FTTH Network configuration advice

RouterOS General
1

Please give me some advice regarding my home network architecture. I have nice FTTH fiber connection, but my provider gave me router with NAT ;-(
This router has some basic configuration possibilities: DMZ, port forwarding, DHCP, etc. One of 4 LAN ports is for internet, second for TV and next for future.

I need much more, but I just still wondering if the best idea is to build second NAT with default router MikroTik MT RB2011UiAS-RM or just to use FTTH only as a gateway.
I have also managed 24 ports TPLink Switch which is connected right now to FTTH router.

I have to options:
A. Use RB2011UiAS-RM as a second NAT directly after FTTH router, and next connections to Switch.
B. Use FTTH router as a gateway and that’s all, any other network services and advanced use will be made by RB2011UiAS-RM. In this case I should use same class network in both routers.

Questions:

  1. Some disadvantages of solutions Option A?
  2. If there is feasible option B - if yes how to configure RB2011UiAS-RM router to use same network class on WAN and LAN1 interface (f.e WAN - 192.168.200.200, LAN1 - 192.168.200.210)
2

Double natting just can make problems. Don’t do it if you don’t need it. What throughput are you expecting that should be handled?

3

I’m going to run HE ipv6 tunnel, OpenVPN server, some HTTPS and HTTP services.
If you have also some concerns to use double NAT I will use option B, but please help me to clarify some questions:

  1. gateway will be this FTTH router and can I use RB2011UiAS-RM in this case same class network in both routers,
    2 how should I config WAN (f.e WAN - 192.168.200.200, LAN1 - 192.168.200.210)
  2. Is anything special beside static network config for RB2011UiAS-RM to have FTTH roter as a gateway and
  3. all traffic should go always go thru RB2011UiAS-RM
4

FTTH router means (ONT,ONU)? if so, you can run it as bridge mode.

5

FTTH router means DASAN endpoint FTTH router.
Sorry, I can’t run it as a bridge ;-(

6

Don’t expect that 2011 will nat more than 200-300 Mbits /s depending on number and complexity of firewall rules so it may be even less . Is this enough for you?

7

200-300? mine at ~120-150 the cpu is ready to explode and this without any complicated fw rules.. only few basic ones

8

Of course it depends… I just wrote that it can’t be expected more. So you just confirmed my words… Anyway I have 140mbits with 70% load on 2011.

9

Now the connection is 50 Mbps and I don’t think that I will need more than 100/100 Mbps in next 12-24 months :wink:
This all is for home users, streaming internet TV (Netflix, etc) and standard web browsing.

10

Dont want to steal topic, however can you tell me what client or device you use for netflix?

11

I’m using two Roku devices (Roku 2 and Roku 3) with unotelly.com DNS service.
That is the reason why I need to have more sophisticated router.
I have to configure DHCP service for different MAC different DNS provided by DHCP.

12

I kind of know what you mean. Alternatively you can use vpn service provider for netflix. It is quite easy to set up in mikrotik and push traffic through the vpn interface to the roku IP in your network. Have you considered that?

13

Yes, I know that I can use VPN, but in my opinion DNS is better:

  • don’t have any limitations to the speed limit, with VPN always you will have slower connection after VPN
  • some of services like Hulu don’t work with many VPN providers
  • DNS service for this case do not charge so much router CPU
  • is cheaper use DNS service than high quality VPN for HD content
  • is more complicated to configure your router to use VPN only for some MAC, comparing to DNS

Of course for some reasons f.e. some registration processes you have to use VPN.
In general I think that DNS is better than VPN for this purposes.

14

BTW anyone can help me how to configure DHCP to use different DNS for different devices (by MAC address) ?