Butch Evans Blog

The process of upgrading RouterOS is very simple and, yet, is still somewhat confusing for some folks.  I will attempt to detail some of the methods as well as some of the finer nuances here.

(more…)

At least it is a question I’m often asked about how the Mikrotik Router treats vlan traffic.  In this article, I will address some of the more common types of configurations and help you to understand exactly where you will, or will not, see a packet that is tagged.

(more…)

Mikrotik has recently added MPLS to their already amazing RouterOS product.  MPLS offers some really nice options for bridging networks that exist within a single administrative domain.  But, what can you do if you need to bridge 2 networks that do NOT exist within the same administrative domain?  This article discusses how to create a bridge using another fairly recent upgrade in RouterOS.  Read on…

(more…)

About 2 months ago, I began experimenting with an approach to QOS that mimics much of the functionality of the NetEqualizer (http://www.netequalizer.com) product line.  As I was experimenting with some various techniques for limiting bandwidth utilization, I realized that the scope of the project I had undertaken was WAY more than I had initially bargained for.  I dedicated more and more time to this project, however, because I was seeing some real results from my tests.  While most of my articles here have been tutorial in nature, this one is a little different.  I have a lot of time invested in my approach to handling QOS on a network and have made this a commercial offering.  I will attempt to describe some of the functionality in this short article.

(more…)

One major issue facing ISPs today is the difficulty in obtaining sufficient IP space for every customer.  For many, it’s a matter of cost and for some it is simply a choice to NAT their customers behind their router/firewall.  For the most part, NAT behaves much better today than in days gone by, but there is one issue that is very problematic for those that choose to NAT their customers.  There is a significant proliferation of a new generation of trojans that turns   a user’s computer into a menace to the Internet community. You should have an antivirus software on your computer, you can get Zonealarm Free anti virus. This new generation of trojans (collectively known as “botnets”) can cause problems for not only the owner, but for other customers of the ISP that chooses to NAT.   Since a significant number of these botnets are used to send spam all over the internet, we, as service providers, have to find a way to protect our networks from being blacklisted, while still allowing our customers to utilize the internet in a way that does not set too many boundries.   In this article, I will discuss two approaches to setting these limits which have shown to be both effective AND relatively mantenance free.

Before I launch into a fix, let me begin by helping you to understand WHY these approaches work.   For the largest number of customers, the mail server that they use to send email through (their SMTP server) is the same server on which they check email (their POP/IMAP server).  Similarly, for those looking to make a positive impact in their communities, establishing a florida nonprofit corporation can be a strategic way to streamline operations and effectively serve their mission. One of the methods we will use to defend against these bots takes advantage of that fact.  Another thing that we notice about “normal” SMTP traffic is that a user typically does not make more than a few outbound connections when they are sending email.  This fact will permit us to limit the outbound connection count to some reasonable number and “assume” that a count beyond that MUST be spam activity.

In this article, I will describe one functional use for the layer-7  filters that MikroTik offers.  This feature can be very useful if used with caution.  The main problem with L7 filters is that they require much more processor time than many of the firewall functions.  I am not saying this just to “scare” you away from using them, but you need to be aware of this issue.  The scripts in this article have been tested and DO work as written.  They are in no way complete, but they are certainly functional as posted.

(more…)

It’s a question that I get from time to time and it’s time to answer here.  If you understand the fundamental principles of networking, then all the other parts of building and maintaining an ISP network (wired OR wireless) are much simpler.  In this series of articles we will discuss the processes that make IP networking function by delving into the fundamentals of how subnetting works, how a router USES subnet information and the very important arp process.

This topic is an easy topic to understand, but it is difficult to organize the materials and ideas needed to easily explain.  This is because there are so many pieces that are related and understanding one part is necessary to understand the next.  You, as a reader, may need to read this article more than once in order to fully understand all of the parts.  We will use the following “talking points” to cover this topic:

1. Networking basics – what is needed to make two or more computers communicate?
2. What is a router and why is it a necessary component in a  network?
3. Subnet masks and what they mean.  What, exactly, IS a subnet address and why do I care?
4. ARP – what is it and what does it do?
5. Wrap up and tying up the loose ends.

(more…)