Reefs settings Mikrotik SXT LTE
Good day Habr, I will try to talk about my acquaintance with such a thing as Mikrotik SXT LTE, the throes of tuning and subsequent bringing to mind.
A little background:
I started my acquaintance with Mikrotik and RouterOS about two years ago, I have a MTCNA certificate, I plan to get MTCRE and MTCWE in the near future. During this time, I do not get tired to admire the equipment Mikrotik for their functionality. He mainly worked with representatives of the RouterBoard 7xx and 9xx line, as their capabilities and capacities were always enough, until recently.
Recently, the following object appeared - a tank farm with a fairly well-developed network infrastructure: a local domain, PBX (Asterisk FreePBX), respectively, SIP-telephony, Wifi-bridges, a lot of NVRs and specialized automation equipment, managed all of this Zyxel ZyWALL USG 20. there was no wired internet, access to it was carried out via LTE, through the at least working Zyxel LTE6100. Periodic “dumps” of lte were the norm for him, sometimes only a reboot helped to restore the connection, and Zyxel’s “wooden” and weakly responsive interface did not add joy either.
')
As a result, after some time and a rather large number of complaints, it was decided to look for an alternative. A glance immediately fell on the Mikrotik SXT LTE because:
- 2 in 1, replaced with just 2 pieces of iron - a router and lte-modem;
- RouterOS and its rich ability to implement various hotelok;
Select firmware:
The arrived piece of iron carried RoS version 6.36.2, out of habit, I immediately updated it to fresh, at that time, current 6.40. This was my first mistake, complicating my task, already in place in the "field" conditions. I didn’t check LTE performance in the workplace in a comfortable environment, because there wasn’t just a LTE-enabled SIM card at hand. As a result, already at the facility, I was surprised when SXT did not want to see a signal from the base station at all, which is on the default configuration, which is on an empty configuration. I had to quickly roll back to the "boxed" version of RoS, downloading it via the mobile Internet. At the same time, it came to the realization that the lte package is not included in the Main package - the RoS set and in addition to it you need to download Extra packages.
We load routeros-mipsbe-x.xx and lte-x.xx-mipsbe into the microtic memory (the Files tab in the winbox menu):
Next System - Packages and click Downgrade. Mikrotik will ask for permission to reboot to roll back to an older version of RoS, click Yes.
After the rollback, I did not immediately reset the settings to 0, but preferred to check for default. After making sure that the lte interface has risen and connected to the base station, you can go back to an empty configuration and continue tuning.
LTE interface setup:
For a start, we need to decide on the frequency of the LTE frequency band, for each operator it has its own, for Yota it is band 7.
Next, write in the terminal:
Where:
lte1 - the name of your lte interface
band - frequency band
network-mode - operation mode
add-default-route - add default route for routing
use-peer-dns - use the operator's DNS server
At best, all settings Mikrotik picks up automatically, but I had to configure it manually.
In the practice of setting up a Routeroard series, in order to obtain an IP address from a provider, you need to configure Mikrotik as a DHCP client:
But when working with SXT LTE, Mikrotik received an IP address and DNS from the provider automatically, without additional manipulations.
Next, check the status of LTE:
presence on the LTE interface IP from the operator in the IP tab - Adresses:
and finally the presence of the default route:
If not, add it manually:
All that remains is to give users access to the Internet:
This completes the basic setting of the Mikrotik SXT LTE, then specific tasks and problems will follow, which I had to solve by necessity and by the fact of occurrence.
More than one subnet:
So the network infrastructure at the facility is quite developed, it had 3 subnets for various purposes:
Since SXT LTE has only one ethernet interface. For a long time I was thinking how to route between subnets, even looking towards VLANs. Everything turned out to be simple, it is enough to assign several ip-addresses to the interface, which are the gateway of the subnet devices:
DNS Flood:
SXT LTE has a rather weak CPU, which I was reminded of just the next day after installation. Employees complained about the poor network performance, and I, in turn, could not connect remotely to Mikrotik, although the winbox did not drop me right away, but tried to log in. Arriving at the site, I found the CPU load of the processor at 100%. Using the Tools - Profile utility built into RoS, I found that the processor was loaded with handling DNS queries. And I realized another one of my mistakes, forgetting to turn off the processing of DNS requests from the external server.
or using a firewall:
CPU Overloaded:
Mikrotik does not fix the high load on the processor, so in the future to control the high CPU load and solve it, the built-in language for writing scripts helped me:
It looks like this:
For convenience, all the logs are sent to the syslog, in order not to fill up Mikrotik's flash-memory and not to lose them upon reboot.
LED indicator
When an empty configuration is set, the settings of the LTE interface LEDs are reset, and restored using the following commands:
Drop LTE Interface:
Unfortunately, one of the unsolved problems of SXT LTE, caused by the high traffic load of UDP, which the developers mentioned on the forum:
A couple of times caught the disappearance of the lte-interface, respectively, the lack of Internet on the site. But after a couple of minutes the interface appeared again, so the downtime was not critical. While I wait for the new version of RouterOS, which will fix this problem.
That's what I had to face, introducing a specific, for me, "piece of hardware", and at the same time learn something new. But this Mikrotik and good that provides the tools to solve the problems appeared.
A little background:
I started my acquaintance with Mikrotik and RouterOS about two years ago, I have a MTCNA certificate, I plan to get MTCRE and MTCWE in the near future. During this time, I do not get tired to admire the equipment Mikrotik for their functionality. He mainly worked with representatives of the RouterBoard 7xx and 9xx line, as their capabilities and capacities were always enough, until recently.
Recently, the following object appeared - a tank farm with a fairly well-developed network infrastructure: a local domain, PBX (Asterisk FreePBX), respectively, SIP-telephony, Wifi-bridges, a lot of NVRs and specialized automation equipment, managed all of this Zyxel ZyWALL USG 20. there was no wired internet, access to it was carried out via LTE, through the at least working Zyxel LTE6100. Periodic “dumps” of lte were the norm for him, sometimes only a reboot helped to restore the connection, and Zyxel’s “wooden” and weakly responsive interface did not add joy either.
')
As a result, after some time and a rather large number of complaints, it was decided to look for an alternative. A glance immediately fell on the Mikrotik SXT LTE because:
- 2 in 1, replaced with just 2 pieces of iron - a router and lte-modem;
- RouterOS and its rich ability to implement various hotelok;
Select firmware:
The arrived piece of iron carried RoS version 6.36.2, out of habit, I immediately updated it to fresh, at that time, current 6.40. This was my first mistake, complicating my task, already in place in the "field" conditions. I didn’t check LTE performance in the workplace in a comfortable environment, because there wasn’t just a LTE-enabled SIM card at hand. As a result, already at the facility, I was surprised when SXT did not want to see a signal from the base station at all, which is on the default configuration, which is on an empty configuration. I had to quickly roll back to the "boxed" version of RoS, downloading it via the mobile Internet. At the same time, it came to the realization that the lte package is not included in the Main package - the RoS set and in addition to it you need to download Extra packages.
We load routeros-mipsbe-x.xx and lte-x.xx-mipsbe into the microtic memory (the Files tab in the winbox menu):
Next System - Packages and click Downgrade. Mikrotik will ask for permission to reboot to roll back to an older version of RoS, click Yes.
After the rollback, I did not immediately reset the settings to 0, but preferred to check for default. After making sure that the lte interface has risen and connected to the base station, you can go back to an empty configuration and continue tuning.
It is worth making a remark that at the moment SXT LTE works on the latest version of RoS 6.40.1, which I came to gradually, updating to subsequent versions, starting from 6.36 and testing stability, being directly on the site.
When choosing a configuration, I always choose an empty one - it allows you to configure all the necessary parameters on your own, as opposed to the default one, which does not always guarantee the operation of the device for its intended purpose, and sometimes can lead to certain problems.
LTE interface setup:
For a start, we need to decide on the frequency of the LTE frequency band, for each operator it has its own, for Yota it is band 7.
Next, write in the terminal:
/interface lte set lte1 band=7 network-mode=lte add-default-route=yes use-peer-dns=yesWhere:
lte1 - the name of your lte interface
band - frequency band
network-mode - operation mode
add-default-route - add default route for routing
use-peer-dns - use the operator's DNS server
At best, all settings Mikrotik picks up automatically, but I had to configure it manually.
In the practice of setting up a Routeroard series, in order to obtain an IP address from a provider, you need to configure Mikrotik as a DHCP client:
/ip dhcp-client add interface=_gateway_But when working with SXT LTE, Mikrotik received an IP address and DNS from the provider automatically, without additional manipulations.
Next, check the status of LTE:
presence on the LTE interface IP from the operator in the IP tab - Adresses:
and finally the presence of the default route:
If not, add it manually:
/ip route add dst-address=0.0.0.0/0 gateway=lte distance=1All that remains is to give users access to the Internet:
/ip firewall nat add chain=srcnat action=masquerade out-interface=lte1This completes the basic setting of the Mikrotik SXT LTE, then specific tasks and problems will follow, which I had to solve by necessity and by the fact of occurrence.
More than one subnet:
So the network infrastructure at the facility is quite developed, it had 3 subnets for various purposes:
- WiFi bridges and other network equipment;
- SIP telephony subnet;
- subnet custom pc.
Since SXT LTE has only one ethernet interface. For a long time I was thinking how to route between subnets, even looking towards VLANs. Everything turned out to be simple, it is enough to assign several ip-addresses to the interface, which are the gateway of the subnet devices:
/ip address
add address=10.254.254.1/24 network=10.254.254.0 interface=ether1-main-pool
add address=192.168.21.1/24 network=192.168.21.0 interface=ether1-main-pool
add address=192.168.1.1/24 network=192.168.1.0 interface=ether1-main-poolDNS Flood:
SXT LTE has a rather weak CPU, which I was reminded of just the next day after installation. Employees complained about the poor network performance, and I, in turn, could not connect remotely to Mikrotik, although the winbox did not drop me right away, but tried to log in. Arriving at the site, I found the CPU load of the processor at 100%. Using the Tools - Profile utility built into RoS, I found that the processor was loaded with handling DNS queries. And I realized another one of my mistakes, forgetting to turn off the processing of DNS requests from the external server.
/ip dns set allow-remote-requests=noor using a firewall:
/ip firewall raw
add action=add-src-to-address-list address-list="dns flood" address-list-timeout=1d chain=\prerouting dst-port=53 in-interface=lte1 protocol=udp
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=lte1 protocol=udp src-address-list="dns flood"
add action=drop chain=input connection-state=new dst-port=53 in-interface=lte1 protocol=udp
add action=drop chain=input connection-state=new dst-port=53 in-interface=lte1 protocol=tcpCPU Overloaded:
Mikrotik does not fix the high load on the processor, so in the future to control the high CPU load and solve it, the built-in language for writing scripts helped me:
:global cpu1 [/system resource get cpu-load];
if (($cpu1) >= 90) do={:log warning "CPU load = $cpu1 %"} else={}It looks like this:
For convenience, all the logs are sent to the syslog, in order not to fill up Mikrotik's flash-memory and not to lose them upon reboot.
LED indicator
When an empty configuration is set, the settings of the LTE interface LEDs are reset, and restored using the following commands:
/system leds
add leds=led1 type=modem-signal interface=lte1 modem-signal-treshold=-91
add leds=led2 type=modem-signal interface=lte1 modem-signal-treshold=-81
add leds=led3 type=modem-signal interface=lte1 modem-signal-treshold=-71
add leds=led4 type=modem-signal interface=lte1 modem-signal-treshold=-61
add leds=led5 type=modem-signal interface=lte1 modem-signal-treshold=-51Drop LTE Interface:
Unfortunately, one of the unsolved problems of SXT LTE, caused by the high traffic load of UDP, which the developers mentioned on the forum:
We are looking for it. It doesn’t have this issue. The LTE SXT Takes A Lot Of Spots
A couple of times caught the disappearance of the lte-interface, respectively, the lack of Internet on the site. But after a couple of minutes the interface appeared again, so the downtime was not critical. While I wait for the new version of RouterOS, which will fix this problem.
That's what I had to face, introducing a specific, for me, "piece of hardware", and at the same time learn something new. But this Mikrotik and good that provides the tools to solve the problems appeared.
Source: https://habr.com/ru/post/336076/
All Articles