MikroTik

Hi
Been searching for a while and I can't seem to find a straight answer to my problem. What I would want is:
- a mikrotik router
- switching capabilities on it
- 8/10/13 gigabit ports (no..no ethernet ports needed and whatever number suits a product here..but at least 8 rj45 ports)
- an AP (b/g/n 2.4 and 5ghz ac) with decent capabilities (it can be medium performance..in fact it would be great if the wireless module would not be so powerfull in terms of signal strenght). But i need it to be 2.4 and 5 ghz. I have devices that can do ac..
- the switching part has to be embedded in the hardware (switching chip - I need gigabit lan speeds)
- the router has to be capable of routing 1000Mbps ISP fiber line with PPPOE on wan port and this is a deal breaker condition for me
- at least RouterOS level 4
- a decent CPU (don't want to see 100% loads on it due to routing)
- i estimate around 25 firewall rules
- it will do DHCP, NAT, Firewall, VPN, WIFI hotspot, maybe QoS and switching + VLAN
- the switching ports have to sustain constant video streaming (HD streams) from 6 ip cams from lan which will be streamed to a LAN NAS who will store them then send them to a cloud storage.
- fastpath capability (I think they all have it after Router OS 6.something..)
- no cooling fans would be very nice if possible. Noise can be an issue even if a small coling fan like a Mk router has a very loow noise emission footprint.

Now, I know mikrotik has products that cover all of the above. But none of them satisfy all of it. If I find one that's been tested on an 1000Mbps pppoe wan link and can work without significant cpu load and reach that speed...then I find out that it only has 5 Gigabit ports. If I find a decent one with an ac AP ..it's only with ethernet ports. And so on.
Now..I know i can "daisy chain" something like mk router with a mk switch and with a mk ap and they will all suit my needs. But that would be kinda expensive.

On the other hand, my concern is that a mikrotick router with switched ports (bridge or better yet with a master port set in a group of HW switched ports) would not perform the same as a dedicated mikrotick switch. From what I understand setting a Mikrotick switch to act as a router is kinda out of the question performance wise (remember it will have an 1000Mbps pppoe on wan port)

So..can someone enlighten me about what are my options here? How exactly does a mikrotick router with some switched ports works? I know some models have switching chips on the board but...is it the same as in classic Mikrotick switch? Are there any downsides setting up those ports as "switched" in a router from the RouterOS perspective? Can I manage them from RouterOS exactly as I wouls manage a Mikrotick dedicated switch? Is there any performance loss compared to a classic Mikrotik switch.
I really want the RouterOS on my network in one way or another.

Also please don't say nothing about the CCR series..)) that would be the answer (without the wifi part maybe) but they are out of my budget. Those are almost carrier grade routers and we are talking about SOHO here ..i think.

If there is no such Mikrotick product then at least can you at least point me to some dedicated router that can do 1000Mbps PPOE Wan +a decent Gb switch and a medium (performance wise) AP 2.4/5Ghz? Tough..that would be such a waste of ports..most of the ports in the router will be unused, all of the ports in the AP will remain unused (I need only the wifi AP part)...not to mention that there would be 3 RouterOS instances to manage at some point in time (3 devices)..Or at least 2 (switch can have SW OS).

A little help here please?
Thank you!

I think RB3011UiAS-RM would solve many of my issues minus the AP/Wi-Fi part which I guess I can solve with an additional AP. I think it can route a 1000 Mbs PPPoE ISP link on one WAN port while the rest of the ports will act as switching ports. But there is one problem. RB3011 is a router not a switch. It does have 2 switch chips for the 10 ethernet ports of this routerboard. 5 ports for each switch chip. Meaning that switching is done at wire speed for a group of 5 ports associated with one switching chip. The same for the other 5 ports (ok maybe 4, one will be WAN). Problem is I need more than 5 switching ports. Meaning that there has to be a bridge between the 2 master ports of each group. Meaning...switching will be done in CPU rather than bypassing it. Meaning more CPU load, more latency and (maybe) lower LAN speed (no more wire speed).

Now I know it's a dual core 1.4GHz ARM CPU but taking into account what I've mentioned in the initial post, question is ...what would be the real impact of using this router in such way:
1 port WAN, 4 switching ports (one master) + 5 switching ports (1 master) and a bridge between the two master ports + DHCP, VPN, NAT, Firewall (~25 rules), VPN, WIFI hotspot, maybe QoS and some VLANs?

Is this feasible or it's better to go with dedicated MK router(or router with ap) + MK switch?

Thank you!

Wait for the product announcements on the European MUM next week.
It could be that there is a new product that satisfies all your requirements.
(I know nothing about new products but it should be clear to MikroTIk that this kind of product is
required to survive in the small/home router market)

Yup..i know about the MUM...I guess you are right about a new line of products. But my guess is that Mikrotick is not targeting SOHO the way others do. RouterOS is not a walk in the park for most people and 90% of SOHO is made up of people with no IT background or at least basic IT& Networking knowledge. I can't believe I can't find a product... I've read the rumors about the new arrivals at MUM but as always..it seems to me that Mikrotick is maintaining the same business logic. For example, I think we will still see the 5 Ethernet/5Gigabit ports combo on 200$ top limit products targeted at SOHO and the old MAX(5 Ethernet) OR MAX(5 Gigabit) ports on home users products.

As much as powerful and amazing RouterOS is it's still shadowed in a box with limited resources where using it at a fraction of its potential caps the CPU and thus limiting its abilities drastically. Where is the fun of having IPSec HW capabilities in the ARM CPU of a RB3011 for example if using it in one form or another hogs the cpu (there are debates here about it being the first ARM architecture and Mikrotick is still developing to harnest its full potential sort of say). Where is the fun of having HW Gigabit switching capabilities on the PCB if only group of 5 ports are using 1 or 2 Gigabit lanes and the moment you bridge the group the CPU starts to choke if you have relative poor CPU on the routerboard.

Some would probably argue "well..you want advanced features, you pay the price". Well yes, I agree. But by all means..I don't think that my requests are so much over the top. After all I want a router who can route 1000 Mbps with PPPoE encapsulation and at least 8 ports acting as switching ports at wire speed...Is that too much to ask? I think not.

There were rumours that one of the announce products would be the successor of the failed RB3011-UiAS-5HPacD-IN...
So please wait and see.

There is no single device on the market that could guarantee all those features, especially at that price point.

If you really want all those features, your time and money is likely better served researching separate devices, i.e. a router just for routing tech + NAT + (basic) VPN, connected to a switch that supports VLAN + QoS + ACL + DHCP + Firewall - you could carve out those last two functions into separate devices/PC too - a dual band WiFi AC AP system, then connect your devices into the switch.

When those functions are separate, not only can they frequently be found at a cheaper price, not only may you already be able to re-use existing devices for their functions, but in future you can just scale up their specific functions that you need most at the time with minimal waste and maximum flexibility.

Mikrotik products should be able to supply each part of that network and be one of the cheapest doing it. The exceptions I can see at a glance would be if you really needed a powerful Firewall or VPN, in both cases you may be better off with any existing modern PC acting as a server or be prepared to hunt down cheap, used enterprise or carrier grade gear.

If the fiber line comes with ISP provided media converter, then I would consider this:
https://mikrotik.com/product/rb1100ahx4
Use port #13 for WAN, and ports 1-10 for LAN.

And for WiFi - Either the new cAP devices, or UAP-AC-xxxx from Ubiquiti.

Yes, the ISP line comes with media convertor. Thx for the suggestion but rb1100ahx4 is too expensive for what I'm trying to achieve. I was thinking maybe go with a home use router like maybe RB750 Gr3 which can do hardware IP Sec and has a pretty powerful CPU or the hAP ac as a router and then buy additional Mikrotik switch for any of those. What do you think? Can they do 1000 Mbps PPPoE and at least some NAT+DHCP+Firewall and basic VPN with decent CPU load?

I don't think so. The RB750Gr3 is a nice router, check in the specs what its achievable performance is, but when you
are talking about 1Gbps internet and of course you are going to speedtest that, this class of router is simply not going
to cut it (with a manageable configuration w.r.t firewall and NAT).

I advise you to adjust your expectations to your budget. When you scale down your expectations to 500 Mbps it will
likely work on those models (or a hAP ac2) and you will never notice the difference day-to-day.

Yes, the ISP line comes with media convertor. Thx for the suggestion but rb1100ahx4 is too expensive for what I'm trying to achieve. I was thinking maybe go with a home use router like maybe RB750 Gr3 which can do hardware IP Sec and has a pretty powerful CPU or the hAP ac as a router and then buy additional Mikrotik switch for any of those. What do you think? Can they do 1000 Mbps PPPoE and at least some NAT+DHCP+Firewall and basic VPN with decent CPU load?

Now would be a good time to share what is your budget?
1Gbit PPoE routing with 8 gigabit ports (and possibly WiFi) will never be as cheap as RB750 router.

I don't think so. The RB750Gr3 is a nice router, check in the specs what its achievable performance is, but when you
are talking about 1Gbps internet and of course you are going to speedtest that, this class of router is simply not going
to cut it (with a manageable configuration w.r.t firewall and NAT).

I advise you to adjust your expectations to your budget. When you scale down your expectations to 500 Mbps it will
likely work on those models (or a hAP ac2) and you will never notice the difference day-to-day.

RB750 Gr3 , best im getting from it with some basic mangle/queue rules is 200mbit., its not hitting 100% cpu, but cores dont distribute loads across...
For 1Gbps routing u have no choice but some CCR router

Having 1 Gbps connection you either:
1. Use hAP ac2, having 5 gigabit ports and quite strong CPU and dual-band wifi with ac - which is usually enough for home use
2. Use sth. like RB3011 (10 Gbps ports, but 2 switch groups) or RB1100 (usually in your server room, not on your desk!) and additional dual-band AP like cAP ac / wAP ac installed somewhere where it looks nice (running CAPsMAN on your MikroTik).

Usually the "big" router with 1 Gbps of throughput and 10 Ethernet cables is hidden in a separate server room/cabinet, while access point (even the simple home access point) is exposed, as the wifi coverage should be good. That's why you don't have the "big" router serving as both strong router and good AP, as it would be expensive and not that attractive (not many people would buy it...) I also bet that MikroTik won't show any product like this, just because of those different use cases. AP - on the wall, router/switch - in a server room/cabinet.

RB750 Gr3 , best im getting from it with some basic mangle/queue rules is 200mbit., its not hitting 100% cpu, but cores dont distribute loads across...
For 1Gbps routing u have no choice but some CCR router

RB750Gr3 should be able to do 1Gbps with a lot of tweaking. That is why I wrote "manageable config". I don't want to use fastpath/fasttrack
and constantly be on the alert for caveats, because I am always using queues/multi route tables/QoS etc, and of course without fasttrack this
RB750Gr3 is not going to be able to do it. In a CCR it is all much easier, but this advantage costs money, something the poster apparently
doesn't have.

I was thinkink 400$ for router+switch and a dual band AP. As a matter of fact I already have bought the amazing CCR with Tilera cores for my office and it's a beast for a small business even a medium one. Carrier grade router.

Budget is not so much of a problem. But I am not willing to pay 1000$ for a home use setup.
Both gr3 and hp ac can do Gugabit routing without problems. It has been benchmarked by many users. They both circle around values like 850Mbps-950Mbps on WAN with no issues. Problem is what resources are left while routing such numbers. Another problem is the PPPoE encapsulation needed because that's how my ISP delivers a fiber optic connection. This adds an extra layer on the TCP/IP stack and that's where most entry level Mikrotick routers reach the limit. Also the Gigabit speed is a huge factor of course. Yes 500Mbps would work even with PPPoE on those 2 routers.

Also looking at throughoutput of each router in the tech specs does not help much. They are not tested with PPPoE. Of course..one can extrapolate but...

The RB3011 would fit this but as stated early by p1chl it is kind of a failed product being the first one on which Mikrotick decided to use ARM.

RB1100 would also fit. But it has features that are of no use to me in this case like PoE, redundant power (so fans - noise) microSD storage and so on. Yeah..its place is in a rack not on a desktop. What I would like is a passive cooled one on a desktop but with those specs more or less

RB1100 would also fit. But it has features that are of no use to me in this case like PoE, redundant power (so fans - noise) microSD storage and so on. Yeah..its place is in a rack not on a desktop. What I would like is a passive cooled one on a desktop but with those specs more or less

RB1100AHx4 is passive cooled. No fan noise. The old version - RB1100AHx2 has a fan.

I'm kind of confused, I saw that it has a passive cooling a while ago. But this is mentioned only for "The Dude" edition.. and after looking at the PCB of the both 1100AHx4 Series I thought that maybe the non Dude edition must have some fans in those the PSUs since the brochure does not mention anything about being silent or passive cooled...

1. RB1100AHx4 Dude edition - "It uses passive cooling and is absolutely quiet." -> https://i.mt.lv/routerboard/files/RB110 ... 101205.pdf
2. The "standard" RB1100AHx4 has no mention what so ever about being passive coled in the pdf brochure -> https://i.mt.lv/routerboard/files/RB110 ... 102032.pdf

So can please someone confirm that they are both "absolutely quiet"? Also what about capacitors on the PCB? Sometimes they can make a very distinct and annoying sound...