MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. But it can also be installed on a PC and will turn it into a router with all the necessary features. It has a huge feature set including Routing, Firewall, Bandwidth Management, Wireless Access Point, Backhaul Link, Hotspot Gateway, MPLS, VPLS, VPN , QOS and much more. It is a Linux v2.6 kernel base OS.
Configuration
RouterOS supports various methods of configuration – local access with keyboard and monitor, serial console with a terminal application, Telnet and secure SSH access over networks, a custom GUI configuration tool called Winbox, a simple Web based configuration interface and an API programming interface for building your own control application. In case there is no local access, and there is a problem with IP level communications, RouterOS also supports a MAC level based connection with the custom made Mac-Telnet and Winbox tools.
RouterOS features a powerful, yet easy to learn command- line configuration interface with integrated scripting capabilities.
- Winbox GUI over IP and MAC
- CLI with Telnet, SSH, Local console and Serial console
- API for programming your own tools
- Web interface
Firewal
The firewall implements packet filtering and thereby provides security functions, that are used to manage data flow to, from and through the router. Along with the Network Address Translation it serves for preventing unauthorized access to directly attached networks and the router itself as well as a filter for outgoing traffic. RouterOS features a stateful firewall, which means that it performs stateful packet inspection and keeps track of the state of network connections traveling across it.
It also supports Source and Destionation NAT (Network Address Translation), NAT helpers for popular applications and UPnP. The Firewall provides features to make use of internal connection, routing and packet marks. It can filter by IP address, address range, port, port range, IP protocol, DSCP and other parameters, also supports Static and Dynamic Address Lists, and can match packets by pattern in their content, specified in Regular Expressions, called Layer7 matching. The RouterOS Firewall facility also supports IPv6.
Routing
RouterOS supports a multitude of routing protocols:
- For IPv4 it supports RIP v1 and v2, OSPF v2, BGP v4.
- For IPv6 it supports RIPng, OSPFv3 and BGP.
RouterOS also supports Virtual Routing and Forwarding (VRF), Policy based routing, Interface based routing and ECMP routing. You can use the Firewall filter to mark specific connections with Routing marks, and then make the marked traffic use a different ISP.
Now with MPLS support added to RouterOS, VRF is also introduced. Virtual Routing and Forwarding is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. VRF also increases network security. It is often used in, but not limited to MPLS networks.
Forwading
RouterOS supports Layer2 forwarding – including Bridging, Mesh and WDS. WDS allows to create custom wireless coverage using multiple APs what is impossible to do only with one AP (indoor, railroad installations) WDS allows packets to pass from one AP to another, just as if the APs were ports on a wired Ethernet switch
To optimize WDS performance on large scale networks Mikrotik has designed special layer-2 forwarding interface type – Mesh. (R)STP eliminates the possibility for the same MAC addresses to be seen on multiple bridge ports by disabling secondary ports to that MAC address. This helps avoid loops and improves network reliability.
MikroTik also offers an alternative to RSTP – HWMP+HWMP+ is a MikroTik specific Layer-2 routing protocol for wireless mesh networks.The HWMP+ protocol is an improvement of the Hybrid Wireless Mesh Protocol (HWMP) from IEEE 802.11s draft standard.
MPLS
MPLS stands for MultiProtocol Label Switching. It can be used to replace IP routing – packet forwarding decision is no longer based on fields in IP header and routing table, but on labels that are attached to packet. This approach speeds up forwarding process because next hop lookup becomes very simple compared to routing lookup.
Efficency of forwarding process is the main benefit of MPLS. MPLS makes it easy to create “virtual links” between nodes on the network, regardless of the protocol of their encapsulated data.
It is a highly scalable, protocol agnostic, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol. Some of the supported MPLS features:
- Static Label bindings for IPv4
- Label Distribution protocol for IPv4
- RSVP Traffic Engineering tunnels
- VPLS MP-BGP based autodiscovery and signaling
- MP-BGP based MPLS IP VPN
VPN
To establish secure connections over open networks or the Internet, or connect remote locations with encrypted links, RouterOS supports various VPN methods and tunnel protocols:
- Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols
- Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP)
- Advanced PPP features (MLPPP, BCP)
- Simple tunnels (IPIP, EoIP)
- 6to4 tunnel support (IPv6 over IPv4 network)
- VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support
- MPLS based VPNs
This means that you can securely interconnect banking networks, use your workplace resources while travelling, connect to your home local network, or increase security of your wireless backbone link. You can even interconnect two branch office networks and they would be able to use each other’s resources, as if the computers would be in the same location – all secure and encrypted.
RouterOS also provides several MikroTik proprietary functions that are not found elsewhere, for example EoIP which is a Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet traffic will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible, for example the possibility to bridge LANs over the Internet.
Wireless
A variety of Wireless technologies are suppored in RouterOS, the most basic of them being the wireless access point and client. If it’s a small hotspot network in your home, or a city wide mesh network, RouterOS will help you in all situations. Some of the features supported by RouterOS:
IEEE802.11a/b/g/n wireless client and access point
Nstreme and Nstreme2 proprietary protocols
- Client polling
- RTS/CTS
- Wireless Distribution System (WDS)
- Virtual AP
- WEP, WPA, WPA2 encryption
- Access control list
- Wireless client roaming
- WMM
- HWMP+ Wireless MESH protocol
- MME wireless routing protocol
RouterOS also features the NStreme proprietary wireless protocol that allows to extend the connection range and speed, when using MikroTik routers at each end. This has helped to achieve the current non-amplified wifi link length world record in Italy. Also supported is NSteme dual which allows to use two antennas at each end, one for receiving and one for sending.
Hotspot
The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections. The user will be presented a login screen when first opening his web browser. Once a login and password is provided, the user will be allowed internet access.
This is ideal for hotel, school, airport, internet cafe or any other public place where administration doesn’t have control over the user computer. No software installatin or network configuration is needed, hotspot will direct any connection request to the login form.
Extensive user management is possible by making different user profiles, each of which can allow certain uptime, upload and download speed limitation, transfer amount limitation and more.
Hotspot also supports authentication against standard RADIUS servers and MikroTik’s own User Manager which will give you a centralized management of all users in your networks.
- Plug-n-Play access to the Network
- Authentication of local Network Clients
- User Accounting
- RADIUS support for Authentication and Accounting
- Configurable bypass for non-interactive devices
- Walled garden for browsing exceptions
- Trial user and Advertisement modes
Quality of Service (QoS)
Bandwidth Control is a set of mechanisms that control data rate allocation, delay variability, timely delivery, and delivery reliability.
Quality of Service (QoS) means that the router can prioritize and shape network traffic. Some features of MikroTik RouterOS traffic control mechanism are listed below:
- limit data rate for certain IP adresses, subnets, protocols, ports, and other parameters
- limit peer-to-peer traffic
- prioritize some packet flows over others
- use queue bursts for faster web browsing
- apply queues on fixed time intervals
- share available traffic among users equally, or depending on the load of the channel
RouterOS supports Hierarchical Token Bucket (HTB) QoS system with CIR, MIR, burst and priority support, and provides both advanced queuing, and also an easy solution for basic QoS implementation – Simple queues.
PCQ was introduced to optimize massive QoS systems, where most of the queues are exactly the same for different sub-streams. For example a sub-stream can be download or upload for one particular client (IP) or connection to server.
PCQ algorithm is very simple – at first it uses selected classifiers to distinguish one sub-stream from another, then applies individual FIFO queue size and limitation on every sub-stream, then groups all sub- streams together and applies global FIFO queue size and limitation.
Web Proxy
RouterOS features a MikroTik custom made proxy server for caching web resources, and speeding up customer browsing by delivering them cached file copies at local network speed. MikroTik RouterOS implements the following proxy server features:
- Regular HTTP proxy
- Transparent proxy
- Access list by source, destination, URL and requested method (HTTP firewall)
- Cache access list to specify which objects to cache, and which not.
- Direct Access List to specify which resources should be accessed directly, and which – through another proxy server
- Logging facility
- SOCKS proxy support
- Parent proxy support
- Cache storage on external drives
RouterOS can also act as a Transparent Caching server, with no configuration required in the customer PC. RouterOS will take
all HTTP requests and redirect them to the local proxy service. This process will be entirely transparent to the user, and the only difference to them will be the increased browsing speed.
Tools
To help administrating your network, RouterOS also provides a large number of small network tools to optimize your everyday tasks. Here are some of them:
- Ping, traceroute
- Bandwidth test, ping flood
- Packet sniffer, torch
- Telnet, SSH
- E-mail and SMS send tools
- Automated script execution tools
- CALEA data mirroring
- File Fetch tool
- Active connection table
- NTP Client and Server
- TFTP server
- Dynamic DNS updater
- VRRP redundancy support
- SNMP for providing graphs and stats
- RADIUS client and server (User Manager)
The Dude
The Dude network monitor is an application by MikroTik which can dramatically improve the way you manage your network environment. It will automatically scan all devices within specified subnets, draw and layout a map of your networks, monitor services of your devices and alert you in case some service has problems.
Not only can you monitor your RouterOS devices, you can monitor any device that is accessible by Ping or provides SNMP information. You are able to make traffic and availibility graphs, outage reports, and even use the Dude as a Syslog server for your RouterOS device log files.
The Dude can also manage your RouterOS device configurations, and automate their software upgrades and mass configure them.
Best of all – The Dude is free of charge
Download PDF (What is MikroTik RouterOS)
INFORMATION TECHNOLOGY BLOGS BY TECHYBOY 
You must be logged in to post a comment.