Category: RouterOSv7

2023 has been a big year for MikroTik RouterOS v7 development. The OS has matured quite a bit and the number of operators that are using ROSv7 in prod has gone up significantly.

Most of the work this year has been centered around feature parity with ROSv6 and performance improvements.

Although there have been a few new additions like the Back to Home VPN (Which is now scheduled to release with 7.12) and IS-IS (Also slated for 7.12).

This is important because most of the development time by MikroTik has been consumed by stabilization, feature parity and perf improvements. However, as that gap closes, we should see long awaited features like SR-MPLS and EVPN make it into ROS v7 faster as development time frees up.

7.11 contains a long list of fixes and improvements and will likely be adopted quickly by the MikroTik community.

MikroTik Routers and Wireless – Software

Noteworthy additions

bfd stability

*) bfd – fixed “actual-tx-interval” value and added “remote-min-tx” (CLI only);
*) bfd – improved system stability;

Bi-directional forwarding detection or BFD has been a feature gap in ROSv7 for a long time and was a showstopper for some ASNs that wanted to use the new CCR2K hardware as peering/border routers. Now that BFD has been implemented for BGP and OSPF with some stabilization fixes, it’s much easier to deploy a CCR2116 or CCR2216 in that role.

IPv6 support for containers

*) container – added IPv6 support for VETH interface;

Being able to use IPv6 for containers is a great addition given the rapid pace of IPv6 adoption in 2023. It also makes it easier to expose containers directly to the Internet without NAT if desired.

Continued improvement of l3hw offload

*) l3hw – changed minimal supported values for “neigh-discovery-interval” and “neigh-keepalive-interval” properties;
*) l3hw – fixed /32 and /128 route offloading after nexthop change;
*) l3hw – fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw – improved system responsiveness during partial offloading;
*) l3hw – improved system stability during IPv6 route offloading;
*) l3hw – improved system stability;

There were a number of l3hw fixes in 7.11 which allows the platforms with Marvell Prestera chips to be put into more roles for L3 switching and lower the cost of wirespeed performance for network operators.

Wifiwave2 development continues

*) wifiwave2 – added “steering” parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 – added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 – added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 – automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 – changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 – enabled PMK caching with EAP authentication types;
*) wifiwave2 – fixed “reg-info” information for several countries;
*) wifiwave2 – fixed “security.sae-max-failure” rate not limiting authentications correctly in some cases;
*) wifiwave2 – fixed clearing CAPsMAN Common Name when disabling “lock-to-caps-man”;
*) wifiwave2 – fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 – improved stability when changing interface settings;
*) wifiwave2 – improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 – make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 – rename “reg-info” country argument from “Macedonia” to “North Macedonia”;
*) wifiwave2 – use correct status code when rejecting WPA3-PSK re-association;

The Wifiwave2 package has gotten a lot of love from the developers since the release of AX hardware and has stabilized quite a bit. The new wireless chips + active development might put MikroTik back in contention for wireless against WISP and WiFi vendors after a long period of limited innovation prior to the 2020s.

Back To Home – RouterOS – MikroTik Documentation

MikroTik already has a wealth of VPN options and is introducing another with the Back to Home or BTH VPN service. The framework underneath is based on wireguard which MikroTik began supporting in the early 7.x series of RouterOS.

What makes this notable is the addition of relay servers that MikroTik hosts to facilitate ease of VPN access when behind NAT.

This VPN service appears to be targeted at home users, gamers and others that need a “push button” VPN solution without complex routing or advanced configuration options.

It’s also important to point out that the solution is dual stacked and uses IPv4 and IPv6 by default so it will scale well globally.

BTH tab under the cloud menu

App based remote connectivity.

MikroTik is developing Android & Apple apps to use as clients of the BTH VPN service. While not released yet, there are preview screen shots in the online docs.

Manual Configuration

MikroTik also allows manual configuration of a remote endpoint using either ROS config for wireguard to be pasted in or via a QR code.

The pace of development for MikroTik RouterOS version 7 has definitely sped up in 2022 and we are seeing the results in improved stability and features added.

As of August 31st, 2022, MikroTik moved ROS v7.5rc2 into v7.5 stable

MikroTik Routers and Wireless – Software

Noteworthy additions

dhcpv6-relay – not being able to relay a PD request from a delegating router for IPv6 has been a limitation of MikroTik routers for a while so getting this fixed has a big impact on scaling MikroTik IPv6 deployments

RTSP helper – The addition of a Real Time Streaming Protocol helper is a great addition to ROSv7 to make NAT traversal for realtime applications (IPTV, SIP and IP cameras) easier.

A good overview of the discussion leading up to the addition of RTSP is here: RTSP Helper – MikroTik

l3hw – fixed hw offloaded NAT – This feature still has some issues as IP ArchiTechs recently filed a bug (SUP-91389) where src-nat traffic that carries an H flag in the connection table will die after 1 hour with a 10G load on the router. Once this feature receives further bug fixes and testing, it’s going to be very useful for high capacity but low cost NAT44 gateways.

lte – this category got a significant amount of development work as there are numerous fixes with many relating to the Chateau devices.

wifiwave2 – There was also a significant amount of development in wifi wave 2 which included notable additions like 802.11k for roaming.

 vrrp – added “sync-connection-tracking” compatibility with preemption-mode – this is a long awaited feature that showed up early in ROSv7 but did not have pre-emption mode capabilities. The addition of connection synching between routers positions MikroTik routers much closer to traditional enterprise firewall vendors so that failover between devices can include connections.