Looks amazing at first sight...

But performance-wise it is not anyhow significantly better or cheaper than 4011. Just in some special cases it might be worth to use it due to different switch layout.

Ros7 only device, high lowest power voltage and the consumption...

And anyway, I am looking forward to the WiFi version in ddesktop case.

Oh. It is already discussed...
viewtopic.php?t=177008

Is here from 20 Jul
viewtopic.php?f=3&t=177008

Another device for beta-tester only?
On long time act like Chateau LTE12: personalized firmware, nothing to do with current beta, and officially unupgradable...
But the user update it with the beta and then do not have the original firmware to go back and still locked on perennial beta

Jarda, why insist on making same mistake, to get MT wifi on router LOL.
By the time it gets to your desk, MT will discover that their wifi 5 plus, which everyone else has had for years, is too much pain to get support on v7 ROS and
they go right to model 5010 with wifi 6 ;-P

In other words it will a cold day in hell for me to buy a wifi router again (of any brand).

msatter and jarda, shameless plug for another MT product, how much did Normis pay you??
5 euros, 10 euros, a free t-shirt?

Okay I can play this game!!! for a free t-shirt
https://www.youtube.com/watch?v=c5kBvwGqGws

Jarda, why insist on making same mistake, to get MT wifi on router LOL.
By the time it gets to your desk, MT will discover that their wifi 5 plus, which everyone else has had for years, is too much pain to get support on v7 ROS and
they go right to model 5010 with wifi 6 ;-P

In other words it will a cold day in hell for me to buy a wifi router again (of any brand).

msatter and jarda, shameless plug for another MT product, how much did Normis pay you??
5 euros, 10 euros, a free t-shirt?

Okay I can play this game!!! for a free t-shirt
https://www.youtube.com/watch?v=c5kBvwGqGws

I am not an 'influencer' and I did miss the other tread about it...despite I searched on "5009" before posting.

A big no no for me is that it is only ROS 7 the "guinea pig" edition.

ps. I still have to give consent to Alphabet (Google/Youtube) to watch their content......you can post as many links but I won't/can't watch them.

But performance-wise it is not anyhow significantly better or cheaper than 4011. Just in some special cases it might be worth to use it due to different switch layout.

Performance wise is about the same. But just the single switch chip - with VLan capabilities - and the 2,5Gb port make it better than 4011. I always though it was a great device, seriously hampered by the unfortunate dual switch layout.

ROS 7 is a dealbreaker for me, can't put anything into production that's running buggy beta software. And all these new CPUs seem to take a very long time to actually become stable, look at 4011, 2004... I really want to like the hardware but the software just can't keep up.

Yes, RoS 7 is a problem today. Will not be in the future.

I think it will be easier with new hardware - Mikrotik looks like it's using more and more closed binaries with RoS 7. The old kernel was so ancient that I believe several SOCs didn't support it. Take a look at the WiFi: they are (will be) using the official blob, instead of making their own driver.

The same (I think) will happen with new hardware. At least, I hope so.

But the device does not (yet?) support hardware IPSec, no?

I don't know. There aren't the test results to IPSec. Either it doesn't support, or they didn't test (yet). It's using RoS 7beta too. Maybe this part isn't completed?

Ipsec hardware results will be available on 5009 upon release of Ro8 ;-P

I noticed a lot of new devices don't have IPsec performance listed, so maybe the Big Mik is slacking off when it comes to this.

I'm more interested in real world speedtests for wireguard.
Last time I tried wireguard on my CCR1009, I was really disappointed, so I moved the wireguard setup to a RPI4, which offered far better speeds.
I'm willing to switch to the new RB5009 or the new CCR2004, if they're able to push at least 1Gb/s using wg.

Dreaming again??
On my setup I was able to get 300Mbps up and down.
Far better result than i would get on any other type of VPN.
1 gig network on either side, 15 km apart (same provider- fibre 1gig)

The 4011 can saturate a 500 Mbit/s connection eith IKEv2 with ease.

The 5009 processor does crypt and I saw Fips-140 somewhere.

Productbrief processor (PDF file): https://www.marvell.com/content/dam/mar ... 017-12.pdf

The 4011 can saturate a 500 Mbit/s connection eith IKEv2 with ease.

Easily 700+ with GRE+IPSec on single tunnel.
And I've seen close to 1,2Gb on two tunnels combined for all destinations.

Good to know!
I thought wireguard was the cats meow, is the difference being that the RB4011 has a separate ipsec engine which wireguard does not use (or not coded to use)???

Wireguard can't use the IPsec hardware acceleration, since it is geared towards RSA. The algorithm used by Wireguard (CHACHA20) doesn't have - as far as I know - hardware acceleration on the SOCs used by Mikrotik. At least, yet.

But this would happen only with a new SOC. I'd say no less than 3 or 4 years from now, since the SOC maker would have to go through the development, and it will happen only after Wireguard gets enough market share.

Assuming it is a good idea to waste transistors with hardware acceleration - maybe it will be fast enough in software anyway.

Anyone who already got one of the new devices? I'd be really interested in a speed comparison between hw-accelerated IPSec and WG.

Well, I will settle for 300 considering it is so much easier than configuring anything else.........(caveat with mountains of sindy support to understand the basics of the router to enable effective wireguard use).

I have seen reports (intranet testing LAB) about the hAP AC2 doing about 700Mbps with Wireguard. I think it's safe to say that RB5009, with its far better CPU, would be faster.

Lab testing, thats useless. Unless you are a rat.. llamas dont live in cages!!

Go buy one yourself, and stop complaining then.

I have a ccr1009 and did buy an RB4011 for another location, the RB5009 is not yet available.
Its a free country at least where I live I am just saying that real world ISps and anything in between is NOT a lab. You may have a different experience, on another alien planet maybe........

It is time that Mikrotik visit Anav at home....no they are not the Mob. To test equipment at his place because that is the place to be testing stuff. Anav will sign any NDA they bring!?

Its a free country at least where I live I am just saying that real world ISps and anything in between is NOT a lab. You may have a different experience, on another alien planet maybe........

No, it's not a lab. But if you were a little less obnoxious would see the value of the info provided. Since you don't, though titties.

Its a free country at least where I live I am just saying that real world ISps and anything in between is NOT a lab. You may have a different experience, on another alien planet maybe........

No, it's not a lab. But if you were a little less obnoxious would see the value of the info provided. Since you don't, though titties.

You had me in stitches this morning Paternot
(though is very different from tough)

No hard feeling, sorry if I was brusque but a clean lab shows the potential, outside the lab shows Potential - X.
Understand the equipment is capable as stated but its limited by other factors when deployed.

PS. The only reason Normis would come here is if he wanted to enjoy a beautiful view on a lake, and be fed pancakes topped with maple syrup and some Canadian bacon and sausages and some fruit in the morning, and thats just the start of his day ( yes will make some italian coffee as well - with a dash of kahlua)
Any review of my config or setup would be the comedy part of the day and a realization that even someone who knows less than the square root of phuck all, can still use MT hardware successfully.

You had me in stitches this morning Paternot
(though is very different from tough)

No hard feeling, sorry if I was brusque but a clean lab shows the potential, outside the lab shows Potential - X.
Understand the equipment is capable as stated but its limited by other factors when deployed.

Nevermind. And, Yes - tough and though are quite different. "Though titties" is something like "your problem, not mine" - or "too bad", ironically speaking.

Yes, that's the value. Anything else would be on a case by case basis - as latency, dropped packets and anything else would affect it. Since we can't know the quality of the link beforehand, the next best thing is the lab. At least we would know what is the best case scenario, and save time instead of chasing something that isn't possible.

So. IF the hAP AC2 can do 700Mb Wireguard on the lab, I would say that the 5009 would do more than 1Gbps. I can't say if 1,2Gbps or 2,5Gbps, since I don't know how the CHACHA20 processing power of them compare to each other. Yes, I know: they do it in software - and that's exactly the problem: Is the 5009 faster routing because the CPU is just faster? Or does it have several hardware accelerators, just to deal with network packets? Is it the same with the hAP AC2? This could seriously skew the results, one way or the other.

The RB5009 uses the Cortex A72 which on its own is faster than the A15 used in the RB4011 at the same clock speed, and the DDR4 RAM is another speed boost because the A15 is from 2012 and could only have used DDR3 at the latest.

CHA CHA CHA...CHA CHA CHA