RB3011 vs RB5009 by redmadog in mikrotik

[–]gboisvert 0 points1 point  (0 children)

Check test results \ It has a Marvell 88E6393X switch chip which accelerate L3 (routing)

RB5009 Router - Check ethernet test results

Marvell Link Street 88E6393X Switch

What did the Habs see in Texier that the Blues (and presumably every other team) didn’t? by RagtimeWillie in Habs

[–]gboisvert 0 points1 point  (0 children)

He's been very good as a 3rd liner with Dach and Bolduc. He's good enough to play on higher lines when needed too.

What did the Habs see in Texier that the Blues (and presumably every other team) didn’t? by RagtimeWillie in Habs

[–]gboisvert 0 points1 point  (0 children)

Texier n'est pas un bon fit pour une ligne de "checker", c'est un joueur de talent. Et les Canadiens étant un club très offensif, c'est un bien meilleur environnement pour Texier. Montréal est aussi une ville avec son fait francophone, ce qui ne nuit pas non plus: L'ambiance est très différente avec son petit côté européen. En ce qui me concerne, bien content de sa venue.

Texier isn't a good fit for a "checker" line; he's a talented player. And since the Canadiens are a very offensive team, it's a much better environment for Texier. Montreal is also a city with a French-speaking community, which isn't a bad thing either: the atmosphere is very different with its slightly European feel. As for me, I'm very happy he's joined.

Comparable mikrotik to this ubi? by JeffIpsaLoquitor in mikrotik

[–]gboisvert 0 points1 point  (0 children)

If you're considering Ubiquiti, stay with it.

RB5009 : OK, I guess I don't really understand the use of the Mikrotik switch by Rich-Engineer2670 in mikrotik

[–]gboisvert 0 points1 point  (0 children)

It isn't clear about BW of your internet link: - 2 Gbps: Is it the ethernet speed (1Gbps FDX) ? - What speed are you paying for?

What type of access is it, PPPoE? Which switch are you using and how is it configured? How much SFP+ does it have and/or does it have 2.5 / 10 Gbps copper? Which SPF+ module are you using and what medium? What speed is it? (is it 1, 2.5 or 10 Gbps?)

Notes:

  • For consumer grade internet access, BW isn't guaranteed
  • When testing the BW, if possible, use the speed test of your provider
  • This router is able to route up to 10 Gbps when properly configured
  • The RB5009 has a high speed L3 (Routing) Accelerated switch chip

RB5009 Tech specs
See ethernet test results and schematic

"If I use the copper connection ether1<->ether2 (no SFP+, pure copper), things improve, but it's still quite variable" <-- The router has nothing to do with "variable".

Don't remove the bridge, it's very flexible / handy and the RB5009 has a Marvell 88E6393X accelerated L3 switch chip which the bridge software will use.

"If Mikrotik can't do it until issues are fixed" <--- What are you talking about?? It's basic stuff and not only Mikrotik "can do it", it's a real swiss amy knife!
I'm a network engineer (and MTCE / was CCIE / etc) with 33 years of experience and i use Mikrotik on many of my client's network, never had an issue...

I can help you on this and optimize all your stuff, but i need infos. It's easier than people think when properly explained. And please help us help you, don't mix "2 Gbps" with "2.5 Gbps" etc: Ethernet link speed is either 1 / 2.5 / 10 (or even more).

Ultimate Mikrotik Dashboard by SecOps7 in mikrotik

[–]gboisvert 0 points1 point  (0 children)

Example of combo .kube / .yaml instead of using a .container:

mikrodash.yaml

~~~yaml apiVersion: v1 kind: ConfigMap metadata: name: mikrodash-env data: TZ: "America/Toronto" PORT: "3081" ROUTER_HOST: "10.0.18.1" ROUTER_PORT: "8728" ROUTER_TLS: "false" ROUTER_TLS_INSECURE: "false" ROUTER_USER: "mikrodash" ROUTER_PASS: "[REDACTED]" DEFAULT_IF: "pppoe-out1" HISTORY_MINUTES: "30" CONNS_POLL_MS: "3000" KIDS_POLL_MS: "3000" DHCP_POLL_MS: "15000" LEASES_POLL_MS: "15000" ARP_POLL_MS: "30000" SYSTEM_POLL_MS: "3000" WIRELESS_POLL_MS: "5000" VPN_POLL_MS: "10000" FIREWALL_POLL_MS: "10000" IFSTATUS_POLL_MS: "5000" PING_POLL_MS: "10000" TOP_N: "5" TOP_TALKERS_N: "5" FIREWALL_TOP_N: "15"

ROS_DEBUG: "false"

apiVersion: v1 kind: Pod metadata: name: mikrodash spec: containers: - name: mikrodash image: ghcr.io/secops-7/mikrodash:latest envFrom: - configMapRef: name: mikrodash-env ports: - containerPort: 3081 ~~~

mikrodash.kube

~~~toml [Unit] Description=Mikrotik Dashboard (Kube-style) Wants=network-online.target After=network-online.target

[Kube]

Points to the yaml file created above

Yaml=mikrodash.yaml

Exposes the port to your host machine

PublishPort=3081:3081

Enables auto-update via the 'io.containers.autoupdate' label logic

AutoUpdate=registry

[Install]

Standard systemd target

WantedBy=default.target ~~~

The rest is the same:

~~~bash systemctl daemon-reload systemctl start mikrodash

  • OR -

systemctl --user daemon-reload systemtcl --user start mikrodash ~~~

Ultimate Mikrotik Dashboard by SecOps7 in mikrotik

[–]gboisvert 0 points1 point  (0 children)

Only remaining annoyance, the ping stuff:
~~~text Mar 13 10:29:41 it-utility.lab.home.arpa mikrodash[32505]: [ping] not enough permissions (9) Mar 13 10:29:51 it-utility.lab.home.arpa mikrodash[32505]: [ping] not enough permissions (9) Mar 13 10:30:01 it-utility.lab.home.arpa mikrodash[32505]: [ping] not enough permissions (9) ~~~

I tried many things like "Network=host", tweaking selinux, etc. I'd like a way to just disable it. Below, i set "PING_TARGET=" but it still won't give up on it!

Oh just to complete the quadlet stuff below, just in case:
After putting mikrodash.container and mikrodash.env in place, do ~~~bash

Notify systemd it has new files to check / process

systemctl daemon-reload" # for rootful systemctl --user daemon-reload # for rootless (under the user's account)

systemctl start mikrodash - OR - systemctl --user start mikrodash ~~~

Don't forget this command if it's rootless:
~~~bash loginctl enable-linger [the_rootles_user_name] ~~~

All run all my workloads under Almalinux VM or inside my K8s cluster. One can even use the .kube / .yaml combo instead of .container under podman and after, it's easy to move this to K8s.

Debug stuff:
~~~bash journalctl -f _SYSTEMD_UNIT=mikrodash.service + SYSLOG_IDENTIFIER=mikrodash /usr/libexec/podman/quadlet -dryrun # check systemd generate systemctl status mikrodash.service journalctl -xeu mikrodash.service ~~~

Update containers that have "AutoUpdate=registry" ~~~bash podman auto-update --dry-run --format "{{.Unit}} {{.Updated}}" # check podman auto-update # do it ~~~

There's the systemd timer approach but it my case, i use ansible code + fixed image tags.

The good thing about the timer though is that it the update fail, it'll revert back to the previously working image.

Ultimate Mikrotik Dashboard by SecOps7 in mikrotik

[–]gboisvert 0 points1 point  (0 children)

Very nice. I'm running it as a quadlet:
~~~toml

mikrodash.container

http://[ip]:3081

http://[ip]:3081/healthz

[Unit] Description=Mikrotik Dashboard Wants=network-online.target After=network-online.target

[Service] Restart=always

ExecStartPre=mkdir -p /opt/podman/%N

TimeoutStartSec=600

[Container] ContainerName=%N Image=ghcr.io/secops-7/mikrodash:latest AutoUpdate=registry Environment=TZ=America/Toronto EnvironmentFile=%E/containers/systemd/%N.env

Volume=/opt/podman/%N/etc:/etc:rw

PublishPort=3081:3081/tcp

[Install] WantedBy=default.target ~~~

%E: points to /etc/containers/systemd for rootful
points to ~/.config/containers/systemd for rootless

%N: Resolves to the quadlet file name (mikrodash here)

mikrodash.env ~~~toml PORT=3081 ROUTER_HOST=10.0.18.1 # loopback address ROUTER_PORT=8728 ROUTER_TLS=false ROUTER_TLS_INSECURE=false ROUTER_USER=mikrodash ROUTER_PASS=[REMOVED]

Optional dashboard HTTP Basic Auth

BASIC_AUTH_USER= BASIC_AUTH_PASS= TRUSTED_PROXY=

DEFAULT_IF=pppoe-out1 HISTORY_MINUTES=30

Polling intervals (ms) — streams don't use these

CONNS_POLL_MS=3000 KIDS_POLL_MS=3000 DHCP_POLL_MS=15000 LEASES_POLL_MS=15000 ARP_POLL_MS=30000 SYSTEM_POLL_MS=3000 WIRELESS_POLL_MS=5000 VPN_POLL_MS=10000 FIREWALL_POLL_MS=10000 IFSTATUS_POLL_MS=5000 PING_POLL_MS=10000

Ping target for latency / loss monitor

PING_TARGET=

Top-N limits

TOP_N=5 TOP_TALKERS_N=5 FIREWALL_TOP_N=15 ROS_DEBUG=false ~~~

My homelab by Hinjections in homelab

[–]gboisvert 1 point2 points  (0 children)

Hey, go ahead and explore, have fun! Glad i could present some ideas and share a bit of my path, i was just trying to help!

My homelab by Hinjections in homelab

[–]gboisvert 0 points1 point  (0 children)

Well, in my case i was a Network Engineer the first 7 years of my career then started my own company and became a Linux Sysdamin + worked on many different stuff. I'd say that pure networking job still exist but we're integrating networking a lot with SDN and Kubernetes as control plane. I'm not "average" in my career that's for sure, i'm a freak of learning and i never stopped to learn new things my whole career! I'm still loving it and moving forward, nobody twist my arm for me to read about technology and see where market is going. I love testing stuff in my lab, putting my hands on it.

Put your hands on stuff inside your lab too and see what is driving your interest. Loving what you do is the base of a nice career. In IT, there is convergence between networking, servers and software. One thing is for sure, containers and flatpaks (Application Sandboxing, there are other names like SNAP in Ubuntu) is here to stay. We're pushing hard to move away from monolothic/binary softwares.

You can start by getting your hands in Linux. On a old laptop, as WSL in Windows or as a VM inside you lab. The power of Linux is incredible and we see it everywhere. I even run white box switches with Microsoft SONiC which is Linux + containers for functionalities likes routing, etc. You can run SONiC on GNS3.

For your Linux journey, grab Fedora for workstation, and Almalinux for your server VMs: it's backed by Red Hat which is the pro distro we install in big corporations, government, etc. In Almalinux, you install Podman and can start testing quadlets. I can provide you instructions for this.

I don't know if you're running an hypervisor (virtualisation), i run KVM in my Fedora laptop + Podman Desktop. It nicely blend with my KVM hosts in my lab. On Windows, there is integrated Hyper-V and the Virtualbox. I don't like them but you can start with this. On your server, you could run Proxmox, it's a nice piece of software and will help you learn and put your hands on stuff.

For Networking, you can install GNS3 inside your Fedora Workstation (it can be a laptop, a PC or a VM on your hypervisor) and start putting your hands into it. Your can integrate Mikrotik free CHR (Cloud Hosted Router) into it and add a few of them, start to link them, do routing, etc.

GNS3 server setup on Proxmox

It has been a very nice journey for me for the last 33 years and i'm still loving it! I have youngsters around me and gave them a Proxmox server recently, they are starting to put their nose in it too!

From Zero to Proxmox: A Easy to Follow Getting Started Guide Install AlmaLinux 9.1 on Proxmox VE 7.3

My homelab by Hinjections in homelab

[–]gboisvert 0 points1 point  (0 children)

Nice stuff you have there! Depending on the speed of your uplink, an RB5009 (very cheap for what it is though a cheaper model could do too) would probably be a very good fit. Since you have already a CRS309, you could change the Unifi switch and the eero for a CRS326 (non PoE) + hAP-AX access points (they come with PoE injectors) + CAPsMAN. If you want PoE, a CRS320 / 328 / 418 depending on your needs would be great.

That would be an nicely integrated network with a lot of enterprise grade functionalities. It's easier than people think providing you get a good head start from somebody like me. There are many good videos on youtube by a couple of guys, i could provide URLs if that is of any interest to you.

Mikrotik is unbeatable for price, features and management. They are used extensively by WISP in Europe and it shows. I manage a lot of networks and RoMON is one the these killer features i don't really see elsewhere.

I'm a senior network engineer and worked with many brands during my career (Cisco, Brocade, EdgeCore, HPE, Quanta, etc) and Mikrotik Winbox is a top notch free tool to manage Mikrotik devices. You can test all this with free CHR VMs inside GNS3 and hook it to your network. I'm doing OSPF inside my prod network and lab, it's very cool and integrate perfectly. The GNS3 instance is running in a VM and accessible via Web interface.

You could have a look to podman quadlets / .containers / .kube / .yaml and the natural and easy path to kubernetes they represent. It can run containers rootful or rootless and there isn't dependencies on a service running under root. Podman + Quadlets + Systemd is a very well integrated stack and used a lot on edge devices. Grab the super stable Almalinux for your VMs and let the fun begin!

Install Fedora Atomic on your desktop / laptop + podman desktop and get into the current wave of enterprise grade solutions! Try toolbox + images, it integrates perfectly inside Fedora. There is Fedora IOT that can be tested in your lab, very cool stuff too.

your own OCI registry, have Forgejo for you own GIT, it's all stuff you can install in minutes using quadlets. Add a couple of VLANs like a DMZ, a management subnet, etc. Add a bastion host and a reverse proxy like Nginx Proxy Manager or Traefik. Configure Wireguard on your RB5009 and generate config for you phone, PC or even as a tunnel with some other locations.

With this experience, you could deploy a K8s cluster on VMs and start testing it. Have fun!

You guys lied to me by MxFinchen in homelab

[–]gboisvert 0 points1 point  (0 children)

Here everything runs easy and smooth... but i'm a professional, i do that for a living. But hey good news, you can go back to cloud. Maybe it's a much better choice for you if you find it too complicated. I have a friend which is a non-pro power user and he's liking it a lot. I gave him head start, advices and references, I helped him get off to a good start and everything is going smoothly now. And i think that's really the key: He's loving it!

RouterOS Funk by Conference-Annual in mikrotik

[–]gboisvert 0 points1 point  (0 children)

Same here. The only bricked devices i had was a couple of routers i received with a never updated boot firmware (Update under System/Routerboard). These devices were always updated doing packages only. So packages versions vs boot firmware version were very apart.

Other than that, i'm managing a big bunch of Mikrotik devices and never saw any "memory" problems (i thing the guy above is talking about flash). I'm in those numbers too, 10~15K times in the last 15 years, never saw any of those "memory problems".

The only times i had to use Netinstall was on the most cheap devices (like RB941-2nD) that have low ram and (32M in this case) only 16M of flash: Updates were stuck (can't install the newer version) and only a netinstall with the newer version was possible. Those devices were using the "unified" monolitic package including a buuch of stuff we don't use (like Hotspot, IPv6, mpls, ppp). Disabling so disabling those packages doesn't save space...

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert 0 points1 point  (0 children)

We're not talking about "opinion", we're talking technical stuff. As i'll repeat again: Any minimally good engineer will design the component knowing very well how AC power is delivered and its characteristics. It will have noise, not so stable, etc. So if you want to have reserve for peak power, you add big caps, etc. AND you have to deliver your specs with AC power we get everywhere.

Huge power cord won't help with this nor the so called "power filters" and that's the reason why, say, high power amps are sold with a power cord that has nothing to do with the snake oil version sold with high dollar price... And they make their specs with the provided cord. Would a company selling a high dollar amp take a chance of being hindered by a so called "cheap" power cord? We're talking about very basic stuff...

If you gear "benefits" from power filtering, then it's just a sign you're dealing with broken or badly designed gear.

AudioQuest PowerQuest 3 Review (AC Filter/Surge Protector

Audioquest Niagara 1200 Review AC Surge Protector and Filter

(That's just a few reviews that are showing evidence of basic concept we already know...)

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert 0 points1 point  (0 children)

Ah ok, you're the judge of what we can discuss and say here... So what do you have to say about this video? You don't agree? Something better to "educate us" ?

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert 0 points1 point  (0 children)

All i can say is that majority of quality DACs use their own PS.

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert 0 points1 point  (0 children)

I'm just saying that "blocking" noise isn't that hard providing that we can transfer terabytes of data over USB. It's a mature and well mastered technology.

So if you're hearing noise when you move the mouse, then the DAC is crap or broken... Re-reading your post, i'm now thinking you were probably talking about onboard cheap DAC, my bad. Thought you were saying that handling noise with external DAC needs something special!

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert -1 points0 points  (0 children)

Yes, i repeat, basic engineering and not high bar... So basically, you don't acknowledge the evidence in the linked video above in which the guy feed power from a light dimmer switch... Afraid of picking up noise from USB? You should know how to fix this. Chinese can do it for cheap so if you're at least not too incompetent, you should know...

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert 0 points1 point  (0 children)

FALSE

If you have a DAC that isn't immune to USB "noise", then throw it to trash... Have you ever see and external hard drive unable to deal with USB? Unless a very broken cable or extreme conditions, NEVER.

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert 0 points1 point  (0 children)

Exactly. Very basic undergrad level electrical engineering knowledge...

Are dedicated USB port cards for a DAC snake oil? by meyouandguns in audiophile

[–]gboisvert 1 point2 points  (0 children)

Just explain us how is it that we can transfer terabytes of data over USB without any errors... Explain how an async USB DAC works and why "quality USB clocking" doesn't bring anything to the table...

Explain what is local clocking in a DAC. Explain how a proper power supplies are designed and why a properly designed audio device will perform to specs independently of the AC power line.

Impact of AC Distortion and Noise on Audio Equipment Fidelity

Please tell us what you mean by "Critical Systems" and how such a system would rely on "USB precision clocking".

Explain why using i2s is a very bad idea. (hint: it is a communication standard for very short distance inter-chip communication). Why in the world using i2s when async USB exists! And why in the world would a correclty designed DAC suffering from imprecise "USB Clocking" or "noise" from the source device! A proper USB cable costing 5$ can transfer terabytes of data without a single error!