First of all, all the best to whole team and congrats on excellent software and hardware produced for years now!
Did lots of projects using Mikrotiks and I still cannot remember anything that makes me so happy as learning and using Mikrotik these days.
It is Swiss knife of networking, out there with useful tools like Total Commander, mRemoteNG. Compared to other networking competitors and their solutions clumsiness is simply unbeatable.
Extremely feature rich, simple to buy and maintain and really great experience to work with.
Other companies give me creeps with their licence expiration, support contracts, warranty registration, extensions and tracking, huge space in racks for devices that handle single feature, need to purchase through their partners, convoluted pricing models and hidden price lists are just few issues to name.
Please, never, never change in this aspects and don't sell your business to the big ones!
Now to scripts... seems like Mikrotik is lacking commands to handle files like other scripting tools / programming languages do have.
Additionally limit of max file size equal to max string size is not helping. I believe this should be worked on and implemented.
And since most of the stuff requiring scripting are tables of addresses, maybe even implement simpler database or table & index.
IP lists are on the track for these but limited only to IP for now...
This would allow for user development of many scripts that are today impossible to achieve and also to cover for any missing features.
Second feature I see missing is ability to connect to other devices using Telnet & SSH and program interaction.
This would be helpful to automate features on other Mikrotiks, and other devices that support those protocols.
Often router is the only networked device in remote offices that has some automation features and this would also enable to react on network conditions and control other devices;
eg. netwatch to turn off/on power of device that disappeared from network for some reason, Mikrotik to control the behavior of other networked devices etc. data transfers between devices.
Third lacking feature is scaling of user manager and more importantly embedded radius server.
My experience on this is older like v 6.2, but radius cannot scale well with Sqlite in number of users supported.
It brought down even CCR 1036 at one point to a full stop for 1500 users.
I am missing minimal cache TTL option for DNS so to be able to better cache often used entries over high latency satellite links.
To combat this I tried to do some scripting, but programming of DNS can only be done to add A or AAA entries but nothing else can be programmed as permanent entry.
Certain entries can be pre-cached by script, but that is about it and it is not the optimal way.
You finally added jitter and other counters to the bandwidth tests, which is great and long awaited feature.
I feel these counters should also be added to the interfaces with ability to have them on/off.
This would enable to measure these using user's traffic, without the need to generate test traffic and clog the uplinks for keeping track of network performance.
I feel netwatch should have additional feature to test pings multiple times in intervals, prior to executing Up/Down action.
This is just for simplicity sake as this can be programmed if needed, but it needs to be programmed in every time.
Similar to this I believe watchdog was missing repetitive checks, but that god added recently so kudos.
Routerboard upgrade needed after RouterOS firmware upgrade should be automated. Not even sure if needed to keep in sync but I do it each time.
I do it automatically with a startup script, but should be a simple checkbox for all other users and the default I guess..
Logs should be searchable and copy-able from Winbox so to enable easier checking.
At least copy-able if I am asking for too much.. that way I can search or do whatever needed in any editor.
Queues - maybe extend PCQ with dynamic bandwidth allocation?
So dynamically lowering speed of particular user that goes over data allowance inside of particular period?
Multiple such rules could be applied to lower the speed further all the way to a halt for certain time if misbehaved.
Or something similar, but in essence to give more speed to users that don't use much data traffic, and lower the speed progressively for others that do (torrents, video downloads or similar).
Again ship-shore satellite links would be perfect use case for this but in essence every link that is over-provisioned and doesn't want to complicate life for users with hotspot tokens.
Connection bonding with constant link monitoring and adjustments (link speed, retries, package sending in double) would be nice unless somehow can be already achieved today?
Bit beyond me for now if it can be done else how already today, but this would help to use multiple up-links between sites.
Primarily thinking on multiple 3G/4G and satellite link bonding or combining based on link monitoring and parameters.
WAN Optimization - TCP optimization, packet compression, DNS caching, sending redundant TCP packages as forward error correction, would be nice features so to eliminate needs for additional WAN Optimization boxes that can do that with associated $$$.
DNS statistics could be maintained by the router, with preemptive refreshes of DNS entries based on prior hourly/daily/weekly statistics could help with slow DNS resolution on satellite links.
Ability to deploy firmware to all routers prior to executing single reboot would be nice with The Dude.
Also collecting of all firmware in Dude is a bit clumsy for high number of different type of devices in the network when migrating to new RouterOS version across the board.
Maybe instruct all RBs to download firmware from Mikrotik servers and then issue single command to reboot all to keep downtime as short as possible?
Enable one WiFi AP to occasionally (and during night & when unused) test WiFi of another nearby AP for connectivity to router and report if any issues.
I noticed that no vendors have this feature and it would be useful to achieve end-to-end service checks of site coverage.
Some things can be done with client devices put around as sensors on some locations but unless above is implemented it cannot be checked for coverage of every AP on site.
Also self-test or pings don't solve this as AP transmitter/received on the WiFi side might be faulty or configuration for clients to connect might be incorrect without admin really noticing.
Red LED light on HAP AC for 5 Ghz is strange choice, so I would recommend it to be changed with green or yellow if differentiation is needed at all.
Community driven Web filter / Internet Application filter database and filtering service in Mikrotiks would be nice to implement,
though would be CPU/disk intensive for particular device but capacity can always be planned/over-provisioned or even one RouterOS device used for this purpose exclusively.
Idea to have all these things supported by single RouterOS through packages makes Mikrotik extremely versatile solution.
Some reports and logs on this and sites classification for easier management of filtered vs not would definitely be nice.
Dude and Mikrotik ability to scripted or based on events push/set SNTP V3 parameters on other devices would be great.
Ability to easier trace Firewall behavior for discarded packages or to easier find rules that impact certain traffic. Right now I do it by turning off/on rules until I identify culprit.
Primarily focus on discarded packages than those that pass through, maybe even get a package list with statuses in Winbox for short period after rule change to check on impact.
When it comes to switches I am not entirely sure why you developed SwOS.
Also seems to me getting into switching business was a bit of strange decision since you never build 48 port switch, so to extend on goals to offer faster & cheaper edge ports.
I would like to propose high density 48 port switch. In the shipping business space in cabinets is always lacking and current max of 24 port non-POE prevented me to use mikrotik in this aspect.
Switch stacking is not crucial if at least 2x 10 Gbps SFP+ are offered on the switch, 1 for uplinking and 1 for connection to other switches in the same cabinet as round-robin.
While at it, I believe support for 802.3af / 802.3at POE standards would be requirement today, though you are in unique position to combine it with passive POE on the same port.
Right now for high density switch I need to look elsewhere and it is complicating setup.
Apologies for incoherent email and many unrelated items mentioned here. I can clarify if necessary.
But wanted to share some things I struggled with and some that I would recommend as feature upgrades to make Mikrotik even better.
Cheers,
Tihovsky