How to catch broadcast flooding on MikroTik devices

It took somehow in one network to determine where the jumps of broadcast traffic are coming from, because of which the CPU usage was increasing on devices and there were interruptions with the Internet.
The network equipment was used from MikroTik.

Having connected to MikroTik with the following command, let’s look at the traffic statistics on ports, namely the broadcast traffic “Rx Broadcast” coming to the port, since this is the packet counter, then the figure should grow if the flood comes, if it does not change, then all is well:

interface ethernet print stats interval=1

Here is an example of viewing the statistics of a specific port (where ether2 is the name of the interface, it may be different depending on how it was called in the configuration):

interface ethernet print stats from ether2 interval=1

See the list of ports/interfaces with the command:

interface print

In this way, by the chain we will reach the final port from which there is a broadcast flood and, if necessary, turn it off by the command (where NUMBER is the number of the port in order in the table which can be viewed by the command above):

interface disable NUMBER

To enable the port:

interface enable NUMBER

Via WEB or Winbox, you can see the statistics by opening the Interfaces menu on the left and in the Interface tab, let’s look at each interface.

Example of resetting port statistics:

interface ethernet reset-counters ether2
interface ethernet reset-counters ether2,ether3,ether4,ether5

On CRS models MikroTik, you can enable broadcast traffic control, for example, 100 packets per second on an ether3 port (similarly for other ports):

interface ethernet switch ingress-port-policer add port=ether3 rate=100 meter-unit=packet packet-types=broadcast

In the future, you can watch the network for example through the system Zabbix, in which you can configure the display of broadcast packet schedules and if the packet counter starts to grow, the system will notify you.

Speed limit on MikroTik through Queues

It was necessary somehow on the sector antenna to limit traffic for fans to shake torrents. Point set up and described in this article – MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector. In my case, the speed adjusts the billing, but I wanted to limit the test for the means of MikroTik.

Continue reading “Speed limit on MikroTik through Queues”

Configuring MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector

Recently tuned MikroTik RB912UAG-2HPnD (BaseBox 2).
The sticker says that without the antenna connected it can not be turned on :), it will be used with Ubiquiti Sector AM-2G15, I connected this sector to two contacts.

The standard IP device is 192.168.88.1, the login admin is without a password, DHCP is disabled as standard, so you need to manually register IP on the computer, for example 192.168.88.2 with a subnet mask of 255.255.255.0.

First of all we will change the password in “System” – “Users”.

Set up Wi-Fi settings in “Wireless” – “Interfaces”:
Wireless Protocol: 802.11 so that you can connect to any device

In “Wireless” – “Security Profiles”, configure:
SSID (the name of the wireless network)
Mode: dynamic keys
type of encryption WPA2 PSK AES
WPA2 Pre-Shared Key (wireless password)

Now change the device IP address, in IP – Addresses, the network where it will stand. For example, instead of 192.168.88.1 on 172.16.200.11, after that on the computer, we will manually change the IP registered on the IP from this network, for example 172.16.200.12 so that you can continue to configure.
“IP” – “Routes” add a gateway, for example Dst. Address: 0.0.0.0/0, Gateway: 172.16.200.1.

On this basic setup is completed, the device will work as an access point to the bridge, that is, it will not be issued by the IP, but by the device before it or by billing.

Restoring MikroTik (RouterOS) using NetInstall

NetInstall is used to reinstall RouterOS when it is damaged, the access password is incorrectly set or the access password is not known.

I will describe the basic steps:

1) Download NetInstall from the official site
https://www.mikrotik.com/download

2) Register a static IP address to the computer, for example 192.168.88.254

3) Connect the Ethernet cable to the router through the ETH1 port with the computer using the switch or directly.

4) Run the NetInstall application. Click the “Net booting” button, check “Boot Server” enabled and enter the IP address from the same subnet where the computer is located, for example 192.168.88.200, its NetInstall will temporarily assign it to the router. Any firewall on the computer must be disabled.

5) When the router is disconnected from the mains, press the “reset” button and continue to turn it on, wait for about half a minute until the NetInstall program displays a new device in the device list.

6) In “Packages”, click the “Browse” button and specify the directory with the firmware. In the list of devices (Routers/Drives) select a router, in the bottom of the list, tick the firmware to be downloaded to the router and click “Install”. The firmware is downloaded to the router and the status will be written “Waiting for reboot”, after which, instead of the install button, there will be a reboot button, and you will need to click it.

The router will boot with the new firmware. If there are any problems with the loading of the router, you can try to reset it to the standard settings by holding the reset button, or if there is a display, select “Restore settings” and enter the standard pin code 1234. Alternatively, restore via Netinstall with the tick “Keep Old Configuration” and indicating below your “Configure script”.

Firmware update of MikroTik devices

Updating the MikroTik firmware is easy enough, just open the web-interface of the device or WinBox, select “System” – “Packages” from the menu and click “Check For Updates”, if a new firmware is found, then click “Download & Upgrade”. The device will download the firmware from the official website and starts from it.

To flash MikroTik devices not to the newest version, or when the device does not have access to the Internet, I propose the following:

1) Download the firmware from the official website
https://www.mikrotik.com/download

2) Connect via WinBox (not through the web interface!), Select “Files” in the menu, a window will appear, just drag the firmware file with the *.npk extension and wait for the file to upload.

3) Reload the router. It will have to start with a new firmware.

Done.

To downgrade the firmware version, you need to perform steps 1 and 2, then connect to the device via telnet and run the command:

/system package downgrade

In case of problems, you can restore the router by following the instructions
Restoring MikroTik (RouterOS) using NetInstall

Setting up and using Traffic Flow in Mikrotik

Enable Traffic Flow on the Mikrotik router:

ip traffic-flow set enabled=yes cache-entries=4k set active-flow-timeout=30m inactive-flow-timeout=15s interfaces=all

View settings:

ip traffic-flow print

Specify the IP address and port of the computer that will receive the Traffic-Flow packets:

ip traffic-flow target add address=192.168.88.240:1234 disabled=no version=9 v9-template-refresh=20 v9-template-timeout=30m

or

ip traffic-flow target add address=192.168.88.240:1234 disabled=no version=5

View settings:

ip traffic-flow target print

To configure through the GUI, the settings can be found in the menu IP -> Traffic Flow.

For monitoring under Windows, you can install the program ManageEngine NetFlow Analyzer, which will work as a server, receive packets from the specified port and generate graphs and statistics via a web server that can be opened by the browser.

For monitoring under Linux, you can install and configure for example flow-tools.

Configuring an FTP server on MikroTik Router OS

Usually an FTP server on MikroTik Router OS is enabled and uses ports 20 and 21 for communication.
Connection type without encryption, login and password are same as for access to mikrotik.

You can connect by typing the ip address of the router in the browser’s address bar:
ftp://192.168.88.1

Via the graphical interface, the FTP service is turned off and turned on in the “IP” – “Service”

Through the command line:

ip service disable service_number
ip service enable service_number

View a list of services:

ip service print

To view the information about the files, you can run the following command:

file print detail
disk print detail

Configuring graphs in Mikrotik

The graphs are an excellent tool for monitoring the device’s processor load, disk and RAM, voltage and temperature, and the amount of traffic transmitted through network interfaces.
Via Winbox or the web-based interface, the settings can be found in the “Tools” -> “Graphing” menu.

I will describe the following commands in order:

Frequency of recording of collected data (standard 5 minutes):

tool graphing set store-every 24hours|5min|hour

The refresh rate of the chart page (standard 300):

tool graphing set page-refresh integer|never

Graphing interface
The IP range from which graphs are allowed to be viewed (standard 0.0.0.0/0):

tool graphing interface allow-address ADDRESS

Description of the current record:

tool graphing interface comment TEXT

Determines whether the element is used:

tool graphing interface disabled yes|no

Determines which interface will be monitored (standard all):

tool graphing interface interface all|interface

Specifies whether to store collected information on the system disk (standard yes):

tool graphing interface store-on-disk yes|no

Graphing queue
The IP range from which graphs are allowed to be viewed (standard 0.0.0.0/0):

tool graphing queue allow-address ADDRESS

Whether to allow access to schedules from queue’s target-address (standard yes):

tool graphing queue allow-target yes|no

Description of the current record:

tool graphing queue comment TEXT

Determines whether the element is used:

tool graphing queue disabled yes|no

Which queues will be monitored (everything is standard):

tool graphing queue simple-queue all|NAME

Specifies whether to store collected information on the system disk (standard yes):

tool graphing queue store-on-disk yes|no

Graphing resource
The IP range from which graphs are allowed to be viewed (standard 0.0.0.0/0):

tool graphing resource allow-address ADDRESS

Description of the current record:

tool graphing resource comment TEXT

Determines whether the element is used:

tool graphing resource disabled yes|no

Specifies whether to store collected information on the system disk (standard yes):

tool graphing resource store-on-disk yes|no

You can see the graphs in the address bar of the browser http://ADDRESS/graphs/
If you reboot the router, the graphics will remain, if you update firmware, they will be deleted.

The solution of the error “Kernel failure” and “Out of memory” in Mikrotik

There was a problem, often began to reboot itself MikroTik CAS125-24G-1S-RM.
The firmware at that time was the last one – WebFig v6.9
The following information was displayed in the logs:

System rebooted because of kernel failure
Out of memory condition was detected
router was rebooted without proper shutdown

Having looked in “system” -> “resources” it was evident that the free memory of the device is constantly decreasing.
Then I began to recall what was involved and configured on the device.
Bumping into and looking “Cache Used” in “IP” -> “Web Proxy” it was evident that the size of the cache is constantly growing.
From here it was clear that when the device’s memory was running out and the kernel crashed.
Therefore, the solution to this problem was to restrict the proxy cache by specifying the maximum size in the “Max. Cache Size“.
Done.

Configuring Cloud in Mikrotik

Starting from the version of RouterOS v6.14, the Cloud function is added which allows using the Dynamic DNS name for a device that is automatically assigned and can be accessed by it even if the IP address is changed.

Example of switching through the console:

ip cloud set enabled=yes

Example of viewing parameters:

ip cloud print

Enable device time update with DDNS server time (if SNTP or NTP service is not configured):

ip cloud update-time yes/no

Immediate update of DDNS:

ip cloud force-update

View the DDNS name:

ip cloud dns-name

View the public IP address to which DDNS is bound:

ip cloud public-address

Binding DDNS to a local IP address instead of a public one, for example to 192.168.1.101, etc.)

ip cloud advanced use-local-address yes/no

View the current status of the Cloud (updated, updated, error, etc.):

ip cloud status

Through the graphical interface of the Cloud settings can be found in the menu “IP” – “Cloud”.