Sunday, 18 January 2015

MikroTik RouterOS™ Application Examples

                          MikroTik RouterOS™ Application Examples

Routing

Policy Routing

MikroTik RouterOS supports policy based routing. Routing can be performed based on:
  • Several routing tables are maintained
  • Each routing table has its own static and default routes
  • Selection of routing table to be used is based on several criteria:
  • - Source/destination address
  • - Protocol, port
  • - Interface
View PDF documentation
IP Routes Manual
Routing Protocols

Routing protocols enable information exchange about routing between routers and eases the network administration. Following routing protocols are supported by MikroTik RouterOS:

  • RIP v1 and v2
  • OSPF
  • BGP
RIP Manual
OSPF Manual
BGP Manual

Load Balancing

Load Balancing

Load balancing is implemented as equal cost multipath routing. With load balancing two or more gateways can be specified for the same destination. That applies to the default one as well. Equal cost multipath routes can be created by routing protocols (RIP or OSPF), or by adding a static route with multiple gateways. The routing protocols may create routes with equal cost automatically, if the cost of the interfaces is adjusted properly.

  • A new gateway is chosen for each new connection
  • Single connection packets do not get reordered
  • Load balancing does not provide failover
IP Routes Manual

Tunnels and VPN

PPTP (Point to Point Tunnel Protocol)

PPTP (Point to Point Tunnel Protocol) supports encrypted tunnels over IP. The MikroTik RouterOS implementation includes support for PPTP client and server. General applications of PPTP tunnels

  • For secure router-to-router tunnels over the Internet
  • To link (bridge) local Intranets or LANs (when EoIP is also used)
  • For mobile or remote clients to remotely access an Intranet/LAN of a company (see PPTP setup for Windows for more information)
PPTP Manual
EoIP (Ethernet over IP)
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
EoIP Manual
IPSec (IP Security)
IPsec (IP Security) supports secure (encrypted) communications over IP networks.
IPSec Manual

Bridging

Interface Bridging

MikroTik RouerOS supports MAC level bridging of Ethernet packets. Ethernet, Ethernet over IP (EoIP), Prism, Atheros and RadioLAN interfaces are supported. The Bridge Interfaces can also be Firewalled.

  • Spanning Tree Protocol (STP)
  • Multiple bridge interfaces
  • Bridge associations on a per interface basis
  • Protocol can be selected to be forwarded or discarded
  • MAC address table can be monitored in real time
  • IP address assignment for router access
  • Bridge interfaces can be firewalled
Bridge Manual
Transparent Bridging of Remote LANs

Remote LANs can be transparently bridged over secure VPN connections by means of Ethernet over IP tunnels and Ethernet bridge. One MikroTik Router is required per one remote LAN. The Routers should be able to communicate with each other over public network. Secure VPN tunnels are established between them. EoIP tunnels are run over these VPN connections with bridging between EoIP and LAN interfaces.

  • VPN, EoIP, and Bridge features are included in the Base License
  • PPTP, L2TP, or IPsec can be used for secure VPNs
EoIP Manual

Bandwidth Management

Queuing / Bandwidth Management

MikroTik RouterOS supports Class Based Queuing (CBQ) for bandwidth limitation. It is possible to limit just one IP or MAC address, or whole subnet. Queuing can be performed based on:

  • Source/destination address
  • Protocol, port
  • Many other parameters
Bandwidth management Manual
Bandwith Limiting on PPP Connections

PPP connections and HotSpot can be set for certain bandwidth. Following connections can have bandwidth limiting in MikroTik RouterOS:

  • PPP
  • PPPoE
  • PPPTP
General Settings for User Authentication and Accounting
HotSpot Manual

Cache

Web Proxy

The MikroTik RouterOS has the squid proxy server implementation. The web proxy can be used as transparent and normal web proxy at the same time. In transparent mode it is possible to use it as standard web proxy, too. Proxy server features:

  • Regular http proxy
  • Transparent proxy. Can be transparent and regular at the same time
  • Access list by source, destination, URL and requested method
  • Cache access list (specifies which objects to cache, and which not)
  • Direct Access List (specifies which resources should be accessed directly, and which - through an another proxy server)
  • Logging facility
Web-Proxy Manual
DNS Cache

DNS cache is used to minimize DNS requests to an external DNS server as well as to minimize DNS resolution time. This is a simple recursive DNS server with local items. When the DNS cache is enabled, the MikroTik router responds to DNS TCP and UDP requests on port 53.

  • can be set as a primary DNS server for any DNS-compliant clients
  • Static DNS entries can be added to the DNS cache
DNS Client and Cache Manual

Router and Network Administration

Remote Router Administration

MikroTik RouterOS supports remote access via Telnet and GUI. Files and software packages can be uploaded/downloaded using ftp. The WinBox GUI allows easy real-time router management and monitoring.
  • Telnet, ftp
  • MAC telnet lets you connect from router to router without need to use TCP/IP layer
  • SSH for secure shell connection to and from router
  • Router Upgrading using ftp to transfer software packages to the router
Basic Setup Guide
Network Administration

Mikrotik RouterOS provides vide variety of network administration and monitoring tools. It allows you to easily find out bottlenecks in your system, track down users clogging up your bandwidth, detects intrusion attempts, etc. Following tools by provided with MikroTik RouterOS:
  • Ping, traceroute are standart and most commonly used tools
  • Bandwidth Tester lets you determine the actual throughput between two MikroTik Routers or your Windows computer and MikroTik Router
  • Torch is brand new tool introduced by MikroTik to monitor in real-time connections going through the router
  • Sniffer catches all the data travelling over the network
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)