I am redisigning my network. I am no longer happy with my erratic ping times, and inconsistant service. So I am thinking of reducing the number of devices traffic passes through. Currently:
3xT1-->Tasman 1004 router--> Cisco PIX 506 --> Mirotik 2.9.18 used for bandwidth shaping --> Cisco Catalyst 3524En --> 6 routerboard 230s spread thoughout the city
1 - can a mikrotik be configured well enough to replace a PIX 506 firewall, or am I best to keep it in place?
2 - Can all MT services be run off of one PC (currently a P3 1000) without taking a hit on performance and continuity? (firewall, traffic shaping, etc)
3 - Can the MT function well enough as a DNS server ( I know it's mainly a cache, but good enough)?
I have 200 wireless customers, and performance is getting worse, though we continue to add more T1s. Everyone is set to 512 up/down, no bursting, no longer using PtP Queue due to negative hit on performance. We average 42% bandwidth consumption.
I guess I can offer some answers regarding item 1. We run a Cisco PIX 525, and are currently very happy with it. A couple of things to know about the 506; Units manufactured between May 2001 and October 2001 may hang with traffic levels above 15 megabits. Otherwise, they are rated up to 100Mb of firewalled traffic.
Also, there is a small 35mm cooling fan just behind the light green plastic face of the unit. The plastic face pulls off to reveal it. These fans will fail completely over time, without any warning noise at all. When they fail, the unit (that has a heatsinked Pentium 200 chip in it) heats up and starts to act erratically. Check your cooling fan!
Item 2 I'll let someone more knowledgeable answer. Item 3, I know that the Mikrotik cannot function as a DNS server, only as a DNS forwarder. Why would you want to forward DNS unless you have to?
In conclusion, I'll offer that I don't think the number of devices you have are contributing to your erratic ping times and bad service. I have a much longer device chain running my network than you do, and my network runs fine.
If I'm reading your post right, I think your problem is that you are allowing all your customers at 512 (Kb?) up and down. You have 4.5 Megabits of incoming bandwidth. I'm assuming that you are running 802.11b to the customers, which has 11 Megabits to offer, 5.5 Megabits down and 5.5 up, realistically your customers will get 3 Megabits down and 3 up if they have a good connection. It won't take too many customers that are limited to 512 Kbps to fill up your AP's and start to cause the problems you are experiencing.
Start using Torch or a separate box running NTOP to see what your customers are doing, and I'll bet you find out that your AP's are saturated. You can use PCQ to distribute the bandwidth evenly amongst your customers so they all get their fair share.