Butch Evans Blog

In this article, I will describe one functional use for the layer-7  filters that MikroTik offers.  This feature can be very useful if used with caution.  The main problem with L7 filters is that they require much more processor time than many of the firewall functions.  I am not saying this just to “scare” you away from using them, but you need to be aware of this issue.  The scripts in this article have been tested and DO work as written.  They are in no way complete, but they are certainly functional as posted.

(more…)

One reality that all WISPs face is that all radio communications are half-duplex.  When one end of a link is “speaking”, the other end must be “listening”.  For many applications, this is sufficient for our purpose.  When a link becomes busy, however, some types of communications are negatively impacted by the delays caused by this behaviour.  Mikrotik RouterOS offers some options to help you alleviate this congestion without breaking the bank. In this article, I will discuss the details for how to configure Mikrotik RouterOS and OSPF to provide a simulated full-duplex link with the added benefit of failover to half-duplex in the event of a single link failure.

This idea is taken from an article I wrote on my main website back in November of 2006.

(more…)

I recently announced 2 new training courses that I will be offering online.  Details can be found at the registration pages linked below.  You can view ALL currently available courses HERE

The first course is a WISP Basics course.  This course is a discussion of IP basics and an RF Primer.  The IP Basics portion is a detailed look at network fundamentals.  This course is perfect for those that are new to the WISP business or anyone who wishes to learn more about how data flows over an IP network, including wired and wireless networks.  There is a lot of detail in this course and it is possible that it will extend to about 2.5 days.  Registration for this course is HERE

The second course is our Mikrotik Standard training course adapted for use online.  The online course is not exactly the same as our live training, however, it is similar in many ways.  The content of the course is mostly the same, however, the labs are rewritten to accomodate an online environment.  This is a 4 day training and is a detailed look at most of the features in RouterOS.  Registration and more information is HERE.

Because the training is online, there is no need to make travel arrangements.  Online training offers you the ability to have multiple employees trained for the price of one.  Online training offers you the ability to learn from the comfort of your own office space.  The training we are offering is of the highest quality and should not be confused with other training offers currently in the marketplace.  We offer:
* The most mature (over 4 years in development) training material
* An expert in networking as trainer (not just Mikrotik)
* An experienced trainer (I’ve been teaching in one form or another since 1998)
* An experienced ISP with the expertise to adapt materials to the WISP network

You don’t have to spend HUNDREDS of dollars more in order to get quality training.  You don’t have to spend MONTHS learning this material.  If you’ve ever considered attending a live training, but have been waiting for one to be “near you”, then this is your chance to see what it’s all about.  Registration information is available for both courses HERE.  Seating is limited and the special discounts won’t last long, so don’t hesitate.

In my recent article regarding the implementation of a MIP solution with Mikrotik RouterOS clients, I described some of the issues surrounding the a MIP solution as well as some of the solutions.  This article generated quite a bit of response and I wanted to take the time to now offer some business ideas for how this can be useful to WISPs.

(more…)

It seems to be “all the rage”.  Mobile IP.  In reality, mobile IP, describes the ability for a user to move across a network without having to renumber his devices.  This definition holds true even if a user moves from one network to another.  In other words, a user is able to keep his IP address without regard to where his device exists on the internet.  That’s not exactly what I’m gonna describe here, but it is a very close approximation.

The solution you are about to read is real and tested….names (and IPs) may be changed to protect the innocent…

(more…)

In this article, I want to describe how to tunnel EoIP over a PPtP connection.  EoIP is a Mikrotik specific method of bridging ethernet traffic over a routed network.  The problem with using EoIP as a “VPN”, is that it is not encrypted.  The network we will build in this article will tunnel the EoIP traffic over an encrypted PPtP tunnel.  There are other methods available in later versions of Mikrotik RouterOS to accomplish this functionality (OpenVPN, for one example) and I will be adding articles on some of these at a later time.  the method described in this article will work in any version of Mikrotik RouterOS.  It has been tested under 2.8.28, 2.9.51 and 3.13.

(more…)

In “normal” routing, you have a set of routes that tell the router about how to reach certain networks.  Policy routing is a way to do the same thing, but have different “paths” or routes for various types of traffic.  In this article, we will explore the requirements for setting up policy routing and explain some of the concepts involved.

(more…)

This article is just a script that you can cut and paste (with small changes) to your router. It will set up the necessary stuff to automate backups.  The script is commented well and the parts that you need to customize are highlighted, so that you know what has to be adjusted.  This is based on a script posted on Mikrotik’s website, updated to work in 2.9.x and 3.x.
(more…)

As many of you know, it was recently discovered that the DNS protocol has a serious flaw. I don’t have a lot to add to the conversations of some serious experts, but I wanted to post a link to some of the tools that I have found that will help you know if you are at risk.

Dan Kaminsky, a security researcher, recently discovered the flaw.  While I am never one to preach “doom and gloom”, this is a really serious bug that WILL gain traction among the hackers.  There is already proof of concept code available that shows how to attack this flaw, so don’t hesitate to fix it.  DoxPara Research is where you will find the best information about the flaw.  Also at Dan’s website (DoxPara), is a tool that will test your DNS server to see if it is vulnerable.  YOU SHOULD TEST THIS NOW! Don’t hesitate and do it later.  NOW! (Please)

Also, ICANN has released a tool that will test the DNS server that is providing DNS services for your domain.  More information on the exploit and it’s implications can be found on ICANN’s website.  Their tool is here.  Again, this is very important to the security of not only YOUR website, but, also, to the security of anyone who visits your website.  DON’T DELAY!  DO IT NOW!