Back to a CHR?

Friday 13th was an exciting one in my household! Not only did I kill the internet for everyone for a good 3 hour period whilst I swapped from an Ikea Lack table to a “real” 6U cabinet causing huge disruption when my planned single patch panel turned into 3! I also fired up old faithful and stuck on a fresh copy of the latest (6.42.6) CHR into my VM box.

Now I have my spare ESXi box housed in the attic in a real rack it means I don’t need it screaming away in the cave so I can finally move back to a CHR build and keep it. My rough maths says the CHR unit will have around 4-5 times the performance of the RB3011 which will now get moved to the cave as a dedicated VLAN breakout switch (or maybe sold) but ultimately I can employ some far more complex queues without worrying that I’m running the CPU up too far.

My long term plan is to SFQ my LAN traffic but then pick out particular traffic types from that and SFQ them against each other whilst doing some PFIFO pulling them all together. I’ll try to document as much as I can but in short it will be a huge amount of packet marking so CPU grunt is needed. I’m even now tempted to look at upgrading the CPU so it’s more than a dual core!

Fun times ahead.

Moving from Libre Office to Office365

Image result for microsoft office 365

I’ve always been a huge supporter of open source software. From when I was running Ubuntu the Libre Office suite always sufficed my need for an office type package and Thunderbird was always the Outlook “alternative”.

The problem is though, in the back of my mind they were always just the “free alternative” to the benchmark software I’ve always needed. With a huge amount of deliberation I’ve now decided to take out an Office365 subscription and even though I’ve only had it a couple of days, the software just feels fluid and well finished and the “genuine article”.

So far there is no buyers remorse but it feels like I’m slowly becoming a Microsoft fan, first moving from Ubuntu over to Windows, then from Notepad++ to Visual Studio and now from Libre/Thunderbird to Office.

MikroTik Fast Track Learning Experience

Free performance enhancement? Must be a catch….

I’ve recently had to investigate making some lower powered MikroTik devices route at decent speeds, there is a much longer story which I won’t be going in to but in short I had a task of making a CRS112 (low powered 400Mhz single core CPU) able to route 100Mb services.

A little background is the CRS112 is primarily a switch, using hardware offload you can easily switch at line rate (Gigabit) however they don’t really do too well in routing or anything CPU oriented. For example viewing Winbox uses 20% CPU resources as does running FTP, Telnet and WWW services!

For basic NAT masquerade and a simple 12 line firewall rule my initial testing was only yielding speed test results in the 30-40Mb region. The first 2 lines of my firewall were as follows to try and be as efficient as I could be;

/ip firewall filter

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

The goal was to route at least 50Mb through the CRS so I picked up something I left alone a long time ago as then there was no need to use CPU limited products and the cons outweighed the gains.

Fasttrack is a powerful little tool you can use to vastly improve throughputs on CPU limited devices, the plus sides of it are that my CRS112 that was only previously capable of routing 30Mb was now being limited by my PPP account at 150Mb and it still had gas in the tank! The device suddenly becomes a much more viable router however the draw back to this is that fast track effectively allows the packet “through the gates” and then takes no further part in it’s journey. Connection tracking is disabled meaning any further mangling of packets and queues simply do not know about the packets we have just expedited.

In most situations fasttrack is probably going to break more things than you’d like whilst trying to squeeze the last bit out of your router however on heavily CPU limited tasks where you only need a basic router it will certainly help.

The final firewall configuration only needed 2 lines adding (yes I tried without the accept rules and it won’t work);

/ip firewall filter

add action=fasttrack-connection chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=fasttrack-connection chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

So to summarise, fasttrack is the devil unless you have a low powered device. Connection tracking is probably more valuable than making your under specced kit last an extra couple of weeks but a very good learning experience.

April 2018 What’s Happening?

As I write this I have so many things in my mind I want to write about and create videos about!

Recently I’ve slowed down on the tutorials but it’s not through lack of content. I’ve had a big change in the software I’ve been using so have been trying to get it just right and how I want it to be as well as trying to plan into the future.

This month already I’ve started streaming a brand new game, it’s completely opposite direction from the AAA titles. I had thought about moving to Far Cry 5 but there are already so many amazing creators doing that I wanted to do something nobody else is (yet). War Brokers is my route to doing that, currently it’s kind of like a Minecraft/FPS but it’s great to play and easy to pickup. I’m looking forward to watching it develop and streamingmore of it, in my first stream one of the devs engaged with me so huge thumbs up for that.

In about 2 weeks the newest version of AMD Ryzen CPUs should release, I’m already gearing up for a change from my 1700X onto whatever the newest version will be (most likely a 2700X). Once they are released I’ll be moving over onto one of those and hopefully improving performance once again.

Im also hoping very much to get my hands on one of the recent MikroTik hardware releases, a small little box ideal for a traveller so I’m wanting to do a full unboxing and road warrior config for that.

Thank you if you are reading this and please do keep checking back for more.

WarBrokers.io Browser Based FPS

Whilst enjoying AAA titles sometimes they do get a bit annoying or rage inducing. PUBG for example spending ages to get decent loot to get gunned down by someone sat in a bush with no loot at all and others like COD where it is extremely fast paced and you can barely move after spawning. This induces a search for alternatives whilst still wanting something to keep you entertained for more than 3 minutes.

War Brokers has at the moment ticked that box for me. It is a free to play browser based FPS built on the Unity engine by Trebuchet Entertainment with basic graphics (Minecraft) and a gun in hand. Movement is a bit weird and unpredictable at times but overall fun factor is constantly there and can be mixed up with the use of various weaponry and vehicles.

I’ve put some screenshots below, just click if you want to see them big.

Definitely worth a try! http://warbrokers.io

.

Securing RouterOS written guide is now Live!

This is probably one of the most important (and overlooked) aspects of using an internet capable router. Security of your device is paramount an you should always do everything you can to protect it. I’ve got both a written and video tutorial to show try and help you achieve a solid security solution so you can be safe in the knowledge that your router is unreachable from unauthorised sources.

MikroTik QoS with script now live!

I’ve just put the finishing touches to v1 of my QoS script for Mikrotik RouterOS devices. QoS is a weird one as what suits my needs may not suit yours and I go into some detail here about it but regardless to that the written tutorial with downloadable script file is now live on my site and you can find it just here.

Hope you find it useful and please do give me any feedback you may have!