1-541-955-6900 success@visp.net

MikroTik Router Efficiencies Part 1 – Router Best Practices

by | Apr 23, 2019

MikroTik Best Practice Implementation – Part 1 of 2 – The big picture

MikroTik is a software-defined firewall and router.  As such, it’s limited not only by the hardware it runs on but also by how it is configured. Just like a computer, running too many processes can overburden it, dragging performance down and causing network issues.

When a packet passes through your router, it passes through a variety of facilities including NAT, Mangle, Firewall and Bridging.  This can happen hundreds of thousands of times per second. Since each facility typically has many rules, a packet traversing this digital maze may be touched numerous times. Issues can quickly compound with poorly configured routers causing resource exhaustion, which frustrates both you and your customers.

Learn MikroTik best practices to stop small issues from becoming huge problems.

When you build your network, remember… packets are people, just like you and me.  Sometimes packets are Facetiming with Grandma, holding your position in a first-person shooter game or stopping an attempted infiltration from a hostile hacker trying to acquire digital assets for a cyber war.

If you are going to undertake the responsibility of improving the efficiencies of your routers, then I highly recommend you read this MikroTik best practices overview and then spend some time deep in the study of exciting things like MikroTik’s packet flow diagrams.

Minimalize your router processes

Less is better, almost always.  Asking your router to do extra work on every packet processed is likely to create problems at some point.  Finding ways to process your packets with shortcuts can reduce processing loads.

One of my WISP clients had VoIP quality issues which turned out to be caused by an overused address-list lookup.  The surprising part was that the router was among the most powerful, a Cloud Core Router running no higher than a couple of percent of CPU utilization.  

We were able to determine that the address-list was being queried tens of thousands of times a second. The trick that lead to finding this overused address list was preceding the rule with a counter rule (without the address-list condition), so we could track how many packets per second were being processed.  After removing the need to check the address list so often the VoIP quality was fixed.

I often see simple things being skipped such as accepting established and related traffic and no use of connection fasttrack or fastpath where possible.  One of the “gotchas” with fasttrack to be aware of is that it will shortcut your router’s ability to account for data skipping router features like simple queues.  This can, for example, affect your billing system’s ability to calculate usage. You can’t use it everywhere but it helps a lot with efficiency where you can use it.

Don’t forget that order matters so the biggest bang for your buck rules should be as high in the rule list as possible.

Secure your equipment

Your router and your network will be harassed by hackers and bots, so make sure you have rules that guard your gear.  Best-practices include keeping your equipment on a protected management VLAN, protecting access to management networks and keeping software patched and updated.  Permit only required traffic and block all else in your router’s input firewall filter chain.

One trick to implementing this in a live network is adding a log rule then watch the logs to catch anything you might have forgotten to add. Before you enable the “drop all” rule in your firewall filter input chain, turn on Safe Mode just in case.  Don’t forget that if you are accepting established and related traffic you may not see existing connections from the log rule.

Monitoring with Notifications

One of the biggest differences I see between small and large networks is their monitoring.  This is because you will reach a ceiling as an organization without a good monitoring system.  It might kinda feel like I just switched topics, but honestly, the efficiency of your routing system is directly affected by how you watch it.  

Watched metrics, as a rule, improve within an organization because you are able to see things like climbing CPU, interface errors, temperature alerts and many other metrics that indicate your system’s health. This can allow you to be proactive and not reactive when it comes to issues on your network.  

Standardization, Configuration Backup and Management

The configuration of similar systems should be the same, excepting only the elements that need to be different given the physical differences at the site.  This is easy to say, easy to understand, but hard to consistently implement.

If a high level of consistency is achieved, then a senior network administrator should be able to rebuild a config on the fly with limited information… this isn’t a best practice, but it is a good test of how clean, logical and consistent your configuration is within your network.

Keep current configuration backups and spare hardware handy.  The last time a client had damaged hardware was yesterday, literally… it happens, it shouldn’t be the norm but, as a service provider, you need to be prepared.

In the second half of this article, I will discuss creating smart configurations including avoiding common and/or disastrous mistakes and some practical config building steps.

Noteworthy Mention

Unimus is a software solution which helps network administrators implement and improve upon every best practice mentioned in this article in one way or another.

Unimus excels in the area of backup and configuration management.  It simplifies tasks like comparing configurations between devices, auditing your network for best practice implementations, and firmware and configurations deployment.

“Automating configuration management can save you a lot of time (and therefore a lot of money). Unimus for example can help with automating RouterOS upgrades on your MikroTiks, and manage the overall consistency of your network. With recent MikroTik exploits, you can easily check the health of your entire network in bulk, and automate the remediation of infected routers.” — Tomas Kirnak, Founder / CEO at NetCore (Unimus)

Part 2 of the MikroTik Router Efficiencies series is now available, you can read it here.

About the Author

Joshaven Potter supports and consults with Visp.net’s clients to drive their success and business growth. He is an industry-leading WISP consultant with 18 years of ISP network experience.

To be continued…

Authentication and Provisioning

The system is redundant, scalable and automates control of subscribers’ access, speeds and usage.

Automated Suspension and Reactivation

Train your subscribers to pay on time and make payments easy to get back online.

Activation Servers Fuel Growth

Speed up on-boarding for point-to-point or point to multi-point connections and Wi-Fi at RV parks, campgrounds or marinas.

“It does what I need and more, the support is top notch.“

~Tristan Livingston (NTX Fiberwave)

“Congratulations on having such fine staffing quality on your front lines.“

~Ned Schuman (Founder, Olympus)

“Amazing how quick you guys get things done!“

~Renaldo Coakley (Coakster Wireless)

“Always works, always getting improved. Thanks VISP Team!“

~Louis Uttaro (Oso Internet)

Related Articles

ISP Marketing Strategy: The 5 Tactics to Measure Success

ISP Marketing Strategy: The 5 Tactics to Measure Success

To succeed, marketing campaigns must deliver. Knowing how to measure ISP marketing strategy success is essential to know if the investment is worth it. Read on to discover how to include tracking measures and metrics to ensure your current and future campaigns pay off.

Is Passive Churn Crushing Your Profitability?

Is Passive Churn Crushing Your Profitability?

Can you retain customers despite this subscription business menace?    There are only three ways a WISP or any business can grow -- activate new subscribers, retain customers and get them to spend more each month. Sure, adding new subscribers builds your customer...

Infrastructure Plan(s): How to Prepare for Broadband Grants

Infrastructure Plan(s): How to Prepare for Broadband Grants

Expansion can be expensive for any business, especially ISPs and WISPs. Federal broadband grants can offset the cost and advance the nation’s goal of closing the internet gap for rural Americans. But, there are often restrictive qualifications, and multiple proposals. Learn about what’s going on with ISP broadband grants.

One Habit Ignites Continuous WISP Success

One Habit Ignites Continuous WISP Success

Your success is up to you — the focus, action and habits that you apply to your goals determine how far you’ll climb. But, is there a magic formula that can transport you further into the stratosphere? Yes. Elite business leaders have a trait in common — they are...