Hi,
I am trying to work out the best product to purchase for equipment to put on our wires-only leased line to do the point-to-point connection and hand over the public IP addresses to our internal firewalls.
Our leased line is 1GBps. I want the equipment to be rack mounted and of a specification so there won’t be any bottleneck or slowdowns from perimeter equipment.
Can you make a recommendation?
Nicely worded statement to induce confusion 
. Wired and then point to point.
Do you mean you need a router to terminate a land line connection and then equipment to take that signal over the airwaves in a point to point wifi type setup back to another wired device ???
Request is too vague, no diagrams etc… suggest you talk to MT Sales Support! https://mikrotik.com/support
No. It’s a leased line supplied as a “wires-only” circuit i.e. point-to-point lease line. This is an Openreach EAD circuit. Looking for an appropriate device to connect into the NTE (ADVA) to bring the point to point connection live with the ISP-supplied address. I will then need to be able to connect devices assigned with public addresses from the range given by the ISP to the Mikrotik and have them route appropriately. Basically, looking for the Mikrotik to perform the role that would normally be taken by the Cisco device commonly supplied with managed circuits. Want to avoid any silly double NAT situations. I’m a bit novice with wires-only circuits but I think my terminology is correct. This is nothing to do with Wi-Fi. Trying to work out what the most appropriate device is that can do this and give the necessary performance to work with a 1Gbps line and not get any slow downs.
Maybe you could provide the actual Cisco model commonly used, this way it would be easier to compare performance with Mikrotik products.
I believe the BT normally use a Cisco 1100 but I don’t know if this is overpowered or underpowered for the configuration. I am a novice with this but the ISP have provided me with the following.
LAN Gateway Address: 51.x.x.58
LAN First IP Address: 51.x.x.33
LAN Subnet Mask: 255.255.255.240
Router Point to Point address: 51.x.x.58
Customer IP Assignement: 51.x.x.32/28
If my understanding is correct the WAN interface of the router gets the router point-to-point address and then the public range would be assignable internally I think the CISCO forwards the IP datagrams but I only have a vague idea of how to configure so that the public IP range is assignable to internal devices without any odd double NAT situation. I am hoping I will be able to source relevant support after the purchase of an appropriate application. I don’t want to overspec but the device needs to be able to support the line speed of 1GBps reliably across to the connected appliances with the Public IPs. And be able to pass the public IP traffic across sensibly.
I hope this makes some semblance of sense!
It should be similar on MT router. I am no multi-WAN guru, but basically from what I have seen,
A block of IPs is given to the admin,
One IP address is used for the router itself, ( nat or no nat, depends on what the op wants to provide on this router ),
the rest of the WANIPs can be netmapped to downstream routers…
the RB5009 should be able to handle this but without knowing, the expected throughput ( what will each IP address carry for BW)??? its still a guess.
So would need to have more specifics…
The use case is that we have multiple companies in the office. We assign each company a static address. Most of the traffic will be general internet browsing, e-mail etc. Traffic will not be huge but as they are paying/contributing to the internet line cost I would want to be able to demonstrate on a speed test that they are achieving close to 1Gbps. I would never expect the pipe to be maxed out. Can I clarify the one IP address that would be used for itself? This would be the point-to-point router I.P correct? This is separate from the Public assignable range which I would dish out to the clients.
Not clear enough, do you mean each customer, each public IP should see approx 1gig up and down, or do they share a 1 gig pipe??
If just an edge type router the RB5009 should do fine 4x1 gig, throughput is well north of 4gigs in this scenario.
Yes, they will all share the 1GBps pipe. Sounds like the RB5009 should speed-wise be fine. I was referring to how to configure the router for assigning the Public addresses. The WAN interface will pickup/be assigned the router point-to-point address as given by the ISP which I believe is its own subnet. In this scenario how would the device then be configured so that it passes across and or assigns public IPs to devices connected e.g. UTM firewalls etc? The ISP will route those addresses across to the RB5009 just trying to get a picture of what would happen from there. I found this post which seems to sort of cover what I am trying to achieve http://forum.mikrotik.com/t/routeros-public-subnet-nat-1-1-good-practices/143680/1 I don’t want to use complicated nat mappings like this I just want to assign the public IPs to devices. I think I have an idea of what to do here but I am guessing my unfamiliarity with RouterOS is going to make it difficult for me to work out what to do precisely, I will purchase one of the 5009 devices and experiment and refer back to support if I get an issue. However, judging by the response time to the sales request/query I sent them I am guessing this forum will be the best option for getting assistance/support! If anyone can clarify the above configuration and or simplify/explain the optimal config it would be appreciated. Thanks for your time.
A 4011 or 5009 would be fine, ICUK use them or Ubiquiti EdgeRouters on their managed 1Gb EAD circuits.
The ISP information seems incomplete - typically they would specify a /30 or /31 WAN connection, together with a routed subnet which you can present on the LAN side of your router as a conventional IPoE, or use for /32 point-to-point ethernet and/or PPPoE connections to make better use of addresses.
The information from TTB is typically
WAN Subnet xx.xxx.155.52
WAN Subnet Mask /31
WAN IP xx.xxx.155.53 ← this is the WAN interface address
WAN Default Gateway xx.xxx.155.52 ← this is the default route destination
Routed IP’s Network Number xx.xxx.145.36
Routed IP Mask /30
Routed First Host xx.xxx.145.37 ← this the is LAN interface address
Routed Second Host xx.xxx.145.38 ← this is a client address (you only get one useable with a /30)
Routed Last Host xx.xxx.145.38
Routed Broadcast Address xx.xxx.145.39
It doesn’t really make sense, the LAN information is OK
LAN First IP Address: 51.x.x.33
LAN Subnet Mask: 255.255.255.240
Customer IP Assignement: 51.x.x.32/28
so when presented as IP over ethernet connections .32 is the network address and .47 is the broadcast address, typically you would use .33 as the LAN address on your router and assign .34 - .46 to clients.
However
LAN Gateway Address: 51.x.x.58
Router Point to Point address: 51.x.x.58
is the same address, refers to LAN where it is the WAN connection and doesn’t indicate the subnet mask size.
Either WAN Gateway Address: 51.x.x.58 and Router Point to Point address: 51.x.x.59/31
or WAN Gateway Address: 51.x.x.57 and Router Point to Point address: 51.x.x.58**/30**
would be valid combinations, you need to clarify the exact setting with your provider.
Reading this topic I could also do with the same help.
I have purchased the CCR2004 and have the Openreach NTE connected into this via the RJ45 port.
Can anyone guide me where I put the LAN and WAN settings on this device?
I assume I would need to assign the WAN settings to the RJ45 port and LAN settings to the SFP going to my LAN/Switch.