Daily Archives: February 1, 2020

TSR-The Server Room – Shownotes – Episode 11

Mikrotik & RouterOS

Mikrotik is a Latvian based company founded in 1996 to develop routers and wireless ISP systems. In 1997 they created RouterOS software which is now the software running on RouterBoard Mikrotik’s own in house brand introduced in 2002.

You can install RouterOS on an x86 platform such as Your computer or a hardware appliance similar to the ones introduced in Episode 10 when We discussed pFsense firewall. All of the hardware appliance recommendations made there are valid and compatible for Mikrotik’s RouterOS as well.

Just like pFsense Mikrotik’s RouterOS can be used and tested out in GNS3 and they also have a Cloud Hosted Router version on their website for virtualized environments such as VmWare ESXI , Virtualbox , KVM, etc.

Just for the sake of completeness Mikrotik’s Switches run the SwitchOS operating system also made in house by Mikrotik but it has no x86 variant available to download so You can not DIY your own switch with it unfortunatelly.

All their mentioned Software are based on Linux platform as to my knowledge.

Router Vs Firewall – Mikrotik RouterOS Vs pFsense

Difference between the Router and a Firewall:

To try to use the simplest explanation ::

router is designed to route data packets from one interface to another.to take it from one subnet to another

firewall inspects the data packets and adds filtering and blocking of data packets it literally Allows or Denys packets to go from interface to interface or subnet to subnet or Point A to Point B but in general normally it does not care about making the packet get to its destination or how it gets to its destination.

Are there distributions/appliances/hw to be both a firewall and a router 2in1 – Yes
Do I particularly like to use 2in1 or ManyIn1 appliances or HWs – NO
* i explain further down why*

Now many of You might be wondering… We discussed briefly about Firewalls and one of the available FreeBSD based firewall distribution called pFsense in the previous Episode ( Episode 10) which is indeed a firewall / router so why do I care about Mikrotik RouterOS now?

Actually these two products are more similar than different meaning that they can both do pretty much the same as the other one as far as I digged myself into them. Note that Im not certified in the case of Mikrotik ( yes they have their own certificate paths) nor received any official training from pFsense(Netgate) I can only say what I have experienced with both and the knowledge I gathered on my own.

For me as I have seen and how I would use in a setup in my lab environment or in a SMB (Small Business)

I would use 1 appliance to be a dedicated Router with Mikrotik’s RouterOS and also to manage Mikrotik Wireless Clients (Wifi) either purpose built HW or a Whitebox DIY solution with one of the many appliances available and compatible out there

I would use 1 appliance to be dedicated to Firewall Intrusion Prevention Intrusion Detection system with pFsense again on purpose built HW from Netgate or a Whitebox DIY solution.

Could I use 1 box good for all approach either with pFsense or Mikrotik’s RouterOS and achieve the same functionality? Yes I could

However I like a modular system meaning I use dedicated appliance/s for a dedicated task. For example if I can have a separate Firewall and a separate Router appliance I most certainly if budget allows will go to that route.

To bring one example to modular systems approach in my own home I could just use my ISPs provided Router/wifi/switch combo appliance and it would be good enough.

But as good enough is never enough for me and I want the best I can get or afford I am using a separate appliance from Ubiquity for Router a Separate appliance for Wireless AP ( 2x of them being managed by Ubiquity’s Management Software ) and 2x separate Cisco Switches ( one for the Lab and one for the normal network so to say) and a separate router Ubiquity for the lab router.

Now that this is discussed We can talk about Mikrotik’s RouterOS

It is a great software to turn a DIY or Whitebox appliance to a proper and powerful router which can outperform in speed and in features many of its competitors for its price.

Yes it is true.RouterOS is not Free like pFsense were which might be a deal breaker for many of You however if We look at their pricing I think its mid tier license level should be more than enough for even the most hard core IT enthusiast out there

RouterBoard and Mikrotik’s Own HW appliances include the license required in their price

License 4 for 45$ I think its more than enough for nearly everyone out there

Upon installing You have a 24h Trial period to try out everything after which You can either register and stay in License 1 Demo mode or go for any of the below licenses in this table.

This image has an empty alt attribute; its file name is image-1024x627.png

One of the things I find a bit annoying is the license keys from Mikrotik are being generated TO a SW ID which is generated FROM/Based on Your Harddrive ID * or some number of it perhaps the serial number? im just guessing*

The problem with this is:

Licenses are NOT portable from Appliance A to Appliance B (unless You stick the same HDD into them as it seems)

If Your Harddisk is blown or formatted with low level formatting and partitioning software it can affect the ,,generated SW ID ” after a reinstall even on the same Appliance / Hardware and it can render Your license unusable.

You can request a reissue of Your License key for any of the two scenarios mentioned above however It is not free it has a fee of 15$ if i remember correctly.

Mikrotik has great documentation , a certificate path and training courses of their own , it has a very simple webgui * nowhere as cool as pFsense’s * however it has a GUI Software unfortunately only for Windows with which You can configure everything on RouterOS from a GUI if You wish

There is also now an iOS and Android app for configuring Mikrotik devices / RouterOS

The default and prefered method to interact with RouterOS however is from the command line but its easy to get going with the mentioned documentation and a lot more help can be found with a bit of google-ing.

Some features of RouterOS

https://wiki.mikrotik.com/wiki/Manual:RouterOS_features

Powerful command-line configuration interface with integrated scripting capabilities, accessible via local terminal, serial console, telnet and ssh

Android / iOS Client to configure/interact with the device

Open API to create your own configuration and monitoring applications

Configuration export and import in human readable text format

Load Balancing / Multi WAN Support
VRF – Virtual Routing and Forwarding
Dynamic Routing Protocols RIP OSPF BGP
MPLS support and MPLS Based VPN Support
VPNs
QOS
Hotspot / Wireless / RADIUS support for Authentication and Accounting
Proxy Service
TFTP Server ( useful when uploading/downloading from Cisco appliances routers/switches)

Some HW recommendations from Mikrotik website

Normally I shop at https://www.eurodk.com/

Router


https://mikrotik.com/product/rb4011igs_rm

https://mikrotik.com/product/hex_s

Switch

https://mikrotik.com/product/CSS326-24G-2SplusRM


https://mikrotik.com/product/CRS112-8G-4S-IN

3rd Party HW Appliances recommendations

Please look at the Shownotes for Episode 10 as all the recommended Appliances there are compatible with RouterOS also

Contact Information

Telegram Chat Group
https://t.me/tsrpodcast

Episodes in FLAC
https://tsr-podcast.viktormadarasz.com/flac-remastered-episodes

Email
viktormadarasz@sdf.org

VOIP // PSTN
261414@sanjose2.voip.ms
+1 910 665 9191