Hiya Volker. Before going too much further , too make this a subject on track with the group, I can tell you that a Mikrotik has a customised Linux machine under the hood. ;-)
I replaced the PfSense box only because I wanted a low power Ipv6 device that could handle Gigabit Ethernet and did not want to spend too much. You CAN download the software and run it on a PC which would give you immense power (KVM, etc). I wanted low power AND Gigabit Ethernet. The unit, while VERY powerful, is more than a little unintuitive to use at times however. Yes, even (and I would even go so far to say especially) in the Doze interface! I generally use ssh to do things (the only thing you HAVE to use the Windows util for is changing the default switch port grouping arrangement to setup bonding or to arrange more standalone interfaces, for instance as you will have no access to the unit if you want to change the port you are connected too). How powerful? You name it, this little thing can probably do it (up to the limit of it's memory tables). The firewalling on this then is basically Iptables (and all interface rules use that mindset of In, Out and Forwarding). All the usual firewalling and NAT options but I am really digging playing with Layer 7 rules. ;-) It's probably easier to say what this little box DOESN'T do but I'll make a start.... Interfaces on my one (http://routerboard.com/RB751G-2HnD) are 5 Gigabit ports on a single internal Switch that also supports Port-mirroring. ANY of the ports can be configured in switch or standalone (bride or routing) variations. Has a 30dbi/1Watt (yes, you read that right) b/g/n radio. 13Watts Power usage. Runs Consumer POE on Ether1 only (8-30V). 64Mb Ram with a 400MHz Atheros CPU. I have set up bonded interfaces on the LAN side (simple once you told it not to internally switch on those ports - yes you can select which ports you want at "wirespeed" and which are standalone ports). The LAN switch I connected it with does not support LACP properly so I used Etherchannel. It's happy with both. Under the bonded interface I have multiple VLANs (you can have up to 4096). Using VDSL (whch ROCKS despite me being at the limit of connectivity) I have a VLAN on the WAN side too. This is a true IPv4 and IPv6 capable router. It supports tunnelling and native modes on all interfaces and supports both stateless autoconfig and DHCP6 as both client and server. Speaking of routing you can choose any of BGP, OSPF, OSPFv3, RIP, MME (Mikrotik Mesh Made Easy protocol) , MPLS, LDP, BGP VPLS, L3VPN (virtual Routing and forwarding). VPN capabilities include EoIP, GRE, IPIP tunnels with PPPoE, PPTP, L2TP, SSTP, OpenVPN, PPP (BCP) MLPPP and IPsec. Queuing is handled by HTB and PCQ with Bursting support. Works well as I run an Elastix VM at home for VoIP. Wireless setup is reasonably simple but provides a LOT of customisation if you want to do that. You can set the unit up as a wireless hotspot with a few simple commands. (Not what I bought it for). Sniffers and snoopers are all built in. You can do Wireless bridging and there is support for WMM (Wireless priority tagging) via mangle or DSCP. Netflow (1,5,9) and SNMP (1,2,3) support are standard. APC Ups support and monitoring is built in. You can attach a GPS to the USB port and monitor location via ssh. There is an API and a full scripting language based on LUA. I wrote a simple script (which runs via cron on the unit) to check for specific urls my boy might look at (youtube during homework time) and then adds a firewall rule to block his IP for a certain amount of time. Trivial script but have not had time to really play with the unit and put something in that would merit being used live. :-) Carp as used in Pfsense is handled by the VRPP protocol in Mikrotiks however this is an active/passive arrangement and Mikrotiks are not recommended to be setup as the owner router. Possibly the only area this unit has some areas to work on...(Besides general intuitiveness improvements). I have not played with it as much as I would like too (especially with the scripting to play with detecting DOS's, etc) but what I have played with, really rocks. I know of some fairly big business' who use these for their functionality and use MPLS to gain redundancy. Cheers, Brat. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Volker Kuhlmann Sent: Tuesday, 6 November 2012 8:30 p.m. To: Canterbury Linux Users Group Subject: [Linux-users] Mikrotik devices Hi Brett, Sorry I forgot to reply. On Mon 29 Oct 2012 09:08:31 NZDT +1300, Brett Davidson wrote: > Hi Volker - looked at Mikrotiks at all? I'm having a lot of fun > playing with one at home. Heard the name before but never had a closer look at it. Their main management tools are doze-based - are you pulling my leg? But I (and maybe others) would be very interested in your in-depth review of what you have been playing with. Is that as a replacement for pfsense, or just the wireless part? TIA, Volker -- Volker Kuhlmann http://volker.dnsalias.net/ Please do not CC list postings to me. _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
