Back to a CHR?

Friday 13th was an exciting one in my household! Not only did I kill the internet for everyone for a good 3 hour period whilst I swapped from an Ikea Lack table to a “real” 6U cabinet causing huge disruption when my planned single patch panel turned into 3! I also fired up old faithful and stuck on a fresh copy of the latest (6.42.6) CHR into my VM box.

Now I have my spare ESXi box housed in the attic in a real rack it means I don’t need it screaming away in the cave so I can finally move back to a CHR build and keep it. My rough maths says the CHR unit will have around 4-5 times the performance of the RB3011 which will now get moved to the cave as a dedicated VLAN breakout switch (or maybe sold) but ultimately I can employ some far more complex queues without worrying that I’m running the CPU up too far.

My long term plan is to SFQ my LAN traffic but then pick out particular traffic types from that and SFQ them against each other whilst doing some PFIFO pulling them all together. I’ll try to document as much as I can but in short it will be a huge amount of packet marking so CPU grunt is needed. I’m even now tempted to look at upgrading the CPU so it’s more than a dual core!

Fun times ahead.

hAP Mini Configuration

I’ve recorded my hAP Mini config video a couple of times so far and still not found a version I like. It is in the pipelines though however I’m thinking that trying to include low powered device optimisation into the same video is a bad thing. Maybe that should be it’s own video?

Either way I’ve configured my new “toy” a couple of times now and have been really amazed by what I was able to push through it. Bearing in mind this is a low powered single core unit out of the box with a handful of firewall rules and NAT it was able to push 94Mb whilst maintaining only 88% of CPU utilisation (minus whatever it was using for me watching Winbox).

Testament to my previous fasttrack learning curve though, once I put a couple of fasttrack rules into the firewall that same 94Mb was achieved on just 22% of CPU utilisation (again whilst I had Winbox open so minus a few % for that.

I seem to be finding 94Mb as a limitation though, this will no doubt be in part due to the unit only being 10/100 and losing some overhead from that but I’m amazed how viable this thing is, even to the point that it would be able to be used for VDSL in the UK with no detriment.

Please keep your eyes peeled for some soon to come videos regarding the hAP mini, potentially a config and then a more broad stroke efficiency ideas.

MikroTik Fast Track Learning Experience

Free performance enhancement? Must be a catch….

I’ve recently had to investigate making some lower powered MikroTik devices route at decent speeds, there is a much longer story which I won’t be going in to but in short I had a task of making a CRS112 (low powered 400Mhz single core CPU) able to route 100Mb services.

A little background is the CRS112 is primarily a switch, using hardware offload you can easily switch at line rate (Gigabit) however they don’t really do too well in routing or anything CPU oriented. For example viewing Winbox uses 20% CPU resources as does running FTP, Telnet and WWW services!

For basic NAT masquerade and a simple 12 line firewall rule my initial testing was only yielding speed test results in the 30-40Mb region. The first 2 lines of my firewall were as follows to try and be as efficient as I could be;

/ip firewall filter

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

The goal was to route at least 50Mb through the CRS so I picked up something I left alone a long time ago as then there was no need to use CPU limited products and the cons outweighed the gains.

Fasttrack is a powerful little tool you can use to vastly improve throughputs on CPU limited devices, the plus sides of it are that my CRS112 that was only previously capable of routing 30Mb was now being limited by my PPP account at 150Mb and it still had gas in the tank! The device suddenly becomes a much more viable router however the draw back to this is that fast track effectively allows the packet “through the gates” and then takes no further part in it’s journey. Connection tracking is disabled meaning any further mangling of packets and queues simply do not know about the packets we have just expedited.

In most situations fasttrack is probably going to break more things than you’d like whilst trying to squeeze the last bit out of your router however on heavily CPU limited tasks where you only need a basic router it will certainly help.

The final firewall configuration only needed 2 lines adding (yes I tried without the accept rules and it won’t work);

/ip firewall filter

add action=fasttrack-connection chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=fasttrack-connection chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

So to summarise, fasttrack is the devil unless you have a low powered device. Connection tracking is probably more valuable than making your under specced kit last an extra couple of weeks but a very good learning experience.

Broadband Upgrade

I’ve been a little bit AFK over the last month or so, real life duties have had to take priority and then more recently broadband issues! I’ve now had to take the step and put in a copper based line however me being me wanted to use MikroTik kit. to do this I needed to use a stand alone modem so opted for an ex-BT Huawei HG612 3B and then used a PoE splitter to power it so I didn’t have any nasty power supplied stringing around my front room.

A 50cm Tandy high quality twisted pair DSL cable took the duty of getting the service form my master socket to my modem.

Although not the full 80/20 I am now getting a good packet loss free 55/16

April 2018 What’s Happening?

As I write this I have so many things in my mind I want to write about and create videos about!

Recently I’ve slowed down on the tutorials but it’s not through lack of content. I’ve had a big change in the software I’ve been using so have been trying to get it just right and how I want it to be as well as trying to plan into the future.

This month already I’ve started streaming a brand new game, it’s completely opposite direction from the AAA titles. I had thought about moving to Far Cry 5 but there are already so many amazing creators doing that I wanted to do something nobody else is (yet). War Brokers is my route to doing that, currently it’s kind of like a Minecraft/FPS but it’s great to play and easy to pickup. I’m looking forward to watching it develop and streamingmore of it, in my first stream one of the devs engaged with me so huge thumbs up for that.

In about 2 weeks the newest version of AMD Ryzen CPUs should release, I’m already gearing up for a change from my 1700X onto whatever the newest version will be (most likely a 2700X). Once they are released I’ll be moving over onto one of those and hopefully improving performance once again.

Im also hoping very much to get my hands on one of the recent MikroTik hardware releases, a small little box ideal for a traveller so I’m wanting to do a full unboxing and road warrior config for that.

Thank you if you are reading this and please do keep checking back for more.

MikroTik MUM Europe 2018 New Product Announcements!

Some exciting new products from MikroTik this year announced at the Europe MUM in Berlin. Looks like a very heavy lean towards the 10G switching direction with some enterprise mindfulness being brought in. Shame there haven’t been any new CCR devices or “better” SOHO devices but for now these will do!

crs305-1g-4s+in
crs309-1g-8s+pc
crs312-4c+8xg
crs328-4c-20s-4s+rm
crs332-32s+rm
crs354-48g-4s+2q+
crs354-48p-4s+2q+
lhg-60g
pwr-line-ap

Securing RouterOS written guide is now Live!

This is probably one of the most important (and overlooked) aspects of using an internet capable router. Security of your device is paramount an you should always do everything you can to protect it. I’ve got both a written and video tutorial to show try and help you achieve a solid security solution so you can be safe in the knowledge that your router is unreachable from unauthorised sources.