routeros

First Impressions with RouterOS

To be honest, I like my routers and switches Cisco flavoured. IOS is a playground I'm very familiar with and it feels right to me. A lot of that is simply because it's what I know. I'm the same with Linux distributions. I learnt the RedHat way first, and it's always stuck with me as being the right way.

Handing over huge wads of cash to Cisco isn't the only way to move packets around a network of course. There's plenty of other players and several bursts of chatter on the SAGE-AU lists refocused my attention on MikroTik.

In the world of networking vendors, MikroTik are doing a great job of making a name for themselves at an interesting place in the market. RouterOS is Linux based, though mostly closed source. Custom hardware, though you can install on x86 as well. Huge feature set, though kinda quirky. Plenty of wired and wireless interfaces. And it's all crazy cheap.

I downloaded the demo iso for x86 RouterOS and loaded it up in a VM. That worked quite well and for the purposes of simply learning RouterOS, a virtual network of RouterOS VMs would probably do the job quite nicely. For me though, I'm just as interested in the RouterBOARD hardware as the OS that runs on it.

Here's what I got from DuxTel (the Australian distributor for MikroTik).

  • 2x RB750GL
  • 2x RB751G-2HnD
  • 4x RB250GS

The rational for the hardware was to have a mix of devices that could be arranged into an interesting variety of lab scenarios.

So far I've only had time to play with one of the routers. I simply wanted to route between two of the interfaces.

P8210052.jpg
P8210052.jpg

The first thing I missed was a simple serial console port. I know some of the higher end RouterBOARD products have one, but I was out of luck on my hardware. All RouterBOARD products seem to ship with a default configuration, including an interface configured to 192.168.88.1. SSH, telnet, http and a custom Windows app called WinBox all provide admin options. While that all seems nice, it's a bit fiddly to have to connect over IP to a device when one of the first things you'll want to do is remove the default configuration (including the IP address you're using to configure it).

P8210051.jpg
P8210051.jpg

The only other way to configure the router is using a RouterOS protocol builtin to WinBox and RouterOS that uses ethernet broadcasts to locate local devices. The idea is to use the L2 protocol to configure an IP address, then switch up to L3 for the rest of the configuration.

To me, that all seems kind of a pain compared to just starting with a blank router and a serial console - especially working in a lab environment where you're constantly resetting all of your devices back to a blank starting point. Of course, the hardware I bought was crazy cheap and I can always pony up more cash for the higher end hardware if it's such a big deal. For most people, most of the time, I don't think it'll matter in the slightest.

Once I had an admin interface on the router, the next annoyance was removing the default configuration. The router was setup to use most of the ports as switch ports and NAT to an internet connection on ethernet1. Really not what I wanted.

system reset-configuration no-defaults was the command I wanted, and going forward this will be the first & last step in the labs I write. With the routers I bought, using WinBox and the ethernet broadcast method for initial configuration looks like the easiest way to get started.

On a related side note, I'm curious about the L2 protocol in use. I'll be firing up Wireshark to see that in action over the wire. Expect more posts on that if it turns up anything interesting.

Once all the existing configuration was gone, putting IP addresses on interfaces was pretty straightforward.

The final hurdle to free flowing pings (not counting the default Windows 8 firewalls I'd forgotten about) was the port I'd plugged my second host into wouldn't come up. The log on the router showed it was flapping about 20 times before giving up and staying down. Some googling found plenty of other people reporting similar problems on the MikroTik forums. On a hunch I swapped out the almost brand new Cat5e cable with a minty fresh out of the pack Cat6 cable I'd just bought. Happy days, the port came up straight away. The weird part is that I had an identical Cat5e cable plugged into the port I was using on the host I was configuring the router with and that was working fine!

It's early days yet, but I think the MikroTik kit will provide for some very interesting setups to experiment with.