We used to have a consumer grade router flashed with DD-WRT software and it did the job well, but it needed to be power cycled every few weeks so it wouldn't freeze up. Recently we had a second Internet line installed and it became obvious that the existing router will not be able to handle all the tasks properly. A decision has been made to get a MikroTik Routerboard because of the great functionality this platform offers, even with the lower port count devices. We had to be able to accomplish the following:
Fail-over between service providers
PXE server setup
Some port forwarding
Setup multiple wireless networks
Quality of service
VPN for remote workers
There is a special software for setting up this router and it is called WinBox. It provides us with a graphical interface rather than having to type commands in CLI. At first we used the MAC address to connect to the router, right after we setup a proper IP address, we could use a much more reliable IP connection.
At first we had to make sure we have at least one interface enabled with an IP address assigned to it. Second thing was to setup a DHCP server at this interface so it can give out addresses to all the devices in the network. Another important thing was to setup the DNS servers so we can have domain names resolved properly.
Now to connect both Internet lines, we had to enable another two interfaces, assign IP addresses, in our case: one static and one through DHCP client. Next we needed to hide the internal network behind those two WAN interfaces. This is done with NAT rules, specifically: Masquerade.
At this point we needed to setup the fail-over mechanism. This is done in the routing table. Currently we have two default gateways, corresponding to the two Internet providers. We will set the first one to have higher priority over the other. Thus as long as there is ping to the ISP1 router, the packets will go through it and when for some reason it fail, the traffic will be routed to ISP2 router on the second default gateway. When ISP1 router gets back online the traffic will go back to ISP1.
We needed to create more than one wireless network at the office and we used the Virtual AP interface to do that. This functionality allows us to create as many wireless networks as we want.
Firewall rules had to be created so the router can discard invalid packets, limit access from one LAN network to another and sense port scanning attempts. MikroTik has a very powerful firewall and if set up properly, will do a great job keeping the network safe
Using Queues, we implemented a simple QOS policy, making sure bandwidth will be distributed fairly across devices, leaving guaranteed bandwidth for critical services such as VoIP.
In our network we use PXE server that allows computers to boot from LAN instead of local storage devices. We only needed to add the proper settings to the DHCP server, so the IP of the server and boot options can be advertised throughout the local network.
Overall, it took a couple of days to get everything running since it had to be done only in the evenings. We haven't got a single problem after this upgrade and there was significant improvement in our Internet speed as well.