Looks amazing at first sight…
But performance-wise it is not anyhow significantly better or cheaper than 4011. Just in some special cases it might be worth to use it due to different switch layout.
Ros7 only device, high lowest power voltage and the consumption…
And anyway, I am looking forward to the WiFi version in ddesktop case.
Oh. It is already discussed…
http://forum.mikrotik.com/t/mikrotik-rb5009ug-s-in/150561/1
Is here from 20 Jul
http://forum.mikrotik.com/t/mikrotik-rb5009ug-s-in/150561/1
Another device for beta-tester only?
On long time act like Chateau LTE12: personalized firmware, nothing to do with current beta, and officially unupgradable…
But the user update it with the beta and then do not have the original firmware to go back and still locked on perennial beta
Jarda, why insist on making same mistake, to get MT wifi on router LOL.
By the time it gets to your desk, MT will discover that their wifi 5 plus, which everyone else has had for years, is too much pain to get support on v7 ROS and
they go right to model 5010 with wifi 6 
In other words it will a cold day in hell for me to buy a wifi router again (of any brand).
msatter and jarda, shameless plug for another MT product, how much did Normis pay you??
5 euros, 10 euros, a free t-shirt?
Okay I can play this game!!! for a free t-shirt
https://www.youtube.com/watch?v=c5kBvwGqGws
I am not an ‘influencer’ and I did miss the other tread about it…despite I searched on “5009” before posting.
A big no no for me is that it is only ROS 7 the “guinea pig” edition.
ps. I still have to give consent to Alphabet (Google/Youtube) to watch their content…you can post as many links but I won’t/can’t watch them.
Performance wise is about the same. But just the single switch chip - with VLan capabilities - and the 2,5Gb port make it better than 4011. I always though it was a great device, seriously hampered by the unfortunate dual switch layout.
ROS 7 is a dealbreaker for me, can’t put anything into production that’s running buggy beta software. And all these new CPUs seem to take a very long time to actually become stable, look at 4011, 2004… I really want to like the hardware but the software just can’t keep up.
Yes, RoS 7 is a problem today. Will not be in the future.
I think it will be easier with new hardware - Mikrotik looks like it’s using more and more closed binaries with RoS 7. The old kernel was so ancient that I believe several SOCs didn’t support it. Take a look at the WiFi: they are (will be) using the official blob, instead of making their own driver.
The same (I think) will happen with new hardware. At least, I hope so. 
But the device does not (yet?) support hardware IPSec, no?
I don’t know. There aren’t the test results to IPSec. Either it doesn’t support, or they didn’t test (yet). It’s using RoS 7beta too. Maybe this part isn’t completed?
Ipsec hardware results will be available on 5009 upon release of Ro8
I noticed a lot of new devices don’t have IPsec performance listed, so maybe the Big Mik is slacking off when it comes to this.
I’m more interested in real world speedtests for wireguard.
Last time I tried wireguard on my CCR1009, I was really disappointed, so I moved the wireguard setup to a RPI4, which offered far better speeds.
I’m willing to switch to the new RB5009 or the new CCR2004, if they’re able to push at least 1Gb/s using wg.
Dreaming again??
On my setup I was able to get 300Mbps up and down.
Far better result than i would get on any other type of VPN.
1 gig network on either side, 15 km apart (same provider- fibre 1gig)
The 4011 can saturate a 500 Mbit/s connection eith IKEv2 with ease.
The 5009 processor does crypt and I saw Fips-140 somewhere.
Productbrief processor (PDF file): https://www.marvell.com/content/dam/marvell/en/public-collateral/embedded-processors/marvell-embedded-processors-armada-7040-product-brief-2017-12.pdf
Easily 700+ with GRE+IPSec on single tunnel.
And I’ve seen close to 1,2Gb on two tunnels combined for all destinations.
Good to know!
I thought wireguard was the cats meow, is the difference being that the RB4011 has a separate ipsec engine which wireguard does not use (or not coded to use)???
Wireguard can’t use the IPsec hardware acceleration, since it is geared towards RSA. The algorithm used by Wireguard (CHACHA20) doesn’t have - as far as I know - hardware acceleration on the SOCs used by Mikrotik. At least, yet.
But this would happen only with a new SOC. I’d say no less than 3 or 4 years from now, since the SOC maker would have to go through the development, and it will happen only after Wireguard gets enough market share.
Assuming it is a good idea to waste transistors with hardware acceleration - maybe it will be fast enough in software anyway.
Anyone who already got one of the new devices? I’d be really interested in a speed comparison between hw-accelerated IPSec and WG.
Well, I will settle for 300 considering it is so much easier than configuring anything else…(caveat with mountains of sindy support to understand the basics of the router to enable effective wireguard use).