Augmenting Multiple
Routerboard for port expansion
by using VLAN

Internet in the Philippines
• According to ASEAN DNA study/survey; Internet in the Philippine
has an average speed of 3.6mbps
• Fiber is not widely available even in the big cities
• DSL is the most widely used medium of connectivity
and it has a maximum top speed of 10mbps in areas
where DSLAM has a better copper wires and a good
contention ratio per user.
• Both DSL, LTE and Fiber are capped somewhere between 2-10GB a
day.
• Fiber connection is very expensive even for an
8mbps (almost 75 USD per month)
• Simply we have poor internet infrastructure.

 .Who can benefit from this topic? • Organizations who requires high download capacity but no any other means of getting a fast internet connection (as such the fiber connection). especially in provinces where fiber connection is non-existent. • Internet Café Operators without access to high speed fiber line • WiSP and mini ISPs (Databytes Computer Services) • Even individuals who simply want hundreds of mbps. but to use multiple DSL.

6. 3. Can it separate browsing and gaming (policy routing) Can it block keywords. 4.e. DSL + LTE + Fiber . 2. How many WAN it can support Can it do load balance. DNS. 5. • Internet Café Operators • WiSP and mini ISPs • Even individuals who simply want hundreds of mbps. IP address etc. Does it have fail-over.Who can benefit from this topic? • Organizations who requires high download capacity but no any other means of getting a fast internet connection (as such the fiber connection). Mixed source of connection and ISP i.  Top 6 Most common questions about the router’s functionalities 1. except to use multiple DSL.

Case Study: Internet Café with more than a thousand terminals .

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) .

.Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain.

. • Firewall / mangle rules must be identical to all routers to maintain uniformity.Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain.

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain. • Multiple gateways . • Firewall / mangle rules must be identical to all routers to maintain uniformity.

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain. • Multiple gateways • Under utilized bandwidth . • Firewall / mangle rules must be identical to all routers to maintain uniformity.

Case Study: Internet Café with more than a thousand terminals Current setup: Balance 1350 router (13 WANS) • 3 routers to maintain. • Multiple gateways • Under utilized bandwidth . • Firewall / mangle rules must be identical to all routers to maintain uniformity.

Tasks .

Tasks • Consolidate all DSL into one router. .

Tasks • Consolidate all DSL into one router. • All firewall/filter/mangle rules must be in one place only for easy operation and uniformity. • To have a single point of operation. .

Tasks • Consolidate all DSL into one router. Single Gateway only . • Lastly. • Utilized and optimize the use of all available bandwidth from all sources. • To have a single point of operation. • All firewall/filter/mangle rules must be in one place only for easy operation and uniformity.

.

. o Very costly.Typical Deployment  3 Routers  3 Subnet segments  Single gateway o Individual filter/ mangle rules per device o No single point of operation o Difficult to maintain o Fail-over issues.

the bandwidth cannot be utilized by the other groups. • 2 Routers o No single point of operation. o Difficult to maintain. • 2 gateways o Under utilized internet connection. . if one group is not at peak usage.Another typical deployment o Individual filter/mangle rules per device. o Costly. • 2 Segments o Computers must be grouped together and each group must go to a specific gateway. o Fail-over issues.

What we want o Single point of operation • Single router •Single Subnet segment (all filter/mangle rules stored in one device only) o Fully utilized bandwidth o Easy to maintain o Full control of each DSL Line o Many Fail-over lines. . o Cost Effective.

.

But… can it handle the task?.. .23 WANS can be done with Routerboard CRS model.

(i. Output and Forward chains to properly forward the packets to the right interface.23 WANS can be done with Routerboard CRS model.e. packets that comes in from a particular interface must go-out on the same interface) .. But… can it handle the task?.  In a multi-wan setup. each WAN must have at least 3 basic mangle rules for Input.

(i.23 WANS can be done with Routerboard CRS model. such as conn/packet marking for bandwidth management purposes or policy routing. packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already .  In a multi-wan setup. excluding mangle rules for other purposes. .e. Output and Forward chains to properly forward the packets to the right interface.. each WAN must have at least 3 basic mangle rules for Input. But… can it handle the task?.

Output and Forward chains to properly forward the packets to the right interface. each WAN must have at least 3 basic mangle rules for Input.23 WANS can be done with Routerboard CRS model. a hundreds of filter rules and Layer 7 matching.e. . excluding mangle rules for other purposes. (i. packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already .. such as conn/packet marking for bandwidth management purposes or policy routing.  Possibly.  In a multi-wan setup. But… can it handle the task?.

a hundreds of filter rules and Layer 7 matching.23 WANS can be done with Routerboard CRS model.  Possibly.  In a multi-wan setup. excluding mangle rules for other purposes. QoS rules (Queue Tree.. each WAN must have at least 3 basic mangle rules for Input. packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already . Etc. (i. Output and Forward chains to properly forward the packets to the right interface.e. But… can it handle the task?.. such as conn/packet marking for bandwidth management purposes or policy routing. Simple Queues.) .

such as conn/packet marking for bandwidth management purposes or policy routing.e.) Why CRS is not viable? .  Possibly. QoS rules (Queue Tree. each WAN must have at least 3 basic mangle rules for Input.. Output and Forward chains to properly forward the packets to the right interface.  In a multi-wan setup. a hundreds of filter rules and Layer 7 matching. excluding mangle rules for other purposes.23 WANS can be done with Routerboard CRS model. packets that comes in from a particular interface must go-out on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already . Etc. Simple Queues.. But… can it handle the task?. (i.

But… can it handle the task?.23 WANS can be done with Routerboard CRS model.  In a multi-wan setup. packets that left from a particular interface must come back on the same interface)  23 WAN x 3 basic mangle rules = 69 mangle rules already .. Output and Forward chains to properly forward the packets to the right interface. QoS rules (Queue Tree. (i. each WAN must have at least 3 basic mangle rules for Input. a hundreds of filter rules and Layer 7 matching. . Etc. Simple Queues.  Possibly..) Why CRS is not viable? o Low processing power for many WANS (400-600Mhz) o Cannot handle many mangle and filter rules for many WANS o Designed for SOHO. such as conn/packet marking for bandwidth management purposes or policy routing.e. excluding mangle rules for other purposes.

Would be nice if we can have this?…. .

Mikrotik to produce a Multi-core high-end Cloud Core Router with more than 24 ports.Would be nice if we can have this?…. Or a CCR model with a provision or an add-on module for port expansion that can be controlled individually just like an ordinary port? It can make our life easier!  .

How can we have more ports for our wan? Mikrotik doesn’t have any powerful Model with many ports. What is the solution? .

Solution is to use VLAN to expand the ports .

VLAN .

VLAN Most people always think • VLAN ports can only be used to join computers from other segments • VLAN are only for client computers .

. such as modems.  VLAN ports can be used as an DHCP client too. (but with some limitations. IP Printers. therefore.VLAN Most people always think • VLAN ports can only be used to join computers from other segments • VLAN are only for client computers What we can actually use it for  VLAN ports can be used as an ordinary physical port. . treat it as such.  VLAN ports can be used as a routing interface. IP camera.)  VLAN port can be used to connect other devices. etc.

Solution is to use VLAN to expand the ports • Use a fast RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) .

Solution is to use VLAN to expand the ports • Use a fast RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) • Use a low cost Routerboard to be used for port augmentation such as the CRS125-24G-1S-2HnD-IN .

. and the most important of all is to use the VLAN function of RouterOS. you can also use any managed switch with VLAN capability. • Lastly.Solution is to use VLAN to expand the ports • Use a fast RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) • Use a low cost Routerboard to be used for port augmentation such as the CRS125-24G-1S-2HnD-IN •Alternatively.

• Use the VLAN function of RouterOS Why CCR Series? • It has Multiple Core Processor • It can handle possibly thousands of Firewall/Filter and Mangle Rules • It can process millions of packets per second. you can also use any managed switch with VLAN capability.Solution is to use VLAN to expand the ports • Use a faster RouterBoard preferably dual-core or the High-end CCR series such as CCR1009 or higher (CCR1036) • Use a low cost Routerboard for port augmentation such as the CRS model or the RB2011 series. • It can satisfy our need for a Single Point of Operation. • Alternatively. 43 Ports available for our WAN !! .

Actual Deployment .

Configuration .

. ..Things we need.

.  Cloud Core Router CCR1009-8G-1S-1S+ (master) ..Things we need.

 Cloud Core Router CCR1009-8G-1S-1S+ (master)  RB2011UiAS-2HnD-RM ...Things we need.

Things we need..  Cloud Core Router CCR1009-8G-1S-1S+ (master)  DAC (Direct Attached Cable)  RB2011UiAS-2HnD-RM ..

 Cloud Core Router CCR1009-8G-1S-1S+ (master)  RB2011UiAS-2HnD-RM  SFP Module S-85DLC05D  DAC (Direct Attached Cable)  Fiber Patch Cord ..Things we need..

..Things we need.  Cloud Core Router CCR1009-8G-1S-1S+ (master)  RB2011UiAS-2HnD-RM  SFP Module S-85DLC05D  DAC (Direct Attached Cable) How many port we can use for WAN? 17 Ports available for our WAN  Fiber Patch Cord .

Configuration Guide

• Master

• Slave

1.
2.

1.
2.

3.
4.

Use the SFP as the trunk port
Create a VLAN interface and
bind it to the trunk port
Use the VLAN port as DHCP
client.
Create NAT rules.

3.
4.

Use the SFP as the trunk port
Create a VLAN interface and
bind it to the trunk port
Create a bridge interface
Bridge the VLAN port and the
Physical port.

STEP 1 - Add VLAN interface with unique VLAN ID

STEP 2- Add VLAN interface to DHCP Client to obtain IP address from the ISP/DSL

Add VLAN interface to Firewall/NAT .STEP 3 .

.

.

STEP 1 – Add VLAN Interface with VLAN ID to match the CCR1009 .

STEP 2 – Add a Bridge Interface .

STEP 3 – Bind the VLAN interface with the physical ports by bridging .

VLAN interface and Physical port (visual help) .

Managing Bandwidth .

Standard Load Balancing Implementation .

PCC with per interface shaping with dynamic distribution PCC per interface shaping on asymmetric source .

PCC per interface Shaping with equal load distribution .

.

mikrotik.com/wiki/Vlans_on_Mikrotik_environment Thanks to : Louie Datahan of Databyte Computer Sales Andrian Laping of Lhean’s i-Café (CCBoot) .VLAN Reference: http://wiki.