Any thing should be functional and reliable. This applies both to the ballpoint pen and to large and complex systems in which more than a dozen different components are involved and where the work of the rest depends on the work of one. In most cases, failures are observed in such complex systems, despite the fact that they are built on well-established structural units. Examples opposite to this are quite rare, but the very fact of their presence pleases.
And now let’s ask a question – what would the network administrator like to get from his work? In most cases, this means stable operation of equipment, software and a salary increase. The package also includes general network security, real-time monitoring of processes, ease of configuration and management. Rarely does a technical specialist have comprehensive knowledge in all areas of computer knowledge. Often there is simply no time left to study when the deadlines for the execution of works are running out. Especially for such poor devils, tons of software are being written that promises to make everything beautiful, convenient and safe at one moment. However, his performance often wants the best. Somehow, wandering around the Internet, I managed to stumble upon a curious Mikrotik operating system written by Latvian programmers. The baby takes up only 18 MB in an ISO image and has a wide list of features. I was most interested in the positions of “PPTP server/client” and quality of service management QoS (Quality of Service). With the help of this bundle, it was possible to organize a full-fledged VPN server for issuing an Internet channel with guaranteed bandwidth to its customers. The full list of features of the current version 2.9.10 looks like this.
functions for working with TCP/IP
Firewall and NAT – powerful packet filtering settings (applicable to P2P connections), excellent implementation of SNAT and DNAT, the ability to classify packets by:
– Source MAC address;
– IP addresses (the ability to specify networks);
– port ranges;
– IP protocols;
– protocol options (ICMP types, TCP flags and MSS);
– interfaces;
– internal chains of labeled packages;
– ToS (DSCP);
– by the contents of the packages;
– by the size of packages, etc.;
Routing – static routing, multi-path routing, policy-based routing (combined with firewall), implementation of the following dynamic routing protocols: RIP v1 / v2, OSPF v2, BGP v4.
QoS quality of Service management – the ability to dynamically manage bandwidth. Setting the minimum, maximum and Burst speed for the IP address, protocol, subnet, port, chain marked in the firewall. The ability to choose the type of queue. The following options are available: PCQ, RED, SFQ, FIFO. The implementation is based on the well-known HTB package.
HotSpot features – the construction of plug&play points of collective Internet use based on the built-in HotSpot tools with authentication on the RADIUS server. Creating walled-garden zones, setting the speed, client working hours, etc.
PTP tunnel protocols – PPTP, PPPoE and L2TP with the capabilities of PAP, CHAP, MSCHAPv1 and MSCHAPv2 authorization, RADIUS authentication and access control, MPPE encryption, PPPoE compression, bandwidth management and the use of differentiated firewall rules.
Creating simple tunnels – IP2IP tunnels, EoIP (Ethernet over IP).
Using IPsec – IP security AH and ESP protocols. MODP Diffie-Hellman groups 1,2,5. MD5 and SHA1. DES hashing algorithms, encryption algorithms 3DES, AES-128, AES-192, AES-256. Perfect Forwarding Secrecy (PFS) MODP groups 1,2,5.
Proxy – built-in caching proxy server FTP and HTTP/HTTPS, transparent DNS and HTTP proxying. Implementation of SOCKS, the ability to set ACLs (Access Control Lists), building caching networks using the parent proxy capability;
DHCP is the basic implementation of a DHCP server and a DHCP relay, a DHCP client, the ability to reserve addresses, RADIUS support.
VRRP is an implementation of VRRP.
UPnP – Universal Plug-and-Play support.
NTP – Network Time Protocol (server and client). Synchronization capabilities with the GPS system.
Monitoring/Accounting – real-time IP traffic monitoring. Logging by the firewall action, user actions and the behavior of the system as a whole.
SNMP – access to SNMP functions in read-only mode.
M3P – MikroTik Packet Packer Protocol is a mechanism for compressing traffic and increasing the bandwidth of interfaces in general.
MNDP – MikroTik Neighbor Discovery Protocol. Cisco Discovery Protocol (CDP) support.
Tools – built-in network utilities for monitoring and checking the current state of the network.
functions for working with the second level of OSI
Wireless Networks – Support for wireless clients and IEEE802.11a/b/g access points. Creation of Wireless Distribution System (WDS), virtual access points. Implementation of 40 and 104-bit encryption with WEP and WPA client authentication. The ability to set an ACL. Authorization of clients on the RADIUS server. Support for roaming and Access Point bridges.
Bridge – the ability to create bridges between interfaces with filtering of passing traffic.
VLAN – support for IEEE802.1q Virtual LAN on Ethernet and wireless interfaces, multiple VLANs and VLAN bridge construction.
Synchronous – V.35, V.24, E1/T1, X.21, DS3 (T3), PPP protocols, Cisco HDLC, Frame Relay.
Asynchronous – serial PPP dial-in/dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authorization protocols, RADIUS authorization and accounting. Modem pools up to 128 ports. The ability to create interfaces with a call on demand.
ISDN – ISDN dial-in/dial-out with PAP, CHAP, MSCHAPv1 and MSCHAPv2 authorization protocols.
RADIUS-authorization and access control based on the rules of the RADIUS server.
SDSL – Single-line DSL support.
From the description it becomes clear what this OS can be used for. Its niche is a cheap multifunctional replacement for third-level hardware routers. Of course, the software implementation in most cases is not as reliable as the hardware, but we’ll talk about this a little later. To install RouterOS Mikrotik, the system must meet the following requirements:
CPU and motherboard – processor frequency of 100 MHz and higher. In this case, Intel Pentium 133 or a similar processor with x86 architecture is suitable. It is worth noting that Mikrotik 2.9 does not support multiprocessor systems.
RAM – minimum 32 MB of RAM (maximum 1 GB). 64 MB or higher is recommended.
The storage device is a standard ATA/IDE controller and a media with at least 64 MB of space. Flash memory cards and Microdrive hard drives can be connected using a special adapter.
Agree that it’s a bit unusual to look at the list of features and hardware resources. Such a combination is rarely seen anywhere. It turns out that it is possible to assemble a “candy” on already useless hardware, which will replace the equipment cabinet at the cost of more than a dozen evergreen conventional units.
But let’s move from fables to business and try to install this miracle on the next machine:
Processor: Intel Pentium 166 MMX
Motherboard: Noname on the VT82C Apolo VP1 chipset
Memory: 128 MB Hynix 133
Hard Drive: Maxtor 200 MB
Network card: 3Com on a 3c905 RTL 8029AS chip (Rev.0)
As you can see, some equipment has been in active operation for more than 10 years. For the test, one old PCI network card was taken on a Realtek RTL8029 chip and one relatively new one on a 3Com 3c509 chip. The price of the whole box was < $50. Let’s see what can be squeezed out of it and whether the system requirements stated by the manufacturer will be able to meet the needs of a large network with almost two hundred computers.