MikroTik Router Efficiencies Part 1 – Router Best Practices

Router Best Practices | VISP - ISP Billing System

Authentication and Provisioning

The system is redundant, scalable and automates control of subscribers’ access, speeds and usage.

Automated Suspension and Reactivation

Train your subscribers to pay on time and make payments easy to get back online.

Activation Servers Fuel Growth

Speed up on-boarding for point-to-point or point to multi-point connections and Wi-Fi at RV parks, campgrounds or marinas.

MikroTik Best Practice Implementation – Part 1 of 2 – The big picture

MikroTik is a software-defined firewall and router.  As such, it’s limited not only by the hardware it runs on but also by how it is configured. Just like a computer, running too many processes can overburden it, dragging performance down and causing network issues.

When a packet passes through your router, it passes through a variety of facilities including NAT, Mangle, Firewall and Bridging.  This can happen hundreds of thousands of times per second. Since each facility typically has many rules, a packet traversing this digital maze may be touched numerous times. Issues can quickly compound with poorly configured routers causing resource exhaustion, which frustrates both you and your customers.

Router Best Practices | VISP - ISP Billing System

Learn MikroTik best practices to stop small issues from becoming huge problems.

When you build your network, remember… packets are people, just like you and me.  Sometimes packets are Facetiming with Grandma, holding your position in a first-person shooter game or stopping an attempted infiltration from a hostile hacker trying to acquire digital assets for a cyber war.

If you are going to undertake the responsibility of improving the efficiencies of your routers, then I highly recommend you read this MikroTik best practices overview and then spend some time deep in the study of exciting things like MikroTik’s packet flow diagrams.

Minimalize your router processes

Less is better, almost always.  Asking your router to do extra work on every packet processed is likely to create problems at some point.  Finding ways to process your packets with shortcuts can reduce processing loads.

One of my WISP clients had VoIP quality issues which turned out to be caused by an overused address-list lookup.  The surprising part was that the router was among the most powerful, a Cloud Core Router running no higher than a couple of percent of CPU utilization.  

We were able to determine that the address-list was being queried tens of thousands of times a second. The trick that lead to finding this overused address list was preceding the rule with a counter rule (without the address-list condition), so we could track how many packets per second were being processed.  After removing the need to check the address list so often the VoIP quality was fixed.

I often see simple things being skipped such as accepting established and related traffic and no use of connection fasttrack or fastpath where possible.  One of the “gotchas” with fasttrack to be aware of is that it will shortcut your router’s ability to account for data skipping router features like simple queues.  This can, for example, affect your billing system’s ability to calculate usage. You can’t use it everywhere but it helps a lot with efficiency where you can use it.

Don’t forget that order matters so the biggest bang for your buck rules should be as high in the rule list as possible.

Secure your equipment

Your router and your network will be harassed by hackers and bots, so make sure you have rules that guard your gear.  Best-practices include keeping your equipment on a protected management VLAN, protecting access to management networks and keeping software patched and updated.  Permit only required traffic and block all else in your router’s input firewall filter chain.

One trick to implementing this in a live network is adding a log rule then watch the logs to catch anything you might have forgotten to add. Before you enable the “drop all” rule in your firewall filter input chain, turn on Safe Mode just in case.  Don’t forget that if you are accepting established and related traffic you may not see existing connections from the log rule.

Monitoring with Notifications

One of the biggest differences I see between small and large networks is their monitoring.  This is because you will reach a ceiling as an organization without a good monitoring system.  It might kinda feel like I just switched topics, but honestly, the efficiency of your routing system is directly affected by how you watch it.  

Watched metrics, as a rule, improve within an organization because you are able to see things like climbing CPU, interface errors, temperature alerts and many other metrics that indicate your system’s health. This can allow you to be proactive and not reactive when it comes to issues on your network.  

Standardization, Configuration Backup and Management

The configuration of similar systems should be the same, excepting only the elements that need to be different given the physical differences at the site.  This is easy to say, easy to understand, but hard to consistently implement.

If a high level of consistency is achieved, then a senior network administrator should be able to rebuild a config on the fly with limited information… this isn’t a best practice, but it is a good test of how clean, logical and consistent your configuration is within your network.

Keep current configuration backups and spare hardware handy.  The last time a client had damaged hardware was yesterday, literally… it happens, it shouldn’t be the norm but, as a service provider, you need to be prepared.

In the second half of this article, I will discuss creating smart configurations including avoiding common and/or disastrous mistakes and some practical config building steps.

Noteworthy Mention

Unimus is a software solution which helps network administrators implement and improve upon every best practice mentioned in this article in one way or another.

Unimus excels in the area of backup and configuration management.  It simplifies tasks like comparing configurations between devices, auditing your network for best practice implementations, and firmware and configurations deployment.

“Automating configuration management can save you a lot of time (and therefore a lot of money). Unimus for example can help with automating RouterOS upgrades on your MikroTiks, and manage the overall consistency of your network. With recent MikroTik exploits, you can easily check the health of your entire network in bulk, and automate the remediation of infected routers.” — Tomas Kirnak, Founder / CEO at NetCore (Unimus)

Part 2 of the MikroTik Router Efficiencies series is now available, you can read it here.

About the Author

Joshaven Potter supports and consults with Visp.net’s clients to drive their success and business growth. He is an industry-leading WISP consultant with 18 years of ISP network experience.

To be continued…

Featured Articles

“It does what I need and more, the support is top notch.“

~Tristan Livingston (NTX Fiberwave)

“Congratulations on having such fine staffing quality on your front lines.“

~Ned Schuman (Founder, Olympus)

“Amazing how quick you guys get things done!“

~Renaldo Coakley (Coakster Wireless)

“Always works, always getting improved. Thanks VISP Team!“

~Louis Uttaro (Oso Internet)

Related Articles

5 Top Reasons to Attend WISPAmerica – Your Industry Event 

5 Top Reasons to Attend WISPAmerica – Your Industry Event 

The ISP’s industry event of the season is the perfect place to be this March. Discover the top 5 reasons you should attend WISPAmerica 2022 and join your colleagues, industry experts and icons to celebrate our industry and plot a future that’s beneficial to all of us.

ISP Marketing Strategy: The 5 Tactics to Measure Success

ISP Marketing Strategy: The 5 Tactics to Measure Success

To succeed, marketing campaigns must deliver. Knowing how to measure ISP marketing strategy success is essential to know if the investment is worth it. Read on to discover how to include tracking measures and metrics to ensure your current and future campaigns pay off.

A Sales Incentive Plan to Retain and Motivate ISP Salespeople

A Sales Incentive Plan to Retain and Motivate ISP Salespeople

ISP salespeople are essential to keep a steady stream of new subscribers coming into your organization. But, hiring and keeping good professionals requires more than just a base salary and vacation. Discover how well-structured sales incentive plans can help you to attract the best and brightest.