Does that include the /routing table section generation? Will existing badly converted config be auto-fixed?*) route - fixed route rule upgrade;
I hope you understand that when users have been helping you for a while by testing some rcs (rc5, rc6, now rc7) it is not really an option for them anymore to load a backup from v6, as that was made too long ago, and also a lot of work went into fine-tuning the configuration to run v7 in daily use.If config was converted once then no. If you have a backup from ROS v6 which was generated on the router that was never upgraded to v7. Then you can load backup and crossfig will perform new config upgrade.
/routing table
add fib name=main
add fib name=""
please fix socks 5 problemIf config was converted once then no. If you have a backup from ROS v6 which was generated on the router that was never upgraded to v7. Then you can load backup and crossfig will perform new config upgrade.
Thank you very much for your posts. We see themUnfortunately, we still can't define one of the parameters of a Cake queue when creating it: direction. Right now if we don't specify it, it defaults to egress.
It is clearly a bug since the parameter Autorate ingress is broken if ingress is not specifed.
See my post here: viewtopic.php?t=178341#p878504
See the available parameters here (last parameter): https://www.man7.org/linux/man-pages/ma ... l#SYNOPSIS
Hopefully you will give priority to routing (e.g. BGP and also OSPF) in this, because there you removed the v6 features and introduced the v7 variant, but that is far from finished.Currently we are polishing v6 features into v7. Once v7 will be released, we will look closely into features and improvements for functions, that were introduced in v7.x
You didn't check the routes: viewtopic.php?t=177800#p874200[...]
Already figured out what is happening... wrong dynamic route was being created after upgrade, manually remove all routes and start dhcp client ipv6 again fixed the problemOn ugprade RB760iGS from 6.49 to 7.1 my ipv6 stop working connection, i keep receiving valid ipv6 on router and on machines but traffic don't flow.. don't show any error log too, firewall it's ok too.
When i roolback to 6.49 ipv6 back to work again.
What i can do?
Over here, maybe you also, we have the situation where internet is delivered over PPPoE and IPv6 prefixes are delivered via DHCPv6.Already figured out what is happening... wrong dynamic route was being created after upgrade, manually remove all routes and start dhcp client ipv6 again fixed the problem
Like what the specific issue was?*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices
Can confirm this as well.Changelog is still empty in WinBox...
error while running customized default configuration script: bad command name wireless (line 977 column 25)
Strange.. I am seeing the changelog no problem in Winbox on my RB4011.Can confirm this as well.
I do not think this is a bug. This is the result of the change made in 6.49.1 where there was an "upgrade" channel added. You do not see v7 in the development channel anymore on v6 and can only upgrade by going to the "upgrade" channel. After upgrading, everything except long term is in the new v7 channel stream. I think this was done due to complaints from some users who have set up auto upgrade scripts to upgrade to every stable immediately after release that they would go up to v7 unexpectedly, and I would reiterate to such people that such auto upgrade systems are a very bad idea and very dangerous potentially. I guess MikroTik was worried about the number of people who might have this ill-advised setup and would get angry with the v7 upgrade. So we now essentially have new "development-v7", "testing-v7" and "stable-v7" channels in v7, and "development-v6", "testing-v6" and "stable-v6" in v6, but without the -v6 and -v7 modifier. The names of the channels therefore match in v6 and v7, but they are not the same channels anymore.I see the changelog also...however only longterm shows longterm. Stable and testing shows 7rc7.
Both of the test boxes do now show change log, after the upgrade.Strange.. I am seeing the changelog no problem in Winbox on my RB4011.
Won't help ... wrong power plug type (and probably voltage and frequency).Here ya go!
I think in earlier releases this particular error message was output when you had changed the name of the wireless interface from the default.Code: Select allerror while running customized default configuration script: bad command name wireless (line 977 column 25)
For which router you tried it? Just downloaded the ARM version without any problem.Was rc7 pulled ?
I could download earlier today but not now (2300 GMT) ?
https://mikrotik.com/download
You need to remove any extra packages you have installed first.It stuck on "calculating download size..." when trying to update from any ROS 6.
[xxx@mkt-sx-00] /system package> print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-tile 6.49.1
1 system 6.49.1
2 ipv6 6.49.1
3 wireless 6.49.1
4 hotspot 6.49.1
5 mpls 6.49.1
6 routing 6.49.1
7 ppp 6.49.1
8 dhcp 6.49.1
9 security 6.49.1
10 advanced-tools 6.49.1
11 multicast 6.49.1
I don't see that on my 4011. The SFP port has always a high RX-drop so I won't look at that one.On my RB4011 I see RX Drops on all its ports. On the Hex S I manage I don't see any. Both running RC7. What might cause these drops?
/routing/bgp/advertisementsHas anyone checked if /routing/bgp/advertisements is implemented on this release?
/routing/bgp/
connection session template vpn export
There is a lot of work to be done on BGP! The possibilities to debug and track it are really lacking.Here are what I do see under bgp
I agree. Even bgp filters is not properly implemented. No proper guide. Use of Output.network is not clear.There is a lot of work to be done on BGP! The possibilities to debug and track it are really lacking.Here are what I do see under bgp
The "prefix count" in connections is always zero, there is no field tracking the uptime or last disconnect of a connection, and when a connection is interrupted it is logged with a meaningless "pointer value" instead of the connection name.
As it is now, it is impossible to keep an eye of the BGP connections and I think BGP is unusable in this state.
(remember in v6 we had wishes that it would be improved, and now looking back it was much better in v6. SNMP also still not available...)
Standard procedure for me (as well?). Don't see it on my switches (running 6.49.1) either.I have also upgraded the firmware and so had an extra reboot.
I have instead exported my config in v7.1rc6, removed the main and "" fib from the export, then upgraded the router to 7.1rc7, reset config and imported the export again.If config was converted once then no. If you have a backup from ROS v6 which was generated on the router that was never upgraded to v7. Then you can load backup and crossfig will perform new config upgrade.
Well the filters are improving over time and so is the documentation on them. After discussing in the previous release topic I was able to make my filters working.I agree. Even bgp filters is not properly implemented. No proper guide. Use of Output.network is not clear.
Don't know if it was referring to this bug, but that is still going wrong here:*) bgp - fixed peer handling on point-to-point addresses;
This works in my limited testing. But noticed "quickset" isn't a choice, is that intentional or an oversight?!) device-mode - added feature locking mechanism;
The feature locking mechanism seems to be designed for features that could be used to hack into the device or aid in the spread of malware and the Meris botnet. All of the features that they have included in it are features that either are being actively used right now by the Meris botnet and malware, or have a strong likelihood to be used by the Meris botnet or malware in the future (like the new container feature). That is why they require the button press, so that hackers cannot just turn features back on to help spread malware once they gain access to the router, as the user would have to physically press a button on the router. Quickset doesn't really have anything to do with malware or the Meris botnet - at least I do not see any way that hackers could use quickset to help spread more malware. Enabling and disabling quickset therefore should not require a button press, and makes more sense through a skin.This works in my limited testing. But noticed "quickset" isn't a choice, is that intentional or an oversight?
Is ZeroTier still only available for ARM?RouterOS version 7.1rc7 has been released in public "development" channel!
I ask since in general good admin practices are enough for Meris – it's future attack vectors to worry about. While quickset doesn't seem like one, I'd argue somewhat it provides a good basis for future ones: it's one-stop shop for getting an Mikrotik to a "base state" to inject other code. e.g. just one HTTP call to webfig/quickset can radically reconfigure a router – so the attacking bot just needs to try quickset and since the config is known, the injected config after a malicious quickset for the desired attack can be small and static.Enabling and disabling quickset therefore should not require a button press, and makes more sense through a skin.This works in my limited testing. But noticed "quickset" isn't a choice, is that intentional or an oversight?
Works for me! What is the problem you are encountering? Please show relevant config.DHCP6-PD still not working. IPV6 DHCP client still searching
There is a default skin, skins/default.json, that is used by default for all users. You can use the branding package creator in MikroTik "My Account" to make a branding package that will deploy it to the devices, and when you netinstall the device with your custom config you can include the branding package in the netinstall to put the json file in there, that way it wont' be forgotten.Yes, somewhat solvable with a skin, but that's a per-user thing that could be forgotten. Forgotten admin tasks lead to Meris.
Me? Problem was occurring on hAP ac lite specifically. Also, not specifically on update process, but randomly some time after the upgrade.Do you have by any chance a: *) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
Crossfig has been improved as you can read in the beginning of this tread.
But that the same logic applies to socks, web proxy – put it in the skin to disable it & done. I view "device-mode" more like the replacement for "package".There is a default skin, skins/default.json, that is used by default for all users.Yes, somewhat solvable with a skin, but that's a per-user thing that could be forgotten. Forgotten admin tasks lead to Meris.
It is not a replacement for "package". While it is true that hotspot was a package, socks proxy was never a package by itself, tool fetch was not a package, etc.I view "device-mode" more like the replacement for "package".
Yes, and I am super happy about this change. IPv6 is enabled by default now. In v6 we had to jump through hoops before in our configuration routines to get IPv6 up and running. Now it is so much easier, we can remove some of the complexity of the router setup.Now in v7, it's been relegated to a checkbox waiting to be enabled – no reboot required.
Could you be more specific what exactly is not properly implemented and what is not clear from routing filter manual?I agree. Even bgp filters is not properly implemented. No proper guide. Use of Output.network is not clear.
I actually think IPv6 being enabled by default is a good thing – it's come a long way from v6. Not suggesting changes to the default-configurations here.Yes, and I am super happy about this change. IPv6 is enabled by default now.Now in v7, it's been relegated to a checkbox waiting to be enabled – no reboot required.
As I said, I use QuickSet for some use cases, and actually ran into it but didn't report it. (We use LTE stuff, sometimes people have static IPs for equipment, so adapting the Mikrotik LAN subnet to match using QuickSet is a pretty easy solution for a non-IT person to do in field)DNS Servers value, in DHCP Server section, does not get updated, when you change Local Network settings using Quick Set.
I changed default from *.88.* to *.91.*. But in DHCP Servers section, the DNS Servers value stays 192.168.88.1.
You may be cherry-picking a single unidentified interface in those screenshots. Please show the overall interfaces list instead, and the overall config for the device. You might be using a feature that places a very heavy load on the device.High CPU Usage on 7.1rc7 on CCR2004-16G and Rb5009 routing, management and unclassified. almost negligible load on network
i suspect the issue is with OSPF as this high usage is for arond 5-10 minutes and then it gets normal.You may be cherry-picking a single unidentified interface in those screenshots. Please show the overall interfaces list instead, and the overall config for the device. You might be using a feature that places a very heavy load on the device.High CPU Usage on 7.1rc7 on CCR2004-16G and Rb5009 routing, management and unclassified. almost negligible load on network
Note: I am not suggesting that there is not an issue here, there could very well be an issue. However, to my knowledge, other users of those devices have not experienced those problems, so it is likely configuration related.
Well, to fill that in: at least what is not properly implemented is the winbox interface to the route filters. The panel should be like that of a firewall chain, i.e. the rules are shown in sequence as they are in the ruleset and you can move them up or down. As it is now the rules are shown sorted by name, which is completely wrong. Now we have to use commandline for something that could "easily" be done from the winbox screen with proper panel layout.Could you be more specific what exactly is not properly implemented and what is not clear from routing filter manual?I agree. Even bgp filters is not properly implemented. No proper guide. Use of Output.network is not clear.
https://help.mikrotik.com/docs/pages/vi ... d=74678285
I am attaching the support.rif and the export of config. The networks defined under output.network is announced but suddenly disappeared. Now I cannot get that to be announced. If possible tell me what is wrong in the config?Could you be more specific what exactly is not properly implemented and what is not clear from routing filter manual?I agree. Even bgp filters is not properly implemented. No proper guide. Use of Output.network is not clear.
https://help.mikrotik.com/docs/pages/vi ... d=74678285
Could you be more specific what exactly is not properly implemented and what is not clear from routing filter manual?I agree. Even bgp filters is not properly implemented. No proper guide. Use of Output.network is not clear.
https://help.mikrotik.com/docs/pages/vi ... d=74678285
I am announcing a network using output.filter but it stops announcing all of a sudden in iBGP. /routing/filter/rule print doesn't show the rule.What configuration examples you would require? Documentation then can be updated with required examples if that helps, but syntax is not a rocket science that you have to learn for months, its literally one if with operators and action.
What I always liked most about RouterOS is the systematic way of presenting the configuration, as compared to common Linux distributions where every package has its own configuration file format. If you say the structure of the BGP filter rules is still just "operators and action", why did it have to become different from the syntax of firewall rules, routing rules, ipsec policies etc.? Will that get unified to one of the forms or the other in future versions?syntax is not a rocket science that you have to learn for months, its literally one if with operators and action.
++Well, to fill that in: at least what is not properly implemented is the winbox interface to the route filters. The panel should be like that of a firewall chain, i.e. the rules are shown in sequence as they are in the ruleset and you can move them up or down. As it is now the rules are shown sorted by name, which is completely wrong. Now we have to use commandline for something that could "easily" be done from the winbox screen with proper panel layout.
Could you be more specific what exactly is not properly implemented and what is not clear from routing filter manual?
https://help.mikrotik.com/docs/pages/vi ... d=74678285
Also, the whole new filter concept is a departure from the original RouterOS concept of having everything configurable with a user interface that shows you the available options to select from in one glance. We now have to learn a new "scripting language" like when writing a script. I don't know if that was a clever idea, and if it even was required. For the typical route filters I am using it certainly wasn't. Maybe for others, it was.
(maybe we can still hope for a sort of "filter rule compiler" in winbox that will generate the appropriate rule at least in cases where there is only a set of items to be matched with AND operator, as it was in v6)
The routing filter manual is too basic, it lacks sufficient examples and relies on user's understanding of the concept and the way of defining such things as a syntax description. That issue was avoided in the v6 version of routing filters because they you could just read along the options and enable what you like. It would be best when every definition at least had some practical example of usage.
In general BGP looks very unpolished in v7, as I already mentioned in comments in the v5 and v6 release topics. None of those items have been resolved yet.
This already starts with basic stuff like "how are events logged". That should have been part of the design from the beginning, every programmer knows the impact of proper error handling and event logging on the design of the code. It is usually not something you can "do later when you have the time", it should be incorporated into the structure of the code.
I agree with the comment that sindy made above. If it is hardly changed, then why did the syntax have to change?What configuration examples you would require? Documentation then can be updated with required examples if that helps, but syntax is not a rocket science that you have to learn for months, its literally one if with operators and action.
add chain=hamnet-in disabled=no rule="if (dst == 0.0.0.0/0 && bgp-as-path [[:gw-44-137:]]\$) { accept; }"
add action=accept bgp-as-path="4220406100\$" chain=hamnet-in prefix=0.0.0.0/0
Totally agree. Mikrotik's strength is provides "common schema" for the various network RFCs. I deal with their subpar Wi-Fi support solely because it I like the network has a "common" management interface/control, and scriptable.What I always liked most about RouterOS is the systematic way of presenting the configuration, as compared to common Linux distributions where every package has its own configuration file format.syntax is not a rocket science that you have to learn for months, its literally one if with operators and action.
:if condition="" do=""
I do wish sometimes Mikrotik do more of "Here's where we're going with this...", especially with these "configuration philosophy" things that I think are one of the biggest strength of ROS.Will that get unified to one of the forms or the other in future versions?
I suspect the why is likely to do with performance. Probably the ability to have "or" and "else" conditions with a standard if statement allows people to create the same filters with fewer rules, and fewer rules to be processed means faster loading and less CPU. If you wanted to do "or" and "else" with the old method you would have to have additional rules, which means more looping, which translates to higher CPU usage and longer load times for initial processing and in the case of big route flaps.Mikrotik generally has a good "Why" on things, but boy it's not always easy to see (certainly reasonable people may differ, but getting their POV might help).
On RB5009, if you have a script that polls data from /bridge/host or even have that window open in WinBox, that causes some management and unclassified CPU spikes (3 spikes in a row every few seconds for every bridge/host/print or export).High CPU Usage on 7.1rc7 on CCR2004-16G and Rb5009 routing, management and unclassified. almost negligible load on network
What do you mean? You want to forbid the QuickSet feature for home users? That's a little counter intuitive, no?device-mode This works in my limited testing. But noticed "quickset" isn't a choice, is that intentional or an oversight?
Yes, but we have been asking for a long time for some feature to allow disabling QuickSet, and now that this mechanism for enabling/disabling some features is introduced for other reasons, maybe it could be used for this.What do you mean? You want to forbid the QuickSet feature for home users? That's a little counter intuitive, no?device-mode This works in my limited testing. But noticed "quickset" isn't a choice, is that intentional or an oversight?
If you want to hide config from the user then skins should be used.Yes, but we have been asking for a long time for some feature to allow disabling QuickSet, and now that this mechanism for enabling/disabling some features is introduced for other reasons, maybe it could be used for this.
But a separate package for QuickSet or some checkmark in global router settings would be fine in this case as well, as it is not so important to guard this against external attackers.
which setting? how can we fix something, if you are so vague?In this case quickset did not show a setting that is essential for the workings of a router.
I wrote that in the next sentence in that posting that just you qouted.which setting? how can we fix something, if you are so vague?In this case quickset did not show a setting that is essential for the workings of a router.
Yes, but skins can be used to do this.What do you mean? You want to forbid the QuickSet feature for home users? That's a little counter intuitive, no?
Anav most certainly will disagree with you on thatYou also need to add an IP address to the WireGuard interface, so there will be some manual work in anyway.
Unfortunately the skin configuration does not fully work. E.g. when it is used to remove the "apply configuration" and "reset configuration" buttons on the quickset page, they still work in winbox.If you want to hide config from the user then skins should be used.Yes, but we have been asking for a long time for some feature to allow disabling QuickSet, and now that this mechanism for enabling/disabling some features is introduced for other reasons, maybe it could be used for this.
But a separate package for QuickSet or some checkmark in global router settings would be fine in this case as well, as it is not so important to guard this against external attackers.
I’m not sure what you mean here. I used a skin to remove Quickset from webfig and it disappears in winbox too so it is not possible to use quickset in winbox. You are experiencing different behaviour?Only fully removing QuickSet works in webfig, but it does not work in winbox.
I tested it with 6.49.1 but there it does not work. I had in mind that it was also added in v6, but apparently not.I’m not sure what you mean here. I used a skin to remove Quickset from webfig and it disappears in winbox too so it is not possible to use quickset in winbox. You are experiencing different behaviour?Only fully removing QuickSet works in webfig, but it does not work in winbox.
I am using PPPoE to get connected to Internet. Still I cannot get IPv6 address from my ISP through IPv6 DHCP Client. It works on v6 though.Works for me! What is the problem you are encountering? Please show relevant config.DHCP6-PD still not working. IPV6 DHCP client still searching
same issue hereI am using PPPoE to get connected to Internet. Still I cannot get IPv6 address from my ISP through IPv6 DHCP Client. It works on v6 though.
Works for me! What is the problem you are encountering? Please show relevant config.
Yes, but it did not solve the issueHave you read and acted upon reply #22 viewtopic.php?p=893377#p893377 above?
IPv6 over PPPoE in combination with DHCP client not working in v7 is due to a common misconfiguration, almost all "guides how to set this up" get it wrong!
QuickSet works great, if your use case, matches the profile – in "home" device-mode, QuickSet makes perfect sense. Same case for the "LTE" profile, it's pretty useful to quickly get those types of devices up. I actually wish they let you with the branding kit change the profiles QuickSet uses (or disable just some QuickSet profiles so they can't be selected), which might avoid the need to disable/hide QuickSet.What do you mean? You want to forbid the QuickSet feature for home users? That's a little counter intuitive, no?device-mode This works in my limited testing. But noticed "quickset" isn't a choice, is that intentional or an oversight?
For me it works OK after removing the "Add default route" in IPv6 DHCP client!Yes, but it did not solve the issueHave you read and acted upon reply #22 viewtopic.php?p=893377#p893377 above?
IPv6 over PPPoE in combination with DHCP client not working in v7 is due to a common misconfiguration, almost all "guides how to set this up" get it wrong!
THAT is the big problem, something that MikroTik still does not seem to understand.This may not intuitive to a non-Mikrotik expert doing maintenance on ROS – they want to change an SSID, see it in QuickSet, but have no idea that it could apply configuration beyond that.
Why I was hoping the new /system/device-lock be the simple way of doing that... QuickSet also is still not a separate policy option for the user groups to disable either.THAT is the big problem, something that MikroTik still does not seem to understand.This may not intuitive to a non-Mikrotik expert doing maintenance on ROS – they want to change an SSID, see it in QuickSet, but have no idea that it could apply configuration beyond that.
That is why I want to disable changes made via QuickSet. That is not the same as "hiding" it.
They must defend QuickSet. It's "their baby".THAT is the big problem, something that MikroTik still does not seem to understand.
To answer my own question, this is documented (and in release notes for v7.1beta4):Did notice a "rest-api" permission when I just check user groups in v7.1rc7 – not sure what that's about...
Setting aside the much maligned QuickSet ... it's beside my question on Mikrotik "best practices" for using device-mode.Please do not look at device-mode as a means to disable features. It is only a means to protect the router.
Not sure what is fixed, but my RDP sessions to Windows 2012 R2-instances are still dropping out about every minute.What's new in 7.1rc7 (2021-Nov-25 16:35):
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
Import/export RTs are now part of the BGP configuration.I just got RB5009 and I want to use vrf route-target import/export but looks like that is not ready yet on the v7.
the RB5009 came with the v7 RouterOS out of the box, Is it possible to downgrade to RouterOS v6?
Probably related to this: viewtopic.php?t=180675#p893400Not sure what is fixed, but my RDP sessions to Windows 2012 R2-instances are still dropping out about every minute.What's new in 7.1rc7 (2021-Nov-25 16:35):
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
This has been the case since v7 with multiple endpoints[...]
I'm willing to bet that this is Windows Auto-tuning going bananas. Turn this of on server level. We turn this of via policy as it do not work well over VPN.Not sure what is fixed, but my RDP sessions to Windows 2012 R2-instances are still dropping out about every minute.What's new in 7.1rc7 (2021-Nov-25 16:35):
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
RDCMan_DYG87BsyBf.png
This has been the case since v7 with multiple endpoints (to MT and UBNT endpoints). V6 does not have this issue.
I have checked the BGP configuration. I see its a little different from the v6 but I still can't find how to configureImport/export RTs are now part of the BGP configuration.I just got RB5009 and I want to use vrf route-target import/export but looks like that is not ready yet on the v7.
the RB5009 came with the v7 RouterOS out of the box, Is it possible to downgrade to RouterOS v6?
/routing filter rule add chain=dynamic-in disabled=no rule="if (distance==1) { set gw-check icmp; accept }"
/routing/filter> chain/print
Flags: I - inactive; D - dynamic
0 D name="dynamic-in"
Fair enough, using the filter rules was kinda weird for this in V6.There is no built-in connected-in or dynamic-in chains in ROS v7.
Well it has mainly been deletions of info... actually it was nice to see the feature status of the previous version(s) so you could easily see what has improved and can be tested again.I noticed that the v7 Routing Protocol Status has apparently been updated with the feature status in v7.1 stable.
Confluence tracks the page history, so at least you can have a look at the old page with v7.1rc6:Now there isn't even a column for v7.1rc7 anymore so we cannot know what the feature status is right now (is likely the same as already shown).
My RB4011 have no problem on PPPoE with MTU 1540 when using the SFP+ port.Maybe now Mikrotik van start with device specific fixed already in V6. Like th RB4011 not able to maintain a MTU of 1500 on a PPPoE connection through the SPF interface. It now reaches a MTU 1492.
Strange because it is stated that PPPoE is max 1500:My RB4011 have no problem on PPPoE with MTU 1540 when using the SFP+ port.Maybe now Mikrotik van start with device specific fixed already in V6. Like th RB4011 not able to maintain a MTU of 1500 on a PPPoE connection through the SPF interface. It now reaches a MTU 1492.
I use a router-in-a-stick configuration, as the switch on the RB4011 is useless
If I use an ether port then it works but then I have to put the NTU in the fiber path. In V6 it was fixed. Before the fix I had to restart the SPF after fours seconds to upgrade to a MTU of 1500. That trick does not work anymore in V7.I have 1500 byte MTU on a 4011 with PPPoE connection running over a VLAN on ether1.
ether1 has MTU 1592, the VLAN has MTU 1588, the PPPoE is configured with MTU 1500, and remains at that.
The SFP+ has MTU 1598 so should be able to do that as well.
Remember not all ISPs support it! The fact you can configure it on the router does not mean it will work, as the ISP may force MTU 1492 anyway.
Probably worth debugging the issue a little more on your end.
Thank you for your replies. I know the issue needs more investigation from my end, as it is application specific (Windows 2016 does not have this issue, just Windows 2012 R2). The auto-tuning parameter did not help (unless it requires a reboot, but in my experience netsh is activated immediately). Thanks for your efforts.I'm willing to bet that this is Windows Auto-tuning going bananas. Turn this of on server level. We turn this of via policy as it do not work well over VPN.
https://www.thewindowsclub.com/window-a ... windows-10
/ip/dhcp-client/print
Flags: X, I, D - DYNAMIC
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
# INTERFACE USE-PEER-DNS ADD STATUS ADDRESS
0 X vlan-internet-in no no
;;; internet detect
1 D vlan-internet-in yes yes bound 10.11.12.13
if help==\[*\] then {&& or ||, (", or" | &)} else '\;-\)'
/interface/detect-internet> export
# dec/01/2021 15:04:08 by RouterOS 7.1rc7
# model = RBD25GR-5HPacQD2HPnD
/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN
/interface/detect-internet> print
detect-interface-list: all
lan-interface-list: none
wan-interface-list: none
internet-interface-list: WAN
Well I think detect-internet is in the same class as QuickSet: something that may be nice for home users with a NAT router, but you need toIn testing /interface/detect-internet with r7.1rc7, I noticed it creates a DHCP client automatically.
I tried several variation but in PPPoE screen the MTU drops to 1492 or when I put in a fixed MTU it drops back to 1480.data len 1492 is normal in mikrotik logs for the lcp echo request & reply with a rfc4638 compliant pppoe.
That's also what I see in my logs.
ppp-max-payload is 1500 though.
And resulting mtu/mru is 1500.
If you enable vlan-filtering, you loose fasttrack, fastpath and any other kind of hw acceleration, which make not possible to get 1gig LAN - WAN on the RB4011 (not even half of it).Why is it useless?
My ISP, uses vlan with 1600, PPPoE 1540. I've set the SFP+ port to 6000.Strange because it is stated that PPPoE is max 1500:My RB4011 have no problem on PPPoE with MTU 1540 when using the SFP+ port.
I use a router-in-a-stick configuration, as the switch on the RB4011 is useless
https://www.juniper.net/documentation/u ... rview.html
The header uses six bytes and the ID two. Then the MTU behind the PPPoE should be 1508. I have to use VLAN and that adds 4 bytes and the SPF sets at 1598 or so.
My 4011 is also only doing the connection plus VPN. What are your setting for over 1500? Mine drops after a few seconds from 1500 to 1492.
Yes, if you use 1 vlan, no tagging and no intra-vlan routing (which includes having the PPPoE client on a vlan).Really?
This changelog is listed in v7.1rc1:
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
So it doesn't work?
I know that, I was just trying to use one switch of the two, but still no luck...Keep in mind that RB4011 has two switch chips... Bridging ports from both chips makes the/some traffic go through the CPU.
It works for me! The switchports on my RB4011 have hw accel enabled even with bridge vlan filtering!Really?
This changelog is listed in v7.1rc1:
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
So it doesn't work?
yes you see the "H" on the ports, but the traffic is not getting fasttracked or going via fastpath, look the countersIt works for me! The switchports on my RB4011 have hw accel enabled even with bridge vlan filtering!Really?
This changelog is listed in v7.1rc1:
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
So it doesn't work?