You are on page 1of 63

Augmenting Multiple
Routerboard for port expansion
by using VLAN

Internet in the Philippines
• According to ASEAN DNA study/survey; Internet in the Philippine
has an average speed of 3.6mbps
• Fiber is not widely available even in the big cities
• DSL is the most widely used medium of connectivity
and it has a maximum top speed of 10mbps in areas
where DSLAM has a better copper wires and a good
contention ratio per user.
• Both DSL, LTE and Fiber are capped somewhere between 2-10GB a
day.
• Fiber connection is very expensive even for an
8mbps (almost 75 USD per month)
• Simply we have poor internet infrastructure.

but to use multiple DSL. • Internet Café Operators without access to high speed fiber line • WiSP and mini ISPs (Databytes Computer Services) • Even individuals who simply want hundreds of mbps.  .Who can benefit from this topic? • Organizations who requires high download capacity but no any other means of getting a fast internet connection (as such the fiber connection). especially in provinces where fiber connection is non-existent.

IP address etc. DSL + LTE + Fiber . Does it have fail-over. 2. • Internet Café Operators • WiSP and mini ISPs • Even individuals who simply want hundreds of mbps.  Top 6 Most common questions about the router’s functionalities 1. How many WAN it can support Can it do load balance. 4.Who can benefit from this topic? • Organizations who requires high download capacity but no any other means of getting a fast internet connection (as such the fiber connection). 6.e. except to use multiple DSL. DNS. 3. Can it separate browsing and gaming (policy routing) Can it block keywords. 5. Mixed source of connection and ISP i.

Case Study: Internet Café with more than a thousand terminals .

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) .

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain. .

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain. • Firewall / mangle rules must be identical to all routers to maintain uniformity. .

• Firewall / mangle rules must be identical to all routers to maintain uniformity.Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain. • Multiple gateways .

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain. • Firewall / mangle rules must be identical to all routers to maintain uniformity. • Multiple gateways • Under utilized bandwidth .

• Firewall / mangle rules must be identical to all routers to maintain uniformity. • Multiple gateways • Under utilized bandwidth .Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain.

Tasks .

Tasks • Consolidate all DSL into one router. .

• All firewall/filter/mangle rules must be in one place only for easy operation and uniformity.Tasks • Consolidate all DSL into one router. • To have a single point of operation. .

Tasks • Consolidate all DSL into one router. Single Gateway only . • Lastly. • All firewall/filter/mangle rules must be in one place only for easy operation and uniformity. • Utilized and optimize the use of all available bandwidth from all sources. • To have a single point of operation.

.

. o Very costly.Typical Deployment  3 Routers  3 Subnet segments  Single gateway o Individual filter/ mangle rules per device o No single point of operation o Difficult to maintain o Fail-over issues.

• 2 Routers o No single point of operation. o Difficult to maintain. o Fail-over issues. • 2 Segments o Computers must be grouped together and each group must go to a specific gateway. • 2 gateways o Under utilized internet connection. if one group is not at peak usage. the bandwidth cannot be utilized by the other groups. .Another typical deployment o Individual filter/mangle rules per device. o Costly.

What we want o Single point of operation • Single router •Single Subnet segment (all filter/mangle rules stored in one device only) o Fully utilized bandwidth o Easy to maintain o Full control of each DSL Line o Many Fail-over lines. o Cost Effective. .

.

But… can it handle the task?..23 WANS can be done with Routerboard CRS model. .

.23 WANS can be done with Routerboard CRS model.  In a multi-wan setup. Output and Forward chains to properly forward the packets to the right interface. each WAN must have at least 3 basic mangle rules for Input. packets that comes in from a particular interface must go-out on the same interface) . (i.e. But… can it handle the task?.

such as conn/packet marking for bandwidth management purposes or policy routing. . But… can it handle the task?.23 WANS can be done with Routerboard CRS model. Output and Forward chains to properly forward the packets to the right interface. packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already . excluding mangle rules for other purposes. (i.  In a multi-wan setup. each WAN must have at least 3 basic mangle rules for Input.e..

excluding mangle rules for other purposes. each WAN must have at least 3 basic mangle rules for Input.  Possibly. (i. such as conn/packet marking for bandwidth management purposes or policy routing. packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already . But… can it handle the task?.  In a multi-wan setup. Output and Forward chains to properly forward the packets to the right interface.. .e. a hundreds of filter rules and Layer 7 matching.23 WANS can be done with Routerboard CRS model.

(i.23 WANS can be done with Routerboard CRS model. a hundreds of filter rules and Layer 7 matching. each WAN must have at least 3 basic mangle rules for Input.. such as conn/packet marking for bandwidth management purposes or policy routing.  In a multi-wan setup. Output and Forward chains to properly forward the packets to the right interface.) . QoS rules (Queue Tree. Simple Queues. But… can it handle the task?.e. Etc..  Possibly. packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already . excluding mangle rules for other purposes.

packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already .e.23 WANS can be done with Routerboard CRS model. a hundreds of filter rules and Layer 7 matching. Etc.) Why CRS is not viable? .  Possibly. excluding mangle rules for other purposes. (i. But… can it handle the task?. such as conn/packet marking for bandwidth management purposes or policy routing. Simple Queues..  In a multi-wan setup. Output and Forward chains to properly forward the packets to the right interface. QoS rules (Queue Tree. each WAN must have at least 3 basic mangle rules for Input..

Output and Forward chains to properly forward the packets to the right interface.  In a multi-wan setup.. (i. QoS rules (Queue Tree.  Possibly. Etc.e. excluding mangle rules for other purposes.23 WANS can be done with Routerboard CRS model. But… can it handle the task?. each WAN must have at least 3 basic mangle rules for Input. Simple Queues. such as conn/packet marking for bandwidth management purposes or policy routing. a hundreds of filter rules and Layer 7 matching. . packets that left from a particular interface must come back on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already .) Why CRS is not viable? o Low processing power for many WANS (400-600Mhz) o Cannot handle many mangle and filter rules for many WANS o Designed for SOHO..

.Would be nice if we can have this?….

Mikrotik to produce a Multi-core high-end Cloud Core Router with more than 24 ports. Or a CCR model with a provision or an add-on module for port expansion that can be controlled individually just like an ordinary port? It can make our life easier!  .Would be nice if we can have this?….

What is the solution? .How can we have more ports for our wan? Mikrotik doesn’t have any powerful Model with many ports.

Solution is to use VLAN to expand the ports .

VLAN .

VLAN Most people always think • VLAN ports can only be used to join computers from other segments • VLAN are only for client computers .

. IP Printers.  VLAN ports can be used as a routing interface. therefore. such as modems..VLAN Most people always think • VLAN ports can only be used to join computers from other segments • VLAN are only for client computers What we can actually use it for  VLAN ports can be used as an ordinary physical port. treat it as such. etc. (but with some limitations.)  VLAN port can be used to connect other devices. IP camera.  VLAN ports can be used as an DHCP client too.

Solution is to use VLAN to expand the ports • Use a fast RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) .

Solution is to use VLAN to expand the ports • Use a fast RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) • Use a low cost Routerboard to be used for port augmentation such as the CRS125-24G-1S-2HnD-IN .

Solution is to use VLAN to expand the ports • Use a fast RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) • Use a low cost Routerboard to be used for port augmentation such as the CRS125-24G-1S-2HnD-IN •Alternatively. and the most important of all is to use the VLAN function of RouterOS. you can also use any managed switch with VLAN capability. . • Lastly.

Solution is to use VLAN to expand the ports • Use a faster RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) • Use a low cost Routerboard for port augmentation such as the CRS model or the RB2011 series. • It can satisfy our need for a Single Point of Operation. • Alternatively. you can also use any managed switch with VLAN capability. 43 Ports available for our WAN !! . • Use the VLAN function of RouterOS Why CCR Series? • It has Multiple Core Processor • It can handle possibly thousands of Firewall/Filter and Mangle Rules • It can process millions of packets per second.

Actual Deployment .

Configuration .

Things we need... .

 Cloud Core Router CCR1009-8G-1S-1S+ (master) .Things we need...

Things we need...  Cloud Core Router CCR1009-8G-1S-1S+ (master)  RB2011UiAS-2HnD-RM .

Things we need...  Cloud Core Router CCR1009-8G-1S-1S+ (master)  DAC (Direct Attached Cable)  RB2011UiAS-2HnD-RM .

..Things we need.  Cloud Core Router CCR1009-8G-1S-1S+ (master)  RB2011UiAS-2HnD-RM  SFP Module S-85DLC05D  DAC (Direct Attached Cable)  Fiber Patch Cord .

.  Cloud Core Router CCR1009-8G-1S-1S+ (master)  RB2011UiAS-2HnD-RM  SFP Module S-85DLC05D  DAC (Direct Attached Cable) How many port we can use for WAN? 17 Ports available for our WAN  Fiber Patch Cord ..Things we need.

Configuration Guide

• Master

• Slave

1.
2.

1.
2.

3.
4.

Use the SFP as the trunk port
Create a VLAN interface and
bind it to the trunk port
Use the VLAN port as DHCP
client.
Create NAT rules.

3.
4.

Use the SFP as the trunk port
Create a VLAN interface and
bind it to the trunk port
Create a bridge interface
Bridge the VLAN port and the
Physical port.

STEP 1 - Add VLAN interface with unique VLAN ID

STEP 2- Add VLAN interface to DHCP Client to obtain IP address from the ISP/DSL

Add VLAN interface to Firewall/NAT .STEP 3 .

.

.

STEP 1 – Add VLAN Interface with VLAN ID to match the CCR1009 .

STEP 2 – Add a Bridge Interface .

STEP 3 – Bind the VLAN interface with the physical ports by bridging .

VLAN interface and Physical port (visual help) .

Managing Bandwidth .

Standard Load Balancing Implementation .

PCC with per interface shaping with dynamic distribution PCC per interface shaping on asymmetric source .

PCC per interface Shaping with equal load distribution .

.

mikrotik.VLAN Reference: http://wiki.com/wiki/Vlans_on_Mikrotik_environment Thanks to : Louie Datahan of Databyte Computer Sales Andrian Laping of Lhean’s i-Café (CCBoot) .