Community discussions

MikroTik App
 
ksteink
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Sun Aug 23, 2020 7:06 am

Hi love to see the following features on RouterOS v7 ( or even v6 ):

- VSS ( Virtual Switching and Stacking ): Even ROS supports for years VRRP you need to custom scripts to replicate other configuration parameters like DHCPs. Connection states should be replicated to allow a transparent failover if primary device ( i.e RB or CRS3.x) goes down.

- ZTP (Zero Touch Provisioning): Shouldn’t be great specially when you are trying to deploy remotely new devices that as soon they can reach the internet via default factory config using DHCP client the router calls to a remote system ( i.e. IP Cloud) and using the serial number or any other method the remote admin can register that device and use the IP Cloud like a proxy to get remote access to the router to load the configuration desired? This concept is similar to Unifi’s remote access that creates like an Out of the Band secure access without the need to deal with sometimes complex VPNs setups.

- IPv6 L3 HW offloading on CRS 3.x: I saw this feature recently launched on the recent BETA of ROSv7 for IPv4 and is great but also IPv6 support should be added to continue pushing this protocol as mainstream !!

- SD-WAN: ROS is very versatile on several areas and SD-WAN overlays and PBR can be emulated but requires a lot of manual configurations. If Mikrotik creates its own SD-WAN algorithm that is simple to use and can be turned in just in few clicks (aligned with ZTP approach) with DPBR (Dynamic Policy Base Routing) based on DPI (Deep Packet Inspection) on a nice dashboard will be a home run to star taking on big leagues on the market.

- UTM features: Even Mikrotik has a good IPTables based firewall the lack of additional security features such as IDS/IPS, AMP ( Anti malware protection) and others (similar to what PFsense offers) will make ROS a very compelling story that integrates network and security.

I would love to see these features implemented on the new ROS code as I am a big fan of it and I want to compete better with some bigger leagues including but not limited to Cisco as an example!!


Sent from my iPhone using Tapatalk
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Sun Aug 23, 2020 8:07 pm

Zero Touch Provisioning would be great
the others are boring
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Mon Aug 24, 2020 5:57 am

Hi love to see the following features on RouterOS v7 ( or even v6 ):

- VSS ( Virtual Switching and Stacking ): Even ROS supports for years VRRP you need to custom scripts to replicate other configuration parameters like DHCPs. Connection states should be replicated to allow a transparent failover if primary device ( i.e RB or CRS3.x) goes down.

- ZTP (Zero Touch Provisioning): Shouldn’t be great specially when you are trying to deploy remotely new devices that as soon they can reach the internet via default factory config using DHCP client the router calls to a remote system ( i.e. IP Cloud) and using the serial number or any other method the remote admin can register that device and use the IP Cloud like a proxy to get remote access to the router to load the configuration desired? This concept is similar to Unifi’s remote access that creates like an Out of the Band secure access without the need to deal with sometimes complex VPNs setups.

- IPv6 L3 HW offloading on CRS 3.x: I saw this feature recently launched on the recent BETA of ROSv7 for IPv4 and is great but also IPv6 support should be added to continue pushing this protocol as mainstream !!

- SD-WAN: ROS is very versatile on several areas and SD-WAN overlays and PBR can be emulated but requires a lot of manual configurations. If Mikrotik creates its own SD-WAN algorithm that is simple to use and can be turned in just in few clicks (aligned with ZTP approach) with DPBR (Dynamic Policy Base Routing) based on DPI (Deep Packet Inspection) on a nice dashboard will be a home run to star taking on big leagues on the market.

- UTM features: Even Mikrotik has a good IPTables based firewall the lack of additional security features such as IDS/IPS, AMP ( Anti malware protection) and others (similar to what PFsense offers) will make ROS a very compelling story that integrates network and security.

I would love to see these features implemented on the new ROS code as I am a big fan of it and I want to compete better with some bigger leagues including but not limited to Cisco as an example!!


Sent from my iPhone using Tapatalk
It sounds like you want a NGFW not a router ;)

There are plenty of other cost effective options for NGFW/UTM.
 
ksteink
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Mon Aug 24, 2020 5:41 pm

Zero Touch Provisioning would be great
the others are boring
well this is my wish list, if becomes to reality you can use the features that you like :)
 
ksteink
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Mon Aug 24, 2020 5:43 pm

Hi love to see the following features on RouterOS v7 ( or even v6 ):

- VSS ( Virtual Switching and Stacking ): Even ROS supports for years VRRP you need to custom scripts to replicate other configuration parameters like DHCPs. Connection states should be replicated to allow a transparent failover if primary device ( i.e RB or CRS3.x) goes down.

- ZTP (Zero Touch Provisioning): Shouldn’t be great specially when you are trying to deploy remotely new devices that as soon they can reach the internet via default factory config using DHCP client the router calls to a remote system ( i.e. IP Cloud) and using the serial number or any other method the remote admin can register that device and use the IP Cloud like a proxy to get remote access to the router to load the configuration desired? This concept is similar to Unifi’s remote access that creates like an Out of the Band secure access without the need to deal with sometimes complex VPNs setups.

- IPv6 L3 HW offloading on CRS 3.x: I saw this feature recently launched on the recent BETA of ROSv7 for IPv4 and is great but also IPv6 support should be added to continue pushing this protocol as mainstream !!

- SD-WAN: ROS is very versatile on several areas and SD-WAN overlays and PBR can be emulated but requires a lot of manual configurations. If Mikrotik creates its own SD-WAN algorithm that is simple to use and can be turned in just in few clicks (aligned with ZTP approach) with DPBR (Dynamic Policy Base Routing) based on DPI (Deep Packet Inspection) on a nice dashboard will be a home run to star taking on big leagues on the market.

- UTM features: Even Mikrotik has a good IPTables based firewall the lack of additional security features such as IDS/IPS, AMP ( Anti malware protection) and others (similar to what PFsense offers) will make ROS a very compelling story that integrates network and security.

I would love to see these features implemented on the new ROS code as I am a big fan of it and I want to compete better with some bigger leagues including but not limited to Cisco as an example!!


Sent from my iPhone using Tapatalk
It sounds like you want a NGFW not a router ;)

There are plenty of other cost effective options for NGFW/UTM.
I want a great router like ROS and also a NGFW / UTM onthe same box. The Great router we have it but the UTM is what I am looking here to be added.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Mon Aug 24, 2020 6:51 pm

1. MikroTik is already working on stacking, I've talked with them at length about the need for this at the MUMs. The last I heard, MikroTik was using a standards based protocol to implement a redundant switching control plane but I don't remember which one.

A decent guess would be either SPB (https://en.wikipedia.org/wiki/IEEE_802.1aq) or EVPN with VxLAN and MLAG (https://tools.ietf.org/html/rfc7432)

2. The tools to do ZTP are there if you put a little time in on scripting or ansible. API, SSH or TR-069 can all be used to take a stock MikroTik and have it receive a config when plugged in

3. IPv6 HW offloading is just a matter or time...once IPv4 L3 HW offload is working well, i'm sure that will be bext

4. In my opinion, the addition of Wireguard signals an intent by MIkroTik to compete in the SDWAN space - all of the protocols are there now except a controller for path selection, perf analysis and monitoring. Not sure if they will extend functionality of the Dude or build a webapp.

5. UTM - I don't know that we'll see this anytime soon. UTM requires a lot of development resources. Trying to manage the ability to detect and mitigate at L4 - L7 using signatures and other automated mechanisms requires constant care and feeding by a dev team. This doesn't seem consistent with MikroTik's cost effective approach.

Just my two cents as someone who works on MikroTik for consulting clients (including small, medium and large enterprise) every day.
 
creatin
Member Candidate
Member Candidate
Posts: 108
Joined: Sat Nov 23, 2019 2:59 am

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Mon Aug 24, 2020 7:00 pm


5. UTM - I don't know that we'll see this anytime soon. UTM requires a lot of development resources. Trying to manage the ability to detect and mitigate at L4 - L7 using signatures and other automated mechanisms requires constant care and feeding by a dev team. This doesn't seem consistent with MikroTik's cost effective approach.

Just my two cents as someone who works on MikroTik for consulting clients (including small, medium and large enterprise) every day.
Are we willing to pay extra monthly fee for UTM as other vendors charge?
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Mon Aug 24, 2020 9:06 pm

UTM could be done for free if all routers had Torrent and BlockChain
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Tue Aug 25, 2020 1:03 am

UTM could be done for free if all routers had Torrent and BlockChain

How does this solve the problem of analyzing and mitigating threats at L4 - L7?
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Tue Aug 25, 2020 1:28 am

Not needed as they are inherently secure.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Tue Aug 25, 2020 2:14 am

Not needed as they are inherently secure.
That doesn't make any sense....UTM is not just Internet facing, it's designed to detect internal and external threats across an organization's infrastructure.

Can you share some details of how blockchain and torrent would prevent malware from replicating on an infected operating system to adjacent systems?
 
ksteink
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Wed Aug 26, 2020 6:36 am

1. MikroTik is already working on stacking, I've talked with them at length about the need for this at the MUMs. The last I heard, MikroTik was using a standards based protocol to implement a redundant switching control plane but I don't remember which one.

A decent guess would be either SPB (https://en.wikipedia.org/wiki/IEEE_802.1aq) or EVPN with VxLAN and MLAG (https://tools.ietf.org/html/rfc7432)

2. The tools to do ZTP are there if you put a little time in on scripting or ansible. API, SSH or TR-069 can all be used to take a stock MikroTik and have it receive a config when plugged in

3. IPv6 HW offloading is just a matter or time...once IPv4 L3 HW offload is working well, i'm sure that will be bext

4. In my opinion, the addition of Wireguard signals an intent by MIkroTik to compete in the SDWAN space - all of the protocols are there now except a controller for path selection, perf analysis and monitoring. Not sure if they will extend functionality of the Dude or build a webapp.

5. UTM - I don't know that we'll see this anytime soon. UTM requires a lot of development resources. Trying to manage the ability to detect and mitigate at L4 - L7 using signatures and other automated mechanisms requires constant care and feeding by a dev team. This doesn't seem consistent with MikroTik's cost effective approach.

Just my two cents as someone who works on MikroTik for consulting clients (including small, medium and large enterprise) every day.
Thanks for the insights!!! Seems that Mikrotik is going in the right track on these features :). My main priorities are ZTP and VSS to have first above the others.
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Wed Aug 26, 2020 8:21 am

  • VSS - that would be nice
  • ZTP - already available, although not completely out-of-box as with UBNT. Only true form of out-of-band management is a serial port and that is available.
  • L3 HW offloading - in development, although it seems having some limitation (quite small amount of connections can be managed concurrently). I do not believe these limitations will be lifted since it depends on HW support within switch-chip.
  • SD-WAN - usual SD-WAN is a service which depends on some features (multi-wan routing, failovers, tunneling etc..). Features are already available. Service can be implemented by anyone. Such organisation then may be promoted as "MFM / certified mikrotik integrator". If you are smart enough, all you need is to hire few VM's in AWS/GCP/Azure, make few provisioning scripts and offer the service. You could actually make sh*tloads of money on this.
  • UTM - again, it is a service, which depends on some features. In this case, features are not quite there (lets be honest, the most advanced matcher in mikrotik's firewall is L7 which is known to eat all CPU, so for any more advanced IDS, you would need probably some different approach. However, once there are all required features and power, it will still depend on service (someone supplying and updating database of rules) which is completely different market. I agree it would be nice, but whoever is capable of implementing mikrotik will have likely no troubles to pair it with Surikata/Snort or other free IDS/IPS
I guess my understanding of development is a bit different than many other users, because I am SW developer myself. I know that suppliers have limited resources and we always have to choose - which features take precedence? All your suggestions are interesting and could be implemented/improved, but there are heaps of others which need to be focused on as well.
 
olivier2831
Member Candidate
Member Candidate
Posts: 296
Joined: Fri Sep 08, 2017 6:53 pm

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Wed Aug 26, 2020 9:26 am

Thanks for the insights!!! Seems that Mikrotik is going in the right track on these features :). My main priorities are ZTP and VSS to have first above the others.
Same priorities here: ZTP and VSS.
And an other feature not mentioned before: LLDP-MED
I would very curious to read about the later one.

Who is online

Users browsing this forum: No registered users and 23 guests