Re: [AFMUG] Mikrotik Official Limitations
Good point. And ARIN is still handing out IPv4 on the wait list as well. But we went ahead and just went CGNAT across everything just to push for IPv6 and the future. Some customers complained about servers they were hosting that we didn’t know about, and some complained about some games on Xbox/Playstation not working even on IPv6. So we do rent out $5 a month static public IPv4 space now and have reversed our cash flow on that. Used to be we had 4 x /24 nets rented at about $200 a month each block or $800 a month outgoing. This month we finished our CGNAT and switched everything to our own ARIN blocks and rented out IP’s. So that $800 outgoing became something like $250 incoming, or a delta of about $1k positive cash flow going CGNAT. From: AF On Behalf Of Carl Peterson Sent: Tuesday, March 2, 2021 7:16 AM To: AnimalFarm Microwave Users Group Subject: Re: [AFMUG] Mikrotik Official Limitations When I looked at the long term (greater than 10 year) cost of CGNAT on Juniper vs buying more IPV4, buying more IPV4 came out ahead. Your results may vary. On Tue, Mar 2, 2021 at 7:50 AM dave mailto:dmilho...@wletc.com>> wrote: +1 Dennis, I look at not only the hardware specs but it interface limitation as well. Having multiple 10G ports sets that model up for a good edge router not intended for nat. [cid:image001.jpg@01D70F4E.688E4920] On 3/1/21 4:22 PM, Dennis Burgess wrote: We have customers with dual 10gig bonded links running 12-15gig inbound with 1072s and full tables without issues. Note, no connecting tracking. Its more about knowing their limitations and working around those. We would simply put NAT at each tower vs at the network edge, creates better design and allows for each tower to be natted to its local IP. Just my two cents. Dennis Burgess Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, Enterprise Wireless Engineer Hurricane Electric: IPv6 Sage Level Cambium: ePMP Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net Create Wireless Coverage’s with www.towercoverage.com<http://www.towercoverage.com> How did we do today? -Original Message- From: AF <mailto:af-boun...@af.afmug.com> On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 4:13 PM To: af@af.afmug.com<mailto:af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations One thing I'll miss about Mikrotik is every router can use every feature. On 3/1/2021 3:52 PM, fiber...@mail.com<mailto:fiber...@mail.com> wrote: I guess it depends on what kind of NAT you want to do. Here's an overview of CGNAT implementation options: https://www.juniper.net/documentation/en_US/junos-space-apps/edge-serv ices-director1.0/topics/topic-map/nat-junos-cgn-implementations.html And which chassies take which cards: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ser vices-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms -mic-and-ms-mpc-overview You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of later cards nor all the bells and whistles. - Jared Sent: Monday, March 01, 2021 at 3:31 PM From: "Adam Moffett" <mailto:dmmoff...@gmail.com> To: af@af.afmug.com<mailto:af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations Maybe I was misinformed. The VAR told me JunOS would only do 1:1 NAT unless you had an IP Services card, and that I had to have an MX240, 480, or 960 to use that card. On 3/1/2021 3:27 PM, fiber...@mail.com<mailto:fiber...@mail.com> wrote: If your needs are more modest, I guess you could get away with an MS-MIC-16G card in a low end MX router. The MIC can be had for less than four grand, as can an older MX router. That should be good for CGNAT needs under 9 Gbps. - Jared Sent: Monday, March 01, 2021 at 1:41 PM From: "Adam Moffett" <mailto:dmmoff...@gmail.com> To: af@af.afmug.com<mailto:af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic.
Re: [AFMUG] Mikrotik Official Limitations
When I looked at the long term (greater than 10 year) cost of CGNAT on Juniper vs buying more IPV4, buying more IPV4 came out ahead. Your results may vary. On Tue, Mar 2, 2021 at 7:50 AM dave wrote: > +1 > Dennis, > I look at not only the hardware specs but it interface limitation as well. > Having multiple 10G ports sets that model up for a good edge router not > intended for nat. > > > On 3/1/21 4:22 PM, Dennis Burgess wrote: > > We have customers with dual 10gig bonded links running 12-15gig inbound with > 1072s and full tables without issues. Note, no connecting tracking. Its > more about knowing their limitations and working around those. We would > simply put NAT at each tower vs at the network edge, creates better design > and allows for each tower to be natted to its local IP. Just my two cents. > > > > Dennis Burgess > > Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, > Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, > Enterprise Wireless Engineer > Hurricane Electric: IPv6 Sage Level > Cambium: ePMP > > Author of "Learn RouterOS- Second Edition” > Link Technologies, Inc -- Mikrotik & WISP Support Services > Office: 314-735-0270 Website: http://www.linktechs.net > Create Wireless Coverage’s with www.towercoverage.com > How did we do today? > > > -Original Message- > From: AF On Behalf Of > Adam Moffett > Sent: Monday, March 1, 2021 4:13 PM > To: af@af.afmug.com > Subject: Re: [AFMUG] Mikrotik Official Limitations > > One thing I'll miss about Mikrotik is every router can use every feature. > > > On 3/1/2021 3:52 PM, fiber...@mail.com wrote: > > I guess it depends on what kind of NAT you want to do. > > Here's an overview of CGNAT implementation > options:https://www.juniper.net/documentation/en_US/junos-space-apps/edge-serv > ices-director1.0/topics/topic-map/nat-junos-cgn-implementations.html > > And which chassies take which > cards:https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ser > vices-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms > -mic-and-ms-mpc-overview > > You *can* get started with a MS-MIC-16G , but it doesn't have the throughput > of later cards nor all the bells and whistles. > > - Jared > > > Sent: Monday, March 01, 2021 at 3:31 PM > From: "Adam Moffett" > To: af@af.afmug.com > Subject: Re: [AFMUG] Mikrotik Official Limitations > > Maybe I was misinformed. > > The VAR told me JunOS would only do 1:1 NAT unless you had an IP > Services card, and that I had to have an MX240, 480, or 960 to use > that card. > > > On 3/1/2021 3:27 PM, fiber...@mail.com wrote: > > If your needs are more modest, I guess you could get away with an MS-MIC-16G > card in a low end MX router. The MIC can be had for less than four grand, as > can an older MX router. That should be good for CGNAT needs under 9 Gbps. > > > - Jared > > > > > Sent: Monday, March 01, 2021 at 1:41 PM > From: "Adam Moffett" > To: af@af.afmug.com > Subject: Re: [AFMUG] Mikrotik Official Limitations I should have > said it's 5 digits on top of having a Juniper router which can accept the IP > services card (eg MX240, MX480, or MX960). You'll be into 6 digits before > you have the whole BOM. Maybe I should have said "Lamborghini money". > Depends whether you already have the Juniper router or if you had to start > from square one. > I'm not saying there's anything wrong with Juniper, I'm just saying you have > to bring your checkbook if you want to do CG-NAT with them. > > On 3/1/2021 1:06 PM, Adam Moffett wrote: > It's 5 digit numbers, however you choose to label it. > The good news is one box will scale to staggering amounts of traffic. > > > On 3/1/2021 1:03 PM, Bill Prince wrote: > Corvette money. Is that anything like cubic dollars? > > bp > > > On 3/1/2021 9:51 AM, Adam Moffett wrote: > CGNAT on Juniper requires an IP services card. With licensing it's like > Corvette money. > but that's kinda where we're at isn't it. > > > On 3/1/2021 12:36 PM, Sterling Jacobson wrote: > I gave up the first time they asked me to record data for them during an > instance and wanted us to let it hang and collect data. > > I was like no, not going to do that. > > And then started removing 1072 connection tracking altogether from my network. > > For the time being I’m using 1036 for CGNAT as a transition, then will head > to CHR CGNAT, then Juniper. > > I agree that Mikrotik just isn’t focused on the 1072 anymore and this > part
Re: [AFMUG] Mikrotik Official Limitations
+1 Dennis, I look at not only the hardware specs but it interface limitation as well. Having multiple 10G ports sets that model up for a good edge router not intended for nat. On 3/1/21 4:22 PM, Dennis Burgess wrote: We have customers with dual 10gig bonded links running 12-15gig inbound with 1072s and full tables without issues. Note, no connecting tracking. Its more about knowing their limitations and working around those. We would simply put NAT at each tower vs at the network edge, creates better design and allows for each tower to be natted to its local IP. Just my two cents. Dennis Burgess Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, Enterprise Wireless Engineer Hurricane Electric: IPv6 Sage Level Cambium: ePMP Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net Create Wireless Coverage’s with www.towercoverage.com How did we do today? -Original Message- From: AF On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 4:13 PM To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations One thing I'll miss about Mikrotik is every router can use every feature. On 3/1/2021 3:52 PM, fiber...@mail.com wrote: I guess it depends on what kind of NAT you want to do. Here's an overview of CGNAT implementation options: https://www.juniper.net/documentation/en_US/junos-space-apps/edge-serv ices-director1.0/topics/topic-map/nat-junos-cgn-implementations.html And which chassies take which cards: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ser vices-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms -mic-and-ms-mpc-overview You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of later cards nor all the bells and whistles. - Jared Sent: Monday, March 01, 2021 at 3:31 PM From: "Adam Moffett" To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations Maybe I was misinformed. The VAR told me JunOS would only do 1:1 NAT unless you had an IP Services card, and that I had to have an MX240, 480, or 960 to use that card. On 3/1/2021 3:27 PM, fiber...@mail.com wrote: If your needs are more modest, I guess you could get away with an MS-MIC-16G card in a low end MX router. The MIC can be had for less than four grand, as can an older MX router. That should be good for CGNAT needs under 9 Gbps. - Jared Sent: Monday, March 01, 2021 at 1:41 PM From: "Adam Moffett" To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af [mailto:af@af.afmug.com] Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people chec
Re: [AFMUG] Mikrotik Official Limitations
Yes, dissing what gets you from point a to point b is like saying I have magic ( or a sugar daddy ) to just appear at point b. Tools are tools, if you have to buy from Harbor Freight to inflate a tire because you cannot buy snap-on is better than being stuck on the side of the road with a flat tire. On 3/1/21 10:42 AM, Adam Moffett wrote: +1 On 3/1/2021 1:41 PM, Sterling Jacobson wrote: Yeah, that’s why there is justification for using Mikrotik “garbage”. Mikrotik has got us where we are and allowed us to grow and grow our small team without a large upfront cost. And then migrate to bigger and better. Done this method a few times now and it’s worked out well. Moral of the story is, work the best with what you have and know your platform. I know Mikrotik. I can get angry and do have my rows with vendors and manufacturers, but we learn where we can reliably use what hardware over time. Starting from ground zero I would definitely use Mikrotik again since I know it and what it can and cannot do. But I am looking forward to the day when we invest in an MX series of highly available routers/platform. Just like it would be awesome if I had enough money up front to run all Cambium M and Terragraph for our WISP side lol *From:* AF *On Behalf Of * Adam Moffett *Sent:* Monday, March 1, 2021 11:06 AM *To:* af@af.afmug.com *Subject:* Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. *From:* AF <mailto:af-boun...@af.afmug.com> *On Behalf Of *Steven Kenney *Sent:* Monday, March 1, 2021 9:03 AM *To:* af <mailto:af@af.afmug.com> *Subject:* [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed><https://www.instagram.com/wave.direct/><https://www.linkedin.com/company/wavedirect-telecommunication/><https://twitter.com/wavedirect1><https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * *DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org <mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net <http://www.wavedirect.net>* -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Lots of cheap used stuff out there. Sent from my iPhone > On Mar 1, 2021, at 11:06 AM, Adam Moffett wrote: > > > It's 5 digit numbers, however you choose to label it. > > The good news is one box will scale to staggering amounts of traffic. > > > >> On 3/1/2021 1:03 PM, Bill Prince wrote: >> Corvette money. Is that anything like cubic dollars? >> >> >> >> bp >> >> On 3/1/2021 9:51 AM, Adam Moffett wrote: >>> CGNAT on Juniper requires an IP services card. With licensing it's like >>> Corvette money. >>> >>> but that's kinda where we're at isn't it. >>> >>> >>> >>> On 3/1/2021 12:36 PM, Sterling Jacobson wrote: >>>> I gave up the first time they asked me to record data for them during an >>>> instance and wanted us to let it hang and collect data. >>>> >>>> I was like no, not going to do that. >>>> >>>> And then started removing 1072 connection tracking altogether from my >>>> network. >>>> >>>> For the time being I’m using 1036 for CGNAT as a transition, then will >>>> head to CHR CGNAT, then Juniper. >>>> >>>> I agree that Mikrotik just isn’t focused on the 1072 anymore and this >>>> particular issue seems beyond them to repair. >>>> >>>> Which makes the 1072 a no starter for anything conn track for us ever >>>> again. >>>> >>>> I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. >>>> Watching to see if it bails too, or is capable of doing it for the time >>>> being. >>>> >>>> But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation >>>> of layer2 into our cores where we will do all of the heavy lifting. >>>> >>>> >>>> >>>> From: AF On Behalf Of Steven Kenney >>>> Sent: Monday, March 1, 2021 9:03 AM >>>> To: af >>>> Subject: [AFMUG] Mikrotik Official Limitations >>>> >>>> Still fighting with Mikrotik about the 1072 reboots. New hardware didn't >>>> fix it, had several people check the configs all were good. After 2 months >>>> of going back and forth, escalating to a higher tier tech... I >>>> officially got a response that 1 million connections is too much for the >>>> 1072 and I should expect it to reboot and not function properly. That was >>>> their conclusion. Even though all of the 72 processors are under 50%, >>>> memory usage is only about 20% etc. Turn off connection tracking is the >>>> their solution. >>>> >>>> How about those apples? >>>> >>>> >>>> >>>> >>>> STEVEN KENNEY >>>> DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | >>>> Leamington ON >>>> E: st...@wavedirect.org | P: 519-737-9283 >>>> W: www.wavedirect.net >>>> >>>> >>>> >>> >> > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Well, yes, but that's both a pro and a con :) Here's a writeup on using DANOS to push 10+ Gbps using CGNAT on a Dell PowerEdge R230 - Quad Core Intel(R) Xeon(R) CPU E3-1240 v6 @ 3.70GHz: https://wiki.brasilpeeringforum.org/w/CGNAT_Bulk_Port_Allocation_com_DPDK https://translate.google.com/translate?sl=auto&tl=en&u=https://wiki.brasilpeeringforum.org/w/CGNAT_Bulk_Port_Allocation_com_DPDK If going the Juniper route, keep in mind that the SRX may also be an option. - Jared > Sent: Monday, March 01, 2021 at 5:12 PM > From: "Adam Moffett" > To: af@af.afmug.com > Subject: Re: [AFMUG] Mikrotik Official Limitations > > One thing I'll miss about Mikrotik is every router can use every feature. > > > On 3/1/2021 3:52 PM, fiber...@mail.com wrote: > > I guess it depends on what kind of NAT you want to do. > > > > Here's an overview of CGNAT implementation options: > > https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html > > > > And which chassies take which cards: > > https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview > > > > You *can* get started with a MS-MIC-16G , but it doesn't have the > > throughput of later cards nor all the bells and whistles. > > > > - Jared > > > >> Sent: Monday, March 01, 2021 at 3:31 PM > >> From: "Adam Moffett" > >> To: af@af.afmug.com > >> Subject: Re: [AFMUG] Mikrotik Official Limitations > >> > >> Maybe I was misinformed. > >> > >> The VAR told me JunOS would only do 1:1 NAT unless you had an IP > >> Services card, and that I had to have an MX240, 480, or 960 to use that > >> card. > >> > >> > >> On 3/1/2021 3:27 PM, fiber...@mail.com wrote: > >>> If your needs are more modest, I guess you could get away with an > >>> MS-MIC-16G card in a low end MX router. The MIC can be had for less than > >>> four grand, as can an older MX router. That should be good for CGNAT > >>> needs under 9 Gbps. > >>> > >>> > >>> - Jared > >>> > >>> > >>> > >>> > >>> Sent: Monday, March 01, 2021 at 1:41 PM > >>> From: "Adam Moffett" > >>> To: af@af.afmug.com > >>> Subject: Re: [AFMUG] Mikrotik Official Limitations > >>> I should have said it's 5 digits on top of having a Juniper router which > >>> can accept the IP services card (eg MX240, MX480, or MX960). You'll be > >>> into 6 digits before you have the whole BOM. Maybe I should have said > >>> "Lamborghini money". Depends whether you already have the Juniper router > >>> or if you had to start from square one. > >>> I'm not saying there's anything wrong with Juniper, I'm just saying you > >>> have to bring your checkbook if you want to do CG-NAT with them. > >>> > >>> On 3/1/2021 1:06 PM, Adam Moffett wrote: > >>> It's 5 digit numbers, however you choose to label it. > >>> The good news is one box will scale to staggering amounts of traffic. > >>> > >>> > >>> On 3/1/2021 1:03 PM, Bill Prince wrote: > >>> Corvette money. Is that anything like cubic dollars? > >>> > >>> bp > >>> > >>> > >>> On 3/1/2021 9:51 AM, Adam Moffett wrote: > >>> CGNAT on Juniper requires an IP services card. With licensing it's like > >>> Corvette money. > >>> but that's kinda where we're at isn't it. > >>> > >>> > >>> On 3/1/2021 12:36 PM, Sterling Jacobson wrote: > >>> I gave up the first time they asked me to record data for them during an > >>> instance and wanted us to let it hang and collect data. > >>> > >>> I was like no, not going to do that. > >>> > >>> And then started removing 1072 connection tracking altogether from my > >>> network. > >>> > >>> For the time being I’m using 1036 for CGNAT as a transition, then will > >>> head to CHR CGNAT, then Juniper. > >>> > >>> I agree that Mikrotik just isn’t focused on the 1072 anymore and this > >>> particular issue seems beyond them to repair. > >>> > >>
Re: [AFMUG] Mikrotik Official Limitations
We have customers with dual 10gig bonded links running 12-15gig inbound with 1072s and full tables without issues. Note, no connecting tracking. Its more about knowing their limitations and working around those. We would simply put NAT at each tower vs at the network edge, creates better design and allows for each tower to be natted to its local IP. Just my two cents. Dennis Burgess Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, Enterprise Wireless Engineer Hurricane Electric: IPv6 Sage Level Cambium: ePMP Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net Create Wireless Coverage’s with www.towercoverage.com How did we do today? -Original Message- From: AF On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 4:13 PM To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations One thing I'll miss about Mikrotik is every router can use every feature. On 3/1/2021 3:52 PM, fiber...@mail.com wrote: > I guess it depends on what kind of NAT you want to do. > > Here's an overview of CGNAT implementation options: > https://www.juniper.net/documentation/en_US/junos-space-apps/edge-serv > ices-director1.0/topics/topic-map/nat-junos-cgn-implementations.html > > And which chassies take which cards: > https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ser > vices-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms > -mic-and-ms-mpc-overview > > You *can* get started with a MS-MIC-16G , but it doesn't have the throughput > of later cards nor all the bells and whistles. > > - Jared > >> Sent: Monday, March 01, 2021 at 3:31 PM >> From: "Adam Moffett" >> To: af@af.afmug.com >> Subject: Re: [AFMUG] Mikrotik Official Limitations >> >> Maybe I was misinformed. >> >> The VAR told me JunOS would only do 1:1 NAT unless you had an IP >> Services card, and that I had to have an MX240, 480, or 960 to use >> that card. >> >> >> On 3/1/2021 3:27 PM, fiber...@mail.com wrote: >>> If your needs are more modest, I guess you could get away with an >>> MS-MIC-16G card in a low end MX router. The MIC can be had for less than >>> four grand, as can an older MX router. That should be good for CGNAT needs >>> under 9 Gbps. >>> >>> >>> - Jared >>> >>> >>> >>> >>> Sent: Monday, March 01, 2021 at 1:41 PM >>> From: "Adam Moffett" >>> To: af@af.afmug.com >>> Subject: Re: [AFMUG] Mikrotik Official Limitations I should have >>> said it's 5 digits on top of having a Juniper router which can accept the >>> IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits >>> before you have the whole BOM. Maybe I should have said "Lamborghini >>> money". Depends whether you already have the Juniper router or if you had >>> to start from square one. >>> I'm not saying there's anything wrong with Juniper, I'm just saying you >>> have to bring your checkbook if you want to do CG-NAT with them. >>> >>> On 3/1/2021 1:06 PM, Adam Moffett wrote: >>> It's 5 digit numbers, however you choose to label it. >>> The good news is one box will scale to staggering amounts of traffic. >>> >>> >>> On 3/1/2021 1:03 PM, Bill Prince wrote: >>> Corvette money. Is that anything like cubic dollars? >>> >>> bp >>> >>> >>> On 3/1/2021 9:51 AM, Adam Moffett wrote: >>> CGNAT on Juniper requires an IP services card. With licensing it's like >>> Corvette money. >>> but that's kinda where we're at isn't it. >>> >>> >>> On 3/1/2021 12:36 PM, Sterling Jacobson wrote: >>> I gave up the first time they asked me to record data for them during an >>> instance and wanted us to let it hang and collect data. >>> >>> I was like no, not going to do that. >>> >>> And then started removing 1072 connection tracking altogether from my >>> network. >>> >>> For the time being I’m using 1036 for CGNAT as a transition, then will head >>> to CHR CGNAT, then Juniper. >>> >>> I agree that Mikrotik just isn’t focused on the 1072 anymore and this >>> particular issue seems beyond them to repair. >>> >>> Which makes the 1072 a
Re: [AFMUG] Mikrotik Official Limitations
One thing I'll miss about Mikrotik is every router can use every feature. On 3/1/2021 3:52 PM, fiber...@mail.com wrote: I guess it depends on what kind of NAT you want to do. Here's an overview of CGNAT implementation options: https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html And which chassies take which cards: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of later cards nor all the bells and whistles. - Jared Sent: Monday, March 01, 2021 at 3:31 PM From: "Adam Moffett" To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations Maybe I was misinformed. The VAR told me JunOS would only do 1:1 NAT unless you had an IP Services card, and that I had to have an MX240, 480, or 960 to use that card. On 3/1/2021 3:27 PM, fiber...@mail.com wrote: If your needs are more modest, I guess you could get away with an MS-MIC-16G card in a low end MX router. The MIC can be had for less than four grand, as can an older MX router. That should be good for CGNAT needs under 9 Gbps. - Jared Sent: Monday, March 01, 2021 at 1:41 PM From: "Adam Moffett" To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af [mailto:af@af.afmug.com] Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [https://www.wavedirect.net/] [https://www.facebook.com/ruralhighspeed] [https://www.instagram.com/wave.direct/] [https://www.linkedin.com/company/wavedirect-telecommunication/] [https://twitter.com/wavedirect1] [https://www.youtube.com/user/WaveDirect] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283 W: www.wavedirect.net[http://www.wavedirect.net] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Yeah, that’s for sure. For the moment we put full tables on multiple upstreams on 10Gbps interface on 1072 and they run fine at 5-6Gbps of peak traffic each. I wouldn’t push it much further than that though. We just even out the load between all of them for now, until we migrate to CHR for BGP. And then after CHR Mikrotik BGP we plan on Juniper gear, especially if we limit the carriers upstreams. But I doubt that, our network runs such that it’s “easy” to get another 10Gbps upstream on full table BGP and assign another Mikrotik 1072 or CHR to it. Then we have multiple redundance, less peak and average going through the majority of them and can gracefully handle downtime of one single provider for now. All under the one time cost of a single Juniper router. From: AF On Behalf Of Mike Hammett Sent: Monday, March 1, 2021 11:56 AM To: AnimalFarm Microwave Users Group Subject: Re: [AFMUG] Mikrotik Official Limitations Eh, it depends on what you're trying to do with it, as always. - Mike Hammett Intelligent Computing Solutions<http://www.ics-il.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL> Midwest Internet Exchange<http://www.midwest-ix.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix> The Brothers WISP<http://www.thebrotherswisp.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png] <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> From: "Steven Kenney" mailto:st...@wavedirect.org>> To: "af" mailto:af@af.afmug.com>> Sent: Monday, March 1, 2021 12:47:08 PM Subject: Re: [AFMUG] Mikrotik Official Limitations Just word to the wise - prepare to ditch Mikrotik as soon as you near 10Gbps traffic. Their upper echelon hardware doesn't pass the muster. [logo]<https://www.wavedirect.net/> [https://www.wavedirect.net/imgs/Facebook.png]<https://www.facebook.com/ruralhighspeed> [https://www.wavedirect.net/imgs/Instagram.png] <https://www.instagram.com/wave.direct/> [https://www.wavedirect.net/imgs/LinkedIn.png] <https://www.linkedin.com/company/wavedirect-telecommunication/> [https://www.wavedirect.net/imgs/Twitter.png] <https://twitter.com/wavedirect1> [https://www.wavedirect.net/imgs/Youtube.png] <https://www.youtube.com/user/WaveDirect> STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org<mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net<http://www.wavedirect.net> ________ From: "Adam Moffett" mailto:dmmoff...@gmail.com>> To: "af" mailto:af@af.afmug.com>> Sent: Monday, March 1, 2021 1:42:54 PM Subject: Re: [AFMUG] Mikrotik Official Limitations +1 On 3/1/2021 1:41 PM, Sterling Jacobson wrote: Yeah, that’s why there is justification for using Mikrotik “garbage”. Mikrotik has got us where we are and allowed us to grow and grow our small team without a large upfront cost. And then migrate to bigger and better. Done this method a few times now and it’s worked out well. Moral of the story is, work the best with what you have and know your platform. I know Mikrotik. I can get angry and do have my rows with vendors and manufacturers, but we learn where we can reliably use what hardware over time. Starting from ground zero I would definitely use Mikrotik again since I know it and what it can and cannot do. But I am looking forward to the day when we invest in an MX series of highly available routers/platform. Just like it would be awesome if I had enough money up front to run all Cambium M and Terragraph for our WISP side lol From: AF <mailto:af-boun...@af.afmug.com> On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 11:06 AM To: af@af.afmug.com<mailto:af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that
Re: [AFMUG] Mikrotik Official Limitations
I guess it depends on what kind of NAT you want to do. Here's an overview of CGNAT implementation options: https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html And which chassies take which cards: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of later cards nor all the bells and whistles. - Jared > Sent: Monday, March 01, 2021 at 3:31 PM > From: "Adam Moffett" > To: af@af.afmug.com > Subject: Re: [AFMUG] Mikrotik Official Limitations > > Maybe I was misinformed. > > The VAR told me JunOS would only do 1:1 NAT unless you had an IP > Services card, and that I had to have an MX240, 480, or 960 to use that > card. > > > On 3/1/2021 3:27 PM, fiber...@mail.com wrote: > > If your needs are more modest, I guess you could get away with an > > MS-MIC-16G card in a low end MX router. The MIC can be had for less than > > four grand, as can an older MX router. That should be good for CGNAT needs > > under 9 Gbps. > > > > > > - Jared > > > > > > > > > > Sent: Monday, March 01, 2021 at 1:41 PM > > From: "Adam Moffett" > > To: af@af.afmug.com > > Subject: Re: [AFMUG] Mikrotik Official Limitations > > I should have said it's 5 digits on top of having a Juniper router which > > can accept the IP services card (eg MX240, MX480, or MX960). You'll be > > into 6 digits before you have the whole BOM. Maybe I should have said > > "Lamborghini money". Depends whether you already have the Juniper router > > or if you had to start from square one. > > I'm not saying there's anything wrong with Juniper, I'm just saying you > > have to bring your checkbook if you want to do CG-NAT with them. > > > > On 3/1/2021 1:06 PM, Adam Moffett wrote: > > It's 5 digit numbers, however you choose to label it. > > The good news is one box will scale to staggering amounts of traffic. > > > > > > On 3/1/2021 1:03 PM, Bill Prince wrote: > > Corvette money. Is that anything like cubic dollars? > > > > bp > > > > > > On 3/1/2021 9:51 AM, Adam Moffett wrote: > > CGNAT on Juniper requires an IP services card. With licensing it's like > > Corvette money. > > but that's kinda where we're at isn't it. > > > > > > On 3/1/2021 12:36 PM, Sterling Jacobson wrote: > > I gave up the first time they asked me to record data for them during an > > instance and wanted us to let it hang and collect data. > > > > I was like no, not going to do that. > > > > And then started removing 1072 connection tracking altogether from my > > network. > > > > For the time being I’m using 1036 for CGNAT as a transition, then will head > > to CHR CGNAT, then Juniper. > > > > I agree that Mikrotik just isn’t focused on the 1072 anymore and this > > particular issue seems beyond them to repair. > > > > Which makes the 1072 a no starter for anything conn track for us ever again. > > > > I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. > > Watching to see if it bails too, or is capable of doing it for the time > > being. > > > > But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation > > of layer2 into our cores where we will do all of the heavy lifting. > > > > > > > > > > From: AF [mailto:af-boun...@af.afmug.com] On > > Behalf Of Steven Kenney > > Sent: Monday, March 1, 2021 9:03 AM > > To: af [mailto:af@af.afmug.com] > > Subject: [AFMUG] Mikrotik Official Limitations > > > > > > Still fighting with Mikrotik about the 1072 reboots. New hardware didn't > > fix it, had several people check the configs all were good. After 2 months > > of going back and forth, escalating to a higher tier tech... I officially > > got a response that 1 million connections is too much for the 1072 and I > > should expect it to reboot and not function properly. That was their > > conclusion. Even though all of the 72 processors are under 50%, memory > > usage is only about 20% etc. Turn off connection tracking is the their > > solution. > > > > > > > > How about those apples? > > > > > > > > > > >
Re: [AFMUG] Mikrotik Official Limitations
Maybe I was misinformed. The VAR told me JunOS would only do 1:1 NAT unless you had an IP Services card, and that I had to have an MX240, 480, or 960 to use that card. On 3/1/2021 3:27 PM, fiber...@mail.com wrote: If your needs are more modest, I guess you could get away with an MS-MIC-16G card in a low end MX router. The MIC can be had for less than four grand, as can an older MX router. That should be good for CGNAT needs under 9 Gbps. - Jared Sent: Monday, March 01, 2021 at 1:41 PM From: "Adam Moffett" To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af [mailto:af@af.afmug.com] Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [https://www.wavedirect.net/] [https://www.facebook.com/ruralhighspeed] [https://www.instagram.com/wave.direct/] [https://www.linkedin.com/company/wavedirect-telecommunication/] [https://twitter.com/wavedirect1] [https://www.youtube.com/user/WaveDirect] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283 W: www.wavedirect.net[http://www.wavedirect.net] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
If your needs are more modest, I guess you could get away with an MS-MIC-16G card in a low end MX router. The MIC can be had for less than four grand, as can an older MX router. That should be good for CGNAT needs under 9 Gbps. - Jared Sent: Monday, March 01, 2021 at 1:41 PM From: "Adam Moffett" To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af [mailto:af@af.afmug.com] Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [https://www.wavedirect.net/] [https://www.facebook.com/ruralhighspeed] [https://www.instagram.com/wave.direct/] [https://www.linkedin.com/company/wavedirect-telecommunication/] [https://twitter.com/wavedirect1] [https://www.youtube.com/user/WaveDirect] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283 W: www.wavedirect.net[http://www.wavedirect.net] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
but then I'll get trouble for a bounced check On 3/1/2021 1:54 PM, Bill Prince wrote: What would be nice if I brought YOUR checkbook. bp On 3/1/2021 10:41 AM, Adam Moffett wrote: I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. *From:* AF *On Behalf Of * Steven Kenney *Sent:* Monday, March 1, 2021 9:03 AM *To:* af *Subject:* [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed><https://www.instagram.com/wave.direct/><https://www.linkedin.com/company/wavedirect-telecommunication/><https://twitter.com/wavedirect1><https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * *DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org <mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net <http://www.wavedirect.net>* -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Eh, it depends on what you're trying to do with it, as always. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Steven Kenney" To: "af" Sent: Monday, March 1, 2021 12:47:08 PM Subject: Re: [AFMUG] Mikrotik Official Limitations Just word to the wise - prepare to ditch Mikrotik as soon as you near 10Gbps traffic. Their upper echelon hardware doesn't pass the muster. logo STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net - Original Message - From: "Adam Moffett" To: "af" Sent: Monday, March 1, 2021 1:42:54 PM Subject: Re: [AFMUG] Mikrotik Official Limitations +1 On 3/1/2021 1:41 PM, Sterling Jacobson wrote: Yeah, that’s why there is justification for using Mikrotik “garbage”. Mikrotik has got us where we are and allowed us to grow and grow our small team without a large upfront cost. And then migrate to bigger and better. Done this method a few times now and it’s worked out well. Moral of the story is, work the best with what you have and know your platform. I know Mikrotik. I can get angry and do have my rows with vendors and manufacturers, but we learn where we can reliably use what hardware over time. Starting from ground zero I would definitely use Mikrotik again since I know it and what it can and cannot do. But I am looking forward to the day when we invest in an MX series of highly available routers/platform. Just like it would be awesome if I had enough money up front to run all Cambium M and Terragraph for our WISP side lol From: AF On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 11:06 AM To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
What would be nice if I brought YOUR checkbook. bp On 3/1/2021 10:41 AM, Adam Moffett wrote: I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? STEVEN KENNEY
Re: [AFMUG] Mikrotik Official Limitations
Just word to the wise - prepare to ditch Mikrotik as soon as you near 10Gbps traffic. Their upper echelon hardware doesn't pass the muster. [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net From: "Adam Moffett" To: "af" Sent: Monday, March 1, 2021 1:42:54 PM Subject: Re: [AFMUG] Mikrotik Official Limitations +1 On 3/1/2021 1:41 PM, Sterling Jacobson wrote: Yeah, that’s why there is justification for using Mikrotik “garbage”. Mikrotik has got us where we are and allowed us to grow and grow our small team without a large upfront cost. And then migrate to bigger and better. Done this method a few times now and it’s worked out well. Moral of the story is, work the best with what you have and know your platform. I know Mikrotik. I can get angry and do have my rows with vendors and manufacturers, but we learn where we can reliably use what hardware over time. Starting from ground zero I would definitely use Mikrotik again since I know it and what it can and cannot do. But I am looking forward to the day when we invest in an MX series of highly available routers/platform. Just like it would be awesome if I had enough money up front to run all Cambium M and Terragraph for our WISP side lol From: AF [ mailto:af-boun...@af.afmug.com | ] On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 11:06 AM To: [ mailto:af@af.afmug.com | af@af.afmug.com ] Subject: Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: BQ_BEGIN Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: BQ_BEGIN CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: BQ_BEGIN I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF [ mailto:af-boun...@af.afmug.com | ] On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af [ mailto:af@af.afmug.com | ] Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [ https://www.wavedirect.net/ ] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 W: [ http://www.wavedirect.net/ | www.wavedirect.net ] BQ_END BQ_END BQ_END -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
We should also not confuse "vendor is junk" with "I used it wrong". Also, there are times that both may apply. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Sterling Jacobson" To: "AnimalFarm Microwave Users Group" Sent: Monday, March 1, 2021 12:41:12 PM Subject: Re: [AFMUG] Mikrotik Official Limitations Yeah, that’s why there is justification for using Mikrotik “garbage”. Mikrotik has got us where we are and allowed us to grow and grow our small team without a large upfront cost. And then migrate to bigger and better. Done this method a few times now and it’s worked out well. Moral of the story is, work the best with what you have and know your platform. I know Mikrotik. I can get angry and do have my rows with vendors and manufacturers, but we learn where we can reliably use what hardware over time. Starting from ground zero I would definitely use Mikrotik again since I know it and what it can and cannot do. But I am looking forward to the day when we invest in an MX series of highly available routers/platform. Just like it would be awesome if I had enough money up front to run all Cambium M and Terragraph for our WISP side lol From: AF On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 11:06 AM To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
+1 On 3/1/2021 1:41 PM, Sterling Jacobson wrote: Yeah, that’s why there is justification for using Mikrotik “garbage”. Mikrotik has got us where we are and allowed us to grow and grow our small team without a large upfront cost. And then migrate to bigger and better. Done this method a few times now and it’s worked out well. Moral of the story is, work the best with what you have and know your platform. I know Mikrotik. I can get angry and do have my rows with vendors and manufacturers, but we learn where we can reliably use what hardware over time. Starting from ground zero I would definitely use Mikrotik again since I know it and what it can and cannot do. But I am looking forward to the day when we invest in an MX series of highly available routers/platform. Just like it would be awesome if I had enough money up front to run all Cambium M and Terragraph for our WISP side lol *From:* AF *On Behalf Of * Adam Moffett *Sent:* Monday, March 1, 2021 11:06 AM *To:* af@af.afmug.com *Subject:* Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. *From:* AF <mailto:af-boun...@af.afmug.com> *On Behalf Of *Steven Kenney *Sent:* Monday, March 1, 2021 9:03 AM *To:* af <mailto:af@af.afmug.com> *Subject:* [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed><https://www.instagram.com/wave.direct/><https://www.linkedin.com/company/wavedirect-telecommunication/><https://twitter.com/wavedirect1><https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * *DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org <mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net <http://www.wavedirect.net>* -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. *From:* AF *On Behalf Of * Steven Kenney *Sent:* Monday, March 1, 2021 9:03 AM *To:* af *Subject:* [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed><https://www.instagram.com/wave.direct/><https://www.linkedin.com/company/wavedirect-telecommunication/><https://twitter.com/wavedirect1><https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * *DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org <mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net <http://www.wavedirect.net>* -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Yeah, that’s why there is justification for using Mikrotik “garbage”. Mikrotik has got us where we are and allowed us to grow and grow our small team without a large upfront cost. And then migrate to bigger and better. Done this method a few times now and it’s worked out well. Moral of the story is, work the best with what you have and know your platform. I know Mikrotik. I can get angry and do have my rows with vendors and manufacturers, but we learn where we can reliably use what hardware over time. Starting from ground zero I would definitely use Mikrotik again since I know it and what it can and cannot do. But I am looking forward to the day when we invest in an MX series of highly available routers/platform. Just like it would be awesome if I had enough money up front to run all Cambium M and Terragraph for our WISP side lol From: AF On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 11:06 AM To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF <mailto:af-boun...@af.afmug.com> On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af <mailto:af@af.afmug.com> Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [logo]<https://www.wavedirect.net/> [https://www.wavedirect.net/imgs/Facebook.png]<https://www.facebook.com/ruralhighspeed> [https://www.wavedirect.net/imgs/Instagram.png] <https://www.instagram.com/wave.direct/> [https://www.wavedirect.net/imgs/LinkedIn.png] <https://www.linkedin.com/company/wavedirect-telecommunication/> [https://www.wavedirect.net/imgs/Twitter.png] <https://twitter.com/wavedirect1> [https://www.wavedirect.net/imgs/Youtube.png] <https://www.youtube.com/user/WaveDirect> STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org<mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net<http://www.wavedirect.net> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Is anybody looking at software based options like DPDK for a lower cost solution? DANOS (free), TNSR (free trial, commercial $500/year), 6wind (~3k$ for 10G license + 15% yearly),... - Jared Sent: Monday, March 01, 2021 From: "Adam Moffett" To: af@af.afmug.com Subject: Re: [AFMUG] Mikrotik Official Limitations It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af [mailto:af@af.afmug.com] Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [https://www.wavedirect.net/] [https://www.facebook.com/ruralhighspeed] [https://www.instagram.com/wave.direct/] [https://www.linkedin.com/company/wavedirect-telecommunication/] [https://twitter.com/wavedirect1] [https://www.youtube.com/user/WaveDirect] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283 W: www.wavedirect.net[http://www.wavedirect.net] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. *From:* AF *On Behalf Of * Steven Kenney *Sent:* Monday, March 1, 2021 9:03 AM *To:* af *Subject:* [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed><https://www.instagram.com/wave.direct/><https://www.linkedin.com/company/wavedirect-telecommunication/><https://twitter.com/wavedirect1><https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * *DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org <mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net <http://www.wavedirect.net>* -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Corvette money. Is that anything like cubic dollars? bp On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. *From:* AF *On Behalf Of * Steven Kenney *Sent:* Monday, March 1, 2021 9:03 AM *To:* af *Subject:* [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed><https://www.instagram.com/wave.direct/><https://www.linkedin.com/company/wavedirect-telecommunication/><https://twitter.com/wavedirect1><https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * *DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY **A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org <mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net <http://www.wavedirect.net>* -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [logo]<https://www.wavedirect.net/> [https://www.wavedirect.net/imgs/Facebook.png]<https://www.facebook.com/ruralhighspeed> [https://www.wavedirect.net/imgs/Instagram.png] <https://www.instagram.com/wave.direct/> [https://www.wavedirect.net/imgs/LinkedIn.png] <https://www.linkedin.com/company/wavedirect-telecommunication/> [https://www.wavedirect.net/imgs/Twitter.png] <https://twitter.com/wavedirect1> [https://www.wavedirect.net/imgs/Youtube.png] <https://www.youtube.com/user/WaveDirect> STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org<mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net<http://www.wavedirect.net> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
No no.. maybe a hundred people doing nat. I've almost eliminating all of them. Also need to nat some equipment for it to be able to update via the internet etc. [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net From: "Bill Prince" To: "af" Sent: Monday, March 1, 2021 12:05:13 PM Subject: Re: [AFMUG] Mikrotik Official Limitations You have 6K subs doing NAT? That is more than I would attempt. bp On 3/1/2021 8:54 AM, Steven Kenney wrote: About 6k. I mean its official meaning that is their "excuse" and their answer to the problem. Its ok because I've got an MX240 now I'm working on installing. But in all honesty I'm positive its just laziness on their part. They don't want to even try to lab this up or fix it. Many people never had this issues pre 6.44 and so many have complained since. I've had to have nat on this one particular router. I'm working on phasing it out but with resources and memory available this is absurd. I get these reboots during times where there is no increase in PPS upstream or on the router. Shame I don't think their mib allows you to graph connections. [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 W: [ http://www.wavedirect.net/ | www.wavedirect.net ] From: "Bill Prince" [ mailto:part15...@gmail.com | ] To: "af" [ mailto:af@af.afmug.com | ] Sent: Monday, March 1, 2021 11:35:02 AM Subject: Re: [AFMUG] Mikrotik Official Limitations I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections? bp On 3/1/2021 8:02 AM, Steven Kenney wrote: BQ_BEGIN Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 W: [ http://www.wavedirect.net/ | www.wavedirect.net ] -- AF mailing list [ mailto:AF@af.afmug.com | AF@af.afmug.com ] [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] BQ_END -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
You have 6K subs doing NAT? That is more than I would attempt. bp On 3/1/2021 8:54 AM, Steven Kenney wrote: About 6k. I mean its official meaning that is their "excuse" and their answer to the problem. Its ok because I've got an MX240 now I'm working on installing. But in all honesty I'm positive its just laziness on their part. They don't want to even try to lab this up or fix it. Many people never had this issues pre 6.44 and so many have complained since. I've had to have nat on this one particular router. I'm working on phasing it out but with resources and memory available this is absurd. I get these reboots during times where there is no increase in PPS upstream or on the router. Shame I don't think their mib allows you to graph connections. STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net From: "Bill Prince" To: "af" Sent: Monday, March 1, 2021 11:35:02 AM Subject: Re: [AFMUG] Mikrotik Official Limitations I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections? bp On 3/1/2021 8:02 AM, Steven Kenney wrote: Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
I'm going on the word of a bunch of threads I've already read on their forums where customers all discuss the issue. Also not to mention Mikrotik never chimed into any of the threads at all. Either they know exactly what the problem is and won't say because it can't be fixed or is a vulnerability, or they are lazy and don't want to fix it. I'm not positive 6.44 was the version - but I saw that and earlier people mentioning it didn't do it. I don't want to go back that far because of the security vulnerabilities. [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net From: "Jan-GAMs" To: "af" Sent: Monday, March 1, 2021 12:00:08 PM Subject: Re: [AFMUG] Mikrotik Official Limitations What happens if you use an earlier version pre-6.44 firmware? Seems like an expensive piece of hardware to get such a lame excuse for support. On 3/1/21 8:54 AM, Steven Kenney wrote: About 6k. I mean its official meaning that is their "excuse" and their answer to the problem. Its ok because I've got an MX240 now I'm working on installing. But in all honesty I'm positive its just laziness on their part. They don't want to even try to lab this up or fix it. Many people never had this issues pre 6.44 and so many have complained since. I've had to have nat on this one particular router. I'm working on phasing it out but with resources and memory available this is absurd. I get these reboots during times where there is no increase in PPS upstream or on the router. Shame I don't think their mib allows you to graph connections. [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 W: [ http://www.wavedirect.net/ | www.wavedirect.net ] From: "Bill Prince" [ mailto:part15...@gmail.com | ] To: "af" [ mailto:af@af.afmug.com | ] Sent: Monday, March 1, 2021 11:35:02 AM Subject: Re: [AFMUG] Mikrotik Official Limitations I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections? bp On 3/1/2021 8:02 AM, Steven Kenney wrote: BQ_BEGIN Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 W: [ http://www.wavedirect.net/ | www.wavedirect.net ] -- AF mailing list [ mailto:AF@af.afmug.com | AF@af.afmug.com ] [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] BQ_END -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
What happens if you use an earlier version pre-6.44 firmware? Seems like an expensive piece of hardware to get such a lame excuse for support. On 3/1/21 8:54 AM, Steven Kenney wrote: About 6k. I mean its official meaning that is their "excuse" and their answer to the problem. Its ok because I've got an MX240 now I'm working on installing. But in all honesty I'm positive its just laziness on their part. They don't want to even try to lab this up or fix it. Many people never had this issues pre 6.44 and so many have complained since. I've had to have nat on this one particular router. I'm working on phasing it out but with resources and memory available this is absurd. I get these reboots during times where there is no increase in PPS upstream or on the router. Shame I don't think their mib allows you to graph connections. logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed> <https://www.instagram.com/wave.direct/> <https://www.linkedin.com/company/wavedirect-telecommunication/> <https://twitter.com/wavedirect1> <https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net *From: *"Bill Prince" *To: *"af" *Sent: *Monday, March 1, 2021 11:35:02 AM *Subject: *Re: [AFMUG] Mikrotik Official Limitations I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections? bp On 3/1/2021 8:02 AM, Steven Kenney wrote: Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? logo <https://www.wavedirect.net/> <https://www.facebook.com/ruralhighspeed> <https://www.instagram.com/wave.direct/> <https://www.linkedin.com/company/wavedirect-telecommunication/> <https://twitter.com/wavedirect1> <https://www.youtube.com/user/WaveDirect> *STEVEN KENNEY * DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org <mailto:st...@wavedirect.org> | P: 519-737-9283 W: www.wavedirect.net <http://www.wavedirect.net> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
About 6k. I mean its official meaning that is their "excuse" and their answer to the problem. Its ok because I've got an MX240 now I'm working on installing. But in all honesty I'm positive its just laziness on their part. They don't want to even try to lab this up or fix it. Many people never had this issues pre 6.44 and so many have complained since. I've had to have nat on this one particular router. I'm working on phasing it out but with resources and memory available this is absurd. I get these reboots during times where there is no increase in PPS upstream or on the router. Shame I don't think their mib allows you to graph connections. [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net From: "Bill Prince" To: "af" Sent: Monday, March 1, 2021 11:35:02 AM Subject: Re: [AFMUG] Mikrotik Official Limitations I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections? bp On 3/1/2021 8:02 AM, Steven Kenney wrote: Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: [ mailto:st...@wavedirect.org | st...@wavedirect.org ] | P: 519-737-9283 W: [ http://www.wavedirect.net/ | www.wavedirect.net ] -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Title: Re: [AFMUG] Mikrotik Official Limitations Bill, Just checked my main PPPoE server (CCR1036). 2735 PPPoE sessions. 504 of those are private IP addresses getting NAT. 1,048,576 connections -- Best regards, Mark mailto:m...@mailmt.com Myakka Technologies, Inc. www.Myakka.com -- Monday, March 1, 2021, 11:35:02 AM, you wrote: I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections? bp On 3/1/2021 8:02 AM, Steven Kenney wrote: Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
I have to admit, I don't know that I've looked too much at he number of connections. How many subs does it take to achieve a million connections? bp On 3/1/2021 8:02 AM, Steven Kenney wrote: Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Yeah, that's good news that you have an official answer; I have been curious. Of course, if you're NATting there, you can't turn off connection tracking... Jesse DuPont Owner / Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC / Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 3/1/21 9:22 AM, Chuck McCown via AF wrote: Well at least you have an official answer. How important is connection tracking to you? Seems like something they could fix without too much difficulty. Such as change the type of a variable, or allocate more memory, or compress a file etc. From: Steven Kenney Sent: Monday, March 1, 2021 9:02 AM To: af Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] Mikrotik Official Limitations
Well at least you have an official answer. How important is connection tracking to you? Seems like something they could fix without too much difficulty. Such as change the type of a variable, or allocate more memory, or compress a file etc. From: Steven Kenney Sent: Monday, March 1, 2021 9:02 AM To: af Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
[AFMUG] Mikrotik Official Limitations
Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [ https://www.wavedirect.net/ |] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com