Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
509 posts

Ultimate Geek
+1 received by user: 102


  Reply # 2034738 13-Jun-2018 02:08
Send private message quote this post

Alpha s/w on a productive system?

 

There's no reason (except for tests in a related environment) to use anything else for a productive system earlier than (bold): pre-AlphaAlphaBeta Release CandidateRelease.





Nope, English isn't my mother tongue. But that's why I'm here. smile


115 posts

Master Geek
+1 received by user: 12

Trusted

  Reply # 2039135 17-Jun-2018 15:12
Send private message quote this post

After upgraded to the latest firmware, V1.10.3, I tried to connect through both eth1 and eth2 ports (Fibre comes into eth0). It works through eth1 but not eth2. Configuration is as the pic below.

 

 

Yes, I did change my IP address accordingly when switching to different subnet. What could be the problem? Thanks 




Meow
7787 posts

Uber Geek
+1 received by user: 3847

Moderator
Trusted
Lifetime subscriber

  Reply # 2039143 17-Jun-2018 15:44
One person supports this post
Send private message quote this post

@GeekRay Have you got a DHCP server listening on the 192.168.2.1/24 range?





115 posts

Master Geek
+1 received by user: 12

Trusted

  Reply # 2039218 17-Jun-2018 19:28
Send private message quote this post

Bang on, Michael. I changed the IP range for 2nd subnet without updating associated DHCP sever.

 

Thanks for the advice and it's working now. 

 

By the way, is that possible for Plex client app to access Plex serve on different subnet? I did a bit research online but couldn't find much info (not a common case I reckon) 


115 posts

Master Geek
+1 received by user: 12

Trusted

  Reply # 2039221 17-Jun-2018 19:35
Send private message quote this post

Also, regarding hardware offloading, I have three "enabled" under ipv4 but it says "disabled" under "system". Does it mean there is something I need to do there?

 

System level:

 

 

IPv4

 

 

Thanks heaps. 

 

 




Meow
7787 posts

Uber Geek
+1 received by user: 3847

Moderator
Trusted
Lifetime subscriber

  Reply # 2039310 17-Jun-2018 23:13
One person supports this post
Send private message quote this post

@GeekRay For Plex it "just works" - it'll detect your Plex server as nearby assuming it is not firewalled off. It is not wise to use the 2nd port of the Edgerouter to extend your network unless if you were wanting to create a guest network or something.

 

For the likes of hardware offloading it is best to do it in the CLI - "show ubnt offload" to get a proper answer. Don't set it in both places as this is often a double-up caused by Ubiquiti using the same software across all their routers.





312 posts

Ultimate Geek
+1 received by user: 77


  Reply # 2040784 19-Jun-2018 22:20
One person supports this post
Send private message quote this post

EdgeMAX EdgeRouter software hotfix version v1.10.4 has been released!  [ New ]    19 hours ago

 

New firmware release 1.10.4 is available here:

 

!!! IMPORTANT NOTICE for ER-12 users !!!

 

ER-12 supports only 1.10.4 and 2.0.0-alpha.1 firmwares.

 

Do not downgrade ER-12 to any older firmware as this will brick ER-12 for good. Firmware compatibility check for ER-12 will be added in upcoming 1.10.5 and 2.0.0-alpha.2 firmwares

 

Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, see here for more details) before doing an upgrade.

 

More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!

 

[Release Notes v1.10.4]

 

Changelog

 

Changes since v1.10.3

 

New features:

 

  • Offloading - Added CLI commands to resize flow table on Octeon-based routes. Discussed hereset system offload ipv4 table-size 65536Prior to 1.10.4 firmware, table-size was hardcoded to 8192 for all platforms. Default table size of 8192 buckets was ok for ER-lite (that has 512Mb of RAM) but totally not ok for ER-Infinity (that has 16GB of RAM). Now admins can tune offload ipv4 table-size to improve forwarding performance.General recommendation is following - if you see that coutner ipv4_create_flow_not_found_replaced_non_expired is constantly growing then it means that table-size is too small for your traffic profile and you are advised to increase it past default 8192 value:
    $ show ubnt offload statistics |grep replaced_non_expired ipv4_create_flow_not_found_replaced_non_expired 357345 <------------ !!!! ipv6_create_flow_not_found_replaced_non_expired 0Right now the only limitation for table-size is that it should be power of 2 (8192, 16384, 32768, 65536...)

Enhancements and bug fixes:

 

  • PoE - Keep POE status during reset for ER-X-SFP/EP-R6/EP-R8/ER-12 devices
  • DHCP - Fixed DHCPv6 failure with VIF-0 interface. Discussed here
  • SSH - Disable weak ARCFOUR ciphers
  • SSH - Disable SSH port forwarding for operator user
  • Interface - Fixed bug when SFP interface link was down after upgrade on ER-X-SFP
  • BGP - Fixed bug when commit failed when setting inactive BGP peer. Discussed here
  • DNS - Upgraded Dynamic DNS client to support cloudflare API v4. Discussed here
  • Interface - Fixed random bug when interface stopped passing traffic after changing speed/duplex
  • Interface - Fixed bug when eth0 speed/duplex could not be changed on ER-Infinity 
  • System - Fixed bug when processes randomly crashed with SIGBUG on ER-X
  • System - Fixed bug when PoE status was not reset when doing "factory-reset"
  • System - Fixed bug when "ubnt-util" crashes with SIGFPE if smart-queue rate was less than 1kbps. Discussed here

Updated software components:

 

  • none

Known issues:

 

  • Bug with corrupted downloads via PPPoE interface is not fixed for ER-8-XG (it is fixed on all other ER models). Workaround - disable PPPoE offloading on ER-8-XG:configure set system offload ipv4 pppoe disable
    set system offload ipv6 pppoe disable commit sa

    NOTE:
     We will publish this 1.10.4 firmware in main EdgeMAX forum, download site and UNMS on Monday June 25th 2018

312 posts

Ultimate Geek
+1 received by user: 77


  Reply # 2045832 29-Jun-2018 07:24
One person supports this post
Send private message quote this post

New firmware release 1.10.5 is available here:

 

 Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, see here for more details) before doing an upgrade.

 

More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!

 

[Release Notes v1.10.5]

 

Changelog

 

Changes since v1.10.3

 

New features:

 

  • Offloading - Added CLI commands to resize flow table on Octeon-based routes. Discussed hereset system offload ipv4 table-size 65536Prior to 1.10.5 firmware, table-size was hardcoded to 8192 for all platforms. Default table size of 8192 buckets was ok for ER-lite (which has 512Mb of RAM) but totally not ok for ER-Infinity (which has 16GB of RAM). Now admins can tune offload ipv4 table-size to improve forwarding performance. General recommendation is following - if you see that coutner ipv4_create_flow_not_found_replaced_non_expired is constantly growing then it means that table-size is too small for your traffic profile and you are advised to increase it past default 8192 value:
    $ show ubnt offload statistics |grep replaced_non_expired ipv4_create_flow_not_found_replaced_non_expired 357345 <------------ !!!! ipv6_create_flow_not_found_replaced_non_expired 0Right now the only limitation for table-size is that it should be power of 2 (8192, 16384, 32768, 65536...)

Enhancements and bug fixes:

 

  • PoE - Keep POE status during reset for ER-X-SFP/EP-R6/EP-R8/ER-12 devices
  • DHCP - Fixed DHCPv6 failure with VIF-0 interface. Discussed here
  • SSH - Disable weak ARCFOUR ciphers
  • SSH - Disable SSH port forwarding for operator user
  • Interface - Fixed bug when SFP interface link was down after upgrade on ER-X-SFP
  • BGP - Fixed bug when commit failed when setting inactive BGP peer. Discussed here
  • DNS - Upgraded Dynamic DNS client to support cloudflare API v4. Discussed here

     

    • Following DDNS providers require manual configuration changes:

       

      • Cloudflare - server www.cloudflare.com should be removed from config:delete service dns dynamic interface eth0 service custom-cloudflare server www.cloudflare.com
      • Namecheap - config entry  host-name should not contain second level domain name. For instance for eatmyshorts.bart.com you should remove the bart.com suffix from host-name and leave only eatmyshorts:
        delete service dns dynamic interface eth0 service namecheap host-name eatmyshorts.bart.com set service dns dynamic interface eth0 service namecheap host-name eatmyshorts
  • Interface - Fixed random bug when interface stopped passing traffic after changing speed/duplex
  • Interface - Fixed bug when eth0 speed/duplex could not be changed on ER-Infinity 
  • System - Fixed bug when processes randomly crashed with SIGBUG on ER-X
  • System - Fixed bug when PoE status was not reset when doing "factory-reset"
  • System - Fixed bug when "ubnt-util" crashes with SIGFPE if smart-queue rate was less than 1kbps. Discussed here
  • UNMS - downgraded ubnt-udapi bridge to v0.3.13 to get rid of bug when UNMS connection freezed

Updated software components:

 

  • none

Known issues:

 

  • Bug with corrupted downloads via PPPoE interface is not fixed for ER-8-XG (it is fixed on all other ER models). Workaround - disable PPPoE offloading on ER-8-XG:configure set system offload ipv4 pppoe disable
    set system offload ipv6 pppoe disable commit save

1569 posts

Uber Geek
+1 received by user: 152

Trusted

  Reply # 2048228 3-Jul-2018 12:37
Send private message quote this post

So I seem to be making progress.

 

I can now receive IPv6 address on my devices (windows and linux)

 

I can't ping v6 on the internet, i.e. ping -6 google.com fails. but it does resolve the ipv6 address

 

I'm on 2degrees and looking at the fritz!box it showed a /48 was allocated so trying with that...

 

 

 

 

set interfaces ethernet eth0 vif 10 pppoe 0 ipv6 enable
edit interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 1
set prefix-length /48

 

set interface eth2 host-address ::1
set interface eth2 prefix-id :2
set interface eth2 service slaac
set ipv6 address autoconf
top
commit

 

set protocols static interface-route6 ::/0 next-hop-interface pppoe0
commit
save

 

edit firewall ipv6-name WAN6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top
edit firewall ipv6-name WAN6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
set rule 40 action accept
set rule 40 description "allow DHCPv6 client/server"
set rule 40 destination port 546
set rule 40 source port 547
set rule 40 protocol udp
top
set interfaces ethernet eth0 vif 10 pppoe 0 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth0 vif 10 pppoe 0 firewall local ipv6-name WAN6_LOCAL
commit
save
exit
reboot now

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 




Meow
7787 posts

Uber Geek
+1 received by user: 3847

Moderator
Trusted
Lifetime subscriber

  Reply # 2048241 3-Jul-2018 13:02
Send private message quote this post

Here is my configuration snippit for IPv6 on 2degrees (working) - setting "prefix-only" is important on 2degrees also. This configuration is literally taken from my OP.

# show interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd
pd 0 {
interface eth1 {
host-address ::1
no-dns
prefix-id :1
service slaac
}
prefix-length /56
}
prefix-only
rapid-commit enable
[edit]

 

# show firewall ipv6-name WAN6_IN
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
[edit]

 

# show firewall ipv6-name WAN6_IN
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
[edit]

 


# show firewall ipv6-name WAN6_LOCAL
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
rule 40 {
action accept
description "allow DHCPv6 client/server"
destination {
port 546
}
protocol udp
source {
port 547
}
}
[edit]





63 posts

Master Geek
+1 received by user: 6


  Reply # 2048559 3-Jul-2018 20:50
Send private message quote this post

I have the exact same settings about but it doesn't work for me, is there anything else I need to do?


1569 posts

Uber Geek
+1 received by user: 152

Trusted

  Reply # 2048617 3-Jul-2018 21:38
Send private message quote this post

@michaelmurfy

 

I've updated my config to align to your output, but still having issues.

 

 

So when I have prefix-length /48 all my devices are given IPv6 addresses but can't reach the outside world. I cant even ping6 google.com from the edgerouter lite.

 

 

If I have prefix-length /56 I can ping6 google.com from the edgerouter lite but devices are not provided with a ipv6 address at all.

 

 

can you please share the output from or ssh the file to your local device to share it...

 

[code]cat /config/config.boot[/code[

 

 

Of course remove your passwords from user account at the bottom and pppoe password and user-id

 

 

The prefix-only for example isn't in OP so I'm wondering if there is other config you've made along the way without noticing?

 

 

Also if I run show firewall ipv6-name WAN6_LOCAL or WAN6_IN from the normal command line (not within configure)

 

the below line is included in the input...

 

 

Inactive - Not applied to any interfaces, zones or for content-inspection.

 

 

if I try and run the below again i get the warning it's already configured...

 

 

set interfaces ethernet eth0 vif 10 pppoe 0 firewall in ipv6-name WAN6_IN

 

set interfaces ethernet eth0 vif 10 pppoe 0 firewall local ipv6-name WAN6_LOCAL

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 




Meow
7787 posts

Uber Geek
+1 received by user: 3847

Moderator
Trusted
Lifetime subscriber

  Reply # 2048654 3-Jul-2018 22:23
2 people support this post
Send private message quote this post

@BlackHand @mentalinc Here you go - this is very heavily sanitized but I've left the configuration there for my internet connection / firewall / IPv6 settings. Afraid my configuration is far too big (and sensitive) to fully post and you likely don't need to know about my site to site VPN's etc :) - https://files.murfy.nz/config.boot.sanitized.txt

 

This configuration gives me the following (tested on a Chromebook - same goes for Windows / Linux and any other device on the network):

 

Click to see full size

 

Sidenote - the no-dns is not needed. I've got that as I run my own resolver on this network. You may want to leave that one out.







Meow
7787 posts

Uber Geek
+1 received by user: 3847

Moderator
Trusted
Lifetime subscriber

  Reply # 2048667 3-Jul-2018 23:42
Send private message quote this post

I also found I had MSS clamping enabled;

This is not needed on 2degrees UFB if you're using a MTU of 1500 on the PPPoE side and a MTU of 1508 on the underlying interface like I have on my configuration. Not sure why I had this enabled in the first place as it would have been limiting things for me so thanks @mentalinc for getting me to dump my configuration and look through it!





63 posts

Master Geek
+1 received by user: 6


  Reply # 2048692 4-Jul-2018 07:23
Send private message quote this post

What's the benefit/use of ip { enable-proxy-arp }, I couldn't find a proper answer on the ubiquiti forums?

 

 


1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.