#networking

Nah the internet works fine downstairs, so their internet works fine. Its literally just upstairs (and it works again after restarting the Linksys router). Its just very annoying.

they said it's ethernet

yes

but I mean what port is it connected on etc

because maybe there are two dhcp servers on the internal network, one for the correct network, the other for the wrong one

oh yeah dhcp conflicts

@thick minnow is the second router in AP mode or as a router?

the second router might be uplinked on one of the LAN ports with the DHCP server enabled or something

I tried bridge mode first, worked fine except Wifi stopped assigning IP adresses, restart etc didnt help so we had no wifi for hours. normal router mode (with static ip adress) works fine until it loses connection to the ISP gateway

what port on the linksys plugs into your ISP gateway

The second router runs its on DHCP yeah …

1st

um the WAN port?

or the first LAN port?

yeah

yeah to which?

1st lan port from gateway to "internet" port of the linksys

as i already said its all hooked up as it should

is dhcp enabled?

on the second router

on both routers sadly, but otherwise wifi wont work

either this or that

the weird thing is we have another linksys router downstairs (older model) for wifi which works just fine in bridge mode

you said you gave your linksys upstairs a static IP address on the internet port?

yeah

same downstairs

but makes no difference in stabilty

the static IP you used, that is outside of the DHCP range of the main router I assume?

its literally the ip adress it assigned automatically and i pressed some button to make it static

nothing out of range or anything

so dhcp reservation

ok

idk it says static ip

where does it say static IP - in the linksys or in the main router?

on the ISP gateway

well on both

ok, yes some gateways conflate dhcp reservation with static IP

on both?

if the linksys is on a dhcp reservation it wouldn't know that it is

yeah when i set up the linksys router internet connection i chose to type in a static ip instead of using dhcp

maybe thats it

i will change it to dhcp

yes, change it to dhcp

but i can leave it static on the ISP gateway right?

yes

well i will try that, usually it happens <48hrs

when the ISP side says "static" it doesn't actually mean "static", it instead means "DHCP reservation" and assumes the client is on DHCP

ohh alright

wait imma just send a ss

it is a way of making sure that a client device will always get the same address via dhcp without actually having to change the device to a static IP configuration

its all in german but it says static ip

i see

the name ending with 0 is upstairs

yeah those are dhcp reservations, if they were exclusions for real static addresses they wouldn't need ot know the MAC address

thats what i set the linksys to

i hope its not bad posting my isps dns and shit public right?

idk

yeah so you can just change the linksys to DHCP

nah those are all private except the isp dns

all we know basically now is your ISP

is that good or bad

i mean yall r good people so who cares but still

neutral

wow 😂

neither good or bad, just there

your ISP dns servers are not some secret anyway

oh alright

my pc still has that issue tho

some cheap windows laptop too but its used over wifi always anyways so idc

both have realtek ethernet

sorry what issue?

My PC is connected via ethernet to the linksys router but randomly loses connection

check windows network log

what does the PC show when it loses connection

windows troubleshoot says it doesnt get an ip adress

check the event viewer

not identified - no connection

so you actually know what's happening

kinda

but idk why

wtf theres a lot of errors about the realtek controller and that it has been reset

like every minute

probably a bad nic driver

or faulty nic

"The network driver detected that its hardware has stopped responding to commands."

try downloading a newer nic driver from realtek

I had a similar issue before.. I would upgrade the driver to the latest one from the realtek site and it would fix it

its all up to date

windows update would download an older driver and downgrade it and break it again

wow

it is? did you go to the realtek site and check there?

typical windows update

i will but as far as i know its updated

i checked like a month ago tho

or 2

if you are just checking for driver updates in device manager it probably won't be the current version

imagine using device manager lol

how were you checking for updates?

i usually use asrocks own shit and iobit driver booster. i prefer downloading it from the actual manufacturer but with shit like ethernet uhhmm im lazy

but theyre usualyl very up to date

but im checking rn of coruse

course

if updating fixes it imma kms

i pressed repair and i think its installing a new driver now

i will report if it happens again

thanks yall!

the asrock website may not be up to date with the latest driver if it is not a new product

if your mainboard is 3 or 4 years old, the driver on the asrock site will likely be out of date, because they don't bother to update the drivers page when the product starts to get older, even though the vendor is still going to be releasing new versions

wireguard is generally pretty fast on everything

asking for full gigabit though is probably a bit much

nice, 700Mbps, I'm getting around 600Mbps lol

with Wireguard

😦

This is on a dual socket Xeon E5-2620 v2

and a 8700K client

https://blob.rocks/NR3GUHu2ff.png

Lol

I mean TBH

in most cases that's fine for me

I don't know how wireguard handles stuff exactly, but one issue with tunnels of any type in general is that the performance tends to be impacted severely by jitter (latency variation)

if you have very low latency and jitter, the tunnel throughput will be quite high

Since most of the time...I'll be connecting to it from cellular or public wifi

but out of order packets can make even an unencrypted tunnel operate quite slowly

when I run EoIP tunnels on mikrotik I can get great TCP throughput if the latency is very low, which also means the jitter is low

but when the latency starts to increase to like 50ms or higher, and presumably the jitter is similarly increased, the TCP throughput drops even though the CPU is not maxed out

anybody here running windows 10 pro with hyper-V?

Yes

@little schooner I changed the IPv4 config for my default vswitch and I want to change it back to what it originally was

but unfortunately I didn't take a screenshot of what was there

could you share what you have in your IPv4 settings in the default vswitch config?

@tender hazel

Thanks!

np

Bandwidth delay product (BDP). Higher latency, more time waiting for ACKs, less throughput. Once or twice a month I get escalated a ticket on a customer that is complaining about not being able to reach the speeds they're paying on a L2 circuit for and usually its almost always related to BDP. One of our month engineering training I cover it and its impact

This is how quickly latency impacts speeds

**0ms**
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1.13 GBytes   969 Mbits/sec  875             sender
[  4]   0.00-10.00  sec  1.13 GBytes   968 Mbits/sec                  receiver
**20ms**
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   790 MBytes   663 Mbits/sec  743             sender
[  4]   0.00-10.00  sec   788 MBytes   661 Mbits/sec                  receiver
**50ms**
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   547 MBytes   459 Mbits/sec    0             sender
[  4]   0.00-10.00  sec   547 MBytes   459 Mbits/sec                  receiver
**50ms** -** 4 Threads**
[SUM]   0.00-10.00  sec  1000 MBytes   839 Mbits/sec  989             sender
[SUM]   0.00-10.00  sec   992 MBytes   832 Mbits/sec                  receiver```

Jitter surprisingly has far less impact and loss (as long as consistent) is not as much as you think. This means nothing however for UDP of course

BDP is why "long fat pipes" became a thing as TCP and latency is an unavoidable problem

@hollow marlin yes, but I'm not only talking about BDP.. there is an additional hit taken for tunnels

I can do higher TCP rate outside a tunnel vs. inside one, in cases where CPU is not being maxed out

Yeah you have overhead, especially when using TCP as the encapsulation

if a single CPU core is not maxed out, and yet the tunnel limit is quite a bit less than the raw limit, it is due to other factors

some of it is probably mikrotik specific, and some is certainly related to fragmentation

because it is a very large difference - 10-15Mbps max through the tunnel vs 300+ Mbps outside, TCP throughput

so I'm not talking only about overhead from encapsulation

That too, buffers can be several ms depending on windowing and frag. Im just saying majority of the problem is due to latency

yes, in our testing we found we can get very high EoIP tunnel rates where latency is low

but we have one site where we have about 60 or 70ms latency, and I can only get TCP to ramp up to a few Mbps

through the tunnel

outside of the tunnel we can use the entire 40Mbps connection

with a single TCP stream

but inside the tunnel, 1-3 Mbps for the TCP stream

I want to get that latency down so that the users will feel their service is faster

because at the moment they feel it is slow and yet the 40Mbps uplink is usually only about 1/2 to 2/3 used

I would go with it being a Mikrotik thing. Overhead for asymmetric tunnels over the internet is down to the header, frag and latency. Some loss here and there too but not as devastating. I wouldn't expect that much loss unless the CPU was the limit or a core being pinned.

Agreed on latency, low latency is 90% of the experience in most cases

MikroTik EoIP has a feature where you can send 1500 byte packets over the tunnel over layer 2 and it fragments them and recombines them on the other end

we use that to ensure that we can pass any necessary packet size

TCP throughput is higher if we reduce the EoIP tunnel MTU to 1452 or lower

Is this internal or over the internet?

over the internet

You can try prerouting mangle mss clamping to assist if you have not already

yeah it is a bit.. trickier

we are running MPLS over EoIP

we are running VPLS tunnels over that

the VPLS tunnels are carrying PPPoE

so we have a few levels of encapsulation going on

I can try doing additional mss clamping on the underlying PPPoE

I'll just have to figure out how to do it for only those that are going over that link

normally we try to get layer 2 links to sites that are 1550 MTU or larger

if we can only get a 1500 or slightly larger MTU link, or it is layer 3, then we run MPLS over EoIP

Is there any reason why you are running VPLS over EoIP? No need for the extra overhead if you already have a L2 tunnel between the sites unless there are multiple customer behind the Tik at the remote site

yes - on the rest of our network we run VPLS to bring the customers back to the core

so our network is entirely routed, but our customers are brought directly to our core via VPLS tunnels, whether they are getting PPPoE service or DIA

we could run it across the existing EoIP tunnel but the issue is that the EoIP tunnel goes to the wrong router

so we would have to trunk the VLAN across layer 2 over a bunch of core devices

which would make troubleshooting really difficult in the case of a loop or other layer 2 issue

Im well aware of the design, we're all routed with VPLS, any other design for L2 is not sustainable. Im just saying the interface for the tunnel at your edge can be part of the VPLS bridge and be encapsulated with EoIP on egress to the remote site.

Its easy enough to do in Juniper but Id have to dig into what Mikrotik can and cannot do with VPLS

oh yes, that's possible for us to do linked tunnels like that

but I'm also trying to get us to get another transit uplink

and the one I'm looking at has direct routing with the provider that services that site

currently that EoIP traffic takes a boomerang route from winnipeg->toronto->winnipeg

if we get the second transit (which we should have anyway for redundancy), it would decrease that latency to 1-2ms

and then suddenly running VPLS over EoIP doesn't make too much difference

right now we are entirely reliant on hurricane electric as an upstream

we need a second one

Yeah if that path is what its taking, you need another peer. Well like you said, you should have one anyway.

yeah, the problem is that the major local internet providers in Winnipeg (Bell and Shaw) do not peer at the internet exchange in Winnipeg

leading to the boomerang routing unless you buy service from them.. we were looking at buying BGP transit from Teksavvy, which peers with Bell in Winnipeg

and is much cheaper than buying transit from bell, and they give a blackhole community

our old upstream didn't give a blackhole community and so we couldn't have an automated mitigation method for DDoS attacks

we used to have the network taken down for a few minutes every few weeks by DDoS attacks until we moved to HE for an upstream and were able to set up automated DDoS mitigation

We offer both blackhole communities and flowspec for our downstream peers. Later a little more restricted to prevent what HE went through last year but its less impact on our edge as the filters are done in HW and it doesn't require as much TE as its being filtered at the edge instead of the core

Previous SP I worked for had no such desire for it, which we felt when some customers we being hit hard

our satellite network still runs through our partner in Ontario, unfortunately they don't have automated DDoS mitigation and so our satellite sites were hit by several DDoS attacks in the past few weeks, which required their manual intervention to fix

they were fairly quick because at least they now have alerting set up when it happens, but it still takes 5-10 minutes to remedy the situation

5-10 for a DDoS? I figure if you already have solid alerts set up, you can make a playbook for that.

^ Me thinking with my site-based methodologies

On our main network with fastnetmon guarding everything, we block every DDoS attack in seconds

our customers probably don't even notice

but when you are reliant on a human being who has other jobs aside from monitoring DDoS

and they have to log in to devices to create blackhole routes etc.

From an ISP perspective, automation is not needed as blackhole triggering/flowspec is pretty well supported at this point. Simple to implement and not just a benefit for their customer but their entire network

huh, just looked at fastnetmon. Looks like its worth a read of their docs.

Don't think its worth implementing in our hunt kits, but I might yoink how they're doing packet capture

we've been really happy with fastnetmon

we implemented it two years ago on our terrestrial network to send blackhole routes to HE automatically, and we've had no DDoS attacks take things down since then

I can see in the log where it blocks one every few days by blackholing the customer

I mean it may not be the customer's fault that they are being DDoS'ed

but it is a lot better that it is just them going down and not our entire network

Does it have any methods of interaction other than pulling stuff off blacklists? Like filtering of alerts, or redirecting to another endpoint?

how do you mean?

For example, alert is generated from host X dos-ing residential host Y. Before potential blackholing of residential customer, alert is ran past a reputation check, and sees the res IP is "trusted" and only blackholes the sourrce

I may be missing something here, but how do you only blackhole the source?

routing tables in almost every device are based entirely on the destination, not the source

treating one source differently from another is in the realm of PBR (policy-based routing)

Thats where flowspec comes in

So, being honest that I'm overall ignorant of anything that happens at ISP level. Just applying my experience with products like snort that can act as a IPS by blocking IP's that hit on sigs, but additionally being able to be run across a home network filter to prevent a local addressing being blocked

Implemented via a drop at the firewall

ahh I see, yes I am reading about it now. I wasn't familiar with it previously

Frankly the BIG network world terrifies me, where speed is weighted favorably vs monitoring and security

The problem with a firewall drop at the ISP level is that the DDoS attack can consume our entire uplink, so even if we are dropping those packets, it leaves us with no more bandwidth to use

it might be different if we had say 25Gbps or 100Gbps transit

Yeah thats what flowspec does. blackhole triggering (there is a source based flavor) send a BGP update that has a NULL route which essentially takes the customer down. Flowspec does it by sending a BGP update containing any number of src./dst. IP and port numbers and any router using the flowspec NLRI capability with apply a filter on all interfaces based on the BGP update. Much more granularity without the effect of basically just unplugging your router

but with just 10Gbps transit a DDoS attack can overwhelm it, and what we really need to stop the flow of packets is to get the transit to stop sending it to us, not to drop them after the transit has already sent them

We had one mission where we had to monitor a datacenter's 10 gbps uplink. Tuning our sensors to do full PCAP on that was a nightmare.

but flowspec seems like it is intended to solve exactly that situation

Its nice until you are one of the T1s that forgets to add the import policy that denies flowspec NLRI that request to block TCP port 179

if I understand you correctly, you mean forgetting to add a filter that prevents flowspec from blocking the BGP port on your router, which would take down the peering entirely

Yep

Thats what Centurylink did last year

https://techmonitor.ai/techonology/cybersecurity/centurylink-outage-flowspec

interesting

Customer advertised a route that was missing both src./dst. IP which mean the filter applied to all interfaces blocked BGP for all src./dst. IPs. Peers went down which caused mass convergence, but as things were converging, the flowspec route was obviously purged which removed the filter, peers came up, received the route again....rinse and repeat

ugh

it is scary sometimes how much BGP operates on the trust principle

Yeah it would be a nightmare situation. 1,000s of routers bouncing routes while the time it took to propagate just cause black holes everywhere

I mean any sort of centralized system can be vulnerable.. and things like RPKI help to some extent, but for the most part everything is based on trust, and everybody being a good netizen

It is, thats why I cringe at the thought of CCNAs that say they know BGP. AKA, here basics how it works and heres how to setup a peer. Not filtering, no security, no design thoughts... Many which of have their hands in public peering everywhere

Its simple but complex at the same type just due to taking in consideration on how it interacts at every point

yup.. it is amazingly simple to just advertise your routes to the peer.. but harder to set up a correct filter to ensure that you don't advertise routes to your peer that you shouldn't be advertising to them

otherwise any random misconfiguration can end up passing up to the upstream in a way that wasn't intended

RPKI is on our to-do list at least. Currently we are using Radb (non-standard precursor to RPKI) but from what I hear from other friends at some T1/T2, they make it sound like its a pain to implement. I know its similar, but one of the few BGP subsets I have yet to even look into

RouterOS v7 has support for RPKI

I don't think they have implemented flowspec support

we had to add a few blackhole routes due to cloudflare's RPKI checker introduced about a year ago

isbgpsafeyet.com

we don't actually implement BGP "safely" as they define it, we just drop the prefixes used by CloudFlare for that test site

we will roll out RPKI when we can, but given that early adopters have run into horrible issues that taken down their entire network in some cases, is it really worth the risk before it stabilizes?

I feel the same based on the horror stories. I know when the time comes I will be labbing it straight for at least a month before I attempt to deploy it. We have tight filtering for our downstream peers on what prefixes we import based on the LOA they sign upon turnup. Combine that with our edge routers that server the sole purpose of BGP to our upstream and their 8-12,000 lines of config, Im confident in what we have...as long as we don't run into many of Juniper's bugs

yeah well that is really where the issue comes in with RPKI, you are placing your trust in the automation doing everything correctly, and when the code is only months or at most a few years old, it is hard to do that

If Mikrotik could add flowspec it would be a nice bonus but its niche for a majority of their customer base. There is also a lot to it in terms of dev as its "automation" in a sense where it can not only filter IPs and port, but also do classification and policing. They'd have to impliment it correctly without interfering with the customers FW or wrecking the CPU

I'm not necessarily too bothered by our customers getting blackholed since it is better than the alternative, and it is more likely than not that they were behaving in such a way online that somebody wanted to attack them

and we have only had residential customers being blackholed, I don't think we've had a single case of that with a business account

Until your own network is attacking itself...remember the Mikrotik bug back in like 2017? Well at the previous SP I worked for we had around ~2000 AC2 in the field and at that time, Mikroik's and their quirks were new to many of the engineers and something along the line of ~800-1000 of them we vulnerable and part of the bot net at the time and had two instances of our own large business customers being attacked internally. The following day is when they released the emergency update and it made the news. I think we had upwards of 50-70gbps of traffic to the core links which was not fun...😆

Due to the design we could not black hole the traffic

oh you mean the vulnerability with the winbox port?

or www port actually as well

Yep, and guess what was not disabled in the Dude to the devices

ugh

mhm

I mean when that vulnerability appeared I was thinking "who would be so stupid as to open winbox and webfig ports on their device to the world in the first place?"

but the answer is a lot of people apparently

I became comfortable with routerOS after that. Spent a few weeks with some engineers learning the ins and outs and from then on out were locked down.

we were locked down before that, so a few managers were concerned about it

but we were like "no, we block those ports globally, so it doesn't impact us"

They had a decent FW setup prior but what I suspect happened is a few were not provisioned correctly and the filters were missing some to block addresses within our space. So 1 could have compromised the rest

yeah, it happens

we upgraded soon after just to be safe

Oh we did pretty quick

but I wound up getting a few annoying comments from upper managers like "so this proves mikrotik is crap, we should move to cisco and hp" etc..

thankfully those managers no longer work for us 🙂

Same. But all vendors have exploits. They have pretty on top of patching since

yes I agree - and too many people unfortunately considered webfig and winbox ports to be safe to open to the world at large

generally I only consider ICMP plus VPN protocols to be safe enough to open to the entire internet

Fiber better? 😛

not really lol

not for this situation

ah, fair enough

running conduit or direct burial?

not going outside

Ah!

the only part outside is behind an AP

gotcha

uhmm i just wanted to give an update about the problem we were talking about yesterday, i forgot who it was but ehh the problem still persists. My linksys router still loses connection to my isps gateway randomly

I have a 4u system weighing around 75lbs. every time i've bought hardware it's come with slide rack kits. this time it didn't could someone help me find the right 'quality' tool for the job. I've been told to get an asus r20A 90-S00SP0250T, but they are unavailable in the US

So you need server rails?

here are the ears on my system

yes

What server is it?

it's a comino rm grando

Sounds like you need some universal rails

Can't find anything specific

right

could you help me find one on amazon?

Something like this

https://www.amazon.com/StarTech-com-UNIVERSAL-SERVER-RAILS-UNIRAILS1U/dp/B00FPJKQAK

im looking for slide rail

I don't think such exist unless that case has something specific on the side

https://www.amazon.com/KRI-Universal-Rackmount-iStarUSA-PLINKUSA/dp/B01M8KKZCP

it does.

Idk if that would fit into those rails

It’s got this.

I'm not too familiar with server hardware but it think that would help in a way

thanks.

i appreciate ya.

if anyone else has any input, i would apprecaite it.

@clear igloo lol oops

network ups tools (can't say acronym) shutdown works on everything but esxi

oof

So waiting for everything else to boot up

This cisco switch takes ages to boot lol @clear igloo

My servers boot faster than it

Hmmm, 2960?

Yeah lol

Shouldn't take long unless it's booting a different image compared to last time

Hmm lol

I'm setting up a linux vm for mikrotik netinstall because I am sick of troubleshooting the windows version

and what do you know, it worked right away

at least on linux when you encounter a problem

its usually an easy fix

Hi, DxDiag says that my pc is Miracast ready but in the setting it's written "This device does not support Miracast reception" in yellow and I can't change any settings below

Btw, this is on my main pc which will be my primary monitor

are there any cheap 10G ethernet switches that are unmanaged and fanless?

same for NIC's

fiber or copper? budget?

if possible RJ45

as for budget, let's say anything below 200

There's that mikrotik 10g switch

cheapest 10g copper NICs I know of are around 100, each

But sfp + only

this because i want to run it through my existing wiring, which is CAT5e, but it's not long at all

maybe like 20 meters at best

https://mikrotik.com/product/crs305_1g_4s_in

You would need sfp+ copper modules too

nothing for RJ45?

yes there is a mikrotik 10G copper switch

https://www.fs.com/products/66613.html

The copper transceivers are expensive

Problem with SFP+ to RJ45

make sure the switch can power all of them

And run hot

Yep

Because they consume a lot more power

yeah i know that SFP+ modules are expensive, with cheap cards

Fiber ones are cheaper

Fiber cable also isn't that expensive

but i don't have fiber, plus isn't that expensive in and of itself?

wait really?

eh i don't wanna run fiber though

what about 10G fiber transceivers?

14 bucks for 30m https://www.fs.com/products/40206.html?attribute=193&id=99046

oh huh

and the transceibers?

https://www.fs.com/products/11552.html

20 bucks

You can also get things used

Wait

That's multimode

issue is that i want to connect 2 NAS's to it, one is a cheap Zyxel NAS and the other is a custon NAS

i can easily upgrade the custom one with a PCIe card

but the Zyxel NAS would have to do it with gigabit, which is fine by me, i barely use the thing anyways

but i want it at least connected to the same SAN

what about 2.5/5 then?

That's much more expensive because it's pretty new tech still

dang

10G is the way to go

@late geyser a short distance 10G fiber optic link costs maybe total of 60-70 bucks

if its within the same rack, you can also just get a 10G direct attach cable (SFP+)

those cost like $20

but limited to 3 meters

rack?

who said anything about a rack?

in a general sense

fair

why not just go short length fiber at that point?

a single direct attach cable costs far less :P

fair enough

you dont need a transceiver or fiber patch cable

but what if you wanted to go for 40 gig later down the road?

I have my server and switch connected with fibers though

40G is a different transceiver, fiber optic (if you use singlemode) is the same

then you'd have to replace the cables and such instead of just the transceiver

@clear igloo let me know a few minutes ago by email that there is an.outdoor AP just above the fire escape door on that side of the building. We should see if that is adequate before adding one. 😩 whyyyyy noooo I don't want to use that shitty AP

@late geyser if you use single mode fiber optics, you can get transceivers from 1G all the way up to 200G

with single mode, fiber itself has no impact on speed

wait 200G exists now without link aggregation?

i thought it was limited to 100

QSFP-DD

so an entirely new connector

again

but same cable pretty sure

same fiber yeah

differnet connector though?

though wait

these are MMF

but 40G, singlemode LC would work?

actually

QSFP-DD does 400g on sm too and QSFP-28 works in QSFP-DD cages

@tame carbon you lied to me

https://www.fs.com/de-en/products/105875.html

AAAaaaaaa this person is suggesting to use the existing shit AP

this

I don't want to use the existing AP, its so shit

is 400 the max?

@rocky badge just tell em it barely works

on a single strand of fiber, no

its only 2.4Ghz, 10/100 Ethernet, and doesn't even work in the configuration

there's Muxing

sm fiber is "unlimited" in theory

or intentionally hamper it

I don't need to

@late geyser you can use a multiplexer

its a shitty tp link eap110 outdoor

then just tell them "it doesn't suffice, we have to replace it"

its already hampered

just like after one day

keep complaining all day that it has to be replaced

I'm just thinking about reliability and intercompatibility with the parts.

I responded with that

Then they responded with Yep. If we need to add, we should.

Thank god 😩

i would have just replied with "the connection barely reaches and cuts off every once in a while"

The AP they already have isn't even that good

just jam a screwdriver through the top of it

🤣

finally make use of that flathead screwdriver

Caution: not a prybar

I had to install a gigabit switch there today so

Everything was connected to a 10/100 switch

jeesh

talk about leaving performance on the table

😂 https://blob.rocks/JbELF8nCir.png

I still have a couple of those

10m token ring 😄

their shitty 10/100 switch https://blob.rocks/XWJRHWEZX7.png

I have a pile of 48 port 100M switches

Then the gigabit connection going to their router & another switch

I'm also planning on replacing their router too

about that https://blob.rocks/HFGf55kN8F.png

Yeah......

damn

10/100 bottlenecks some shit really badly lol

yeah

We need network connections outside for NDI....

So we're going with this https://blob.rocks/d7pNlVv832.png lol

Mesh pro for WiFi clients, Lite meshing off of the Mesh pro and bridging Ethernet

tested it at home with my stuff

@rocky badge only use I can see for a 100M switch is when you want to do bandwidth throttling without a queue xD

I don't even want to do that

¯_(ツ)_/¯

or connecting a bunch of smart home devices, those don't need gigabit

10/100 switches = usually older

yeah but ethernet is ethernet

at my internship i have to work with a 10/100 cisco switch and 3com switch

Plus gigabit switches are cheap so not really any benefit

3com, that's a throwback, next you'll tell me there are some nortel switches too 😛

Lmao

those 48 ports are actually 3coms

just learning stuff dw

pretty sure they use at least gigabit

they have SFP uplink

haha I know, don't need fancy 400Gbit switches to learn on 🙂

hp procurve next /s

not sure what you're talking about because i do

You said you're just learning stuff, I was saying 10/100 switches are fine for learning

certainly not

I saw some procurves at school...

They're gone now

i need AT LEAST 100G to learn

@clear igloo how do I tell this person the APs don't work with each other

"The AP's are not compatible, now stfu and buy the good stuff"

Aka the APs I'm planning on buying won't connect wirelessly to their existing AP

lmao

Unless they wanna buy ptmp stuff

@rocky badge Just sell them an asus RGB router 😛

goddamnit https://blob.rocks/GShn3n3QU8.png

Yeah the way I've been thinking is cheaper

and can be used as normal WiFi

@clear igloo Is that outdoor AP a TP Link EAP 110 access point? The Ubiquiti UniFi one's wont wirelessly connect to that one. Plus, the EAP 110 is only 2.4GHz which won't be high throughput, which we need for NDI. Ok I'm just telling them lmao

setting up a new modem in a house with wiring from 2005 is fun

@rocky badge square foot of house is what

?

500? 1000? 5000?

10000?

For what

your house

why

why not

lol

its like 1.7ksqft iirc

and you need an outdoor AP? wat

indoor should reach

this isn't for home

oh, that field....

imagine using your feet to count distance

and my feet are not square

imagine not counting hamburgers per footballfield

@thick minnow lol remember avondklokrellen?

yeah

https://www.ctvnews.ca/health/coronavirus/germany-police-clash-with-protesters-against-virus-measures-1.5355411

Germans now having their rounds too

with conspiracy wackos

oof

does german police use force or are they soft like our police

you think a water cannon, pepperspray and batons is going soft?

I mean I have family in germany and they are tired of all the measures

@peak cloak they oughta quit whining :P

apparently they need a specific type of mask?

we dont have a choice dont we

@peak cloak which they can get for free.

theres a deadly virus

we need to be carefull

it's not that deadly tbh but let's not get political

@peak cloak lol imagine being in trenches in ww1

xD

will a good friend of ours died

bcs covid19

things could be so much worse

I'm glad I we have the internet

he was perfectly healthy

I had covid, wasn't bad at all. I had worse

different for everyone

I've been self isolated for a year or so now

I only see 2 other people

who also keep away from rest of society

local farmer's market is usually almost no person

so very safe

i cant

i need to go to school

everyday lol

nobody keeps distanc

e

no one really cares here

as long as you have a mask on

can someone stop me from throwing my NAS out the window

*ima KILL IT!

I baught a Thecus N4100 from facebook, im trying to factory reset it due to forgetting my admin password

Ive had the system working before so i know its not physically broken

ive read the instructions on the website (the manual)

and a few threads of forums telling me different procedures

WTF do i do? its still locked up

The ip is locked with the ip of 192.168.43.52 and its suppose to be 1.100?

how are you trying to do that? DHCP?

locally atmo

ethernet to pc

ah

ah? i dont like "ah's" 😫

is this a settings or 1 diget problem

are you trying to set a static IP?

oh I see know

default IP is 192.168.1.100

current im not connected to a network. my pc has an IP of 192.168.1.10? the nas has something completly different and i cant factory reset it to its default

currently*

seems like it didn't factory reset?

thats what im thinking?

is there anyway of doing like a cmos clear or somethign?

subnet mask of 255.255.255.0?

or /24 in CIDR format

.0

its windows default

i swear im missing something trivial here

can i ask a stupid question? do nas's have a maximum storage capacity that would stop it working?

you did the 30/30/30 thing?

no they shouldn't

unless it's some bad design

because i was looking at the Netgear RND4000

why I just run plain linux for a NAS

that has a max of 12tb

good point 😉

@clear igloo AT&T lost another customer in the area

are they that crap?

im guessing your in america of overseas! in the UK we have like 20 providers

@minor girder connect your computer directly to the NAS

set a static IP on the same subnet as the NAS was configured on

that's what he did

probably a /16

he's trying to factory reset it

can't he just change IP settings?

factory reset IP should be 192.168.1.100

he doesn't know the password

well even houdini himself couldnt help us then

@tame carbon mate my issue is that i cant change any settings without it being factory reset? im not sure if there is a jumper on the inside or soemthing i could jump

you recon if i open it up i could just bridging circuits?

i cant seem to find an internal scematic

has the manual been consulted yet?

yet

ive gone through that thing 100 times

ok xD

they are translated English from Japanese lol

must be good

NAS enclosures are tenically linux baced PC's

am i right?

sometimes bsd

hmm so they have a cmos or bios

most of those embedded systems use something like uboot

hmmmm

usually a serial port on the board

but thats only to load an operating system onto the board

not to change passwords

all i have is two ethernets and a power

yeah thats on the inside

ah

sometimes theres not even a connector

you have to solder some wires onto the board xD

im stuck lol 🤣

this nas even has a ddr2 ram slot hehe

raspberry pi would be faster

whoah mate going way to fast for me

the pi 4b+ has 4GB/s memory bandwidth.

that's more than you'll be pulling out of that DDR2 controller

what do you recon is the cheapest 4 drive enclosure

this ones going out the window

Guys, DD-WRT was giving me so much trouble last few updates I decided to go back to stock, this is a TP-Link Archer C7 V2, on stock firmware I can't seem to set the router IP to 192.168.10.10, it says I'm trying to put LAN in the same subnet range as WAN.

do you have two routers behind eachother?

are they on different networks?

PFSense to TP-Link

yeah you probably will want to not use the WAN port on the tplink

and disable WAN entirely

dhcp should be controlled by main router am i wrong?

I'd assume so yeah

I have DHCP on PFSense and disabled it on the TP-Link

@south blade yeah dont plug anything into the wan port on the tplink

your using one as a switch me thinks

set its network configuration on WAN to static and leave it unconfigured.

cant dhcp be set to auto?

DHCP is for the entire layer 2 network

ah i thought that was the WiFi equivalent as an address book

or contact list

@minor girder when a client connects to an ethernet network, by default it will send a UDP packet to 255.255.255.255

the dhcp server on the local network will then respond

iit doesnt use a range ?

the client then asks for an IP, and the server allocates one

the server can be configured to do whatever you want

ahhh so *counter clerk: can i see your ticket

*customer, here

you can for exmaple do mac binding

where the dhcp server assigns a lease to a specific mac

ok let me hackintosh lol

I use that heavily here

anyway crystal you were asking about nv2 and nstreme, there is not much point to them anymore

@tender hazel I looked up how to do the ptp stuff

*grabs popcorn

and there's like, various modes and protocols

*and poppron

there's really no reason to use anything but regular 802.11

even for ptmp?

if you have fixed ptmp with mikrotik CPE devices then there is a point to NV2

but it won't work with non mikrotik CPE devices (phones, laptops, etc)

that's the point

its between two mikrotik devices

and according to the doc

you get superior latency on those protocols

I was looking at NStreme specifically

Yeah, I think I had it set up as a switch basically when I had DD-WRT installed

Not sure how to do it on stock cause I had WAN set as a LAN I think before on DD-WRT, so I just disabled it's configuration type option, so no Static, Dynamic, or any of that. I just reset it cause I locked myself out somehow.

wot

I made winbox crash

that's a first.

Dynamic is.you best option

I had it set to 192.168.10.10 before, and IPs started at 192.168.10.100 from PFSense DHCP

you might get a bit more out of nstreme, but be sure to test all three

Ugh I hate this network wtf

and it's not only latency you'll want to look at, but the throughput

@south blade honestly the amount of times one number has fkd me over lol

This guy setup clients with static IPs on the CLIENT side

best is DHCP reservation

And apparently the stupid DHCP server isn't pinging IPs before giving the lease

So this stupid client stole an IP from the ricoh

lol

@south blade what's your ip range?

I might be wrong on this assumption

Could it out of the range of ip addresses of the main router

If that's the one doing the dhcp

If it is out of the dhcp pool that's not an issue

I dunno if that could be a contributing factor

Ah ok

it's only an issue if out of the subnet

Ok so his 255.255 us wrong

Its always good practice to try a different ethernet port or cable ;)

I would think the TP-Link firmware would get address by DHCP

DHCP reservation would be the best thing then

I had PFSense doing the DHC handing, trying to figure out how to get it to do it again.

I mean if you have a good link then I doubt it would be the cable

are we using two differnt setup menus here?

I don't know how to do it pfsense, but I know for sure there is no map static ip option like in EdgeMax

I think you need to copy and paste the MAC or something like that

@tame carbon they are basically discontinuing NV2 and nstreme

@tender hazel could you just hide the network by not transmitting the ssid?

I've seen threads like this before: https://forum.mikrotik.com/viewtopic.php?t=118129

shoot, I thought it'd be easy 5 mins to switch from DD-WRT to stock but run the same, LOL. I think I'm going to have to wait till late at night so no one will complain about me messing something up. Locked myself out disabling DHCP, setting the router to 192.168.10.10, even though I set gateway to PFSense 192.168.10.1

@tender hazel so less fault tolerant

the issue is that they never really improved nv2 for ac

same with nstreme

they are the same nv2 and nstreme they had before with wireless n on 2.4ghz

@tender hazel but can you really reach those rated distances from the brochure, with a 90 degree antenna, 1km ?

so when you use them you aren't taking advantage of some of the improvements between wireless n and ac

Its just new to me that 802.11 is used on such long distances

yes you can

you can go longer, even

how do you configure this?

do you do this in CAPs or on the devices themselves?

but the problem is you need a fixed cpe device on the other end to get that distance

it won't work with phones and laptops because their antenna is too weak

I know

@tender hazel I'm still working out a solution to that setup I might have to do next month

and we basically just want to buy a pile of those dual band mANTBoxes

@tender hazel those things have two chains, can you use them independently?

like, use only a single one of the 5GHz chains for the ptp

no

:(

@tender hazel what about using a 2nd ssid

the problem is the interfaces show up based on the wireless chips that are in the unit, each chip = 1 interface

you can use both AP mode and ptp

what I would do is just take the 5ghz device out of capsman on those devices that you need to link

yeah but the place where that antenna most likely will be located

is also a dense area

use the 5ghz as a backhaul for those ones only, the rest you can use 5ghz as another capsman device

oh ok

so I have to have both 2.4 and 5GHz

then you may need a separate PTP link for that

could I just get a pair of those SXT's ?

yes

put them on a diff channel

yup

its like 150 meter at the most

60ghz would be better

what happens if there's leaves inbetween ? like trees

@tender hazel yeah but I dont want to get permit

do you really have to get licenses for 60ghz in germany?

that takes months.

yes.

paper pushers

@tender hazel ISPs reserve the right to use these

mere mortals cannot

@tender hazel but is 5GHz not fine in this situation?

it is but 60ghz is nice because no interference

what hardware would you recommend for such a link?

@tender hazel the thing is, would be nice xD

because the area that its going to

that is where all the youth gathers in the evening

and hangs out when parents are doing drinking and stuff

is there a document online somewhere that explains these 60ghz rules in germany? I can't seem to find anything about that

@tender hazel https://www.bundesnetzagentur.de/DE/Sachgebiete/Telekommunikation/Unternehmen_Institutionen/Frequenzen/Firmennetze/Richtfunk/richtfunk-node.html

you need to file this paperwork

oh

link got yeeted by the bot

There's links to pdf forms

you need to fill out

and 60GHz is not listed

I think 60ghz is not listed because it is unlicensed

wait hold on

https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Sachgebiete/Telekommunikation/Unternehmen_Institutionen/Frequenzen/Allgemeinzuteilungen/2014_45_Richtfunk_57-58GHz_pdf.pdf;jsessionid=6C68B28161A60AD0DBBB3DDAEA51C926?__blob=publicationFile&v=5

@tender hazel check this ^

This is open to the public

57,1 – 57,8
58,6 – 58,9

GHz

and the law is only until 2023

so might be amended

point to multipoint you have to get a permit for anyhow

https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Sachgebiete/Telekommunikation/Unternehmen_Institutionen/Frequenzen/Allgemeinzuteilungen/vfg76_Richtfunk_59-63GHz_pdf.pdf?__blob=publicationFile&v=7

I don't know what that says

but that is obviously explaining the regulations around the 60ghz frequency

wow.

that website has Really old legislation

wtf germany

that was a 2013 law

and the one you just linked is 2020

@tender hazel holy fuk

316W ?!

are you able to use it unlicensed? what does it say regarding that?

and yes 60ghz needs to be really high power because in that particular band, atmospheric attenuation is quite high

the signal is extremely directional so that aiming is important, and power needs to be very high to cut through the atmospheric attenuation

but it means that you could have two separate 60ghz links running on the same frequency with the radios close by each other and not have to worry about interference

and what about people interference?

That stuff (the high freq transmitters) makes me physically sick

people interference?

yes

this will be beaming over people heads by like 3 meters

as I said it is extremely directional, and the way 60ghz works, even a piece of paper or cloth would be enough to block it completely

@tender hazel lot of energy coming out

still

I don't think its a good idea

yes, but it uses beamforming

its only 150m

the two dishes basically have hundreds of little antenna cells

I can just use 5GHz.

I'll hook up two sectors

yes, but with 60ghz you can get 1Gbps throughput for the same price

and use one of them for the ptp

or

I hook up one of those SXT's

@tender hazel 500mbit's is enough

you aren't going to get 500Mbps with 5ghz

you will maybe get 50Mbps

or 100

with ac 80Mhz ?

I thought you said these things could do long distance :P

does the speed drop off that quickly

well you can get a bit more, but you aren't going to get 500Mbps

you can maybe get around 200 or 250Mbps

Im trying to use the calculator

you don't have to be afraid of 60ghz though, it is not dangerous to people

it is much better to use that for links that you can use that for b/c then you free up 5ghz spectrum for what you need it for

for instance with terragraph

terragraph is deploying 60ghz mesh on lampposts, like this: https://terragraph.com/

it is not high above people

@tender hazel https://mikrotik.com/product/RBSXTG-5HPnD-SAr2

can't I just test it out then?

i mean these things aren't that expensive

only supports wifi 4...

https://mikrotik.com/product/RBSXTG-5HPacD-SAr2

this one

yes you can test it out, but the 60ghz is so cheap, it is better

for this application

you are getting a worse product for no reason

well

the mikrotik 60ghz only draws 9 watts power

which antenna do I buy??

@tender hazel does it need line of sight?

so I can't see if the radio is only drawing 9 watts how it would generate 316W signal

yes

this is the most inexpensive one

https://mikrotik.com/product/cube_60g_ac

you can buy a pair of them

https://mikrotik.com/product/wireless_wire_cube

so which direction does it fire?

ooh

sick.

@tender hazel and it does regular 5GHz too?

they don't show the antenna patterns but it is highly directional

yes it does both

in one radio

oh, so switchable?

if there is some kind of physical blockage it fails over to 5ghz

or can you use both?

what can happen with 60ghz is in situations like torrential rain, if the link is longer, the rain can take the link down

do these run RouterOS?

the 5ghz is there is a backup in case there is rain

yes

or we once had a wireless link go down because someone put a billboard up in between the two radios

should I make sure I reserve the right frequency for the backup?

yes

the backup won't need a lot of bandwidth though because it is really just to ensure that at least something keeps operating

ye

"oh ye signal is slow"

"antenna is blocked"

is better than: wifi not working at all

yes

and yes they run routeros, and when you buy them in a pair, they are already preconfigured in a PTP link out of the box

https://mikrotik.com/product/wireless_wire_cube

can you have multiple?

yes

there are 5 different frequency options in the 60ghz band

do they automatically aquire this?

you choose the frequency, I think they picked some frequency as a default in the out of the box config

ok

@tender hazel you know..

we could put these on the roof

the lower 60ghz frequencies suffer the most from atmospheric attenuation, as you go a bit higher they will go longer distances

and this would skip 2x 80meters of cable

yup

you can

then between the poles where there's lots of forested areas

we can just dig cables

power is everywhere

so that's no issue

@tender hazel I might get one of those outdoor base boxes

and these can cover 80 meters no problem

err fiber boxes or whatever they are called

and run 3 long ethernet cables down the length of the camping

each cable goes to 1 pole with two sectors

you can do 60ghz over hundreds of meters

@tender hazel this is across a lake thats 30 meters wide

from an elevated position

there's clear sight

lakes can do weird things with wireless signals, just FYI

@tender hazel this is what the current ISP has hanging

you can try it

30 meters is not very long anyway

probably running over that short of a distance of lake will be fine

I can't tell what radios those are

I think they are metal 52's

@tender hazel its basically one entire ptp network

town -> hill -> this pole in picture -> house -> router -> more poles -> public wifi

this gear will be gone soon

ok

but they probably won't remove the pole

so you could stick equipment on that pole if it is helpful

yeah is embedded in concrete

yeah and there's power

this is on our property

so yes, the wireless wire cube is probably a great solution for that

only problem

this is probablyt where I'd put the sector antenna

this is close the pool area

so I might put two of those cubes on that pole

one from the house

yeah it should be fine, they aren't very big

and the other to the field area 80m away

I'd put a sector antenna ontop for local coverage

and then I need some kind of weatherproof device

to get more ethernet ports

I can't just daisy chain them all

xD

the mANT has SFP and ethernet

I assume I can use both

yes you should be able to use both at the same time

the only time you can't use both is when they are "combo" ports

but I think only the CCR routers have such "combo" ports

with SFP+ and 10GbE ?

@tender hazel that makes most of this quite easy

because there's a pavement inbetween the lake and the house

and I didnt want ot have to go underneath

that would be a whole week ordeal

so overtop is great

and once we are in the forested area, we can just lay a rugged cable

yup

we got an excavator

so that's nice

and you can really get 1Gbps full duplex out of those

at those distances

so I would have three of them basically

so you aren't really losing any speed vs a cable, except in crazy weather conditions that would only happen a couple times a year at most

3 pairs

lol crazy weather conditions?

@tender hazel you havent seen bad weather there

couple years ago

they had a 1 meter floodwave of mud and water

a caravan ended up in the lake

along with a couple tonns of silt

and thousands of dead fish xD

the smell

wow

like, suddenly, the sky burst open and in a matter of minutes, dumped enourmous quantities of water

and the nearby stream of water that is usually calm

turned into a river

its a valley

so its hit or miss

we have heavy torrential rain suddenly in our area

if the cloud goes into the valley it compresses

but it usually only lasts 10-20 minutes

a few times a year

yeah here during summer

every evening

20-30 mins insane

and then calm

wow

so then in that case yes, the 5ghz backup will be helpful for you

cool

so we solved another problem then, and made this much easier for you 🙂

Yeah definitely

Only thing now, on one end, I might need to have a sort of outdoor switch

This is for the other direction

https://mikrotik.com/product/netpower_16p

That's a bit overkill

16 ports is probably a bit overkill yes

Is there something smaller?

I saw that fiberbox

https://mikrotik.com/product/RB960PGS-PB

Perfect

Yeah that's basically it

I need 3 cables to run to poles

And that 60ghz cube

With that box

the powerbox pro gives 24V output so you power the radios with that instead of injectors

the powerbox pro is better than the regular powerbox because it has a faster CPU so you can do software bridging if you need to - you wouldn't want to have to do software bridging with the regular powerbox

so I would spend the extra money on the powerbox pro vs. the powerbox, even though they are otherwise similar

Oh yeah more flexibility is nice

the powerbox pro has an SFP port too, and the powerbox does not

Cool, 3x ptp two power boxes and a 8 or so sector antennas, id say less than 2500 in total

Not bad all things considered

I was just gonna use an RB4011 as controller

it will be a fair bit of work configuring everything, but it should be really nice once it is done

you'll have wireless that will be the envy of other campsites

xD

Currently guests complain in online reviews that the wifi is a ripoff

But we dont sell those vouchers, we're at the mercy of the isp

a ripoff? do they have to pay for it? oh goodness

Yes

Even the private net isnt flatrate

Its crazy

But its either that, or go bust

how were you going to handle it with the new system - just give free?

But now we got another isp wo wants to run fiber

Not sure yet, probably yes

Or limited speed