Archive for the 'Mikrotik' Category

QOS Implementation details with RouterOS

Monday, November 23rd, 2009

About 2 months ago, I began experimenting with an approach to QOS that mimics much of the functionality of the NetEqualizer (http://www.netequalizer.com) product line.  As I was experimenting with some various techniques for limiting bandwidth utilization, I realized that the scope of the project I had undertaken was WAY more than I had initially bargained for.  I dedicated more and more time to this project, however, because I was seeing some real results from my tests.  While most of my articles here have been tutorial in nature, this one is a little different.  I have a lot of time invested in my approach to handling QOS on a network and have made this a commercial offering.  I will attempt to describe some of the functionality in this short article.

(more…)

Creating a “travel” router

Thursday, November 19th, 2009

When I travel, and it seems like that happens WAY to much, I like to carry a MikroTik Router with me.   I use this router to simplify many of the problems I encounter with various “free” wifi spots in hotels. I might not exactly be making money, like this Traxplorio | Make Money Traveling blog professes to be possible, but I certainly am not losing any on internet connection.   In this article, I will describe how my “travel” router is configured.

First, I’ll explain some of the options and types of hardware you can use to build a router suitable for travel.  In most hotels, you will have available 2.4GHz wifi access.  The access speeds will, of course, vary in different hotels, but there are a couple of things you can do to improve the chances of getting a good strong signal as well as increase the odds of having at least usable access in the worst of hotels.  At a minimum, you will need a router with 2 wireless cards.  One of these will be configured as a client device that will connect to the strongest “visible” access point.  The second card will be configured for your use as an AP inside your hotel room.  I use a RouterBoard 433 for my travel router (you can find one HERE).  I use 2 of the R52 radio cards (available HERE).  Add an indoor case, the right pigtails and you’re all but done.  For me, I like the option of using a larger directional antenna (small 13dBi antenna is what I carry) in case the hotel I pick has really bad RF coverage (or if the hotel across the street has better internet access).  Because of this, my “client” radio has an N-Female bulkhead pigtail.  I keep an adapter handy to convert that to SMA, so that I can connect my smaller range extender antenna if that is enough antenna.

(more…)

Mikrotik’s True Full Duplex Wireless – NStreme Dual

Sunday, April 19th, 2009

There are numerous full duplex options available on the market today when you go looking for wireless devices.  Most of these devices will cost in the multiple thousands of dollars.  With NStreme Dual, Mikrotik’s proprietary FDX protocol, you can build a true full duplex link for under $1000.  This article is a tutorial walkthrough on configuring an NStreme Dual link, along with some helpful hints on how to tweak it.

(more…)

Spam trojan detection with Mikrotik RouterOS

Sunday, December 14th, 2008

One major issue facing ISPs today is the difficulty in obtaining sufficient IP space for every customer.  For many, it’s a matter of cost and for some it is simply a choice to NAT their customers behind their router/firewall.  For the most part, NAT behaves much better today than in days gone by, but there is one issue that is very problematic for those that choose to NAT their customers.  There is a significant proliferation of a new generation of trojans that turns   a user’s computer into a menace to the Internet community. You should have an antivirus software on your computer, you can get Zonealarm Free anti virus. This new generation of trojans (collectively known as “botnets”) can cause problems for not only the owner, but for other customers of the ISP that chooses to NAT.   Since a significant number of these botnets are used to send spam all over the internet, we, as service providers, have to find a way to protect our networks from being blacklisted, while still allowing our customers to utilize the internet in a way that does not set too many boundries.   In this article, I will discuss two approaches to setting these limits which have shown to be both effective AND relatively mantenance free.

Before I launch into a fix, let me begin by helping you to understand WHY these approaches work.   For the largest number of customers, the mail server that they use to send email through (their SMTP server) is the same server on which they check email (their POP/IMAP server).  Similarly, for those looking to make a positive impact in their communities, establishing a florida nonprofit corporation can be a strategic way to streamline operations and effectively serve their mission. One of the methods we will use to defend against these bots takes advantage of that fact.  Another thing that we notice about “normal” SMTP traffic is that a user typically does not make more than a few outbound connections when they are sending email.  This fact will permit us to limit the outbound connection count to some reasonable number and “assume” that a count beyond that MUST be spam activity.

(more…)

Using the layer 7 filters – instant messaging example

Sunday, December 14th, 2008

In this article, I will describe one functional use for the layer-7  filters that MikroTik offers.  This feature can be very useful if used with caution.  The main problem with L7 filters is that they require much more processor time than many of the firewall functions.  I am not saying this just to “scare” you away from using them, but you need to be aware of this issue.  The scripts in this article have been tested and DO work as written.  They are in no way complete, but they are certainly functional as posted.

(more…)

Using OSPF to create full duplex behaviour for wireless links

Thursday, October 23rd, 2008

One reality that all WISPs face is that all radio communications are half-duplex.  When one end of a link is “speaking”, the other end must be “listening”.  For many applications, this is sufficient for our purpose.  When a link becomes busy, however, some types of communications are negatively impacted by the delays caused by this behaviour.  Mikrotik RouterOS offers some options to help you alleviate this congestion without breaking the bank. In this article, I will discuss the details for how to configure Mikrotik RouterOS and OSPF to provide a simulated full-duplex link with the added benefit of failover to half-duplex in the event of a single link failure.

This idea is taken from an article I wrote on my main website back in November of 2006.

(more…)

Training classes scheduled ONLINE

Friday, October 17th, 2008

I recently announced 2 new training courses that I will be offering online.  Details can be found at the registration pages linked below.  You can view ALL currently available courses HERE

The first course is a WISP Basics course.  This course is a discussion of IP basics and an RF Primer.  The IP Basics portion is a detailed look at network fundamentals.  This course is perfect for those that are new to the WISP business or anyone who wishes to learn more about how data flows over an IP network, including wired and wireless networks.  There is a lot of detail in this course and it is possible that it will extend to about 2.5 days.  Registration for this course is HERE

The second course is our Mikrotik Standard training course adapted for use online.  The online course is not exactly the same as our live training, however, it is similar in many ways.  The content of the course is mostly the same, however, the labs are rewritten to accomodate an online environment.  This is a 4 day training and is a detailed look at most of the features in RouterOS.  Registration and more information is HERE.

Because the training is online, there is no need to make travel arrangements.  Online training offers you the ability to have multiple employees trained for the price of one.  Online training offers you the ability to learn from the comfort of your own office space.  The training we are offering is of the highest quality and should not be confused with other training offers currently in the marketplace.  We offer:
* The most mature (over 4 years in development) training material
* An expert in networking as trainer (not just Mikrotik)
* An experienced trainer (I’ve been teaching in one form or another since 1998)
* An experienced ISP with the expertise to adapt materials to the WISP network

You don’t have to spend HUNDREDS of dollars more in order to get quality training.  You don’t have to spend MONTHS learning this material.  If you’ve ever considered attending a live training, but have been waiting for one to be “near you”, then this is your chance to see what it’s all about.  Registration information is available for both courses HERE.  Seating is limited and the special discounts won’t last long, so don’t hesitate.

What opportunities does Mobile IP offer WISPs?

Tuesday, September 23rd, 2008

In my recent article regarding the implementation of a MIP solution with Mikrotik RouterOS clients, I described some of the issues surrounding the a MIP solution as well as some of the solutions.  This article generated quite a bit of response and I wanted to take the time to now offer some business ideas for how this can be useful to WISPs.

(more…)

Mobile IP? Some thoughts on how to make it happen with Mikrotik RouterOS.

Thursday, September 18th, 2008

It seems to be “all the rage”.  Mobile IP.  In reality, mobile IP, describes the ability for a user to move across a network without having to renumber his devices.  This definition holds true even if a user moves from one network to another.  In other words, a user is able to keep his IP address without regard to where his device exists on the internet.  That’s not exactly what I’m gonna describe here, but it is a very close approximation.

The solution you are about to read is real and tested….names (and IPs) may be changed to protect the innocent…

(more…)