Pitfalls tuning Mikrotik SXT LTE

Good day, Habr, I’ll try to talk about my acquaintance with such a thing as Mikrotik SXT LTE, the agony of tuning and subsequent bringing to mind.


A little background: I

started my acquaintance with Mikrotik and RouterOS about two years ago, there is a MTCNA certificate, I plan to get MTCRE and MTCWE in the near future. During this time, I never tire of admiring Mikrotik equipment for their functionality. He mainly worked with representatives of the RouterBoard 7xx and 9xx lineup, as their capabilities and capacities have always been enough, until recently.

Recently, the following object appeared - a tank farm with a fairly developed network infrastructure: a local domain, automatic telephone exchange (Asterisk FreePBX), respectively SIP telephony, Wifi bridges, a bunch of network video recorders and specialized automation equipment, managed all this Zyxel ZyWALL USG 20. The bottleneck of all this there was a lack of wired internet, access was provided through LTE, through the Zyxel LTE6100, which works poorly. Periodic “dumps” lte for him was the norm, sometimes only reboot helped restore communication, joy did not add the same “wooden” and weakly responsive Zyxel’s interface.

As a result, after some time and a rather large number of accumulated complaints, it was decided to look for an alternative. My eyes immediately fell on the Mikrotik SXT LTE because:

- 2 in 1, immediately replaced 2 pieces of iron - a router and an lte modem;
- RouterOS and its rich capabilities for the implementation of various Wishlist;

Select firmware:

The arrived piece of hardware carried RoS version 6.36.2, out of habit, I immediately updated it to fresh, at that time, current 6.40. This was my first mistake, which complicated my task, already in place in the "field" conditions. I did not check the LTE working capacity in the workplace in comfortable conditions, so simply there was no SIM card with LTE support at hand. As a result, already at the facility, I was surprised when SXT didn’t want to see the signal from the base station in any way, either on the default or on the empty configuration. I had to hastily roll back to the "boxed" version of RoS, downloading it via mobile Internet. Then it came to the realization that the lte package is not included in the Main package - the RoS suite, and in addition to it, Extra packages must be downloaded.

We load routeros-mipsbe-x.xx and lte-x.xx-mipsbe into the Mikrotik memory (Files tab in the winbox menu):


Next System - Packages and click Downgrade. Mikrotik will ask for permission to reboot to roll back to an older version of RoS, click Yes.


After the rollback, I did not immediately reset the settings to 0, but preferred to check for default. After making sure that the lte interface has risen and connected to the base station, you can return to the empty configuration and continue the configuration.

It is worth making a note that at the moment SXT LTE is working on the latest version of RoS 6.40.1, which I came to gradually, updating to subsequent versions, starting from 6.36 and testing stability, being directly at the facility.

When choosing a configuration, I always choose an empty one - it allows you to configure all the necessary parameters on my own, unlike the default one, which does not always guarantee the device’s performance as intended, and sometimes can lead to certain problems.

Configuring the LTE interface:

First we need to determine the frequency of the LTE frequency band, each operator has its own, Yota has a band 7.

Next, we write in the terminal:

/interface lte set lte1 band=7 network-mode=lte add-default-route=yes use-peer-dns=yes

where:
lte1 - the name of your lte interface
band - frequency band
network-mode - mode
add-default-route works - we add the default route for routing
use-peer-dns - we use the operator’s DNS server

In the best case, Mikrotik picks up all the settings automatically, but I had to configure it manually.

In practice, setting up the Routeroard series to obtain an IP address from the provider, you need to configure Mikrotik as a DHCP client:

/ip dhcp-client add interface=имя_gateway_интерфейса

But when working with SXT LTE, Mikrotik received the IP address and DNS from the provider automatically, without additional manipulations.

Next, check the status of LTE:


presence on the LTE interface IP from the operator in the IP tab - Addresses:


and finally the presence of a default route:


If it’s not there, we add it manually:

/ip route add dst-address=0.0.0.0/0 gateway=lte distance=1

All that remains is to give users access to the Internet:

/ip firewall nat add chain=srcnat action=masquerade out-interface=lte1

This completes the basic setup of the Mikrotik SXT LTE, then we will go to specific tasks and problems that I had to solve by necessity and the fact of occurrence.

More than one subnet:

So the network infrastructure at the facility is quite developed, it had 3 subnets for various purposes:

  • wifi bridges and other network equipment;
  • SIP telephony subnet
  • custom PC subnet.

Because SXT LTE has only one ethernet interface for a long time I thought about how to route between subnets, I even looked in the direction of VLANs. Everything turned out to be simple, it was enough to assign several IP addresses to the interface, which are the gateway for subnet devices: DNS Flood: SXT LTE has a rather weak CPU, which was reminded of me the very next day after installation. The employees complained about the network working poorly, and I, in turn, could not connect remotely to Mikrotik, although winbox did not drop me right away, but tried to login. Arriving at the place, I found the CPU utilization of the processor at 100%. Using the RoS built-in utility Tools - Profile, I found out that the processor is busy processing DNS queries. And I realized one more mistake, forgetting to disable the processing of DNS queries from the outside.

/ip address
add address=10.254.254.1/24 network=10.254.254.0 interface=ether1-main-pool
add address=192.168.21.1/24 network=192.168.21.0 interface=ether1-main-pool
add address=192.168.1.1/24 network=192.168.1.0 interface=ether1-main-pool






/ip dns set allow-remote-requests=no
or with the help of a firewall: CPU Overloaded: Mikrotik does not fix a high load on the processor, so in order to control the high CPU load in the future and solve it, the built-in scripting language helped me: It looks something like this:
/ip firewall raw
add action=add-src-to-address-list address-list="dns flood" address-list-timeout=1d chain=\prerouting dst-port=53 in-interface=lte1 protocol=udp
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=lte1 protocol=udp src-address-list="dns flood"
add action=drop chain=input connection-state=new dst-port=53 in-interface=lte1 protocol=udp
add action=drop chain=input connection-state=new dst-port=53 in-interface=lte1 protocol=tcp






:global cpu1 [/system resource get cpu-load];

if (($cpu1) >= 90) do={:log warning "CPU load = $cpu1 %"} else={}





For convenience, all logs are sent to syslog so as not to fill the flash-memory of Mikrotik and not to lose them when rebooting.

LED indicator

When installing an empty configuration, the settings of the LED indicators of the LTE interface are reset and restored using the following commands: Drop of the LTE interface: Unfortunately, one of the unresolved SXT LTE problems caused by the high traffic load of UDP, which the developers mentioned on the forum :

/system leds
add leds=led1 type=modem-signal interface=lte1 modem-signal-treshold=-91
add leds=led2 type=modem-signal interface=lte1 modem-signal-treshold=-81
add leds=led3 type=modem-signal interface=lte1 modem-signal-treshold=-71
add leds=led4 type=modem-signal interface=lte1 modem-signal-treshold=-61
add leds=led5 type=modem-signal interface=lte1 modem-signal-treshold=-51





Yes, it looks like the specific issue sometimes happens on this particular product, we are looking into it. It looks like other LTE modems and wAP LTE does not have this issue. The problem on SXT LTE takes place under heavy UDP traffic, but we are still investigating.

Caught a couple of times the disappearance of the lte-interface, respectively, the lack of Internet at the facility. But after a couple of minutes, the interface appeared again, so downtime was not critical. While waiting for a new version of RouterOS, which will fix this problem.

That's what I had to deal with, introducing a specific piece of hardware for me, and at the same time learn something new. But Mikrotik is good at that, which provides tools for solving problems that have arisen.

Also popular now: