RouterOS v7 limited beta

I did an overall video of the New Mikrotik RouterOS v7.

From Mikrotik forum: https://forum.mikrotik.com/viewtopic.php?f=1&t=152003

We have released a very limited test variant of RouterOS v7. Currently only available for ARM systems with a slightly limited feature set.

What is currently unlocked / available:

– Only available for ARM architecture
– Based on Kernel 4.14.131, which is currently the latest and most supported LTS version
– New CLI style, but compatible with the old one for compatibility
– New routing features, but see below
– OpenVPN UDP protocol support
– NTP client and server now in one, rewritten application
– removed individual packages, only bundle and extra packages will remain

Other features not yet public.

What is not available:

– BGP / MPLS disabled
– Extra packages
– Winbox does not show all features, use CLI for most functionality

DO NOT USE IT FOR ANYTHING IMPORTANT, THIS RELEASE IS STRICTLY FOR TESTING AND DOES CONTAIN BUGS

Download link: https://mt.lv/v7

Ubiquiti launches Speedtest Server/network

https://blog.ui.com/2019/08/13/ubiquiti-launches-a-speed-test-network/

Ubiquiti launches the Ubiquiti Speedtest, the first public test network integrated with enterprise network equipment. Ubiquiti Speedtest comprises a network of test servers and built-in speed test capabilities. Reports include uplink/downlink throughput and latency. Sharing the results is easy via email or social media.

It appears you can run this on a Ubuntu server or VM. They have an installer and a docker image.   You can do browser-based speed tests or their WiFiman App.

Tests may run over LAN, Wi-Fi, or mobile networks. Ubiquiti Speedtest uses Ubiquiti test endpoints and provides automated and manual test target selection. The automated selection uses a combination of geolocation and latency measurements for determining the best servers. The algorithm may use several parallel endpoints for the best measurement accuracy.

Corporate vs ISP networks for the ISP

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at "Patrons Only" or higher tier

ISP vs Enterprise networks

I recently was hanging out with an ISP admin who moved over from the Enterprise world. After a few days with him, it rekindled the interest in writing this article. From a high level, a network is a network. Its job is to move bits to and fro. The goals of the network are where we start to see networks separate themselves. Let’s start with some simple goals of each system.

An enterprise network’s goal is to protect the end-users from outside threats and themselves while giving access to the things they need for their job. An enterprise admin deals with things like firewalls, file servers, software, and Domain controllers. Switches and routers are backend systems for the enterprise. A means to deliver the software to the end-user.

An ISP network’s goal is to give access to the Internet as a whole to its customers while protecting its infrastructure.  Access points, fiber ONTS, and backhauls are the things routinely dealt with by ISP admins. Servers and things are backend systems for the ISP. The servers become the support systems to deliver access to the customers.

The most significant difference between the two networks above is the Enterprise customers are given access to what they need for their job. If they need the Internet, it is routinely filtered for content, and non-work related sites are blocked. Admins of the Enterprise network follow the “block all and allow what is needed” approach. Sure, the Enterprise admin deals with things like WAN connections, switching, and sometimes even BGP but not in the same ways a Service provider does.

Typical corporate or enterprise network

In contrast, Service Provider networks should give unfettered access to the Internet and leave it up to the customer to decide what they should and should not restrict access. With ISP customers you are only dealing with Internet access and don’t necessarily know what the users are doing with the Internet “pipe”. You don’t have to worry about content filtering (unless that is an add-on or your business model), file shares (handled by corporate VPNs) and restricting access to things.

Typical ISP network

My oversimplified view is most ISPs mainly deal with layers 1-3 of the OSI model for their access networks, while Enterprise networks deal a lot with layers 4-7.  The software takes focus, and layers 1-3 are just necessary to make the software work.   In other words, the corporate network deals with the LAN more than the WAN and the ISP network deals with the WAN more than the LAN. As corporate networks grow these lines tend to blur a little.

If you are an ISP admin, your goal should not be blocking what users are doing. Your goal should be to give the user fast speed and the lowest latency possible while protecting your infrastructure from them and the outside world. I mentioned latency because of gaming and streaming. Every device the customer goes through it adds latency. Sometimes its fractions of a millisecond, but there is no free lunch. This speed hit is why firewalls have limited uses in the ISP world for access customers. Firewall options give you a myriad of choices when it comes to throughput and latency. These licensing options for things such as the number of concurrent connections, latency level pricing, and the sheer number of users supported. You pay for the more connections you need to run through the firewalls. What may be useful for a corporation of 500 users probably won’t support a 500 user ISP if everyone is routed through a firewall.

So what is someone to do with all this information? If you are an ISP, you should adopt and adapt the following guidelines for your business.

1. Don’t firewall your customers on your access network. Let them be responsible for that. If you are a managed service provider (MSP) then you have firewall services at the desktop and router level you can sell. If you are just an ISP you can sell a managed router service to help protect the customers and your infrastructure. However, don’t be heavy-handed as it will create more problems than it solves (see #2)

2. Things change so much in terms of how programs and apps utilize networks. Customer demand routinely drives service providers to adapt and change with the times. An ISP who restricts what their customers do gets left behind pretty quickly. In some instances, you even have laws about limiting access to content.

3. As technology evolves so does the use of your network.  Restricting customer access to the Internet via firewalls creates more support because you are routinely editing rules, troubleshooting, and upgrading firewall software.

I want to close with a little philosophy.  It’s not that firewalling an ISP network is a bad thing, it’s just not very efficient and cost-effective.  You need to keep buying more and more firewalls to keep up with demand.  Firewalls have their place in corporate environments. In my next article, I talk about how ISPs should be running both types of networks. Look for this coming soon.