SlideShare a Scribd company logo

Using Mikrotik Switch Features to Improve Your Network

GLC Networks
GLC Networks

The document outlines a webinar by GLC Networks, focusing on Mikrotik switch features to enhance network performance, led by trainer Achmad Mardiansyah. It covers topics such as switch technology, layering protocols, and various switch functionalities, including VLAN, HW offloading, and loop protection. The session includes live practice and a Q&A segment, along with an invitation for participants to engage and share their knowledge.

Technology
1 of 50
Downloaded 25 times
1
2
3
4
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Most read
22
23
24
Most read
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
www.glcnetworks.com Using Mikrotik switch features to improve your network GLC Webinar, 9 dec 2021 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1 Source:
www.glcnetworks.com Agenda ● Introduction ● Review prerequisite knowledge ● Mikrotik switch ● Switch features ● Live practice ● Q & A 2
www.glcnetworks.com introduction 3
www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● Based in Bandung, Indonesia ● Areas: Training, IT Consulting ● Certified partner for: Mikrotik, Ubiquity, Linux foundation ● Product: GLC radius manager ● Regular event 4
www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999, mikrotik user since 2007, UBNT 2011 ● Mikrotik Certified Trainer (MTCNA/RE/WE/UME/INE/TCE/IPv6) ● Mikrotik/Linux Certified Consultant ● Website contributor: achmadjournal.com, mikrotik.tips, asysadmin.tips ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
www.glcnetworks.com Past experience 6 ● 2021 (Congo DRC, Malaysia): network support, radius/billing integration ● 2020 (Congo DRC, Malaysia): IOT integration, network automation ● 2019, Congo (DRC): build a wireless ISP from ground-up ● 2018, Malaysia: network revamp, develop billing solution and integration, setup dynamic routing ● 2017, Libya (north africa): remote wireless migration for a new Wireless ISP ● 2016, United Kingdom: workshop for wireless ISP, migrating a bridged to routed network
www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/schedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 7
www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 8
www.glcnetworks.com Prerequisite ● This presentation some prerequisite knowledge ● We assume you already understand: ○ Python programming ○ Machine learning 9
www.glcnetworks.com Review prerequisite knowledge 10
www.glcnetworks.com 7 OSI layer & protocol 11 ● OSI layer Is a conceptual model from ISO (International Standard Organization) for project OSI (Open System Interconnection) ● When you send a message with a courier, you need to add more info to get your message arrived at the destination (This process is called encapsulation) ● What is protocol ○ Is a set of rules for communication ○ Available on each layer ● Communication consist of series encapsulation ○ SDU: service data unit (before PDU) ○ PDU: protocol data unit (after header is added)
www.glcnetworks.com Layered model (TCP/IP vs ISO) and encapsulation 12 / datagram
www.glcnetworks.com Layer 4 header (which one is TCP?) 13
www.glcnetworks.com Layer 3 header (which one is IPv4?) 14
www.glcnetworks.com Ethernet header (which is the MTU?) 15
www.glcnetworks.com 802.11 header 16
www.glcnetworks.com Did you notice? ● There is a big overhead on encapsulation process ● More encapsulation means less payload? 17
www.glcnetworks.com Connecting Network devices 18
www.glcnetworks.com Typical network hardware ● End-devices ● Intermediary devices ● Media 19
www.glcnetworks.com Typical connection (physical topology) 20 R2 R1 R3 ● Router connects layer 2 segments ● Router works on layer 3 ● Meaning, each layer 2 segment has network ID
www.glcnetworks.com Typical connection (logical topology) Routing table: ● A table at router that is used to forward packet ● Available on every devices (router and host) ● Entry is executed sequentially 21 192.168.0.0/26 R1 192.168.0.1/26 192.168.0.3/26 192.168.0.2/26 R3 R2 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.3.3/24 192.168.3.9/24 192.168.2.9/24 192.168.2.2/24 192.168.1.1/24 192.168.1.9/24 destination gateway 192.168.0.0/26 direct 192.168.1.0/24 direct 192.168.2.0/24 192.168.0.2 192.168.3.0/24 192.168.0.3 192.168.16.3/32 192.168.0.2 0.0.0.0/0 (default gw) 192.168.0.3
www.glcnetworks.com Layer 2 technology: Ethernet 22
www.glcnetworks.com Ethernet specs ● Defined by IEEE 802.3 ● Media: ○ Coaxial cable ○ Twisted pair ○ Fiber optic ● Devices required: ○ Bridge / switch ○ HUB ● Everyone likes it!! ○ Affordable ○ Easy to install ○ Easy maintenance 23
www.glcnetworks.com How ethernet works (CSMA/CD) ● Carrier Sense Multiple Access / Collision Detection (CSMA/CD) ○ Every host do not know when other send data ○ Before sending data, host check the shared medium ○ Every host only knows when collision happens ● You will have: ○ Collision domain ■ Area where collision happens ■ Can use any frame ○ Broadcast domain ■ Area when broadcast happens ■ Using broadcast frame ● CSMA/CD != CSMA/CA 24
www.glcnetworks.com How ethernet works (ARP) ● ARP = Address resolution protocol ● A mapping between IPv4 and MAC address ● Requires broadcast frame ● Will be eliminated in IPv6 25 Source: ipcisco.com
www.glcnetworks.com Ethernet evolution (1) 26
www.glcnetworks.com Ethernet evolution (2) 27
www.glcnetworks.com Ethernet issue: Collision domain ● Area where collision happens. See CSMA/CD ● Some ideas: ○ Using bridged/switched network ○ Now is very hard to find a HUB 28 Source: devto.com
www.glcnetworks.com Ethernet issue: Broadcast domain ● An area where broadcast happens ● Try use 5-4-3-2-1 rules ● Broadcast can go wild (especially on infected hosts) ● Some ideas: ○ Using router to split segments ○ Port isolation on switch ○ Use storm control on switch 29
www.glcnetworks.com Ethernet issue: Loop ● A condition when frame is forwarded in the media ● Will stop until one of cable is removed ● Some ideas: ○ Do not use traditional switch ○ activate STP between switch ○ Port isolation 30
www.glcnetworks.com Layer 2 technology: VLAN 31
www.glcnetworks.com Without VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A SITE B with VLAN
www.glcnetworks.com VLAN terms ● VLAN: a feature on layer 2 device (switch) to do virtual segmentation on physical switch ● The segmentation can be extended to other switch using “trunk” link. Borrowed from telco terms “trunk” (a link to connects 2 telco exchanges) ● Port types: ○ Access port -> to connect to end-devices (non-tag frame only) ○ Trunk port -> to connect to other VLAN switch (tagged frame only) ○ Hybdrid port -> allow tagged and non-tagged frame access port trunk port trunk port VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A SITE B trunk line
www.glcnetworks.com What happened on trunk ports ● The layer-2-header of outgoing frame will be modified by adding VLAN tag on the header ● This tag will be recognised at the other end access port trunk port trunk port SITE A SITE B VLAN 10 VLAN 20 VLAN 10 VLAN 20
www.glcnetworks.com R41 EXAMPLE VLAN TOPOLOGY 1 interface with 3 networks : - no TAG - TAG to NON-TAG - TAG to TAG PC61 E3 E2 E2 SW51 E2 PC71 E3 E4 br1 e2 e3 br2 vlan10-e2 e4 E2 PC81 E5 br3 vlan20-e2 vlan20-e5
www.glcnetworks.com Mikrotik switches 36
www.glcnetworks.com Mikrotik switch ● Start produce switches in late 2000s -> small switch 5 ports ● Introduce SWOS (switch OS) only on mikrotik hardware ● Produce large scale switches since 2014 ● switch features and configurations are based on chipset used (less comfy) ○ switch 1XX / 2XX family ○ switch 3XX family 37
www.glcnetworks.com Mikrotik switches CRS (Cloud Router Switch) - use RouterOS - layer3 switch (can do routing) - many interfaces for access (winbox, web, ssh, telnet, ftp, api) CSS (Cloud Smart Switch) - use SWOS (switchOS) - only layer 2 functions - only web interface 38
www.glcnetworks.com Mikrotik: router → bridge ● By default, mikrotik is a router ● But we can turn mikrotik to be a layer 2 device. implementation: ○ Bridge → processed by CPU ○ Switch → processed by hardware chip ● all physical mac will be replaced by a single bridge mac address ● Example configuration 39 Source: praktekit.com
www.glcnetworks.com Switch features: VLAN ● Connections: ○ physical interface and logical interface (vlan interface) ○ A logical interface and other logical interface (vlan interfaces) ● Implementation ○ Put vlan interface on physical interface OR ○ Put vlan interface on bridge interface 40
www.glcnetworks.com Switch features: VLAN filtering ● Better ways to allowing vlan into: ○ physical interface and logical interface (vlan interface) ○ A logical interface and other logical interface (vlan interfaces) ● Implementation ○ Bridge interface ○ Bridge vlan filtering 41
www.glcnetworks.com Switch features: HW offloading ● HW offload can reduce CPU processing on bridge 42
www.glcnetworks.com switch features: loop protect ● A frame SHOULD NOT return back to its original switch ● This can lead to ENDLESS switching loop ● Loop will stop until a cable is unplugged ● Mikrotik detects returned frame, and disable the port that receive the frame to stop looping ● Can be implemented on bridge/routed mode ● STP/RSTP is recommended than this 43 Source: netgear.com, www.networkacademy.io
www.glcnetworks.com switch features: STP / RSTP ● R(STP): Rapid Spanning Tree Protocol ● A BPDU (Bridge Protocol Data Unit) frame is sent by switches to develop a spanning tree topology (without loop) ● Started from root → branches. No links between branches (this considered loop) ● Switch will disable ports that is involved in loop ● For compatibility, use priorities in steps of 4096 (0, 4096, 8192, 12288…) ● Will be discussed later in next webinar ● 44 Source: netgear.com, www.networkacademy.io
www.glcnetworks.com switch features: mirror port ● In case you want to sniff on a switch port 45
www.glcnetworks.com LIVE practice 46
www.glcnetworks.com preparation ● SSH client ● SSH parameters ○ SSH address ○ SSH port ○ SSH username ○ SSH password 47
www.glcnetworks.com Q & A 48
www.glcnetworks.com Interested? Just come to our training... ● Topics are arranged in systematic and logical way ● You will learn from experienced teacher ● Not only learn the materials, but also sharing experiences, best-practices, and networking 49
www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Find our further event on our website : https://www.glcnetworks.com/en/ ● Like our facebook page: https://www.facebook.com/glcnetworks ● Slide: https://www.slideshare.net/glcnetworks/ ● Discord (bahasa indonesia): (https://discord.gg/6MZ3KUHHBX) ● Recording (youtube): https://www.youtube.com/c/GLCNetworks ● Stay tune with our schedule ● Any questions? 50

More Related Content

What's hot (20)

PDF
Mikrotik firewall filter
Achmad Mardiansyah
 
PDF
Mikrotik firewall raw table
Achmad Mardiansyah
 
PDF
Mikrotik Load Balancing with PCC
GLC Networks
 
PDF
Detecting network virus using mikrotik
Achmad Mardiansyah
 
PDF
BGP on mikrotik
Achmad Mardiansyah
 
PDF
Mikrotik Hotspot
GLC Networks
 
PDF
VLAN on mikrotik
Achmad Mardiansyah
 
PDF
Mikrotik IP Settings For Performance and Security
GLC Networks
 
PDF
GLC webinar: limiting bandwidth using mikrotik
Achmad Mardiansyah
 
PDF
Build enterprise wireless with CAPsMAN
GLC Networks
 
PDF
Connection load balancing with mikrotik [workshop]
Achmad Mardiansyah
 
PDF
Layer 7 Firewall on Mikrotik
GLC Networks
 
PDF
Mikrotik firewall mangle
Achmad Mardiansyah
 
PDF
ISP Load Balancing with Mikrotik ECMP
GLC Networks
 
PDF
Policy Based Routing (PBR) on Mikrotik
GLC Networks
 
PDF
Using mikrotik with radius
Achmad Mardiansyah
 
PDF
Mikrotik fasttrack
Achmad Mardiansyah
 
PDF
Routing fundamentals with mikrotik
Achmad Mardiansyah
 
PDF
MTCNA Intro to routerOS
GLC Networks
 
PDF
Mikro tik advanced training
Jignesh H. Bhalsod
 
Mikrotik firewall filter
Achmad Mardiansyah
 
Mikrotik firewall raw table
Achmad Mardiansyah
 
Mikrotik Load Balancing with PCC
GLC Networks
 
Detecting network virus using mikrotik
Achmad Mardiansyah
 
BGP on mikrotik
Achmad Mardiansyah
 
Mikrotik Hotspot
GLC Networks
 
VLAN on mikrotik
Achmad Mardiansyah
 
Mikrotik IP Settings For Performance and Security
GLC Networks
 
GLC webinar: limiting bandwidth using mikrotik
Achmad Mardiansyah
 
Build enterprise wireless with CAPsMAN
GLC Networks
 
Connection load balancing with mikrotik [workshop]
Achmad Mardiansyah
 
Layer 7 Firewall on Mikrotik
GLC Networks
 
Mikrotik firewall mangle
Achmad Mardiansyah
 
ISP Load Balancing with Mikrotik ECMP
GLC Networks
 
Policy Based Routing (PBR) on Mikrotik
GLC Networks
 
Using mikrotik with radius
Achmad Mardiansyah
 
Mikrotik fasttrack
Achmad Mardiansyah
 
Routing fundamentals with mikrotik
Achmad Mardiansyah
 
MTCNA Intro to routerOS
GLC Networks
 
Mikro tik advanced training
Jignesh H. Bhalsod
 

Similar to Using Mikrotik Switch Features to Improve Your Network (20)

PDF
Network LACP/Bonding/Teaming with Mikrotik
GLC Networks
 
PDF
Controlling Access Between Devices in the same Layer 2 Segment
GLC Networks
 
PDF
VLAN vs VXLAN
GLC Networks
 
PDF
Troubleshooting Layer 2 Ethernet Problem: Loop, Broadcast, Security
GLC Networks
 
PDF
MTCNA : Intro to RouterOS - Part 1
GLC Networks
 
PPT
Basic networking course
LuxoftTraining
 
PDF
Internet Protocol Deep-Dive
GLC Networks
 
PPT
Layer2-vlans
soumyaranjan1223
 
PDF
CCNA : Intro to Cisco IOS - Part 1
GLC Networks
 
PPTX
Network Topologies, L1-L2 Basics, Networking Devices
Aalok Shah
 
PDF
BGP Services IP Transit vs IP Peering
GLC Networks
 
PPTX
12 ethernet-wifi
Olivier Bonaventure
 
PDF
multilayer-campus-architectures-and-design-principles
Chris S Chen
 
PPT
Chapter 1 Switch Network Device (1).ppt
desalewminale
 
PPT
layer2-network-design.ppt
VimalMallick
 
PPTX
CCNP Switching Chapter 1
Chaing Ravuth
 
PDF
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
GLC Networks
 
PDF
Best Current Practice (BCP) 38 Ingress Filtering for Security
GLC Networks
 
PPTX
PPT Backbone And Networks
kishorekommu kommu
 
PPTX
The Basics of Industrial Ethernet Communications
Westermo Network Technologies
 
Network LACP/Bonding/Teaming with Mikrotik
GLC Networks
 
Controlling Access Between Devices in the same Layer 2 Segment
GLC Networks
 
VLAN vs VXLAN
GLC Networks
 
Troubleshooting Layer 2 Ethernet Problem: Loop, Broadcast, Security
GLC Networks
 
MTCNA : Intro to RouterOS - Part 1
GLC Networks
 
Basic networking course
LuxoftTraining
 
Internet Protocol Deep-Dive
GLC Networks
 
Layer2-vlans
soumyaranjan1223
 
CCNA : Intro to Cisco IOS - Part 1
GLC Networks
 
Network Topologies, L1-L2 Basics, Networking Devices
Aalok Shah
 
BGP Services IP Transit vs IP Peering
GLC Networks
 
12 ethernet-wifi
Olivier Bonaventure
 
multilayer-campus-architectures-and-design-principles
Chris S Chen
 
Chapter 1 Switch Network Device (1).ppt
desalewminale
 
layer2-network-design.ppt
VimalMallick
 
CCNP Switching Chapter 1
Chaing Ravuth
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
GLC Networks
 
Best Current Practice (BCP) 38 Ingress Filtering for Security
GLC Networks
 
PPT Backbone And Networks
kishorekommu kommu
 
The Basics of Industrial Ethernet Communications
Westermo Network Technologies
 
Ad

More from GLC Networks (20)

PDF
Firewall mangle PBR: steering outbound path similar to inbound
GLC Networks
 
PDF
Internal BGP tuning: Mesh peering to avoid loop
GLC Networks
 
PDF
BGP tuning: Peer with loopback
GLC Networks
 
PDF
BGP security tuning: pull-up route
GLC Networks
 
PDF
BGP troubleshooting: route origin
GLC Networks
 
PDF
Steering traffic in OSPF: Interface cost
GLC Networks
 
PDF
Tuning OSPF: Bidirectional Forwarding Detection (BFD)
GLC Networks
 
PDF
Tuning OSPF: Prefix Aggregate
GLC Networks
 
PDF
Tuning OSPF: area hierarchy, LSA, and area type
GLC Networks
 
PDF
Stable OSPF: choosing network type.pdf
GLC Networks
 
PDF
GIT as Mikrotik Configuration Management
GLC Networks
 
PDF
RouterOS Migration From v6 to v7
GLC Networks
 
PDF
Building a Web Server with NGINX
GLC Networks
 
PDF
EOIP Deep Dive
GLC Networks
 
PDF
Policy Based Routing with Indirect BGP - Part 2
GLC Networks
 
PDF
Policy Based Routing with Indirect BGP - Part 1
GLC Networks
 
PPTX
Automatic Backup via FTP - Part 2
GLC Networks
 
PDF
Automatic Backup via FTP - Part 1
GLC Networks
 
PDF
Voice Services, From Circuit Switch to VoIP
GLC Networks
 
PDF
MPLS on Router OS V7 - Part 2
GLC Networks
 
Firewall mangle PBR: steering outbound path similar to inbound
GLC Networks
 
Internal BGP tuning: Mesh peering to avoid loop
GLC Networks
 
BGP tuning: Peer with loopback
GLC Networks
 
BGP security tuning: pull-up route
GLC Networks
 
BGP troubleshooting: route origin
GLC Networks
 
Steering traffic in OSPF: Interface cost
GLC Networks
 
Tuning OSPF: Bidirectional Forwarding Detection (BFD)
GLC Networks
 
Tuning OSPF: Prefix Aggregate
GLC Networks
 
Tuning OSPF: area hierarchy, LSA, and area type
GLC Networks
 
Stable OSPF: choosing network type.pdf
GLC Networks
 
GIT as Mikrotik Configuration Management
GLC Networks
 
RouterOS Migration From v6 to v7
GLC Networks
 
Building a Web Server with NGINX
GLC Networks
 
EOIP Deep Dive
GLC Networks
 
Policy Based Routing with Indirect BGP - Part 2
GLC Networks
 
Policy Based Routing with Indirect BGP - Part 1
GLC Networks
 
Automatic Backup via FTP - Part 2
GLC Networks
 
Automatic Backup via FTP - Part 1
GLC Networks
 
Voice Services, From Circuit Switch to VoIP
GLC Networks
 
MPLS on Router OS V7 - Part 2
GLC Networks
 
Ad

Recently uploaded (20)

PDF
UiPath DevConnect 2025: Agentic Automation Community User Group Meeting
DianaGray10
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
PDF
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
NLJUG Speaker academy 2025 - first session
Bert Jan Schrijver
 
PDF
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
PDF
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
PDF
SIZING YOUR AIR CONDITIONER---A PRACTICAL GUIDE.pdf
Muhammad Rizwan Akram
 
PPT
Ericsson LTE presentation SEMINAR 2010.ppt
npat3
 
PDF
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
PPTX
Digital Circuits, important subject in CS
contactparinay1
 
PDF
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PPTX
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PDF
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
PDF
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
UiPath DevConnect 2025: Agentic Automation Community User Group Meeting
DianaGray10
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
NLJUG Speaker academy 2025 - first session
Bert Jan Schrijver
 
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
SIZING YOUR AIR CONDITIONER---A PRACTICAL GUIDE.pdf
Muhammad Rizwan Akram
 
Ericsson LTE presentation SEMINAR 2010.ppt
npat3
 
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
Digital Circuits, important subject in CS
contactparinay1
 
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 

Using Mikrotik Switch Features to Improve Your Network

  • 1. www.glcnetworks.com Using Mikrotik switch features to improve your network GLC Webinar, 9 dec 2021 Achmad Mardiansyah [email protected] GLC Networks, Indonesia 1 Source:
  • 2. www.glcnetworks.com Agenda ● Introduction ● Review prerequisite knowledge ● Mikrotik switch ● Switch features ● Live practice ● Q & A 2
  • 4. www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● Based in Bandung, Indonesia ● Areas: Training, IT Consulting ● Certified partner for: Mikrotik, Ubiquity, Linux foundation ● Product: GLC radius manager ● Regular event 4
  • 5. www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999, mikrotik user since 2007, UBNT 2011 ● Mikrotik Certified Trainer (MTCNA/RE/WE/UME/INE/TCE/IPv6) ● Mikrotik/Linux Certified Consultant ● Website contributor: achmadjournal.com, mikrotik.tips, asysadmin.tips ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
  • 6. www.glcnetworks.com Past experience 6 ● 2021 (Congo DRC, Malaysia): network support, radius/billing integration ● 2020 (Congo DRC, Malaysia): IOT integration, network automation ● 2019, Congo (DRC): build a wireless ISP from ground-up ● 2018, Malaysia: network revamp, develop billing solution and integration, setup dynamic routing ● 2017, Libya (north africa): remote wireless migration for a new Wireless ISP ● 2016, United Kingdom: workshop for wireless ISP, migrating a bridged to routed network
  • 7. www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/schedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 7
  • 8. www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 8
  • 9. www.glcnetworks.com Prerequisite ● This presentation some prerequisite knowledge ● We assume you already understand: ○ Python programming ○ Machine learning 9
  • 11. www.glcnetworks.com 7 OSI layer & protocol 11 ● OSI layer Is a conceptual model from ISO (International Standard Organization) for project OSI (Open System Interconnection) ● When you send a message with a courier, you need to add more info to get your message arrived at the destination (This process is called encapsulation) ● What is protocol ○ Is a set of rules for communication ○ Available on each layer ● Communication consist of series encapsulation ○ SDU: service data unit (before PDU) ○ PDU: protocol data unit (after header is added)
  • 12. www.glcnetworks.com Layered model (TCP/IP vs ISO) and encapsulation 12 / datagram
  • 13. www.glcnetworks.com Layer 4 header (which one is TCP?) 13
  • 14. www.glcnetworks.com Layer 3 header (which one is IPv4?) 14
  • 17. www.glcnetworks.com Did you notice? ● There is a big overhead on encapsulation process ● More encapsulation means less payload? 17
  • 19. www.glcnetworks.com Typical network hardware ● End-devices ● Intermediary devices ● Media 19
  • 20. www.glcnetworks.com Typical connection (physical topology) 20 R2 R1 R3 ● Router connects layer 2 segments ● Router works on layer 3 ● Meaning, each layer 2 segment has network ID
  • 21. www.glcnetworks.com Typical connection (logical topology) Routing table: ● A table at router that is used to forward packet ● Available on every devices (router and host) ● Entry is executed sequentially 21 192.168.0.0/26 R1 192.168.0.1/26 192.168.0.3/26 192.168.0.2/26 R3 R2 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.3.3/24 192.168.3.9/24 192.168.2.9/24 192.168.2.2/24 192.168.1.1/24 192.168.1.9/24 destination gateway 192.168.0.0/26 direct 192.168.1.0/24 direct 192.168.2.0/24 192.168.0.2 192.168.3.0/24 192.168.0.3 192.168.16.3/32 192.168.0.2 0.0.0.0/0 (default gw) 192.168.0.3
  • 23. www.glcnetworks.com Ethernet specs ● Defined by IEEE 802.3 ● Media: ○ Coaxial cable ○ Twisted pair ○ Fiber optic ● Devices required: ○ Bridge / switch ○ HUB ● Everyone likes it!! ○ Affordable ○ Easy to install ○ Easy maintenance 23
  • 24. www.glcnetworks.com How ethernet works (CSMA/CD) ● Carrier Sense Multiple Access / Collision Detection (CSMA/CD) ○ Every host do not know when other send data ○ Before sending data, host check the shared medium ○ Every host only knows when collision happens ● You will have: ○ Collision domain ■ Area where collision happens ■ Can use any frame ○ Broadcast domain ■ Area when broadcast happens ■ Using broadcast frame ● CSMA/CD != CSMA/CA 24
  • 25. www.glcnetworks.com How ethernet works (ARP) ● ARP = Address resolution protocol ● A mapping between IPv4 and MAC address ● Requires broadcast frame ● Will be eliminated in IPv6 25 Source: ipcisco.com
  • 28. www.glcnetworks.com Ethernet issue: Collision domain ● Area where collision happens. See CSMA/CD ● Some ideas: ○ Using bridged/switched network ○ Now is very hard to find a HUB 28 Source: devto.com
  • 29. www.glcnetworks.com Ethernet issue: Broadcast domain ● An area where broadcast happens ● Try use 5-4-3-2-1 rules ● Broadcast can go wild (especially on infected hosts) ● Some ideas: ○ Using router to split segments ○ Port isolation on switch ○ Use storm control on switch 29
  • 30. www.glcnetworks.com Ethernet issue: Loop ● A condition when frame is forwarded in the media ● Will stop until one of cable is removed ● Some ideas: ○ Do not use traditional switch ○ activate STP between switch ○ Port isolation 30
  • 32. www.glcnetworks.com Without VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A SITE B with VLAN
  • 33. www.glcnetworks.com VLAN terms ● VLAN: a feature on layer 2 device (switch) to do virtual segmentation on physical switch ● The segmentation can be extended to other switch using “trunk” link. Borrowed from telco terms “trunk” (a link to connects 2 telco exchanges) ● Port types: ○ Access port -> to connect to end-devices (non-tag frame only) ○ Trunk port -> to connect to other VLAN switch (tagged frame only) ○ Hybdrid port -> allow tagged and non-tagged frame access port trunk port trunk port VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A SITE B trunk line
  • 34. www.glcnetworks.com What happened on trunk ports ● The layer-2-header of outgoing frame will be modified by adding VLAN tag on the header ● This tag will be recognised at the other end access port trunk port trunk port SITE A SITE B VLAN 10 VLAN 20 VLAN 10 VLAN 20
  • 35. www.glcnetworks.com R41 EXAMPLE VLAN TOPOLOGY 1 interface with 3 networks : - no TAG - TAG to NON-TAG - TAG to TAG PC61 E3 E2 E2 SW51 E2 PC71 E3 E4 br1 e2 e3 br2 vlan10-e2 e4 E2 PC81 E5 br3 vlan20-e2 vlan20-e5
  • 37. www.glcnetworks.com Mikrotik switch ● Start produce switches in late 2000s -> small switch 5 ports ● Introduce SWOS (switch OS) only on mikrotik hardware ● Produce large scale switches since 2014 ● switch features and configurations are based on chipset used (less comfy) ○ switch 1XX / 2XX family ○ switch 3XX family 37
  • 38. www.glcnetworks.com Mikrotik switches CRS (Cloud Router Switch) - use RouterOS - layer3 switch (can do routing) - many interfaces for access (winbox, web, ssh, telnet, ftp, api) CSS (Cloud Smart Switch) - use SWOS (switchOS) - only layer 2 functions - only web interface 38
  • 39. www.glcnetworks.com Mikrotik: router → bridge ● By default, mikrotik is a router ● But we can turn mikrotik to be a layer 2 device. implementation: ○ Bridge → processed by CPU ○ Switch → processed by hardware chip ● all physical mac will be replaced by a single bridge mac address ● Example configuration 39 Source: praktekit.com
  • 40. www.glcnetworks.com Switch features: VLAN ● Connections: ○ physical interface and logical interface (vlan interface) ○ A logical interface and other logical interface (vlan interfaces) ● Implementation ○ Put vlan interface on physical interface OR ○ Put vlan interface on bridge interface 40
  • 41. www.glcnetworks.com Switch features: VLAN filtering ● Better ways to allowing vlan into: ○ physical interface and logical interface (vlan interface) ○ A logical interface and other logical interface (vlan interfaces) ● Implementation ○ Bridge interface ○ Bridge vlan filtering 41
  • 42. www.glcnetworks.com Switch features: HW offloading ● HW offload can reduce CPU processing on bridge 42
  • 43. www.glcnetworks.com switch features: loop protect ● A frame SHOULD NOT return back to its original switch ● This can lead to ENDLESS switching loop ● Loop will stop until a cable is unplugged ● Mikrotik detects returned frame, and disable the port that receive the frame to stop looping ● Can be implemented on bridge/routed mode ● STP/RSTP is recommended than this 43 Source: netgear.com, www.networkacademy.io
  • 44. www.glcnetworks.com switch features: STP / RSTP ● R(STP): Rapid Spanning Tree Protocol ● A BPDU (Bridge Protocol Data Unit) frame is sent by switches to develop a spanning tree topology (without loop) ● Started from root → branches. No links between branches (this considered loop) ● Switch will disable ports that is involved in loop ● For compatibility, use priorities in steps of 4096 (0, 4096, 8192, 12288…) ● Will be discussed later in next webinar ● 44 Source: netgear.com, www.networkacademy.io
  • 45. www.glcnetworks.com switch features: mirror port ● In case you want to sniff on a switch port 45
  • 47. www.glcnetworks.com preparation ● SSH client ● SSH parameters ○ SSH address ○ SSH port ○ SSH username ○ SSH password 47
  • 49. www.glcnetworks.com Interested? Just come to our training... ● Topics are arranged in systematic and logical way ● You will learn from experienced teacher ● Not only learn the materials, but also sharing experiences, best-practices, and networking 49
  • 50. www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Find our further event on our website : https://www.glcnetworks.com/en/ ● Like our facebook page: https://www.facebook.com/glcnetworks ● Slide: https://www.slideshare.net/glcnetworks/ ● Discord (bahasa indonesia): (https://discord.gg/6MZ3KUHHBX) ● Recording (youtube): https://www.youtube.com/c/GLCNetworks ● Stay tune with our schedule ● Any questions? 50