Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
feld
Feb 11, 2008

Out of nowhere its.....

Feldman

karoshi posted:

For the other side I'll assume a default route. Add a static route on R-A pointing to R-B with a "distance" higher than 1 (the default distance for static routes) and vice versa. Again, you got yourself a nice routing loop if both upstreams are cut.

I certainly know how OSPF, etc works, so I know what you're talking about. However, we implemented the Mikrotiks for the customer tonight and all but one failover scenario worked correctly. (Mind you, we have IPSec VPNs and whatnot also involved which makes this setup pretty rad because the IPSec failover is nearly instantaneous in our testing)

OK, so current failing "failover" scenario:

* Router A is master
* Connections to LAN on are cut on Router A
* Router B picks up as master for LAN's gateway
* Router B has an extra link going back to Router A with OSPF going over it and all the VPNs
* You can still contact all INTERNAL networks (local and over VPNs) that were advertised by OSPF. However, you can't access the internet because Router B isn't the master of the uplink so its default route is failing

Thoughts? How can I get OSPF to tell the other router that it has access to the internet and inject a default route into its table telling it to go over the link between the routers?

I'm very tired right now and haven't put a lot of thought into this scenario, but outside of scripting or possibly trying to add a second default route with a higher distance... I'm stumped :)

We have equipment to test this tomorrow so hopefully we can come up with a solid and reliable solution.

Adbot
ADBOT LOVES YOU

karoshi
Nov 4, 2008

"Can somebody mspaint eyes on the steaming packages? TIA" yeah well fuck you too buddy, this is the best you're gonna get. Is this even "work-safe"? Let's find out!

feld posted:

I certainly know how OSPF, etc works, so I know what you're talking about. However, we implemented the Mikrotiks for the customer tonight and all but one failover scenario worked correctly. (Mind you, we have IPSec VPNs and whatnot also involved which makes this setup pretty rad because the IPSec failover is nearly instantaneous in our testing)
Sorry, didn't check your proficiency level. So it's just them mikrotiks between the LAN and an internet router? No OSPF otherwise? Like the map at http://forum.mikrotik.com/viewtopic.php?f=9&t=42545

feld posted:


OK, so current failing "failover" scenario:

* Router A is master
* Connections to LAN on are cut on Router A
* Router B picks up as master for LAN's gateway
* Router B has an extra link going back to Router A with OSPF going over it and all the VPNs
* You can still contact all INTERNAL networks (local and over VPNs) that were advertised by OSPF. However, you can't access the internet because Router B isn't the master of the uplink so its default route is failing

Thoughts? How can I get OSPF to tell the other router that it has access to the internet and inject a default route into its table telling it to go over the link between the routers?

I'm very tired right now and haven't put a lot of thought into this scenario, but outside of scripting or possibly trying to add a second default route with a higher distance... I'm stumped :)

We have equipment to test this tomorrow so hopefully we can come up with a solid and reliable solution.

I'm a bit confused on why R-B doesn't have a default route active all the time. VRRP is removing the routes towards an active up/up interface when not master? :downs: Do you have static IP adresses on the physical ethernets in addition to the virtual router IP?

But yeah, redistribute the default route into ospf, dont't give a gently caress. That's what routing protocols are for, not giving a gently caress.

feld
Feb 11, 2008

Out of nowhere its.....

Feldman

Turns out it just won't work with the Mikrotik VRRP solution. Full failover or bust. The way the VRRP works on there it will cause conflicts because both think they own the addresses when the link is cut.

Note, this might not be the same conclusion for people who aren't doing a bridged interface for two links to from each Mikrotik to two switches as the interface would actually go down. Bridged interfaces don't really go down.

CuddleChunks
Sep 18, 2004

Bumping for my new guide on how to setup a mikrotik to act like a home router with NAT-ing, port forwards and dhcp. I used Winbox for the examples to make this as easy as possible. This guide will change your life.

I haven't tackled queueing in there because it's loving black magic but I'll try and get some guidelines cobbled together soonish.

text editor
Jan 8, 2007

CuddleChunks posted:

Bumping for my new guide on how to setup a mikrotik to act like a home router with NAT-ing, port forwards and dhcp. I used Winbox for the examples to make this as easy as possible. This guide will change your life.

I haven't tackled queueing in there because it's loving black magic but I'll try and get some guidelines cobbled together soonish.
Would this work with the RB750 series?


Also, this looks well done, but I can't help but hate you for it at the same time.

enotnert
Jun 10, 2005

Only women bleed

CuddleChunks posted:

Bumping for my new guide on how to setup a mikrotik to act like a home router with NAT-ing, port forwards and dhcp. I used Winbox for the examples to make this as easy as possible. This guide will change your life.

I haven't tackled queueing in there because it's loving black magic but I'll try and get some guidelines cobbled together soonish.

I printed this out for my cabinet of files I may need.

Also the ponies make me smile.

Thanks Ants
May 21, 2004

#essereFerrari


That guide is awesome. Might prompt me into getting an RB750 to cut my teeth on.

CuddleChunks
Sep 18, 2004

ClosedBSD posted:

Would this work with the RB750 series?
Also, this looks well done, but I can't help but hate you for it at the same time.

Yes, it will work just fine for the RB750. The major difference between the units is that the RB433 has a miniPCI slot with a wifi card in it and the RB750 doesn't have any such thing. Oh and the serial interface on the front of the RB433. Still, you see one more tab in my screenshots than you would on the RB750. I just didn't feel like editing shots of my home router or resetting it to defaults to build the walkthrough.

As for the walkthrough itself, yes, I understand. I'm still laughing everytime I look at it. Just wait till I get around to doing queue trees and whatnot.

Enotnert: thank you for the kind words. What's funny is that with about a dozen lines of the command line crap you can get all the same results, but for me I use Winbox all the time so I can visualize what the hell is going on. The command line is there but my CLI-fu is weak, especially when it comes to sorting and searching the results it generates.

Caged: The RB750 is cheap as hell and immediately gives you 5 sexy 100Mbps ports. 1 gets used for a WAN and the other 4 for whatever you want. The 750G has gigabit ports which is a nice reason to pay the extra money. That's the one I got and love it to death.

enotnert
Jun 10, 2005

Only women bleed

CuddleChunks posted:

Enotnert: thank you for the kind words. What's funny is that with about a dozen lines of the command line crap you can get all the same results, but for me I use Winbox all the time so I can visualize what the hell is going on. The command line is there but my CLI-fu is weak, especially when it comes to sorting and searching the results it generates.

Yeah, I mentioned that I have a buddy that got me into mikrotiks cause he works at a WISP thats mostly backended with mikrotik and point to points are handled by a mix of ubiquities and canopies.

I sent that to him, and he said it had his boss (the owner) lolling like a motherfucker, but it's also good to show me some of the poo poo I keep loving up when I get drunk and gently caress around with the router.

I should take some screen shots of the poo poo he littered around my router when he was teaching me how to do some junk on it. I was looking to forward ports one day, and opened where to do it with a load of entries labeled "get that port forward I sencha?" and "btw, I am vpn'd and checkin yer home security cameras"

TOMSOVERBAGHDAD
Dec 26, 2004

Switzerland is small and neutral!
I'm thinking about buying the RB750G as the core router for a 150 person LAN party. It's going to replace a crappy P4 pfSense box.

Somebody convince me that this is a bad idea.

enotnert
Jun 10, 2005

Only women bleed

TOMSOVERBAGHDAD posted:

I'm thinking about buying the RB750G as the core router for a 150 person LAN party. It's going to replace a crappy P4 pfSense box.

Somebody convince me that this is a bad idea.

I haven't tested it to 150 people, but I had one running in a test for our cloning system at work (just wanted to stress test it) over a bank of 115 computers. Seemed to work just jim dandy.

R1CH
Apr 7, 2002

The Ron Jeremy of the coding world
Yeah the NAT table on the 750G is 32k entries. Unless everyone at the LAN party is going to be torrenting, I don't see any problems with that.

Ginger Beer Belly
Aug 18, 2010



Grimey Drawer

CuddleChunks posted:

Bumping for my new guide on how to setup a mikrotik to act like a home router with NAT-ing, port forwards and dhcp. I used Winbox for the examples to make this as easy as possible. This guide will change your life.

This is gold. I think I have a VP convinced to present this in a video conference as our new documentation standard.

CuddleChunks
Sep 18, 2004

yarrmatey posted:

This is gold. I think I have a VP convinced to present this in a video conference as our new documentation standard.

Hahahah holy poo poo. My dumb little guide is going places. I suppose I should sign my work.

enotnert
Jun 10, 2005

Only women bleed

CuddleChunks posted:

Hahahah holy poo poo. My dumb little guide is going places. I suppose I should sign my work.

My buddy said it's now "required reading" for all new employees at the WISP he works at.

Also, I read it 2-3 times today just cause the ponies crack my poo poo up.

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA
Does the 750G do multi-WAN worth a drat? Ideally I'd like source port based routing, along with NAT IP based routing. e.g Traffic on port 550 goes out WAN2, and anyone in the .200-.225 range also uses WAN2, but all other IPs, and all other ports use WAN1?

CuddleChunks
Sep 18, 2004

Methylethylaldehyde posted:

Does the 750G do multi-WAN worth a drat? Ideally I'd like source port based routing, along with NAT IP based routing. e.g Traffic on port 550 goes out WAN2, and anyone in the .200-.225 range also uses WAN2, but all other IPs, and all other ports use WAN1?

Easy as poo poo.

Packet marks, filter rules, zippity zap you be routing out your wan interfaces like a pro.

This is the guide: http://www.mikrotik.com/testdocs/ros/2.9/ip/route.php Policy-based routing is the section to read.

Nubile Cactus
Aug 1, 2004
I am a cactus. :)
Looks like the microtik mum is coming up on the 10th. Fingers crossed for a more consumerish 750g wireless model.

ruro
Apr 30, 2003

I've heard of MikroTik before but never really looked into it. If I wanted ADSL2+ connectivity I'd need a separate modem right?

CuddleChunks
Sep 18, 2004

ruro posted:

I've heard of MikroTik before but never really looked into it. If I wanted ADSL2+ connectivity I'd need a separate modem right?

Correct.

PUBLIC TOILET
Jun 13, 2009

If someone were in the market to purchase a MikroTik for home use, what would be the ideal solution that provides Gigabit switching and wireless connectivity?

Oddhair
Mar 21, 2004

I just got a new router but I'm looking at this one here: the 750G.

It's $69.95, and the license for the OS is $45 so ~$115 before shipping.

CuddleChunks
Sep 18, 2004

Oddhair posted:

I just got a new router but I'm looking at this one here: the 750G.

It comes with a level 4 license out of the box at the $70 price point. No extra purchases needed.


For the person wanting a Mikrotik-based router and wifi AP there isn't a single product that combines the gigabit ports and wifi yet. Happily, there are rumblings that within a month they should have exactly that available for purchase. It would be worth waiting if you wanted to combine all of those features in a single mikrotik platform.

Oddhair
Mar 21, 2004

Oops, I thought that had wireless for some reason. I still want one.

wolrah
May 8, 2006
what?
Any thoughts on the RB250GS? I've been looking for some cheap managed gigabit switches for my home network and these are priced almost the same as the unmanaged D-Links I usually buy. I'm pretty much looking for VLAN support, preferably also with SNMP stats available per-port, anything else on top of that is a bonus.

Ben Murphy
Sep 9, 2001

I like him in spite of the fact that he's not me.
I'm happy to see others getting some use out of MikroTik as well. We use them exclusively at work (small business fulfilling government contracts) and they've saved us tons of cash over similar equipped Cisco offerings.

We use the RB1000/RB1100 for our core network and RB532A/RB600A/RB433 for our outdoor wireless installations. They are stable, reliable and super easy to admin/deploy with WinBox. The queueing/mangle options really allow us to do some tricky things with our packets on the network.

The only thing I don't like about MikroTik is their monitoring platform The Dude, but that's mostly because I'm a Nagios architect. I had to write some custom plugins to monitor our MikroTix gear over SNMP in Nagios, but for people who would want an easy (but ugly) monitoring tool would probably get a lot of use out of The Dude.

Weird Uncle Dave
Sep 2, 2003

I could do this all day.

Buglord
How have I not seen this thread before now? I also work for a mom-and-pop ISP that uses Mikrotik for a lot of wireless stuff, both point-to-point backhaul and some AP-type stuff (though we're phasing some of that out in favor of Ubiquiti AirMax gear).

My network is pretty small (peak times are around 70-80Mbps, 1100 or so residential users), but a decent-sized PC runs the whole thing, including a couple BGP feeds, and never breaks a sweat. On the other end, we have dozens of RB750s out there; a $40 router that can do just about anything you could want - how could you not love it? Most of ours are little DHCP servers, but we also give them to customers for things like failover and load-balancing.

If there were a decent backup/restore system for RouterOS, instead of all your backups being chock-full of device-specific MAC addresses to the point that you just have to copy-and-paste five lines at a time and cross your fingers, it'd be the best thing ever.

Edit: OP, you might want to put in how to remove an existing configuration from the terminal (/system reset-configuration), in case someone inherits a box whose config is unknown and they want to wipe it, but don't get the "I've just been reset" popup in the first screen of your magical walkthrough.

Weird Uncle Dave fucked around with this message at 20:35 on Mar 21, 2011

CuddleChunks
Sep 18, 2004

Weird Uncle Dave posted:

Edit: OP, you might want to put in how to remove an existing configuration from the terminal (/system reset-configuration), in case someone inherits a box whose config is unknown and they want to wipe it, but don't get the "I've just been reset" popup in the first screen of your magical walkthrough.
Good idea. Added.

NOTinuyasha
Oct 17, 2006

 
The Great Twist

CuddleChunks posted:

:cry: I'll see what I can do. I have ham-handedly helped with putting together some queueing systems and one of my coworkers is working with our other admins on learning some new hotness for queueing that will probably make all of my info obsolete.

The OP of the MikroTik thread, scared of a little QoS?

Also, I know at least one guy going for a MTCNA seminar in Lithuania. Too bad they don't really have them here in the USA.

Bukakke-san
Jan 24, 2007
I have two RB133s.

Can anyone recommend a firmware version that has fully working WPA? I'm on 4.11 now and I some of my devices can't connect with WPA turned on. It boggles the mind how a company like Mikrotik can release version after version of software and not fix a bug in one of the most important parts. I have been all over the Mikrotik forums and they acknowledge the bug and supposedly fixed it, but it seems to have come back...

Is anyone else having this problem? IIRC, when WPA is active, something becomes wrong with the DHCP offers and they get rejected by some devices.

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA
I've been thinking about getting one of these for a while now. Would the RB493G be massive overkill compared to any of the other multi-WAN soho routers on the market? And do the wireless g/n cards they sell work well?

Also, how much of a ratfucker is it to set of the routes using the GUI configuration tools they give you?

Ginger Beer Belly
Aug 18, 2010



Grimey Drawer

wolrah posted:

Any thoughts on the RB250GS? I've been looking for some cheap managed gigabit switches for my home network and these are priced almost the same as the unmanaged D-Links I usually buy. I'm pretty much looking for VLAN support, preferably also with SNMP stats available per-port, anything else on top of that is a bonus.

I'm about 30 minutes into evaluating a couple, and as a managed switch, I'm a little disappointed. Rather than the software being based on RouterOS, it is a tiny 38KB image. Management seems to be http and SNMPv1 read only (no https, ssh, or telnet).

The strangest thing of all is that they dispense with this quaint notion that IPv4 hosts need to have a netmask and a gateway to go with their IP address, and they basically implement the IP stack as reply-only, and instead of using an arp cache and routes, the switches just respond to the IP and MAC address of the original request. Probably not the device of choice if you have old fashioned notions about being RFC compliant, etc.

So, I got all worked up and disappointed about the issues in this device, and then I remembered, it's :20bux: + :20bux:. If you are thinking about this vs a catalyst ... run away. If you are thinking about this vs an unmanaged D-Link, go nuts.

CuddleChunks
Sep 18, 2004

Methylethylaldehyde posted:

Also, how much of a ratfucker is it to set of the routes using the GUI configuration tools they give you?
Route configuration is pretty easy:



Bukakke-san posted:

I have two RB133s.
What firmware are you using and what radio cards? I'm pretty sure I've seen an RB133C do WPA just fine using 3.30 f/w and an Atheros radio card. They aren't terribly happy in the 3.x f/w but will chug along okay. 4.x is a bit of a mess with 4.16 being relatively stable unless you want to log in with Winbox or look at them sideways. Then they peg to 100% and sit there until rebooted. Then again, an RB133C is a wee little platform and doesn't have nearly as much RAM and CPU as the RB411's.

yarrmatey - Thanks for the writeup!

CuddleChunks fucked around with this message at 18:59 on Mar 22, 2011

PUBLIC TOILET
Jun 13, 2009

CuddleChunks posted:

It comes with a level 4 license out of the box at the $70 price point. No extra purchases needed.


For the person wanting a Mikrotik-based router and wifi AP there isn't a single product that combines the gigabit ports and wifi yet. Happily, there are rumblings that within a month they should have exactly that available for purchase. It would be worth waiting if you wanted to combine all of those features in a single mikrotik platform.

Sounds good, I'll just wait it out then. Do you have any more information on this? I'm interested in the learning experience behind the MikroTiks and it seems like they're fairly dependable.

feld
Feb 11, 2008

Out of nowhere its.....

Feldman

NOTinuyasha posted:

The OP of the MikroTik thread, scared of a little QoS?

Also, I know at least one guy going for a MTCNA seminar in Lithuania. Too bad they don't really have them here in the USA.

QoS is the main thing that I hate about Mikrotiks. I can deal with the fact that setting up firewall rules is a bit more cumbersome than it needs to be. However, the QoS is atrocious -- they just tacked a GUI on the already terrible Linux QoS. I'm planning on selling mine for some pfsense compatible gear -- pf is a better firewall and does better QoS anyway. :smith:

Mikrotik can't match empty ACK packets which kills its QoS potential.

http://www.benzedrine.cx/ackpri.html

CuddleChunks
Sep 18, 2004

feld posted:

Mikrotik can't match empty ACK packets which kills its QoS potential.
QoS is pretty crazy stuff but this page has a set of rules that match ACK's just fine and has a solid set of info on how to build a tiered queue system to prioritize various traffic types over a DSL link.

http://wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service

I haven't done much queueing at home yet so I'll whip something up based on that guide and let you know how it works. It won't be very scientific but hey, it'll be a good learning exercise all around.


COCKMOUTH.GIF posted:

Sounds good, I'll just wait it out then. Do you have any more information on this? I'm interested in the learning experience behind the MikroTiks and it seems like they're fairly dependable.
I don't have any confirmed info yet, but my buddy at work who is our MikroTik guru is the one who's telling me about them coming out. He gets a lot of early release mikrotik stuff so he's been a good source of news. As far as how hard these are to learn I'm not sure. I have a huge advantage of being able to play with these at work every single day since we use them for routers and customer wifi gear. I get to play and learn as I go so for me, it's been a pretty easy platform to pick up. Coming to this fresh would be a little daunting but happily there are loads of guides on how to do specific tasks with these units.

Weiz
Dec 12, 2003
Fishman is not just an understanding financial organisation.
If you're like me and enjoy super fast reconvergence with BFD on Cisco, I'd reccomend you pop in to the feature request wiki and vote for BFD with echo mode support. Just edit the article (you'll need to register) and hit the signature button to sign your username and the date.

RouterOS already has some great features but oh boy it can be struggle to get new ones in there.

Scaramouche
Mar 26, 2001

SPACE FACE! SPACE FACE!

I've read through the thread and found it quite rewarding. However I just had one question before I look dumb in front of others trying to shill for this:

Is it my-crow-tick or my-craw-tick?

CuddleChunks
Sep 18, 2004

Scaramouche posted:

my-crow-tick

This one.

Adbot
ADBOT LOVES YOU

Weird Uncle Dave
Sep 2, 2003

I could do this all day.

Buglord
My boss met Normis and a couple other folks from the company at a conference a few years back, and they all pronounced it mick-row-tick.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply