|
Software Release 2.4.3 is now avaialbe. The release includes the following updates:
Performance Enhancements
|
Categories
Category: Uncategorized
Categories
Buying IPv4 addresses?
The question has come up about buying IPv4 addresses from other folks once ARIN and others have run out of their allocation pool. The biggest question is pricing.
Organizations have two options. The can lease or sell you the IPv4 space. Selling of IPv4 space needs some clarification. You can’t just sell IPv4 space like you would a tangible good. If you truly wish to sell it, as in give up all rights to it, you actually have to transfer it via the Registry. In the U.S. we typically go through ARIN. This means if you buy IP space from someone you still have to meet the requirements from ARIN to receive that IP space.
What are some common pricing to expect?
There are several brokers out there, but very few publish pricing on recent sales. Since this is basically buying real estate it can be highly negotiation and sales driven. Given the current state of ARIN allocations this will only drive the price up.
One site that publishes data is ipv4marketinggroup
$12.50 per IP address for a /22
http://ipv4marketgroup.com/broker-services/buy/
Categories
OSFP and areas
OSPF areas are one of the more common topics I am asked about as networks grow. Before we dig into this, we need to understand the reasons why OSPF areas were created in the first place. Next, we will go into how to apply areas to modern network designs.
Why did areas come into being?
Let’s rewind to a time where RAM in routers was very expensive. Processors were expensive. One of the biggest reasons OSPF areas came into play was ram limitations. Every route in your routing table takes up ram. The more routes you have the more ram that is taken up in each router to hold that table. Also, in order to calculate these routes processor power is used up.
So what do areas do for me?
OSPF areas have many advantages. However, in most WISP and ISP networks they serve two purposes.
The first purpose is they group similar devices into logical groups. These groups can have filtering policies applied to them.
The second purpose is more important. Implementing areas reduces the size of the routing table. By doing this your routers spend less time calculating routes, and less time updating the database during a topology change. By reducing the routing table you also speed up what is called convergence time. This is the time the entire network needs to agree on the current routing topology. If a major backbone link is flapping your routers could be spending a fair amount of their resources calculating routing tables.
An important thing to note with implementing areas is you must have a good IP network design. This means your sites/pops/towers should have a logical design which allows for easy route summarization and consolidation. If you are looking into areas make sure you can summarize your routes in that area easily. The following examples illustrate why this is important.
In the above example we have created “Area1”. Since we have a good IP network design we can summarize our routing table in and out of area1 into a few different ways. If we want to reserve the whole 10.5.0.0/16 for future expansion then we can. Or if we want to break this down into 10.5.0.0/20 or even smaller we can. Part of this depends on growth plans. With areas you have to keep in mind every area needs to touch the backbone (area 0.0.0.0) directly. Now, you can use Virtual Links to have one non-backbone area traverse another non-backbone area. However, even though is a standard, is a workaround at best. There are many disadvantages to virtual links.
Now, back to our example. If we create an area the 10.6.1.0/24 and 10.6.2.0/24 routers are the “in roads” to Area1. These are known as area border routers (ABR).The main function of ABRs is to summarize sub networks found throughout the OSPF network. It stores many copies of its link-state database in memory when one of the stored copies shows an area where the actual router is connected. The ABR holds a minimum of two copies of the routing tables. One from the backbone area, and one from each area it is connected to.
But, I thought areas were supposed to cut down on ram and CPU usage? Well, everything has a tradeoff. This is where the philosophy side of things come into play, and probably the reason you have read this far.
When, how, and should I implement areas?
In today’s modern world with fast ram, fast links, and fast processors OSPF areas are needed less and less. Routers today have more ram than even 5 years ago. This means they can hold larger routing tables and do more calculations.
If you are thinking about implementing areas the first thing to look at is your IP design. In order to take the best advantage of areas you should have a logical, and congruent design. What I mean by this is your towers should be able to summarized as much as possible. If you can fit 20 towers into a single route statement that is one good place an area would make sense. If those 20 towers are not able to be summarized then adding an area is not going to be much of a benefit to you.
Network size does not necessarily dictate the need for OSPF areas. If you have a neatly summarized IP network the need for areas is lessened.
What about if you are trying to join two different networks?
Say you purchased a neighboring ISP and want to join the new network with your own. If you have overlapping IP space then things might not mesh together well, even with areas. Most times you are better off running BGP with the two separate networks. This allows each network to have it’s own space, own routing policies, but still be able to share bandwidth and other resources. You simply don’t announce any overlapping space to each network until things are re-numbered.
One question I get in this scenario is my router can’t handle BGP. BGP is a fairly lightweight protocol. The issues arise when you start pulling in full or partial internet routing tables. This is the same concept as mentioned above with the OSPF routes.
Categories
Mikrotik Router OS 6.29 released
The fastTrack improvements are a big improvement for those of you doing such things.
What’s new in 6.29 (2015-May-27 11:19):
*) ssh server – use custom generated DH primes when possible;
*) ipsec – allow to specify custom IP address for my_id parameter;
*) ovpn server – use subnet topology in ip mode if netmask is provided (makes android & ios
clients work);
*) console – allow ‘-‘ characters in unknown command argument names;
*) snmp – fix rare bug when some OIDs where skipped;
*) ssh – added aes-ctr cipher support;
*) mesh – fixed kernel crash;
*) ipv4 fasttrack fastpath – accelerates connection tracking and nat for marked
connections (more than 5x performance improvement compared to regular slow
path conntrack/nat) – currently limited to TCP/UDP only;
*) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking
connections as fasttrack;
*) added fastpath support for bridge interfaces – packets received and transmitted
on bridge interface can go fastpath (previously only bridge forwarded packets
could go fastpath);
*) packets now can go half-fastpath – if input interface supports fastpath and
packet gets forwarded in fastpath but output interface does not support fastpath
or has interface queue other than only-hw-queue packet gets converted
to slow path only at the dst interface transmit time;
*) trafflow: add natted addrs/ports to ipv4 flow info;
*) queue tree: some queues would stop working after some configuration changes;
*) tilegx: enable autoneg for sfp ports in netinstall;
*) health – fix voltage on some RB4xx;
*) romon – fix 100% CPU usage;
*) romon – moved under tools menu in console;
*) email – store hostname for consistency;
*) vrrp – do not reset interface when no interesting config changes;
*) fixed async. ppp server;
*) sstp – fixed router lockup.
*) queue tree: some queues would stop working after some configuration changes;
*) fixed CRS226 10G ports could lose link (introduced in 6.28);
*) fixed FREAK vulnerability in SSL & TLS;
*) improved support for new hEX lite;
Categories
What is AirMax priority?
From UBNT:
airMAX Priority is a setting which can be changed on station devices in an airMAX network. This option can be found on the airMAX logo tab.
It defines the number of time slots (or amount of airtime) assigned to each client. By default the AP gives all active clients the same amount of time. However, if the clients are configured with different priorities, the AP will give clients more or less time, depending on the priority. For the best performance, an airMAX network whose clients have the best signals should receive the higher priorities, while clients with poorer signals should have less/no priority.
Note: airMAX Priority only functions when multiple clients have it enabled.
airMAX Priority options include:
– High 4 time slots (4:1 ratio)
– Medium 3 time slots (3:1 ratio)
– Low 2 time slots (2:1 ratio)
– None 1 time slot (Default setting for clients; 1:1 ratio)
Clients with a higher priority have access to more of the AP’s airtime, providing higher possible throughput and lower latency when sharing with other active clients.
For example, if there are 3 clients, 1 set to None, 1 set to Medium, and 1 set to High, the None client will get 1 time slot, the Medium client will get 3 time slots, and the High client will get 4 time slots.
There are several reasons and benefits to using your Mikrotik as a DNS caching server. Queries to the client are just a tad faster, which makes the overall user experience seem snappier. It also allows you to quickly change upstream DNS servers in the even of an outage, attack, etc.
There are two main avenues to think about when protecting Mikrotik from DNS.
The first is the incoming port 53 requests to the router. You only want your customers to have access to query the Mikrotik. In a simple scenario we have this:.
ether1 is our upstream ISP connection. Customers are other ports. In this case if we want to block all port 53 requests from the outside world we specify the WAN interface to drop in the following code:
/ip firewall filter add chain=input in-interface=ether1 protocol=udp dst-port=53 action=drop add chain=input in-interface=ether1 protocol=tcp dst-port=53 action=drop
This will still allow your Mikrotik to send out DNS queries because they are sourced from a non reserved port. We are simply blocking the Mikrotik from not answering port 53 requests on the external interface.
In a later post we will talk about what to do if you have multiple wan interfaces or multiple exit paths on your router (say running OSPF)
Categories
American Tower Webinar for WISPS
An advertisement on the WISPA list. Useful for any WISP looking at deploying on American Tower Towers or Cell towers in general.
https://attendee.gotowebinar.com/register/7229015539956879618
Categories
Random Data Center Pic
Categories
Upgrading EPMP GPS Firmware
Beginning with System Release 2.0, users can upgrade the firmware of the on-board GPS chip present on the Connectorized Radio with Sync.
To upgrade the on-board GPS chip on a Connectorized Radio with Sync:
1. Navigate to Monitor => GPS to check the GPS Firmware Version that is currently present on the radio.
2.If the GPS Firmware Version displays AXN_1.51_2801, navigate to Tools => Software Upgrade
3.Under the G P S F i r m w a r e upgrade section, select the same package used to upgrade the device’s firmware ex: ePMP-GPS_Synced-v2.4.2.tar.gz.
4.Click upgrade
5. The upgrade can take up to 3 minutes. Once the upgrade is done, the radio’s UI prompts for a reboot and the reboot button will be highlighted.
6.Click the Reboot button on the top right corner of the UI.
7.Once the radio has completed its reboot process, check under the Monitor => GPS page to check the firmware version
Categories
Helpful Mikrotik BGP route print
/ip route print where received-from=<PEERNAME>
Replace <PEERNAME> with the name of one of your peers to show the routes received from that particular BGP peer.
You must be logged in to post a comment.