Mikrotik changes their firmware version numbering

While troubleshooting an issue this morning I went to upgrade the routerboard firmware on a CCR after bringing it up to 6.42.  The upgrade-firmware now appears to match with the router-os version.

/system routerboard print
routerboard: yes
model: CCR1016-12S-1S+
firmware-type: tilegx
factory-firmware: 3.22
current-firmware: 3.41
upgrade-firmware: 6.42

Now, if Mikrotik would just provide release notes on the routerboard firmware in a handy place.

Helpful Tool: WiFi Texas WS-PoE-Tester

The WS-PoE-Tester reports voltage and current for PoE systems. It works with 802.3af and passive PoE, and also 802.3at.

Dual displays show the voltage and current on each set of power pairs (Mode A and Mode B) used in PoE. In 802.3at – both power pairs should be active – and both will be displayed.

The tester is protected from reversed power, with a warning LED in case reversed power is applied. Dual inputs allow with straight or crossover ethernet connections ( 568A or 568B ).

In addition, a power supply brick can be tested using the 2.1mm DC power connectors. This allows DC power supplies for laptops, printers or any other application to be tested.

Available at:
https://www.ispsupplies.com/Voltage-and-Current-tester-for-PoE

MTIN announces updated Indianapolis bandwidth pricing

MTIN would like to announce updated bandwidth pricing for connectivity at the following locations in Indianapolis Indiana
733 West Henry Street
401 North Shadeland
701 West Henry *
731 West Henry*

Single Carrier Bandwidth
as low as $.17 per meg

Blended BGP
Multi-carrier blend + CDNS + IX routes
As low as $.25 per meg

-Commit Levels as low as 50 megs
-95th percentile billing available
-Cross-connects as low as $50 per month
-Bandwidth options include Cogent, Hurricane Electric, MidWest-IX, and many others

*extended cross-connect fees may apply to these locations

IPV6 Firewall rules for Mikrotik

Some basic IPV6 Firewall Rules for Mikrotik. Replace in-interface=”” with your appropriate interface.

/ipv6 firewall filter
add chain=input protocol=icmpv6
add chain=input connection-state=established,related
add chain=input dst-port=546 in-interface=ether1-wan protocol=udp src-port=547
add action=drop chain=input connection-state=invalid
add action=drop chain=input connection-state=new in-interface=ether1-wan
add chain=forward protocol=icmpv6
add chain=forward connection-state=established,related
add chain=forward connection-state=new in-interface=!ether1-wan
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-state=new in-interface=ether1-wan

Mikrotik and two unique subnets across an Ipsec Tunnel

Recently we had an issue with an IPsec tunnel on Mikrotik passing multiple subnets across a tunnel with multiple policies. The problem is Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and the other subnet, which has the second policy did not work.  In our case, we had two subnets 192.168.115.0/24 and 192.168.116.0/24 going across the tunnel.  We could reach things on 116, but not 115.  The following blog post was the fix for our issue.

Mikrotik IPSec VPNs with multiple destination Networks/Policies and SA(s) management.

Once the level was set to “unique” everything was good.

Lab Network

I am starting an ongoing series involving a semi-static set of devices.  These will involve different tutorials on things such as OSPF, cambium configuration, vlans, and other topics.  Below is the general topology I will use for this lab network.  As things progress I will be able to swap different manufacturers and device models into this scenario without changing the overall topology.  We may add a device or two here and there, but overall this basic setup will remain the same.  This will allow you to see how different things are configured in the same environment without changing the overall scheme too much.

We will start with very basic steps.  How to login to the router, how to set an IP address, then we will move to setting up a wireless bridge between the two routers.  Once we have that done we will move onto setting up OSPF to enable dynamic routing.  After that the topics are open.  I have things like BGP planned, and some other things. If there is anything you would like to see please let me know.

Vendor Spotlight: Subcarrier Communications

Over the past several WISPA shows I have had the opportunity to chat and get to know CEO John Paleski from Subcarrier Communications (www.subcarrier.com). John is very in-tune with how the WISP industry functions in terms of tower needs.  Many of the big tower companies tack on so many fees with their towers it makes leasing a tower out of reach for many. Add on the processes in place can be a deterrent to getting equipment in place.

Subcarrier has addressed many of these hurdles for the WISP industry.  Reasonable rates for tower rent are always a concern, but if the business model is there for the WISP, they are not the primary concern many times.  Not only has subcarrier realized many WISPs are utilizing smaller equipment, but things like huge application fees are a negative for the smaller WISP. Subcarrier knows what is on their towers. Such a simple thing means a rapid and smooth deployment for the WISP.  After several conversations with JOHN, it is apparent he knows just about every tower in his inventory.  He can tell you if they will support what you are wanting to hang on that tower without running a $2000 engineering study right off the bat.  On the flip side, he isn’t compromising safety or integrity of the tower.  Many towers, such as old AT&T long lines towers were built to such high specifications if you just apply a little common sense and some quick figuring you know the typical WISP deployment isn’t going to add any significant amount of loading on the tower.

I believe that John thinks the same way many of us in this industry do.  An empty tower is not making anybody any money.  If it makes sense for both parties then a deal can be made.  Too many of the larger tower companies only look at deals that make sense for them.

I would encourage any of you looking for towerspace to check out the sites Subcarrier has.  Check out their interactive Google Search to see if they have some towers you could use. Tell them Justin sent you over.