Re: Mikrotik RPKI Testing
This link will take you to their "suggest a feature" section. https://help.mikrotik.com/servicedesk/customer/portal/1/create/6 - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Bryan Fields" To: "Nanog" Sent: Wednesday, June 17, 2020 9:50:57 PM Subject: Re: Mikrotik RPKI Testing On 6/17/20 10:38 PM, Musa Stephen Honlue wrote: > Did you face any issues with IPv6 on 6.4, I personally have participated in > deployment projects on Mikrotik for many large networks. > > And it worked well in the end. The problem I ran into was having it support SLAAC for assignment of IP addresses for management to a management vlan. We have a number of them setup as bridges, and use ipv4 for management now, but can't seem to make them configure IPv6. I've run into several issues with them doing bridging as well. Perhaps the worst is there's still no way to associate a MAC with a bridge MAC. This means we can isolate problem MAC's on an AP level, but then have to dig into the FDB of each individual node on that AP. These aren't ideal, but at the price point, we put up with the issues. :) -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
Re: Mikrotik RPKI Testing
On 17/Jun/20 20:31, Bryan Fields wrote: > > > How is IPv6 coming on Mikrotik? It's a no-go at least for my > deployment on > 6.4 code. Not sure I want to run beta in a quasi-production network. In my home, basic IPv6 + SLAAC is working fine on Mikrotik, on 6.47. I have a mate who adds DHCP-PD on his, and he's happy too. Beyond that, I can't tell you much. It's a home CPE :-). Mark.
Re: Mikrotik RPKI Testing
On 17/Jun/20 19:19, Job Snijders wrote: > > Our hero Massimiliano Stucchi in Switzerland started doing the legwork. > He is is sharing the test results here: > > http://as58280.net/en/articles/RPKI-on-Mikrotik > > Enjoy! Thanks, and great to see. Shame IPv6 keeps being sent to the naughty corner, but well :-). Mark.
Re: Mikrotik RPKI Testing
Musa Stephen Honlue wrote on 18/06/2020 03:38: Did you face any issues with IPv6 on 6.4, I personally have participated in deployment projects on Mikrotik for many large networks. mikrotik ROS6 doesn't support next-hop recursion for ipv6 routes: https://forum.mikrotik.com/viewtopic.php?t=42268 It also doesn't support ospfv3 prefixes with the LA-bit set: https://forum.mikrotik.com/viewtopic.php?t=51124#p319794 I.e. if you originate an ipv6 loopback address from another vendor, the Mikrotik will silently drop the prefix on the floor. Note the dates on these posts: 2010 and 2011. Nick
Re: Mikrotik RPKI Testing
> On 17 Jun 2020, at 22:31, Bryan Fields wrote: > > How is IPv6 coming on Mikrotik? It's a no-go at least for my deployment on > 6.4 code. Not sure I want to run beta in a quasi-production network. Did you face any issues with IPv6 on 6.4, I personally have participated in deployment projects on Mikrotik for many large networks. And it worked well in the end. -- Best Regards -- Musa Stephen HONLUE - Trainer & IPv6 certification Registrar, AFRINIC Ltd. - ISOC Online Moderator = Quiet introvert | The One Thing | GTD | Deep Work | Start with why | 4DX | Die Empty | Essentialism | 5 AM Club | No Fs|Habits = t: +230 57 44 40 41 | tt: @mhonlue | w: www.honluemusa.africa ___
Re: Mikrotik RPKI Testing
On 6/17/20 10:38 PM, Musa Stephen Honlue wrote: > Did you face any issues with IPv6 on 6.4, I personally have participated in > deployment projects on Mikrotik for many large networks. > > And it worked well in the end. The problem I ran into was having it support SLAAC for assignment of IP addresses for management to a management vlan. We have a number of them setup as bridges, and use ipv4 for management now, but can't seem to make them configure IPv6. I've run into several issues with them doing bridging as well. Perhaps the worst is there's still no way to associate a MAC with a bridge MAC. This means we can isolate problem MAC's on an AP level, but then have to dig into the FDB of each individual node on that AP. These aren't ideal, but at the price point, we put up with the issues. :) -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
Re: Mikrotik RPKI Testing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 6/17/20 2:06 PM, Massimiliano Stucchi wrote: > I'm only living without IPv6 for the moment, which is painful... Fyi, your signature is bad on that email. How is IPv6 coming on Mikrotik? It's a no-go at least for my deployment on 6.4 code. Not sure I want to run beta in a quasi-production network. Thanks, - -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEaESdNosUjpjcN/JhYTmgYVLGkUAFAl7qYXkACgkQYTmgYVLG kUA5Lg/+OZnB5Kbo6rthl1xxTLfIwP+A3hAHGJgT5v+W4kbCqXpZzZM0nDL/v7gE XaR/PXxRC25g5TlN7hSnt+qpgAnl03poO6CO/qMW9umrniuOueuDBFsSebk63elH SS8G9Rv4qRfmMQ/3bzB+A3jITP/SLndXK4BK+CGTiZqCUfKHFdiLggmUSH2UZRxG /qmrM5RKeLf0RP32Vn8Oz9Q2RYfTrBACMDffi9K8xfifgTB3WJmStDWVUcl+hjvB zeQQ6Oi6Phvx5+V1JOjEdCr0EmOIUlqiMatCGfG0LObLXyQacQ7YDhoaAxFw2isN DOCc1vO/Cn1t6EOh3RfPAxvPpR/QJnNKHUoE9OuakdrYSjC6YAvQecBU68w3/yoz 1T+o1fXVvmBCgHrH8M40NrB9hhfZi2ou1MnhVH30oO8nxdF9xIUKUwlYo6K7Hv37 Co1LUAeGlIbCxB4Dfy1ySU/+RmBCkWPnaQSiHbCsGLlwGs+nWIrUbrf5SMDB2ylu C/VQ4hnSNl94a0jFFs6F5+n4TIPBO0DFXEqC6L3BJTQ75/YKXfeDc1f0GdJSYGeQ xAvSIMA4AJAjjy9idpD3gkmRTnO938bByqtgPx0v4AD9OzeUkKo8UrnFN46rEi/+ wfNc9rMbs4zas2Kbjb3djKjzHK4YiEl6aG/SqtMEIf0k7qms52w= =hzdI -END PGP SIGNATURE-
Re: Mikrotik RPKI Testing
> Mostly. > > I'm only living without IPv6 for the moment, which is painful... :) OMG!!! Max, I'm so sorry to hear that :'( signature.asc Description: Message signed with OpenPGP
Re: Mikrotik RPKI Testing
On 17/06/2020 19:38, Mike Hammett wrote: > Thanks! > > It's nice to see something mostly work on the first try. Mostly. I'm only living without IPv6 for the moment, which is painful... :) Ciao! -- Massimiliano Stucchi MS16801-RIPE Twitter/Telegram: @stucchimax signature.asc Description: OpenPGP digital signature
Re: Mikrotik RPKI Testing
Thanks! It's nice to see something mostly work on the first try. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Job Snijders" To: nanog@nanog.org Sent: Wednesday, June 17, 2020 12:19:21 PM Subject: Re: Mikrotik RPKI Testing Dear all, > I noticed that Mikrotik has added RPKI into their very much beta v7 > branch. I would like to ask those of you that know RPKI well to check > it out and offer Mikrotik feedback on what they've done > right\wrong\broken. Our hero Massimiliano Stucchi in Switzerland started doing the legwork. He is is sharing the test results here: http://as58280.net/en/articles/RPKI-on-Mikrotik Enjoy! Kind regards, Job
Re: Mikrotik RPKI Testing
Dear all, > I noticed that Mikrotik has added RPKI into their very much beta v7 > branch. I would like to ask those of you that know RPKI well to check > it out and offer Mikrotik feedback on what they've done > right\wrong\broken. Our hero Massimiliano Stucchi in Switzerland started doing the legwork. He is is sharing the test results here: http://as58280.net/en/articles/RPKI-on-Mikrotik Enjoy! Kind regards, Job
Re: Mikrotik RPKI Testing
On Thu, 4 Jun 2020 at 16:13, Mike Hammett wrote: > I noticed that Mikrotik has added RPKI into their very much beta v7 branch. I > would like to ask those of you that know RPKI well to check it out and offer > Mikrotik feedback on what they've done right\wrong\broken. Promising development, indeed - MT RPKI Forum Topic: https://forum.mikrotik.com/viewtopic.php?f=2&t=81340&sid=85bf0ab2fec75b418a070485e5a68741 - Changelog: https://mikrotik.com/download/changelogs/development-release-tree, https://forum.mikrotik.com/viewtopic.php?t=161980&p=797998 - Help page: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
Mikrotik RPKI Testing
I noticed that Mikrotik has added RPKI into their very much beta v7 branch. I would like to ask those of you that know RPKI well to check it out and offer Mikrotik feedback on what they've done right\wrong\broken. Thanks. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com
