

Step 3 Optimisation
If get to step 3, (Given step 1) only needs to look up in Main table maybe.

A couple of workarounds for issues this has caused.

Method 1:
In Mangle mark the packets with a new routing mark, that does not exist in the IP Route list, so step 1 doesn't match and is skipped.

Then in Routing Rules, make an unconditional rule for your new routing mark, To look up the IP route table using the old existing route mark. (Either lookup or lookup only in table)
Probably near the top of your Rules.

Downside: More processing steps.

Method 2:
Make the mangle rule, have exceptions in them

# eg. Local addresses accessible by not marking when destination address exists on router.
add action=mark-routing chain=prerouting dst-address-type=!local \
new-routing-mark=via93 passthrough=yes

Method 3: Maybe V7.5 or so
Check the "Skip Routing Step 1" box in IP Settings.

sindy · Sat Jun 11, 2022 10:18 am

it did not capture ANY incoming dhcp packets…the two switch chips don't pass the dhcp offer packet along to the cpu which is running the packet sniffer.

There is a catch - the sniffer does not show even frames that do get to the CPU if they ingress through a bridge member port which is configured for hardware accelerated bridging (hw=yes). It is not a specialty of 7.3, it has been behaving this way since a long time ago, but I hazily remember it did work as expected (frames for CPU being shown, frames for other Ethernet ports being not) for some time after 6.41 where the "new bridge setup" appeared. No idea whether it is a bug or an intention.

So to sniff without an external tap, disable hw=yes on the /interface bridge port row in question.

rextended · Sat Jun 11, 2022 11:22 am

MikroTik staff:

Please change back the internal description of .npk file from generic-for-all-platform "system" to specific "routeros-<platform>" as before,
on this way on Netinstall is possible distinguish the files on list AND on The Dude is possible again to do updates,
because The Dude search (rigtly) "routeros-<platform>" inside internal description and not only "system"

viewtopic.php?t=186576

Thanks.

tbutter · Sat Jun 11, 2022 12:47 pm

I get a bunch of these entries for each of the Nest Cams

dhcp,warning DeviceName offering lease 192.168.1.x for xx:xx:xx:xx:xx:x without success

Same issue here. Nest doorbell battery is not answering to dhcp offers by mikrotik with 7.3.0/7.3.1.

tbutter · Sat Jun 11, 2022 1:32 pm

Looking at the difference: 7.2.3 send the Message Type (53) as the first option.
7.3.1 sorts them by number (option 1, 3, 6...53) and then the offer gets ignored by the nest doorbell

indy · Sat Jun 11, 2022 3:45 pm

RB3011 still suffers from a massive performance penalty with v7 compared to v6 (other devices are fine).
Will that ever get fixed?

mafiosa · Sat Jun 11, 2022 7:24 pm

RB3011 still suffers from a massive performance penalty with v7 compared to v6 (other devices are fine).
Will that ever get fixed?

No they have asked me to upgrade to a more powerful device. So I bought an RB5009. Also rb3011 started to perform worse than HAP AC^2 for the exact same config.

infabo · Sat Jun 11, 2022 11:04 pm

Chateau LTE12 here. Since 7.3.0 there are massive LTE issues. Connection loss but interface says it is up. Happened quite a few times a day. Today with 7.3.1 it lost connectivity without any indications again. On 7.2.3 and below LTE was working rock stable like a champ. Please check Mikrotik!

jimmer · Sun Jun 12, 2022 3:02 am

RB3011 still suffers from a massive performance penalty with v7 compared to v6 (other devices are fine).
Will that ever get fixed?
No they have asked me to upgrade to a more powerful device. So I bought an RB5009. Also rb3011 started to perform worse than HAP AC^2 for the exact same config.

This has been a bit of a long running thing, the RB3011 on paper is quite a capable unit and under 6.x it seemed that way, 7.x downloading 100mbit with 10 firewall rules pegs both cores to 60% usage, i've never seen it drop below 8% at idle.. I have an RB750gr3 on the shelf presently doing nothing but that manages workloads so much better

I do feel that the RB3011 is the Windows ME of the Mikrotik world.. looks ok on surface, questionable performance under the hood. added to this the interface flapping issue which wasn't ever completely resolved but could be mitigated if you keep all your inter vlan traffic on the same switch.

I'll be replacing mine and putting the purchase of it down to a bad decision on my part, I am more than happy with my other Mikrotik devices, I have just never had so many issues upgrading and stability issues as I have with the RB3011, I am surprised that it is still sold.

Sun Jun 12, 2022 4:20 am

No they have asked me to upgrade to a more powerful device. So I bought an RB5009. Also rb3011 started to perform worse than HAP AC^2 for the exact same config.
This has been a bit of a long running thing, the RB3011 on paper is quite a capable unit and under 6.x it seemed that way, 7.x downloading 100mbit with 10 firewall rules pegs both cores to 60% usage, i've never seen it drop below 8% at idle.. I have an RB750gr3 on the shelf presently doing nothing but that manages workloads so much better

I do feel that the RB3011 is the Windows ME of the Mikrotik world.. looks ok on surface, questionable performance under the hood. added to this the interface flapping issue which wasn't ever completely resolved but could be mitigated if you keep all your inter vlan traffic on the same switch.

I'll be replacing mine and putting the purchase of it down to a bad decision on my part, I am more than happy with my other Mikrotik devices, I have just never had so many issues upgrading and stability issues as I have with the RB3011, I am surprised that it is still sold.

Strangely my RB3011's have been flawless for the past 6 or so years. Even on v7 I am able to pull a full gigabit through it with an extensive firewall ruleset.

In saying that, I have always been aware of the switch issues, and make sure to only ever run Gigabit connections into the internal switch, which eliminates the well known flapping issue.

soonwai · Sun Jun 12, 2022 9:16 am

Having ssh problem on RB5009 and 7.3.1.

Brand new RB5009, came with 7.1.x, upgraded to 7.3.1, did most of the configuration in Wnbox and Wnbox Terminal. Only encountered this error when configuring /ip/ssh.

/ip/ssh print results in "error - contact MikroTik support and send a supout file (2)"

kevinlukas · Sun Jun 12, 2022 9:24 am

I am using RB 5009 / CRS 125 / Access Point = Aruba and it got error when updating from ROS 7.1.5 to 7.3.1 with unusable access points (no internet connection)

MTU 1480 = everything works properly
MTU 1492 = access points cannot connect to the internet

And when I kept the same settings, downgraded from ROS 7.3.1 to 7.1.5 and everything worked fine again.

Can anyone help me?

viewtopic.php?t=186567#p938872

jerogabe · Sun Jun 12, 2022 12:36 pm

My rb3011 also lost performance with V7, but I like wireguard and zerotier better than RouterOs6.

donatoroman · Sun Jun 12, 2022 6:01 pm

I upgraded my CRS309 with 7.3 hoping, blindly, that this change here

l3hw-offload on main table only

Would fix the issue where when its enabled it breaks VRF completely. This did not fix the issue and it still remains. FYI if anyone has similar problems.

loloski · Mon Jun 13, 2022 7:28 am

I notice that ipv4-fast-path is not working on v7.3 whilst the same config with v6.48.6 fast-path is working as expected, there were no firewall rules in this machine just BGP and OSPF, is this expected because route cache is no longer available it v7?

[rchan@SS-CRT] > /ip settings/print 
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: loose
          tcp-syncookies: no
    max-neighbor-entries: 8192
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: no
  ipv4-fasttrack-packets: 0
    ipv4-fasttrack-bytes: 0
[rchan@SS-CRT] > /ip firewall/filter/print 
Flags: X - disabled, I - invalid; D - dynamic 
[rchan@SS-CRT] > /ip firewall/nat/print 
Flags: X - disabled, I - invalid; D - dynamic 
[rchan@SS-CRT] > /ip firewall/raw/print 
Flags: X - disabled, I - invalid; D - dynamic 

uptime: 1d15h55m27s
            version: 7.3.1 (stable)
         build-time: Jun/09/2022 08:58:15
   factory-software: 6.44beta41
        free-memory: 14.9GiB
       total-memory: 15.8GiB
                cpu: tilegx
          cpu-count: 72
      cpu-frequency: 1000MHz
           cpu-load: 0%
     free-hdd-space: 81.3MiB
    total-hdd-space: 128.0MiB
  architecture-name: tile
         board-name: CCR1072-1G-8S+
           platform: MikroTik

[rchan@SS-CRT] >

Chupakabra303 · Mon Jun 13, 2022 9:50 am

I have LTE Telit LN940 Mobile Broadband connected to hAP ac lite over USB.
RouterOS versions 7.2.3 (stable) has LTE interface for this modem, but RouterOS versions 7.3.1 has not LTE interface.
I downgrade to 7.2.3 version again.

honzam · Mon Jun 13, 2022 3:54 pm

CubePRO. Upgrade from 7.2.3 to 7.3.1. Client did not boot :(

nexusds · Mon Jun 13, 2022 6:25 pm

I notice that ipv4-fast-path is not working on v7.3 whilst the same config with v6.48.6 fast-path is working as expected, there were no firewall rules in this machine just BGP and OSPF, is this expected because route cache is no longer available it v7?

[rchan@SS-CRT] > /ip settings/print 
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: loose
          tcp-syncookies: no
    max-neighbor-entries: 8192
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: no
  ipv4-fasttrack-packets: 0
    ipv4-fasttrack-bytes: 0
[rchan@SS-CRT] > /ip firewall/filter/print 
Flags: X - disabled, I - invalid; D - dynamic 
[rchan@SS-CRT] > /ip firewall/nat/print 
Flags: X - disabled, I - invalid; D - dynamic 
[rchan@SS-CRT] > /ip firewall/raw/print 
Flags: X - disabled, I - invalid; D - dynamic 

uptime: 1d15h55m27s
            version: 7.3.1 (stable)
         build-time: Jun/09/2022 08:58:15
   factory-software: 6.44beta41
        free-memory: 14.9GiB
       total-memory: 15.8GiB
                cpu: tilegx
          cpu-count: 72
      cpu-frequency: 1000MHz
           cpu-load: 0%
     free-hdd-space: 81.3MiB
    total-hdd-space: 128.0MiB
  architecture-name: tile
         board-name: CCR1072-1G-8S+
           platform: MikroTik

[rchan@SS-CRT] >

Paste From : https://wiki.mikrotik.com/wiki/Manual:Fast_Path (including the spelling mistakes)
IPv4 fast path is automatically used if following conditions are met:

firewal rules are not configured;
firewall address lists are not configured;
Traffic flow is disabled /ip traffic-flow enabled=no restriction removed in 6.33;
Simple and queue trees with parent=global are not configured;
no mesh, metarouter interface configuration;
sniffer, torch and traffic generator is not running;
connection tracking is not active;
ip accounting is disabled (/ip accounting enabled=no);
VRFs are not set (/ip route vrf is empty);
Hotspot is not used (/ip hostspot has no interfaces);
IpSec policies are not configured (ROS v6.8);
no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
/tool mac-scan is not actively used;
/tool ip-scan is not actively used;
route cache must be enabled

donatoroman · Mon Jun 13, 2022 6:48 pm

I upgraded my CRS309 with 7.3 hoping, blindly, that this change here

l3hw-offload on main table only

Would fix the issue where when its enabled it breaks VRF completely. This did not fix the issue and it still remains. FYI if anyone has similar problems.

Adding some outputs to reflect my not understanding of what that change is supposed to do. I enabled l3hw-offload after upgrading to 7.3.1 and as you can see in the output here routes that are tied to another routing table still have the offload enabled on it despite what the change says.

0  AsH 0.0.0.0/0        172.19.0.9                      1
  DAcH 172.19.0.0/24    MainGateway                     0
  DAcH 192.168.15.0/24  Management                      0
  DAcH 192.168.50.0/24  HomeWired                       0
  DAcH 192.168.51.0/24  HomeWiFi                        0
  DAcH 192.168.52.0/24  Server                          0
  DAcH 192.168.53.0/24  Storage                         0
1  AsH 0.0.0.0/0        172.19.80.9@iotnet              1
  DAcH 172.19.80.0/24   IoTGateway@iotnet               0
  DAcH 192.168.80.0/24  IoTDevices@iotnet               0
2  AsH 0.0.0.0/0        172.19.81.9@guestnet            1
  DAcH 172.19.81.0/24   GuestGateway@guestnet           0
  DAcH 192.168.81.0/24  GuestWiFi@guestnet              0
3  AsH 0.0.0.0/0        172.19.82.9@securenet           1
  DAcH 172.19.82.0/24   SecureGateway@securenet         0
  DAcH 192.168.82.0/24  Security@securenet              0

You are given the option to suppress offload on configured routes, but not connected ones. So I'm unclear what this new feature is supposed to do?

harenber · Mon Jun 13, 2022 8:20 pm

I also had to downgrade as my Nest devices do not accept the DHCP offer anymore. wAP devices. CAPsMAN in use.

vannimb · Mon Jun 13, 2022 10:12 pm

Hi all,
i have 7.3.1 installed on a RB760iGS but it is like i lost all the info on the SFP module.
To be honest is an old SFP but all the info on the interface -> sfp tab are missing (is a little while i dont have a lok at teh SFP stats but i remember temperature was there).
The SFP P/N is TP-Link TL-SM321B.

I noticed taht after 7.2 the RB760iGS is rebooting randomly and i dont unerstand why, the only message i see is :
system,error,critical router was rebooted without proper shutdown by watchdog timer

Is it due to the SFP?
May it be due to the board temperature (current temp is 53 celsius)?

Or may it be related to the fact that now the unit operates in a vertical installation (ports on top) instead that on a table?

Many thanks for your cooperation.
Best regards

soonwai · Mon Jun 13, 2022 10:18 pm

Having ssh problem on RB5009 and 7.3.1.

Brand new RB5009, came with 7.1.x, upgraded to 7.3.1, did most of the configuration in Wnbox and Wnbox Terminal. Only encountered this error when configuring /ip/ssh.

/ip/ssh print results in "error - contact MikroTik support and send a supout file (2)"

Found the problem. Here's how to replicate it.
(from "/system/reset-configuration no-defaults=yes")
1. /ip/ssh/set strong-crypto=yes
2. /ip/ssh/regenerate-host-key
3. reply n
(seems fine if Y to regenerate-host-key)

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 7.3.1 (c) 1999-2022       https://www.mikrotik.com/

Press F1 for help

Change your password
new password> ********
repeat new password> ********

Password changed
[admin@MikroTik] > /ip/ssh/print 
           forwarding-enabled: no
  always-allow-password-login: no
                strong-crypto: no
            allow-none-crypto: no
                host-key-size: 2048
[admin@MikroTik] > /ip/ssh/set strong-crypto=yes 
[admin@MikroTik] > /ip/ssh/regenerate-host-key 
This will regenerate current SSH host keys, yes? [y/N]: 
N
action cancelled

[admin@MikroTik] > /ip/ssh/print 

error - contact MikroTik support and send a supout file (2)
[admin@MikroTik] >

ingdaka · Tue Jun 14, 2022 3:04 am

CCR 2004-16G-2S+ Just upgraded! Everything was OK, except one of BGP peers toward an v6 CCR, was failing. No logs from 2004, but from v6 router was "connection refused". Managed to bring it UP with setup Local Address on BGP Connection on 2004 side!

infabo · Tue Jun 14, 2022 8:46 am

Again. After about 6h of device uptime, Connection to Internet dropped. lte1 Interface says it is up. But no default route nor any route belonging to lte1 visible at /routing/route. After disabling und enabling lte1 interface, link goes up again with all routes in place. What is wrong with 7.3.1? What can I provide to support@mikrotik.com here? A support.rif after lte1 went down?

loloski · Tue Jun 14, 2022 3:18 pm

[rchan@SS-CRT] > /routing/stats/memory/print 

error - contact MikroTik support and send a supout file (3)
[rchan@SS-CRT] >

loloski · Tue Jun 14, 2022 3:38 pm

I notice that ipv4-fast-path is not working on v7.3 whilst the same config with v6.48.6 fast-path is working as expected, there were no firewall rules in this machine just BGP and OSPF, is this expected because route cache is no longer available it v7?
Code: Select all
[rchan@SS-CRT] > /ip settings/print 
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: loose
          tcp-syncookies: no
    max-neighbor-entries: 8192
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: no
  ipv4-fasttrack-packets: 0
    ipv4-fasttrack-bytes: 0
[rchan@SS-CRT] > /ip firewall/filter/print 
Flags: X - disabled, I - invalid; D - dynamic 
[rchan@SS-CRT] > /ip firewall/nat/print 
Flags: X - disabled, I - invalid; D - dynamic 
[rchan@SS-CRT] > /ip firewall/raw/print 
Flags: X - disabled, I - invalid; D - dynamic 

uptime: 1d15h55m27s
            version: 7.3.1 (stable)
         build-time: Jun/09/2022 08:58:15
   factory-software: 6.44beta41
        free-memory: 14.9GiB
       total-memory: 15.8GiB
                cpu: tilegx
          cpu-count: 72
      cpu-frequency: 1000MHz
           cpu-load: 0%
     free-hdd-space: 81.3MiB
    total-hdd-space: 128.0MiB
  architecture-name: tile
         board-name: CCR1072-1G-8S+
           platform: MikroTik

[rchan@SS-CRT] >
Paste From : https://wiki.mikrotik.com/wiki/Manual:Fast_Path (including the spelling mistakes)
IPv4 fast path is automatically used if following conditions are met:

firewal rules are not configured;
firewall address lists are not configured;
Traffic flow is disabled /ip traffic-flow enabled=no restriction removed in 6.33;
Simple and queue trees with parent=global are not configured;
no mesh, metarouter interface configuration;
sniffer, torch and traffic generator is not running;
connection tracking is not active;
ip accounting is disabled (/ip accounting enabled=no);
VRFs are not set (/ip route vrf is empty);
Hotspot is not used (/ip hostspot has no interfaces);
IpSec policies are not configured (ROS v6.8);
no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
/tool mac-scan is not actively used;
/tool ip-scan is not actively used;
route cache must be enabled

[rchan@SS-CRT] > /ip firewall/connection/tracking/print
                   enabled: no
      tcp-syn-sent-timeout: 0ms
  tcp-syn-received-timeout: 0ms
   tcp-established-timeout: 0ms
      tcp-fin-wait-timeout: 0ms
    tcp-close-wait-timeout: 0ms
      tcp-last-ack-timeout: 0ms
     tcp-time-wait-timeout: 0ms
         tcp-close-timeout: 0ms
   tcp-max-retrans-timeout: 0ms
       tcp-unacked-timeout: 0ms
        loose-tcp-tracking: no
               udp-timeout: 0ms
        udp-stream-timeout: 0ms
              icmp-timeout: 0ms
           generic-timeout: 0ms
               max-entries: 1048576
             total-entries: 0
[rchan@SS-CRT] >

I think i found the issue firewall address list is not empty because of BGP and route cache is not available in ros v7, the rest of the requirements on the above post has been met

emsi · Tue Jun 14, 2022 9:30 pm

We also discovered a bug with v7.3.1 on the CRS354-48P-4S+2Q+RM. From v7.2.3 to v7.3 (1) rules under "/interface/ethernet/switch/rule" do not work as expected anymore. For example on uplink port "ether48" following rule drops all traffic from downstream ports ether1-ether47 as well as the device itself towards port ether48:

add new-dst-ports="ether48" ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,e\ther21,ether22,ether23,ether24,ether25,ether26,ether27,ether28,ether29,ether30,ether31,ether32,ether33,ether34,ether35,ether36,ether37,ether38,ether39,ether40,ether41,ether42,ether43,ether44,ether45,ether46,ether47" switch=switch1

As soon as you enable this rule, devices on ether1-ether47 are not able to communicate with devices on ether48 anymore. Even worse you are not able to access the switch itself via ether48 with ssh or mactelnet anymore. It works as expected on v7.2.3 as well as on CRS328P even with v7.3.1. Bug is already reported to Mikrotik. We use this setup (quite more advanced) since years on hundreds of MT switches, no issues (but a lot other) like that before.

This serious bug is very annoying. We had to drive hundreds of kilometres to get back on the switch with the serial console to disable this rule.

k0st3k · Wed Jun 15, 2022 3:38 am

....7.3 upgrade still breaks x86-64 installation to bootloop state... Very bad...

same

Cant upgrade x86. System go off. When trying to start it says :
Starting.....
soscket: Address family not supported by protocol
startind devices....
CHR can run only on x86_64

heh i try donwload iso and install .... same thing.

7.1.1 > 7.2.1
7.1.1 > 7.3.1
Same problem with 7.2
Dell R420 without virtualization. Trying to install 7.1.1+ from iso x86. Instalation pass but cant run system. Cant upgrade 7.1.1 to 7.2 or 7.2.1 or whatever...... System not running after reboot. 7.1.1 working but sometimes reboot without reason....

WeWiNet · Wed Jun 15, 2022 10:40 am

Can you give more information how VLAN tagging works on 7.3 (versus 7.2/7.1/7.0)?
Nothings should have changed, however in versions since 7.1beta to 7.2.1 (those I checked) worked incorrectly. Setup: audience running wifiwave2 drivers, configured something like this:
Code: Select all
/interface bridge
add name=bridge frame-types=admit-only-vlan-tagged vlan-filtering=yes
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=wifi1 pvid=42  # the 2GHz radio
/interface bridge vlan
add bridge=bridge tagged=ether1 untagged=wifi1 vlan-ids=42
didn't work, wifi interface had to be set with "frame-types=admit-only-vlan-tagged" ... which is obviously wrong as wireless interface nominally doesn't know anything about VLAN tags (wifiwave2 driver doesn't offer the "vlan-mode=... vlan-id=..." properties). This was fixed with 7.2.3 (possibly with 7.2.2, but that release broke wifiwave2 driver completely).

Had finally time to check this, indeed switching frame types to admit-only-untagged-and-priority-tagged from admit-only-vlan-tagged solved it!
Thank you so much MKX, without ones like you Mikrotik customers would be lost ...

DoubleDB · Wed Jun 15, 2022 12:44 pm

Hotspot is bugged, not working correctly. ROS 7.3.1
IP->Hotspot only, no "User Manager".
User added, Profile added, no limits on sessions / traffic.

I connect with a testuser, run a speedtest - it completes normally.
I run a 2nd speedtest after the first one - no internet, unable to open any website.
Hotspot still detects my session as active, idle 0±1 seconds, but nothing goes through.

Thu Jun 16, 2022 10:21 am

I upgraded my CRS309 with 7.3 hoping, blindly, that this change here

l3hw-offload on main table only

Would fix the issue where when its enabled it breaks VRF completely. This did not fix the issue and it still remains. FYI if anyone has similar problems.

Adding some outputs to reflect my not understanding of what that change is supposed to do. I enabled l3hw-offload after upgrading to 7.3.1 and as you can see in the output here routes that are tied to another routing table still have the offload enabled on it despite what the change says.
Code: Select all
0  AsH 0.0.0.0/0        172.19.0.9                      1
  DAcH 172.19.0.0/24    MainGateway                     0
  DAcH 192.168.15.0/24  Management                      0
  DAcH 192.168.50.0/24  HomeWired                       0
  DAcH 192.168.51.0/24  HomeWiFi                        0
  DAcH 192.168.52.0/24  Server                          0
  DAcH 192.168.53.0/24  Storage                         0
1  AsH 0.0.0.0/0        172.19.80.9@iotnet              1
  DAcH 172.19.80.0/24   IoTGateway@iotnet               0
  DAcH 192.168.80.0/24  IoTDevices@iotnet               0
2  AsH 0.0.0.0/0        172.19.81.9@guestnet            1
  DAcH 172.19.81.0/24   GuestGateway@guestnet           0
  DAcH 192.168.81.0/24  GuestWiFi@guestnet              0
3  AsH 0.0.0.0/0        172.19.82.9@securenet           1
  DAcH 172.19.82.0/24   SecureGateway@securenet         0
  DAcH 192.168.82.0/24  Security@securenet              0
You are given the option to suppress offload on configured routes, but not connected ones. So I'm unclear what this new feature is supposed to do?

According to the L3HW Feature Support table, VRF has N/A status, meaning that "N/A - the feature is not available together with L3HW. Layer 3 hardware offloading must be completely disabled (switch l3-hw-offloading=no) to make this feature work." We have plans to implement L3HW VRF support in the future, but it is not ready yet.

The workaround in RouterOS v7.3 has been added to address the issue where routes from different routing tables were mixed, resulting in a mess. In v7.3, only routes from the "main" routing table are offloaded while the rest are ignored. VRF still is NOT supported by L3HW, but at least now, L3HW does not get broken (leading to the unresponsive router) by VRF. To use VRF, you must either disable l3-hw-offloading completely (on the switch level) or disable it on the port or/and subnet level.

For example, you have the following route:

/ip/route add dst-address=10.0.0.0/8 gateway=192.168.1.1 routing-table=intranet

L3HW ignores the above route because it belongs to the "intranet" routing table, not the "main". The switch chip keeps routing 10.0.0.0/8 traffic via the default gateway (or wherever the main table routes it). To make VRF work, you have to disable l3hw either on the switch or respective ports or create a switch rule to redirect the affected subnet to the CPU for the VRF matching. For instance:

/interface/ethernet/switch/rule add dst-address=10.0.0.0/8 ports=sfp-sfpplus1,sfp-sfpplus2 redirect-to-cpu=yes switch=switch1

The "H" flag next to the routes from other routing tables means that the route is a subject for offloading. In other words, the switch driver may consider the route for offloading. However, In v7.3, the switch driver ignores those routes due to the facts described above.

bpwl · Thu Jun 16, 2022 7:23 pm

Not so pleasant experience with upgrade 6.49.6 to 7.3.1 Needed all trust in Mikrotik to continu till success.

Case: Omnitik ac used as main router to internet. (It is almost a hEX PoE, with one extra 5 GHz WLAN, WLAN is not used here, the Omnitik was just available)

Wanted to test the current state of the User Manager V5 as wifi Radius server. AP's that make the connection are hAP ac2 and wAP ac. The hEX with Dude is doing the monitoring, but is still on ROS6.

So upgraded Omnitik from 6.49.6 to 7.3.1. Went smoothly.
Added the extra package User Manager 7.3.1.
Reboot for install, all OK.
Started User Manager . But could not log in to network with Radius.

Hmmmm, "Files" on Omnitik indicated 0% free. The User Manager database, as small as it is, used the rest of the free space, and might have a problem.

Prepared a USB stick , just to move the User Manager database, and the hope to free some space. Even as there are no extra files , except the skin files;

Plugged in the USB. USB did not appear in Files. So did reboot.
Omnitik bricked???? Ethernet LED's went out, no more communication.
Ethernet LED's went out after some seconds, after every power-reboot.
Removed the USB stick as this was the last modification.
No luck.

So this means Netinstall. Stopped all interfaces on the PC (wifi and also the Virtualbox interfaces), stopped the firewall. Re-read all instructions, also for the Omnitik PXE mode boot.
Took much longer than expected to succeed a Netinstall.

Eventually succeeded with the Netinstall.

Added the User manager package in files to the USB stick (Disk1). Reboot did NOT install that package.
Moved the npk to /Flash. Same outcome, no install of user manager. Reloaded the package from Mikrotik. Copied to /flash, no installation!
Forrmatted USB, ejected the disk. No install of the User manager package after reboot.
Physically removed the USB.
Install succeeded with reboot.

Modified database of User manager (before start) to point to the USB.
But quite some um5-files still go to flash.

12% free ... and if this ever gets full, then bricked !?

pe1chl · Thu Jun 16, 2022 7:28 pm

Not so pleasant experience with upgrade 6.49.6 to 7.3.1 Needed all trust in Mikrotik to continu till success.
Wanted to test the current state of the User Manager V5 as wifi Radius server. AP's that make the connection are hAP ac2 and wAP ac.

To use user-manager on a 16MB flash device, you have to be masochist...

bpwl · Fri Jun 17, 2022 12:20 am

Netinstall at least delivered 11% free space, much better than the upgrade (!?). It is reduced now to 8%.
Data base is on the USB stick, which has 1800 MB free. The hEX has his 16 GB SD card.

The "thing" is up and running well now. It's a little network with AP's accepting users via Radius on several VLAN.
Omnitik (hEX PoE) and hEX splitting the task for internet connection with different setups (eg hEX is DHCP server and creates queue's on the fly based on script.)
Omnitik has the V5 User Manager. Adding the username in attribute "Mikrotik Wireless Comment", makes the used user visible on the hEX with 'Dude/Router Info/registration'

Getting closer to RSSO ? (Radius single signon) As now the already signed on user via wifi EAP authentication, is visible for the internet facing routers when registered.
IP addresses could be added to the username-address-list or the dynamic queues could get the proper username-based parent queue.
Limits per device and user are possible. (Internet limits are more an issue than wifi LAN limits.)

Thought that Radius accounting should have been needed as information source. The L4 ROS license however only allows for 19 simultaneous RADIUS sessions in accounting.

anserk · Fri Jun 17, 2022 5:32 am

Upgraded hAP ac2 to 7.3.1, uptime is now 5 days. No issues (my configuration is fairly simple). One thing I noticed is RAM utilization is much better. It used to be ~30MB free most of the time, now it is ~52MB free.

kos · Fri Jun 17, 2022 11:25 am

The BGP option output.default-originate=always doesn't work correctly. It actually filters all output announcements. It works only if default is installed.

biba · Fri Jun 17, 2022 12:10 pm

After updating from v6. to v7 still not working vpls bgp-ad in new version v7.3.1 bgp session with juniper failing after enabling bgp vpls.

Jun 17 11:00:16 R1 rpd[16571]: bgp_rcv_nlri:10412: NOTIFICATION sent to 172.20.200.36 (Internal AS 65001): code 3 (Update Message Error) subcode 10 (bad address/prefix field), Reason: peer 172.20.200.36 (Internal AS 65001) UPDATE prefix length 196608 exceeds prefix data remaining (11 bytes)
Jun 17 11:00:16 R1 rpd[16571]: Received malformed update from 172.20.200.36 (Internal AS 65001)
Jun 17 11:00:16 R1 rpd[16571]: Family inet-unicast, prefix 0.0.0.0/0

/routing/bgp> export
# jan/02/1970 20:57:38 by RouterOS 7.3.1
# software id = 5MDU-M7AF
#
# model = CCR2004-1G-12S+2XS
# serial number = D4F00EF910F6
/routing bgp template
add address-families=ip,l2vpn-cisco as=65001 disabled=no multihop=yes name=MX-vpls output.redistribute=connected router-id=172.20.200.36 routing-table=main
/routing bgp connection
add address-families=ip,l2vpn,l2vpn-cisco as=65001 connect=yes disabled=no listen=yes local.address=172.20.200.36 .role=ibgp multihop=yes name=odin output.redistribute="" remote.address=192.168.67.0 \
.as=65001 router-id=172.20.200.36 routing-table=main templates=MX-vpls
/routing bgp vpls
add bridge=v980 cisco-id=172.20.200.36&6879:980 disabled=no export-route-targets=6879:980 import-route-targets=6879:980 name=v980 pw-control-word=disabled pw-type=raw-ethernet rd=6879:980

old working configuration :
/interface vpls> export
# jun/17/2022 12:05:30 by RouterOS 6.49.6
# software id = IFP0-DET2
#
# model = CCR2004-1G-12S+2XS
# serial number = D4F00D429DF4
/interface vpls cisco-bgp-vpls
add bridge=v980 bridge-horizon=1 export-route-targets=6879:980 import-route-targets=6879:980 l2router-id=172.20.200.52 name=v980 pw-mtu=1552 route-distinguisher=6879:980 use-control-word=no vpls-id=6879:980

Maybe I'm doing something wrong in the new version?

bpwl · Fri Jun 17, 2022 1:14 pm

Klembord-2.jpg

Where did that 11% or even 8% of free flash go? No extra files to be seen since 8% on Jun/16. There was 1.8MB, but now its gone.
ROS on MT device will probably not survive a reboot with full flash?

Usermanager database sqlite is on disk2. But flash filled up.
LOG file is normally visible.

Sob · Fri Jun 17, 2022 6:40 pm

Couldn't connect to ac3 after some time after upgrade.
The same situation was when I've tried upgrade from 7.2.1 to 7.2.3.

And you do something with routing marks, right? If so, then it's this. And it looks like the change was intentional, so you'll have to change your mangle rules to not mark traffic to router (e.g. using dst-address-type=!local).

npyoung · Fri Jun 17, 2022 7:10 pm

If you don't mind going out of business you'll love upgrading to 7.31. it's absolutely blowing our network up, with all sorts of ospf related errors. Upgraded from 6.49 to this thing, in stages, following the advice that these kind of routing errors would be solved by upgrading adjacent routers to 7.31. Now the whole network is screwed, and downgrading isn't an option, because if you do, it will brick your hardware. I've got two pieces of equipment on my bench which cannot even be brought back from the dead by net boot after trying to downgrade from 7.31 to 6.49. Probably the worst of it, I have a piece of equipment high up in a Douglas fir tree that bricked itself when it got upgraded to 7.31. So now there's a climb with a new piece of equipment which is very hard to get a hold of these days, as I've waited a week. I've been running Mikrotik hardware and software for two decades, and this is the worst thing that has ever happened.

Znevna · Fri Jun 17, 2022 7:14 pm

If you don't want to go out of business probably you should've made some tests with these upgrades on equipment that wasn't "live".

howdey57 · Fri Jun 17, 2022 8:01 pm

Hiya,

I upgraded both my RB4011 and my parents RB3011 last night from 7.2.3 to 7.3 and the dhcp client no longer receives and address from Virgin media.

I have eth1 as the upstream internet facing interface with dhcp client on it nothing out of the ordinary. I could see traffic on the external interface so as a stop gap I gave them both static IP's and static default routes (the last IP's they had before upgrading) and its working again.

Ideally it would be nice to have dhcp working again for the internet facing interfaces - god knows what must have changed to stop the dhcp working as I've upgraded these things for 3 + years no problems and never had to downgrade.

Cheers!
Jon.
I have this same problem on my RB4011 upgrading from 7.2.3. I tried both 7.3 and 7.3.1 with no luck. DHCP client status on the internet-facing eth1 interface shows "searching...". My cable modem is ARRIS CM8200A.

I have the same problem on Virgin Media in Modem Mode. I can sometimes get an ip if I take the VM router out of modem mode.

sirbryan · Fri Jun 17, 2022 10:54 pm

If you don't want to go out of business probably you should've made some tests with these upgrades on equipment that wasn't "live".

While I agree in principle, this kind of response is pointless and over-used. It certainly doesn't help the poster's situation any. And it doesn't help that MikroTik is pushing all these releases out as "stable." Of course by now, most of us know better, but when MikroTik's team come on the forum and tell us "It works fine in our network," out of desperation we sometimes jump the gun.

Likewise, it is one thing when you are testing two or three devices on a bench. But just because the devices pass the bench test doesn't mean the deployment will work in the real world. You can't simulate everything, and it's nigh impossible to simulate how 100 different devices will work with each other.

Additionally, many ISP's and small businesses who base their networks on MikroTik are a one-man show and simply don't have the resources to spend hours (or days/weeks) testing every corner case.

As for me, I'm running 7.2.x or 7.3 on my arm64 CCR devices (because I don't have a choice) and testing v7 features on a couple of CHR's, RB4011's and hAP AC3's. All other production routers or switches are running 6.47/8/9.x and all radios are on 6.49.x.

To @npyoung, post your OSPF configs (namely filters and redistribution settings). I found a few combinations that would take the network down when ROS7 devices connected.

Znevna · Fri Jun 17, 2022 10:57 pm

The thing is, nobody is forcing anyone to upgrade their production equipment to RouterOS v7.
If it works, don't fix it.
I know, I know, this response is pointless and overused too.
But is it? Because every now and then comes some *admin complaining that he lost his devices after upgrading from v6 to v7.
You can't upgrade a linux kernel from 3.3.5 to 5.6.3 and expect everything to work fine.
Not gonna even talk about everything that changed around it.

sirbryan · Fri Jun 17, 2022 11:09 pm

But if a vendor's support tells him that the next version of software will fix the problem they're having, and they do what the vendor says, and it breaks everything, isn't there some liability on the part of the vendor? Doesn't the customer have a right to complain about a failed upgrade process (not just once but multiple times, when following vendor's instructions)?

Fri Jun 17, 2022 11:12 pm

Small problem here...
The vendor is not the producer/designer.
So who is liable then ?

Znevna · Fri Jun 17, 2022 11:17 pm

But if a vendor's support tells him that the next version of software will fix the problem they're having, and they do what the vendor says, and it breaks everything[...]

What issue was fixed that pushed admins to upgrade to v7 their core networking equipment?

rextended · Fri Jun 17, 2022 11:23 pm

I have all my production devices (over 4000) on 6.46.8 long-term (2020 Oct 29), from border router to AP of end user (the AP of end users are not counted, and not updated, except for exploits),
and I have just one RB5006 device with 7.2.3 (netinstalled), obviously v7, and actually I have no one single problem with that version.
Just from the last week I'm mass updating by hand, on terminal, near 500 devices with 6.48.6 long-term (2021 Dec 03).
But before do such upgrade, I wait near 1 year and do, near everyday, tests, read forum and study the impact of that change...

On less word: who really works, change version on production only when forced from exploits, or slowly after thousands of tests.

Znevna · Fri Jun 17, 2022 11:26 pm

I run my critical ones still with 6.46.7, I remember 6.46.8 broke something I didn't like to be broken.

howdey57 · Fri Jun 17, 2022 11:47 pm

I wanted winguard on my router so went to v7. Today has knocked my confidence in the upgrade process so I'm going to lag behind from now on.

npyoung · Sat Jun 18, 2022 8:21 am

I have all my production devices (over 4000) on 6.46.8 long-term (2020 Oct 29), from border router to AP of end user (the AP of end users are not counted, and not updated, except for exploits),
and I have just one RB5006 device with 7.2.3 (netinstalled), obviously v7, and actually I have no one single problem with that version.
Just from the last week I'm mass updating by hand, on terminal, near 500 devices with 6.48.6 long-term (2021 Dec 03).
But before do such upgrade, I wait near 1 year and do, near everyday, tests, read forum and study the impact of that change...

Indeed that should have been the approach I took. My confidence in Mikrotik was far too high, and I was driven by past incidences of hacks via Winbox a few years ago, to a place where I thought I should keep up with the latest stable updates for security reasons.

That said, has anybody been able to downgrade to 6.x from 7.x? When I tried it on some fortunately surplus bench devices I turned them into door stops. Can't even get them to go through the net boot process.

MEDO11 · Sat Jun 18, 2022 9:27 am

That said, has anybody been able to downgrade to 6.x from 7.x? When I tried it on some fortunately surplus bench devices I turned them into door stops. Can't even get them to go through the net boot process.

i did, i downgraded my test unit at work which had a 7.2.1 stable at the time to lts 6.48.6, it's a rb2011. I just put the downgrade file in files list and wrote in terminal:
/system package downgrade;
/system reboot;
and the thing did the downgrade no issues. After that i did the routerboard update and again no issues...
I followed this guide: https://help.mikrotik.com/docs/display/ ... g+RouterOS

I have a hap ac3 at home, and waited a week to see the reactions on this release before pushing it to my router, since last time i did the update on the same day it got out and bricked my device...update to 7.3.1 went thru with no issues. And they finnaly fixed the wlan led

npyoung · Sat Jun 18, 2022 6:33 pm

Thanks MED001. I'll give it a try.

npyoung · Sat Jun 18, 2022 7:41 pm

If you don't want to go out of business probably you should've made some tests with these upgrades on equipment that wasn't "live".
While I agree in principle, this kind of response is pointless and over-used. It certainly doesn't help the poster's situation any. And it doesn't help that MikroTik is pushing all these releases out as "stable." Of course by now, most of us know better, but when MikroTik's team come on the forum and tell us "It works fine in our network," out of desperation we sometimes jump the gun.

Likewise, it is one thing when you are testing two or three devices on a bench. But just because the devices pass the bench test doesn't mean the deployment will work in the real world. You can't simulate everything, and it's nigh impossible to simulate how 100 different devices will work with each other.

Additionally, many ISP's and small businesses who base their networks on MikroTik are a one-man show and simply don't have the resources to spend hours (or days/weeks) testing every corner case.

As for me, I'm running 7.2.x or 7.3 on my arm64 CCR devices (because I don't have a choice) and testing v7 features on a couple of CHR's, RB4011's and hAP AC3's. All other production routers or switches are running 6.47/8/9.x and all radios are on 6.49.x.

To @npyoung, post your OSPF configs (namely filters and redistribution settings). I found a few combinations that would take the network down when ROS7 devices connected.

When I get the office connected to the network again, hopefully tomorrow, I'll post some of that stuff.

My use of ospf has been dead simple, following the examples in the Mikrotik guide on ospf. And they worked beautifully, through many major revisions. The only thing that might have been a problem, and it turns out it wasn't, was setting up a loopback address and using that as the ID of the router instead of one of the ethernet IP addresses. It seems like the problem manifests itself in storms across the network. This isn't a huge network, perhaps 50 routers in all, and many of those point-to-point Mikrotik backhauls. There are three separate logical networks that connect into the core router, and I suppose I could set up three areas to reduce ospf chatter across the entire network, but I avoided such complexity simply because it was working fantastically well under v6.x and everything before it.

And an update on the bricking issue. I noticed last night when I was sitting next to our core router that's co-located at our fiber providers NOC, that there is one specific labelled port that is used for netbooting. Sounds obvious, Mikrotik has been so carefree that I haven't done a net boot in probably two years. Turns out that's also the case for the hex S, (without the labeling) that I was using as my test system. Eth 1. So it's running happily on v6.48.6. Now 7.31 after a bit of breath holding. And back to 6.48.6 I'm happy to report. It does take quite a bit of time on this minimal hardware... patience is advised.

amsteen · Sat Jun 18, 2022 10:25 pm

I have mikrotik router 951G-2HnD and I upgrade it to v 7.3.1 stable to get zerotier package
After upgrade every thing is working as normal but I can not find zerotier package.

Please help

biomesh · Sat Jun 18, 2022 10:35 pm

zerotier is only available for arm devices.

Sat Jun 18, 2022 11:28 pm

zerotier is only available for arm devices.

And for those devices it needs to be added through extra packages.

bpwl · Sun Jun 19, 2022 12:33 am

Not so pleasant experience with upgrade 6.49.6 to 7.3.1 Needed all trust in Mikrotik to continu till success.
Wanted to test the current state of the User Manager V5 as wifi Radius server. AP's that make the connection are hAP ac2 and wAP ac.
To use user-manager on a 16MB flash device, you have to be masochist...

Well it seems the User Manager is not the problem.

Got locked out several times more, just after reboot.

Re-installed ROS 7.3.1 through Netinstall. No User manager added The lockout still happens after some reboots.
There is no way to get in. Ethernet ports are active for some seconds, then the LED's are out, and stay out.

Never worked with MT devices in ROS6 where I could not get in at all.

Downgraded (Netinstall) to 6.49.6 since those hard lockouts in ROS7.3.1 make that version very annoying.

pe1chl · Sun Jun 19, 2022 11:50 am

I am not currently running that version anywhere so I cannot confirm it. I have a 16MB flash device (hAP ac2) currently running 7.4beta4 and I have not seen that problem there. Sure it uses a large portion of the 16MB, currently 1.7MB is available. I think it was a BAD decision to manufacture so many devices with 16MB flash. But that is another topic...

stroebs · Sun Jun 19, 2022 6:54 pm

Regarding the Nest cam issue when upgrading to 7.3.x, this is what I found:
The DHCP Offer has re-ordered options compared to 7.2.x.

7.2.1 DHCP Offer:

7.2.1-successful-dhcp-offer.png

7.3.1 DHCP Offer:

7.3.1-failed-dhcp-offer.png

You will notice that the options are now in numerically sorted order in 7.3.x, which dhcpcd-5.5.6 (which is in use on Nest hardware, and clearly a ludicrously old version) does not seem to support.

mkx · Sun Jun 19, 2022 7:08 pm

@stroebs: if you find a standard (RFC) which requires particular ordering of options inside DHCP offer, then you can file bug report with MT. If you don't find it (quite likely), then ... I'm sorry, mate.

obscurus · Sun Jun 19, 2022 7:17 pm

fetch has been broken with ftp connect after 7.3.1 update:

/tool fetch address=ip port=21 user="user" password="pass" upload=yes mode=ftp src-path="backupfile.backup" dst-path="/path/Backup/Mikrotiks/MY/backup-2022jun19.backup"
status: failed

failure: Unrecognized FTP server response: The local time is: Sun Jun 19 19:13:28 2022
230 User user logged in

but if i connect from total commander and others clients - all is ok.

Service proftp

Sob · Sun Jun 19, 2022 9:11 pm

If you use GUI, dst-address-type is on Extra tab.

As for what's intentional, routing marks having highest priority definitely is. So most common surprise for users will be that when you mark routing and given routing table has default route, then basically routing rules no longer apply to such packets. If you want some exclusions, you have to handle it using mangle rules and not mark it at all. Special case is when destination is local address, that was previously hardcoded to always go to router, regardless of routing marks and routing rules. That's now gone too and whether that's intentional, there's some doubt, but if you treat it as if it is, you can't go wrong.

tg34 · Mon Jun 20, 2022 11:29 am

Container feature is not available on every architecture. Will be available on architecture such as MMIPS or mipsbe ? Or actual available architectures list is definitive ?

Mon Jun 20, 2022 11:31 am

Only x86, arm and arm64.

Sob · Mon Jun 20, 2022 2:31 pm

@McStar: If router's address is definitely not in ToVpn list, then it looks like something else. Make a new thread and post your whole config there.

Mon Jun 20, 2022 2:39 pm

Container feature is not available on every architecture. Will be available on architecture such as MMIPS or mipsbe ? Or actual available architectures list is definitive ?

It makes little sense to release MMIPS or others, since it will not be easy to find any programs that run on MMIPs. Certainly not Pihole or other common docker containers will work there.

pe1chl · Mon Jun 20, 2022 2:45 pm

Of course anyone with a bit of determination can cross-compile programs for e.g. MIPSBE. For MIPSBE, MetaRouter exists and people have compiled OpenWRT to run on that!
MMIPS of course is a different matter as there are only two devices with that architecture, and they are too small to run any extra things.

jbl42 · Mon Jun 20, 2022 2:52 pm

Only x86, arm and arm64

Architectures supported by Docker are

ARM

ARM 64

IBM POWER

IBM Z

PowerPC 64 LE

x86

x86-64

Docker does not support MIPS or Tilera (TILE support anyway was removed from official Linux kernels in 2018).
While technically Docker most likely could be ported to Linux/MIPS or Linux/Tile, there still would not be any prebuilt images available in the docker repos for those architectures.

The whole Embedded Linux world has a strong tendency to move towards ARM/ARM64, based on the huge investments into this platform driven by the Smartphone world.

pe1chl · Mon Jun 20, 2022 3:38 pm

Isn't that just "architectures supported by dockerhub"?
When you compile your own binaries, you could use any architecture, of course easiest is to use the architectures supported by gcc.
Using a couple of simple commands (that take quite some time to run and use up quite some diskspace) you can create a gcc cross-compilation environment on your Linux PC, I have done that several times in the past to compile programs for unusual architectures.

Mon Jun 20, 2022 4:58 pm

Isn't that just "architectures supported by dockerhub"?

No, it's "architectures supported by Docker," period:

$ docker buildx ls
...linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6

There is no MIPS toolchain for Docker for a number of reasons:

There is no MIPS backend for the Go compiler that Docker is based on.
The Linux kernel tech underpinning Docker requires certain CPU virtualization features. It may be that the small embedded SoCs MikroTik uses wouldn't support Docker even if the prior problem were addressed.
Small embedded SoCs will not have the resources to run most containers. The nature of Docker is to pack separate copies of core libraries like libc around inside each container. People brag about getting bare-bones containers down to 5 MiB or so, but that's a huge slice of a 16 MiB device. Add an actual application atop that, plus storage for the application's use, and you might not have space even to store it in flash, much less get it to boot.

pe1chl · Mon Jun 20, 2022 5:30 pm

Ok... I guess my assumptions about what Docker really does were wrong (I only have experience with Docker images running within a amd64 system). I thought it was process-based only.
However, the issue of storage size is completely orthogonal to processor architecture. MikroTik makes (far too many) 16MB devices with ARM architecture, but also have made a lot of 128MB MIPSBE and TILE devices.