Manual:RouterOS6 news: Difference between revisions
Jump to navigation
Jump to search
Line 58: | Line 58: | ||
* added OSPF <var>use-dn</var> option | * added OSPF <var>use-dn</var> option | ||
* Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer | * Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer | ||
* | * Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag. | ||
==Queues== | ==Queues== |
Revision as of 14:18, 22 May 2013
General
- updated drivers and kernel (to linux-3.3.5);
- Configurable kernel options in "/ip settings" menu (ip forward, rp filters etc)
- Arp timeout can be changed in /ip settings
- FastPath support
- Neighbor discovery can be disabled by default on dynamic interfaces in "/ip neighbor discovery settings" menu
- Renamed e-mail parameter tls to start-tls
- DHCP v4 client now have special-classless option for add-default-route parameter
- Fetch tool now has HTTPS support
- Added ipv6 header support for traffic generator
- SSTP can now force AES encryption instead of default RC4
- added bridge-path-cost & bridge-port-priority to ppp profiles
- added last-logged-out to ppp secrets
- hotspot, ppp - support multiple address-lists
- Only 2 change mss mangle rules are created for all ppp interfaces;
- ip/ipv6 firewall has all-ether,all-wireless,all-vlan,all-ppp interface matchers
- dhcp relay - possibility to add relay agent information option;
- flash can be partitioned on routerboards and separate versions can be installed on each of them
- show last-logged-in in users list
- dhcp ipv6 - added dns option support
- gre - support all protocol encapsulation, not just ip and ipv6;
- dhcp client - custom options;
- dns - rotate servers only on failure
- added priority matcher to firewall;
- added change-dscp from-priority and from-priority-to-high-3-bits option
- add snif-tzsp,snif-pc actions to ip/ipv6 firewall mangle;
- slave flag shows up for interfaces that are in bridge,bonding or switch group;
- dns cache logs requests to topics "dns" and "packet";
IpSec
Significantly improved Road Warrior setup usage with Mode Configuration support.
Detailed configuration example can be found in the manual.
Full list of new features:
- Mode Conf support (unity split include, address pools, DNS)
- Ipsec peer can be set as passive - will not start ISAKMP SA negotiation
- Xauth support ( xauth PSK and Hybrid RSA)
- Policy templates - allow to generate policy only if src/dst address, protocol and proposal matches the template
- Peer groups
- Multiple peers with the same IP can be used.
- For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
- generate-policy now can have port-strict value which will use port from peer's proposal
Certificates
- CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use set-ca-passphrase for scep server to cache CA key in encrypted form;
- for certificates marked as trusted=yes, CRL will be automaticly updated once in hour from http sources;
- Ipsec and SSTP respects CRLs
- SCEP server/client support
Routing
- added OSPF use-dn option
- Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
- Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.
Queues
- improved overall router performance when simple queues are used
- improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
- /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
- new default queue types: pcq-download-default and pcq-upload-default;
- simple queues have separate priority setting for download/upload/total;
- global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;
- simple queues happen in different place - at the very end of postrouting and local-in chains;
- simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
- simple queues dst-address parameter is changed to dst and now supports destination interface matching;
Compact configuration export
Now by default configuration is exported in compact mode.
To make full config export verbose parameter should be used:
/export verbose file=myConfig