|
Let's talk about the MikroTik Router Operating System! code:How do you use it? - Download an image and install it on the compact flash card in your favorite Routerboard model or grab the x86 version and throw it on a spare PC. What good is it? - Can't afford Cisco? MikroTik has many of the same capabilities at a fraction of the cost. Want a low-cost wireless networking platform? Add in some wireless cards and the MikroTikOS to get cheap and robust wireless solutions. Do you like Latvians? Dude, this was *written* by Latvians. What does it look like? - You have four ways to interact with a MikroTik: telnet, ssh, Winbox and Webbox. The command-line interface gives you the most control over the unit and there are tasks that are most easily handled by using the command line. Fear not GUI friends, Winbox is there to present nearly all the same commands in a slick graphical layout. The Web interface has been updated and works nearly as well as Winbox. Load up Winbox and enter the IP address (or MAC address) of the MikroTik you want to manage. You can save a ton of profiles here for handling an entire ISP's worth of these devices.  Once you are logged in, you are presented with a windowed interface for working with the unit. I've got the Interfaces window and the IP -> Firewall -> NAT window open. You can see some NAT rules I built to forward ports to computers on my network.  Click on the Terminal option on the left side of Winbox and you are taken to the command-line interface. I've just entered the "interface print" command to show you what a terminal session looks like.  How do I get it? - Go to http://www.mikrotik.com/ and download a demo. Play around, see if you like it. If you get hooked, you can get a RB750 5 port router/switch for $40 from http://www.roc-noc.com/mikrotik/routerboard/rb750.html It lacks a serial interface but is a solid unit for handling all kinds of routing and networking tasks. The RB750G adds gigabit ethernet ports. Resources - The following places are great sources for more information on MikroTiks: http://www.mikrotik.com - Their home site http://wiki.mikrotik.com/wiki/Main_Page - Online documentation. It's pretty comprehensive. http://forum.mikrotik.com/ - Some of the programmers of this project are active forum members. There's a lot of help to be had there for crazy networking problems. The best thread is the Bad Installation thread. http://www.roc-noc.com/ - A place to buy MikroTikOS preinstalled to Routerboards. Okay, but what do you really use it for? - I work for an ISP that over the last seven years has moved to use tons of MikroTik hardware. We route with them, provide hotspots, setup mesh networks, build backbones, setup AP's, setup CPE's, talk to Big Routers on the Internet with BGP and other crazy networking protocols. If we have to do something, Mikrotik is our go-to solution. How the hell do we handle them? A mixture of monitoring systems and TheDude. It's a handy way to track lots of MikroTiks and manage them from a single interface. I bought one for home use because I wanted to have something I was familiar with from work and because a $70 gigabit router that can speak BGP, IPSEC, handle a few thousand packets a second of throughput and all the torrenting you can throw at it without whining or requiring constant reboots was well worth my money. It's a rock solid home router, especially when you add a solid wifi access point (like an Apple Airport Extreme Basestation). Backups - You've put time and effort into your config. You finally have all the little rules built and want to protect your work. What do you do? - Log into your MikroTik via Winbox - Click Files - Click Backup - Drag the backup file to your desktop. You now have all the commands saved to rebuild the router froom scratch. Starting from Scratch - If you want to start with a clean slate, open a terminal window through Winbox or log in through telnet and type: system reset Hit Y to confirm and the unit will flush the old configuration. Want to just reboot the unit? system reboot will accomplish that. Scripting - There is a decent scripting language supported for automating tasks, responding to events and changing settings based on other input. It's handy for updating things like DynDNS entries or whatever. A buddy of mine has a ton of scripts and such built so that when he plugs in his Xbox it auto-queues his roommates down so that he can monopolize the connection. He's an rear end, but an rear end with a low ping. Training - Remit shared this handy link to training videos from MikroTik University. Moving from 3.x to 4.x firmware - To move from the 3.x series of firmware to the 4.x you will need to upgrade your license from the old 7 digit model to the new 8 digit model. Happily, this is super easy. If possible, upgrade your Mikrotik to 3.30 first. Then in Winbox click on System -> License -> Export Key. Save that to your desktop. Now, drop in the 4.17 firmware and reboot to upgrade. After the upgrade, log in with Winbox and you'll be greeted with a message warning that the license file has changed and would you like to upgrade to the new format? The answer is Yes. The widget that updates the MikroTik license uses your desktop to build a connection out to their servers. You *must* be able to connect to the Internet before hitting "Yes". Reboot once more and you're set with the new license. It's a good idea to update the underlying Routerboard firmware as well. Log in and type: "system router upgrade" in a terminal. Hit "y" to accept the upgrade and reboot. Now you can upgrade to the 6.x firmwares in one shot. Remember to upgrade the Routerboard firmware after you install the new RouterOS. Update 10/8/2012: RB433's and other routerboards sometimes fail with swollen caps. There are four on the mainboard that fail so get out your soldering irons and fix your routerboards! I just got an RB433 back into operation with only a few (several) minutes work desoldering and reinstalling new capacitors. These boards are very forgiving for my clumsy soldering technique so don't be afraid to try it out. The worst you can do is make your busted routerboard totally non-bootable. Yee-haw!  Gripes There are quirks to using these machines same as any other. Their DNS implementation is primitive as hell and doesn't let you specify custom responses for various domains. If you have an ISP that hijacks search responses this is a major nuisance. Capacitors blow up on some models of routerboards. This causes your gear out in the field to start rebooting itself or not boot at all. It's obnoxious as hell but can be fixed by ripping off and resoldering new caps. Tedious, but fixable. IPSEC and other heavy CPU activities murder throughput. QoS / Queueing - what do you mean you don't understand hierarchical token buckets and the linux packet filtering table? Are you completely stupid? Ach, don't bother me with your trivial hu-man questions, I must go do many complicated things with reindeer so we can release new best gooder version of MikroTik yet! Read the wiki! (Hint: reading the wiki is confusing as poo poo). This is a feature that Mikrotiks *can* perform but getting them to gracefully prioritize packets and help you deal with scummy, bandwidth-hogging roommates is a huge pain in the rear end. It works but requires dark dark voodoo. RB751 and Wireless - Apple products and regular wifi products sometimes poo poo the bed with RB751's. Their power settings are way out of whack, they have goofy defaults and tweaking this has become a major source of irritation for me. If you have Apple products that support 802.11n set the drat thing to N-only mode and use a WPA2 key with AES. If you have a network of mixed Apple and non-Apple devices then don't bother getting frustrated, get an Apple Airport Extreme Basestation. Update 6/19/2014: Took out the programming guide, the new defaults work fine out of the box. Log in with a web browser and use their quick setup feature to assign an SSID and WPA key to the router, choose your wan settings and get online quickly. It's nice to see some defaults that make this more usable as a home router than before. 6.15 f/w has been released and works well. Update 12/19/2014: Here are some settings that seem to work well for Apple products connecting to the wireless routers like RB951 and RB751: code:code:CuddleChunks fucked around with this message at 20:17 on Dec 19, 2014 |
#
?
Feb 10, 2011 21:28
|
|
|
|
| # ? Jun 9, 2023 09:55 |
|
|
Just how good is their hardware? I've been looking at the RB493G for one location, which claims to be entirely gigabit ports. Will I be able to pull off fully gigabit connections? The locations needs 4-5 uplinks and 2-3 LAN ports (all behind a NAT).
|
|
#
?
Feb 10, 2011 21:39
|
|
|
How does this compare to something like OpenWrt? Is there another open source project that would be more of a direct comparison?
|
|
#
?
Feb 10, 2011 21:43
|
|
|
Derpes Simplex posted:Just how good is their hardware? I've been looking at the RB493G for one location, which claims to be entirely gigabit ports. Will I be able to pull off fully gigabit connections? The locations needs 4-5 uplinks and 2-3 LAN ports (all behind a NAT). I've been running an RB750G (same CPU) for a 50/5 connection with a lot of NAT and shaping rules. Can easily max out the downstream with low CPU usage and I've seen full 100MB/sec transfers over the LAN. The switch ports can either be assigned as a switch (all four ports act like one to the software) or individually - if in switch mode, LAN traffic is handled entirely by the hardware, otherwise it passes through the software which can impact CPU usage on the lower end models. You can certainly do full gigabit routing throughput on a single port, multiple gigabit streams through multiple ports might benefit from a higher end model.
|
|
#
?
Feb 10, 2011 22:17
|
|
|
You say you use this in a ISP-environment, interesting. Hope you don't mind me asking a few questions.  How big is your typical node (port/customer density)? Do you buy the boards prefabricated or do you create your own? How does it work compared to Cisco when it comes to field replaceable parts, redundancy and general uptime? What kind of Cisco platform did you replace?
|
|
#
?
Feb 10, 2011 22:43
|
|
|
How does this compare to an Alix 2D3 or something with PFSense?
|
|
#
?
Feb 10, 2011 23:25
|
|
|
R1CH posted:I've been running an RB750G (same CPU) for a 50/5 connection with a lot of NAT and shaping rules. Can easily max out the downstream with low CPU usage and I've seen full 100MB/sec transfers over the LAN. The switch ports can either be assigned as a switch (all four ports act like one to the software) or individually - if in switch mode, LAN traffic is handled entirely by the hardware, otherwise it passes through the software which can impact CPU usage on the lower end models. You can certainly do full gigabit routing throughput on a single port, multiple gigabit streams through multiple ports might benefit from a higher end model. Sounds nice! There typically won't be multiple streams, but being able to burst gigabit and not kill the rest of the network at the same time is extremely compelling.
|
|
#
?
Feb 10, 2011 23:29
|
|
|
nex posted:How big is your typical node (port/customer density)? Do you buy the boards prefabricated or do you create your own? nex posted:How does it work compared to Cisco when it comes to field replaceable parts, redundancy and general uptime? Cisco CPE's don't have any field replaceable parts that I'm aware of. I only have interacted with their Aironet series (350's, 1200's, 1300's) but they are all-in-one units and if they stop working you don't have any mechanism to repair them. The mikrotiks are more like a kit that you assemble into a single CPE. nex posted:What kind of Cisco platform did you replace? BlackMK4 posted:How does this compare to an Alix 2D3 or something with PFSense? An example may be helpful. When I fire up my RB750 I am presented with 5 ethernet ports. One of which I renamed to etherWAN to make sure I could tell it apart in programming. If I want to set up a network on port 2 (port 1 is the WAN) then I would need to do the following: - Define a set of IP addresses to use for my DHCP server - Add a gateway address to my IP addresses to use for the server - Setup NAT - Setup a DHCP server - Setup a default route (unless I'm using pppoe to get that) That's a lot of clicking and fiddling. Like a Cisco, you impose order on a blank canvas of hardware. The default install comes with a ton of this setup but I like to work with the blank install. I started to type up the commands needed but unless you really want that level of detail I'll skip that part. If you want to add a port forward then it's usually easiest to go this site: http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP and modify their command line. The command interpreter is *really* nice. It color codes commands, has tab completion and a nice parser so you only have to type partial commands. This: interface wireless registration print Becomes: int wir reg pr I've heard pfSense has add-on modules and such and that's probably where you'd see the Mikrotiks start to fall short. They can forward traffic to a box for further processing but don't contain those modules themselves. Unlike a project like ClearOS that bundles a ton of packages and can add more, MikroTikOS is more of a standalone networking platform. For example it will interface with a web proxy but doesn't do that onboard.
|
|
#
?
Feb 11, 2011 00:40
|
|
|
I've been screwing around in Winbox for the last three hours juggling three different PPTP clients with my 750G, partying it up on thursday night as usual. It's a rock solid router and I'm trying to convince my boss to start deploying these to clients. NOTinuyasha fucked around with this message at 20:09 on Feb 11, 2011 |
|
#
?
Feb 11, 2011 01:02
|
|
|
Also looks like they will be releasing a 750G with wireless built in soon as a sort of more advanced home AP. Should be pretty awesome once it comes out.
|
|
#
?
Feb 11, 2011 01:04
|
|
|
One incredibly annoying oversight / issue with the MT software is UPnP support. While it works great for opening incoming ports, the dynamic NAT entries it creates don't time out. So if your device or program doesn't remove them properly when it's done, or your system reboots / powers off / etc, you'll end up filling up your NAT table with garbage entries. This can manifest in just a couple of months depending on how much RAM your device has, how many UPnP enabled programs / devices you use and how many ports they decide to open. You can remove them manually or just simply reboot it, but it's still pretty annoying.
|
|
#
?
Feb 11, 2011 01:23
|
|
|
I had never heard of Mikrotik until recently, but currently work with a firm that is providing "ISP" service to their building (fully bgp routed) and using these in some client production environment. It is cheap as hell and pretty powerful though something about the way the GUI is oriented is...kinda backwards.
|
|
#
?
Feb 11, 2011 01:25
|
|
|
They have had issues in the past with their hardware having bad caps. If you bought a 450 in 2009, it will likely die in 1yr or thereabouts which can be annoying for those that deploy them in remote locations. http://forum.mikrotik.com/viewtopic.php?f=3&t=39091 As for the software, I have found it to be very stable, aside from various bugs/features that don't work properly, but they can be worked around and eventually get fixed. All and all, a very good value for the price.
|
|
#
?
Feb 11, 2011 03:08
|
|
|
I've been playing and learning on mine for a while now. It's capable of a lot of poo poo. It may have been cuddle chunks who first told me and lead me in the right direction of what was loving up as I tried to configure PPPoE.
|
|
#
?
Feb 11, 2011 03:31
|
|
|
Does the RB750G support UPnP? How would one put together some kind of wireless access with one of these? Would you have to also purchase this to do that? It seems like it has a pretty steep learning curve with WinBox compared to some of the typical consumer routers out there.
|
|
#
?
Feb 11, 2011 05:29
|
|
|
Nubile Cactus posted:Also looks like they will be releasing a 750G with wireless built in soon as a sort of more advanced home AP. Should be pretty awesome once it comes out. Where did you see this? I'm definitely not a professional but like to try messing with networking gear. I'll probably get a 750G just to start messing around with when I can but I am curious if it's possible to create a consumer-type gateway/router/switch. One with a GigE wan port and 4 GigE ports for the switch but I would also want dual radios for wireless. What would I be looking at to do this with the routerboards? Also, how does upgrading the OS work?
|
|
#
?
Feb 11, 2011 05:32
|
|
|
COCKMOUTH.GIF posted:Does the RB750G support UPnP? How would one put together some kind of wireless access with one of these? Would you have to also purchase this to do that? It seems like it has a pretty steep learning curve with WinBox compared to some of the typical consumer routers out there. Basically yeah for now. . . Post below mentions some of what is to come out, with more end user grade routerboards with wireless built in. Thats basically what I've got going on. Range is loving sick on it as well. HangOverDeMayo posted:Where did you see this? You can kit out your own routerboard with wireless radios for a chunk more change (still rather cheap). Honestly most people I know just get a base routerboard, and maybe the 750g switch if they want to keep AP's on separate vlans. It's less of a pain than kitting out one single unit. Upgrading is rather simple. http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS#Using_Winbox
|
|
#
?
Feb 11, 2011 06:04
|
|
|
I figured it would be easier to just piece it together than create a single board for right now. And I guess I was questioning more the licensing than the actual process of upgrading.
|
|
#
?
Feb 11, 2011 06:52
|
|
|
Wireless with routerboards can get kind of expensive as the consumer models like the RB750G don't have mPCI slots, so you need a better board, custom case, radio card, antennas, etc. Personally I just use a standard AP in AP mode (no routing etc) hooked into the MT device. It helps that I have a high quality AP, but you can pick up something like the Ubiquiti PowerAP pretty cheap and get a nice AP to hook into your network. Obviously if you want more complicated things like wireless client segregation, per-client shaping, 802.1x, etc you'll want your wireless clients hanging directly off an wireless card from the MT board.
|
|
#
?
Feb 11, 2011 07:04
|
|
|
R1CH posted:Wireless with routerboards can get kind of expensive as the consumer models like the RB750G don't have mPCI slots, so you need a better board, custom case, radio card, antennas, etc. Personally I just use a standard AP in AP mode (no routing etc) hooked into the MT device. It helps that I have a high quality AP, but you can pick up something like the Ubiquiti PowerAP pretty cheap and get a nice AP to hook into your network. Yeah I wouldn't be looking into anything that extensive. I'm just thinking of a cheap, MikroTik solution in my head that would provide a wireless AP and a routing solution in a two story house. Is the Ubiquiti radio a decent solution for that or does it seem like overkill for a house? I've never played with either product but I'm guessing you'd have to disable any routing on the Ubiquiti (if it even does any routing) and just make it pass-through to the MikroTik.
|
|
#
?
Feb 11, 2011 16:29
|
|
|
NOTinuyasha posted:I've been screwing around in Winbox for the last three hours juggling three different PPTP clients with my 750G, parting it up on thursday night as usual.  I laughed at my buddy who keeps tanking his mikrotik as he tries to develop more and more complicated scripts but it's fun. The fact that it auto-responds to something plugging into one of the ethernet ports is pretty drat cool. COCKMOUTH.GIF posted:Does the RB750G support UPnP? How would one put together some kind of wireless access with one of these? Would you have to also purchase this to do that? It seems like it has a pretty steep learning curve with WinBox compared to some of the typical consumer routers out there. COCKMOUTH.GIF posted:Yeah I wouldn't be looking into anything that extensive. I'm just thinking of a cheap, MikroTik solution in my head that would provide a wireless AP and a routing solution in a two story house. For ultimate cheapness, $40 RB750 for routing duties and a repurposed Linksys WRT54G running DD-WRT as the wifi AP. Put on a decent antenna on the Linksys and you'll be rocking the house. Sure, it will be a 100Mbps network but those two devices alone will kick a lot of rear end. Note: that's what I have at home.
|
|
#
?
Feb 11, 2011 18:22
|
|
|
HangOverDeMayo posted:Where did you see this? They posted about it back in 09. E-mailed them recently. They said it was in development but they could share no more details.
|
|
#
?
Feb 12, 2011 00:00
|
|
|
Hi CuddleChunks! Thanks for starting this! I also work at an ISP and we've been using them a lot. Mostly for endpoints of a point to point connection or when a customer needs a VPN and such. They're much much cheaper and nicer than ASAs. As far as reliability... we don't have many in the field for an extensive amount of time so it is hard to tell. They're pretty nice though. As far as pfsense -- on x86 hardware pfsense will probably kill this in terms of routing capabilities if you're using a good NIC. My #1 gripe about Mikrotiks is that it's based on Linux. If they put in a bit more time and developed on FreeBSD they'd have a much more solid product with a better network stack and access to OpenBGPD which is MUCH better than the BGP software used here. tl;dr I think you're crazy if you're replacing the core infrastructure of your ISP with Mikrotiks. However, it works great for vpns, firewalls, and endpoints.
|
|
#
?
Feb 12, 2011 02:38
|
|
|
Derpes Simplex posted:Sounds nice! There typically won't be multiple streams, but being able to burst gigabit and not kill the rest of the network at the same time is extremely compelling. Check out http://routerboard.com/pdf/routerboard_performance_tests.pdf The 493G and 450G have the same processor as the 750G, but they also have 256Mb RAM vs only 32Mb RAM in the 750G. I don't think that is the sole reason the 400G's outpace the 750G (it may have to do with the switch chips used), but you may want to look at the 400G series for full gigabit bursting. I also work at an ISP that uses MikroTik pretty extensively (276 RouterOS devices in the Dude, not counting any CPE. I've got a BSD and cisco background, so I was pretty skeptical of the "Latvian Linux Appliance", but it has really grown on me, in a price/performance sense.
|
|
#
?
Feb 12, 2011 03:48
|
|
|
Stupid question
|
|
#
?
Feb 12, 2011 05:06
|
|
|
I have to do some VPNs between Mikrotiks and ASAs soon. We don't have this specific setup in production anywhere yet as we usually do between Mikrotiks. Anyone know if there are any pitfalls I should beware?
|
|
#
?
Feb 12, 2011 23:41
|
|
|
feld posted:I have to do some VPNs between Mikrotiks and ASAs soon. We don't have this specific setup in production anywhere yet as we usually do between Mikrotiks. Anyone know if there are any pitfalls I should beware? Keep an eye on the MTU's involved. You may want to write a static clamping rule for traffic heading over the VPN. Cisco gear loves to sit around 1300 and if you get gear between yourself and the remote end that doesn't properly handle path MTU discovery then it can get really dicey for making your VPN's move traffic. They'll establish but lag out pretty quickly due to packet corruption. A static clamp rule is under the Mangle section of the Firewall and looks generally like: ip firewall mangle add action=change-mss chain=forward comment="" disabled=no dst-address=1.2.3.4 new-mss=1260 protocol=tcp tcp-flags=syn The fun comes in figuring out if you need to tie that to an interface or to an IP or whatever. Whee! I don't remember our admins complaining too much about the IPSEC VPN setup but I'm sure there's something stupid that will rear its head.
|
|
#
?
Feb 13, 2011 00:47
|
|
|
Chiming in as a Mikrotik user at home and work. At home I was able to replace switch, router, wireless access point with a RB493. At work they make great customer premise equipment. In at least one case we're running OSPF, BGP and MPLS VPN and we've never had an issue. BGP is just for MPLS, not full ipv4 routes. Will be experimenting with full routing tables on some RB1100s soon to see how they handle it. Probably faster than some NPE-400s doing full tables.
|
|
#
?
Feb 15, 2011 00:04
|
|
|
CuddleChunks posted:We bought out an ISP and have ditched their oldass Aironet 350's and replaced them with Glorious MikroTiks everywhere that we possibly can. Who'd you guys buy out? Please tell me it was Cactus... Also, as to not be a complete derail, thanks for the guide/thread, Cuddle. I'm eventually going to build a mikrotik at home to brush up on the old skills, so expect me to harass you more than usual.
|
|
#
?
Feb 15, 2011 00:13
|
|
|
CuddleChunks posted:Winbox *does* have a learning curve but I've found that the documentation on their wiki has been very helpful, but I have the distinct advantage of working with these every single day at work. Most official documentation only covers shell configuration. It gets worse if you run a pre-release like v5. You really need background in networking to figure it all out. Basic things come preconfigured (upnp is not one of those things, if I recall).
|
|
#
?
Feb 15, 2011 00:29
|
|
|
CubanRefugee posted:Who'd you guys buy out? Please tell me it was Cactus... NOTinuyasha posted:Most official documentation only covers shell configuration. It gets worse if you run a pre-release like v5. You really need background in networking to figure it all out. Basic things come preconfigured (upnp is not one of those things, if I recall). Friendship (and mikrotik config) is Magic! (but i'm not denying that it looks weird as hell at first. no doubt about that). Would it be helpful to put together some screenshots of common tasks or something? How about a walkthrough on setting up a basic NAT-ed home network with some ports forwarded?
|
|
#
?
Feb 15, 2011 00:42
|
|
|
CuddleChunks posted:Would it be helpful to put together some screenshots of common tasks or something? How about a walkthrough on setting up a basic NAT-ed home network with some ports forwarded? Thispony is most interested in queue trees, the official documentation is awful and I've never gotten it to work right. I'd be delighted to see some example configurations... I can see a raw beginners guide that translates common functions like 'port forwarding' into NAT/firewall entries in Winbox as useful for the thread since that sort of thing looks terribly overwhelming compared to home router UIs.
|
|
#
?
Feb 15, 2011 01:06
|
|
|
NOTinuyasha posted:I can see a raw beginners guide that translates common functions like 'port forwarding' into NAT/firewall entries in Winbox as useful for the thread since that sort of thing looks terribly overwhelming compared to home router UIs. Yeah, even basic port forwarding took me a week or two and a couple beers tweenst a friend working at a WISP all backended with mikrotik to figure out. (I still have a demo port forward in my config labeled as 'get datte port ferwerd i sencha?')
|
|
#
?
Feb 15, 2011 01:19
|
|
|
Hi guys, I need some VRRP help badly  The issue is this: I have two VRRP instances running on each RB1100. One is VRRP-External and the other is VRRP-Internal The problem is that only whole device failover works. If the one that is MASTER for both is running and you unplug the internal interface only the internal interface fails over to the secondary router. This is not good. Effectively what happens is the traffic keeps flowing to a router but now it has no way to get out because it is not master of the VRRP-External. I'm sorely disappointed because I've been spoiled by BSD's CARP which automatically fails everything over if you enable preempt -- this is an extra feature they added apparently. I assume this could be figured out with some script? So far I'm not having any luck figuring out what I need to do it. I've located some scripts but even when I tell them to run the run count doesn't go up... I'm referring to this thread: http://forum.mikrotik.com/viewtopic.php?f=9&t=42545 Thanks to anyone who can help!
|
|
#
?
Feb 15, 2011 20:09
|
|
|
These devices seem like they have an intensive configuration behind them. Honestly that's the one thing holding me back from trying one. That and having to use a separate wireless AP device unless I shell out more money for a Mikrotik that supports a wireless card. The wireless thing doesn't sound too bad though if I just connect a WRT54GL to the Mikrotik for strictly wireless AP access.
|
|
#
?
Feb 17, 2011 04:06
|
|
|
feld posted:Thanks to anyone who can help!
|
|
#
?
Feb 17, 2011 04:10
|
|
|
feld posted:Hi guys, You ain't running no dynamic routing protocol (which should detect the removed cable and announce the lack of connectivity upstream to the external ~cloud~). Static route solution: Add a cable between the 2 routers, add a static route with less precedence to the other router. Repeat for the external interfaces' routes. I assume mikrotik has route precedence (linux kernel does) and that you have a spare port on each router and a spare cable  Even with dynamic routing you may want to run a cable between redundant routers.
|
|
#
?
Feb 17, 2011 14:14
|
|
|
adorai posted:In vyatta you would use a vrrp sync group. Not sure if mikrotik has something similar, but since they are both based on linux I am guessing it does. Negative, it does not have this feature. Sounds like Vyatta did VRRP the right way... karoshi posted:You ain't running no dynamic routing protocol (which should detect the removed cable and announce the lack of connectivity upstream to the external ~cloud~). Even running a dynamic routing protocol on the network would not solve it. I don't think you're considering that I'm using VRRP and no routing protocol can detect that a cable has been removed because of how VRRP works.... karoshi posted:Static route solution: Add a cable between the 2 routers, add a static route with less precedence to the other router. Repeat for the external interfaces' routes. I was actually discussing this with a coworker last night and the only good solution we could come up with is to run a cable between both Mikrotiks and run OSPF. * Cable gets unplugged * Traffic routes to other Mikrotik which is in Backup mode for the uplink side * OSPF routes traffic over to the other Mikrotik which has Master * Off to the internet it goes! This should work fine as long as VRRP plays nice and when you're the Backup it doesn't have the uplink's entries in the routing table. We have yet to test that, though. feld fucked around with this message at 17:43 on Feb 17, 2011 |
|
#
?
Feb 17, 2011 17:35
|
|
|
feld posted:Negative, it does not have this feature. Sounds like Vyatta did VRRP the right way... Router-A injects a connected route into OSPF, so does Router-B. OSPF domain sees two announcements for the client network. Cable is cut, interface goes down, router-A doesn't announce route into OSPF anymore. Router-B is still injecting the connected route into OSPF, the OSPF area still can see an announcement to that route. But client side (I'll assume a DHCP LAN full of PCs) aint't doing dynamic routing, so if the master VRRP loses upstream connectivity, you're hosed, yeah. feld posted:
You don't need OSPF just for the backup solution. Router-A's got a connected route to the client LAN, now add a static route to that network via the crossover cable to R-B and a reciprocating route on B. Packets coming from upstream will reach the clients as long as 1 connection to the LAN stands. This will generate a nice routing loop if both LAN cables are cut, but then who cares? For the other side I'll assume a default route. Add a static route on R-A pointing to R-B with a "distance" higher than 1 (the default distance for static routes) and vice versa. Again, you got yourself a nice routing loop if both upstreams are cut. Grep http://wiki.mikrotik.com/wiki/Manual:IP/Route for "distance": mikrotik posted:Value used in route selection. Routes with smaller distance value are given preference. If value of this property is not set, then the default depends on route protocol: TL,DR: use OSPF, gently caress this poo poo.
|
|
#
?
Feb 18, 2011 00:05
|
|
|
|
| # ? Jun 9, 2023 09:55 |
|
|
NOTinuyasha posted:Thispony is most interested in queue trees, the official documentation is awful and I've never gotten it to work right. I'd be delighted to see some example configurations...  I'll see what I can do. I have ham-handedly helped with putting together some queueing systems and one of my coworkers is working with our other admins on learning some new hotness for queueing that will probably make all of my info obsolete. NOTinuyasha posted:I can see a raw beginners guide that translates common functions like 'port forwarding' into NAT/firewall entries in Winbox as useful for the thread since that sort of thing looks terribly overwhelming compared to home router UIs.
|
|
#
?
Feb 18, 2011 00:39
|
|