Good Day All,

We are getting a new internet connection for our schools campus of 500Mbit (Both up and down so total of 1GBps). We presently use a Juniper Firewall Appliance capable of 200Mbit. Needless to say these firewalls are thousands and thousands of dollars, and I am wondering if a Mikrotik powered device could serve as a great cheap alternative to serve as our school's firewall?

Does anybody have any thoughts on this?

I also asked previously on this forum about replacing our packet shaper also with a Mikrotik based solution. We currently have a Blue Coat Appliance taking care of our "Shaping". It presently limits every IP address to 'X' MBit. We are presently not prioritizing much traffic at all which I believe we should be. People for example who have XBoxes and are trying to play XBox live tend to have poor performance although it doesn't take much traffic. I would like to work on our connection's 'shaping' to be able to provide the best connection possible to everybody. We are taking a huge step by upping our bandwidth which has been the biggest problem to begin with.

We have on campus housing and have at least 1100 students, most of which stay on campus and use the same internet connection. This is not even including our staff of about 300, and even our on campus alumni also using the same connection. So there is a lot of activity on a continuous basis.

I would love to use a Mikrotik based solution to also be able to pull up live graphs of our current internet usage etc.

If anybody has any ideas I would be open to discussion. We will be implementing this new connection in the next couple of months so time is of the essence.

Thank you!

I've not used one, but the 1100AHx2 should handle that level of traffic.

If you want bandwidth and use stats - ntop. To capture that many packets, you'll need to use their high-speed data capture methods, but you'll get a level of stats that is really pretty incredible.

Pair this with MRTG and you'll have some pretty nice stats.

You will know who is consuming the most data and/or most packets
What is your average packet size.
What protocols are being used.

[Though I must say, MikroTik having borked the disk of the 1100AHx2 from 512M to 42M would put a serious damper on my purchasing of the beast. But it's less than $500.]

Of course, you're playing with a level of bandwidth and sophistication as well as budget that is quite a lot higher than most of my clients require - so I'm not familiar with the level of hardware you're using. What you're doing is truly enterprise class. And perhaps it's a good case for really enterprise solutions. [Though IMO, the "enterprise" stuff I often see is mostly "enterprise" cost and not that much more substance than OSS stuff - it just depends on if you can take the time and tinkering to use OSS stuff. If you can't take the time/effort, or have to have someone to blame when something breaks, then buy the "enterprise" stuff.]

-Greg

Greg,

Thank you for the information. I will do some research and see what I can find Enterprise stuff is really expensive...if we can go cheaper with Mikrotik based solutions and it works, then hey, why not, right?

Thanks!

What is the 500mbps handoff, copper ethernet or multimodefiber?

You'll want to build a Core i7-3930k with a second network intel nic (fiber EXPI9402PF or copper EXPI9301CTBLK)

The Core i7-3930k is a 3.2ghz 6 core (19.2ghz) turboboost 3.8ghz (22.8ghz)
Intel BOXDH67BLB3 Motherboard (has onboard gigabit for LAN)
Kingston KHX1600C9D3B1K2/4GX 1600mhz DDR3 kit (4gb)
TranscendUSA 2GB SSD - TS2GSDOM22V
fiber EXPI9402PF or copper EXPI9301CTBLK for connection to ISP
Mikrotik RouterOS 5.x license

That unit will handle 1000mbps with ease. We have multiple core i7-2600k deployed on 500mbps circuits and love Mikrotik. We do keep a complete spare of the whole unit just incase something fails.

Thanks Brian for the reply. We were hoping to get a Quad Port of the same chipset (82576), but the Mikrotik Support page says not supported on version 4.5. But, the support for the Dual Port mentions version 5.8.

Would it be safe to get the quad port one?

I can verify the EXPI9400PFBLK (single port) and EXPI9404PFBLK (quad port) Fiber cards as well as EXPI9404PTBLK (quad copper) work on RouterOS 5
I can't verify 82580 chipset (I340-T4) quad copper will work or not, was released 2nd quarter 2010 so I would think the current RouterOS linux 2.6.x kernel should have the driver, just keep in mind the 82580 has a different driver than the 82572, so someone will have to test this newer chipset on RouterOS.
If you want a quad copper, check out EXPI9404PTBLK, its like $257 on froogle.com