Page 1 of 1

v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 2:55 pm
by emils
RouterOS version 7.1rc4 has been released in public "development" channel!

What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 3:02 pm
by mafiosa
Any specific improvements to MPLS or BGP?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 3:03 pm
by Tremor021
Changelog couldn't be more vague even if you tried...

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 3:06 pm
by Unintentional
Installed and running okay on RB2011 - would love some detail on the improvements to test.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 3:09 pm
by biomesh
My chr test system can no longer start the container that worked on rc3. No debug log output at all.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 3:25 pm
by mhugo

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:12 pm
by elter
Upgraded to 7.1rc4, IPSec hardware acceleration for aes-256 gcm is still not working on x86_64 CHR and worked just fine with the same config on 6.48.4, same virtualization environment.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:15 pm
by SiB
no changelog in
Image

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:26 pm
by CTassisF
How to explore and get files from container mounts now that they are stored as "container store" and not as directories/files as before?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:30 pm
by krisjanisj
How to explore and get files from container mounts now that they are stored as "container store" and not as directories/files as before?
Fastest and easiest way is via FTP.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:33 pm
by SiB
ReSize of terminal destroy MikroTik logo/code/output
Still slow paste of code.
5auw8OkqA2.gif

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:37 pm
by biomesh
Removing and re-adding the veth interface and container allowed it to start again. Containers should be able to start properly after an OS upgrade.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:40 pm
by holvoetn
*) other fixes and improvements;
mAPLite (7.1rc3 downgraded to rc2, now upgraded to rc4):
- LEDs functioning normal again
- No more need to toggle Wireguard peer status to have it kick in gear after startup (will have to verify on mAP 2nD and Hex when I am home but I assume it will be the same there)

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:45 pm
by dksoft
Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:
/interface vlan
add interface=ether1 name=FTTH vlan-id=7
    
/interface pppoe-client
add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de

/ipv6 dhcp-client
add interface=TELEKOM pool-name=GUA-pool6 request=prefix use-peer-dns=no

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:48 pm
by dksoft
Export creates code, that import can not read (starting with 7.1rc3):

Export:
/ip dhcp-client
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\
Import:
[admin@router] > import file-name=export.rsc verbose=yes
#line 1
/ip dhcp-client
#line 2
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\
expected end of command (line 1 column 75)
[admin@router] > 

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:49 pm
by mikegleasonjr
Still not able to specify the direction (ingress/egress) for the Cake queue. Defaults to egress. So every Cake queue we create, however it is used as (ingress/egress), its internal algorithm thinks it is used as egress...

EDIT: grammar

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:51 pm
by anav
I am not playing the c3,c4 game but if I was, I would not be upgrading based on the improvement or changes which are frugal to almost none.
So for all the people complaining it still doesnt do X and Y, why do you ? They didnt state it was fixed?

Something needs to change, and that clearly is a detailed list of actual changes to existing functionality.
I can understand not noting clean up code or spelling fixes, stuff either to benign or not visible to the users.........
In that way people can make rational decisions on whether or not to try the next c upgrade.
Am I missing some logic here?

Even better communication, and a standard that needs to be reached is the following.

RC -X REPORT
ISSUES/FUNCTIONALITY FIXED
ISSUES/FUNCTIONALLY IMPROVED
ISSUES UNDER WORK FOR NEXT C release
ISSUES TO BE FIXED BEFORE FINAL RELEASE
ISSUES FOR IMPLEMENTATION AFTER FINAL RELEASE
ISSUES WILL NOT BE ADDRESSED IN SHORT OR LONG TERM ( without serious cash donations ;-) )

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 4:52 pm
by jookraw
Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:
/interface vlan
add interface=ether1 name=FTTH vlan-id=7
    
/interface pppoe-client
add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de

/ipv6 dhcp-client
add interface=TELEKOM pool-name=GUA-pool6 request=prefix use-peer-dns=no
Have you tried to attach the vlan interface to the bridge and use the vlan filtering to allow only this vlan on that particular port?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:00 pm
by mikegleasonjr
So for all the people complaining it still doesnt do X and Y, why do you ? They didnt state it was fixed?

I've seen the opposite quite often.. "hey this quite major thing is fixed, but it wasn't in the changelog"!

The LEDs now working as the user said above, is another example that wasn't in the changelogs.

So I now shoot everything to the wall and see what sticks.

I am a software engineer and I don't approve of Mikrotik practices regarding the software cycle, but they make good hardware. It would benefit them first, having a good change log.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:01 pm
by msatter
On RC7 my IKEv2 connection to my VPN providers keeps working and it look that I can stay for a while on v7 now.

On two routes a automatic ECMP is created while that is not intention and finding the off switch for that is unknown to me. It seems that everything a /24 range is seen as so.

Scripting is still tricky because some parts are not working as before and checking a syntax by pasting into Terminal is taking AGES. For the rest I am a happy bunny and Unbound say hi also an no more pull-overs knitted till now.

Update: still running and smoother than before. On the PPPoE not able to use MTU 1500, I switch all MTU fields in PPPoE off and it now connects at 1492. That is better than the 1480 I got before on v7.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:10 pm
by nz_monkey
*) other fixes and improvements;
I thought the days of "fixed some stuff" were long behind Mikrotik :(

Not knowing _exactly_ what has changed wastes a lot of customers time testing to try and discover what the Mikrotik dev's have changed.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:12 pm
by mfrey
After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.

After downgrade to rc3 DoH works as expected again.

IPv6 connection tracking with simple queue (cake and pcq) and queue tree is also still broken.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:23 pm
by mikegleasonjr
After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.

After downgrade to rc3 DoH works as expected again.
Same here

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:24 pm
by eworm
After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.
I've seen this myself. Works again after importing the new intermediate certificate "DigiCert TLS Hybrid ECC SHA384 2020 CA1". No idea what changed to cause this.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:29 pm
by erkexzcx
Out of curiosity - when does the Mikrotik is planning to release v7 as stable?

This is great that you are working on new features, but isn't it better to completely stop for now, focus on bug-fixes only and finally release v7 as stable?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:32 pm
by davestahr
I only upgraded to 7.1rc3 and now rc4 as my first testing of the platform. hEX S PoE out when set to auto-detect doesn't work on either of those. When set to forced on, it works. Unit behind that port is a Ubiquiti CPE of some kind. Sorry don't know the exact model, it's up on a pole and installed by my WISP. Used to work fine throughout 6.x. Other PoE internally seems to be fine, but that's all Mikrotik gear powering other Mikrotik gear.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 5:34 pm
by mikegleasonjr
After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.
I've seen this myself. Works again after importing the new intermediate certificate "DigiCert TLS Hybrid ECC SHA384 2020 CA1". No idea what changed to cause this.

/tool fetch url=https://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
/certificate import file-name=DigiCertTLSHybridECCSHA3842020CA1-1.crt passphrase=""

see https://www.digicert.com/kb/digicert-ro ... icates.htm

Thanks, worked for me after that...

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 6:03 pm
by ivicask
Export creates code, that import can not read (starting with 7.1rc3):

Export:
/ip dhcp-client
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\
Import:
[admin@router] > import file-name=export.rsc verbose=yes
#line 1
/ip dhcp-client
#line 2
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\
expected end of command (line 1 column 75)
[admin@router] > 
Can confirm issue still exists, exported code doesn't import back.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 6:13 pm
by mkx
Still slow paste of code.

Emulation of tty at 2400 baud?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 6:29 pm
by w0lt
*) other fixes and improvements;
I thought the days of "fixed some stuff" were long behind Mikrotik :(

Not knowing _exactly_ what has changed wastes a lot of customers time testing to try and discover what the Mikrotik dev's have changed.
My sentiments exactly !! 👍😤

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 6:38 pm
by rextended
export not work

routing-mark=*4000 instead of mytable
/routing table
add disabled=no name=mytable

/ip firewall nat
add action=log chain=srcnat routing-mark=*4000

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 6:50 pm
by paintballer4lfe
export not work

routing-mark=*4000 instead of mytable
/routing table
add disabled=no name=mytable

/ip firewall nat
add action=log chain=srcnat routing-mark=*4000
What's the routing mark it uses? I genuinely can't read that small of font size.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 6:54 pm
by dksoft
Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:
Have you tried to attach the vlan interface to the bridge and use the vlan filtering to allow only this vlan on that particular port?
Yes, same result. As it works on CCR2004-1G-12X-2XS and RB4011, it might be something with the new switch chip. I don't know.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 6:56 pm
by infabo
*) other fixes and improvements;
When you look at any v7 changelog, this is always the last line. v7 is actually the development-branch and they do not want to name/reflect each change in the changelog. They could for example create a changelog out of their for example VCS commits (if using a version control) and just provide us that auto-generated list of commit-messages. But there is either a barrier like maybe they write commit-messages not in english - so it would be not useful for most of us - or there is a management-barrier that denies doing so. We won't ever know.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 7:19 pm
by osc86
@dksoft, have you set use-ipv6=yes in your pppoe profile?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 7:46 pm
by elbob2002
Date and timestamp issue with netflow has been fixed!

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 8:10 pm
by Easen
The configuration no longer disappears when my RB4011 is rebooted. :-D

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 8:13 pm
by Easen
This has been broken for a while. Have you raised a support ticket? I raised one a few weeks ago, perhaps if you raise one it might bump it up the priority queue.
export not work

routing-mark=*4000 instead of mytable
/routing table
add disabled=no name=mytable

/ip firewall nat
add action=log chain=srcnat routing-mark=*4000
What's the routing mark it uses? I genuinely can't read that small of font size.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 8:25 pm
by dksoft
@dksoft, have you set use-ipv6=yes in your pppoe profile?
Yes. The configuration works if you remove the VLAN tag and tag outside, e.g. with a switch between RB5009 and modem.
The root of the problem is VLAN on RB5009.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 8:43 pm
by svmk
The configuration disappeared after upgrading my RB450Gx4 from RC3 to RC4 -. It's great that I made a backup :)
cAP ac (Caps-man mode) as well as RB750Gr3 and hAPac2 did not lose configuration

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 8:48 pm
by nescafe2002
svmk, the config disappearing problem has been fixed - this was probably the last time :)

Try restoring the config on rc4 and rebooting - should work properly now.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 8:59 pm
by holvoetn
*) other fixes and improvements;
mAPLite (7.1rc3 downgraded to rc2, now upgraded to rc4):
- LEDs functioning normal again
- No more need to toggle Wireguard peer status to have it kick in gear after startup (will have to verify on mAP 2nD and Hex when I am home but I assume it will be the same there)
Re: WG interface - strike that remark. Still not working on Map (tested 3 times, waited up to 15 minutes each) and Map Lite also did not come up on itself after reboot when coming home (10 minute wait).
I need to disable the peer on mAP (Lite) side, wait a bit and then enable the peer again (on mAP I have a script on button which does disable, waits 5 sec, enable). And THEN it comes up nicely (I have a simple netwatch with Hex IP and toggle of CAP/AC led as visible indicator so I can see it from the other side of the room). Once it's up, it's going for days.
I did not touch the Hex which acts as central point for my Wireguard testing.
Not a biggy for now (and something which can easily be fixed with a simple script, I'll take it as a learning opportunity :lol: ).
I do realize it's not finished yet and might need a bit more polishing to get these quirks ironed out but these interfaces need to start on their own. Don't they ?

One thing I also tried is completely removing the Wireguard settings on mAP and setting it up again. No difference.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 9:02 pm
by mafiosa
After upgrade my bgp broke. Now my routes are not being announced to peers.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 9:13 pm
by fragtion
After upgrade my bgp broke. Now my routes are not being announced to peers.
I had the same problem. What seems to have fixed it for me was disabling all BGP address-lists and re-enabling them.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 9:29 pm
by infabo
Chateau LTE12: 7.1rc3 - > 7.1.rc4. Update ok. No issues so far.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 9:36 pm
by mafiosa
After upgrade my bgp broke. Now my routes are not being announced to peers.
I had the same problem. What seems to have fixed it for me was disabling all BGP address-lists and re-enabling them.
Thanks for the tip it worked.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 10:13 pm
by mducharme
IPv6 firewall nat has action=netmap available now, although not yet in winbox.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 10:27 pm
by ofca
MTU >1500 on RB4011 SFP+ port still not fixed.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 10:28 pm
by mjraiha
QuickSet & WebFig modes get mixed up on Web GUI when logging in:
Screenshot 2021-09-20 at 22.16.14.png
LTE transaction error I have already reported to support with supout.rif file.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 10:38 pm
by msatter
MTU >1500 on RB4011 SFP+ port still not fixed.
I have a higher MTU on the SFP, PPPoE won't go further than 1492.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 10:47 pm
by ofca
MTU >1500 on RB4011 SFP+ port still not fixed.
I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Even 1501 byte pings do not pass through. Is this working on your side?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 11:09 pm
by Grant
Hello,
hap ac2, low speed when the fasttrack rule is off and high speed if the fasttrack rule is on
Image
Image

as if the shaper turns on

on version 6 this was not

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 11:10 pm
by fragtion
My chr test system can no longer start the container that worked on rc3. No debug log output at all.
One of my chr also completely failed update from rc3 to rc4... it rebooted to blank screen and halted. I'd strongly recommend anyone using chr to create backup and/or snapshot before updating to rc4, until this can be confirmed ..

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 20, 2021 11:20 pm
by afink
Any specific improvements to MPLS or BGP?
Creating BGP4 peers in the web guis now works for the field local-AS. it shows something like 1234/0
the field for remote-AS however is not working. you can enter 1234/1234 but not just 1234.

Given nobody has a clue what /... means for an AS number this is rather weird.

So BGP4 is still 100% unusable under 7.1rc4... *sight*

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 12:07 am
by msatter
I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Even 1501 byte pings do not pass through. Is this working on your side?
I did not manage to get any pings through the SFP or through the VLAN in front of it.

The packetsize (not fragemented) I can send is 1492 and added is 8 for PPPoE and 4 for VLAN so I am then on 1502

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 1:09 am
by Sit75
Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:
/interface vlan
add interface=ether1 name=FTTH vlan-id=7
    
/interface pppoe-client
add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de

/ipv6 dhcp-client
add interface=TELEKOM pool-name=GUA-pool6 request=prefix use-peer-dns=no
I have had the same issue on hAP ac^2. Due to I have raised ticket and there was good news today - people from Mikrotik were able to reproduce it and fix should be available in RC5.

In addition, I am using MTU = 1500, so PPPoE +8.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 1:56 am
by SiB
Sit75 write:
I have had the same issue on hAP ac^2. Due to I have raised ticket and there was good news today - people from Mikrotik were able to reproduce it and fix should be available in RC5.
In addition, I am using MTU = 1500, so PPPoE +8.
You read post #35 from osc86? :
have you set use-ipv6=yes in your pppoe profile?

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 3:58 am
by Jotne
In older v7 version and for 6.x version, this command
:if ([/system routerboard get routerboard]) do={
gives no on CHR router OS, so that part will not run.

In 7.1 rc4 (not sure when it start to fail) this command fails and just give an error and hence my script does not work on latest RouterOS RC.

I can change it to some
:if ([/system resource get board-name]!="CHR") do={
but what other version should I test for?

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 8:05 am
by nokipa
PIM SM
what's that ?

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 8:47 am
by deadkat
...
hap ac2, low speed when the fasttrack rule is off and high speed if the fasttrack rule is on
...
on version 6 this was not
FastTrack enabled means firewall, queues, etc don't apply to your traffic. this is not a bug. its how ROS works.
https://help.mikrotik.com/docs/display/ ... -FastTrack

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 9:01 am
by elbob2002

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 10:04 am
by Kipk
Updated my HAP AC2 fro rc3: it seems like bug with missing parts of configuration after reboot sucessfully fixed

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 10:14 am
by afink
Any specific improvements to MPLS or BGP?
Creating BGP4 peers in the web guis now works for the field local-AS. it shows something like 1234/0
the field for remote-AS however is not working. you can enter 1234/1234 but not just 1234.

Given nobody has a clue what /... means for an AS number this is rather weird.

So BGP4 is still 100% unusable under 7.1rc4... *sight*
for some reason this issue went away by itself. Maybe GUI code in cache or something like this. I'm really puzzled.
Now I upgraded one of my BGP edge routers to 7.1rc4 and hell broke loose. Route filters are gone. totally different to configure and impossible complex to do even the simplest things. This is really a huge step back in RouterOS despite a lot of improvements in OSPF and general routing (routing IPv6 on VLANs finally works...!)

A BGP4 routing filter I'm struggling with to convert from Release 6 to Release 7:
/routing filter>
add action=accept bgp-as-path="^\$" chain=MY_NETWORKS set-bgp-prepend=2
add action=accept bgp-as-path="^(_1234)+\$" chain=MY_NETWORKS
add action=accept bgp-as-path="^(_5678)+\$" chain=MY_NETWORKS
add action=accept bgp-as-path="^(_9102)+\$" chain=MY_NETWORKS
add action=accept bgp-as-path="^(_3456)+\$" chain=MY_NETWORKS
add action=reject bgp-as-path=.* chain=MY_NETWORKS
It basically includes all networks (AS1234,5678,9102,3456) which are transiting through me and it prepends my own AS 2 times.
The prepend is not so important right now so I skipped it for later. But only announcing my own and my customer's route to my peers is vital. If I send them a full routing table, they will kill the connection (route limit reached) or I will get lots of unwanted, unpaid traffic.

Due to the fact that the upgrade process does not convert route filters automatically, I have to convert it by hand. Well we are still in alpha release where not all features are complete so this is not so unexpected. However the new way of defining filters is twisting my head.

When converting this by hand into Release 7, I get into quoting / escaping hell.

The closest I got is this:
/routing filter rule
add chain= MY_NETWORKS rule="if(bgp-as-path ^\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 1234+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 5678+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 9102+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 3456+\$ ) {accept}"
However when trying to use a regular expression containing _ or ( or ), you get syntax errors in masses.
If you use _ you end up with a real space in the config doing nothing.
If you use ^ you need to put \\\ in front
If you use ) it closes the "if" instead of being part of the expression etc etc.

If anyone has a clue on how to encode this correctly, let me know....
As above the rule let pass AS991234 as well which it shouldn't. So the whitespace in front of the number is important.

For non Regex experts:

_1234+$ means 1234 at the end of the string must be present preceded by a whitespace (or the start of the string).
1234+$ only means any string ending with 1234. So this also matches 991234, 11234 etc.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 10:21 am
by anthonws
Date and timestamp issue with netflow has been fixed!
Finally! I stopped bothering and did not check. I will do it now :)

Update: I can confirm it is indeed fixed! I've spent so many hours tshooting this, thinking the issue was with my Kibana or logstash that I can no longer count them... Eventually I pinpointed it to ROS update.
I collected all of the evidences pointing out that it was indeed a ROS issue. I've opened a support case with Mikrotik and sent all of the detailed info. Many weeks later I got an answer that they could not repro.
Funny that something that was not possible to repro was fixed...
So, not only it is not part of the change log, as no one actually cares about customer reporting bugs with detailed info. Not happy...

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 11:08 am
by jookraw


I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Even 1501 byte pings do not pass through. Is this working on your side?
Strange, I have PPPoE(MTU 1540) over a VLAN(MTU 1600) on a bridge(MTU 6000) and have no MTU issues...
[@RB4011] > interface print 
Flags: X, R - RUNNING; S - SLAVE
Columns: NAME, TYPE, ACTUAL-MTU, L2MTU, MAX-L2MTU, MAC-ADDRESS
 #    NAME          TYPE       ACTUAL-MTU  L2MTU  MAX-L2MTU  MAC-ADDRESS      
 0 RS 10g-sfp+1     ether            6000   6200       9586  XX:XX:XX:XX:XX:xx
...
13 R  Home_vlan     vlan             4088   6196             XX:XX:XX:XX:XX:xx
...
15 R  PPPoEv4       pppoe-out        1540                                     
16 R  PPPoEv6       pppoe-out        1540                                     
...
18 R  WAN_vlan      vlan             1600   6196             XX:XX:XX:XX:XX:xx
19 R  bridge        bridge           6000   6200             XX:XX:XX:XX:XX:xx
...

[@RB4011] > interface vlan export

/interface vlan
add interface=bridge mtu=4088 name=Home_vlan vlan-id=88
add interface=bridge mtu=1600 name=WAN_vlan vlan-id=35
[@RB4011] > interface bridge export

/interface bridge
add name=bridge priority=0x4000
/interface bridge port
add bridge=bridge ingress-filtering=no interface=10g-sfp+1

[@RB4011] > interface pppoe-client export 
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN_vlan name=PPPoEv4 user=blablabla
add disabled=no interface=WAN_vlan name=PPPoEv6 user=blablabla/ipv6

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 11:14 am
by afink


I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Even 1501 byte pings do not pass through. Is this working on your side?

larger MTUs in 7.1rc4 work for me. I'm not using PPPoE but bridges & vlans & ipsec tunnels over it. And OSPF also dislikes MTU mismatches.
So getting your MTU's right is vital.

If you have VLAN's on a bridge, make sure your physical interface has a large enough MTU and the Bridge is configured for a MTU size large enough.
If only one physical interface added to a bridge has a smaller MTU, the whole bridge inherits this smaller MTU and thus your VLAN interface inherits it too.

The WebGUI usually shows the current MTU and does not let you set a bigger value if the underlying infrastructure has smaller ones.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 11:16 am
by vaka

I had the same problem. What seems to have fixed it for me was disabling all BGP address-lists and re-enabling them.
Thanks for the tip it worked.
and how and where do you describe BGP address-lists?

I have described the address list in the firewall
/ip firewall address-list
add address=172.16.10.0/24 list=AS65172
add address=172.16.11.0/24 list=AS65172
created routing filter
/routing filter rule
add chain=bgp_AS65172_out rule="if(dst in AS65172) {accept} else {reject}"
and added it as output filter to AS65172 connection
/routing bgp connection
add as=65172 connect=yes disabled=no input.filter=bgp_AS65172_in listen=yes local.role=ibgp name=AS65172 \
output.filter-chain=bgp_AS65172_out .redistribute=connected,static remote.address=xx.xx.xx.xx .as=65172 \
router-id=yy.yy.yy.yy routing-table=main
but It does not advertised to the neigbor

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 11:17 am
by Manfred
Updated a RB2011 and a Chateau LTE12 from rc3 to rc4.
Problem with OVPN - Server on both boards:
If the "Require Client Certificate" in the Server settings is checked,
no tunnel can be established.
Logging on Server side shows TLS-error !
After unchecking, tunnels are established as excpected.

So I downgraded to rc3 and everything ( even with activated "Require Client Certificate" ) went back to normal !

Anybody else observed this problem ?

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 1:07 pm
by Sit75
Sit75 write:
I have had the same issue on hAP ac^2. Due to I have raised ticket and there was good news today - people from Mikrotik were able to reproduce it and fix should be available in RC5.
In addition, I am using MTU = 1500, so PPPoE +8.
You read post #35 from osc86? :
have you set use-ipv6=yes in your pppoe profile?
Sure, flag IPv6 is "Yes" in assigned profile.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 2:01 pm
by doubleluck
Still showing wrong voltage 0,5v and temperature doesn't presents on rb750gr3

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 2:43 pm
by nokipa

Thanks for the tip it worked.
and how and where do you describe BGP address-lists?

I have described the address list in the firewall
/ip firewall address-list
add address=172.16.10.0/24 list=AS65172
add address=172.16.11.0/24 list=AS65172
created routing filter
/routing filter rule
add chain=bgp_AS65172_out rule="if(dst in AS65172) {accept} else {reject}"
and added it as output filter to AS65172 connection
/routing bgp connection
add as=65172 connect=yes disabled=no input.filter=bgp_AS65172_in listen=yes local.role=ibgp name=AS65172 \
output.filter-chain=bgp_AS65172_out .redistribute=connected,static remote.address=xx.xx.xx.xx .as=65172 \
router-id=yy.yy.yy.yy routing-table=main
but It does not advertised to the neigbor
Try disable enable your filter rule, it works for me

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 2:47 pm
by msatter
Crossfig converted my Mangle route rules wrong.

In the converted rule, the target IP was changed to the gateway IP of the target router. The target router was asking himself where the traffic then should be directed.

This was traffic incoming from the outside.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 2:52 pm
by fragtion

Thanks for the tip it worked.
and how and where do you describe BGP address-lists?

I have described the address list in the firewall
/ip firewall address-list
add address=172.16.10.0/24 list=AS65172
add address=172.16.11.0/24 list=AS65172
created routing filter
/routing filter rule
add chain=bgp_AS65172_out rule="if(dst in AS65172) {accept} else {reject}"
and added it as output filter to AS65172 connection
/routing bgp connection
add as=65172 connect=yes disabled=no input.filter=bgp_AS65172_in listen=yes local.role=ibgp name=AS65172 \
output.filter-chain=bgp_AS65172_out .redistribute=connected,static remote.address=xx.xx.xx.xx .as=65172 \
router-id=yy.yy.yy.yy routing-table=main
but It does not advertised to the neigbor
You need to set "output.network=AS65172" for your bgp Connection instance. That's where you tell it to advertise the prefixes in the address list now

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 2:55 pm
by anthonws
SUP-61109 - Still cannot update RB2011 past 7.1 beta 6...

Thanks,
anthonws.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 3:58 pm
by vaka
Try disable enable your filter rule, it works for me
I removed whole bgp-related config and paste it again. And it works now. A kind of mystery...

You need to set "output.network=AS65172" for your bgp Connection instance. That's where you tell it to advertise the prefixes in the address list now
No, this is not necessary.

Thank you guys!

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 4:31 pm
by nokipa
hello,

please don't forget about logging system on the next rc, since to few to see on v7 (i've been wondering why ospf state stays on exchange to long :lol: :lol: no error about MTU missmatch, we use to have this kind of error :lol: )

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 5:41 pm
by dmfr
Export creates code, that import can not read (starting with 7.1rc3):
Unfortunately true.
However,
/export show-sensitive terse
produces export code that can be imported successfully, for a full config restore.

On the bright side, such export now works with :
/system/reset-configuration keep-users=yes no-defaults=yes skip-backup=yes run-after-reset=myexport.rsc
with no need to insert a ":delay xx" on first statement, even with RB4011iGS+5HacQ2HnD.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 6:24 pm
by dksoft
Export creates code, that import can not read (starting with 7.1rc3):
Unfortunately true.
However,
/export show-sensitive terse
produces export code that can be imported successfully, for a full config restore.
I can not confirm that. If there is a script in the command, as in my example above, it still fails.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 6:30 pm
by vmarcelino
RouterOS version 7.1rc4 has been released in public "development" channel!

What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree
My router comes back unconfigured after upgrading from version 7.1rc3 to 7.1rc4.
When trying to restore a backup of version 7.1rc3 or any version 6.x over 7.1rc4 software the hardware restarts, after boot the router remains unconfigured.
It was necessary to reconfigure the router.
I hope to have alerted new testers!

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 6:57 pm
by mafiosa
My router comes back unconfigured after upgrading from version 7.1rc3 to 7.1rc4.
When trying to restore a backup of version 7.1rc3 or any version 6.x over 7.1rc4 software the hardware restarts, after boot the router remains unconfigured.
It was necessary to reconfigure the router.
I hope to have alerted new testers!
Mine went fine from RC3 to RC4 on both RB3011 and HAP AC^2

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 7:02 pm
by Grant
...
hap ac2, low speed when the fasttrack rule is off and high speed if the fasttrack rule is on
...
on version 6 this was not
FastTrack enabled means firewall, queues, etc don't apply to your traffic. this is not a bug. its how ROS works.
https://help.mikrotik.com/docs/display/ ... -FastTrack
This is not the right job. On v6 there was no such behavior. v6 easily transferred over wi-fi 100 megabits without FastTrack!

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 8:48 pm
by irghost
wireguard Peer problem with "::/0" still exist

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 8:57 pm
by jookraw
Yes. The configuration works if you remove the VLAN tag and tag outside, e.g. with a switch between RB5009 and modem.
The root of the problem is VLAN on RB5009.
I just got my RB5009 and my FTTH connection works perfectly using a tagged vlan with IPv6 and prefix works.

Maybe the fact that my ISP gives me IPv4 and IPv6 via separate PPPoE may be the reason?

my relevant parts of the config are below (try reproducing it):
# sep/21/2021 19:50:42 by RouterOS 7.1rc4
# model = RB5009UG+S+
/interface bridge
add ingress-filtering=no name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge mtu=1600 name=WAN_vlan vlan-id=35
/interface pppoe-client
add add-default-route=yes interface=WAN_vlan name=PPPoEv4 user=*****
add interface=WAN_vlan name=PPPoEv6 user=*****
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether8 pvid=88
/interface bridge vlan
add bridge=bridge tagged=bridge,ether8 vlan-ids=35
/ipv6 dhcp-client
add add-default-route=yes interface=PPPoEv6 pool-name=GUA-pool rapid-commit=\
    no request=prefix use-peer-dns=no

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 9:14 pm
by Kindis
RouterOS version 7.1rc4 has been released in public "development" channel!

What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree
My router comes back unconfigured after upgrading from version 7.1rc3 to 7.1rc4.
When trying to restore a backup of version 7.1rc3 or any version 6.x over 7.1rc4 software the hardware restarts, after boot the router remains unconfigured.
It was necessary to reconfigure the router.
I hope to have alerted new testers!
I'm willing to bet that this issue is related to rc3 and did not happen due to upgrade but due to reboot.
I had a CHR and a 750gr3 that all lost config during reboot if they had been running for more then a few hours with load.
If I did a reboot it was config reset and even the user became admin with blank password.
Did a test now on RC4 and the issue did not happen during reboot so I hope it is fixed.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 10:45 pm
by mducharme
SUP-61109 - Still cannot update RB2011 past 7.1 beta 6...
This is probably not an issue with 7.1rc4, but rather with 7.1beta6. I was unable to upgrade my RB4011 above 7.1beta6 until I did a reset to no-defaults and uploaded the 7.1rc npk file to the device using MAC Winbox. A bug in 7.1beta6 caused it to crash on reboot, preventing any successful upgrade or downgrade.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 21, 2021 11:04 pm
by SirPrikol
We are waiting for "synthetic" routes for / 32, / 25, etc

Advertise it from ip firewall address-list

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 12:02 am
by deadkat
A couple of observations from poking around the new RC with a coworker today:

the container package stays installed when downgrading from RC4 to 6.47.10.

steps to reproduce:
1) have hardware running RC4, does not matter how it was installed
2) upload appropriate 6.47.10 NPKs for your device
3) /system package downgrade

This was done on a hAP ac3 LTE6
Screenshot 2021-09-21 143158.png
--------------------------------------------------

looks like the protected routerboot option is gone from hAP ac3 LTE6 and RB4011
Screenshot 2021-09-21 154742.png
Screenshot 2021-09-21 160117.png

edit: removed inaccurate info

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 12:06 am
by benoitc
Is MLAG working better with these latest releases?

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 1:07 am
by dmfr

Unfortunately true.
However,
/export show-sensitive terse
produces export code that can be imported successfully, for a full config restore.
I can not confirm that. If there is a script in the command, as in my example above, it still fails.
My mistake. You're right.
Didn't test "export terse" with inline scripts.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 1:12 am
by mducharme
looks like the protected routerboot option is gone from hAP ac3 LTE6 and RB4011
Protected routerboot seems to be gone from Winbox but still present in the CLI.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 2:01 am
by deadkat
looks like the protected routerboot option is gone from hAP ac3 LTE6 and RB4011
Protected routerboot seems to be gone from Winbox but still present in the CLI.
confirmed, its still in CLI, sorry I didn't think to check that before posting. I've just rolled my 4011 back to RC3, RC2, RC1, and confirmed it does the same thing on those versions as well. tried using both winbox 3.30 and 3.31. can't use older versions of winbox since ROS v7.1RC1. I also downgraded routerboot with each ROS change. gui option is gone on all of the above.

After that I tried going to 7.1beta6, which will allow older versions of winbox, and the gui option is there on winbox versions 3.31, 3.30, and 3.29. not sure if worth mentioning but all of the above testing was done with 64bit version of WB, not 32bit.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 4:34 am
by ivantirado
IPv6 traffic doesn't flow through the router when a Simple Queue is active. I setup a Simple Queue with target LAN Interface and Destination WAN interface - and queue type FQ_Codel. When the queue is active, IPv6 traffic doesn't work, queue inactive - it works again. This problem isn't new, also had it in 7.1rc3

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 5:37 am
by nz_monkey
Is MLAG working better with these latest releases?
There are still issues in rc4 with MLAG. Specifically if you add ports to the bridge that has MLAG ports in it, it will cause traffic flow across the bridge to stop to some ports. You then need to disable/enable the bridge to get it working, or reboot the switch.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 5:40 am
by mducharme
This problem isn't new, also had it in 7.1rc3
As a workaround, you can use queue trees with the parent set to the LAN and WAN interfaces, rather than simple queues. I've been running this since earlier betas with fq_codel with both IPv4 and IPv6 traffic and had no issues.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:54 am
by colin
Which is correct about the disk format?
format_disk.png
diskformat_gui.png
diskformat_cli.png

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 7:28 am
by nokipa
hi guys, sorry maybe it's noob question

but how to create filter rule on v7, like from v6 ?
i've been looking on wiki, but could find prefix-length, or just use dst-len ?
Flags: X - disabled 
 0   chain=bgp-out prefix=10.10.0.0/16 prefix-length=16-24 action=accept 

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 8:15 am
by giulianoz

RC -X REPORT
ISSUES/FUNCTIONALITY FIXED
ISSUES/FUNCTIONALLY IMPROVED
ISSUES UNDER WORK FOR NEXT C release
ISSUES TO BE FIXED BEFORE FINAL RELEASE
ISSUES FOR IMPLEMENTATION AFTER FINAL RELEASE
ISSUES WILL NOT BE ADDRESSED IN SHORT OR LONG TERM ( without serious cash donations ;-) )
I would suggest opening a GitHub project (or similar) to manage issues and milestones. This would make things easier once it is up and running

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 8:18 am
by holvoetn
Using tool ip-scan and interface wireguard throws an error although the interface is up and running, traffic goes over it.

Observed on 7.1rc3 (Hex) and 7.1rc4 (mAP)
Doing the same with no interface specified, does give results.
[-----@mAP2nD] > tool ip-scan interface=wireguard address-range=10.255.255.0/24
failure: interface is not enabled
[-----@mAP2nD] > tool ip-scan address-range=10.255.255.0/24
Columns: ADDRESS, TIME
ADDRESS TIME
10.255.255.2 7ms
10.255.255.1 59ms
This capture was made using ssh from Hex to mAP, which also proves the WG itf itself IS working :)

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 8:22 am
by mkx
I would suggest opening a GitHub project (or similar) to manage issues and milestones. This would make things easier once it is up and running

Being a positive person I'm pretty sure MT is using some sort of change tracking in ROS (e.g. GitHub), but their business decision is to keep pretty silent about particular changes in ROS. After all, isn't that what's closed source software all about? And I don't see this changing with ROS ...

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 9:13 am
by ivicask
4011 rebooted after 1 day 15 hours uptime RC4, no crash log generated..

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 9:17 am
by mrz
hi guys, sorry maybe it's noob question

but how to create filter rule on v7, like from v6 ?
i've been looking on wiki, but could find prefix-length, or just use dst-len ?
Here:
https://help.mikrotik.com/docs/display/ ... ingFilters

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 9:24 am
by nokipa
like this ?
/routing/filter/rule
add chain=BGP_OUT rule="if (dst-len>13 && dst-len<31 && dst in 172.16.0.0/16) { accept }"

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 10:10 am
by anthonws
SUP-61109 - Still cannot update RB2011 past 7.1 beta 6...
This is probably not an issue with 7.1rc4, but rather with 7.1beta6. I was unable to upgrade my RB4011 above 7.1beta6 until I did a reset to no-defaults and uploaded the 7.1rc npk file to the device using MAC Winbox. A bug in 7.1beta6 caused it to crash on reboot, preventing any successful upgrade or downgrade.
Understood. Will try that.

Thanks!

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 10:47 am
by GShock
Strange story, but I found that now default antenna gain is 2db but previously was 0 db and now there is no option on WInbox to change antenna gain. hap ac lite. Check please is it only for me?

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 11:59 am
by mkx
Strange story, but I found that now default antenna gain is 2db but previously was 0 db and now there is no option on WInbox to change antenna gain. hap ac lite. Check please is it only for me?
This is an old story, didn't start with v7.

Antenna gain information is used in calculations about maximum actual Tx power that is allowed to be used in order to stay within country limitations. Devices with built-in antennae have this information set in factory as minimum setting and it is not possible to set it lower.
With recent versions of ROS v6, it is possible to set antenna gain via CLI (the minimum value allowed limitation still applies).

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 12:06 pm
by vaka
hi guys, sorry maybe it's noob question

but how to create filter rule on v7, like from v6 ?
i've been looking on wiki, but could find prefix-length, or just use dst-len ?
Flags: X - disabled 
 0   chain=bgp-out prefix=10.10.0.0/16 prefix-length=16-24 action=accept

something like this
/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 12:17 pm
by eworm
something like this
/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"
I think you can not use "in" with "dst-len"...
Even ">=" and "<=" do not work. At least the latter would be nice, makes it more readable imho.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 12:59 pm
by rplant
Hapac^2

in RC4, iperf3 in container seems pretty solid.

I made a script to remove/create the /container settings on reboot,
seems to work ok. (Though doesn't reuse the existing container)

Might be nice to be able to use name=mycontainername

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 1:51 pm
by vaka
something like this
/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"
I think you can not use "in" with "dst-len"...
Even ">=" and "<=" do not work. At least the latter would be nice, makes it more readable imho.
look at filter rule syntax. https://help.mikrotik.com/docs/pages/vi ... d=74678285

[num prop readable]
dst-len
...
[matcher]
...
[num prop readable]
in
{int..int}|{int-int}
==|!=|<=|>=|<|>
{int}

so you can use
dst-len in 16-24, dst-len in 16..24, or any combination of == != <= >= < > with a single number followed

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 2:16 pm
by nokipa


something like this
/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"
my goodness.. thank you


anyone find where we can check advertisement route ?
v6 would be routing bgp advertisement where peer=<peername>

trying on v7
ip route no luck
routing/route no luck
routing/bgp/session no luck
searching help.mikrotik no luck

thank you for the help

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 3:14 pm
by vaka

anyone find where we can check advertisement route ?
Nowhere for now. Waiting if it appeared in next releases.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 3:21 pm
by eworm
Ah, interesting... Still my findings are different from what the documentation says.

This one works:
/routing filter rule add chain=ospf_out rule="if (dst in 10.0.0.0/8 && dst-len>19 && dst-len<23 && protocol static) { accept }"
Tried this and it made my router go mad:
/routing filter rule add chain=ospf_out disabled=yes rule="if (dst in 10.0.0.0/8 && dst-len in 20-22 && protocol static) { accept }"
And this is not even accepted:
[admin@MikroTik] /routing/filter/rule> add chain=ospf_out rule="if (dst in 10.0.0.0/8 && dst-len >= 20 && dst-len <= 22 && protocol static) { accept }"
failure: "Word {dst-len} > Word {=} Word {20} " - invalid argument

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 5:38 pm
by vaka
Ah, interesting... Still my findings are different from what the documentation says.


Tried such syntax (dst==a.b.c.d/22 && dst-len in 24-24) in my filters and broke bgp routing at all.
Also lost access via winbox. now ssh only

So I think filters stability and correctness is far to be complete

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 5:48 pm
by rextended
Because "in" work for check if an IP are inside one range, not for check if a number is inside an interval...

[prfx prop readable]
!=|==|in
{address 46/}

like
1.1.1.1/32 in 1.0.0.0/8

probably this is the right way
/routing filter rule add chain=ospf_out disabled=yes \
    rule="if ( (dst in 10.0.0.0/8) && (dst-len>=20) && (dst-len<=22) && (protocol static) ) { accept }"

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:11 pm
by eworm
Your example is covered by prefix property. Have another look at the documentation, my example is covered by num property.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:22 pm
by rextended
Your example is covered by prefix property. Have another look at the documentation, my example is covered by num property.
what I copy & paste from help is the fact that the "in" can be applied only to prefix...

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:23 pm
by vaka
Because "in" work for check if an IP are inside one range, not for check if a number is inside an interval...

[prfx prop readable]
!=|==|in
{address 46/}

read carefully. dst-len is [num prop readable] not prfx.

[num prop readable]
in <---- in allowed
{int..int}|{int-int} <----- interval
==|!=|<=|>=|<|>
{int}

I assume it just not implemented yet but documented :)

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:26 pm
by rextended
Please at this point put "all" not under or lower part

rule code

[num prop readable]
dst-len

[prfx prop readable]
dst

[num prop readable]
    in
        {int..int}|{int-int}
    ==|!=|<=|>=|<|>
        {int}
    [num prop readable]

[prfx prop readable]
    !=|==|in
        {address 46/}

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:26 pm
by mrz
dst-len in 24-24 can be simply written as dst-len == 24

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:28 pm
by rextended
dst-len in 24-24 can be simply written as dst-len == 24

Please ignore @vaka wrong example, consider this:

@eworm
dst-len in 20-22

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:35 pm
by eworm
@eworm
dst-len in 20-22
That's exactly what I tried. Device goes nuts: Rule does not work, device becomes unresponsive and CPU is at 100%.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:38 pm
by aleksis
Currently this causes a crash. Will be fixed in rc5.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 6:40 pm
by aleksis
And this is not even accepted:
[admin@MikroTik] /routing/filter/rule> add chain=ospf_out rule="if (dst in 10.0.0.0/8 && dst-len >= 20 && dst-len <= 22 && protocol static) { accept }"
failure: "Word {dst-len} > Word {=} Word {20} " - invalid argument
Also fixed in rc5.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 22, 2021 8:08 pm
by vaka
dst-len in 24-24 can be simply written as dst-len == 24
Yes I know. But dst-len in 24-24 is the correct syntax and should do the same as dst-len==24

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 8:09 am
by normis
Strange story, but I found that now default antenna gain is 2db but previously was 0 db and now there is no option on WInbox to change antenna gain. hap ac lite. Check please is it only for me?
devices with build in antennas have their actual gain hardcoded. if you wanted to change output power, use it with the proper setting and leave the gain alone

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 8:54 am
by holvoetn
7.1rc3 and 4
btest server / bandwidth test
the counters for TX don't show any values.

Not on server side, not on client side.
Reversing server and client gives the same result: no TX counters.

Info from server side:
# CLIENT                                                            PROTOCOL DIRECTION USER                          TX-CURRENT RX-CURRENT
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps

[holvoetn@mAP2nD] /tool/bandwidth-server/session> print follow
 # CLIENT                                                            PROTOCOL DIRECTION USER                          TX-CURRENT RX-CURRENT
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                       0bps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                    2.3Mbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                  932.8kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1239.9kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1160.3kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1285.4kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1376.4kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1478.8kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1490.2kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1319.6kbps
Info from client side:
[holvoetn@MTHex] /tool> bandwidth-test 192.168.90.1 duration=120 protocol=udp user=----- passw
ord=----- direction=receive
                status: done testing
              duration: 2m
            rx-current: 0bps
  rx-10-second-average: 0bps
      rx-total-average: 0bps
          lost-packets: 0
           random-data: no
             direction: receive
               rx-size: 1450
      connection-count: 20
        local-cpu-load: 1%
       remote-cpu-load: 5%

[holvoetn@MTHex] /tool> bandwidth-test 192.168.90.1 duration=120 protocol=udp user=----- passw
ord=----- direction=transmit
                status: done testing
              duration: 2m
            tx-current: 193.3kbps
  tx-10-second-average: 195.6kbps
      tx-total-average: 430.4kbps
           random-data: no
             direction: transmit
               tx-size: 1450
      connection-count: 20
        local-cpu-load: 1%
       remote-cpu-load: 6%

[holvoetn@MTHex] /tool> 

Hi.

Posted: Thu Sep 23, 2021 9:02 am
by Milecus
Devices:

1) RBLHGR r2 (mipsbe), F/W: 7.1rc4

2) Telit LM960A18, F/W: 32.00.116 (latest)
MBIM mode (AT#USBCFG=2)

Problems:

1) Periodically occur: lte1 transaction error
(introduced in v7.0beta7)

2) together with the lte1 interface
the ppp-out1 interface rises;
when trying to change it to the "Disable" state:
in log: ppp-out1: terminating...
after a while a window appears:
Couldn't change Interface <ppp-out1> - timeout (13)
(introduced in v7.1rc1)

3) Monitor lte1:
CA Band - shows nothing (Telit AT#CAINFO? shows it)
RSSI - shows incorrectly
RSRP - shows correctly
RSRQ - shows values divided by 10
(introduced in v7.1beta6)

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 10:44 am
by rpingar
we discovered two issue about bonding and 7.1rc4 on x86 and intel cards:
- first issue: After the reboot the phisical ports remain down
To have them working again you have to disable the bonding. As soon as you disable the bonding MT starts to report the ports UP and then eneable the bonding you have it working.
I am able to reproduce the issue also on a working bonding, where I disable one bonding interface, then reenabled it, the renabled port doesn't go up in Running mode, the only way to have to port working again is to disable the bonding and reenable it.


- second issue simmes related to "link monitoring=none", when there is the bonding in this config and I chanhe the remote side, for exemple changing the hash from l3/l4 to l2 the bonding stops to forward the traffic.
my workaround for this is to use linkmonitoring =mii on both side of the bonding (v6 is at the remote side).

hope you can catch and fix the issue ASAP.

MikroTik support #[SUP-61316]: v7.1rc4 and bonding on x86 Intel Cards - 2 issues

regards
Ros

Re: Hi.

Posted: Thu Sep 23, 2021 11:15 am
by mjraiha
Devices:

1) RBLHGR r2 (mipsbe), F/W: 7.1rc4

2) Telit LM960A18, F/W: 32.00.116 (latest)
MBIM mode (AT#USBCFG=2)

Problems:

1) Periodically occur: lte1 transaction error
(introduced in v7.0beta7)

2) together with the lte1 interface
the ppp-out1 interface rises;
when trying to change it to the "Disable" state:
in log: ppp-out1: terminating...
after a while a window appears:
Couldn't change Interface <ppp-out1> - timeout (13)
(introduced in v7.1rc1)

3) Monitor lte1:
CA Band - shows nothing (Telit AT#CAINFO? shows it)
RSSI - shows incorrectly
RSRP - shows correctly
RSRQ - shows values divided by 10
(introduced in v7.1beta6)
I have created support ticket and delivered supout.rif (SUP-58554) about similar issues with RBM33G + Telit LM960A18, F/W: 32.00.116 (latest) MBIM mode (AT#USBCFG=2). I see the same transaction error message also.

1) modem settings are broken on /interface lte at-chat 0 input="AT+CGDCONT?" as these don't seem to match what's set on active /interface/lte/apn
2) on WebGUI
-band string is broken
-CA band is missing although it’s is use
-MCS value is missing
3) I'm trying to take multi-APN into use to get multiple addresses into use
-"public IPv4" to enable VPN access into my network
-"private IPv4" to enable better performance and "public IPv4" is bottlenecked on ISP side
-IPv6 - still trying to out find reason why address is not taken into use although logs show that address is given by modem side

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 12:04 pm
by benoitc
Is MLAG working better with these latest releases?
There are still issues in rc4 with MLAG. Specifically if you add ports to the bridge that has MLAG ports in it, it will cause traffic flow across the bridge to stop to some ports. You then need to disable/enable the bridge to get it working, or reboot the switch.
thanks! If it is "just" that I may to try it to replace the active-backup pattern I am using on servers with 2 CRS317. Hopefully it will be fixed soon...

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 2:33 pm
by nz_monkey
thanks! If it is "just" that I may to try it to replace the active-backup pattern I am using on servers with 2 CRS317. Hopefully it will be fixed soon...
Mikrotik support are able to repeat the issue, and have reported that it will be fixed in a coming release.

Re: Hi.

Posted: Thu Sep 23, 2021 4:42 pm
by mjraiha
1) modem settings are broken on /interface lte at-chat 0 input="AT+CGDCONT?" as these don't seem to match what's set on active /interface/lte/apn
This was fixed by using "use-network-apn=no" on all configs on /interface/lte/apn .

Re: Hi.

Posted: Thu Sep 23, 2021 5:21 pm
by SiB
"use-network-apn=no"
=no Should be default at ros7

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 8:19 pm
by mkamau
Any specific improvements to MPLS or BGP?
Any updates team on mpls bgp ? i have my ibgp peers going down with no logs to explain whats happening

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 8:30 pm
by infabo
Nope.
use-network-apn=yes
This is the default value in v7 (on my Chateau) for the name=default apn.

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 9:22 pm
by clambert
Any specific improvements to MPLS or BGP?
MPLS deployment status for v7.1rc4 has not been updated at https://help.mikrotik.com/docs/display/ ... col+Status.

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 23, 2021 9:27 pm
by BitHaulers
7.1rc3 broke the SXT LTE ability to see the SIM card in any slot. This issue appears resolved in 7.1rc4.

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 12:28 am
by mducharme
MPLS deployment status for v7.1rc4 has not been updated at https://help.mikrotik.com/docs/display/ ... col+Status.
From what I can tell there are no routing changes from rc3 to rc4 that would affect the colour/status of any features on that page. VPLS still crashes the router with rc4 as it did on rc3, same behavior.

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 12:51 am
by nescafe2002
Partial configuration loss in 7.1rc4, after a few succesful reboots..
Same section got lost as 7.1rc3 => /ip ipsec identity
SUP-60031


I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Could you tried creating a bridge-wan with a single port (sfp) and use this bridge in your configuration?

I've had a similar problem on my RB4011 with 6to4 tunnels and ICMPv6 Packet Too Big messages related to either:

1) 6to4 via sfp directly
2) 6to4 via bridge-wan (with single port) with packet sniffer enabled

Internally, packets were reassembled to packets of 2922 bytes in length (!)

When I create a bridge with a single port AND don't run packet sniffer - the tunnel runs fine. No ICMPv6 Packet Too Big messages flooding the link.

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 1:34 am
by mjbnz
I have had no luck getting GPS to work in an LtAP with v7 - however, I'm not 100% sure I ever tried it on v6. Has anyone else here had luck with GPS?

And bgp-as-path regexp matching in bgp filters still doesn't work. (ticket open with support)

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 2:07 am
by mjbnz
The closest I got is this:
/routing filter rule
add chain= MY_NETWORKS rule="if(bgp-as-path ^\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 1234+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 5678+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 9102+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 3456+\$ ) {accept}"
However when trying to use a regular expression containing _ or ( or ), you get syntax errors in masses.
If you use _ you end up with a real space in the config doing nothing.
If you use ^ you need to put \\\ in front
If you use ) it closes the "if" instead of being part of the expression etc etc.

If anyone has a clue on how to encode this correctly, let me know....
As above the rule let pass AS991234 as well which it shouldn't. So the whitespace in front of the number is important.
Yeah, you've done pretty well getting converted as far as you have.
bgp-as-path
matching is just plain broken in v7, I have a ticket open about it. Even when you do have a regex which should match, it just doesn't do anything. I have some test rules which just tweak the local-pref up or down a bit, and even with a very very basic bare number as the regex, it fails to work.

And yes, advanced regex characters fail to parse. It seems Mikrotik engineers are eternally struggling with the age old quoting and escaping issues surrounding parsing of strings with odd characters.
For non Regex experts:

_1234+$ means 1234 at the end of the string must be present preceded by a whitespace (or the start of the string).
1234+$ only means any string ending with 1234. So this also matches 991234, 11234 etc.
Almost.. it's not standard regex,
_
in BGP is a shortcut character in which matches the equivalent of
(^|[,{}() ]|$)
- effectively anything that can be the boundary of an AS.

Edit:
This is a weird code block to force the following blocks to be inline, because the forum code is crap
and is not able to work out what should be inline what what should not because it's the same bbcode.
perhaps it should use markdown instead, where ` and ``` are really easy to use and understand.
also, your
+
in the example above is probably not doing what you expect
+
means the previous character (actually, a group, but I digress) can repeat 1 or more times (
*
is 0 or more). In your example you can repeat the 4: 1234, 12344, 123444, etc. Perhaps you meant
.+
where the period means "any character".

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 4:59 am
by mducharme
In order for action=netmap to be useful for WAN failover scenarios in IPv6, it should probably be allowed in the srcnat chain as well, not just dstnat. Hopefully this is coming at some point?

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 6:34 am
by fragtion
Partial configuration loss in 7.1rc4, after a few succesful reboots..
Same section got lost as 7.1rc3 => /ip ipsec identity
SUP-60031
I also randomly lost some cfg on reboot (some wireguard interfaces, peers, and a network bridge - hopefully that's all..), on an otherwise healthy chr 7rc4 on aws
There was also one messed up wg interface (with weird AAAAAAAAAAAAAAAA private key) which I'm guessing is one of the interfaces that got corrupt in the process

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 2:31 pm
by doneware
*) other fixes and improvements;
I thought the days of "fixed some stuff" were long behind Mikrotik :(
P: Something loose in cockpit
S: Something tightened in cockpit

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 4:37 pm
by rpingar
cosmetic bug!!

regards
Ros

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 5:47 pm
by rextended
and where is the cosmetic bug?

Re: v7.1rc4 [development] is released!

Posted: Fri Sep 24, 2021 7:35 pm
by mkx
Font, displaying instructions, should be friendlier...

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 1:29 am
by rpingar
and where is the cosmetic bug?
no hyperlink visible to click and expand the route list!

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 8:35 am
by tbutter
With 7.1rc4 i can't enable watchdog:
[admin@x] /system/watchdog> print
          watch-address: none
         watchdog-timer: no
  ping-start-after-boot: 5m
           ping-timeout: 1m
       automatic-supout: yes
       auto-send-supout: no
[admin@x] /system/watchdog> set watchdog-timer=yes
failure: failed to enable watchdog timer

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 11:52 am
by SiB
rpingar
no hyperlink visible to click and expand the route list!
When you ENABLE filtering but not provide what you want filter then you get this message: Please specify more specific Dst. Address Filter.
When you want see all results, disable Filtering icon.
Image

P.S. WinBox not use a HTML5 as GUI and any "link" not help with thinking instead of user

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 11:56 am
by maherhaddad
Guys, RIP routing protocol on ROS v7 is still not working. You mentioned in the changelog that RIP is supported but in fact it is not operational. I have made the tests and routes are not being learned.
Can you please fix this issue ASAP?

Thanks.

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 3:34 pm
by infabo
I found I can't unset LTE interface band value. I recall this was working earlier.
/interface/lte/unset value-name=band lte1
input does not match any value of value-name
But it only allows to unset these values:
ValueName ::= allow-roaming | modem-init | network-mode
But I can't find a non-weird way to set
band=""
- or even better remove the band-value at all - again.
/interface/lte/set band="" lte1 
ambiguous value of band, more than one possible value matches input
That is non-working too.

The only way to set band to empty again, is to edit ad clear the editor. But that is quite cumbersome.
/interface/lte/edit value-name=band lte1
Maybe you can reset band via WinBox or WebFig - but I do not use these.

Is this a bug? Or do I need another command? reset seems to do something else (which I dont know what exactly, because it is not documented anywhere). Even unset is not documented at help.mikrotik.com. F1 is kind of not helpful in some/most situations.

https://help.mikrotik.com/docs/display/ ... +Interface

I wonder why so less things are documented INLINE. When you have a Linux background, you are used to "man foobar-command" and you just have your info - WITHOUT leaving CLI.
But at Mikrotik CLI, you get hardly any infos. Need to visit help.mikrotik.com and/or wiki.mikrotik.com. And even after that - you have a great chance to still be puzzled and worried.

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 6:53 pm
by nokipa
cosmetic bug!!

regards
Ros
it's the new winbox version
all my v6 router are now like that (before the new winbox release and also 7.1rc4 release, ip routes still showing)

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 8:07 pm
by SiB
SOLVED in 7.1rc5

infabo write
I found I can't unset LTE interface band value. I recall this was working earlier.
TRUE, this not work. SUP-61515
Even more, edit lte1 band; reset the network-mode to default too !

That's why this is DEVELOPMENT channel and we are a test rabbit :)

EDIT:
/interface lte set lte1 band="" ;

SOLVED in 7.1rc5

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 8:39 pm
by sindy
That's why this is DEVELOPMENT channel and we are a test rabbit :)
(except SiB who is a test panda)

Re: v7.1rc4 [development] is released!

Posted: Sat Sep 25, 2021 9:06 pm
by w0lt
I hope that when 7.1rc5 comes out it has PIMSM complete. 🤨
and...D O C U M E N T E D !!.... 😵‍💫

-tp

Re: v7.1rc4 [development] is released!

Posted: Sun Sep 26, 2021 4:57 am
by ishanjain
It still shows gateway unreachable in the nexthops menu. Is there a timeline on when will that be fixed? I want to enable the check-gateway functionality.

Re: v7.1rc4 [development] is released!

Posted: Sun Sep 26, 2021 12:27 pm
by xrayd78
Supported v7.1rc4 Wave2 for MIPSBE?
See: https://www.qualcomm.com/products/qca9982

Re: v7.1rc4 [development] is released!

Posted: Sun Sep 26, 2021 2:52 pm
by mkx
Supported v7.1rc4 Wave2 for MIPSBE?
How many mipsbe devices come with mentioned wireless chip and 256MB RAM? Not to mention that mipsbe CPUs are mostly too weak even to maintain full-speed ac wireless.

Re: v7.1rc4 [development] is released!

Posted: Sun Sep 26, 2021 3:48 pm
by anav
Supported v7.1rc4 Wave2 for MIPSBE?
See: https://www.qualcomm.com/products/qca9982
OMG, I spit out my coffee reading that line.
We'll get a fifth wave of covid before mipse gets wave2. ;-PP

Re: v7.1rc4 [development] is released!

Posted: Sun Sep 26, 2021 4:38 pm
by hoh
What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;
We tried to use some mibsbe devices with 7.1 (due to lack of support for Huawei e3372h LTE modem in stable). I truly hope that "improved stability" means that a bug causing random outages and dead device has actually been fixed. Any details about this improvement from MT would be welcomed.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 1:11 am
by teleport
in 7.1rc4 on rb450gx4, i see these sporadic errors: "DoH server connection error: Idle timeout - waiting data"
its configured for cloudflare DNS.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 2:13 am
by msatter
Darn! After a reboot I lost about 5000 of my 22000 address-list entries. Good that I had a reasonable recent export so I could restore more than 99%. The router is a 4011.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 8:11 am
by emils
msatter, please clarfiy. It was a simple reboot on an already installed rc4 device or an upgrade from previous versions?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 9:04 am
by ivicask
Darn! After a reboot I lost about 5000 of my 22000 address-list entries. Good that I had a reasonable recent export so I could restore more than 99%. The router is a 4011.
Manual reboot or crash?My 4011 crash rebooted 2nd time now after 4 day uptime, no supout was generated, just" router rebooted without proper shutdown"
.So far my address list (around 8k) is fine tho.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 10:31 am
by nannou9
I have HP 107w printer at home.
Haven't been using it for a month but it was working fine on betas.
Now however I cannot connect to WIFI anymore.

My short config:
set [ find default-name=wifi1 ] channel.band=2ghz-n .width=20/40mhz configuration.country=Malaysia .mode=ap .ssid=XXXXXXX disabled=no security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=no .wps=disable

Tried to reset the printer completely.
Manual setup (no WPS) fail and I can see in logs:
XXXXXXXXXXXX:16@wifi1 disconnected, key handshake failure, signal strength -65

WPS Setup also fails with below in turn:
XXXXXXXXXXXX:16@wifi1 rejected, does not provide suitable security method

Anybody having similar problems?

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 11:42 am
by msatter
msatter, please clarfiy. It was a simple reboot on an already installed rc4 device or an upgrade from previous versions?
It was an upgrade to v7RC4 that is running now for some time and was rebooted at least 10 times before over that period. The config was coming from 6.48.4 when it was upgraded to v7RC4 a time ago.

It seems that the last part of the address-list cut short and it not saved or not reloaded on startup. I did not reboot again since then and did not check the log.

I will make backup and reboot to see if it crops up again.

Update: Rebooted and all is the address-list is still at 22001, so no losses.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 1:27 pm
by SiB
SOLVED in rc7.1rc5

SUP-61613
/system scheduler with 2 lines shows error in syntax at export it.
/import test.rsc show error of importing scheduler.

Reproduction: create a scheduler and paste this extreme of code:
# comment
local abc1 123
export to file, remove it, try import.
Image

no workaround by long version :local name=abc1 value=123

SOLVED in rc7.1rc5

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 3:26 pm
by tbutter
When i enable IPv6 my CRS326 looses all connections and is unreachable after about 3hours45min. There is no problem if I disable IPv6. The only thing that might be related to the 3:45 time is the lease time for the dhcp prefix I receive.

I think this is the relevant config:
/interface vlan
add interface=ether2 name=telekom-vlan vlan-id=7
/interface pppoe-client
add add-default-route=yes disabled=no interface=telekom-vlan keepalive-timeout=disabled max-mtu=1480 name=pppoe-telekom user=\
    xxxx@t-online.de
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=no
/ipv6 address
add address=::1 from-pool=telekom-ipv6 interface=bridge
/ipv6 dhcp-client
add interface=pppoe-telekom pool-name=telekom-ipv6 rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=drop chain=input disabled=yes in-interface=pppoe-telekom log-prefix=dropLL_from_public src-address=fe80::/16
add action=drop chain=input
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=no interface=bridge mtu=1480 ra-lifetime=15m


Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 4:30 pm
by vaka
Can't create routing bgp connection via WEB-GUI. Remote AS field is always red (Invalid value in Remote AS)

Image

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 5:36 pm
by winap
Hello,
I am new here...I have a question, how can I get FW from my routerboard RB5009?
Because from support I don't have any answer, what I want. They only told me, so I can download via downloads from mikrotik..
In rourerboard is v7 stable. But if I reinstall to 7rc4, there is no chance to turn back to "official" stable version, which is not i mikrotik site..
Because when I found some bugs..I have prolems to keep back.
Thank you so much.

Re: v7.1rc4 [development] is released!

Posted: Mon Sep 27, 2021 6:30 pm
by irghost
wrong voltage on 750Gr3
/system/health> print 
Columns: NAME, VALUE, TYPE
#  NAME     VALUE  TYPE
0  voltage  0.5    V 

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 10:15 am
by Sit75
When i enable IPv6 my CRS326 looses all connections and is unreachable after about 3hours45min. There is no problem if I disable IPv6. The only thing that might be related to the 3:45 time is the lease time for the dhcp prefix I receive.

I think this is the relevant config:
/interface vlan
add interface=ether2 name=telekom-vlan vlan-id=7
/interface pppoe-client
add add-default-route=yes disabled=no interface=telekom-vlan keepalive-timeout=disabled max-mtu=1480 name=pppoe-telekom user=\
    xxxx@t-online.de
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=no
/ipv6 address
add address=::1 from-pool=telekom-ipv6 interface=bridge
/ipv6 dhcp-client
add interface=pppoe-telekom pool-name=telekom-ipv6 rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=drop chain=input disabled=yes in-interface=pppoe-telekom log-prefix=dropLL_from_public src-address=fe80::/16
add action=drop chain=input
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=no interface=bridge mtu=1480 ra-lifetime=15m

It should be repaired in RC5, as I mentioned above. Stay tuned.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 10:46 am
by jookraw
Hello,
I am new here...I have a question, how can I get FW from my routerboard RB5009?
Because from support I don't have any answer, what I want. They only told me, so I can download via downloads from mikrotik..
In rourerboard is v7 stable. But if I reinstall to 7rc4, there is no chance to turn back to "official" stable version, which is not i mikrotik site..
Because when I found some bugs..I have prolems to keep back.
Thank you so much.
I've asked support for the "stable" rOS, the reply was that the rc4 was more stable than the 7.0.5(it seems that it is not that stable) that came with it. but I haven't got any bugs with it for now.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 11:00 am
by Manfred
Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 11:17 am
by msatter
Hello,
I am new here...I have a question, how can I get FW from my routerboard RB5009?
Because from support I don't have any answer, what I want. They only told me, so I can download via downloads from mikrotik..
In rourerboard is v7 stable. But if I reinstall to 7rc4, there is no chance to turn back to "official" stable version, which is not i mikrotik site..
Because when I found some bugs..I have prolems to keep back.
Thank you so much.
It looks that the firmware is included in the software itself. If Mikrotik has removed previous versions then their is no way back or you have ask others here if they have they have that earlierversion for you.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 11:20 am
by winap
I've asked support for the "stable" rOS, the reply was that the rc4 was more stable than the 7.0.5(it seems that it is not that stable) that came with it. but I haven't got any bugs with it for now.
Hi,
Thank you so much..They didn't say that to me..
I ask, is this a normal version only rename (6.48.x) , but no answer..So I know more now.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 11:25 am
by winap
It looks that the firmware is included in the software itself. If Mikrotik has removed previous versions then their is no way back or you have ask others here if they have they have that earlierversion for you.
I have still 7.0.5, because I don't know, how buggy is 7rc4..So I only want to know, how to save it, before I want to upgrade..
So is it possible to backup old FW if something happen with new FW?
Thanks :)

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 11:42 am
by msatter
I've asked support for the "stable" rOS, the reply was that the rc4 was more stable than the 7.0.5(it seems that it is not that stable) that came with it. but I haven't got any bugs with it for now.
Hi,
Thank you so much..They didn't say that to me..
I ask, is this a normal version only rename (6.48.x) , but no answer..So I know more now.
The 5009 is a v7 only device so there is no 6.4x vetsion for it. v7.0x is in your case the 'stable' version. RC is an updated and improved version of that. But you have doubt tjen wait a while for RC5 and a bit more patience added, to if the are initial problems with that version.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 11:58 am
by jookraw
I have still 7.0.5, because I don't know, how buggy is 7rc4..So I only want to know, how to save it, before I want to upgrade..
So is it possible to backup old FW if something happen with new FW?
Thanks :)
No, you can't make a backup.
regarding the "how buggy" It depends what you want to do, in the normal "home/office" use case, it should be fine. I did not have any issues with mine on both RB5009 and RB4011 when using rc4.

I'm using IPv4/IPv6 with firewall, OSPF, Wireguard and ZeroTier (testing) with no issues for now

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 12:06 pm
by vaka
Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !
ccr2004 - 7.1rc4. all buttons in place


Image

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 1:09 pm
by tpedko
does not work socks 5 + auth-method=password

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 4:06 pm
by winap
No, you can't make a backup.
regarding the "how buggy" It depends what you want to do, in the normal "home/office" use case, it should be fine. I did not have any issues with mine on both RB5009 and RB4011 when using rc4.

I'm using IPv4/IPv6 with firewall, OSPF, Wireguard and ZeroTier (testing) with no issues for now
Thank you for specification..it will be ok for me :)

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 4:34 pm
by mhugo
Its still missing and needed for us to really test the correct things.

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 6:06 pm
by Manfred
Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !
ccr2004 - 7.1rc4. all buttons in place


Image
Seems to be a problem with the Chateau LTE12 !
On RB2011 also all buttons are available !

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 6:59 pm
by rextended
...or simply the user disable the button on skin?...

Re: v7.1rc4 [development] is released!

Posted: Tue Sep 28, 2021 9:13 pm
by infabo
Well, is there going to be a stable wifiwave2 package when 7.1 goes out of RC?

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 4:27 am
by SiB
Next BUG, reported: SUP-61789
Ping for timeout with count=1 return nil instead of 0
Ping for 'net unreachable' with count=[1,2] return nil instead of 0
workaround: just use count=3 or more
Image

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 6:04 am
by vfreex
Hi,

I found 2 issues with v7.1rc4:

1. using igmp-snooping with frame-types breaks VLAN interfaces:
With igmp-snooping enabled on bridge interface, setting frame-types=admit-only-untagged-and-priority-tagged or admit-only-vlan-tagged will block the access to VLAN interfaces on that bridge interface. Disabling igmp-snooping will unblock the VLAN interface.

2. High CPU load due to broadcast or unicast packets flooding to the bridge interface.
I described this issue in detail in https://help.mikrotik.com/servicedesk/s ... /SUP-61649.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 9:34 am
by infabo
In rc4 I already experienced 2 complete device lockups. Happens after a few days uptime. The device did not auto-reboot nor did the watchdog generate an autosupout.rif nor any log entry. I thought that times are long behind me, but in this recent RC the instability has catched up again.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 9:41 am
by infabo
Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !
Chateau here and I have both buttons in Winbox and Webfig. As rextended already mentioned: maybe they are hidden in active design.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 11:29 am
by jookraw
In rc4 I already experienced 2 complete device lockups. Happens after a few days uptime. The device did not auto-reboot nor did the watchdog generate an autosupout.rif nor any log entry. I thought that times are long behind me, but in this recent RC the instability has catched up again.
Which hardware you have? Do you have l2mtu set bigger than the default (1592)?

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 11:31 am
by skylark
IPv6 traffic doesn't flow through the router when a Simple Queue is active. I setup a Simple Queue with target LAN Interface and Destination WAN interface - and queue type FQ_Codel. When the queue is active, IPv6 traffic doesn't work, queue inactive - it works again. This problem isn't new, also had it in 7.1rc3
And
IPv6 connection tracking with simple queue (cake and pcq) and queue tree is also still broken.

Please send us supout.rif files to the support@mikrotik.com
Simply configuring IPv6, queues, and dst/target interfaces, limitations work for us, so there must be some specific settings we are missing.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 12:54 pm
by ingus16
Hi guys,
Did anyone else noticed that ntp server doesn't work. Clients to stratum 0 works as expected ?

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 8:40 pm
by elbob2002
Not sure if this happened to anyone else but the 3 devices I had running 7.1RC4 stopped routing after 7 days uptime.

RB3011, 750GR3 and a CHR.

I could connect to each device on their management IP but even the devices themselves couldn't ping other subnets they were each connected to.

They are running OSPF but static routes were also inaccessible. No crashes or supout recorded.

Rebooted each device and issue gone.

Re: v7.1rc4 [development] is released!

Posted: Wed Sep 29, 2021 10:53 pm
by mfrey
IPv6 traffic doesn't flow through the router when a Simple Queue is active. I setup a Simple Queue with target LAN Interface and Destination WAN interface - and queue type FQ_Codel. When the queue is active, IPv6 traffic doesn't work, queue inactive - it works again. This problem isn't new, also had it in 7.1rc3
And
IPv6 connection tracking with simple queue (cake and pcq) and queue tree is also still broken.

Please send us supout.rif files to the support@mikrotik.com
Simply configuring IPv6, queues, and dst/target interfaces, limitations work for us, so there must be some specific settings we are missing.
I just tried to get a minimal config working on a hex PoE (freshly reset without default) which produces this issue:
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/queue type
add cake-bandwidth=70.0Mbps kind=cake name=cake-download
add cake-bandwidth=10.0Mbps kind=cake name=cake-upload
/queue simple
add name=queue1 queue=cake-download/cake-upload target=ether1
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=inet-prefix request=\
    address,prefix
/ipv6 firewall filter
add action=accept chain=input connection-state=invalid,new log=yes log-prefix=\
    ipv6,invalid,new
That's it. Nothing complex. When logging onto the device using Winbox MAC and pinging some random IPv6 internet host all incoming packets are new and invalid according to the log.

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 30, 2021 11:55 am
by woro
I had 7.1rc4 on my RB4011 for some days now w/o stability issues.
Yesterday I installed
- zerotier
- user-manager
- container
packages and since then the devices rebooted at least 2 times within 24 hours w/o a supout.

I haven't done anything yet with the above packages but it seems to me that one of them is causing the crashes as before that was no issue at all.

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 30, 2021 2:17 pm
by jult
Most of us are more interested in when the stable v7 is released (with the newer cake/fq_codel supporting linux kernels), because honestly, cake is what everybody needs (now) and is waiting for.
And, not unimportant, many other big brands are already using it. So, users are fleeing towards those other brands because of that.

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 30, 2021 2:23 pm
by huntermic
Most of us are more interested in when the stable v7 is released (with the newer cake/fq_codel supporting linux kernels), because honestly, cake is what everybody needs (now) and is waiting for.
And, not unimportant, many other big brands are already using it. So, users are fleeing towards those other brands because of that.
This is funny, you just joined the forum but appear to know wat all people here want.
Trust me, cake/fq_codel is not that important for most people.

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 30, 2021 2:36 pm
by mikegleasonjr
Most of us are more interested in when the stable v7 is released (with the newer cake/fq_codel supporting linux kernels), because honestly, cake is what everybody needs (now) and is waiting for.
And, not unimportant, many other big brands are already using it. So, users are fleeing towards those other brands because of that.

Not only v7 is not stable, CAKE is not implemented fully at the moment. (When specifying a queue, you can't tell it it will be ingress or egress and defaults to egress).

tc qdisc ... cake
       ...
       [ mpu N ]
       [ ingress | egress* ]   <----------
       (* marks defaults)
See https://man7.org/linux/man-pages/man8/tc-cake.8.html


I also opened SUP-59224 since rc3 if I recall correctly about that.

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 30, 2021 2:50 pm
by mikegleasonjr
Most of us are more interested in when the stable v7 is released (with the newer cake/fq_codel supporting linux kernels), because honestly, cake is what everybody needs (now) and is waiting for.
And, not unimportant, many other big brands are already using it. So, users are fleeing towards those other brands because of that.
This is funny, you just joined the forum but appear to know wat all people here want.
Trust me, cake/fq_codel is not that important for most people.
What's the correlation between the date a user joined a forum and the actual content of it...

We all have our needs and what feels important to us, and when we focus on that we love individually, we tend to see more of it and that's natural. So you dismiss it as unimportant in a disdain manner. Why? To steer the conversation to what is important to you? So you see you're no better...

The cake/codel announcement on reddit was the 35th hottest post of all time there, there are several threads here too. There's even a bufferbloat consortium with highly talented people (with not just BS certifications you have by reading a book and memorizing pre-made questions), you know, ppl that wrote actual papers and proper algorithms that tries to make the internet better and bring more awareness to the ISPs.

So thank you for your contribution, I hope Mikrotik takes note of it...

Re: v7.1rc4 [development] is released!

Posted: Thu Sep 30, 2021 5:41 pm
by huntermic


This is funny, you just joined the forum but appear to know wat all people here want.
Trust me, cake/fq_codel is not that important for most people.
What's the correlation between the date a user joined a forum and the actual content of it...

We all have our needs and what feels important to us, and when we focus on that we love individually, we tend to see more of it and that's natural. So you dismiss it as unimportant in a disdain manner. Why? To steer the conversation to what is important to you? So you see you're no better...

The cake/codel announcement on reddit was the 35th hottest post of all time there, there are several threads here too. There's even a bufferbloat consortium with highly talented people (with not just BS certifications you have by reading a book and memorizing pre-made questions), you know, ppl that wrote actual papers and proper algorithms that tries to make the internet better and bring more awareness to the ISPs.

So thank you for your contribution, I hope Mikrotik takes note of it...

1: I did never say it was unimportant, just not THAT important ( not ALL people are waiting for cake and fleeing to other brands just because of missing cake )
2: I did not stear in any other direction
3: All I wanted to do is to make a statement that it is not true that everybody is waiting for cake, as was stated in the post.
4: So please don't attack me for things I did not say or do and read a little better

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 01, 2021 9:55 am
by woro
I had 7.1rc4 on my RB4011 for some days now w/o stability issues.
Yesterday I installed
- zerotier
- user-manager
- container
packages and since then the devices rebooted at least 2 times within 24 hours w/o a supout.

I haven't done anything yet with the above packages but it seems to me that one of them is causing the crashes as before that was no issue at all.
Update:
I've disabled the container package but the crashes/reboots still occur afterwards.
Trying further now by disabling zerotier again.
But there seems to be really a periodic thing. The crashes seem to happen every 3h 45m (not exactly but pretty close to).

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 01, 2021 10:13 am
by OlofL
I tried to upgrade from 6.48.1 to development channel 7.1rc4.
I don't know firmware version, but it was probably lower than 6.48.1. Logs hint it is 6.47.7

Seems like I bricked my device (RB4011)



Logs from console connection when booting.
:00000050
AL31400X-140


RouterBOOT booter 6.47.7

RB4011iGS+

CPU frequency: 1400 MHz
  Memory size: 1024 MiB
    NAND size: 512 MiB

Press any key within 2 seconds to enter setup..

loading kernel... OK
setting up elf image... OK
jumping to kernel code
Update:
Downloaded 7.1.rc4 image.

Tried to unbrick with netinstall64, latest version. RB4011 found boot server, but did never receive install image.

Changed to older netinstall and image installed instantly. All good, device unbricked, and firmware upgraded to 7.1rc4 aswell.

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 01, 2021 11:14 am
by vaka
I tried to upgrade from 6.48.1 to development channel 7.1rc4.
I don't know firmware version, but it was probably lower than 6.48.1. Logs hint it is 6.47.7
Seems like I bricked my device (RB4011)
...
Changed to older netinstall and image installed instantly. All good, device unbricked, and firmware upgraded to 7.1rc4 aswell.

You can made dual-partition for stable and testing images and switch beetween it while reboot.
https://wiki.mikrotik.com/wiki/Manual:Partitions

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 02, 2021 12:13 am
by eworm
Re: WG interface - strike that remark. Still not working on Map (tested 3 times, waited up to 15 minutes each) and Map Lite also did not come up on itself after reboot when coming home (10 minute wait).
You use a domain name in peer configuration, no? I guess RouterOS tries to resolve that name while network connectivity is not yet available. Thus there's no valid ip address and peer is in a bad state until the name is resolved again - if ever. Mikrotik, can you verify?

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 02, 2021 10:45 am
by holvoetn
You use a domain name in peer configuration, no? I guess RouterOS tries to resolve that name while network connectivity is not yet available. Thus there's no valid ip address and peer is in a bad state until the name is resolved again - if ever. Mikrotik, can you verify?
Not 100% sure I understand the definition of "domain name in peer configuration". Can you please elaborate what you mean ?

What I do see when this happens:
- domain name of "server" is using ddns service (No-IP for the moment, might move to Cloud IP since it's embedded in ROS anyhow) since my hex router is behind an ISP modem with its own firewall. Port for WG is forwarded to Hex. Also have this for an SSTP connection, works as should be. I could use the external name of the modem from ISP as well but I do not trust them to keep this name constant. Hence the ddns-workaround.
- From mAP and mAPLite, without WG being active, I am able to resolve domain names externally instantly the moment I get on the device and open a terminal, both this ddns name as well as other names (www.google.com is my favorite :D ).
Even when connecting to their Wifi SSID from my laptop, I can directly start pinging external names.
So in my view nothing is wrong with domain name resolution.
- Only when I toggle the WG peer status on the mAPs, it kicks in gear immediately. Why only then ? What's holding it back ?
- I have observed over the past days when I get in my office in the morning (I keep those device active there overnight), I see the status light which I use for indicating WG-connection is sometimes lit. So somewhere/sometime it does start up.

I was initially thinking it was because of bad reception of the wifi network in my home office (everything wired here) and used since this morning another mAP Lite as AP (-45dbm signal, which therefor can not be a problem anymore).
Both the other mAP Lite and mAP2nD still need to be toggled manually before the WG itf starts short-term. Probably if I let it sit long enough, it will start on its own. But why ?
What surprises me is that on the "server" side this issue does not arise.
All other equipment I have going for the WG channel get immediate connection (PC, Android phone. mAP and mAPLite as well IF peer status toggled)

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 02, 2021 11:36 am
by sindy
All VPN initiators on Mikrotik keep retrying until the connection gets up - SSTP, IPsec, L2TP... if the remote address is indicated as fqdn, the retrying includes re-resolving of the peer address from the fqdn. But that does not necessarily mean that it's the same case with Wireguard - there, the resolution may be attempted once, and if it fails because it is done too early during the startup process, it may not be repeated, which would be a bug of course. So for the time being, you have to script a workaround - one minute after startup, disable and re-enable the wireguard interface. Or use /tool netwatch to ping an address accessible via the Wireguard tunnel, and let the down-script do the disable and re-enable.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 02, 2021 11:48 am
by holvoetn
All VPN initiators on Mikrotik keep retrying until the connection gets up - SSTP, IPsec, L2TP... if the remote address is indicated as fqdn, the retrying includes re-resolving of the peer address from the fqdn. But that does not necessarily mean that it's the same case with Wireguard - there, the resolution may be attempted once, and if it fails because it is done too early during the startup process, it may not be repeated, which would be a bug of course. So for the time being, you have to script a workaround - one minute after startup, disable and re-enable the wireguard interface. Or use /tool netwatch to ping an address accessible via the Wireguard tunnel, and let the down-script do the disable and re-enable.
Thanks for the response.
I am aware of this and I could obviously script a workaround to have this covered automatically (which I sort of did on mAP using the button).

Update:
after setting up the additional AP in my office, I rebooted mAP already 4 times.
4 times the WG interface came up on its own within 2 minutes !
So it might be a case of low-performing connection, it seems ? But then I still don't understand why am able to use that device as AP with my laptop and do all other stuff which needs to be done with a laptop.

Will test as well with mAP Lite later (some annoying chores to do first at home :? )

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 02, 2021 4:14 pm
by mosulica
Same problem with me, with samsung s21 ultra and hap ac3, 7.1 rc4 and rc3
I have HP 107w printer at home.
Haven't been using it for a month but it was working fine on betas.
Now however I cannot connect to WIFI anymore.

My short config:
set [ find default-name=wifi1 ] channel.band=2ghz-n .width=20/40mhz configuration.country=Malaysia .mode=ap .ssid=XXXXXXX disabled=no security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=no .wps=disable

Tried to reset the printer completely.
Manual setup (no WPS) fail and I can see in logs:
XXXXXXXXXXXX:16@wifi1 disconnected, key handshake failure, signal strength -65

WPS Setup also fails with below in turn:
XXXXXXXXXXXX:16@wifi1 rejected, does not provide suitable security method

Anybody having similar problems?

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 02, 2021 5:26 pm
by holvoetn
Really weird ...
Upon adding an entry on the connect list of that mAPLite to get to the new AP, wireless network with PC was lost. This is normal behavior.
Once network came back on, no WG.
I really had to connect to the slave Wifi send by this device to get in (long story: Eth port on that device is bust but Wifi still works nicely).
Once I was on it, I waited over 10 minutes. No dice. I had to toggle the WG interface.
5 subsequent reboots later, it connects each time after max 35 seconds !
Even did some power cycles, 35 seconds max before reconnecting.
I say again: really weird ...

The actual MTU of a vlan interface ist set to 1500 after every reboot.

Posted: Sat Oct 02, 2021 9:13 pm
by mazza
The actual MTU of a vlan interface is set to 1500 after every reboot.
I can reproduce this on two CRS326-24S+2Q+ running RouterOS v7.1rc4.
/interface/print proplist=name,mtu,actual-mtu,l2mtu where type=vlan 

Flags: R - RUNNING
Columns: NAME, MTU, ACTUAL-MTU, L2MTU
#   NAME                           MTU  ACTUAL-MTU  L2MTU
0 R br-vlan10-LAN-MGMT            1500        1500   9088
1 R br-vlan910-bb-mmm.wmz.01-5ac  1500        1500   9088
2 R br-vlan940-bb-mmm.01-10g      9000        1500   9088
3 R br-vlan1010                   9000        1500   9088
4 R br-vlan1020                   9000        1500   9088
After setting the MTU of the VLAN interfaces to anything else then 9000 and then again to 9000 it works as expected until the next reboot.
 
/interface/set [find where name=br-vlan940-bb-mmm.01-10g] mtu=8999
/interface/set [find where name=br-vlan940-bb-mmm.01-10g] mtu=9000

/interface/print proplist=name,mtu,actual-mtu,l2mtu where type=vlan 

Flags: R - RUNNING
Columns: NAME, MTU, ACTUAL-MTU, L2MTU
#   NAME                           MTU  ACTUAL-MTU  L2MTU
0 R br-vlan10-LAN-MGMT            1500        1500   9088
1 R br-vlan910-bb-mmm.wmz.01-5ac  1500        1500   9088
2 R br-vlan940-bb-mmm.01-10g      9000        9000   9088
3 R br-vlan1010                   9000        1500   9088
4 R br-vlan1020                   9000        1500   9088

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 05, 2021 4:57 pm
by vaka
again new smb default shares and users autocreated
[ccr2004] > /ip smb/shares/print 
Flags: * - DEFAULT
Columns: NAME, DIRECTORY, MAX-SESSIONS
#   NAME  DIRECTORY  MAX-SESSIONS
;;; default share
0 * pub   /pub                 10
;;; default share
1   pub   /pub                 10

[ccr2004] > /ip smb/users/print 
Flags: * - DEFAULT
Columns: NAME, READ-ONLY
#   NAME   READ-ONLY
0 * guest  yes      
1   guest  yes      

Re: v7.1rc4 [development] is released!

Posted: Wed Oct 06, 2021 4:37 pm
by farshield
I have had no luck getting GPS to work in an LtAP with v7 - however, I'm not 100% sure I ever tried it on v6. Has anyone else here had luck with GPS?

And bgp-as-path regexp matching in bgp filters still doesn't work. (ticket open with support)
No luck with getting the GPS to work on the LtAP either with v7. I'm using an external antenna, too. I did the upgrade without checking if it works with v6 first, unfortunately.

Re: v7.1rc4 [development] is released!

Posted: Wed Oct 06, 2021 7:34 pm
by itmethod
Updated a RB2011 and a Chateau LTE12 from rc3 to rc4.
Problem with OVPN - Server on both boards:
If the "Require Client Certificate" in the Server settings is checked,
no tunnel can be established.
Logging on Server side shows TLS-error !
After unchecking, tunnels are established as excpected.

So I downgraded to rc3 and everything ( even with activated "Require Client Certificate" ) went back to normal !

Anybody else observed this problem?
My ovpn doesn't even connect "Require Client Certificate" left unchecked

I already submitted supout file

this is only error I get ovpn-out1: disconnected <wrong OVPN data>

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 08, 2021 12:29 am
by felixka
So my ISP put me out of my misery of using a SFP GPON ONT and gave me an ONT box with RJ45 for the handoff.
Yet, the PPPoE on VLAN with MTU 1500 is still not working for me on 7.1rc4, SFP ONT or Ethernet to the ONT box. The PPPoE link comes up with MTU 1500 (outer VLAN interface is MTU 1520 and underlying Ethernet interface is MTU1520, too).
I can ping -M do -l 1472 1.1.1.1 fine but I can't SSH out for example.
It works fine with exactly the same settings on 6.49. So I'm staying with that until we see rc5 :P

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 08, 2021 4:30 am
by dtaht


What's the correlation between the date a user joined a forum and the actual content of it...

We all have our needs and what feels important to us, and when we focus on that we love individually, we tend to see more of it and that's natural. So you dismiss it as unimportant in a disdain manner. Why? To steer the conversation to what is important to you? So you see you're no better...

The cake/codel announcement on reddit was the 35th hottest post of all time there, there are several threads here too. There's even a bufferbloat consortium with highly talented people (with not just BS certifications you have by reading a book and memorizing pre-made questions), you know, ppl that wrote actual papers and proper algorithms that tries to make the internet better and bring more awareness to the ISPs.


So thank you for your contribution, I hope Mikrotik takes note of it...
as one of the developers/designers of fq_codel, and cake, I'm very interested in actual results on it, on your OS. I've worried, for example, that BQL support didn't make several mikrotik device drivers, and thus running fq_codel or cake at line rate (which is way less cpu intensive than shaping) won't work as well as it could. Can folk verify if BQL is enabled? either qdisc can work wonders on older devices with 100Mbit physical links, and some at a gbit, and replacing pfifo_fast entirely in the field for everything has always been a goal of the bufferbloat project. tc qdisc replace dev eth0 root cake.

Alas, most folk do run htb+fq_codel or cake as a shaper, not at line rate. I'd love to know what devices can handle what shaping speeds.

Merely someone here posting a
tc -s qdisc show
with cake output showing some drops or marks and backlog would make me very happy after waiting all this time for mikrotik to catchup

There is also fq_codel for wifi, where our work was completed in 2016, which is totally unclear if has made it to routerOS or not. It make P2MP wifi work really well.

https://blog.linuxplumbersconf.org/2016 ... y-3Nov.pdf

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 08, 2021 4:39 pm
by felixka
Merely someone here posting a
tc -s qdisc show
with cake output showing some drops or marks and backlog would make me very happy after waiting all this time for mikrotik to catchup
Hi Dave, fancy seeing you around here! Thanks for your work in ridding the world of bufferbloat!

Unfortunately, Mikrotik's RouterOS completely abstracts any notion of a shell away from the user, so outside of anything Mikrotik staff themselves wish to provide the only console output you could get is whatever output Mikrotik has abstracted from the underlying tools.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 09, 2021 2:37 am
by RavenWing71
Dave, Thank you for the work in making CAKE even exist. It will finally give me a DSCP aware queuing discipline on Mikrotik. Now I just need them to use a modern implementation of CAKE where the Least Effort DSCP mark is LE(000001) instead of CS1(001000).

And if they could please add Queue Type selection to the Queues tab of the DHCP Server settings, just like it is on the Queues tab of the PPP Profile, I will be ecstatic.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 09, 2021 4:51 am
by shyrwall
Maybe known already but couldn't find it mentioned. The simple queue limits is a 32-bit unsigned int so the maximum bw limit one can specify is 4294967295 (~4.29Gbit/s). Same bug in 6.x . Please fix :)

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 10, 2021 2:59 am
by dtaht
Dave, Thank you for the work in making CAKE even exist. It will finally give me a DSCP aware queuing discipline on Mikrotik. Now I just need them to use a modern implementation of CAKE where the Least Effort DSCP mark is LE(000001) instead of CS1(001000).

And if they could please add Queue Type selection to the Queues tab of the DHCP Server settings, just like it is on the Queues tab of the PPP Profile, I will be ecstatic.
I try to stress that the cake effort had a large team, and was exhaustively driven by demand of thousands of users using sqm. I'm just one of the most visible.

I would very much like the new LE codepoint ( https://datatracker.ietf.org/doc/html/rfc8622 ) become widely adopted. CS1 proved too problematic, and a "background" class is the only diffserv codepoint I actually agree with, with the caveat that the rfc specifies it should be starvable, and I prefer an interpretation of "at least 5%", because no end user their right mind would want traffic that potentially never completes.

Its a 1 character patch to each of cake's lookup tables. We submitted it to the kernel as soon as it was finalized.

PS We tried very hard to match wifi dscp behavior in the 4 tier cake model, and I have seen cell-over-wifi actually use dscps with good results (0 loss, 0 delay), so my original position against any dscp usage at all (favoring per-host/per flow fq-codel only), at least for voice, has softened. Where I stand for videoconferencing... well... Its too early to tell. I personally ended up switching to the 4 tier model and remarking zoom traffic to suit...

... and have been working with galene.org to create the lowest latency videoconferencing server as yet seen, using the gcc loss and delay based congestion controller. zoom goes WAY overboard on adding delay IMHO.

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 10, 2021 3:02 am
by dtaht
Merely someone here posting a
tc -s qdisc show
with cake output showing some drops or marks and backlog would make me very happy after waiting all this time for mikrotik to catchup
Hi Dave, fancy seeing you around here! Thanks for your work in ridding the world of bufferbloat!

Unfortunately, Mikrotik's RouterOS completely abstracts any notion of a shell away from the user, so outside of anything Mikrotik staff themselves wish to provide the only console output you could get is whatever output Mikrotik has abstracted from the underlying tools.
failing that it's my hope more here actually test. slam cake on an interface, try the rrul tests in flent, or drive it hard with a test too of choice and inspect the packet capture.

are they exposing the rtt, ack-filter, nat or other options?

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 10, 2021 4:03 am
by jmszuch1


Hi Dave, fancy seeing you around here! Thanks for your work in ridding the world of bufferbloat!

Unfortunately, Mikrotik's RouterOS completely abstracts any notion of a shell away from the user, so outside of anything Mikrotik staff themselves wish to provide the only console output you could get is whatever output Mikrotik has abstracted from the underlying tools.
failing that it's my hope more here actually test. slam cake on an interface, try the rrul tests in flent, or drive it hard with a test too of choice and inspect the packet capture.

are they exposing the rtt, ack-filter, nat or other options?
Hi Dave,

Mikrotik has some decent documentation they put up for the queues they added in v7 and their associated options, including CAKE: https://help.mikrotik.com/docs/display/ ... ueues-CAKE

Here's a screenshot of what's offered when initially creating a CAKE queue as well. So it looks like they are exposing those options.
Image

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 10, 2021 6:56 pm
by dtaht
Ah, I read the doc. All those options are exposed. Yay!

I put a PSA about cake's options over here:

viewtopic.php?p=885000#p885000

Selfishly I'd really like to see from y'all some before (say, htb + sfq)/ after results (cake) on mikrotik's hw. Particularly the higher end stuff.

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 11, 2021 12:41 am
by mikegleasonjr
Ah, I read the doc. All those options are exposed. Yay!

I put a PSA about cake's options over here:

viewtopic.php?p=885000#p885000

Selfishly I'd really like to see from y'all some before (say, htb + sfq)/ after results (cake) on mikrotik's hw. Particularly the higher end stuff.

Thank for that, really appreciated.

Unfortunately, one option seems to be missing, the last parameter ingress/egress which defaults to egress.

See my post here about this: viewtopic.php?t=178341#p878504

EDIT: since I am using a Cake queue as ingress in real life but can't specify it (I guess it defaults to egress). Will the internal Cake algorithm be optimal? I noticed that I must lower my bandwidth quite a bit for Cake to not try to go over my connection speed, unlike for uploads. I have a Fiber 100/50 connection.

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 11, 2021 1:51 am
by Rfulton
I've worried, for example, that BQL support didn't make several mikrotik device drivers, and thus running fq_codel or cake at line rate (which is way less cpu intensive than shaping) won't work as well as it could.
Do you think it will ever be fixed? Is it possible someone can translate your fixes to Latvian?

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 11, 2021 2:45 pm
by chubbs596
Maybe known already but couldn't find it mentioned. The simple queue limits is a 32-bit unsigned int so the maximum bw limit one can specify is 4294967295 (~4.29Gbit/s). Same bug in 6.x . Please fix :)
+1 for fix

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 11, 2021 3:50 pm
by khialb32
i have been using the beta6 for some time at a lab with clients connected to it, I noticed a new thing in the queues, if there is a child queue, then the parent queue will only receive packets that will pass by the CHILD queue TOO, or else it won't that means you can specify same target queues with a specific order, yet the higher queue will only receive what its children receive even if it is high in order!
that made it possible for me to specific queues for hotspot and PPPOE users, and the parent queue will only receive data for the client's queues.
in this RC4 (may be 3 too ) I can not do the same thing although it was a cool thing! Any idea if this thing can be activated and deactivated!

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 11, 2021 7:54 pm
by Chupaka
if there is a child queue, then the parent queue will only receive packets that will pass by the CHILD queue TOO
Hasn't it always been this way?

From the docs:
As soon as queue has at least one child it becomes a inner queue, all queues without children - leaf queues. Leaf queues make actual traffic consumption, Inner queues are responsible only for traffic distribution.

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 12, 2021 12:54 pm
by hecatae
Running absolutely fine on a hap lite being used as a home gateway.
Export still broken though, excerpt:
#error exporting /mpls/traffic-eng/path
Export started at oct/12/2021 10:40:20 by RouterOS 7.1rc4, and it's been stuck on this for 14 minutes so far

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 14, 2021 12:01 pm
by server8
Is IPQ4019 hardware like LDF AC; LHG AC, ecc compatibile with wifiwave2 package?

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 14, 2021 9:08 pm
by sindy
Export started at oct/12/2021 10:40:20 by RouterOS 7.1rc4, and it's been stuck on this for 14 minutes so far
In previous 7.1rcX, adding verbose to the export used to make it work - have you tried that?

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 15, 2021 12:16 am
by gumilev
Add Russian language support to SMS. Impossible to use
Chateau 12

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 15, 2021 10:21 pm
by infabo
It is so frustrating. About 8d uptime and then suddenly Chateau12 locks up completely. Just a gentle powercycle helps.

No autosupout.rif, nothing in logs. Just no hint, nothing I could send Mikrotik support.

Just the usual:
router rebooted without proper shutdown, probably power outage.
Thanks for nothing, Chateau! The power outage was caused by me. No need to tell me.

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 15, 2021 10:33 pm
by osc86
I just noticed that log files aren't preserved upon reboots on my hapac2. I'm using the dafault disk action. I also tried to move the file to flash/log, without luck.
No /log.1.txt is created, and log.0.txt only contains messages since the device has restarted.
 1 * name="disk" target=disk disk-file-name="log" disk-lines-per-file=1000 disk-file-count=2 disk-stop-on-full=no 
It doesn't matter if the router is restarted normally or by watchdog.
On other devices (running v6) the content is moved from log.0.txt to log.1.txt, like it is documented in the wiki, that's why I post this here.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 16, 2021 8:04 am
by mehdi1980
can't routing single ip in mangle with hex S.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 16, 2021 9:17 am
by felixka
My issue of not being able to SSH out seems to be a bug that was fixed in 7.1beta3 but seems to have resurfaced.
viewtopic.php?p=885937#p885937

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 16, 2021 4:31 pm
by netmoomin
Is MLAG working better with these latest releases?
There are still issues in rc4 with MLAG. Specifically if you add ports to the bridge that has MLAG ports in it, it will cause traffic flow across the bridge to stop to some ports. You then need to disable/enable the bridge to get it working, or reboot the switch.
I do have the suspicion that the mlag peer port is causing issues with Spanning-Tree... looks like the peer port is creating a loop when using multiple VLANs.

I have two uplink ports per switch connecting to another MLAG Switch... as soon as I bring up the MLAG Port one of the switches is no longer reachable - and traffic on the uplink ports is massive.

I did open a support ticket and did send them the logs...

CU
Tobias

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 17, 2021 8:03 pm
by Henthe
Setting up routing filters is still an awful, miserable, pointlessly tedious experience. Why was this designed this way? Are there plans to make it less of a complete pain? Old filters worked great. New filters are trash, essentially, by comparison. Will also require lots of training time to bring others up to speed for seemingly no reason or benefit.

It wouldn't be so bad but the documentation is basically "ok now go have fun" instead of actually helpful information.

Is anyone else having issues where you need to separately define network and interface under interface template? If I just have one or the other I often won't get full adjacency, though when I have both it will sometimes just show invalid for no reason. Reboot the device and all is valid again with no configuration changes. Often have to toggle the ospf instance as well after a reboot in order for routes to change hands even with full adjacency.

I'm sure there must be a better way to do things but with how things are currently set up and not documented in any kind of intelligent way it's rather difficult to figure out what the best practice should be. Since it's a 5009, I can't exactly just put it on a version of RouterOS that actually works either.

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 17, 2021 8:41 pm
by Larsa
It wouldn't be so bad but the documentation is basically "ok now go have fun" instead of actually helpful information...

Concur, documentation has plenty of room for improvement (understatement!). Examples using best practice should be standard...

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 17, 2021 8:57 pm
by Henthe
My main concern is that if this is going to be the way forward I'm honestly either going to stay on 6.x for several more years and hope that the devs remove head from ground and make it usable or just find a new vendor.

At a remote site with no service and having to set up a new 6.x mtik and no docs on hand? You can most likely figure out how to set things up even if you're going through the GUI.

Trying to do the same thing with v7? Good luck.

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 18, 2021 9:22 am
by infabo
rc4 has been out for a while now. I fear that next is 7.1 (and not rc5). :lol:

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 18, 2021 1:54 pm
by mikegleasonjr
rc4 has been out for a while now. I fear that next is 7.1 (and not rc5). :lol:
Or a v7.2beta1 :lol:

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 18, 2021 1:59 pm
by infabo
:shock:

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 18, 2021 10:29 pm
by jult
So, is the download server for dev release down?

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 18, 2021 11:55 pm
by netfoundryskip
Hoping I could get some help with Containers....I work for a SDN company where we are looking to install our endpoint software on Mikrotik routers as a containers. We typically use a compose file that executes the following code:

docker run \
--rm \
--name myTunneler1 \
--privileged \
--network host \
--device "/dev/net/tun:/dev/net/tun" \
--volume "${PWD}:/ziti-edge-tunnel" \
--volume "/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket" \
--env NF_REG_NAME=myTunneler1 \
netfoundry/ziti-edge-tunnel:latest


We need to ingest an identity key called NF_REG_NAME=myendpoint.jwt --- The file can be uploaded to the router or we could potentially preregister the identity and upload the resulting myendpoint.json to be mounted in /ziti-edge-tunnel.
1. Is only bridged network possible?
2. Is it possible to execute the docker run command?
.

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 5:29 am
by deadkat
@netfoundryskip, you would be better to make a new thread to discuss your issues rather than attempt to hijack the release announcement. your request is more likely to be seen this way vs putting it at the bottom of a very long thread.




unrelated: I predict for the next release we have v7.2RC1 or v7.2beta1 (testing) with move up to 5.10.x LTS kernel

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 8:11 am
by mkx
unrelated: I predict for the next release we have v7.2RC1 or v7.2beta1 (testing) with move up to 5.10.x LTS kernel

Why do you think MT will jump from 7.1rc4 to 7.2beta1? The usual version path is beta -> rc -> release and I don't see any reason to skip release version with 7.1 series. And I don't think there's a serious reason to jump from 5.6 (or whatever 7.1rc is using) to 5.10 ... before MT irons out most (if not all) UI and driver issues still present.

We did see jump from 7.0beta to 7.1beta, but MT explained it was due to (change of) versioning rules ...

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 11:26 am
by Cha0s
My main concern is that if this is going to be the way forward I'm honestly either going to stay on 6.x for several more years and hope that the devs remove head from ground and make it usable or just find a new vendor.
Same here. Sadly...

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 12:59 pm
by vaka
SMB shares and users still self-created on ccr2004

Image

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 4:18 pm
by VitohA
rc4 has been out for a while now. I fear that next is 7.1 (and not rc5). :lol:
Found on Reddit that some users receive rc5. Also waiting for at least a stable version cause my CCR2004-1G-12S+2XS still doesn't have a production-ready firmware that can use all amount of RAM.

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 6:00 pm
by jult
So, is the download server for dev release down?
Trying to update a RB 850Gx2 (PPC) with the dev release, but winbox keeps saying "calculating download size" and hangs on that. While trying any other package option (long-term, stable, testing) they all download fluently. Something I'm missing here?

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 6:06 pm
by holvoetn
So, is the download server for dev release down?
Trying to update a RB 850Gx2 (PPC) with the dev release, but winbox keeps saying "calculating download size" and hangs on that. While trying any other package option (long-term, stable, testing) they all download fluently. Something I'm missing here?
Might be related to the previous post that a new version might be coming shortly and they disabled rc4 for download already ?

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 7:24 pm
by elbob2002
If it's stuck on calculating download size then you need to remove any extra packages that are installed.

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 8:38 pm
by mikegleasonjr
unrelated: I predict for the next release we have v7.2RC1 or v7.2beta1 (testing) with move up to 5.10.x LTS kernel

Why do you think MT will jump from 7.1rc4 to 7.2beta1? The usual version path is beta -> rc -> release and I don't see any reason to skip release version with 7.1 series. And I don't think there's a serious reason to jump from 5.6 (or whatever 7.1rc is using) to 5.10 ... before MT irons out most (if not all) UI and driver issues still present.

We did see jump from 7.0beta to 7.1beta, but MT explained it was due to (change of) versioning rules ...
It was a joke referring to bad software engineering practices from Mkt like introducing new features during a RC cycle. At this point they should just increment a number or pick a random one

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 19, 2021 10:17 pm
by jult
If it's stuck on calculating download size then you need to remove any extra packages that are installed.
None. It's as it was by default. Never added any extras.

Re: v7.1rc4 [development] is released!

Posted: Wed Oct 20, 2021 6:59 pm
by sohrkim
Hi, I'm interested in REST-API feature a lot, and this is a CCR1072 owner.
I have a trouble to execute just a simple request but it just hangs for 30 sec and got no response from the server.
Could you please give a test on a Tilera machine?
[Administrator@DESKTOP ~]$ curl -k -v -u admin: http://router.mydomain:48729/rest/ip/addresses
* STATE: INIT => CONNECT handle 0x80007eee8; line 1789 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => RESOLVING handle 0x80007eee8; line 1835 (connection #0)
* family0 == v4, family1 == v6
*   Trying 192.168.1.1:48729...
* STATE: RESOLVING => CONNECTING handle 0x80007eee8; line 1917 (connection #0)
* Connected to router.mydomain (192.168.1.1) port 48729 (#0)
* STATE: CONNECTING => PROTOCONNECT handle 0x80007eee8; line 1980 (connection #0)
* STATE: PROTOCONNECT => DO handle 0x80007eee8; line 2003 (connection #0)
* Server auth using Basic with user 'admin'
> GET /rest/ip/addresses HTTP/1.1
> Host: router.mydomain:48729
> Authorization: Basic YWRtaW46
> User-Agent: curl/7.79.1
> Accept: */*
>
* STATE: DO => DID handle 0x80007eee8; line 2077 (connection #0)
* STATE: DID => PERFORMING handle 0x80007eee8; line 2196 (connection #0)
* STATE: PERFORMING => DONE handle 0x80007eee8; line 2395 (connection #0)
* multi_done
* Empty reply from server
* The cache now contains 0 members
* Closing connection 0
curl: (52) Empty reply from server


Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 9:55 am
by mrz
You have to use HTTPS, see documentation for more info:
https://help.mikrotik.com/docs/display/ROS/REST+API

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 11:43 am
by mankomal
You have to use HTTPS, see documentation for more info:
https://help.mikrotik.com/docs/display/ROS/REST+API
I have a tutorial on this on YouTube

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 3:35 pm
by mkx
Youtube tutorial is done by a random MT user. Answer above by @mrz is given by Mikrotik employee. So there are two questions:
  1. whom are you ging to trust on this?
  2. is Mikrotik responsible for fixing the tutorial?

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 5:44 pm
by canitan
Issue on upgrading from 6.49 to 7.1rc4 on a 4011. Reboot loop - router reboots within 30-45s of startup if my PPTP VPNs are enabled. If I disable the VPN's or setup L2TP VPNs, works fine.

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 9:56 pm
by jult
Issue on upgrading from 6.49 to 7.1rc4 on a 4011. Reboot loop - router reboots within 30-45s of startup if my PPTP VPNs are enabled. If I disable the VPN's or setup L2TP VPNs, works fine.
Try a netinstall and default config during that. For me that worked.

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 10:58 pm
by infabo
I am sick of "netinstall resolves it". It is like "format c:/" on old windows 98/xp systems.

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 11:10 pm
by holvoetn
I am sick of "netinstall resolves it". It is like "format c:/" on old windows 98/xp systems.
Format c: gave usually an "oops" moment...

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 11:11 pm
by nescafe2002
Infabo, netinstall takes 15 minuten and you're up and running again. Reinstalling windows can take up half a day depending on the configuration. If you're sick of this, consider running long term. No one is forcing you to evaluate the beta.

Re: v7.1rc4 [development] is released!

Posted: Thu Oct 21, 2021 11:28 pm
by infabo
Of course you need to use v7 with a v7-only device. And even in long-term - see recent topic - it can make you cry and netinstall.

Re: v7.1rc4 [development] is released!

Posted: Fri Oct 22, 2021 6:03 pm
by jult
I am sick of "netinstall resolves it". It is like "format c:/" on old windows 98/xp systems.
No, it's not. It's real easy to externally Save backups of your config with mikrotik devices and restore (almost always) works fine. I think in all the years I've managed mikrotik devices I had just one case where the restore backup did not fix an issue after a netinstall, but that had to do with having netinstalled a beta image.
Usually, people complaining about netinstall are simply too lazy to have to change their clients to manually use the 192.168.88 subnet. Good grief, so hard, having to type 20 keys extra or something.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 23, 2021 12:00 am
by infabo
jult, I guess you did not understand my point.

Basically it is this what buggs me:

You have one config that is working. Now you update your MT device from e.g. 7.1rc2 to 7.1rc3 and it suddenly crash-loops, kernel panics or whatever. Then you take your export/backup, do netinstall *with the same running 7.1rc3 ROS version*, restore backup and it is working stable again. This is so frightening. Does not build up trust with ROS.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 23, 2021 2:11 am
by nescafe2002
I understand you Infabo. Everybody was happier when they did not release v7 for years. Oh wait... No that's not it.

Software development takes time. Completing software takes more time. MikroTik decided to release early betas and rcs. You can choose to participate (voluntarily) or stick to the older versions and wait for v7.9.4 with fewer bugs and problems.

Yes, every upgrade is a risk. But, MikroTik still supports and upgrades 10 year old devices. MikroTik introduces new functionality. MikroTik fixes bugs. MikroTik responds to user feedback. For free. No support contract required.

If you're sick of this, or if it this takes too long, consider another release tree, another vendor or even another occupation (if this makes you sick and cry).

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 23, 2021 2:52 am
by felixka
You can choose to participate (voluntarily) or stick to the older versions and wait for v7.9.4 with fewer bugs and problems.
True for those who own older hardware that supports the 6.x release train. Not true for those who have bought any of the more recent products that will only run 7.x.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 23, 2021 3:52 am
by wsftech
Guys, RIP routing protocol on ROS v7 is still not working. You mentioned in the changelog that RIP is supported but in fact it is not operational. I have made the tests and routes are not being learned.
Can you please fix this issue ASAP?

Thanks.
maherhaddad, did you get any further with this? I've seen the occasional packet received (RIP Neighbors), but am having difficulties with this as well.

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 23, 2021 12:49 pm
by mkx
Not true for those who have bought any of the more recent products that will only run 7.x.

If one has a v7-only device, then they should stick to 7.0.5 (or whatever device came with) and wait for 7.1 stable. I've noticed only a few complaints about stability of factory-default 7.0.x, most complaints are about missing new functionality ... and it's up to admin to choose functionality over stability. But one most certainly should not expect (even less require) stability from software with RC in version number.

Even choice for v7-only device is pretty much voluntary (surely one does their homework before spending a few hundred euris, right?) ... all but one device are new models and one should be extra careful about those enyway (all had some kind of teething problems). The one device not entirely new model (unless one is careful to the last letter in model name) is CCR2004-16G-2S+ (v7 only device), which at first glance might be of same device family as CCR2004-1G-12S+2XS (which is ROS v6 device).

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 23, 2021 2:30 pm
by pe1chl
Any info on BFD status (i.c.w. BGP)?
In v7.1rc2 topic it said "BFD is currently work in progress."
So hopefully it will appear in rc5?
It looks like this is the only missing feature I require to start testing on my home router... (currently a 4011)

Re: v7.1rc4 [development] is released!

Posted: Sat Oct 23, 2021 5:36 pm
by infabo
@nescafe2002 thanks for your valuable essay. I do not get it, why everybody defends netinstall? Setup from scratch should always be the last resort. But in MT world it seems like common sense. "My device acting weird? Ok, do some netinstall. I am fine.". I am used to Linux based systems where I can hunt down issues to one exact misconfiguration - and just fix it. Done. I do not re-install my Linux servers every now and then.

Re: v7.1rc4 [development] is released!

Posted: Sun Oct 24, 2021 7:31 pm
by stathisch
BGP over VRFs is still not working (CCR2004)...
See other thread: viewtopic.php?t=179247

Re: v7.1rc4 [development] is released!

Posted: Mon Oct 25, 2021 3:40 am
by mfedotov
I decided to try the new features, installed 7.1rc4 on my CRS309, and after I enable l3 hardware offloading on the switch the device locks up in about 20 seconds. It locks up completely, not responding to the serial console. After power cycle and the login prompt I have about the same 20 seconds on the serial console to disable l3 hw offloading, otherwise the device would lock up again.
I also have CRS305 running 7.1rc3 and I can enable l3 hw offload without any issues. I also tried 7.1rc3 on CRS309, but it locks up the same.
Anybody else having the same issue?

Re: v7.1rc4 [development] is released!

Posted: Tue Oct 26, 2021 4:24 pm
by emils
New version 7.1rc5 has been released in development RouterOS channel:

viewtopic.php?t=179755