RouterOS is a stand-alone operating system based on the Linux v2.6 kernel, and our goal here at MikroTik is to provide all these features with a quick and simple installation and an easy to use interface.
You can try RouterOS today, go to www.mikrotik.com and download the installation CD image. The free trial provides all of the features with no limitations. In the following pages you will find examples of some of the most important RouterOS features.
RouterOS features a powerful, yet easy to learn command-line configuration interface with integrated scripting capabilities.
• Winbox GUI over IP and MAC
• CLI with Telnet, SSH, Local console and Serial console
• API for programming your own tools
• Web interface
New in RouterOS v4 is the Lua scripting language, which opens up a multitude of approaches in automation and programming of your router.
RouterOS features a stateful firewall, which means that is performs stateful packet inspection and keeps track of the state of network connections traveling across it. It also supports Source and Destionation NAT (Network Address Translation), NAT helpers for popular applications and UPnP.
The Firewall provides features to make use of internal connection, routing and packet marks. It can filter by IP address, address range, port, port range, IP protocol, DSCP and other parameters, also supports Static and Dynamic Address Lists, and can match packets by pattern in their content, specified in Regular Expressions, called Layer7 matching.
The RouterOS Firewall facility also supports IPv6.
• For IPv4 it supports RIP v1 and v2, OSPF v2, BGP v4.
• For IPv6 it supports RIPng, OSPFv3 and BGP.
RouterOS also suppors Virtual Routing and Forwarding (VRF), Policy based routing, Interface based routing and ECMP routing. You can use the Firewall filter to mark specific connections with Routing marks, and then make the marked traffic use a different ISP.
Now with MPLS support added to RouterOS, VRF is also introduced. Virtual Routing and Forwarding is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. VRF also increases network security. It is often used in, but not limited to MPLS networks.
Efficency of forwarding process is the main benefit of MPLS. MPLS makes it easy to create “virtual links” between nodes on the network, regardless of the protocol of their encapsulated data.
It is a highly scalable, protocol agnostic, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol.
Some of the supported MPLS features:
• Static Label bindings for IPv4
• Label Distribution protocol for IPv4
• RSVP Traffic Engineering tunnels
• VPLS MP-BGP based autodiscovery and signaling
• MP-BGP based MPLS IP VPN
• Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols
• Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP)
• Advanced PPP features (MLPPP, BCP)
• Simple tunnels (IPIP, EoIP)
• 6to4 tunnel support (IPv6 over IPv4 network)
• VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support
• MPLS based VPNs
This means that you can securely interconnect banking networks, use your workplace resources while travelling, connect to your home local network, or increase security of your wireless backbone link. You can even interconnect two branch office networks and they would be able to use each other’s resources, as if the computers would be in the same location - all secure and encrypted.
Some of the features supported by RouterOS:
• IEEE802.11a/b/g/n wireless client and access point
• Nstreme and Nstreme2 proprietary protocols
• Client polling
• Wireless Distribution System (WDS)
• Virtual AP
• WEP, WPA, WPA2 encryption
• Access control list
• Wireless client roaming
• HWMP+ Wireless MESH protocol
• MME wireless routing protocol
RouterOS also features the NStreme proprietary wireless protocol that allows to extend the connection range and speed, when using MikroTik routers at each end. This has helped to achieve the current non-amplified wifi link lenght world record in Italy. Also supported is NSteme dual which allows to use two antennas at each end, one for receiving and one for sending.
Extensive user management is possible by making different user profiles, each of which can allow certain uptime, upload and download speed limitation, transfer amount limitation and more.
Hotspot also supports authentication against standard RADIUS servers and MikroTik’s own User Manager which will give you a centralized management of all users in your networks.
• Plug-n-Play access to the Network
• Authentication of local Network Clients
• User Accounting
• RADIUS support for Authentication and Accounting
• Configurable bypass for non-interactive devices
• Walled garden for browsing exceptions
• Trial user and Advertisement modes
Quality of Service (QoS) means that the router can prioritize and shape network traffic. Some features of MikroTik RouterOS traffic control mechanism are listed below:
• limit data rate for certain IP adresses, subnets, protocols, ports, and other parameters
• limit peer-to-peer traffic
• prioritize some packet flows over others
• use queue bursts for faster web browsing
• apply queues on fixed time intervals
• share available traffic among users equally, or depending on the load of the channel
RouterOS supports Hierarchical Token Bucket (HTB) QoS system with CIR, MIR, burst and priority support, and provides both advanced queuing, and also an easy solution for basic QoS implementation - Simple queues.
• Regular HTTP proxy
• Transparent proxy
• Access list by source, destination, URL and requested method (HTTP firewall)
• Cache access list to specify which objects to cache, and which not.
• Direct Access List to specify which resources should be accessed directly, and which - through another proxy server
• Logging facility
• SOCKS proxy support
• Parent proxy support
• Cache storage on external drives
RouterOS can also act as a Transparent Caching server, with no configuration required in the customer PC. RouterOS will take all HTTP requests and redirect them to the local proxy service. This process will be entirely transparent to the user, and the only difference to them will be the increased browsing speed.
• Ping, traceroute
• Bandwidth test, ping flood
• Packet sniffer, torch
• Telnet, SSH
• E-mail and SMS send tools
• Automated script execution tools
• CALEA data mirroring
• File Fetch tool
• Active connection table
• NTP Client and Server
• TFTP server
• Dynamic DNS updater
• VRRP redundancy support
• SNMP for providing graphs and stats
• RADIUS client and server (User Manager)
reference : http://www.mikrotik-routeros.net/routeros.aspx