Scribd Logo
Upload

Welcome to Scribd!

  • 4 views

    Presentation 2756 1444131005

    Uploaded by

    leonardo333555

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Presentation 2756 1444131005

    Uploaded by

    leonardo333555
    4 views25 pages

    Original Title

    presentation_2756_1444131005

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    4 views25 pages

    Presentation 2756 1444131005

    Uploaded by

    leonardo333555

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 25

    MTRB for Home Lab

    Multi-Purpose Mikrotik Router Board


    for … XaaS …. use
    MikrotiK User Meeting

    first-most MUM
    Yangon, Myanmar

    Myanmar 2015 Oct


    Speaker Brief

    BroNaing – Senior Core Network Engineer, YTP ISP


    Yatanarpon Teleport Public Company Ltd.

    • fresh MTCNA, MTCRE just 2015 Aug; thanks to Phyo & Makito
    • MCITP Server Admin
    • MCSA +Security +Messaging since 2008
    • CCNA, ECSA/CEH, RHCSA, RHCE candidate
    • various Linux, FOSS and NOS user since 2001
    • + familiar with sort of Virtualizations and Hypervisors
    *** end users in any Industry, SOHO, MNC to ISP Core, IXP traffic flow is our concern ***

    Myanmar 2015 Oct


    Speaker Background

    • 15 years in ICT industry, just simple end user actually


    • 7+ years in Service Provider, Solution Design,
    Procurement + Troubleshooting & Support
    • DNS, Mail and other ISP Application Admin
    – Routing, Switching, Firewall, Security Engineer
    – Application Development, SE & QC, Scripting, …
    – Linux, DBMS, FOSS System Deployments
    • WHY server, App, Sec, R&S guy into MikroTik(s) ?

    Myanmar 2015 Oct


    MTRB for Everybody

    • For Home starting with my very first little step into MTRB
    • Everyday SOHO, SME, Enterprise Use Cases
    – Router, Switch Equipment @ effortable budget
    – DHCP, local DNS cache, web proxy, …
    – WiFi HotSpot manager, billing solutions
    – Stateful Firewall, NAT, VPN gateway, …
    – BlackHole, Bogons, attack & route filters
    – SNMP ready, NTP and SysLog, … further analysis

    Myanmar 2015 Oct


    MTRB Day #1 HOWTO
    • grab my first MTik unit, then, START until satisfied
    – RB750G ( no WiFi.. Oops! yet like its HW spec:
    5x 10/100/1000 eth ports, 680MHz CPU MIPS-BE, 32MB RAM, 1x PoE in )
    – http://wiki.mikrotik.com/wiki/Manual:Product_Naming
    • Discovered how user friendly & easy to manage
    – WinBox or web GUI + ssh /telnet, even handhelds
    – login by MAC address, console OR 192.168.88.1
    – got many WINE based clients for Mac OSx
    • my next Mikrotiks… ???
    – VM, next ones with 3G, RB800, 951, CCR, CRS, microSD/SSD caches …
    Myanmar 2015 Oct
    Understanding MTRB Model and Naming
    growing interest on models, features, … (naming convention)
    RB750G
    Series RB 7 ; 5 ports ; G for gigabit port
    <board name> <board features>-<build-in wireless> <wireless card features>-<connector type>
    -<enclosure type>

    RB 95 1 Ui – 2 HnD (widely used here)


    USB port, i = Power injector, n = 802.11n WiFi
    H high performance CPU, A adv in RAM, license
    2 for 2.4GHz wireless, D dual chain antenna
    Ref: http://wiki.mikrotik.com/wiki/Manual:Product_Naming

    Myanmar 2015 Oct


    WinBox

    • Be sure to config with comments for better documentation :P


    http://wiki.mikrotik.com/wiki/Manual:Winbox
    Myanmar 2015 Oct
    http://wiki.mikrotik.com/wiki/Manual:Quickset

    No Joke! RB system with/without wireless wizards may be a bit different.


    Myanmar 2015 Oct
    See! : more QuickSets with hAP Lite

    Enjoying my first hour with MT, as a real dummy user!! Cheers, well done, Mikrotik!
    Myanmar 2015 Oct
    Plan, Plug, Config, Monitor, Tune, …
    • Be sure to config with comments for better
    documentation :P and easy future use

    • Follow usual deployment cycle


    – Use
    – Monitor
    – Modify/tune …..
    – loop that

    • Stay in communities, forums, study from


    MIK Experts’ best and usual practices + samples …

    • Passing my requirements /objectives here,


    my TIK Seniors & experts would present details:

    Myanmar 2015 Oct


    MTRB Home Labs

    • QuickSet Wizard ( really my dummy approach )


    • discovering MNDP/mac, reset to default,…
    • Switch, Router, Bridge, vLANs, … WOOOW!
    – all done with single Router Board OS
    – Full feature without much limitations to series/models
    – Any port can be your WANx, LAN, bridge ports, …
    – Enjoy power of your gateway box by level of license
    – wow… up to BGP, OSPF, RIP, ISIS, MPLS support, + IPv6, …
    – Incredible +++ ;
    highly versatile, cost effective, customizable, extendable, ..

    Myanmar 2015 Oct


    RB750 played at home lab

    • Feel it is like a Linux box,


    better than traditional dummy NAT routers
    at MIK’s same or ½ price 

    • No Wi-Fi with RB750, so, using TP-Link and LinkSys


    DWRT on LAN ports as my Wi-Fi AP 

    • Definitely enjoying power of HotSpot functions and


    customization in RB 750 +++ 

    Myanmar 2015 Oct


    haP Lite played at home lab
    • Easy HotSpot config & built-in Wi-Fi system 
    • Its Wi-Fi usable capcity  , License Level 
    • Yet, enough for my ~25 household gadgets/PC 
    • Can integrate with existing AP and Repeaters wirelessly ???
    ???? ; I always need help on Radio/wireless distribution
    • better than DWRT 
    ------

    • ++ Not needed complex, expensive, power and space


    consuming platforms for Wi-Fi hotspot; no giant
    server, nor external DB/ AD/LDAP/radius needed.
    Home 802.1X/EAP Auth, all simply done by MikrotiK 
    http://www.mikrotik.com/testdocs/ros/3.0/pnp/hotspot.php and Google

    Myanmar 2015 Oct


    x86 VM Mikrotik + PfSense gw Proxy
    • got ADSL; and vPro, 8GB RAM with 250G + 1T HDD
    refurbished operational HP workstation
    – Installed ESXi6 VMWare Hypervisor on it /Existing Infra/
    – Installed Slackware SinkHole DNS resolver VM (1G vRAM)
    – Installed PfSense BSD gateway, Squid 3 and Dansguardian
    (with 300G caching HDD space and 6G vRAM)
    – ** Installed Mikrotik x86 VM appliance with 512M RAM
    • Config the systems, VM and all basic Network, management
    and right data traffic flow for above servers in a DMZ before
    distributing to an external switch and dummy WiFi-AP…
    • *** MT is the Boss/Joker here finishing Home Wi-Fi HotSpot

    Myanmar 2015 Oct


    x86 Mikrotik HotSpot VM+ PfSense gw Proxy

    HotSpot in a Can, powered by VMWare and Mikrotik


    Myanmar 2015 Oct
    x86 Mikrotik HotSpot VM+ PfSense gw Proxy ..

    Added 2 ports PCIE NIC card and config VMnet


    Myanmar 2015 Oct
    x86 Mikrotik HotSpot VM+ PfSense gw Proxy ..

    Configure and Connect VMs in Host


    Myanmar 2015 Oct
    x86 Mikrotik HotSpot VM+ PfSense gw Proxy ..

    PfSense Server with 6G RAM, 3NIC


    Myanmar 2015 Oct
    x86 Mikrotik HotSpot VM+ PfSense gw Proxy ..

    Basic Home HotSpot in a CAN


    Myanmar 2015 Oct
    Home Lab with MT + PfS Proxy + external DNS

    • Production Use for now ; took 4 evenings of config time


    • MT vm take HotSpot role + DHCP for tablets,
    handsets and laptops connected through dummy AP
    • For non http port 80 traffic,
    – esp: CoC, https, torrents forward to ADSL gateway/WAN
    – For port 80, HTTP traffic, it forward to PfSense caching
    ( can get additional web filter and usage reporting here )
    – Port 53, DNS servers assigned during DHCP lease is
    handled by separate SinkHole DNS VMs, which already
    filter my own and world known blacklisted malicious sites.
    – MT hotspot & all servers send syslog to another centralized log server.
    • MT masters HotSpot performance with managed DNS+ Proxy
    Myanmar 2015 Oct
    MTRB for Home Lab

    • This MT HotSpot in a CAN is based on


    resources especially from
    • Example #2,B of Using Caching Server (5 Main
    Idea’s)
    • http://wiki.mikrotik.com/wiki/Examples_for_Use_Caching_Server_%285_
    Main_Idea%E2%80%99s%29

    and
    • http://wiki.mikrotik.com/wiki/Manual:IP/Proxy

    Myanmar 2015 Oct


    MTRB for xxx
    • Further Customizations Labs @home
    – Packet Filtering – Deny garbage traffic, Virus suspect ports, …
    – Content Filtering – Parental Control, porno, ADs, blacklisted CnC sites, …
    – fair use policies – throttle heavy bandwidth users/apps/sessions
    – QoS and control – queues, prioritize live traffic of specific IP/user/
    application demand
    – VPN Server @ overseas and operation management net/test DMZ
    – Backend user Authentication by external Radius/DB [not MT local/built-in]
    – R-Pi based deployments
    – MT models with Bigger storage / caches ; SSD, Micro-SD, ...
    (http://wiki.mikrotik.com/wiki/Proxy_on_RouterBOARD's_external_drive )

    Myanmar 2015 Oct


    MTRB for xxx
    • All other Advanced Topics already DONE by
    our seniors with more of hands-on MikrotiK
    experience & solution Projects
    • my Next Intensions/Labs
    – Tunnels, EoIP,
    – PBR, Policy based Routing
    – Load Balancing & Fail Over, Multi WAN solutions /may be/
    – MPLS TE self study before next CERTs
    with little hands-on PCC, ECMP Load Balancing Scenarios

    Myanmar 2015 Oct


    Useful Links

    • Nomenclature
    http://wiki.mikrotik.com/wiki/Manual:First_time_startup

    • License Levels and our demanded sizing, …


    http://wiki.mikrotik.com/wiki/Manual:License#License_Levels

    • Exams & Certifications @ Training + LABs


    with basic principle and foundation study on Network, IP, …

    • +++

    Myanmar 2015 Oct


    Thanks! and….

    any Questions?
    for suggestions, advices,
    feel free to pass / email to:
    BroNaing@ymail.com

    Myanmar 2015 Oct

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy