date:20210301

[AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Steven Kenney

Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech... I officially got a response 
that 1 million connections is too much for the 1072 and I should expect it to 
reboot and not function properly. That was their conclusion. Even though all of 
the 72 processors are under 50%, memory usage is only about 20% etc. Turn off 
connection tracking is the their solution. 

How about those apples? 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Chuck McCown via AF

Well at least you have an official answer.  How important is connection 
tracking to you?
Seems like something they could fix without too much difficulty.  Such as 
change the type of a variable, or allocate more memory, or compress a file etc. 

From: Steven Kenney 
Sent: Monday, March 1, 2021 9:02 AM
To: af 
Subject: [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech...   I officially got a 
response that 1 million connections is too much for the 1072 and I should 
expect it to reboot and not function properly.  That was their conclusion.  
Even though all of the 72 processors are under 50%,  memory usage is only about 
20% etc.  Turn off connection tracking is the their solution.  

How about those apples?  

STEVEN KENNEY 

  DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY 
  A: 158 Erie St. N | Leamington ON 

  E: st...@wavedirect.org | P: 519-737-9283

  W: www.wavedirect.net

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Jesse DuPont


  
  
Yeah, that's good news that you have an official answer; I have been
curious. Of course, if you're NATting there, you can't turn off
connection tracking...

  
  
  
  
  
  
  
  
  
  
  
  
  
  
Jesse DuPont
Owner
  / Network
  Architect
  email:
  jesse.dup...@celeritycorp.net
  Celerity
  Networks LLC / Celerity
Broadband LLC
  Like us!
  facebook.com/celeritynetworksllc
Like
  us!
  facebook.com/celeritybroadband
 
  

On 3/1/21 9:22 AM, Chuck McCown via AF
  wrote:


  
  
  

  Well at least you have an official answer.  How important
is connection tracking to you?
  Seems like something they could fix without too much
difficulty.  Such as change the type of a variable, or
allocate more memory, or compress a file etc.  
  

   
  
From: Steven
Kenney 
Sent: Monday, March 1, 2021 9:02 AM
To: af 
Subject: [AFMUG] Mikrotik Official
  Limitations
  

 
  
  

  Still fighting with Mikrotik about the 1072 reboots. 
New hardware didn't fix it, had several people check the
configs all were good. After 2 months of going back and
forth, escalating to a higher tier tech...   I
officially got a response that 1 million connections is
too much for the 1072 and I should expect it to reboot
and not function properly.  That was their conclusion. 
Even though all of the 72 processors are under 50%, 
memory usage is only about 20% etc.  Turn off connection
tracking is the their solution.  
   
  How about those apples?  
   
  
 

  

   
         
  
  STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY &
  CONTINUITY A: 158 Erie St. N |
  Leamington ON 
E:
  st...@wavedirect.org | P: 519-737-9283
W:
  www.wavedirect.net


  

  




-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
  

  
  
  


  


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Bill Prince


  
  
I have to admit, I don't know that I've looked too much at he
  number of connections. How many subs does it take to achieve a
  million connections?


bp

On 3/1/2021 8:02 AM, Steven Kenney
  wrote:


  
  
Still fighting with Mikrotik about the 1072 reboots.  New
  hardware didn't fix it, had several people check the configs
  all were good. After 2 months of going back and forth,
  escalating to a higher tier tech...   I officially got a
  response that 1 million connections is too much for the 1072
  and I should expect it to reboot and not function properly. 
  That was their conclusion.  Even though all of the 72
  processors are under 50%,  memory usage is only about 20%
  etc.  Turn off connection tracking is the their solution.  


How about those apples?  



  

  
  
  
  

  
  
           

 STEVEN KENNEY 
  
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY 
  
A: 158 Erie St. N | Leamington ON 
   
E: st...@wavedirect.org | P: 519-737-9283
   W:
www.wavedirect.net
  
  

  

  
  
  

  


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Mark - Myakka Technologies

Title: Re: [AFMUG] Mikrotik Official Limitations


Bill,

Just checked my main PPPoE server (CCR1036).  2735 PPPoE sessions.  504 of those are private IP addresses getting NAT.  1,048,576 connections


--
Best regards,
 Mark                            mailto:m...@mailmt.com

Myakka Technologies, Inc.
www.Myakka.com

--

Monday, March 1, 2021, 11:35:02 AM, you wrote:





I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections?

bp

On 3/1/2021 8:02 AM, Steven Kenney wrote:




Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech...   I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly.  That was their conclusion.  Even though all of the 72 processors are under 50%,  memory usage is only about 20% etc.  Turn off connection tracking is the their solution.  

How about those apples?  





 
         
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283
W: www.wavedirect.net











-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Steven Kenney

About 6k. I mean its official meaning that is their "excuse" and their answer 
to the problem. Its ok because I've got an MX240 now I'm working on installing. 
But in all honesty I'm positive its just laziness on their part. They don't 
want to even try to lab this up or fix it. Many people never had this issues 
pre 6.44 and so many have complained since. 

I've had to have nat on this one particular router. I'm working on phasing it 
out but with resources and memory available this is absurd. I get these reboots 
during times where there is no increase in PPS upstream or on the router. Shame 
I don't think their mib allows you to graph connections. 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 


From: "Bill Prince"  
To: "af"  
Sent: Monday, March 1, 2021 11:35:02 AM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



I have to admit, I don't know that I've looked too much at he number of 
connections. How many subs does it take to achieve a million connections? 


bp
 
On 3/1/2021 8:02 AM, Steven Kenney wrote: 



Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech... I officially got a response 
that 1 million connections is too much for the 1072 and I should expect it to 
reboot and not function properly. That was their conclusion. Even though all of 
the 72 processors are under 50%, memory usage is only about 20% etc. Turn off 
connection tracking is the their solution. 

How about those apples? 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 
W: [ http://www.wavedirect.net/ | www.wavedirect.net ] 




-- 
AF mailing list 
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Jan-GAMs

What happens if you use an earlier version pre-6.44 firmware? Seems like 
an expensive piece of hardware to get such a lame excuse for support.


On 3/1/21 8:54 AM, Steven Kenney wrote:
About 6k.   I mean its official meaning that is their "excuse" and 
their answer to the problem.  Its ok because I've got an MX240 now I'm 
working on installing.  But in all honesty I'm positive its just 
laziness on their part. They don't want to even try to lab this up or 
fix it.  Many people never had this issues pre 6.44 and so many have 
complained since.


I've had to have nat on this one particular router.  I'm working on 
phasing it out but with resources and memory available this is 
absurd.   I get these reboots during times where there is no increase 
in PPS upstream or on the router. Shame I don't think their mib allows 
you to graph connections.



logo 
 
 
 
 


*STEVEN KENNEY *
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | 
Leamington ON

E: st...@wavedirect.org | P: 519-737-9283
W: www.wavedirect.net



*From: *"Bill Prince" 
*To: *"af" 
*Sent: *Monday, March 1, 2021 11:35:02 AM
*Subject: *Re: [AFMUG] Mikrotik Official Limitations

I have to admit, I don't know that I've looked too much at he number 
of connections. How many subs does it take to achieve a million 
connections?



bp

On 3/1/2021 8:02 AM, Steven Kenney wrote:

Still fighting with Mikrotik about the 1072 reboots. New hardware
didn't fix it, had several people check the configs all were good.
After 2 months of going back and forth, escalating to a higher
tier tech...   I officially got a response that 1 million
connections is too much for the 1072 and I should expect it to
reboot and not function properly.  That was their conclusion. Even
though all of the 72 processors are under 50%, memory usage is
only about 20% etc.  Turn off connection tracking is the their
solution.

How about those apples?


logo 





*STEVEN KENNEY *
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N |
Leamington ON
E: st...@wavedirect.org  | P:
519-737-9283
W: www.wavedirect.net 



--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Steven Kenney

I'm going on the word of a bunch of threads I've already read on their forums 
where customers all discuss the issue. Also not to mention Mikrotik never 
chimed into any of the threads at all. 

Either they know exactly what the problem is and won't say because it can't be 
fixed or is a vulnerability, or they are lazy and don't want to fix it. 

I'm not positive 6.44 was the version - but I saw that and earlier people 
mentioning it didn't do it. I don't want to go back that far because of the 
security vulnerabilities. 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 


From: "Jan-GAMs"  
To: "af"  
Sent: Monday, March 1, 2021 12:00:08 PM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



What happens if you use an earlier version pre-6.44 firmware? Seems like an 
expensive piece of hardware to get such a lame excuse for support. 
On 3/1/21 8:54 AM, Steven Kenney wrote: 



About 6k. I mean its official meaning that is their "excuse" and their answer 
to the problem. Its ok because I've got an MX240 now I'm working on installing. 
But in all honesty I'm positive its just laziness on their part. They don't 
want to even try to lab this up or fix it. Many people never had this issues 
pre 6.44 and so many have complained since. 

I've had to have nat on this one particular router. I'm working on phasing it 
out but with resources and memory available this is absurd. I get these reboots 
during times where there is no increase in PPS upstream or on the router. Shame 
I don't think their mib allows you to graph connections. 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 
W: [ http://www.wavedirect.net/ | www.wavedirect.net ] 


From: "Bill Prince" [ mailto:part15...@gmail.com |  ] 
To: "af" [ mailto:af@af.afmug.com |  ] 
Sent: Monday, March 1, 2021 11:35:02 AM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



I have to admit, I don't know that I've looked too much at he number of 
connections. How many subs does it take to achieve a million connections? 


bp
 
On 3/1/2021 8:02 AM, Steven Kenney wrote: 

BQ_BEGIN

Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech... I officially got a response 
that 1 million connections is too much for the 1072 and I should expect it to 
reboot and not function properly. That was their conclusion. Even though all of 
the 72 processors are under 50%, memory usage is only about 20% etc. Turn off 
connection tracking is the their solution. 

How about those apples? 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 
W: [ http://www.wavedirect.net/ | www.wavedirect.net ] 




-- 
AF mailing list 
[ mailto:AF@af.afmug.com | AF@af.afmug.com ] 
[ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] 


BQ_END

-- 
AF mailing list 
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Bill Prince


  
  
You have 6K subs doing NAT? That is more than I would attempt.


bp

On 3/1/2021 8:54 AM, Steven Kenney
  wrote:


  
  
About 6k.   I mean its official meaning that is their
  "excuse" and their answer to the problem.  Its ok because I've
  got an MX240 now I'm working on installing.  But in all
  honesty I'm positive its just laziness on their part. They
  don't want to even try to lab this up or fix it.  Many people
  never had this issues pre 6.44 and so many have complained
  since.  


I've had to have nat on this one particular router.  I'm
  working on phasing it out but with resources and memory
  available this is absurd.   I get these reboots during times
  where there is no increase in PPS upstream or on the router. 
  Shame I don't think their mib allows you to graph
  connections.  



  

  
  
  
  

  
  
           

 STEVEN KENNEY 
  
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY 
  
A: 158 Erie St. N | Leamington ON 
   
E: st...@wavedirect.org | P: 519-737-9283
   W:
www.wavedirect.net
  
  

  




From: "Bill Prince"
  
  To: "af" 
  Sent: Monday, March 1, 2021 11:35:02 AM
  Subject: Re: [AFMUG] Mikrotik Official Limitations




  I have to admit, I don't know that I've looked too much at
he number of connections. How many subs does it take to
achieve a million connections?
  
  
  bp

  On 3/1/2021 8:02 AM, Steven
Kenney wrote:
  
  

  Still fighting with Mikrotik about the 1072 reboots. 
New hardware didn't fix it, had several people check the
configs all were good. After 2 months of going back and
forth, escalating to a higher tier tech...   I
officially got a response that 1 million connections is
too much for the 1072 and I should expect it to reboot
and not function properly.  That was their conclusion. 
Even though all of the 72 processors are under 50%, 
memory usage is only about 20% etc.  Turn off connection
tracking is the their solution.  
  
  
  How about those apples?  
  
  
  

  




  


       
   
  
   STEVEN KENNEY 

  DIRECTOR OF GLOBAL CONNECTIVITY &
  CONTINUITY  
  A: 158 Erie St. N | Leamington ON 
 
  E: st...@wavedirect.org
  | P: 519-737-9283
 W:
  www.wavedirect.net


  

  



  
  
  -- 
  AF mailing list
  AF@af.afmug.com
  http://af.afmug.com/mailman/listinfo/af_af.afmug.com

  
  
  

  


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Steven Kenney

No no.. maybe a hundred people doing nat. I've almost eliminating all of them. 
Also need to nat some equipment for it to be able to update via the internet 
etc. 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 


From: "Bill Prince"  
To: "af"  
Sent: Monday, March 1, 2021 12:05:13 PM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



You have 6K subs doing NAT? That is more than I would attempt. 


bp
 
On 3/1/2021 8:54 AM, Steven Kenney wrote: 



About 6k. I mean its official meaning that is their "excuse" and their answer 
to the problem. Its ok because I've got an MX240 now I'm working on installing. 
But in all honesty I'm positive its just laziness on their part. They don't 
want to even try to lab this up or fix it. Many people never had this issues 
pre 6.44 and so many have complained since. 

I've had to have nat on this one particular router. I'm working on phasing it 
out but with resources and memory available this is absurd. I get these reboots 
during times where there is no increase in PPS upstream or on the router. Shame 
I don't think their mib allows you to graph connections. 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 
W: [ http://www.wavedirect.net/ | www.wavedirect.net ] 


From: "Bill Prince" [ mailto:part15...@gmail.com |  ] 
To: "af" [ mailto:af@af.afmug.com |  ] 
Sent: Monday, March 1, 2021 11:35:02 AM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



I have to admit, I don't know that I've looked too much at he number of 
connections. How many subs does it take to achieve a million connections? 


bp
 
On 3/1/2021 8:02 AM, Steven Kenney wrote: 

BQ_BEGIN

Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech... I officially got a response 
that 1 million connections is too much for the 1072 and I should expect it to 
reboot and not function properly. That was their conclusion. Even though all of 
the 72 processors are under 50%, memory usage is only about 20% etc. Turn off 
connection tracking is the their solution. 

How about those apples? 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 
W: [ http://www.wavedirect.net/ | www.wavedirect.net ] 




-- 
AF mailing list 
[ mailto:AF@af.afmug.com | AF@af.afmug.com ] 
[ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] 


BQ_END

-- 
AF mailing list 
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Sterling Jacobson

I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data.

I was like no, not going to do that.

And then started removing 1072 connection tracking altogether from my network.

For the time being I’m using 1036 for CGNAT as a transition, then will head to 
CHR CGNAT, then Juniper.

I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair.

Which makes the 1072 a no starter for anything conn track for us ever again.

I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
Watching to see if it bails too, or is capable of doing it for the time being.

But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of 
layer2 into our cores where we will do all of the heavy lifting.



From: AF  On Behalf Of Steven Kenney
Sent: Monday, March 1, 2021 9:03 AM
To: af 
Subject: [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech...   I officially got a 
response that 1 million connections is too much for the 1072 and I should 
expect it to reboot and not function properly.  That was their conclusion.  
Even though all of the 72 processors are under 50%,  memory usage is only about 
20% etc.  Turn off connection tracking is the their solution.

How about those apples?


[logo]
[https://www.wavedirect.net/imgs/Facebook.png]
  [https://www.wavedirect.net/imgs/Instagram.png] 
   
[https://www.wavedirect.net/imgs/LinkedIn.png] 
   
[https://www.wavedirect.net/imgs/Twitter.png]  
  [https://www.wavedirect.net/imgs/Youtube.png] 

STEVEN KENNEY
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON
E: st...@wavedirect.org | P: 519-737-9283
W: www.wavedirect.net

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Adam Moffett

CGNAT on Juniper requires an IP services card.  With licensing it's like 
Corvette money.


but that's kinda where we're at isn't it.


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:


I gave up the first time they asked me to record data for them during 
an instance and wanted us to let it hang and collect data.


I was like no, not going to do that.

And then started removing 1072 connection tracking altogether from my 
network.


For the time being I’m using 1036 for CGNAT as a transition, then will 
head to CHR CGNAT, then Juniper.


I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair.


Which makes the 1072 a no starter for anything conn track for us ever 
again.


I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.

Watching to see if it bails too, or is capable of doing it for the 
time being.


But our end game it MPLS/VPLS and/or direct switch VLAN type 
segmentation of layer2 into our cores where we will do all of the 
heavy lifting.


*From:* AF  *On Behalf Of * Steven Kenney
*Sent:* Monday, March 1, 2021 9:03 AM
*To:* af 
*Subject:* [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots.  New hardware 
didn't fix it, had several people check the configs all were good. 
After 2 months of going back and forth, escalating to a higher tier 
tech...   I officially got a response that 1 million connections is 
too much for the 1072 and I should expect it to reboot and not 
function properly.  That was their conclusion. Even though all of the 
72 processors are under 50%, memory usage is only about 20% etc.  Turn 
off connection tracking is the their solution.


How about those apples?

logo 





*STEVEN KENNEY *
*DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | 
Leamington ON

E: st...@wavedirect.org  | P: 519-737-9283
W: www.wavedirect.net *


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Bill Prince


  
  
Corvette money. Is that anything like cubic dollars?


bp

On 3/1/2021 9:51 AM, Adam Moffett
  wrote:


  
  CGNAT on Juniper requires an IP services card.  With licensing
it's like Corvette money.
  but that's kinda where we're at isn't it.
  
  
  On 3/1/2021 12:36 PM, Sterling
Jacobson wrote:
  
  





  I gave up the first time they asked me to
record data for them during an instance and wanted us to let
it hang and collect data.
   
  I was like no, not going to do that.
   
  And then started removing 1072 connection
tracking altogether from my network.
   
  For the time being I’m using 1036 for
CGNAT as a transition, then will head to CHR CGNAT, then
Juniper.
   
  I agree that Mikrotik just isn’t focused
on the 1072 anymore and this particular issue seems beyond
them to repair.
   
  Which makes the 1072 a no starter for
anything conn track for us ever again.
   
  I’ve got one 2004 doing the CGNAT now,
and it’s on latest Stable release.
  Watching to see if it bails too, or is
capable of doing it for the time being.
   
  But our end game it MPLS/VPLS and/or
direct switch VLAN type segmentation of layer2 into our
cores where we will do all of the heavy lifting.
   
   
   
  

  From: AF 
On Behalf Of  Steven Kenney
Sent: Monday, March 1, 2021 9:03 AM
To: af 
Subject: [AFMUG] Mikrotik Official Limitations

  
   
  

  Still
  fighting with Mikrotik about the 1072 reboots.  New
  hardware didn't fix it, had several people check the
  configs all were good. After 2 months of going back
  and forth, escalating to a higher tier tech...   I
  officially got a response that 1 million connections
  is too much for the 1072 and I should expect it to
  reboot and not function properly.  That was their
  conclusion.  Even though all of the 72 processors are
  under 50%,  memory usage is only about 20% etc.  Turn
  off connection tracking is the their solution.  


   


  How
  about those apples?  


   


  
 
  
  

  

  
  
         
  


  STEVEN
KENNEY 
DIRECTOR
OF GLOBAL CONNECTIVITY & CONTINUITY A:
158 Erie St. N | Leamington ON 
E: st...@wavedirect.org
| P: 519-737-9283
W: www.wavedirect.net

  

  
   

  



  
  
  

  


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Adam Moffett


It's 5 digit numbers, however you choose to label it.

The good news is one box will scale to staggering amounts of traffic.


On 3/1/2021 1:03 PM, Bill Prince wrote:


Corvette money. Is that anything like cubic dollars?


bp

On 3/1/2021 9:51 AM, Adam Moffett wrote:


CGNAT on Juniper requires an IP services card.  With licensing it's 
like Corvette money.


but that's kinda where we're at isn't it.


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:


I gave up the first time they asked me to record data for them 
during an instance and wanted us to let it hang and collect data.


I was like no, not going to do that.

And then started removing 1072 connection tracking altogether from 
my network.


For the time being I’m using 1036 for CGNAT as a transition, then 
will head to CHR CGNAT, then Juniper.


I agree that Mikrotik just isn’t focused on the 1072 anymore and 
this particular issue seems beyond them to repair.


Which makes the 1072 a no starter for anything conn track for us 
ever again.


I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable 
release.


Watching to see if it bails too, or is capable of doing it for the 
time being.


But our end game it MPLS/VPLS and/or direct switch VLAN type 
segmentation of layer2 into our cores where we will do all of the 
heavy lifting.


*From:* AF  *On Behalf Of * Steven Kenney
*Sent:* Monday, March 1, 2021 9:03 AM
*To:* af 
*Subject:* [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots.  New hardware 
didn't fix it, had several people check the configs all were good. 
After 2 months of going back and forth, escalating to a higher tier 
tech...   I officially got a response that 1 million connections is 
too much for the 1072 and I should expect it to reboot and not 
function properly.  That was their conclusion.  Even though all of 
the 72 processors are under 50%,  memory usage is only about 20% 
etc. Turn off connection tracking is the their solution.


How about those apples?

logo 





*STEVEN KENNEY *
*DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | 
Leamington ON

E: st...@wavedirect.org  | P: 519-737-9283
W: www.wavedirect.net *






-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread fiberrun

Is anybody looking at software based options like DPDK for a lower cost 
solution?

DANOS (free), TNSR (free trial, commercial $500/year), 6wind (~3k$ for 10G 
license + 15% yearly),...


- Jared
 
 
 

Sent: Monday, March 01, 2021
From: "Adam Moffett" 
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations
It's 5 digit numbers, however you choose to label it.
The good news is one box will scale to staggering amounts of traffic.
 

On 3/1/2021 1:03 PM, Bill Prince wrote:
Corvette money. Is that anything like cubic dollars?
 
bp


On 3/1/2021 9:51 AM, Adam Moffett wrote:
CGNAT on Juniper requires an IP services card.  With licensing it's like 
Corvette money.
but that's kinda where we're at isn't it.
 

On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data.
 
I was like no, not going to do that.
 
And then started removing 1072 connection tracking altogether from my network.
 
For the time being I’m using 1036 for CGNAT as a transition, then will head to 
CHR CGNAT, then Juniper.
 
I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair.
 
Which makes the 1072 a no starter for anything conn track for us ever again.
 
I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
Watching to see if it bails too, or is capable of doing it for the time being.
 
But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of 
layer2 into our cores where we will do all of the heavy lifting.
 
 
 

From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of 
Steven Kenney
Sent: Monday, March 1, 2021 9:03 AM
To: af [mailto:af@af.afmug.com]
Subject: [AFMUG] Mikrotik Official Limitations
 

Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech...   I officially got a 
response that 1 million connections is too much for the 1072 and I should 
expect it to reboot and not function properly.  That was their conclusion.  
Even though all of the 72 processors are under 50%,  memory usage is only about 
20% etc.  Turn off connection tracking is the their solution.  

 

How about those apples?  

 

 

[https://www.wavedirect.net/]

[https://www.facebook.com/ruralhighspeed] 
[https://www.instagram.com/wave.direct/]  
[https://www.linkedin.com/company/wavedirect-telecommunication/]  
[https://twitter.com/wavedirect1]  [https://www.youtube.com/user/WaveDirect]  
STEVEN KENNEY
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON
E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283
W: www.wavedirect.net[http://www.wavedirect.net]
 
         -- AF mailing list AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com]

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Sterling Jacobson

Yeah, that’s why there is justification for using Mikrotik “garbage”.

Mikrotik has got us where we are and allowed us to grow and grow our small team 
without a large upfront cost.

And then migrate to bigger and better.

Done this method a few times now and it’s worked out well.

Moral of the story is, work the best with what you have and know your platform.

I know Mikrotik. I can get angry and do have my rows with vendors and 
manufacturers, but we learn where we can reliably use what hardware over time.

Starting from ground zero I would definitely use Mikrotik again since I know it 
and what it can and cannot do.

But I am looking forward to the day when we invest in an MX series of highly 
available routers/platform.

Just like it would be awesome if I had enough money up front to run all Cambium 
M and Terragraph for our WISP side lol

From: AF  On Behalf Of Adam Moffett
Sent: Monday, March 1, 2021 11:06 AM
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations


It's 5 digit numbers, however you choose to label it.

The good news is one box will scale to staggering amounts of traffic.


On 3/1/2021 1:03 PM, Bill Prince wrote:

Corvette money. Is that anything like cubic dollars?



bp


On 3/1/2021 9:51 AM, Adam Moffett wrote:

CGNAT on Juniper requires an IP services card.  With licensing it's like 
Corvette money.

but that's kinda where we're at isn't it.


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data.

I was like no, not going to do that.

And then started removing 1072 connection tracking altogether from my network.

For the time being I’m using 1036 for CGNAT as a transition, then will head to 
CHR CGNAT, then Juniper.

I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair.

Which makes the 1072 a no starter for anything conn track for us ever again.

I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
Watching to see if it bails too, or is capable of doing it for the time being.

But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of 
layer2 into our cores where we will do all of the heavy lifting.



From: AF  On Behalf Of 
Steven Kenney
Sent: Monday, March 1, 2021 9:03 AM
To: af 
Subject: [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech...   I officially got a 
response that 1 million connections is too much for the 1072 and I should 
expect it to reboot and not function properly.  That was their conclusion.  
Even though all of the 72 processors are under 50%,  memory usage is only about 
20% etc.  Turn off connection tracking is the their solution.

How about those apples?


[logo]
[https://www.wavedirect.net/imgs/Facebook.png]
  [https://www.wavedirect.net/imgs/Instagram.png] 
   
[https://www.wavedirect.net/imgs/LinkedIn.png] 
   
[https://www.wavedirect.net/imgs/Twitter.png]  
  [https://www.wavedirect.net/imgs/Youtube.png] 

STEVEN KENNEY
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON
E: st...@wavedirect.org | P: 519-737-9283
W: www.wavedirect.net







-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Adam Moffett

I should have said it's 5 digits on top of having a Juniper router which 
can accept the IP services card (eg MX240, MX480, or MX960).  You'll be 
into 6 digits before you have the whole BOM. Maybe I should have said 
"Lamborghini money".  Depends whether you already have the Juniper 
router or if you had to start from square one.


I'm not saying there's anything wrong with Juniper, I'm just saying you 
have to bring your checkbook if you want to do CG-NAT with them.


On 3/1/2021 1:06 PM, Adam Moffett wrote:


It's 5 digit numbers, however you choose to label it.

The good news is one box will scale to staggering amounts of traffic.


On 3/1/2021 1:03 PM, Bill Prince wrote:


Corvette money. Is that anything like cubic dollars?


bp

On 3/1/2021 9:51 AM, Adam Moffett wrote:


CGNAT on Juniper requires an IP services card.  With licensing it's 
like Corvette money.


but that's kinda where we're at isn't it.


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:


I gave up the first time they asked me to record data for them 
during an instance and wanted us to let it hang and collect data.


I was like no, not going to do that.

And then started removing 1072 connection tracking altogether from 
my network.


For the time being I’m using 1036 for CGNAT as a transition, then 
will head to CHR CGNAT, then Juniper.


I agree that Mikrotik just isn’t focused on the 1072 anymore and 
this particular issue seems beyond them to repair.


Which makes the 1072 a no starter for anything conn track for us 
ever again.


I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable 
release.


Watching to see if it bails too, or is capable of doing it for the 
time being.


But our end game it MPLS/VPLS and/or direct switch VLAN type 
segmentation of layer2 into our cores where we will do all of the 
heavy lifting.


*From:* AF  *On Behalf Of * Steven Kenney
*Sent:* Monday, March 1, 2021 9:03 AM
*To:* af 
*Subject:* [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots. New hardware 
didn't fix it, had several people check the configs all were good. 
After 2 months of going back and forth, escalating to a higher tier 
tech...   I officially got a response that 1 million connections is 
too much for the 1072 and I should expect it to reboot and not 
function properly.  That was their conclusion.  Even though all of 
the 72 processors are under 50%,  memory usage is only about 20% 
etc.  Turn off connection tracking is the their solution.


How about those apples?

logo 





*STEVEN KENNEY *
*DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | 
Leamington ON

E: st...@wavedirect.org  | P: 519-737-9283
W: www.wavedirect.net *






-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Adam Moffett


+1

On 3/1/2021 1:41 PM, Sterling Jacobson wrote:


Yeah, that’s why there is justification for using Mikrotik “garbage”.

Mikrotik has got us where we are and allowed us to grow and grow our 
small team without a large upfront cost.


And then migrate to bigger and better.

Done this method a few times now and it’s worked out well.

Moral of the story is, work the best with what you have and know your 
platform.


I know Mikrotik. I can get angry and do have my rows with vendors and 
manufacturers, but we learn where we can reliably use what hardware 
over time.


Starting from ground zero I would definitely use Mikrotik again since 
I know it and what it can and cannot do.


But I am looking forward to the day when we invest in an MX series of 
highly available routers/platform.


Just like it would be awesome if I had enough money up front to run 
all Cambium M and Terragraph for our WISP side lol


*From:* AF  *On Behalf Of * Adam Moffett
*Sent:* Monday, March 1, 2021 11:06 AM
*To:* af@af.afmug.com
*Subject:* Re: [AFMUG] Mikrotik Official Limitations

It's 5 digit numbers, however you choose to label it.

The good news is one box will scale to staggering amounts of traffic.

On 3/1/2021 1:03 PM, Bill Prince wrote:

Corvette money. Is that anything like cubic dollars?

bp



On 3/1/2021 9:51 AM, Adam Moffett wrote:

CGNAT on Juniper requires an IP services card.  With licensing
it's like Corvette money.

but that's kinda where we're at isn't it.

On 3/1/2021 12:36 PM, Sterling Jacobson wrote:

I gave up the first time they asked me to record data for
them during an instance and wanted us to let it hang and
collect data.

I was like no, not going to do that.

And then started removing 1072 connection tracking
altogether from my network.

For the time being I’m using 1036 for CGNAT as a
transition, then will head to CHR CGNAT, then Juniper.

I agree that Mikrotik just isn’t focused on the 1072
anymore and this particular issue seems beyond them to repair.

Which makes the 1072 a no starter for anything conn track
for us ever again.

I’ve got one 2004 doing the CGNAT now, and it’s on latest
Stable release.

Watching to see if it bails too, or is capable of doing it
for the time being.

But our end game it MPLS/VPLS and/or direct switch VLAN
type segmentation of layer2 into our cores where we will
do all of the heavy lifting.

*From:* AF 
 *On Behalf Of *Steven Kenney
*Sent:* Monday, March 1, 2021 9:03 AM
*To:* af  
*Subject:* [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots. New
hardware didn't fix it, had several people check the
configs all were good. After 2 months of going back and
forth, escalating to a higher tier tech...   I officially
got a response that 1 million connections is too much for
the 1072 and I should expect it to reboot and not function
properly.  That was their conclusion.  Even though all of
the 72 processors are under 50%,  memory usage is only
about 20% etc.  Turn off connection tracking is the their
solution.

How about those apples?

logo 






*STEVEN KENNEY *
*DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158
Erie St. N | Leamington ON
E: st...@wavedirect.org  | P:
519-737-9283
W: www.wavedirect.net *








-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Mike Hammett

We should also not confuse "vendor is junk" with "I used it wrong". Also, there 
are times that both may apply. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Sterling Jacobson"  
To: "AnimalFarm Microwave Users Group"  
Sent: Monday, March 1, 2021 12:41:12 PM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



Yeah, that’s why there is justification for using Mikrotik “garbage”. 

Mikrotik has got us where we are and allowed us to grow and grow our small team 
without a large upfront cost. 

And then migrate to bigger and better. 

Done this method a few times now and it’s worked out well. 

Moral of the story is, work the best with what you have and know your platform. 

I know Mikrotik. I can get angry and do have my rows with vendors and 
manufacturers, but we learn where we can reliably use what hardware over time. 

Starting from ground zero I would definitely use Mikrotik again since I know it 
and what it can and cannot do. 

But I am looking forward to the day when we invest in an MX series of highly 
available routers/platform. 

Just like it would be awesome if I had enough money up front to run all Cambium 
M and Terragraph for our WISP side lol 



From: AF  On Behalf Of Adam Moffett 
Sent: Monday, March 1, 2021 11:06 AM 
To: af@af.afmug.com 
Subject: Re: [AFMUG] Mikrotik Official Limitations 

It's 5 digit numbers, however you choose to label it. 
The good news is one box will scale to staggering amounts of traffic. 


On 3/1/2021 1:03 PM, Bill Prince wrote: 


Corvette money. Is that anything like cubic dollars? 
bp  

On 3/1/2021 9:51 AM, Adam Moffett wrote: 


CGNAT on Juniper requires an IP services card. With licensing it's like 
Corvette money. 
but that's kinda where we're at isn't it. 


On 3/1/2021 12:36 PM, Sterling Jacobson wrote: 


I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data. 

I was like no, not going to do that. 

And then started removing 1072 connection tracking altogether from my network. 

For the time being I’m using 1036 for CGNAT as a transition, then will head to 
CHR CGNAT, then Juniper. 

I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair. 

Which makes the 1072 a no starter for anything conn track for us ever again. 

I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. 
Watching to see if it bails too, or is capable of doing it for the time being. 

But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of 
layer2 into our cores where we will do all of the heavy lifting. 





From: AF  On Behalf Of Steven Kenney 
Sent: Monday, March 1, 2021 9:03 AM 
To: af  
Subject: [AFMUG] Mikrotik Official Limitations 



Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech... I officially got a response 
that 1 million connections is too much for the 1072 and I should expect it to 
reboot and not function properly. That was their conclusion. Even though all of 
the 72 processors are under 50%, memory usage is only about 20% etc. Turn off 
connection tracking is the their solution. 



How about those apples? 






logo


STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 
















-- 
AF mailing list 
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Steven Kenney

Just word to the wise - prepare to ditch Mikrotik as soon as you near 10Gbps 
traffic. Their upper echelon hardware doesn't pass the muster. 


[ https://www.wavedirect.net/ |] 
[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 


From: "Adam Moffett"  
To: "af"  
Sent: Monday, March 1, 2021 1:42:54 PM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



+1 
On 3/1/2021 1:41 PM, Sterling Jacobson wrote: 





Yeah, that’s why there is justification for using Mikrotik “garbage”. 



Mikrotik has got us where we are and allowed us to grow and grow our small team 
without a large upfront cost. 



And then migrate to bigger and better. 



Done this method a few times now and it’s worked out well. 



Moral of the story is, work the best with what you have and know your platform. 



I know Mikrotik. I can get angry and do have my rows with vendors and 
manufacturers, but we learn where we can reliably use what hardware over time. 



Starting from ground zero I would definitely use Mikrotik again since I know it 
and what it can and cannot do. 



But I am looking forward to the day when we invest in an MX series of highly 
available routers/platform. 



Just like it would be awesome if I had enough money up front to run all Cambium 
M and Terragraph for our WISP side lol 




From: AF [ mailto:af-boun...@af.afmug.com |  ] On 
Behalf Of Adam Moffett 
Sent: Monday, March 1, 2021 11:06 AM 
To: [ mailto:af@af.afmug.com | af@af.afmug.com ] 
Subject: Re: [AFMUG] Mikrotik Official Limitations 




It's 5 digit numbers, however you choose to label it. 

The good news is one box will scale to staggering amounts of traffic. 




On 3/1/2021 1:03 PM, Bill Prince wrote: 

BQ_BEGIN


Corvette money. Is that anything like cubic dollars? 


bp 
 


On 3/1/2021 9:51 AM, Adam Moffett wrote: 

BQ_BEGIN


CGNAT on Juniper requires an IP services card. With licensing it's like 
Corvette money. 

but that's kinda where we're at isn't it. 




On 3/1/2021 12:36 PM, Sterling Jacobson wrote: 

BQ_BEGIN


I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data. 



I was like no, not going to do that. 



And then started removing 1072 connection tracking altogether from my network. 



For the time being I’m using 1036 for CGNAT as a transition, then will head to 
CHR CGNAT, then Juniper. 



I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair. 



Which makes the 1072 a no starter for anything conn track for us ever again. 



I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. 

Watching to see if it bails too, or is capable of doing it for the time being. 



But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of 
layer2 into our cores where we will do all of the heavy lifting. 








From: AF [ mailto:af-boun...@af.afmug.com |  ] On 
Behalf Of Steven Kenney 
Sent: Monday, March 1, 2021 9:03 AM 
To: af [ mailto:af@af.afmug.com |  ] 
Subject: [AFMUG] Mikrotik Official Limitations 





Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech... I officially got a response 
that 1 million connections is too much for the 1072 and I should expect it to 
reboot and not function properly. That was their conclusion. Even though all of 
the 72 processors are under 50%, memory usage is only about 20% etc. Turn off 
connection tracking is the their solution. 





How about those apples? 








[ https://www.wavedirect.net/ ] 


[ https://www.facebook.com/ruralhighspeed ] [ 
https://www.instagram.com/wave.direct/ ] [ 
https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ 
https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] 


STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 
W: [ http://www.wavedirect.net/ | www.wavedirect.net ] 













BQ_END





BQ_END



BQ_END

-- 
AF mailing list 
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Bill Prince


  
  
What would be nice if I brought YOUR checkbook.


bp

On 3/1/2021 10:41 AM, Adam Moffett
  wrote:


  
  I should have said it's 5 digits on top of having a Juniper
router which can accept the IP services card (eg MX240, MX480,
or MX960).  You'll be into 6 digits before you have the whole
BOM.  Maybe I should have said "Lamborghini money".  Depends
whether you already have the Juniper router or if you had to
start from square one.
  
  I'm not saying there's anything wrong with Juniper, I'm just
saying you have to bring your checkbook if you want to do CG-NAT
with them.
  
  On 3/1/2021 1:06 PM, Adam Moffett
wrote:
  
  

It's 5 digit numbers, however you choose to label it.
The good news is one box will scale to staggering amounts of
  traffic.



On 3/1/2021 1:03 PM, Bill Prince
  wrote:


  
  Corvette money. Is that anything like cubic dollars?
  
  
  bp

  On 3/1/2021 9:51 AM, Adam Moffett
wrote:
  
  

CGNAT on Juniper requires an IP services card.  With
  licensing it's like Corvette money.
but that's kinda where we're at isn't it.


On 3/1/2021 12:36 PM, Sterling
  Jacobson wrote:


  
  
  
  
  
I gave up the first time they asked
  me to record data for them during an instance and
  wanted us to let it hang and collect data.
 
I was like no, not going to do
  that.
 
And then started removing 1072
  connection tracking altogether from my network.
 
For the time being I’m using 1036
  for CGNAT as a transition, then will head to CHR
  CGNAT, then Juniper.
 
I agree that Mikrotik just isn’t
  focused on the 1072 anymore and this particular issue
  seems beyond them to repair.
 
Which makes the 1072 a no starter
  for anything conn track for us ever again.
 
I’ve got one 2004 doing the CGNAT
  now, and it’s on latest Stable release.
Watching to see if it bails too, or
  is capable of doing it for the time being.
 
But our end game it MPLS/VPLS
  and/or direct switch VLAN type segmentation of layer2
  into our cores where we will do all of the heavy
  lifting.
 
 
 

  
From: AF 
  On Behalf Of  Steven Kenney
  Sent: Monday, March 1, 2021 9:03 AM
  To: af 
  Subject: [AFMUG] Mikrotik Official
  Limitations
  

 

  
Still
fighting with Mikrotik about the 1072 reboots. 
New hardware didn't fix it, had several people
check the configs all were good. After 2 months
of going back and forth, escalating to a higher
tier tech...   I officially got a response that
1 million connections is too much for the 1072
and I should expect it to reboot and not
function properly.  That was their conclusion. 
Even though all of the 72 processors are under
50%,  memory usage is only about 20% etc.  Turn
off connection tracking is the their solution.  
  
  
 
  
  
How
about those apples?  
  
  
 
  
  

   


  

  


           

  
  
STEVEN
  KENNEY 
  DIRECTOR
  OF GLOBAL CONNECTIVITY &

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Mike Hammett

Eh, it depends on what you're trying to do with it, as always. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Steven Kenney"  
To: "af"  
Sent: Monday, March 1, 2021 12:47:08 PM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 



Just word to the wise - prepare to ditch Mikrotik as soon as you near 10Gbps 
traffic. Their upper echelon hardware doesn't pass the muster. 





logo
STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 


- Original Message -

From: "Adam Moffett"  
To: "af"  
Sent: Monday, March 1, 2021 1:42:54 PM 
Subject: Re: [AFMUG] Mikrotik Official Limitations 




+1 

On 3/1/2021 1:41 PM, Sterling Jacobson wrote: 




Yeah, that’s why there is justification for using Mikrotik “garbage”. 

Mikrotik has got us where we are and allowed us to grow and grow our small team 
without a large upfront cost. 

And then migrate to bigger and better. 

Done this method a few times now and it’s worked out well. 

Moral of the story is, work the best with what you have and know your platform. 

I know Mikrotik. I can get angry and do have my rows with vendors and 
manufacturers, but we learn where we can reliably use what hardware over time. 

Starting from ground zero I would definitely use Mikrotik again since I know it 
and what it can and cannot do. 

But I am looking forward to the day when we invest in an MX series of highly 
available routers/platform. 

Just like it would be awesome if I had enough money up front to run all Cambium 
M and Terragraph for our WISP side lol 



From: AF  On Behalf Of Adam Moffett 
Sent: Monday, March 1, 2021 11:06 AM 
To: af@af.afmug.com 
Subject: Re: [AFMUG] Mikrotik Official Limitations 

It's 5 digit numbers, however you choose to label it. 
The good news is one box will scale to staggering amounts of traffic. 


On 3/1/2021 1:03 PM, Bill Prince wrote: 


Corvette money. Is that anything like cubic dollars? 
bp  

On 3/1/2021 9:51 AM, Adam Moffett wrote: 


CGNAT on Juniper requires an IP services card. With licensing it's like 
Corvette money. 
but that's kinda where we're at isn't it. 


On 3/1/2021 12:36 PM, Sterling Jacobson wrote: 


I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data. 

I was like no, not going to do that. 

And then started removing 1072 connection tracking altogether from my network. 

For the time being I’m using 1036 for CGNAT as a transition, then will head to 
CHR CGNAT, then Juniper. 

I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair. 

Which makes the 1072 a no starter for anything conn track for us ever again. 

I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. 
Watching to see if it bails too, or is capable of doing it for the time being. 

But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of 
layer2 into our cores where we will do all of the heavy lifting. 





From: AF  On Behalf Of Steven Kenney 
Sent: Monday, March 1, 2021 9:03 AM 
To: af  
Subject: [AFMUG] Mikrotik Official Limitations 



Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech... I officially got a response 
that 1 million connections is too much for the 1072 and I should expect it to 
reboot and not function properly. That was their conclusion. Even though all of 
the 72 processors are under 50%, memory usage is only about 20% etc. Turn off 
connection tracking is the their solution. 



How about those apples? 





logo


STEVEN KENNEY 
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON 
E: st...@wavedirect.org | P: 519-737-9283 
W: www.wavedirect.net 



















-- 
AF mailing list 
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com 

-- 
AF mailing list 
AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Adam Moffett


but then I'll get trouble for a bounced check

On 3/1/2021 1:54 PM, Bill Prince wrote:


What would be nice if I brought YOUR checkbook.


bp

On 3/1/2021 10:41 AM, Adam Moffett wrote:


I should have said it's 5 digits on top of having a Juniper router 
which can accept the IP services card (eg MX240, MX480, or MX960).  
You'll be into 6 digits before you have the whole BOM.  Maybe I 
should have said "Lamborghini money".  Depends whether you already 
have the Juniper router or if you had to start from square one.


I'm not saying there's anything wrong with Juniper, I'm just saying 
you have to bring your checkbook if you want to do CG-NAT with them.


On 3/1/2021 1:06 PM, Adam Moffett wrote:


It's 5 digit numbers, however you choose to label it.

The good news is one box will scale to staggering amounts of traffic.


On 3/1/2021 1:03 PM, Bill Prince wrote:


Corvette money. Is that anything like cubic dollars?


bp

On 3/1/2021 9:51 AM, Adam Moffett wrote:


CGNAT on Juniper requires an IP services card.  With licensing 
it's like Corvette money.


but that's kinda where we're at isn't it.


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:


I gave up the first time they asked me to record data for them 
during an instance and wanted us to let it hang and collect data.


I was like no, not going to do that.

And then started removing 1072 connection tracking altogether 
from my network.


For the time being I’m using 1036 for CGNAT as a transition, then 
will head to CHR CGNAT, then Juniper.


I agree that Mikrotik just isn’t focused on the 1072 anymore and 
this particular issue seems beyond them to repair.


Which makes the 1072 a no starter for anything conn track for us 
ever again.


I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable 
release.


Watching to see if it bails too, or is capable of doing it for 
the time being.


But our end game it MPLS/VPLS and/or direct switch VLAN type 
segmentation of layer2 into our cores where we will do all of the 
heavy lifting.


*From:* AF  *On Behalf Of * Steven Kenney
*Sent:* Monday, March 1, 2021 9:03 AM
*To:* af 
*Subject:* [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots.  New 
hardware didn't fix it, had several people check the configs all 
were good. After 2 months of going back and forth, escalating to 
a higher tier tech...   I officially got a response that 1 
million connections is too much for the 1072 and I should expect 
it to reboot and not function properly.  That was their 
conclusion.  Even though all of the 72 processors are under 50%,  
memory usage is only about 20% etc. Turn off connection tracking 
is the their solution.


How about those apples?

logo 





*STEVEN KENNEY *
*DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N 
| Leamington ON
E: st...@wavedirect.org  | P: 
519-737-9283

W: www.wavedirect.net *










-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread fiberrun

If your needs are more modest, I guess you could get away with an MS-MIC-16G 
card in a low end MX router. The MIC can be had for less than four grand, as 
can an older MX router. That should be good for CGNAT needs under 9 Gbps.


- Jared
 
 
 

Sent: Monday, March 01, 2021 at 1:41 PM
From: "Adam Moffett" 
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations
I should have said it's 5 digits on top of having a Juniper router which can 
accept the IP services card (eg MX240, MX480, or MX960).  You'll be into 6 
digits before you have the whole BOM.  Maybe I should have said "Lamborghini 
money".  Depends whether you already have the Juniper router or if you had to 
start from square one.
I'm not saying there's anything wrong with Juniper, I'm just saying you have to 
bring your checkbook if you want to do CG-NAT with them.

On 3/1/2021 1:06 PM, Adam Moffett wrote:
It's 5 digit numbers, however you choose to label it.
The good news is one box will scale to staggering amounts of traffic.
 

On 3/1/2021 1:03 PM, Bill Prince wrote:
Corvette money. Is that anything like cubic dollars?
 
bp


On 3/1/2021 9:51 AM, Adam Moffett wrote:
CGNAT on Juniper requires an IP services card.  With licensing it's like 
Corvette money.
but that's kinda where we're at isn't it.
 

On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data.
 
I was like no, not going to do that.
 
And then started removing 1072 connection tracking altogether from my network.
 
For the time being I’m using 1036 for CGNAT as a transition, then will head to 
CHR CGNAT, then Juniper.
 
I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
particular issue seems beyond them to repair.
 
Which makes the 1072 a no starter for anything conn track for us ever again.
 
I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
Watching to see if it bails too, or is capable of doing it for the time being.
 
But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of 
layer2 into our cores where we will do all of the heavy lifting.
 
 
 

From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of 
Steven Kenney
Sent: Monday, March 1, 2021 9:03 AM
To: af [mailto:af@af.afmug.com]
Subject: [AFMUG] Mikrotik Official Limitations
 

Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech...   I officially got a 
response that 1 million connections is too much for the 1072 and I should 
expect it to reboot and not function properly.  That was their conclusion.  
Even though all of the 72 processors are under 50%,  memory usage is only about 
20% etc.  Turn off connection tracking is the their solution.  

 

How about those apples?  

 

 

[https://www.wavedirect.net/]

[https://www.facebook.com/ruralhighspeed] 
[https://www.instagram.com/wave.direct/]  
[https://www.linkedin.com/company/wavedirect-telecommunication/]  
[https://twitter.com/wavedirect1]  [https://www.youtube.com/user/WaveDirect]  
STEVEN KENNEY
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON
E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283
W: www.wavedirect.net[http://www.wavedirect.net]
 
         -- AF mailing list AF@af.afmug.com 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com]

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Adam Moffett


Maybe I was misinformed.

The VAR told me JunOS would only do 1:1 NAT unless you had an IP 
Services card, and that I had to have an MX240, 480, or 960 to use that 
card.



On 3/1/2021 3:27 PM, fiber...@mail.com wrote:

If your needs are more modest, I guess you could get away with an MS-MIC-16G 
card in a low end MX router. The MIC can be had for less than four grand, as 
can an older MX router. That should be good for CGNAT needs under 9 Gbps.


- Jared
  
  
  


Sent: Monday, March 01, 2021 at 1:41 PM
From: "Adam Moffett" 
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations
I should have said it's 5 digits on top of having a Juniper router which can accept the 
IP services card (eg MX240, MX480, or MX960).  You'll be into 6 digits before you have 
the whole BOM.  Maybe I should have said "Lamborghini money".  Depends whether 
you already have the Juniper router or if you had to start from square one.
I'm not saying there's anything wrong with Juniper, I'm just saying you have to 
bring your checkbook if you want to do CG-NAT with them.

On 3/1/2021 1:06 PM, Adam Moffett wrote:
It's 5 digit numbers, however you choose to label it.
The good news is one box will scale to staggering amounts of traffic.
  


On 3/1/2021 1:03 PM, Bill Prince wrote:
Corvette money. Is that anything like cubic dollars?
  
bp



On 3/1/2021 9:51 AM, Adam Moffett wrote:
CGNAT on Juniper requires an IP services card.  With licensing it's like 
Corvette money.
but that's kinda where we're at isn't it.
  


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data.
  
I was like no, not going to do that.
  
And then started removing 1072 connection tracking altogether from my network.
  
For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper.
  
I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair.
  
Which makes the 1072 a no starter for anything conn track for us ever again.
  
I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.

Watching to see if it bails too, or is capable of doing it for the time being.
  
But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting.
  
  
  


From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of 
Steven Kenney
Sent: Monday, March 1, 2021 9:03 AM
To: af [mailto:af@af.afmug.com]
Subject: [AFMUG] Mikrotik Official Limitations
  


Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech...   I officially got a 
response that 1 million connections is too much for the 1072 and I should 
expect it to reboot and not function properly.  That was their conclusion.  
Even though all of the 72 processors are under 50%,  memory usage is only about 
20% etc.  Turn off connection tracking is the their solution.

  


How about those apples?

  

  


[https://www.wavedirect.net/]

[https://www.facebook.com/ruralhighspeed] 
[https://www.instagram.com/wave.direct/]  
[https://www.linkedin.com/company/wavedirect-telecommunication/]  
[https://twitter.com/wavedirect1]  [https://www.youtube.com/user/WaveDirect]
STEVEN KENNEY
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON
E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283
W: www.wavedirect.net[http://www.wavedirect.net]
  
          -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com]




--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread fiberrun

I guess it depends on what kind of NAT you want to do.

Here's an overview of CGNAT implementation options:
https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html

And which chassies take which cards:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview

You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of 
later cards nor all the bells and whistles.

- Jared

> Sent: Monday, March 01, 2021 at 3:31 PM
> From: "Adam Moffett" 
> To: af@af.afmug.com
> Subject: Re: [AFMUG] Mikrotik Official Limitations
>
> Maybe I was misinformed.
> 
> The VAR told me JunOS would only do 1:1 NAT unless you had an IP 
> Services card, and that I had to have an MX240, 480, or 960 to use that 
> card.
> 
> 
> On 3/1/2021 3:27 PM, fiber...@mail.com wrote:
> > If your needs are more modest, I guess you could get away with an 
> > MS-MIC-16G card in a low end MX router. The MIC can be had for less than 
> > four grand, as can an older MX router. That should be good for CGNAT needs 
> > under 9 Gbps.
> >
> >
> > - Jared
> >   
> >   
> >   
> >
> > Sent: Monday, March 01, 2021 at 1:41 PM
> > From: "Adam Moffett" 
> > To: af@af.afmug.com
> > Subject: Re: [AFMUG] Mikrotik Official Limitations
> > I should have said it's 5 digits on top of having a Juniper router which 
> > can accept the IP services card (eg MX240, MX480, or MX960).  You'll be 
> > into 6 digits before you have the whole BOM.  Maybe I should have said 
> > "Lamborghini money".  Depends whether you already have the Juniper router 
> > or if you had to start from square one.
> > I'm not saying there's anything wrong with Juniper, I'm just saying you 
> > have to bring your checkbook if you want to do CG-NAT with them.
> >
> > On 3/1/2021 1:06 PM, Adam Moffett wrote:
> > It's 5 digit numbers, however you choose to label it.
> > The good news is one box will scale to staggering amounts of traffic.
> >   
> >
> > On 3/1/2021 1:03 PM, Bill Prince wrote:
> > Corvette money. Is that anything like cubic dollars?
> >   
> > bp
> > 
> >
> > On 3/1/2021 9:51 AM, Adam Moffett wrote:
> > CGNAT on Juniper requires an IP services card.  With licensing it's like 
> > Corvette money.
> > but that's kinda where we're at isn't it.
> >   
> >
> > On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
> > I gave up the first time they asked me to record data for them during an 
> > instance and wanted us to let it hang and collect data.
> >   
> > I was like no, not going to do that.
> >   
> > And then started removing 1072 connection tracking altogether from my 
> > network.
> >   
> > For the time being I’m using 1036 for CGNAT as a transition, then will head 
> > to CHR CGNAT, then Juniper.
> >   
> > I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
> > particular issue seems beyond them to repair.
> >   
> > Which makes the 1072 a no starter for anything conn track for us ever again.
> >   
> > I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
> > Watching to see if it bails too, or is capable of doing it for the time 
> > being.
> >   
> > But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation 
> > of layer2 into our cores where we will do all of the heavy lifting.
> >   
> >   
> >   
> >
> > From: AF [mailto:af-boun...@af.afmug.com] On 
> > Behalf Of Steven Kenney
> > Sent: Monday, March 1, 2021 9:03 AM
> > To: af [mailto:af@af.afmug.com]
> > Subject: [AFMUG] Mikrotik Official Limitations
> >   
> >
> > Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't 
> > fix it, had several people check the configs all were good. After 2 months 
> > of going back and forth, escalating to a higher tier tech...   I officially 
> > got a response that 1 million connections is too much for the 1072 and I 
> > should expect it to reboot and not function properly.  That was their 
> > conclusion.  Even though all of the 72 processors are under 50%,  memory 
> > usage is only about 20% etc.  Turn off connection tracking is the their 
> > solution.
> >
> >   
> >
> > How about those apples?
> >
> >   
> >
> >   
> >
> > [https://www.wavedirect.net/]
> >
> > [https://www.facebook.com/ruralhighspeed] 
> > [https://www.instagram.com/wave.direct/]  
> > [https://www.linkedin.com/company/wavedirect-telecommunication/]  
> > [https://twitter.com/wavedirect1]  [https://www.youtube.com/user/WaveDirect]
> > STEVEN KENNEY
> > DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington 
> > ON
> > E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283
> > W: www.wavedirect.net[http://www.wavedirect.net]
> >   
> >           -- AF mailing list AF@af.afmug.com 
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com]
> >
> 
> --

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Sterling Jacobson

Yeah, that’s for sure.

For the moment we put full tables on multiple upstreams on 10Gbps interface on 
1072 and they run fine at 5-6Gbps of peak traffic each.

I wouldn’t push it much further than that though. We just even out the load 
between all of them for now, until we migrate to CHR for BGP.

And then after CHR Mikrotik BGP we plan on Juniper gear, especially if we limit 
the carriers upstreams.

But I doubt that, our network runs such that it’s “easy” to get another 10Gbps 
upstream on full table BGP and assign another Mikrotik 1072 or CHR to it.
Then we have multiple redundance, less peak and average going through the 
majority of them and can gracefully handle downtime of one single provider for 
now.

All under the one time cost of a single Juniper router.


From: AF  On Behalf Of Mike Hammett
Sent: Monday, March 1, 2021 11:56 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Mikrotik Official Limitations

Eh, it depends on what you're trying to do with it, as always.


-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]




From: "Steven Kenney" mailto:st...@wavedirect.org>>
To: "af" mailto:af@af.afmug.com>>
Sent: Monday, March 1, 2021 12:47:08 PM
Subject: Re: [AFMUG] Mikrotik Official Limitations
Just word to the wise -  prepare to ditch Mikrotik as soon as you near 10Gbps 
traffic.   Their upper echelon hardware doesn't pass the muster.


[logo]
[https://www.wavedirect.net/imgs/Facebook.png]
  [https://www.wavedirect.net/imgs/Instagram.png] 
   
[https://www.wavedirect.net/imgs/LinkedIn.png] 
   
[https://www.wavedirect.net/imgs/Twitter.png]  
  [https://www.wavedirect.net/imgs/Youtube.png] 

STEVEN KENNEY
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON
E: st...@wavedirect.org | P: 519-737-9283
W: www.wavedirect.net


From: "Adam Moffett" mailto:dmmoff...@gmail.com>>
To: "af" mailto:af@af.afmug.com>>
Sent: Monday, March 1, 2021 1:42:54 PM
Subject: Re: [AFMUG] Mikrotik Official Limitations


+1
On 3/1/2021 1:41 PM, Sterling Jacobson wrote:
Yeah, that’s why there is justification for using Mikrotik “garbage”.

Mikrotik has got us where we are and allowed us to grow and grow our small team 
without a large upfront cost.

And then migrate to bigger and better.

Done this method a few times now and it’s worked out well.

Moral of the story is, work the best with what you have and know your platform.

I know Mikrotik. I can get angry and do have my rows with vendors and 
manufacturers, but we learn where we can reliably use what hardware over time.

Starting from ground zero I would definitely use Mikrotik again since I know it 
and what it can and cannot do.

But I am looking forward to the day when we invest in an MX series of highly 
available routers/platform.

Just like it would be awesome if I had enough money up front to run all Cambium 
M and Terragraph for our WISP side lol

From: AF  On Behalf Of 
Adam Moffett
Sent: Monday, March 1, 2021 11:06 AM
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations


It's 5 digit numbers, however you choose to label it.

The good news is one box will scale to staggering amounts of traffic.


On 3/1/2021 1:03 PM, Bill Prince wrote:

Corvette money. Is that anything like cubic dollars?



bp


On 3/1/2021 9:51 AM, Adam Moffett wrote:

CGNAT on Juniper requires an IP services card.  With licensing it's like 
Corvette money.

but that's kinda where we're at isn't it.


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data.

I was like

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Adam Moffett


One thing I'll miss about Mikrotik is every router can use every feature.


On 3/1/2021 3:52 PM, fiber...@mail.com wrote:

I guess it depends on what kind of NAT you want to do.

Here's an overview of CGNAT implementation options:
https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html

And which chassies take which cards:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview

You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of 
later cards nor all the bells and whistles.

- Jared


Sent: Monday, March 01, 2021 at 3:31 PM
From: "Adam Moffett" 
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations

Maybe I was misinformed.

The VAR told me JunOS would only do 1:1 NAT unless you had an IP
Services card, and that I had to have an MX240, 480, or 960 to use that
card.


On 3/1/2021 3:27 PM, fiber...@mail.com wrote:

If your needs are more modest, I guess you could get away with an MS-MIC-16G 
card in a low end MX router. The MIC can be had for less than four grand, as 
can an older MX router. That should be good for CGNAT needs under 9 Gbps.


- Jared
   
   
   


Sent: Monday, March 01, 2021 at 1:41 PM
From: "Adam Moffett" 
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations
I should have said it's 5 digits on top of having a Juniper router which can accept the 
IP services card (eg MX240, MX480, or MX960).  You'll be into 6 digits before you have 
the whole BOM.  Maybe I should have said "Lamborghini money".  Depends whether 
you already have the Juniper router or if you had to start from square one.
I'm not saying there's anything wrong with Juniper, I'm just saying you have to 
bring your checkbook if you want to do CG-NAT with them.

On 3/1/2021 1:06 PM, Adam Moffett wrote:
It's 5 digit numbers, however you choose to label it.
The good news is one box will scale to staggering amounts of traffic.
   


On 3/1/2021 1:03 PM, Bill Prince wrote:
Corvette money. Is that anything like cubic dollars?
   
bp



On 3/1/2021 9:51 AM, Adam Moffett wrote:
CGNAT on Juniper requires an IP services card.  With licensing it's like 
Corvette money.
but that's kinda where we're at isn't it.
   


On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
I gave up the first time they asked me to record data for them during an 
instance and wanted us to let it hang and collect data.
   
I was like no, not going to do that.
   
And then started removing 1072 connection tracking altogether from my network.
   
For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper.
   
I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair.
   
Which makes the 1072 a no starter for anything conn track for us ever again.
   
I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.

Watching to see if it bails too, or is capable of doing it for the time being.
   
But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting.
   
   
   


From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of 
Steven Kenney
Sent: Monday, March 1, 2021 9:03 AM
To: af [mailto:af@af.afmug.com]
Subject: [AFMUG] Mikrotik Official Limitations
   


Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't fix 
it, had several people check the configs all were good. After 2 months of going 
back and forth, escalating to a higher tier tech...   I officially got a 
response that 1 million connections is too much for the 1072 and I should 
expect it to reboot and not function properly.  That was their conclusion.  
Even though all of the 72 processors are under 50%,  memory usage is only about 
20% etc.  Turn off connection tracking is the their solution.

   


How about those apples?

   

   


[https://www.wavedirect.net/]

[https://www.facebook.com/ruralhighspeed] 
[https://www.instagram.com/wave.direct/]  
[https://www.linkedin.com/company/wavedirect-telecommunication/]  
[https://twitter.com/wavedirect1]  [https://www.youtube.com/user/WaveDirect]
STEVEN KENNEY
DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON
E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283
W: www.wavedirect.net[http://www.wavedirect.net]
   
           -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com]



--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com



--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Dennis Burgess

We have customers with dual 10gig bonded links running 12-15gig inbound with 
1072s and full tables without issues.  Note, no connecting tracking.  Its more 
about knowing their limitations and working around those.  We would simply put 
NAT at each  tower vs at the network edge, creates better design and allows for 
each tower to be natted to its local IP.  Just my two cents.  



Dennis Burgess

Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, 
Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, 
Enterprise Wireless Engineer
Hurricane Electric: IPv6 Sage Level
Cambium: ePMP 

Author of "Learn RouterOS- Second Edition” 
Link Technologies, Inc -- Mikrotik & WISP Support Services 
Office: 314-735-0270  Website: http://www.linktechs.net 
Create Wireless Coverage’s with www.towercoverage.com 
How did we do today?


-Original Message-
From: AF  On Behalf Of Adam Moffett
Sent: Monday, March 1, 2021 4:13 PM
To: af@af.afmug.com
Subject: Re: [AFMUG] Mikrotik Official Limitations

One thing I'll miss about Mikrotik is every router can use every feature.


On 3/1/2021 3:52 PM, fiber...@mail.com wrote:
> I guess it depends on what kind of NAT you want to do.
>
> Here's an overview of CGNAT implementation options:
> https://www.juniper.net/documentation/en_US/junos-space-apps/edge-serv
> ices-director1.0/topics/topic-map/nat-junos-cgn-implementations.html
>
> And which chassies take which cards:
> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ser
> vices-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms
> -mic-and-ms-mpc-overview
>
> You *can* get started with a MS-MIC-16G , but it doesn't have the throughput 
> of later cards nor all the bells and whistles.
>
> - Jared
>
>> Sent: Monday, March 01, 2021 at 3:31 PM
>> From: "Adam Moffett" 
>> To: af@af.afmug.com
>> Subject: Re: [AFMUG] Mikrotik Official Limitations
>>
>> Maybe I was misinformed.
>>
>> The VAR told me JunOS would only do 1:1 NAT unless you had an IP 
>> Services card, and that I had to have an MX240, 480, or 960 to use 
>> that card.
>>
>>
>> On 3/1/2021 3:27 PM, fiber...@mail.com wrote:
>>> If your needs are more modest, I guess you could get away with an 
>>> MS-MIC-16G card in a low end MX router. The MIC can be had for less than 
>>> four grand, as can an older MX router. That should be good for CGNAT needs 
>>> under 9 Gbps.
>>>
>>>
>>> - Jared
>>>
>>>
>>>
>>>
>>> Sent: Monday, March 01, 2021 at 1:41 PM
>>> From: "Adam Moffett" 
>>> To: af@af.afmug.com
>>> Subject: Re: [AFMUG] Mikrotik Official Limitations I should have 
>>> said it's 5 digits on top of having a Juniper router which can accept the 
>>> IP services card (eg MX240, MX480, or MX960).  You'll be into 6 digits 
>>> before you have the whole BOM.  Maybe I should have said "Lamborghini 
>>> money".  Depends whether you already have the Juniper router or if you had 
>>> to start from square one.
>>> I'm not saying there's anything wrong with Juniper, I'm just saying you 
>>> have to bring your checkbook if you want to do CG-NAT with them.
>>>
>>> On 3/1/2021 1:06 PM, Adam Moffett wrote:
>>> It's 5 digit numbers, however you choose to label it.
>>> The good news is one box will scale to staggering amounts of traffic.
>>>
>>>
>>> On 3/1/2021 1:03 PM, Bill Prince wrote:
>>> Corvette money. Is that anything like cubic dollars?
>>>
>>> bp
>>> 
>>>
>>> On 3/1/2021 9:51 AM, Adam Moffett wrote:
>>> CGNAT on Juniper requires an IP services card.  With licensing it's like 
>>> Corvette money.
>>> but that's kinda where we're at isn't it.
>>>
>>>
>>> On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
>>> I gave up the first time they asked me to record data for them during an 
>>> instance and wanted us to let it hang and collect data.
>>>
>>> I was like no, not going to do that.
>>>
>>> And then started removing 1072 connection tracking altogether from my 
>>> network.
>>>
>>> For the time being I’m using 1036 for CGNAT as a transition, then will head 
>>> to CHR CGNAT, then Juniper.
>>>
>>> I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
>>> particular issue seems beyond them to repair.
>>>
>>> Which makes the 1072 a no starter for anything conn track for us ever again.
>>>
>>> I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
>>> Watching to see if it bails too, or is capable of doing it for the time 
>>> being.
>>>
>>> But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation 
>>> of layer2 into our cores where we will do all of the heavy lifting.
>>>
>>>
>>>
>>>
>>> From: AF [mailto:af-boun...@af.afmug.com] 
>>> On Behalf Of Steven Kenney
>>> Sent: Monday, March 1, 2021 9:03 AM
>>> To: af [mailto:af@af.afmug.com]
>>> Subject: [AFMUG] Mikrotik Official Limitations
>>>
>>>
>>> Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't 
>>> fix it, had several peopl

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread fiberrun

Well, yes, but that's both a pro and a con :)

Here's a writeup on using DANOS to push 10+ Gbps using CGNAT on a Dell 
PowerEdge R230 - Quad Core Intel(R) Xeon(R) CPU E3-1240 v6 @ 3.70GHz:
https://wiki.brasilpeeringforum.org/w/CGNAT_Bulk_Port_Allocation_com_DPDK

https://translate.google.com/translate?sl=auto&tl=en&u=https://wiki.brasilpeeringforum.org/w/CGNAT_Bulk_Port_Allocation_com_DPDK

If going the Juniper route, keep in mind that the SRX may also be an option.


- Jared



> Sent: Monday, March 01, 2021 at 5:12 PM
> From: "Adam Moffett" 
> To: af@af.afmug.com
> Subject: Re: [AFMUG] Mikrotik Official Limitations
>
> One thing I'll miss about Mikrotik is every router can use every feature.
> 
> 
> On 3/1/2021 3:52 PM, fiber...@mail.com wrote:
> > I guess it depends on what kind of NAT you want to do.
> >
> > Here's an overview of CGNAT implementation options:
> > https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html
> >
> > And which chassies take which cards:
> > https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview
> >
> > You *can* get started with a MS-MIC-16G , but it doesn't have the 
> > throughput of later cards nor all the bells and whistles.
> >
> > - Jared
> >
> >> Sent: Monday, March 01, 2021 at 3:31 PM
> >> From: "Adam Moffett" 
> >> To: af@af.afmug.com
> >> Subject: Re: [AFMUG] Mikrotik Official Limitations
> >>
> >> Maybe I was misinformed.
> >>
> >> The VAR told me JunOS would only do 1:1 NAT unless you had an IP
> >> Services card, and that I had to have an MX240, 480, or 960 to use that
> >> card.
> >>
> >>
> >> On 3/1/2021 3:27 PM, fiber...@mail.com wrote:
> >>> If your needs are more modest, I guess you could get away with an 
> >>> MS-MIC-16G card in a low end MX router. The MIC can be had for less than 
> >>> four grand, as can an older MX router. That should be good for CGNAT 
> >>> needs under 9 Gbps.
> >>>
> >>>
> >>> - Jared
> >>>
> >>>
> >>>
> >>>
> >>> Sent: Monday, March 01, 2021 at 1:41 PM
> >>> From: "Adam Moffett" 
> >>> To: af@af.afmug.com
> >>> Subject: Re: [AFMUG] Mikrotik Official Limitations
> >>> I should have said it's 5 digits on top of having a Juniper router which 
> >>> can accept the IP services card (eg MX240, MX480, or MX960).  You'll be 
> >>> into 6 digits before you have the whole BOM.  Maybe I should have said 
> >>> "Lamborghini money".  Depends whether you already have the Juniper router 
> >>> or if you had to start from square one.
> >>> I'm not saying there's anything wrong with Juniper, I'm just saying you 
> >>> have to bring your checkbook if you want to do CG-NAT with them.
> >>>
> >>> On 3/1/2021 1:06 PM, Adam Moffett wrote:
> >>> It's 5 digit numbers, however you choose to label it.
> >>> The good news is one box will scale to staggering amounts of traffic.
> >>>
> >>>
> >>> On 3/1/2021 1:03 PM, Bill Prince wrote:
> >>> Corvette money. Is that anything like cubic dollars?
> >>>
> >>> bp
> >>> 
> >>>
> >>> On 3/1/2021 9:51 AM, Adam Moffett wrote:
> >>> CGNAT on Juniper requires an IP services card.  With licensing it's like 
> >>> Corvette money.
> >>> but that's kinda where we're at isn't it.
> >>>
> >>>
> >>> On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
> >>> I gave up the first time they asked me to record data for them during an 
> >>> instance and wanted us to let it hang and collect data.
> >>>
> >>> I was like no, not going to do that.
> >>>
> >>> And then started removing 1072 connection tracking altogether from my 
> >>> network.
> >>>
> >>> For the time being I’m using 1036 for CGNAT as a transition, then will 
> >>> head to CHR CGNAT, then Juniper.
> >>>
> >>> I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
> >>> particular issue seems beyond them to repair.
> >>>
> >>> Which makes the 1072 a no starter for anything conn track for us ever 
> >>> again.
> >>>
> >>> I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
> >>> Watching to see if it bails too, or is capable of doing it for the time 
> >>> being.
> >>>
> >>> But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation 
> >>> of layer2 into our cores where we will do all of the heavy lifting.
> >>>
> >>>
> >>>
> >>>
> >>> From: AF [mailto:af-boun...@af.afmug.com] On 
> >>> Behalf Of Steven Kenney
> >>> Sent: Monday, March 1, 2021 9:03 AM
> >>> To: af [mailto:af@af.afmug.com]
> >>> Subject: [AFMUG] Mikrotik Official Limitations
> >>>
> >>>
> >>> Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't 
> >>> fix it, had several people check the configs all were good. After 2 
> >>> months of going back and forth, escalating to a higher tier tech...   I 
> >>> officially got a response that 1 million connections is too much for the 
> >>>

[AFMUG] Fwd: Sovereign IF

2021-03-01 Thread Chuck McCown via AF



Sent from my iPhone

Begin forwarded message:

> From: Phil Windley 
> Date: March 1, 2021 at 11:00:00 AM MST
> To: Chuck McCown 
> Subject: Re: [AFMUG] FB account deleted
> 
> Hey Chuck, good to hear from you. 
> 
> Sovrin doesn’t ever hold your personal data and it’s never written to a 
> blockchain somewhere. Instead, it’s given to you to hold in a digital wallet 
> you control. 
> 
> The exact mechanism is based on a few specifications including
> 
> Decentralized identifiers: https://www.w3.org/TR/did-core/
> DIDComm messaging: https://identity.foundation/didcomm-messaging/spec/
> Verifiable Credentials: https://www.w3.org/TR/vc-data-model/
> 
> You get a cryptographically trustworthy credential from a trusted party (like 
> the DMV) and hold it in your wallet, just like you hold your drivers license 
> in your physical wallet. You can use it to prove things about yourself to 
> anyone anytime without anyone but you and party verifying the credential 
> knowing. Better yet, the proof of your attributes is based Zero Knowledge 
> Proofs (ZKP) for minimal disclosure. 
> 
> Regarding the “what happens when this gets hacked” question: The big idea 
> here is there’s no big trove of identity data to hack. It’s spread out, 
> protected by keys you control. So, hacking into one wallet doesn’t get you 
> into another wallet. So, the payoff is too low to be interesting for more 
> people. 
> 
> These blog posts contain more info (and more links):
> 
> Relationships and Identity: 
> https://www.windley.com/archives/2020/07/relationships_and_identity.shtml
> Authentic Digital Relationships: 
> https://www.windley.com/archives/2020/08/authentic_digital_relationships.shtml
> The Architecture of Identity Systems: 
> https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml
> 
> You can try it out here: https://try.connect.me/
> 
> This is just one digital wallet vendor. I know of at least 5 others. 
> 
> Cheers,
> 
> —phil— 
> 
>> On Feb 25, 2021, at 2:40 PM, Chuck McCown  wrote:
>> 
>> Phil,
>> I have a email list serv that has been running for about 20 years.  I 
>> introduced the concept of soverign ID this morning and have been having a 
>> difficult time convincing people that it really turns the tables on all the 
>> content providers. 
>>  
>> Would you mind replying to the guy below?  I will cross post it to the list. 
>>  This list is my sole “social media” presence...
>>  
>> Thanks,
>> Chuck
>>  
>> From: Jan-GAMs
>> Sent: Thursday, February 25, 2021 1:53 PM
>> To: af@af.afmug.com
>> Subject: Re: [AFMUG] FB account deleted
>>  
>> And what happens to your data and ID when sovrin gets hacked?  Is sovrin 
>> going to insure your account and pay you for your loss?  Clean-up any 
>> identity fraud?  So far, all I see is a larger hack-target!
>> 
>> On 2/25/21 9:54 AM, Chuck McCown via AF wrote:
>>> If widely adopted this https://sovrin.org/  can solve everything.
>>>  
>>> From: Jan-GAMs
>>> Sent: Thursday, February 25, 2021 10:25 AM
>>> To: af@af.afmug.com
>>> Subject: Re: [AFMUG] FB account deleted
>>>  
>>> I don't have anything against 2fa, I just think giving it to a business 
>>> that is involved with selling your personal data is moronic.  They have no 
>>> excusable reason even knowing your real name, why you giving them info 
>>> directly traceable to specifically you?
>>> 
 On 2/25/21 6:57 AM, Matt Hoppes wrote:
 Why do you guys hate to factor authentication I turn it on everywhere I 
 can. Is it really that hard to get a text message and enter a six or eight 
 digit number to know that your account is secure.
  
 Especially with the ability of most websites to remember the device you’re 
 logging in from it’s usually a once in a great while thing.
 
> On Feb 25, 2021, at 8:45 AM, Steve Jones mailto:thatoneguyst...@gmail.com 
> wrote:
> 
> 
> I do hate 2fa as well, I had an issue with a credit card payment to my 
> cell carrier last week, so my service was shut off. So I go to log into 
> my credit card portal, guess where the auth text got sent. But the 
> cumbersome nature of it did force me to rethink my refusal to put 
> alternate forms of payment on file and to actually open credit card 
> statements. 
> Fyi, percent cashback only pays off of you're cards are set to pay the 
> balance automatically and not the default of minimum monthly payment. 
> That default should be illegal too
>  
> On Thu, Feb 25, 2021, 7:21 AM Mike Hammett  wrote:
>> I only use 2FA when required. It's a pain in the butt.
>>  
>> I do use a password manager with randomly generated passwords.
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> 
>> Midwest Internet Exchange
>> 
>> The Brothers WISP
>> 
>> 
>> 
>> 
>> From: "Steve Jones" 
>> To: "AnimalFarm Microwave Users Group" 
>> Sent: Wednesday, F

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Chuck McCown via AF

Lots of cheap used stuff out there.

Sent from my iPhone

> On Mar 1, 2021, at 11:06 AM, Adam Moffett  wrote:
> 
> 
> It's 5 digit numbers, however you choose to label it.
> 
> The good news is one box will scale to staggering amounts of traffic.
> 
> 
> 
>> On 3/1/2021 1:03 PM, Bill Prince wrote:
>> Corvette money. Is that anything like cubic dollars?
>> 
>> 
>> 
>> bp
>> 
>> On 3/1/2021 9:51 AM, Adam Moffett wrote:
>>> CGNAT on Juniper requires an IP services card.  With licensing it's like 
>>> Corvette money.
>>> 
>>> but that's kinda where we're at isn't it.
>>> 
>>> 
>>> 
>>> On 3/1/2021 12:36 PM, Sterling Jacobson wrote:
 I gave up the first time they asked me to record data for them during an 
 instance and wanted us to let it hang and collect data.

 I was like no, not going to do that.

 And then started removing 1072 connection tracking altogether from my 
 network.

 For the time being I’m using 1036 for CGNAT as a transition, then will 
 head to CHR CGNAT, then Juniper.

 I agree that Mikrotik just isn’t focused on the 1072 anymore and this 
 particular issue seems beyond them to repair.

 Which makes the 1072 a no starter for anything conn track for us ever 
 again.

 I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release.
 Watching to see if it bails too, or is capable of doing it for the time 
 being.

 But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation 
 of layer2 into our cores where we will do all of the heavy lifting.

 From: AF  On Behalf Of Steven Kenney
 Sent: Monday, March 1, 2021 9:03 AM
 To: af 
 Subject: [AFMUG] Mikrotik Official Limitations

 Still fighting with Mikrotik about the 1072 reboots.  New hardware didn't 
 fix it, had several people check the configs all were good. After 2 months 
 of going back and forth, escalating to a higher tier tech...   I 
 officially got a response that 1 million connections is too much for the 
 1072 and I should expect it to reboot and not function properly.  That was 
 their conclusion.  Even though all of the 72 processors are under 50%,  
 memory usage is only about 20% etc.  Turn off connection tracking is the 
 their solution.  

 How about those apples?  

 STEVEN KENNEY 
 DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | 
 Leamington ON 
 E: st...@wavedirect.org | P: 519-737-9283
 W: www.wavedirect.net

>>> 
>> 
> -- 
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] flypro

2021-03-01 Thread Chuck McCown via AF

Anyone use flypro.com for fiber stuff.  They are a bit cheaper than fs.com for 
what I am looking at but have never heard of them before.  -- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mikrotik Official Limitations

2021-03-01 Thread Robert

Yes, dissing what gets you from point a to point b is like saying I have 
magic ( or a sugar daddy ) to just appear at point b.  Tools are tools, 
if you have to buy from Harbor Freight to inflate a tire because you 
cannot buy snap-on is better than being stuck on the side of the road 
with a flat tire.


On 3/1/21 10:42 AM, Adam Moffett wrote:


+1

On 3/1/2021 1:41 PM, Sterling Jacobson wrote:


Yeah, that’s why there is justification for using Mikrotik “garbage”.

Mikrotik has got us where we are and allowed us to grow and grow our 
small team without a large upfront cost.


And then migrate to bigger and better.

Done this method a few times now and it’s worked out well.

Moral of the story is, work the best with what you have and know your 
platform.


I know Mikrotik. I can get angry and do have my rows with vendors and 
manufacturers, but we learn where we can reliably use what hardware 
over time.


Starting from ground zero I would definitely use Mikrotik again since 
I know it and what it can and cannot do.


But I am looking forward to the day when we invest in an MX series of 
highly available routers/platform.


Just like it would be awesome if I had enough money up front to run 
all Cambium M and Terragraph for our WISP side lol


*From:* AF  *On Behalf Of * Adam Moffett
*Sent:* Monday, March 1, 2021 11:06 AM
*To:* af@af.afmug.com
*Subject:* Re: [AFMUG] Mikrotik Official Limitations

It's 5 digit numbers, however you choose to label it.

The good news is one box will scale to staggering amounts of traffic.

On 3/1/2021 1:03 PM, Bill Prince wrote:

Corvette money. Is that anything like cubic dollars?

bp



On 3/1/2021 9:51 AM, Adam Moffett wrote:

CGNAT on Juniper requires an IP services card.  With
licensing it's like Corvette money.

but that's kinda where we're at isn't it.

On 3/1/2021 12:36 PM, Sterling Jacobson wrote:

I gave up the first time they asked me to record data for
them during an instance and wanted us to let it hang and
collect data.

I was like no, not going to do that.

And then started removing 1072 connection tracking
altogether from my network.

For the time being I’m using 1036 for CGNAT as a
transition, then will head to CHR CGNAT, then Juniper.

I agree that Mikrotik just isn’t focused on the 1072
anymore and this particular issue seems beyond them to
repair.

Which makes the 1072 a no starter for anything conn track
for us ever again.

I’ve got one 2004 doing the CGNAT now, and it’s on latest
Stable release.

Watching to see if it bails too, or is capable of doing
it for the time being.

But our end game it MPLS/VPLS and/or direct switch VLAN
type segmentation of layer2 into our cores where we will
do all of the heavy lifting.

*From:* AF 
 *On Behalf Of *Steven Kenney
*Sent:* Monday, March 1, 2021 9:03 AM
*To:* af  
*Subject:* [AFMUG] Mikrotik Official Limitations

Still fighting with Mikrotik about the 1072 reboots. New
hardware didn't fix it, had several people check the
configs all were good. After 2 months of going back and
forth, escalating to a higher tier tech...   I officially
got a response that 1 million connections is too much for
the 1072 and I should expect it to reboot and not
function properly.  That was their conclusion. Even
though all of the 72 processors are under 50%,  memory
usage is only about 20% etc.  Turn off connection
tracking is the their solution.

How about those apples?

logo 






*STEVEN KENNEY *
*DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158
Erie St. N | Leamington ON
E: st...@wavedirect.org  |
P: 519-737-9283
W: www.wavedirect.net *












-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] icmp network strangeness

2021-03-01 Thread TJ Trout

I have an issue on a segment of my network where two switches will
intermittently start showing as down by icmp/snmp but the problem is only
related to the reachability of the device itself and all traffic through
the switches is fine, other devices and switches on the segment are fine.

Has anyone seen something like this before?
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] icmp network strangeness

2021-03-01 Thread TJ Trout

Sorry not down, they will report exactly 36% packet loss over any duration
of measurement. They are constantly up/down .

On Mon, Mar 1, 2021 at 5:24 PM TJ Trout  wrote:

> I have an issue on a segment of my network where two switches will
> intermittently start showing as down by icmp/snmp but the problem is only
> related to the reachability of the device itself and all traffic through
> the switches is fine, other devices and switches on the segment are fine.
>
> Has anyone seen something like this before?
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Fwd: Sovereign IF

2021-03-01 Thread Steve Jones

False, you're on facebook

On Mon, Mar 1, 2021, 5:56 PM Chuck McCown via AF  wrote:

>
>
> Sent from my iPhone
>
> Begin forwarded message:
>
> *From:* Phil Windley 
> *Date:* March 1, 2021 at 11:00:00 AM MST
> *To:* Chuck McCown 
> *Subject:* *Re: [AFMUG] FB account deleted*
>
> Hey Chuck, good to hear from you.
>
> Sovrin doesn’t ever hold your personal data and it’s never written to a
> blockchain somewhere. Instead, it’s given to you to hold in a digital
> wallet you control.
>
> The exact mechanism is based on a few specifications including
>
> Decentralized identifiers: https://www.w3.org/TR/did-core/
> DIDComm messaging: https://identity.foundation/didcomm-messaging/spec/
> Verifiable Credentials: https://www.w3.org/TR/vc-data-model/
>
> You get a cryptographically trustworthy credential from a trusted party
> (like the DMV) and hold it in your wallet, just like you hold your drivers
> license in your physical wallet. You can use it to prove things about
> yourself to anyone anytime without anyone but you and party verifying the
> credential knowing. Better yet, the proof of your attributes is based Zero
> Knowledge Proofs (ZKP) for minimal disclosure.
>
> Regarding the “what happens when this gets hacked” question: The big idea
> here is there’s no big trove of identity data to hack. It’s spread out,
> protected by keys you control. So, hacking into one wallet doesn’t get you
> into another wallet. So, the payoff is too low to be interesting for more
> people.
>
> These blog posts contain more info (and more links):
>
> Relationships and Identity:
> https://www.windley.com/archives/2020/07/relationships_and_identity.shtml
> Authentic Digital Relationships:
> https://www.windley.com/archives/2020/08/authentic_digital_relationships.shtml
> The Architecture of Identity Systems:
> https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml
>
> You can try it out here: https://try.connect.me/
>
> This is just one digital wallet vendor. I know of at least 5 others.
>
> Cheers,
>
> —phil—
>
> On Feb 25, 2021, at 2:40 PM, Chuck McCown  wrote:
>
> Phil,
> I have a email list serv that has been running for about 20 years.  I
> introduced the concept of soverign ID this morning and have been having a
> difficult time convincing people that it really turns the tables on all the
> content providers.
>
> Would you mind replying to the guy below?  I will cross post it to the
> list.  This list is my sole “social media” presence...
>
> Thanks,
> Chuck
>
> *From:* Jan-GAMs
> *Sent:* Thursday, February 25, 2021 1:53 PM
> *To:* af@af.afmug.com
> *Subject:* Re: [AFMUG] FB account deleted
>
>
> And what happens to your data and ID when sovrin gets hacked?  Is sovrin
> going to insure your account and pay you for your loss?  Clean-up any
> identity fraud?  So far, all I see is a larger hack-target!
> On 2/25/21 9:54 AM, Chuck McCown via AF wrote:
>
> If widely adopted this https://sovrin.org/  can solve everything.
>
> *From:* Jan-GAMs
> *Sent:* Thursday, February 25, 2021 10:25 AM
> *To:* af@af.afmug.com
> *Subject:* Re: [AFMUG] FB account deleted
>
>
> I don't have anything against 2fa, I just think giving it to a business
> that is involved with selling your personal data is moronic.  They have no
> excusable reason even knowing your real name, why you giving them info
> directly traceable to specifically you?
> On 2/25/21 6:57 AM, Matt Hoppes wrote:
>
> Why do you guys hate to factor authentication I turn it on everywhere I
> can. Is it really that hard to get a text message and enter a six or eight
> digit number to know that your account is secure.
>
> Especially with the ability of most websites to remember the device you’re
> logging in from it’s usually a once in a great while thing.
>
> On Feb 25, 2021, at 8:45 AM, Steve Jones mailto:thatoneguyst...@gmail.com
> wrote:
>
> 
> I do hate 2fa as well, I had an issue with a credit card payment to my
> cell carrier last week, so my service was shut off. So I go to log into my
> credit card portal, guess where the auth text got sent. But the cumbersome
> nature of it did force me to rethink my refusal to put alternate forms of
> payment on file and to actually open credit card statements.
> Fyi, percent cashback only pays off of you're cards are set to pay the
> balance automatically and not the default of minimum monthly payment. That
> default should be illegal too
>
> On Thu, Feb 25, 2021, 7:21 AM Mike Hammett  wrote:
>
>> I only use 2FA when required. It's a pain in the butt.
>>
>> I do use a password manager with randomly generated passwords.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>>

Re: [AFMUG] icmp network strangeness

2021-03-01 Thread Steve Jones

I hate exact oddities

On Mon, Mar 1, 2021, 7:26 PM TJ Trout  wrote:

> Sorry not down, they will report exactly 36% packet loss over any duration
> of measurement. They are constantly up/down .
>
> On Mon, Mar 1, 2021 at 5:24 PM TJ Trout  wrote:
>
>> I have an issue on a segment of my network where two switches will
>> intermittently start showing as down by icmp/snmp but the problem is only
>> related to the reachability of the device itself and all traffic through
>> the switches is fine, other devices and switches on the segment are fine.
>>
>> Has anyone seen something like this before?
>>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] icmp network strangeness

2021-03-01 Thread Colin Stanners

That sounds like a fun problem, where fun involves undesired removal of
your own hair.

Can you specify where the switches are related to each other, what brand
switches, what monitoring platform, what monitoring interval, any logs or
screenshots?

On Mon, Mar 1, 2021 at 7:26 PM TJ Trout  wrote:

> Sorry not down, they will report exactly 36% packet loss over any duration
> of measurement. They are constantly up/down .
>
> On Mon, Mar 1, 2021 at 5:24 PM TJ Trout  wrote:
>
>> I have an issue on a segment of my network where two switches will
>> intermittently start showing as down by icmp/snmp but the problem is only
>> related to the reachability of the device itself and all traffic through
>> the switches is fine, other devices and switches on the segment are fine.
>>
>> Has anyone seen something like this before?
>>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

39 matches

Mail list logo