Essential facts of MikroTik RouterOS (1)
Introduction of MikroTik RouterOS
RouterOS
MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware.
It can also be installed on a PC and will turn it into a router with all the necessary features – routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server, and more.RouterOS is a stand-alone operating system based on the Linux v2.6 kernel, and our goal here at MikroTik is to provide all these features with a quick and simple installation and an easy-to-use interface. You can try RouterOS today, go to www.mikrotik.com and download the installation CD image. So The free trial provides all of the features with no limitations.
In the following pages, you will find examples of some of the most important RouterOS features.
The most important RouterOS features
- Hardware
- Configuration
- Firewall
- Routing
- Forwarding
- MPLS
- VPN
Hardware
routers support multi-core and multi-CPU computers (SMP). You can run it on the latest and greatest Intel motherboards and use the newest multicore CPUs. RouterOS supports installation on IDE, SATA and USB storage devices, this includes HDDs, CF and SD cards, SDD disks, and more. You need at least 64MB of space to install RouterOS, which will format your partition and become the default operating system of the device it’s in. Of course, RouterOS has a multitude of supported network interfaces, including the latest 10 Gigabit ethernet cards, 802.11a/b/g/n wireless cards, and 3G modems.
Configuration
RouterOS supports various methods of configuration – local access with keyboard and monitor, serial console with a terminal application, Telnet and secure SSH access over networks, a custom GUI configuration tool called Winbox, a simple Web-based configuration interface, and an API programming interface for building your own control application. In case there is no local access, and there is a problem with IP level communications, RouterOS also supports a MAC level-based connection with the custom-made Mac-Telnet and Winbox tools.RouterOS features a powerful, yet easy-to-learn command-line configuration interface with integrated scripting capabilities.
• Winbox GUI over IP and MAC
• CLI with Telnet, SSH, Local console, and Serial console
• API for programming your own tools
• Web interface
New in RouterOS v4 is the Lua scripting language, which opens up a multitude of approaches in the automation and programming of your router.
Firewall
The firewall implements packet filtering and thereby provides security functions, that are used to manage data flow to, from, and through the router. Along with the Network Address Translation, it serves for preventing unauthorized access to directly attached networks and the router itself as well as a filter for outgoing traffic.RouterOS features a stateful firewall, which means that it performs stateful packet inspection and keeps track of the state of network connections traveling across it.
It also supports Source and Destination NAT (Network Address Translation), NAT helpers for popular applications, and UPnP.The Firewall provides features to make use of internal connection, routing and packet marks. It can filter by IP address, address range, port, port range, IP protocol, DSCP, and other parameters, also supports Static and Dynamic Address Lists, and can match packets by pattern in their content, specified in Regular Expressions, called Layer7 matching.
The RouterOS Firewall facility also supports IPv6.
Routing
So RouterOS supports a multitude of routing protocols.
• For IPv4 it supports RIP v1 and v2, OSPF v2, BGP v4.
• For IPv6 it supports RIPng, OSPFv3, and BGP.
RouterOS also supports Virtual Routing and Forwarding (VRF), Policy-based routing, Interface-based routing, and ECMP routing.
You can use the Firewall filter to mark specific connections with Routing marks. And then make the marked traffic use a different ISP.
Now with MPLS support added to RouterOS, VRF is also introduced. Virtual Routing and Forwarding is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time.
Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. VRF also increases network security. Also, It is often used in, but not limited to MPLS networks.
Forwarding
RouterOS supports Layer2 forwarding – including Bridging, Mesh, and WDS. WDS allows creating of custom wireless coverage using multiple APs what is impossible to do only with one AP (indoor, railroad installations)WDS allows packets to pass from one AP to another, just as if the APS were ports on a wired Ethernet switch to optimize WDS performance on large scale networks Mikrotik has designed special layer-2 forwarding interface type – Mesh.
(R)STP eliminates the possibility for the same MAC addresses to be seen on multiple bridge ports by disabling secondary ports to that MAC address. So This helps avoid loops and improves network reliability. MikroTik also offers an alternative to RSTP – HWMP+ HWMP+ is a MikroTik specific Layer-2 routing protocol for wireless mesh networks.
The HWMP+ protocol is an improvement of the Hybrid Wireless Mesh Protocol (HWMP) from IEEE 802.11s
draft standard.
MPLS
So MPLS stands for Multiprotocol Label Switching. It can be used to replace IP routing – packet forwarding decision is no longer based on fields in IP header and routing table, but on labels that are attached to the packet.
This approach speeds up the forwarding process because next-hop lookup becomes very simple to compare to routing lookup. In Addition, The efficiency of the forwarding process is the main benefit of MPLS.MPLS makes it easy to create “virtual links” between nodes on the network, regardless of the protocol of their encapsulated data
It is a highly scalable, protocol agnostic, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol.
Some of the supported MPLS features:
• Static Label bindings for IPv4
• Label Distribution Protocol for IPv4
• RSVP Traffic Engineering tunnels
• VPLS MP-BGP based autodiscovery and signaling
• MP-BGP based MPLS IP VPN
VPN
To establish secure connections over open networks or the Internet, or connect remote locations with encrypting links, RouterOS supports various VPN methods and tunnel protocols:
• IPsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols
• Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP)
• Advanced PPP features (MLPPP, BCP)
• Simple tunnels (IPIP, EoIP)
• 6to4 tunnel support (IPv6 over IPv4 network)
• VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support
• MPLS based VPNs
This means that you can securely interconnect banking networks, use your workplace resources while traveling, connect to your home local network, or increase the security of your wireless backbone link. You can even interconnect two branch office networks and they would be able to use each other’s resources as if the computers would be in the same location – all secure and encrypted. RouterOS also provides severalMikroTik proprietary functions that are not found elsewhere, for example, EoIP which is an Ethernet tunnel between two routers on top of an IP connection.
The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet traffic will be bridged just as if there were a physical Ethernet interface. And Also cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible, for example, the possibility to bridge LANs over the Internet.