Mikrotik Routers (RouterBoard & RouterOS)

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group

views

1zx	Apr 11 2022, 09:31 AM Return to original view \| IPv6 \| Post #1
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(machai_world @ Mar 30 2022, 11:17 PM) looking forward its uptime stability RouterOS is very stable. I've been running it for 10 years (in a few months) and I've not once come across an issue due to RouterOS. I've encounter other issues but it was due to the hardware (faulty internal 3.3V supply, which I've fixed) and not due to the RouterOS. I can say it's on par or even more stable than IOS (not iOS). Btw, I run v6 Long Term code.
Card PM	Report Top Like Quote Reply

1zx	May 3 2022, 10:10 AM Return to original view \| IPv6 \| Post #2
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(go626201 @ Apr 24 2022, 11:08 PM) If not strongly needed for ipv6,better do not enable ipv6 on unifi now.(maybe next year or next 2 year better,now still not stable enough to use) I have to differ. I don't recall having much issues with IPv6 on UniFi previously (since 5Mbps days, then 10Mbps) No issues on TIME now too. All my supported end devices have global IPv6 addresses, been running this for many years. I usually use this to test IPv6 connectivity, unless there's any major issues, it's 10/10. https://test-ipv6.com/ On Tests Run tab, Test with IPv4 DNS record ok (1.032s) using ipv4 Test with IPv6 DNS record ok (0.820s) using ipv6 Test with Dual Stack DNS record ok (0.813s) using ipv6 Test for Dual Stack DNS and large packet ok (0.333s) using ipv6 Test IPv6 large packet ok (2.110s) using ipv6 Test if your ISP's DNS server uses IPv6 ok (1.390s) using ipv6 Find IPv4 Service Provider ok (1.091s) using ipv4 ASN 9930 Find IPv6 Service Provider ok (0.929s) using ipv6 ASN 9930 Other IPv6 test sites, https://ipv6-test.com/ <- I get 19/20 on this, because there's no reverse DNS record. https://ipv6test.google.com/ This post has been edited by 1zx: May 3 2022, 10:33 AM
Card PM	Report Top Like Quote Reply

1zx	May 3 2022, 10:36 AM Return to original view \| IPv6 \| Post #3
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(OlgaC4 @ May 2 2022, 08:37 PM) Disable anything you are not using can reduce the temperature up to 5degree on RB5009 I actually don't install packages that i don't use. Less potential exploit surface too. For those interested, i only run these. advanced-tools dhcp ipv6 ntp ppp routing security system This post has been edited by 1zx: May 3 2022, 10:37 AM
Card PM	Report Top Like Quote Reply

1zx	May 3 2022, 10:48 AM Return to original view \| IPv6 \| Post #4
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(aneip @ Apr 25 2022, 05:54 AM) My unifi dream machine 82 after reboot and reaching 85 after a while, still working fine without any external fan.. Dunno how correct this is.. But than can feel the heat when touching the router. Sell it already. Now waiting for RB5009. I believe the 45-55 should be fine. They even tested the router for 60 ambient.. For me under 70 is still ok.. 80 maybe need cooling. I personally don't really like UniFi running temperatures. All the products I've encountered seems to be running their codes without "HLT (x86) opcode" (i know it's not a x86 inside, not sure what's the equivalent opcode).
Card PM	Report Top Like Quote Reply

1zx	May 17 2022, 07:47 PM Return to original view \| IPv6 \| Post #5
New Member Newbie 20 posts Joined: Feb 2019	All, Anyone knows how to remove active users (that weren't properly disconnected)? From what I've been reading, it's not possible short of a reboot. Thanks in advance!
Card PM	Report Top Like Quote Reply

1zx	May 17 2022, 08:04 PM Return to original view \| IPv6 \| Post #6
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(machai_world @ May 4 2022, 05:06 PM) mind to share guideline to enable ipv6 address for both public and private? Hope i didn't miss anything, here's a copy from my config with some rules removed and added some comments. CODE /ipv6 dhcp-client add add-default-route=yes interface=Time pool-name="Time IPv6" request=prefix use-peer-dns=no <- Change interface to your PPPoE interface /ipv6 address add from-pool="Time IPv6" interface=bridge-local <- Change to your internal bridge interface name. Pool name from ipv6 dhcp-client /ipv6 nd set [ find default=yes ] advertise-dns=no mtu=1480 /ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 add address=::1/128 comment="defconf: lo" list=bad_ipv6 add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 add address=100::/64 comment="defconf: discard only " list=bad_ipv6 add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6 add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6 add address=::/104 comment="defconf: other" list=bad_ipv6 add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6 /ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log=yes log-prefix=ipv6-drop-invalid add action=accept chain=input comment="defconf: accept ICMPv6" icmp-options=!128:0-255 log-prefix=ipv6-icmp-allow protocol=icmpv6 add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related log=yes log-prefix=ipv6-input-allow add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10 add action=accept chain=input comment="defconf: accept IKE" disabled=yes dst-port=500,4500 protocol=udp add action=accept chain=input comment="defconf: accept ipsec AH" disabled=yes protocol=ipsec-ah add action=accept chain=input comment="defconf: accept ipsec ESP" disabled=yes protocol=ipsec-esp add action=accept chain=input comment="defconf: accept all that matches ipsec policy" disabled=yes ipsec-policy=in,ipsec add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN log=yes log-prefix=ipv6-input-drop add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6 add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6 log=yes log-prefix=ipv6-fwd-drop-baddst add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6 add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6 add action=accept chain=forward comment="defconf: accept HIP" protocol=139 add action=accept chain=forward comment="defconf: accept IKE" disabled=yes dst-port=500,4500 protocol=udp add action=accept chain=forward comment="defconf: accept ipsec AH" disabled=yes protocol=ipsec-ah add action=accept chain=forward comment="defconf: accept ipsec ESP" disabled=yes protocol=ipsec-esp add action=accept chain=forward comment="ccept all that matches ipsec policy" disabled=yes ipsec-policy=in,ipsec add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN log=yes log-prefix=ipv6-fwd-drop
Card PM	Report Top Like Quote Reply

1zx	May 29 2023, 08:56 PM Return to original view \| Post #7
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(go626201 @ May 23 2023, 11:12 PM) Just tried to redirect most cloudflare https usage to optimized speed and ping ips. (Should be cover 99.5% of cloudflare cdn accessible ips) Use for few hours, for the result - work very well. After adding NAT setting,better restart your device or router or browser,as the connection is still established with old ips. Hi go626201, May I ask why do you need to redirect your traffic to 104.16.166.129? What's on this IP? You don't really need to restart the device to clear the connections (ok, maybe you can restart your browser), you can just select and remove the firewall connections.
Card PM	Report Top Like Quote Reply

1zx	May 31 2023, 08:10 PM Return to original view \| Post #8
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(go626201 @ May 29 2023, 09:48 PM) I just use tools to get optimized cloudflare cdn ip and redirect to that ip. Yup,restart is not a must,but it is easily to just restart for fully clear connection. Edited: Due to TM crap routing,sometimes TM to some cloudflare ip will just reroute to HKG or other country that out of MY or SG,which will cause the performance degradation for browsing website that using Cloudflare CDN. So i just redirect all Cloudflare IP to the best ip that will get low ping and high speed. Edited 2: With redirect IP,I can just redirect Cloudflare usage to JHB/KUL/SGP CF node for better connection. Ok, understood what you're trying to do. I'm not so picky with most of my connections, so I'll just let the provider do it's job unless it's very slow. What ping latency are you getting with 104.16.166.129? I just did 20 pings, --- 104.16.166.129 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 48ms rtt min/avg/max/mdev = 1.855/2.310/2.845/0.217 ms Also just saw your SmokePing, nice! Great list of hosts to check. Care to direct me to where I could find a list of hosts like what you're doing?
Card PM	Report Top Like Quote Reply

1zx	Jun 1 2023, 01:17 AM Return to original view \| Post #9
New Member Newbie 20 posts Joined: Feb 2019	QUOTE(go626201 @ May 31 2023, 11:03 PM) I just get the list from a repository on Github. https://github.com/XIU2/CloudflareSpeedTest They had compile a list of most possible ips range that might use for CDN visit usage. Can you send a traceroute or pingplotter or mtr result here? The reason for doing this is because sometime the routing to those CF ip might route with 40-100ms,and sometimes with packet lost. Thanks for the list, I'll take a look. Traceroute? Mine? If you're asking for results to all the ranges in the list, I'll have to get back to you later. CODE traceroute to 104.16.166.129 (104.16.166.129), 30 hops max, 60 byte packets 1 10.1.1.1 (10.1.1.1) 0.726 ms 0.831 ms 0.859 ms 2 202.186.192.1 (202.186.192.1) 3.047 ms 2.918 ms 2.783 ms 3 * * * 4 * * * 5 223.28.52.58 (223.28.52.58) 4.239 ms 4.105 ms 4.091 ms 6 211.25.221.206 (211.25.221.206) 3.961 ms 3.276 ms 3.562 ms 7 104.16.166.129 (104.16.166.129) 2.703 ms 2.876 ms 3.219 ms This post has been edited by 1zx: Jun 1 2023, 01:18 AM
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

Add Reply Options

Change to:

0.0217sec

0.64

7 queries

GZIP Disabled
Time is now: 28th November 2025 - 11:38 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.