sounds like your version is too new you have to downgrade to 6.18 apparently assuming 6.18 is less than 6.5 maybe you need to upgrade? because apparently 5.2 is older trhan 5.18 oh apparently it works in 6.14 to 6.18 '18' > '5' yeah it may work again now routeros is good at breaking things That's what she said!! i seem to remember hearing of version 6.26 being reasonably current? 6.26 isn't released yet just 6.26 is their rc according to http://www.mikrotik.com/download oh maybe it was 6.25 then 6.25 is latest stable in the 6.x branch, 5.26 and 4.17 respectively maybe i got confused with 5.26 then isn't routeros 6 way less stable than 5? *) fixed route cache overflow (ipv4/ipv6 stops working) if ipsec is used; scary changelogs (that's for 6.25) scarier if "didn't fix..." :P whenever i see the changelogs for routeros stuff it always seems to suggest that things are fixed that wen't broken and then were broken suggesting that things break a lot randomly i never had stability problems with 6. but i only use my mikrotiks as simple wlan access points i think most of the issues are with mpls, dynamic routing, ppp, queues etc. so yeah as a dumb switch or bridge it may be stable imho using mikrotiks as switches sucks because of their weird stp implementation (just like linux sucks in that regard) well not everyone uses stp :/ i doubt most users of routeros do. i still don't know how to have make a trunk port speak stp properly my switch has stp enabled. but it defaulted that way :/ i used to be using a unifi wireless ap which was pretty unstable. but i haven't had a single stability issue with tp-link that i replaced it with. it's capable of running openwrt etc too. but haven't tried yet. i got a second one so i could :/ i've got another wireless ap as a client bridging to ethernet ports, which is tp-link too. using gargoyle, and that was pretty easy to install. ipv6 appears to be down for me. anyone else? works for me interesting. I can't even ping my gateway nevermind. traceroute shows it's an issue on my ISP's side. it's not making it to the first hop past my ISP's gateway. wait, that can't be right, cuz I can't ping it from another server in california, either. ant: can you ping 2607:f2f8:ab28::2 or ::1 ? Yes. both are responding? Both are responding. from here too ok, I need to figure this out then. I'm not able to ping it from 3 different networks jpalmet, I can ping both (from ARP) but traceroute to ::2 never finishes traceroutes from comcast & linode in dallas both look ok to me How does centralized logon generally for Linux work in Enterprises today? Assuming we are not falling back on Active Directory and doing things directly in Linux NIS ? ldap/kerberos which is coincidentally the same underpinnings of AD (ldap for directory, and kerberos for auth) Though you could do auth with ldap too, but that's less common; the benefits of kerberos outweigh it is it kind of roll your own solution with kerberos and ldap, or are there system packages that provide a decent out of box experience perhaps even commercially supported? There are, or have been, some packaged stuff Novell had something I haven't touched the area for awhile though last time I set it up, I used a distro called Zeroshell to serve as my ldap/kerberos root k RHEL Probably has their own solution using LDAP and Kerberos only think I know about RHEL and derivatives is they have a nice wizard/gui for configuring client machines for it YER A WIZARD brycec Thanks BryceBot No problem, brycec http://www.gliffy.com/go/publish/7081735 I am wondering if it would be possible to trunk the link between the Mikrotik and the Catalyst Switch, run 2 Vlans across it one that will present the Bell Fibe Modem on the same Layer 2 as the Cisco 2811 behind the switch the other for the Lan behind the Mikrotik What's the advantage of multiple pppoe sessions? Just more external IP's as opposed to nat? more public IPs, yes allowing me to test vpn tunnels that actually traverse multiple public addresses why separate vlans? why not just run both pppoe sessions on the same vlan? as there is one cable between the mikrotik and the catalyst 3750 and the mikrotik already has its pppoe session and is performing NAT why not route the inbound cable into a switch port have it on a vlan and have two more ports on teh switch to terminate pppoe sessions. on lots of routers you can do ppp relay, but i don't think routeros does that will pcs behind the catalyst be able to connect via pppoe session as well any that are in the vlan group you can probably get by with running untagged. but tagging keeps things nice and separate. http://forum.mikrotik.com/viewtopic.php?f=1&t=6634 so yeah people want pppoe relay my google foo landed me on the same page :-) oh that's from 2006 anyway what i'd do is just plug your incoming internet connection into the switch on say vlan 900 then have routerboard plug into a switch port on vlan 900 then any pc's you want with their own pppoe session you allow vlan 900 as well as their normal lan vlan if you don't tag you're more likely to pollute random arps out the internet connection, i dunno if you midn that or not. as well as broadcast traffic depending on where the bridge/segment finishes, it may go to internet or just an upstream modem. if it's an upstream modem that just feeds you pppoe i wouldn't worry, but if they're bridging again onto the wider network you probably want to avoid that. only issue with that is - the internet modem and mikrotik device are like 1 foot apart, the switch however is in the next room and only one cable exists between the rooms here cable is a big huge bridged annoyance. oh. you could just use a 5 port switch so thats why I was hoping to run multiple vlans on that cable actually there's an even more complicated idea. the routerboard is one with a switch? it is you can run the internet into the switch. then run ethernet from the switch ports then plug the switch port on the routerboard into the wan port as well. i dunno if that's getting too convouled for you :) could probably just bridge it in software it's better to be switched than bridged. complicated and convoluted I like - allows for greater learning especially on lower end routerboards. ccr's don't have switches though. and lots of the routerboards have funky switch arrangements, so they'll have two different switches for two different groups of ports. so actually run a cable between the routed port and the 'switch port' and internet into another switch port the wan port and switch port. so yeah say ports 5 to 8 are just cut off and used as a switch that goes nowehre. well doesn't go into routeros at all they designate port 1 to wan by default what model is it? that is likely to be a different switch you're still stuck with cpu forwarding to the second switch, to go out for the normal traffic. but you're cpu forwarding atm anyway. well i imagine you are cos you're using nat. Mikrotik RouterBOARD RB2011UiAS-2HnD-IN oh fancy that should be good for 100 megabit+ pppoe so yeah wouldn't worry too much about cpu do I still need to worry about VLANs? Atheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10) well you're plugging into a vdsl modem aren't you? yes that does NAT also you should be able to get away without because bridge domain means it shouldn't pass afaik. however allows pppoe passthrough yeah so traffic won't leak onto the internet. is it pppoe relay or are you bridging the ptm interface and the ethernet interface? all I do is dial pppoe from one of the modems switch ports and it connects and gives me a public ip a lot of the broadcom modems actually let you do quite advanced stuff. yeah but uhh hangon I could just run a second cable between one of the modem ports to a switch port on the mikrotik Bridge PPPoE Frames Between WAN and Local Ports my router has under wan service that but ther'es also a way to just do bridging before that level under wan service you can do ppp over ethernet, ip over ethernet, or bridging when adding a connection. both ways work. fwiw, it's basically the same on my adsl and vdsl modems, even though they're from different vendors. but they're both broadcom. http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Example_-_802.1Q_Trunking_with_Atheros_switch_chip_in_RouterOS_v6 looks like you can play with vlans too where do you seee the bridge pppoe between WAN and local Ports? is your modem broadcom? it's under advanced setup -> wan -> edit don't think they allow options like that the vendor has it pretty locked down what modem is it? there is one vendor here that uses broadcom and locks it down but you can bypass it home hub 2000 but all the commands are all completely different i think that's vr9 home hub 1000 is broadcom and home hub 2000 is meant to be the same as Sagemcom F@st5250 do I need to worry about routing loops if I connect a second ethernet between one of the Internet Modem ports and say Ether3 yeah it's broadcom or perhaps a broadcast storm depends on the switching domain. or broadcast domain or whatever wan port is usually in a different domain ether 1 and ether 3 are in different domains either one :) except they both connect to a device with 2 ports in the same domain apparently that pppoe bridge is limited to 35 megabit i'm still struggling to find good information can you get a shell on it? can you put a ring on it? oh i think that's the older sagemcom hmm ok maybe the /simplest/ solution don't think I can get a shell is as you said to plug a second cable from the modem to the routerboard. then have vlan for it, and have the vlan go to the switch but not into routeros. will it work if I leave it in the same vlan / untagged even? probably. so yeah just plug lan to lan and then everything should magically work? can't wait to try it but i dunno if routeros will get confused by pppoe coming in more than one place. it shouldn't actually. other residents in the home are using the net so I will wait a while heh that reminds me i have stuff to do today while people aren't around. there's a conference that i was thinking of going to, but it was too expensive in the end. watching video feed instead :) but the next talk is meant to be about peering. which conference? nznog http://www.nznog.org/home/video_full there's two new internet peering exchanges suddenly in this city so it went from like 1 to 3 thats good i dunno how good it is. do they interconnect with each other? the existing peering exchange was more stable than coresite. nope. arp isn't on equinix, which is the other major one in los angeles. are people meant to go on all 3? and los angeles is a bigger hub than here. probably just go on the one closest to their infrastructure? well it looks like things are moving towards multiple location points. so nearest may still mean all 3 :) it gives some redundancy and may mean quicker 10gb adoption but if you use two of them one for in and one for out, to someone, and one of them has a problem you can still have issues. what city? auckland population of about 1.4 million but covers nz whichi s about 4.5 million i think it's funny to see how most people have their laptops out while the talks are on. 1:33pm, shouldnt the break be over? yeah that's what i was thinking it looks like more people in there now i suppose people are slack getting back. how many folks there do you know? a few. it's also harder to recognise people by their backs :) this music really sucks too. video quality is surprisingly good though audio quality more so That's what she said!! for some reason i find most technical talks are downright hard to see/hear at all. you have to select 720p manually. and it'd still be nicer if they did 1080p+ mine was automatically 720p i wonder why mine wasn't maybe it's going to the US it's using something called livestream or something. i signed up for an account. just switched to full screen pretty cool yeah i'm using full screen dual monitors ftw :) 4k ftw :-) haha my irc is on 4k :) 4k is nice. finally how much does it cost to attend in person? and can anyone attend or do you have to be a network operator $250+accomodation+transport. anyone can attend. Oh goodness. I used to work at Livestream. it's about a 4 hour drive from here. there's also lots of free alcohol. i wonder if arp is on peeringdb. can it is yeah they are pretty sure I have seen it on there before http://www.peeringdb.com/view.php?asn=25795 hard to read the slides though yeah it's there yeah their projector sucks it looks like it's interlaced too. the email address is like scrolling colours most people use the routing servers in nz. as well as the list for the exchange he has got a good point windows hah and an ie icon even short password :) have you ever looked at the sql for peeringdb? nope i didn't even know there was any http://www.peeringdb.com/dbexport/peeringdb.sql i found out about it through that talk :) did you know about it? did not APE is the normal exchange in auckland. 11 hah they charge per megabit to other cities he's hopeful no-one liked my question :) "can't do a netflix-comcast to us" lol yeah the biggest provider here doesn't peer. whats the benefit of a bilat vs route-server peering? bilat means you can easily turn it off when ther'es an issue it means you make an individual connection to them, and create a bgp session which can give more control over routing policy easier. but menas you have to create bgp sessions with extra participant. it's usually pretty simple to setup bilat, but you don't generally do it with everyone. like cloudflare was saying how they don't advertise anycast without bi-lat. they were pretty easy to do bi-lat with. even amazon bi-lat only amazon are also only in australia who was that one? whats the deal with megaport, is that like a special kind of transit oh sitehost. yeh. kind of intellipath is the special kind of transit megaport is a new internet exchange with like 9 people on it but more people getting onto it. cloudflare peering was actually noticable for web page performance that's an intersting idea the other thing about bi-lat is making sure you have contact details. mnathani_: what did you think of it? interesting thanks for sharing its a whole other world out there for folks used to canada / us networks cuba - all satellite would be cable, but the nearest landfall is the US. oops. in the other direction, 7000ft trench @last up_the_irons brycec, I last saw up_the_irons 6 days 23 hours 33 min 8 sec ago saying in a channel: now they call it CoreSite. Wow, up_the_irons isn't usually this quiet no way 6 days? almost 7 days Speak of the friggin devil wow brycec: almost like you summoned him mnathani_: peering may actually improve in the US if independant fiber providers take off while it's comcast/verizon/etc it doesn't really encourage it. up_the_irons: Please do me a favour and see if you received the e-mail I sent yesterday? Never got an autoresponse from it. (And now the matter is becoming more urgent, so I sent a second email from an address I know works, and does receive the autoresponse) i don't know what canada is like. (Pretty, pretty please) brycec: what was the email about? VPS upgrade my queue is mostly empty now "mostly" I really have no idea where the email disappeared to, and the Exchange admin is currently unable to help out i see it in the web-based queue, but haven't got it in email yet (but I checked and double-checked the To: address -- referring to the email I sent yesterday) Yeah today's email was *just* sent, seconds before you appeared Feel free to PM i see it in my email now Thanks up_the_irons. Btw, do you know if your email/ticket system "replies all" (to addresses that were cc'd originally)? (And sorry to be a pest. I know you have many other customers :) ) honestly i have no idea; never tested it and nobody else ever asked ;) heh I'm going to assume either "no" or that something is jinky in email between arp and my work mailbox brycec: you are talking about exchange It's worked for every other mail I've sent (not that it's saying much... but seems to work for everyone else at the company, including others that have emailed ARP) ok that's weird mercutio: we have success. I connected the second cable to the mikrotik, and a VM just connected using pppoe sweet mnathani_ well that's the simplest possible. so it's bridging to all the ports. this should also mean you can access your modem easier. wonder if layer2 loops would be a problem shoudln't be a loop how would I even detect such a thing as wan port on rb is different domain by all of your lights blinking madly. high pings etc. it's quite obvious normally and in small networks it's pretty easy to notice/fix. the problem happens in larger networks, when someone has no idea they've done it. now they're telling APNIC users they should take addresses from ARIN :) oh wow ARIn haven't been holding back ip addresses enough, so they've been plumetting quick. are there any commands to run on the mikrotik to detect broadcast storms / loops perhaps look at cpu usage? you could just look at cpu i have no idea about stp or anything on routeros (or notice when connectivity breaks down...) tcpdump on any machine would help too, just a flood of traffic (but as for on the device itself, no clue... my routing and firewalls run *BSD) whats hardware offloading? in terms of a networking gateway as mentioned on the talk? hardware offloading is when you move some of the smarts of network traffic to the network card or switch most routers are doing it on the switch atm it uses propietary drivers. stuff like packet encapsulation? yeh the switch can do that most of the atheros switches support it like used on your router. routeros support for that stuff is weak afiak and your router is more powerful than normal cpe's. i was watcing that talk too but i got called away, and missed some :( That's what she said!! the main improvement in cpe's recently has been about power usage. mnathani_: there's a talk tomorrow on bufferbloat, that sounds like it may be more interesting than most, as they're trying to go a bit more technical it seems. mercutio: one thing I didn't think of earlier, DHCP is enabled on the modem and the mikrotik connecting the 2 could have clients on the mikrotik side get an Ip from the Internet Modem?