int vlan add name=vlanXXX interface=bridge vlan-id=XXX
No problems here. usually problems like this are with policy routing, but policy roluting and fasttrack is mutually exclusive....Unable to open any HTTPS site, unless the fasttrack rule is disabled.
meanwhile, HTTP site is not affected, even if the fasttrack rule is enabled.
Would having MSTP option solve this issue?Please provide a method of restoring previous STP mode, whereby Router OS would exclusively transmit and process BPDUs on (R)STP bridge ports.
I understand MikroTik removing VLAN tags from STP BPDU frames when people create VLANs on bridges, as in:The change to STP was introduced just before 6.38 was released and shows no consideration for existing customers who have built networks, having become accustomed to how RouterOS's STP implementation worked up until then. The change now makes it impossible for service providers to redundantly bridge interfaces; one of the, if not most important, benefits of STP in the first place.Code: Select allint vlan add name=vlanXXX interface=bridge vlan-id=XXX
I generally understand things better with examples, perhaps the following helps others too:
You have a customer who's paying for a layer 2 services to various cities and wants each one handed off as a VLAN on their PNI (provider network interconnect). On 6.37.5 you could setup VPLS tunnels to the remote sites, on redundant routers, set each one to bridge the services to the customer's service delivery VLANs on the PNI and RSTP would automatically isolates loops. One could additionally interleave bridge priorities to balance workloads on redundant equipment (eg odd/even VLANs). This is impossible since 6.38...
The current implementation additionally simply assumes that it can transmit the STP BPDU frames on the VLAN's parent interface, so it becomes immensely unpredictable:
- - Bridging QinQ VLANs. Attach 'vlan10-vlan100' to a bridge and the STP frames are transmitted on vlan10. This is in direct contradiction to their change announcement where they indicated that STP wouldn't be tagged.
- - Bridging other interfaces. RouterOS doesn't transmit STP BPDU directly on the carrier interface when you bridge a tunnel interface such as EoIP, VPLS, etc. By this I mean that RouterOS wouldn't sporadically send STP BPDU frames on ether1 because it's carrying an EoIP tunnel. A Virtual LAN interface is supposed to be isolated from other interfaces, why would MikroTik suddenly consider it normal to transmit STP BPDU frames outside of the bridge
MikroTik should at the very least provide a method to retain their previous STP implementation, which worked well with Cisco's PVSTP (per VLAN STP). This quite simply transmitted STP BPDU frames on all bridge member ports. Yes, bridging vlan10 and then connecting the uplink port to a cheap D-Link or Netgear may cause the STP implementation on that switch to shut the port, but that's a problem with the switch or the user's implementation; not for MikroTik to have a knee jerk reaction and break something as fundamental as service provider bridging redundancy. PS: People with these switches should either simply disable STP on the uplink interface, change their topology, log a request to have switch firmware changed or get a PVSTP capable switch.
I furthermore don't see the point of having independent STP processes running for each bridge, if the STP BPDU frames are leaked to ports that aren't members of those bridges. Simply do what switch vendors have done and provide the option of how you want STP to operate (eg Netgear M4300 offers STP, RSTP, MSTP or PV(R)STP).
revert to 6.38.5(with same config) will immediately fix the problem...No problems here. usually problems like this are with policy routing, but policy roluting and fasttrack is mutually exclusive....Unable to open any HTTPS site, unless the fasttrack rule is disabled.
meanwhile, HTTP site is not affected, even if the fasttrack rule is enabled.
Same here. I saw some posts with fasttrack problems in the previous version too. I'm using a RB750Gr3.revert to 6.38.5(with same config) will immediately fix the problem...No problems here. usually problems like this are with policy routing, but policy roluting and fasttrack is mutually exclusive....Unable to open any HTTPS site, unless the fasttrack rule is disabled.
meanwhile, HTTP site is not affected, even if the fasttrack rule is enabled.
indeed I have policy routing, I don't think they are exclusive since ANY https is affected, no matter which route it goes. so my guess is something wrong with the MTU/MSS
Steps for me were to upgrade to anything past rc62. Sites became unbearably slow if the traffic flow went through the fasttrack rule. I have a VRF on my device and that traffic was not showing issues its also not picked up by the fasttrack rule. If I disable the fast track rule everything flows normally again.Marino, and other who might have the same problem potentially.
It would be great to get some steps/instructions to support@mikrotik.com how to repeat described problems.
I don't think your reply is what sergejs has been asking for. It looks like just a small number of people experience problems similar to yours, so this must be something very specific to your exact configuration, no matter how simple or generic you consider your config to be. Can you please just share you full configuration with support@ (or, even better, send your supout to them).Steps for me were to upgrade to anything past rc62...
I am having MTU issues with IPv6 on these new RC's, maybe it is the same problem. I had to disable IPv6 temporarily. Pings fail once packet size is turned up too high. I get my IPv6 through a tunnel.revert to 6.38.5(with same config) will immediately fix the problem...No problems here. usually problems like this are with policy routing, but policy roluting and fasttrack is mutually exclusive....Unable to open any HTTPS site, unless the fasttrack rule is disabled.
meanwhile, HTTP site is not affected, even if the fasttrack rule is enabled.
indeed I have policy routing, I don't think they are exclusive since ANY https is affected, no matter which route it goes. so my guess is something wrong with the MTU/MSS
I totally agree. I had MAJOR problems caused by this change until I figured out what the problem was. I was getting outages (and even complete freezes!) because the Tiks kept thinking that there was a loop where there was none. The problem was that BPDUs from two different bridges on the same physical network (one VLANed, one not) were being mixed up. At least a selectable option (strip/do not strip) would be nice to have, for those who need the tags to remain untouched.Please provide a method of restoring previous STP mode, whereby Router OS would exclusively transmit and process BPDUs on (R)STP bridge ports.
I understand MikroTik removing VLAN tags from STP BPDU frames when people create VLANs on bridges, as in:The change to STP was introduced just before 6.38 was released and shows no consideration for existing customers who have built networks, having become accustomed to how RouterOS's STP implementation worked up until then. The change now makes it impossible for service providers to redundantly bridge interfaces; one of the, if not most important, benefits of STP in the first place.Code: Select allint vlan add name=vlanXXX interface=bridge vlan-id=XXX
I generally understand things better with examples, perhaps the following helps others too:
You have a customer who's paying for a layer 2 services to various cities and wants each one handed off as a VLAN on their PNI (provider network interconnect). On 6.37.5 you could setup VPLS tunnels to the remote sites, on redundant routers, set each one to bridge the services to the customer's service delivery VLANs on the PNI and RSTP would automatically isolates loops. One could additionally interleave bridge priorities to balance workloads on redundant equipment (eg odd/even VLANs). This is impossible since 6.38...
The current implementation additionally simply assumes that it can transmit the STP BPDU frames on the VLAN's parent interface, so it becomes immensely unpredictable:
- - Bridging QinQ VLANs. Attach 'vlan10-vlan100' to a bridge and the STP frames are transmitted on vlan10. This is in direct contradiction to their change announcement where they indicated that STP wouldn't be tagged.
- - Bridging other interfaces. RouterOS doesn't transmit STP BPDU directly on the carrier interface when you bridge a tunnel interface such as EoIP, VPLS, etc. By this I mean that RouterOS wouldn't sporadically send STP BPDU frames on ether1 because it's carrying an EoIP tunnel. A Virtual LAN interface is supposed to be isolated from other interfaces, why would MikroTik suddenly consider it normal to transmit STP BPDU frames outside of the bridge
MikroTik should at the very least provide a method to retain their previous STP implementation, which worked well with Cisco's PVSTP (per VLAN STP). This quite simply transmitted STP BPDU frames on all bridge member ports. Yes, bridging vlan10 and then connecting the uplink port to a cheap D-Link or Netgear may cause the STP implementation on that switch to shut the port, but that's a problem with the switch or the user's implementation; not for MikroTik to have a knee jerk reaction and break something as fundamental as service provider bridging redundancy. PS: People with these switches should either simply disable STP on the uplink interface, change their topology, log a request to have switch firmware changed or get a PVSTP capable switch.
I furthermore don't see the point of having independent STP processes running for each bridge, if the STP BPDU frames are leaked to ports that aren't members of those bridges. Simply do what switch vendors have done and provide the option of how you want STP to operate (eg Netgear M4300 offers STP, RSTP, MSTP or PV(R)STP).
/caps-man registration-table print detail gives me empty eap-identity, only, i.e.*) capsman - added EAP identity to registration table;
eap-identity=""
I believe we share the same issue. I just didn't have the knowledge or understanding on how to explain it. Are you able to share what devices are involved to reproduce this at a very minimum and your topology?I totally agree. I had MAJOR problems caused by this change until I figured out what the problem was. I was getting outages (and even complete freezes!) because the Tiks kept thinking that there was a loop where there was none. The problem was that BPDUs from two different bridges on the same physical network (one VLANed, one not) were being mixed up. At least a selectable option (strip/do not strip) would be nice to have, for those who need the tags to remain untouched.Please provide a method of restoring previous STP mode, whereby Router OS would exclusively transmit and process BPDUs on (R)STP bridge ports.
I understand MikroTik removing VLAN tags from STP BPDU frames when people create VLANs on bridges, as in:The change to STP was introduced just before 6.38 was released and shows no consideration for existing customers who have built networks, having become accustomed to how RouterOS's STP implementation worked up until then. The change now makes it impossible for service providers to redundantly bridge interfaces; one of the, if not most important, benefits of STP in the first place.Code: Select allint vlan add name=vlanXXX interface=bridge vlan-id=XXX
I generally understand things better with examples, perhaps the following helps others too:
You have a customer who's paying for a layer 2 services to various cities and wants each one handed off as a VLAN on their PNI (provider network interconnect). On 6.37.5 you could setup VPLS tunnels to the remote sites, on redundant routers, set each one to bridge the services to the customer's service delivery VLANs on the PNI and RSTP would automatically isolates loops. One could additionally interleave bridge priorities to balance workloads on redundant equipment (eg odd/even VLANs). This is impossible since 6.38...
The current implementation additionally simply assumes that it can transmit the STP BPDU frames on the VLAN's parent interface, so it becomes immensely unpredictable:
- - Bridging QinQ VLANs. Attach 'vlan10-vlan100' to a bridge and the STP frames are transmitted on vlan10. This is in direct contradiction to their change announcement where they indicated that STP wouldn't be tagged.
- - Bridging other interfaces. RouterOS doesn't transmit STP BPDU directly on the carrier interface when you bridge a tunnel interface such as EoIP, VPLS, etc. By this I mean that RouterOS wouldn't sporadically send STP BPDU frames on ether1 because it's carrying an EoIP tunnel. A Virtual LAN interface is supposed to be isolated from other interfaces, why would MikroTik suddenly consider it normal to transmit STP BPDU frames outside of the bridge
MikroTik should at the very least provide a method to retain their previous STP implementation, which worked well with Cisco's PVSTP (per VLAN STP). This quite simply transmitted STP BPDU frames on all bridge member ports. Yes, bridging vlan10 and then connecting the uplink port to a cheap D-Link or Netgear may cause the STP implementation on that switch to shut the port, but that's a problem with the switch or the user's implementation; not for MikroTik to have a knee jerk reaction and break something as fundamental as service provider bridging redundancy. PS: People with these switches should either simply disable STP on the uplink interface, change their topology, log a request to have switch firmware changed or get a PVSTP capable switch.
I furthermore don't see the point of having independent STP processes running for each bridge, if the STP BPDU frames are leaked to ports that aren't members of those bridges. Simply do what switch vendors have done and provide the option of how you want STP to operate (eg Netgear M4300 offers STP, RSTP, MSTP or PV(R)STP).
I second this entire post - this change to how STP works is simply unacceptable as it breaks several different deployments we have in place where we NEED to rely on RouterOS to transmit correctly tagged BPDUs for interoperability with Cisco (and other PVST capable) gear.Please provide a method of restoring previous STP mode, whereby Router OS would exclusively transmit and process BPDUs on (R)STP bridge ports.
The easiest way is to follow the part above the table and use Winbox.Please can you point me to the download link of 6.39rc76 (2017-Apr-21 07:24)?
on the official download page I can only see 6.39rc72 (Release candidate)
/ip ipsec mode-config
set request-only name=request-only
add address-pool=ipsec-pool address-prefix-length=24 name=cfg_priv split-include=0.0.0.0/0,<local subnet> system-dns=\
yes
/ip ipsec policy group
set default name=default
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc \
lifetime=1h name=default pfs-group=modp2048
/ip ipsec peer
add address=0.0.0.0/0 auth-method=rsa-signature certificate=<cert name>_0 comment=IKEv2 dh-group=\
modp4096 disabled=no dpd-interval=2m enc-algorithm=aes-256 exchange-mode=ike2 generate-policy=port-strict \
hash-algorithm=sha512 lifetime=1d local-address=<public IP> mode-config=cfg_priv my-id=fqdn:<public URL> \
passive=yes policy-template-group=default send-initial-contact=no
/ip ipsec policy
set 0 disabled=no dst-address=0.0.0.0/0 group=default proposal=default protocol=all src-address=0.0.0.0/0 template=\
yes
/ip ipsec user settings
set xauth-use-radius=no
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
Sorry I cannot install the rc76 at the moment. I'm back at rc58, which works fine.Everyone who is experiencing issues with FastTrack please write to support@mikrotik.com. Mention version from which it stopped to work properly and send supout file which is generated at the moment when FastTrack is not working as suspected.
We have tried to test different configurations with FastTrack, but unfortunately have not been able to reproduce this problem. There must be something specific triggering this and supout files might help to find out what it is.
12:59:22 ipsec receive Information.
12:59:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
12:59:22 ipsec sendto Information notify.
12:59:22 ipsec sendto Information notify.
12:59:22 ipsec receive Information.
12:59:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
12:59:42 ipsec receive Information.
12:59:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
12:59:42 ipsec sendto Information notify.
12:59:42 ipsec sendto Information notify.
12:59:42 ipsec receive Information.
12:59:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:00:02 ipsec receive Information.
13:00:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:00:02 ipsec sendto Information notify.
13:00:02 ipsec sendto Information notify.
13:00:02 ipsec receive Information.
13:00:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:00:22 ipsec receive Information.
13:00:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:00:22 ipsec sendto Information notify.
13:00:22 ipsec sendto Information notify.
13:00:22 ipsec receive Information.
13:00:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:00:42 ipsec receive Information.
13:00:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:00:42 ipsec sendto Information notify.
13:00:42 ipsec sendto Information notify.
13:00:42 ipsec receive Information.
13:00:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:01:02 ipsec receive Information.
13:01:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:01:02 ipsec sendto Information notify.
13:01:02 ipsec sendto Information notify.
13:01:02 ipsec receive Information.
13:01:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:01:22 ipsec receive Information.
13:01:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:01:22 ipsec sendto Information notify.
13:01:22 ipsec sendto Information notify.
13:01:22 ipsec receive Information.
13:01:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:01:42 ipsec receive Information.
13:01:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:01:42 ipsec sendto Information notify.
13:01:42 ipsec sendto Information notify.
13:01:42 ipsec receive Information.
13:01:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:02:02 ipsec receive Information.
13:02:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:02:02 ipsec sendto Information notify.
13:02:02 ipsec sendto Information notify.
13:02:02 ipsec receive Information.
13:02:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:02:22 ipsec receive Information.
13:02:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:02:22 ipsec sendto Information notify.
13:02:22 ipsec sendto Information notify.
13:02:22 ipsec receive Information.
13:02:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:02:42 ipsec receive Information.
13:02:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:02:42 ipsec sendto Information notify.
13:02:42 ipsec sendto Information notify.
13:02:42 ipsec receive Information.
13:02:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:03:02 ipsec receive Information.
13:03:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:03:02 ipsec sendto Information notify.
13:03:02 ipsec sendto Information notify.
13:03:03 ipsec receive Information.
13:03:03 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
13:03:22 ipsec receive Information.
13:03:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE
13:03:22 ipsec sendto Information notify.
13:03:23 ipsec sendto Information notify.
13:03:23 ipsec receive Information.
13:03:23 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK
Unfortunately Mikrotik is just ignoring this issue and sticks with 16 years old RSTP standard ...Would having MSTP option solve this issue?
Just disable RSTP ... and STP ...So again with RSTP on a VLAN that is attached to a Bridge, it is going to send out the BPDU packets to the interface, regardless of VLAN, right?
Isn't that how RSTP works on most switches?
Unless MSTP or PVSTP is implemented, this is now normal operation mode which is 'normal' to switches operating in RSTP as well, right?
Just tring to figure out how things are supposed to operate with RSTP in 6.39 going forward.
I have VPLS endpoints bridged with interfaces connected to the same switch banks for redundancy.
So what is the 'norm' for setup on Mikrotik in this scenario where I'm expecting the VPLS endpoints to behave if connection/traffic gets separated from one of the connections to the switch?
Is there something I should be setting with RSTP or the VPLS interfaces connected to the same switch bank?
eap-identity=""
Very nice to see that you actually listen to us!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour; (v6.40 will have another separate VLAN-aware bridge implementation);
They do, indeed. But your wording has to be crystal clear for this to happen.Very nice to see that you actually listen to us
We have released 6.39rc80. It should be one of the latest rc releases before going to 6.39.
Changelog:
What's new in 6.39rc80 (2017-Apr-25 09:23):
!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour; (v6.40 will have another separate VLAN-aware bridge implementation);
/interface bridge print
1 R name="local" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto
mac-address=XX:XX:XX:XX:XX:XX protocol-mode=rstp fast-forward=no priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6
ageing-time=5m
That's described in the full changelog:What about fast-forward feature in bridge?
What's new in 6.39rc80 (2017-Apr-25 09:23):
!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour; (v6.40 will have another separate VLAN-aware bridge implementation);
"/caps-man registration-table print detail" still gives me empty eap-identity, i.e. only:6.39rc80 (2017-Apr-25 09:23):
eap-identity=""
This fix will go only in v6.40rc as v6.39rc is going for final testing for v6.39 release."/caps-man registration-table print detail" still gives me empty eap-identity, i.e. only:6.39rc80 (2017-Apr-25 09:23):eap-identity=""
I agree. I've been requesting the MSTP since my presentation from 2009. (https://mum.mikrotik.com//presentations ... -final.pdf)Please provide a method of restoring previous STP mode, whereby Router OS would exclusively transmit and process BPDUs on (R)STP bridge ports.
I furthermore don't see the point of having independent STP processes running for each bridge, if the STP BPDU frames are leaked to ports that aren't members of those bridges. Simply do what switch vendors have done and provide the option of how you want STP to operate (eg Netgear M4300 offers STP, RSTP, MSTP or PV(R)STP).
Then we'll have ISIS..I agree. I've been requesting the MSTP since my presentation from 2009. (https://mum.mikrotik.com//presentations ... -final.pdf)Please provide a method of restoring previous STP mode, whereby Router OS would exclusively transmit and process BPDUs on (R)STP bridge ports.
I furthermore don't see the point of having independent STP processes running for each bridge, if the STP BPDU frames are leaked to ports that aren't members of those bridges. Simply do what switch vendors have done and provide the option of how you want STP to operate (eg Netgear M4300 offers STP, RSTP, MSTP or PV(R)STP).
In MUM three years ago, I was told that MT was working on this.
I hope that this will be added in 6.40, it's very much needed. Best would of course be a SPB (802.1aq) support
Update: I just received reports from my colleagues that user complain about massive disconnection and authentication problems => Back to <6.39RC70Any one else getting WiFi poor performance, high latency, low Sinal quality, or even disconnecting offen, using capsman?
I started to notice this behavior since >rc70
Great release, thanks.We have released 6.39rc80. It should be one of the latest rc releases before going to 6.39.
Changelog:
What's new in 6.39rc80 (2017-Apr-25 09:23):
!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour; (v6.40 will have another separate VLAN-aware bridge implementation);
Can you give some tips?Starting from ~6.39rc60 CAPSMAN + all of my access point are running actually very well. No more complaints about slow connections or disconnectins and yes there were many of them daily only some weeks ago... For me 6.39rc releases are a big improvement over 6.38.5.Any one else getting WiFi poor performance, high latency, low Sinal quality, or even disconnecting offen, using capsman?
I started to notice this behavior since >rc70
I have to apologize. I just received reports from my colleagues that user complain about massive disconnection and authentication problems => Back to something <6.39RC70Can you give some tips?
You are using witch device?
You are using virtual ap to?
I think I am using it on a wrong way
Please tell us more detailed what exactly is not stable with the CAPsMAN? Could you contact support@mikrotik.com about this issue?I have to apologize. I just received reports from my colleagues that user complain about massive disconnection and authentication problems => Back to something <6.39RC70Can you give some tips?
You are using witch device?
You are using virtual ap to?
I think I am using it on a wrong way
What was the latest release for you being stable?
Are you having a 4-way handshake occasional errors?I had this problems initially, but it got fixed after flashing 6.39rc7x version, but still i can see this error pop out here and there, i did send all info to support but didint get much usefull answer, and as it mostly works fine i didint want to "touch" anything anymore.Update: I just received reports from my colleagues that user complain about massive disconnection and authentication problems => Back to <6.39RC70Any one else getting WiFi poor performance, high latency, low Sinal quality, or even disconnecting offen, using capsman?
I started to notice this behavior since >rc70
"169.254.169.254 is used in Amazon EC2 and other cloud computing platforms to distribute metadata to cloud instances."CHR is still emitting TCP(Syn) packets to 169.254.169.254:80
I not sure, since when I stated notice thatI have to apologize. I just received reports from my colleagues that user complain about massive disconnection and authentication problems => Back to something <6.39RC70Can you give some tips?
You are using witch device?
You are using virtual ap to?
I think I am using it on a wrong way
What was the latest release for you being stable?
=> 2017042722000941Please tell us more detailed what exactly is not stable with the CAPsMAN? Could you contact support@mikrotik.com about this issue?
=> Indeed I had handshake infos in the past. But I cannot find anything more in current logging dataAre you having a 4-way handshake occasional errors?I had this problems initially, but it got fixed after flashing 6.39rc7x version, but still i can see this error pop out here and there, i did send all info to support but didint get much usefull answer, and as it mostly works fine i didint want to "touch" anything anymore.
169.254.0.0/16 is for 'link local' IPv4 addresses (RFC 3927, Windows calls this "APIPA", Automatic Private IP Addressing and uses it if it can't get an IP from a DHCP server)."169.254.169.254 is used in Amazon EC2 and other cloud computing platforms to distribute metadata to cloud instances."CHR is still emitting TCP(Syn) packets to 169.254.169.254:80
http://docs.aws.amazon.com/AWSEC2/lates ... adata.html