While there are existing ways (SNMP/SMS) to run scripts on RouterOS via external means, I’ve been meaning to show off a system I built based around Telegram Messenger – as it’s a relatively common one, and has a flexible API for interfacing with.
I began this with the older MikroTik 4096 character variable limit in mind, intending to process 1 or 2 messages at a time, but found half way through that this no longer applies (yay) – so as many as 100 messages or more could be pulled down at the same time and churned through the processing script.
Because we’re running this based around a single-threaded processing script it’s not going to be the fastest implementation, but I’m hoping this is a good start for anyone looking to expand on the functions I’ve added here.
Recently I was doing some work for a hotel that supplies a ‘Smart TV’ device with Netflix and other functions in every room. These rooms are in turn all connected to a hotspot network and the TV’s all needed to be given internet access.
As this was (as sometimes occurs) an unexpected addition to the known requirements of the installation, it fell to me to come up with a way to add these – preferably without having to have someone walk around manually collect details for 300+ TV’s.
During my day job we use some MikroTik CHR deployments for (among other things) VPN session termination. The CHR’s are easy to spin up, offer a wide variety of VPN types, and for low traffic sessions can support upwards of 10,000 sessions on a single device.
In the event of an outage though, you would run into a problem – those 10,000 sessions all want to re-establish at once.. and the CPU on the MikroTik quickly bottlenecks until it becomes unable to cope and begins to drop connections quickly becoming a vicious cycle.
We initially dealt with this by defining a hard limit on the number of new sessions per second, using 2 simple firewall rules and the connection limit classifier to keep these under 10 per second – however this meant that after an outage it would take at absolute minimum, over 15 minutes for all the sessions to come back online! So we came up with a better solution. Continue reading Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting→
Today I’m giving you the task of reviewing and improving a small script I’ve written, and one of you will win a free Level 4 RouterOS licence.
Background: I had need of a script to find the interfaces associated with any default routes in order to create matching firewall entries, and it had to work with RouterOS v6.
This script searches through any default route (dst-address=0.0.0.0/0) and adds it to an array so long as the interface can’t already be found in the array. I don’t often use arrays in MikroTik so the first version has a search function that doesn’t loop through the array, but instead just converts it to a string again to run the find command (Line 8)