Community discussions

MikroTik App
 
OnixJonix
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 8:45 am

Hello! Please help with your opinion...
I love MK and have used it in many places, but all projects was small scale!
Now i have chance to plan city network and slowly build it. (Main office, ~20 different branch departments, shoolls, etc)
No talks about budget at present.
Companies who want take part of it - all say: Mikrotik is not an option - need to go with poducts form HP ARUBA, Ruckus, FortiNet, PaloAlto, CISCO, JUNIPER - these are INDUSTRY STANDARTS!
I ask why - Mikrotik is no safe, not stable, hardware is no qualitative, updates are bugy... so on!
One argument i agree - mikrotik dont have DPI what is nice on gateway.....
I want to hear opinion/experience from MK community - do i need to go with Industry standart and plan a lot of money, which i think i never get, or go with MK and don't mind about INDUSTRY STANDART and ask for reasonable amount of $$$
Does MK have so many problems when used in big scale? Your experience?
Thanks!
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1350
Joined: Mon Sep 23, 2019 1:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 9:16 am

What's a standart?
 
erlinden
Forum Guru
Forum Guru
Posts: 2463
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 9:44 am

First start with the requirements. What does the SLA look like? Who is going to maintain the solution? Installation? Budget?

Choosing hardware is like one of the latest steps do perform.

I assume you are referring to industry standards!?
 
OnixJonix
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 9:58 am

What's a standart?
"Indystry standarts" -In this case i mean the mainstream high end devices!
 
OnixJonix
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 10:23 am

First start with the requirements. What does the SLA look like? Who is going to maintain the solution? Installation? Budget?

Choosing hardware is like one of the latest steps do perform.

I assume you are referring to industry standards!?
Yes i mean industry standarts!
Without details - My main question is - do i even think about Mikrotik as my network backbone, gateway, WiFi..! And why so many IT companies are not even advising to think about MK? It is objective or just marketing? My goal is basic secure network with some more secure zones, stable (the main thing i think)... this is not question with many details...
Thanks!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 10:46 am

why so many IT companies are not even advising to think about MK
I don't know why you think that, maybe you had bad experience with a specific company that is very stuck in the past.
Just think about the fact, that MikroTik is one of the largest companies in Latvia and is exporting the high end models to nearly all countries in the world. Even Google offices use MikroTik CCR devices for their office networks. Even SpaceX uses MikroTik devices.

Don't get stuck in the past
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1158
Joined: Tue Oct 11, 2005 4:53 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 12:30 pm

Don't get stuck in the past
I don't think he is the one stuck in the past, rather the "IT companies" (more like Cisco resellers), which prefer to charge 10.000€ for a Cisco that does 1/10 of what a MikroTIk will do at 1/10 the price.

To me, it's just ignorance and many times arrogance.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 919
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 2:18 pm

Companies who want take part of it - all say: Mikrotik is not an option - need to go with poducts form HP ARUBA, Ruckus, FortiNet, PaloAlto, CISCO, JUNIPER - these are INDUSTRY STANDARTS!
I ask why - Mikrotik is no safe, not stable, hardware is no qualitative, updates are bugy... so on!
One argument i agree - mikrotik dont have DPI what is nice on gateway.....
For any government bureaucracy and especially in the IT world the number one concern is Timely SUPPORT...price...and...Timely SUPPORT.
From a Features/Capability and SUPPORT Perspective === MikroTik cannot compete in the league of HP ARUBA, Ruckus, FortiNet, PaloAlto, CISCO, JUNIPER or Ubquiti [wireless] ... MikroTik can compete on certain functionality and PRICE but NOT on SUPPORT.

So IF YOU can provide that timely support plus provide the functional capability needed using MikroTik +[other brands for wireless] in that government bureaucracy YOU will win on PRICE. Timely support means that you have the financial resources to replace equipment on demand to maintain UP-TIME etc.
 
OnixJonix
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 2:56 pm

why so many IT companies are not even advising to think about MK
I don't know why you think that, maybe you had bad experience with a specific company that is very stuck in the past.
Just think about the fact, that MikroTik is one of the largest companies in Latvia and is exporting the high end models to nearly all countries in the world. Even Google offices use MikroTik CCR devices for their office networks. Even SpaceX uses MikroTik devices.

Don't get stuck in the past
I don't, my partner companies think that! As i mentioned i LOVE MT and previously work only with your products since 2007... (but in small scale up to ~80devices and maybe the security level was not my first priority), but now i accepted to run one city council IT department (In Latvia ~20k inhabitants) and our partners are very skeptic... that why i need some other opinion to fight back.... i need provide some arguments for that...
Normis you mentioned Google office, spaceX - but it is just one or few devices in some other brand backbone network! But is there some quite big network which is based on Mikrotik what you can think of?
Thanks!
 
User avatar
harry66
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 3:24 pm

Hi OnixJonix,

I can imagine what situation you are in and why it is so hard to come up with usable arguments.
Depending on your customer you have to be aware that when setting up a whole new infrastructure, the availability is key. It is key right from the first moment. Once your service becomes shaky, you have lost your reputation and you have close to no chance to get back in business. That is a matter of fact. Reliability counts.

Said that, you have to see if your future hardware supplier has a track record and offers the right service and is capable of immediately jumping on a problem. Usually this is a costly supplier capability and you can find a good portion of this in the hardware and license cost. At the same time, hardware is an investment. This investment you want to do on a company that has a good future and feature oriented timeline. If this timeline does not exist, the hardware investment is on a big question. Why would you spend money on something outdated already tomorrow.

If you look at Mtik, you may find some limitations on which Mtik could potentially grow in future. It could easily be that Mtik is taken into account for non mission critical parts of the infrastructure, but as not the right partner for your crown jewels.

So the answer is in the details and not in a single fact. Marketing, market perception and reputation development are quite important factors.

Possible quick verdict: Okay for some supplementary service like a campus wifi at university but maybe not as a core component for your highly pofitable core infrastructure.

BR
Uwe
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 4:48 pm

u can do anything with mikrotik
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21224
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 5:00 pm

As stated if you are providing support the efficiency of cost of MT will allow you to build in redundancy into a system (such that service is not interrupted), or spares are readily at hand and can be manually inserted quickly with minimal down time. (Concurrent Router device providing HA functionality, or sitting on a shelf already programmed ready to go). Key components must have replacement ready to go. Finally, have a mini-lab setup so that programming and testing can occur without interrupting the working network. Yes more devices than strictly needed but with the price performance ratio, you have that advantage. If you are not on-site or providing near real time support (physically) not sure if this is the right path.
 
tippenring
Member
Member
Posts: 304
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 5:09 pm

For any government bureaucracy and especially in the IT world the number one concern is Timely SUPPORT...price...and...Timely SUPPORT.
From a Features/Capability and SUPPORT Perspective === MikroTik cannot compete in the league of HP ARUBA, Ruckus, FortiNet, PaloAlto, CISCO, JUNIPER or Ubquiti [wireless] ... MikroTik can compete on certain functionality and PRICE but NOT on SUPPORT.
This is probably 95% of the issue. I have government clients who purchase high end gear, then pay 25-50% of the purchase price for 24x7x4 hour on site support contracts. I point out that they could have plenty of spares on hand and fully stock a lab environment to boot, and they will be able to fix any failed gear or correct any issues faster than <big name> support will most of the time. However, government tends to be a big ship that turns very slowly. And you actually have to have the expertise either on staff or nearby to be able to resolve any issues in the same time-frame as the <big name> companies.

The other 4% of the issue is likely your vendors experience (or google search experience) with Mikrotik. Mikrotik updates firmware often and it is very easy to update. When bugs are discovered (which are usually actually simple misconfigurations instead), you see a lot of forum posts about it. However, this completely conflicts with how most government (and private) organizations do updates on network gear. Most only do updates periodically, during service windows, and often test in the lab prior to doing updates. If a validation and planning process is followed, with a valid reversion plan just in case, then Mikrotik is perfectly suitable for most environments.

"Industry standard" does not exist. That is what your vendors say when they don't know how to make their own case. You should ask them for the RFC or other standards documentation that says HP, Cisco, Juniper, etc are "industry standard." Then move on to vendors that actually know what they're doing.
 
User avatar
harry66
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 5:48 pm

I second what is said here.
Industry standard is a super weak argument of those that don't know better.
For Mtik you have to take care about much more but you pay much less initially.
Just think about what you would need to build a console like Panorama for Mikrotik. Yes, you can blow it up to a certain extent and there are tools to help you. For example the dude environment.

On the other hand you have sometimes hard limits in functionality. You simply can't control in Mtik, who is allowed to post in F*book and who shall only read. Or at least not out of the box. That continues with many protocols of industrial control systems. Just to give some examples. That application layer is not yet covered in filtering capabilities. If it goes beyond Protocol&Port, dest/orig, state then it becomes very shallow.

Even running a filter proxy for malware domains costs a fortune in CPU cycles. Memory limits can easily be reached. Try the attached file as an example but make sure you know how to handle the filters first!

BR
Uwe
You do not have the required permissions to view the files attached to this post.
 
mada3k
Forum Veteran
Forum Veteran
Posts: 737
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 6:03 pm

Many enterprises is obsessed with 24x7 support from the vendor. If it can't be delivered, the vendor is simply out.
Many enterprises will require a unbrella system of some kind. Like Cisco Prime, Juniper Space etc. DUDE is a joke.
It's also important to have long-lived product lines, like the Cisco Catalyst-series and so on. Mikrotik does not.
 
tippenring
Member
Member
Posts: 304
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 6:22 pm

On the other hand you have sometimes hard limits in functionality. You simply can't control in Mtik, who is allowed to post in F*book and who shall only read. Or at least not out of the box. That continues with many protocols of industrial control systems. Just to give some examples. That application layer is not yet covered in filtering capabilities. If it goes beyond Protocol&Port, dest/orig, state then it becomes very shallow.

Even running a filter proxy for malware domains costs a fortune in CPU cycles. Memory limits can easily be reached. Try the attached file as an example but make sure you know how to handle the filters first!
Agreed, and I don't think a router should be expected to incorporate this functionality. I think it ends up asking 1 device to do too much, and complicates administration and management. I perfer standalone devices for packet-inspection functionality where required.
 
Kindis
Member
Member
Posts: 441
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 6:27 pm

For me this is a question about support and what is the outfall of an outage.

So if it is a Office network and there are some problem with the network is that a large incident or is that an inconvenience?
Where I work we have network that we can use MT equipment without issues if we would like to get good equipment for a fair price.
However some stuff we have is far for important and I'm not saying that MT is not good enough but support is. SmartNet from Cisco is state of the art and we had a important core router that had a hardware failure switched within 4 hours.

I cannot remember all times I have meet customers that say we need 24/7 Network in the office. I then ask what happens if the network where to go down.
Many times I get the answer that it's not a issue as they can use 4G for meetings and the only thing they cannot do is print.
So I would say that everyone need to do a analysis what their needs are and buy accordingly and per usual the answer will be it depends :)
Also operational competency needs to be part of the equation as well.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1741
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 6:53 pm

Since we run the largest MikroTik consulting firm in the world, I have some thoughts on this :)

We have used MikroTik in very large environments for enterprise, data center and ISPs around the world. Like any other piece of network equipment, you have to understand how to design and deploy it.

One of my favorite stories to tell about using MikroTik in critical environments is for a large publicly traded enterprise in the US. The company at the time (~2017) was worth about 19 billion dollars in the US and had data centers around the world.

I was the Network Architect in charge of designing the company's new flagship Data Center in New York. Originally, the DC was supposed to use 4 Cisco ASR1006-X routers (2 for IP Transit and 2 for aggregation of MPLS L3VPN circuits - I think it was approximately $200,000 USD worth of gear ), we found out that Cisco was delayed on their shipping timelines by 8 weeks and would not have routers for the data center.

Because they had been using MikroTik in non-critical roles, I suggested that we use (4) CCR1036-8G-2S+ since they met the following requirements:

- 1 Gbps of throughput per router for IP Transit
- 1 Gbps of throughput per router for MPLS L3VPN circuits from Verizon
- BGP and BGP Communities
- OSPF
- QoS with DSCP for corp voice and video

The company resisted, but since Cisco had no solution and we could not bring the DC online in time, they agreed to have 4 x CCR1036 shipped to the DC in Manhattan so I could install them and bring the DC online.The company expected to have these online only for a few weeks until the Cisco equipment came in. We brought everything online successfully.

As is often the case in big companies they moved onto other things since the DC was working well. About a year later, someone asked if we even needed $200K worth of Cisco routers since the MikroTik routers had been running the DC successfully for a year.

And the answer was no :-)

Here is a list of what that DC was used for:

1) Corp HQ connectivity to the Internet for about 4000 employees across NYC
2) Exchange connectivity for roughly 30k employees in North America
3) Application connectivity for over 1000 branch locations in North America
4) Main DCI connection point to DCs in Europe

And that all ran on $5000 USD worth of routers :)

This DC ran on CCRs for a total of 2 years until they realized Cisco wouldn't refund their money and they were forced to use the ASR1006-X routers.
 
sup5
Member
Member
Posts: 359
Joined: Sat Jul 10, 2010 12:37 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 7:18 pm

It simple depends on what to do.

If you need wirespeed routing/switching with QoS (honoring 802.1p or DSCP) then Mikrotik is a real PITA.
Also common things like Stacking, MCLAG, proper galvanic isolated PoE-at or VRRP-Grouping simply aren't possible/available.

If you have an oversized Mikrotik for some minor throughput, it may work quite well. A CCR1009 starts to drop packets at 500Mbps with only a handful of firewall rules. This simply is disappointing.

I think, that Mikrotik is overly complicated in a lot of things.
For example Layer-2 configuration:
- subinterfaces plus bridges
- vlan filtering within the bridge
- vlan-handling on the switch itself
This is very annoying. No other vender forces you to learn three ways to do simple VLAN stuff.

But for some swiss army knife stuff Mikrotik is really nice, because the configuration is quite flexible.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 8:21 pm

You don't know why to use the "industry standards"? Look at money. They are not superoverpriced by an coincidence. There need to be a spare budget for bribes to the policians.

You are not going to sell some boxes. The way how you do it should not be important if you guarantee the required quality. You are going to provide a service so think about like this.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1741
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 8:59 pm

I think, that Mikrotik is overly complicated in a lot of things.
For example Layer-2 configuration:
- subinterfaces plus bridges
- vlan filtering within the bridge
- vlan-handling on the switch itself
This is very annoying. No other vender forces you to learn three ways to do simple VLAN stuff.

Really it just boils down to how you build it. Bridging configuration is very common in the Metro Ethernet world - Cisco and Juniper ASR/MX both use bridge-domains to tie together ports/vlans and do q in q or vlan translation - just like MikroTik.

Most enterprise focused networkers have never been exposed to this type of configuration and have a harder time with it as opposed to Cisco's method of VLAN tagging on enterprise switches.

The bridging framework is more flexible and scales better but requires a bit more work on configuration. What this really boils down to is product placement - Cisco and Juniper have different equipment for Service Provider vs. Enterprise.

MikroTik does not - it's not *wrong*, it's just not they way they do it. Once you realize this, you can design and use it accordingly.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 9:37 pm

I was the Network Architect in charge of designing the company's new flagship Data Center in New York. Originally, the DC was supposed to use 4 Cisco ASR1006-X routers (2 for IP Transit and 2 for aggregation of MPLS L3VPN circuits - I think it was approximately $200,000 USD worth of gear ), we found out that Cisco was delayed on their shipping timelines by 8 weeks and would not have routers for the data center.

Because they had been using MikroTik in non-critical roles, I suggested that we use (4) CCR1036-8G-2S+ since they met the following requirements:

- 1 Gbps of throughput per router for IP Transit
- 1 Gbps of throughput per router for MPLS L3VPN circuits from Verizon
- BGP and BGP Communities
- OSPF
- QoS with DSCP for corp voice and video

The company resisted, but since Cisco had no solution and we could not bring the DC online in time, they agreed to have 4 x CCR1036 shipped to the DC in Manhattan so I could install them and bring the DC online.The company expected to have these online only for a few weeks until the Cisco equipment came in. We brought everything online successfully.

As is often the case in big companies they moved onto other things since the DC was working well. About a year later, someone asked if we even needed $200K worth of Cisco routers since the MikroTik routers had been running the DC successfully for a year.

Here is a list of what that DC was used for:

1) Corp HQ connectivity to the Internet for about 4000 employees across NYC
2) Exchange connectivity for roughly 30k employees in North America
3) Application connectivity for over 1000 branch locations in North America
4) Main DCI connection point to DCs in Europe

And that all ran on $5000 USD worth of routers :)

This DC ran on CCRs for a total of 2 years until they realized Cisco wouldn't refund their money and they were forced to use the ASR1006-X routers.
This is an unfair comparison. The CCR is a fix-chassis toy compared to the ASR1006-X which was (waaaaaaaaaay)³ too powerful for such simple requirements stated...so whoever "spec'ed" this setup overdid it...A LOT. You can blast 10 interfaces with 10Gbits/sec each concurrently and it will still work ;-)
I would had done all of this with a entry model ASR 1001-X ... and even that model would have lots of CPU cycles doing nothing ;-)


The ASR-1600X is a 100Gbps !! chassis (non-blocking!) guys, not like the CCR which is fixed 8 ports 1Gbits/sec and some SFP+ slots....and looking at the performance-specs of the CCR it is only a fraction.

Cisco Quantum Flow Processor onboard, fully redundant RP (routing-processor) and ESP (Embedded Services Processor ; crypto, QoS,...)
ISSU (in service upgrade, so often not even downtime)

I'm not a Cisco fanboy, as I've seen some strange things with my current project on a large Cisco SDAccess setup (SDN / VXLAN / Catalyst 9300 & 9500) but these kinds of comparison are hardly fair.
YES Cisco would much much more expensive but there is much more then "just the box" that makes the complete picture.
Last edited by jvanhambelgium on Tue Aug 25, 2020 10:04 pm, edited 1 time in total.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 919
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 9:50 pm

Yes, there is ONE industry standard for gear in the Enterprise world wide and that is CISCO ... then there is all others that try and compete.

The reason that Cisco is the standard is because their product support is OUTSTANDING ..... many of the OTHER name brands work very hard to provide the same level of support .... support means EXPERTISE in implementation and expertise in maintains uptime of 9999.9% uptime. Support means have the financial stability to address any issue on demand. Support means proving solutions that meet/exceed all client expectations.

All other brands competes in the CISCO space and that space is HUGE .... very huge .... CISCO dominates

The only way to penetrate the CISCO market advantage is through price and support ... very few have the financial resources to compete because support is very expensive.
 
sup5
Member
Member
Posts: 359
Joined: Sat Jul 10, 2010 12:37 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 9:58 pm

[...]
This is very annoying. No other vender forces you to learn three ways to do simple VLAN stuff.
[...]
MikroTik does not - it's not *wrong*, it's just not they way they do it. Once you realize this, you can design and use it accordingly.
Okay, then I wasn't clear enough: no other vendor forces you to learn three different configuration styles per device.

I am well aware of IOS-XR and IOS Layer-2 configuration styles, since I use them daily.
You either got briding-configuration with subinterfaces in IOS-XR
or port-VLAN-configuration in IOS.

For sure there is a third style: Port-membership-configuration per VLAN like in Brocade FastIron oder ICX devices.

But again: these vendors do not force you to learn three different configuration styles per device
 
sup5
Member
Member
Posts: 359
Joined: Sat Jul 10, 2010 12:37 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 10:05 pm

The reason that Cisco is the standard is because their product support is OUTSTANDING .....
I can second that.
Teir support helped me lot's of times even, when the mistake was on my side or a 3rd party device was misbehaving.
Knocking down networking issues with paid support makes life so much easier, helps to keep SLAs and adds a good value to your own learning curve.

Also I am quite astonished how long that oldish Cisco gear lasts. Just think of the venerable C3750 or C6500 series.
They might not be as feature rich or energy saving like Mikrotik but performance-wise they will easily beat Mikrotik routers.
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 10:10 pm

cisco is garbage and linksys
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 10:18 pm

The reason that Cisco is the standard is because their product support is OUTSTANDING .....
Also I am quite astonished how long that oldish Cisco gear lasts. Just think of the venerable C3750 or C6500 series.
The C6500 platform was the most successful switch/platform product on this planet ever! (> 20 billion $ sales)
A real giant back in the dark old days ;-)
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1741
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 10:23 pm

This is an unfair comparison. The CCR is a fix-chassis toy compared to the ASR1006-X which was (waaaaaaaaaay)³ too powerful for such simple requirements stated...so whoever "spec'ed" this setup overdid it...A LOT. You can blast 10 interfaces with 10Gbits/sec each concurrently and it will still work ;-)
I would had done all of this with a entry model ASR 1001-X ... and even that model would have lots of CPU cycles doing nothing ;-)

The point was not to compare the ASR1006-X to the CCR in the same class of router.

The point is that both solutions met the requirements for an extremely large enterprise. The fact that the org bought more router than the needed isn't relevant since Cisco couldn't deliver on time :)

And also to point out that we ran the flagship DC for a Fortune 500 company on MikroTik for several years
 
sup5
Member
Member
Posts: 359
Joined: Sat Jul 10, 2010 12:37 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Aug 25, 2020 11:56 pm

The C6500 platform was the most successful switch/platform product on this planet ever! (> 20 billion $ sales)
A real giant back in the dark old days ;-)
Getting an unsupported C6509 filled with 8x48 Gigports, one Supervisor, and redundant PSUs doesn't cost more than 2000 Euros.
But energy costs will eat up the savings very quick, when comparing to modern hardware 🙈

EDIT:
honestly: I like Mikrotik products for their versatility and flexibility. But for large scale and support I need other solutions.
 
User avatar
che
Member Candidate
Member Candidate
Posts: 111
Joined: Fri Oct 07, 2005 1:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 1:03 am

Since we run the largest MikroTik consulting firm in the world, I have some thoughts on this :)
If MikroTik officially kept close business relationship with integrators like yours in providing a responsive support for paying business customers, that would finally begin to look like Cisco's way of conducting business.

None of you guys when contacted Cisco TAC expected to get an answer directly or only from San Jose. There is an established technical relationship between integrators (partners) and manufacturer, not only in replacing faulty hardware parts but also with assistance in configring and supporting said customer configurations. Not many things changed in MikroTik support process related to bugs and strange config behaviour in the past years - you are still writing support tickets to the same small team of engineers in Latvia. This way, business support simply does not scale at all outside of providing spare hardware parts.

I would also like to add one reason why MikroTik is rarely seen in enterprises: security audits. You simply can not ship network device with 20 different services, many of which are proprietary, active by default (winbox, ssh, telnet, ftp, www, api, mac telnet/winbox/ping server, etc) and expect it to be adopted as an industry standard in any way. No company wants to spend time assessing what kind of impact those service unknown by the industry have on the platform itself and security of the whole ecosystem.

Apart of that, I think MikroTik failed to market their strongest point: API. They are still (I think) the only vendor with such feature rich platform with open and accessible API that is just a step away from enterprise class network automatation product(s). It is unclear to me why Dude was not developed further with their API support specifically in mind - it seems to be that it could do wonders for many people in keeping MikroTik estate controlled and secure.
 
tippenring
Member
Member
Posts: 304
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 1:14 am

I would also like to add one reason why MikroTik is rarely seen in enterprises: security audits. You simply can not ship network device with 20 different services, many of which are proprietary, active by default (winbox, ssh, telnet, ftp, www, api, mac telnet/winbox/ping server, etc) and expect it to be adopted as an industry standard in any way. No company wants to spend time assessing what kind of impact those service unknown by the industry have on the platform itself and security of the whole ecosystem.
I disagree with this point. Cisco and all the rest have open telnet, SSH, and other services by default most of the time. They just don't have an IP address assigned yet, so out of the box you have to connect a console cable. Otherwise, management access is restricted during configuration, just like Mikrotik.

Every company that cares about security already spends time assessing and mitigating enabled and exposed services across their networks all the time. It is an ongoing process. The organizations that don't do this are the ones that you read about every day where the entire network infrastructure is encrypted for a ransom. Admittedly, many security-conscious organizations also deal with breaches, however they tend to at least limit the impact of a breach to something less than their entire global network.
 
User avatar
che
Member Candidate
Member Candidate
Posts: 111
Joined: Fri Oct 07, 2005 1:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 1:28 am

You are free to disagree with me or discard my opinion anytime, but I think you can not say that having ssh and telnet on by default on Cisco devices is the same as having ssh, telnet, Winbox and other MikroTik proprietary protocols on by default. I would even extend that to - having any proprietary and undocumented (wiki is not a documentation:)) protocol running on your device is a potential security breach, and for many companies unacceptable condition to implement it in their environments.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 1:55 am

To me, it's just ignorance and many times arrogance.
Yup - it's the age-old "You never get fired for recommending Cisco/IBM/SAP" etc. Although familiarity and support of the equipment is an important requirement as salary costs are usually way higher than hardware over a longer period. I've had to invest a lot of my own personal time learning RouterOS (and I've got a long way to go) because I think it's worth the effort in that I can pass on the savings to my client.

I recently won what I class as a relatively small job - a public venue with three access points and a handful of wired points for the card readers and tills. Another vendor quoted £2,000 using over-specified Cisco equipment (like Wi-Fi 5 access points - why when the internet backbone is VDSL at about 40Mbps and the public connections are throttled). The Mikrotik kit was about £500. And I'm not 100% sure the Cisco solution included their #1 requirement - cashless so the card readers HAVE to work so they needed failover to 4G LTE.

But... if they ever got another engineer in the try and fix a problem they would struggle as there aren't many Mikrotik engineers in the UK. And that is a risk for a business. Cisco? No problem - loads of engineers/companies around to support that.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 2:00 am

>The organizations that don't do this are the ones that you read about every day where the entire network infrastructure is encrypted for a ransom.

Isn't that usually by an exploit in the OS and/or users unwittingly installing the ransomware software? Not a compromised network?
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 2:08 am

honestly: I like Mikrotik products for their versatility and flexibility. But for large scale and support I need other solutions.

Same here but as I'm a one man band supporting small companies where we're installing a router, small PoE switch and a handful of access points, then Mikrotik is a good solution esp. when these companies don't have the budgets of larger companies.

It's also allowed me to learn a LOT more about networking rather than spend £££ on Cisco training courses/material. Still a shame though that there is a good reference book or web-based training course. That would start to break down some of the very legitimate concerns about using unusual equipment. Although TKSJa on YouTube is a wonderful resources. As is this forum. One of the best around IMO.

My take on Mikrotik is that it's mainly an (excellent) technically lead company where sales is possibly secondary. I like that ;-) Never liked Cisco salesmen. In fact, don't like sales at all!
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 2:29 am

>winbox, ssh, telnet, ftp, www, api, mac telnet/winbox/ping server, etc

Is there an article on hardening a Mikrotik router? I thought that is was pretty hardened by default from the WAN side?
 
User avatar
harry66
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 8:08 am

Agreed, and I don't think a router should be expected to incorporate this functionality. I think it ends up asking 1 device to do too much, and complicates administration and management. I perfer standalone devices for packet-inspection functionality where required.
I question your arguments :-)
1) Mtik is far more than a router. You really want to tell you want separate devices for DNS, DHCP, Filtering, Mangling, NTP, Proxy, VPN etc. ??
2) Adminstering dedicated devices as saud above is NOT more complicated than having it in one place???
3) Did you think about what that means for the number of ports in your network?
4) Did you think about power consumption?
5) Did you think of investments?
6) Did you think of technology spread and competence?

Honestly, I would argue rather the opposite. And in practice I try to use as much from my RB as it can serve. Because it simply performs great given the hardware!
 
OnixJonix
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 8:20 am

Very good discussions! Thanks all, but i hope we keep going... and give me more what i should consider going with MT.
Most of all i knew but, still what i take from this:
1.MT is capable of everything
2.Not so easy setup
3.Support is struggling
4.Need additional vendor product on gateway for DPI and maybe even all firewall
5.Need to built strong support team and find reliable MT support company

Keep going with you opinion and experience!!!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 9:31 am

>winbox, ssh, telnet, ftp, www, api, mac telnet/winbox/ping server, etc

Is there an article on hardening a Mikrotik router? I thought that is was pretty hardened by default from the WAN side?
Most models have default firewall, depends on the device.
Here is a good article to read:
https://wiki.mikrotik.com/wiki/Manual:S ... our_Router
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 11:54 am

>1.MT is capable of everything

I've never really spent much time with high-end Cisco equipment so really can't comment on functionality but yes, it does appear that RouterOS is a very capable system. I did used to manage Juniper firewalls and to be honest, I prefer the RouterOS/WinBox interface.

>2.Not so easy setup

This is IMO a result of that powerful functionality. You can't have one without the other. But I do agree that documentation is lacking. The online documentation is really just a reference library and it's lacking a repository of "How to..." articles and comprehensive training material. To be honest, I rarely look at the online documentation except to clarify the syntax of commands. The YouTube videos and this forum are a much better place to learn.

So sure, not as easy to set-up that simpler devices but that's neither unexpected or unwanted.

>3.Support is struggling

Can't comment - I've never had to raise a ticket with Mikrotk as such.

>5.Need to built strong support team and find reliable MT support company

Agreed if they want to be bigger players. Only Mikrotik themselves know their business plan for growth. But it would be good for the yumminess of RouterOS to gain wider appeal. As a part-time developer having grown up writing 8-bit assembler games, I love the detail ;-) The syntax does make my head hurt though but that's due to unfamiliarity which leads me onto this:

I get the impression that most network equipment is installed, configured and left alone for the rest of its life with the occasional software update. Even change requests for firewalls are rare. The equipment goes in and it works until it doesn't or is replaced due to expansion.

So IMO when people mention paying for support, the main biggest requirement is to replace/fix it when it goes wrong. Businesses juggle risk all the time and those huge support contracts mentioned in this thread are in effect insurance. Not that this isn't a valid reason.

It's darn hard to break vendor's stranglehold on the market. An example - my biggest client has grown from just three people to over an hundred in five years requiring several office moves. Until the last move, I've install equipment that was more that fit for purpose. At first just a Draytek router, firewall & access point. Then a couple of ceiling mounted UBNT access points (before I met Mikrotik). However, they grew too big for just me so I'm now their contract IT manager and day to day support is contracted to a larger local company. In the last office move they were asked to install the networking which lets me clear is pretty minimal: internet connection from the hosted premises, software firewall, PoE switch and six access points. They insisted on Cisco equipment or would not do the job. I compared prices and it was ~x3 more for the Cisco. But my customer isn't short of cash so I let it go. But it does irk the Yorkshire man in me that money was spent that could have been saved.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 12:38 pm

Thanks - ticket raised to read and digest later.
 
User avatar
harry66
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 12:45 pm

They insisted on Cisco equipment or would not do the job. I compared prices and it was ~x3 more for the Cisco. But my customer isn't short of cash so I let it go. But it does irk the Yorkshire man in me that money was spent that could have been saved.
But then is about the companies business case. They make profit from selling Cisco and they keep their internal capability/knowledge footprint limited to Cisco. A valid point.

My personal impression is that Mtik has found their place in the market. It does not look like a direct ambition to gain significant shares from other vendors.

BTW: Many many thanks to Mikrotik for allowing such open discussions within their premises! This kind of openness and willingness to allow discussions of all the pro and con is a statement in itself!
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 1:12 pm

They make profit from selling Cisco and they keep their internal capability/knowledge footprint limited to Cisco. A valid point.
I don't disagree but it doesn't make it "right" in the scheme of things :-) Technology history is littered with tales of upstarts beating the big boys. The reason is the later have a natural tendency to become complacent and resistant/unable to change. Blackberry and Nokia all but killed by Apple. IBM was once the biggest company in the world etc.

Competition is good overall but big business will fight it as much as possible. And they have some very big sticks.

As I said, I've never been a big user of Cisco so can't bring much to the actual discussion about which is "better" from a technical standpoint. However, it's clear that other established vendors certainly win in the support/if it breaks scenario. We do know that Mikrotik wins bang per buck for the technology.
 
WeWiNet
Long time Member
Long time Member
Posts: 605
Joined: Thu Sep 27, 2018 4:11 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 2:09 pm

OnyxJonyx,

City network = public institution = only limited money available. Right target for Mikrotik :-)
Do them a costed proposal based on both providers and you will see what they want to go for!
(Include also "lab and acceptance test" and "fail over / redundancy" budget for Mikrotik but which should still come in total at
a fraction of the others proposal).

Keep in mind, in such sales process important point outside technical and price discussion is risk aversion
and the fact that one guy needs to sign up for the deal (often purchasing guy who does not care about which on is "really" better).
If there is any issue, failure, he and his job is on the spot. If he signs up this "unkown" Latvian company versus
this "well known US company" (CISCO), if something goes wrong all is his fault, and worst case he loose his job.
If he signs up say CISCO , then somebody is ready to pay so not his problem, and in case of failure he can say "we choose the best
company with best reputation".

In addition he can probably show a statement when using CISCO about this 24/7 support and blabla guarantee in "case of".
he puts this document into his file and can check box the requirement for 100% service guarantee, equal 0 risk , equal his job is safe what ever will happen!
There will not be much real value in this besides the fact, in case of problem, the guy has a written document stating that all is going to be solved
whether or not this will ever be needed or actually be true.

- Some Mikrotik SW releases are buggy (and some are actually super stable). If you wait for couple of weeks to monitor reported bugs on such release and then do your own deep pre-release testing will overcome most issues and allow to deploy SW that is working. But it will probably ask for a higher test and integration and maintenance budget as mentioned above.
This aspect (maintenance etc.) "sold" correctly to your customer, can actually get you a good service and maintenance agreement.
Allows you to continue make serious money for the next couple of years instead of them spending money on HW only...

So see what your customer is ready to pay, what you trust in (you must sell and support the product) and if you think your
customer is willing to accept the risk of using something else than the mainstream (and if you can put in place the confidence level that your solution will do the job).
Last but not least I would try to sell the product I would make most money on :-)
 
drbunsen
newbie
Posts: 40
Joined: Fri Apr 29, 2016 7:24 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 3:05 pm

Don't get stuck in the past
Yeah, lets talk about Mikrotik and IPv6 or wireless or... ;)
 
tippenring
Member
Member
Posts: 304
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 4:22 pm

>The organizations that don't do this are the ones that you read about every day where the entire network infrastructure is encrypted for a ransom.

Isn't that usually by an exploit in the OS and/or users unwittingly installing the ransomware software? Not a compromised network?
Indeed, in current times phishing, which often takes advantage of an OS vuln as a second step, is a more common vector.

There is a history of compromises where the initial vector was weak or compromised credentials on customer-edge network gear also. It's the reason for limiting admin access to trusted sources and/or OOB management networks, and why it doesn't happen as often as it used to.

I would argue that it still happens though. I expect in most cases the victims never determine the initial vector though. I bet it wouldn't take long to scan the internet to find default credentials on a CE router.
 
User avatar
IPAsupport
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Fri Sep 20, 2019 4:02 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 4:45 pm

I think to some degree be careful what you wish for....

MikroTik is successful because they understand that large support organizations cost a lot of money which means the cost of the product goes up. So MT puts resources into hardware and software development and uses e-mail and forum support to keep costs low.

Most people use MikroTik because

1) It's versatile and reliable
2) It's available in countries that are harder to get Cisco, Juniper and others at a fair price due to import tariffs
3) The price point is *so* much better than Cisco, Juniper, etc

If MikroTik incorporated all of the suggestions to make them more like Cisco and Juniper, the price would go up and we'd lose everything that makes everyone want MikroTik in the first place.
 
tippenring
Member
Member
Posts: 304
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 4:50 pm

Agreed, and I don't think a router should be expected to incorporate this functionality. I think it ends up asking 1 device to do too much, and complicates administration and management. I perfer standalone devices for packet-inspection functionality where required.
I question your arguments :-)
1) Mtik is far more than a router. You really want to tell you want separate devices for DNS, DHCP, Filtering, Mangling, NTP, Proxy, VPN etc. ??
2) Adminstering dedicated devices as saud above is NOT more complicated than having it in one place???
3) Did you think about what that means for the number of ports in your network?
4) Did you think about power consumption?
5) Did you think of investments?
6) Did you think of technology spread and competence?

Honestly, I would argue rather the opposite. And in practice I try to use as much from my RB as it can serve. Because it simply performs great given the hardware!
I generally agree with your examples. Sorry I wasn't clear. In that post, I was talking about the full packet-capture and inspection functionality that Cisco tries to incorporate in their Firepower products. I've never used it, but my impression from reading other commentary is that they aren't good devices. I have a Palo Alto FW that I manage that I am a big fan of. They work very well. That level of traffic management simply can't efficiently be done in a traditional router IMHO.

1. These services are rather low-overhead and simple. These services are required on all networks, including small ones where there are no other cost-effective server options. So naturally these services are often run on a router. I have DNS and DHCP running where I don't have those services elesewhere on the network. Basic packet filtering (OSI L4 and lower) is also low-overhead since a router must already be looking at the packet headers. Mangle is a routing function because it impacts routing decisions, so it also must be there. VPN options could go to a separate device or on the router. The standards are pretty well established and with encryption hardware on-board, it can be done efficiently on the router most of the time. Proxy, eh--it depends on the use case, but I'd probably do a dedicated server for that. It depends what I need it to do.

2. I would argue it is usually not more complicated to manage separate devices. "One place" is not very relevant when you're talking about managing network gear. "One place" can easily refer to the same management subnet, or OOB network. We're getting into semantics here, but generally speaking, the different devices and their management interfaces tend to be more efficient to use because they have been designed not to do everything, but to focus on their purpose. Oversimplified, I want my routers to route (and handle OSI layer 4 and lower since they are already doing it), and I want "deep packet inspection" to happen elsewhere on gear that is optimized for that purpose. Of course, that would be for an organization the believes they need that level of security. It doesn't fit everyone.

3. The number of ports is almost irrelevant. Ports are cheap and a one-time cost.

4. Unless I'm doing solar, I don't care much about power consumption. Perhaps that is a byproduct of me being in the US? Is that different elsewhere?

5. Yes. The client has to decide how much they want to invest in their security posture. It is ultimately up to them. My job is to advise them of their options, risks, etc, so they can make informed decisions.

6. Competence is a consideration, but not a big one. Desired security posture is the biggest concern, then recommending products that fit into that security posture. At this level, we're talking about a decent-size organization that will likely have/develop the competence in-house.

Thanks for your comments. Discussions like this are extremely valuable in expanding our knowledge and experience through others' experiences.
 
User avatar
IPAsupport
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Fri Sep 20, 2019 4:02 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 5:24 pm

5. Yes. The client has to decide how much they want to invest in their security posture. It is ultimately up to them. My job is to advise them of their options, risks, etc, so they can make informed decisions.

I've been involved in the security planning and execution for a number of large companies as well as mitigation of breaches that later became public for a few of them

And here is the sad reality...for medium & large enterprises, it's cheaper to deal with a breach than spend the money needed to secure the org. Companies know this and spend accordingly

I don't disagree with your points on securing and auditing services that are vectors of attack, but I found plenty of issues with Cisco / Juniper gear in the breaches i've been involved with. Which had more to do with outdated versions of network operating systems and outdated applications that support networking like AAA / Identity Management / Wireless Controllers / Etc

The number of proprietary extensions to standards based protocols in Cisco and Juniper is staggering, so it's only fair to paint them with the same brush
 
mada3k
Forum Veteran
Forum Veteran
Posts: 737
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 5:36 pm

In our field we use both.

When we buy Cisco, we look at datasheets, whitepapers, manuals, some calls to some sellers and so on, presents an idea and requirements, then we get quotes. Then we require the features to work, or the sellers consultants has to make it work, with or without Cisco. Then we pay a juicy service agreement for several years until EOL/EOS.

When we buy Mikrotik, we buy a bunch, setups a lab, try the features we need and see if it's feasible. Run for some weeks. Then we buy N+1. This is often for setups that is more "office hours" or "some days" level of service. Then we pay $0 as long as it lasts. The Cisco-deluxe-appraoch would simply not be economical for some solutions.
 
tippenring
Member
Member
Posts: 304
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 6:22 pm

5. Yes. The client has to decide how much they want to invest in their security posture. It is ultimately up to them. My job is to advise them of their options, risks, etc, so they can make informed decisions.

I've been involved in the security planning and execution for a number of large companies as well as mitigation of breaches that later became public for a few of them

And here is the sad reality...for medium & large enterprises, it's cheaper to deal with a breach than spend the money needed to secure the org. Companies know this and spend accordingly

I don't disagree with your points on securing and auditing services that are vectors of attack, but I found plenty of issues with Cisco / Juniper gear in the breaches i've been involved with. Which had more to do with outdated versions of network operating systems and outdated applications that support networking like AAA / Identity Management / Wireless Controllers / Etc

The number of proprietary extensions to standards based protocols in Cisco and Juniper is staggering, so it's only fair to paint them with the same brush
I completely agree. Many orgs think breaches aren't expensive, and if they can keep it quiet, they usually aren't very expensive.

Extortion breaches (usually ransomware, but they actually don't *need* to encrypt anything if they've exfiltrated the data) lately are getting substantially more expensive, so I'm hoping the big guys start to see at least some value in some security-posture improvements.

Some basic security-oriented changes don't have to be expensive. I have networks with 50 VLANs at different security levels (security domains or enclaves) because some VLANs don't need to talk to other VLANs except in very specific ways (or even at all). The idea being that if a network segment or enclave were compromised, an attacker can't easily move around to the rest of the networks.
 
User avatar
harry66
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Aug 26, 2020 6:30 pm

I've been involved in the security planning and execution for a number of large companies as well as mitigation of breaches that later became public for a few of them

And here is the sad reality...for medium & large enterprises, it's cheaper to deal with a breach than spend the money needed to secure the org. Companies know this and spend accordingly
It's not that black and white as you say. The companies business structure and process make a big difference.
As an example I was directly involved in 2019 biggest ransom attack - it is my employer that was held at ransom with a widely encrypted infrastructure.
Even though the attack did not reach full effect, it had a dramatic impact. There is a point in your business process where you balance spendings in security against possible business impact. It can easily happen, that the business impact is so huge (including physical damage) that you will immediately run out of money for any recovery. Just as an example: Chemical process with lots of molten metal. If the metal freezes, you have to build you factory from scratch.

So there is seldomly a thing like black or white. The solution is always somewhere in the grey :-)

/Uwe
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 11:50 am

As an example I was directly involved in 2019 biggest ransom attack

On the right side I hope? ;-)
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 3:19 pm

I'm no expert on this matter.

But here's my opinion anyway:

Why are governments/companies expecting a single device to do everything? Routing/Firewalling/DPI? Don't they understand CPU cycles or what?

If the networking tasks are offloaded, it would benefit the very company/government in the long run. And simplify management.

I live in a country where internet censorship is rivalling China's. And the pain that ISPs/Corps go through just to satisfy the government's demands is crazy and costs them money, time and waste of CPU cycles. And many of these companies do not have the capital to like block some specific URL that may/may not change and hence block the entire domain.

Governments creates more problems than it solves for the telecommunications industry. Old people who can barely cope with VLC media player.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 3:45 pm

Don't they understand CPU cycles or what?

Generally, no - people don't tend to realise that network devices are computers with a CPU, RAM, storage and IO with inherent resource constraints. I fell slightly into this camp until I started learning RouterOS in more detail and started to realise how it all works together.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 3:47 pm

Don't they understand CPU cycles or what?

Generally, no - people don't tend to realise that network devices are computers with a CPU, RAM, storage and IO with inherent resource constraints. I fell slightly into this camp until I started learning RouterOS in more detail and started to realise how it all works together.
That explains why world governments are so horrible with techno-politics.

A router vendor in my local area once said a router does not have RAM. And he calls himself a network expert. What a sad world we live in.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 919
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 4:01 pm

Most people use MikroTik because
1) It's versatile and reliable
.........
3) The price point is *so* much better than Cisco, Juniper, etc

If MikroTik incorporated all of the suggestions to make them more like Cisco and Juniper, the price would go up and we'd lose everything that makes everyone want MikroTik in the first place.
IPAsupport, excellent perspectives.
Its not possible for MikroTik to compete against Cisco Juniper, etc because ... on a line item basis ... Cisco, Juniper etc features and capabilities are so much more advanced from the get go.

IMO, MikroTik has a very good balance of features and capabilities that makes for a strong Value Proposition that does appeal to many otherwise the MikroTik business model would have by now failed.

To get Big Contracts one needs a solid reputation plus the ability to play the game of the politics of Power ..... in most state institutions the politics of power determine who get the contract. The Big Boys [in the IT industry] know and understand that game .... for the small organization its near impossible to play in that segment unless one is very lucky and fate is kind. :-) So best advice I can give is -- do not compete in that space unless you become very luck and chance has opened that door.

One aspect that does surprise me in terms of MikroTik is how far behind Tik Switches are insofar as L3 line rate processing goes .... L3 line rate processing has been around for 20 years and its only now that Tik [via RouterOS v7beta2] I see the possibility of L3 line rate processing coming to fruition.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 4:26 pm

Don't they understand CPU cycles or what?
Generally, no - people don't tend to realise that network devices are computers with a CPU, RAM, storage and IO with inherent resource constraints. I fell slightly into this camp until I started learning RouterOS in more detail and started to realise how it all works together.
That explains why world governments are so horrible with techno-politics.
A router vendor in my local area once said a router does not have RAM. And he calls himself a network expert. What a sad world we live in.
And even beyond, "SDN" (Software Defined Networking) is there. On the Cisco 9000 Catalyst "switches" series (x86 CPU) there is concept of app-hosting where it can run (docker) containers with you own apps. There are some interesting use-cases to (pre)process certain traffic-flows straight on the switching chassis. (without sacrificing any performance) or have some IPS/IDS probes deployed there.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 4:30 pm

Don't they understand CPU cycles or what?
Generally, no - people don't tend to realise that network devices are computers with a CPU, RAM, storage and IO with inherent resource constraints. I fell slightly into this camp until I started learning RouterOS in more detail and started to realise how it all works together.
That explains why world governments are so horrible with techno-politics.
A router vendor in my local area once said a router does not have RAM. And he calls himself a network expert. What a sad world we live in.
And even beyond, "SDN" (Software Defined Networking) is there. On the Cisco 9000 Catalyst "switches" series (x86 CPU) there is concept of app-hosting where it can run (docker) containers with you own apps. There are some interesting use-cases to (pre)process certain traffic-flows straight on the switching chassis. (without sacrificing any performance) or have some IPS/IDS probes deployed there.
x86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etc
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 5:10 pm

x86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etc
Although that gap is closing rapidly... Apple wouldn't drop Intel for ARM if they weren't sure their own bespoke chips could compete.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 6:11 pm

Don't they understand CPU cycles or what?
x86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etc
Intel® x86 CPU complex with 8-GB (DDR4 2400 MT/s) memory, and 16 GB of flash and external USB 3.0 SSD pluggable storage slot to host containers
Sure these are 64-bit CPU's, New 1.8-GHz x86 quad-core CPU for the CAT9300 , the CAT9400 has 4-core 2.4Ghz

So yes ... they pack a lot of performance.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 6:34 pm

So yes ... they pack a lot of performance.
Should jolly well hope so for £3,500!! Do Mikrotik do a 48 port switch? I can find MikroTik CRS328-24P so would need two for £750. Serious question, what extra does the Cisco Catalyst 9300 bring to the table?
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 6:56 pm

So yes ... they pack a lot of performance.
Should jolly well hope so for £3,500!! Do Mikrotik do a 48 port switch? I can find MikroTik CRS328-24P so would need two for £750. Serious question, what extra does the Cisco Catalyst 9300 bring to the table?
stacking, stack-power, SDN (Simplified device deployment//Unified management of wired and wireless networks//Network virtualization and segmentation//Group-based policies//Context-based analytics) POE+ and 60Watt UPOE (Cisco Universal Power over Ethernet)
SD-Access Embedded Wireless => So a Cisco 9800 Wireless LAN controller can be installed as a software packages on the 9300 for small deployments (200 AP's / 4000 clients)
Some advanced security AES256 for MACSEC
...

Mikrotik has a 48-port model. Their topmodel : CRS354-48P-4S+2Q+RM (Layer 2 !! If you attempt some Layer3 the performance suffers ... a lot, the performance stats don't look pretty)

So yeah, 2 different products for different markets I would say. I would not put the Cat9300 for an office switch for example, waaaaay too expensive for that. But it all depends on the requirements.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1741
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 7:17 pm

So yes ... they pack a lot of performance.
Should jolly well hope so for £3,500!! Do Mikrotik do a 48 port switch? I can find MikroTik CRS328-24P so would need two for £750. Serious question, what extra does the Cisco Catalyst 9300 bring to the table?

For context (because i'll probably be called a "Cisco hater" :-) I am a currently certified CCNA and CCNP R&S.

I've not been really impressed with Cisco's recent CAT9K, Nexus 9K or ASR9K offerings. They aren't competitive to Arista, Aruba and Juniper and Cisco's software quality is probably the worst it's ever been in the 21 years i've been working on Cisco equipment.

We have clients that use ASR, CAT9K and N9K and it's seriously overpriced for what you're getting. And don't even get me started on the NCS series...we recently had to move a 200G / 20 Node service provider transport ring over to Nokia because the bugs were so bad on Cisco NCS. The licensing is awful too...it's insanely expensive - even for the clients I work with that spend millions or tens of millions of dollars on their network budget annually.

I tend to use MIkroTik when there is a product that fits the use case I need, but if there is something outside of the current MIkroTik product family, i'll use whitebox like Edge Core, Dell and Delta/Agema or Nokia, Juniper, Arista or Extreme/Dell.

Cisco peaked about 5 to 10 years ago and they've been in a slow decline ever since.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 7:32 pm

True that I consider Cisco today more really as a software company, where 5-10 years ago "hardware" was more the focus with monolithic software designs.
Agree on the licensing too, you almost need a phd to understand that (same with Microsoft etc) and pricing.

Like you say, sooo much equipment out there to "fit" the needs of customer / project. What a joy there is so much to choose from.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1741
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 7:45 pm

True that I consider Cisco today more really as a software company, where 5-10 years ago "hardware" was more the focus with monolithic software designs.
Agree on the licensing too, you almost need a phd to understand that (same with Microsoft etc) and pricing.

Like you say, sooo much equipment out there to "fit" the needs of customer / project. What a joy there is so much to choose from.

They certainly are trying hard to become a software and services company and they recently discussed the idea of buying core network hardware "as a service" in response to the stock falling. I think many customers are tired of the "As a Service model" mainly due to public cloud. "XaaS" creates large OPEX budgets at a time when companies are trying to lower OPEX.

This is why I see a huge value in MikroTik and have been a fan for almost a decade....in the example I gave, the company was prepared to spend $200K CAPEX and the same workload was handled by $5K. Spend part of the difference on training or outside help and the company will still save significant amounts of money while providing the same level of service.

It's true that many companies still want the "fuzzy warm blanket" of 24/7/365 support whenever it is needed, but we are starting to see that attitude change as budgets get smaller due to the global pandemic.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 8:49 pm

Aside - anyone else think that massive PoE switches are on the danger list with the use of physical handsets being on the wane? My largest client moved office just before the pandemic and I finally got them to dump the handsets. They've gone pure Teams telephony with USB headsets and/or using their mobile. So the PoE requirement was just six PoE access points in an office of 80.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 9:14 pm

Aside - anyone else think that massive PoE switches are on the danger list with the use of physical handsets being on the wane? My largest client moved office just before the pandemic and I finally got them to dump the handsets. They've gone pure Teams telephony with USB headsets and/or using their mobile. So the PoE requirement was just six PoE access points in an office of 80.
We (well, our customers) use PoE+ mainly for powering Wireless AP's
These Wifi6 AP's are packed with technology and consume up to 30Watts of power (hence PoE+)
I'm now also busy facilitating the onboarding of 100+ advanced AI IP-camera's on the network (FullHD,4K,image-recognition onboard etc) and they also draw some power ;-)
And then there is Cisco UPOE / 802.3bt delivering up to 90Watts of power! Many applications on IoT, powering displays, LED display arrays for office lightning.

"phones on the desk" are gone already for some time now.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 919
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 9:18 pm

It's true that many companies still want the "fuzzy warm blanket" of 24/7/365 support whenever it is needed, but we are starting to see that attitude change as budgets get smaller due to the global pandemic.
https://www.statista.com/statistics/271 ... ince-2006/
In 2020, Cisco's revenue amounted to 49.3 billion U.S. dollars

In the first quarter of 2020, Cisco had a share of 52 percent of the global market Ethernet switch market, whilst Huawei occupied just over eight percent of the market. Ethernet switches are an integral piece of information technology (IT) infrastructure, capable of receiving, processing, and transmitting data between two devices connected by a physical layer. At their most basic, switches are able to forward data selectively to one or more connected devices on the same network. In this way, Ethernet switches can control the flow of traffic passing through a network, maximizing the network's efficiency and security. More advanced Ethernet switches, called managed switches, are also capable of providing additional functions, such as network load balancing, address translation, or data encryption and decryption.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 11:29 pm

>In the first quarter of 2020, Cisco had a share of 52 percent of the global market Ethernet switch market,

I know that switches can have all sorts of features what with all the layers, VLANs etc. But don't the majority of then end up just switching packets as fast as possible around the LAN? Now routers and firewalls - they are very different beasts.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 11:32 pm

"phones on the desk" are gone already for some time now.
Hmm, I'm not so sure although one plus (ha!) of the pandemic is that desk phones have rarely followed people home and their business has continued to communicate. I got a gold star for recommending my client got rid of them - lucky timing...
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 919
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Aug 27, 2020 11:44 pm

>In the first quarter of 2020, Cisco had a share of 52 percent of the global market Ethernet switch market,

I know that switches can have all sorts of features what with all the layers, VLANs etc. But don't the majority of then end up just switching packets as fast as possible around the LAN? Now routers and firewalls - they are very different beasts.
https://www.globenewswire.com/news-rele ... table.html

Cisco's market share in switches and routers was 51% in Q1, meaning that for eight of the last twelve quarters it has been over the 50% mark. Across the three main markets, Cisco's Q1 share was 57% for Ethernet switches, 65% for enterprise routers and 35% for service provider routers.May 28, 2020
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Aug 28, 2020 12:32 am

The point I was trying to make, poorly, is that my suspicion is that a vast majority of Cisco switches are underused, functionality wise. In fact, most switches are just, err, rather boring switching devices delivery packets around the network.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Aug 28, 2020 2:36 am

x86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etc
Intel® x86 CPU complex with 8-GB (DDR4 2400 MT/s) memory, and 16 GB of flash and external USB 3.0 SSD pluggable storage slot to host containers
Sure these are 64-bit CPU's, New 1.8-GHz x86 quad-core CPU for the CAT9300 , the CAT9400 has 4-core 2.4Ghz

So yes ... they pack a lot of performance.
So technically they are x64 CPUs.
 
OnixJonix
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Aug 28, 2020 7:58 am

Thanks boys again....we all know CISCO is one way to go... (but not mine...) but this is not idea of topic- more focus on MT! Do you have large scale network running on MT? What i need to consider going with MT?
But as i read...
1. Not realy good support and documentation (except forum of course)
2. how many IT gurus so many opinions... so it mean going with MT is not wrong but not so safe as going with BIG guns... i think i can take it...
3. Need LAB devices for testing and devices in shelf for backup (for HW fault)

TOPIC is still hot so post your experience and opinions!
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1350
Joined: Mon Sep 23, 2019 1:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Aug 28, 2020 8:23 am

There's nothing hot about this topic.
You say you're from Latvia, give MikroTik a call to help you choose the hardware based on your not yet mentioned requirements (since MikroTik is a Latvian company, as you know already, right?).
Unless you're not from there and everything you've said here is complete .. well.. you know the word (your replies aren't in your favor either).
And this "partners are very skeptic..." smells fishy too, I think that "your partners" are only skeptic about your ability to handle that deployment. And IF you lack the knowledge to handle it, you shouldn't. Or else you'll blame the hardware in the end if you don't know how to set it up and nobody will be happy <- valid no matter which way you go (MikroTik/Cisco/etc).
You could run a network with TP-Links or Repotecs and have stacks of replacements ready to swap if they fail, lol. But, again:
There are lots of ISPs and WISPs out there using MikroTik equipment (or even the above mentioned TP-Link and Repotec) how is that going to help your case though? It won't.
 
User avatar
leemans
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Thu Apr 07, 2005 12:55 am
Location: Belgium
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Aug 28, 2020 10:06 am

Mikrotik is nice and very good but it's missing it's own Central and Remote Management Solution like the bigger Companies like Cisco, HP, Ubiquity and even Barracuda have.
Configuration of these devices is done Remotely from this Central Management Platform.
This is a point they really have to tackle before they're devices will be massively used in very large environments.
They're still missing Stacked Switches like Dell has (there you can have up to 8 switches stacked into 1 big switch).
But there new products are getting more performant and piece by piece they're working on it to fill the GAP between the bigger Ones.
 
hostclub
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue May 12, 2020 2:23 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Aug 28, 2020 12:15 pm

Some mikrotik devices would be very nice, if they would DO the things they should DO. But many times, they dont.

Lets take for example the switch CRS354, a device with 48 x 1 gbps port. This device would be use in businees, critical, enterprise etc . Usually home users dont need such devices. This should be a simple devices, as design. A device that, besides the options that routerOS offer, should forward traffic to other equipment/servers etc. But many times, this device fails and no traffic is forwarded. This is a 4 month old issue, but Mikrotik cant/wont fix it, due to the fact that many customers issue with the switches.

So...would you trust this vendor to deploy their hardware in a major project?

Or would you prefer an equipment with less features but that would actually work and do the job that was made for ?
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Aug 28, 2020 1:19 pm

Does MK have so many problems when used in big scale? Your experience?
It depends what you need. Which products would you like to buy?
- Layer 2 switches
- Layer 3 switches
- Point-to-Point wifi
- access points for e.g. school classes or libraries
- firewalls
- ...?
 
OnixJonix
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?  [SOLVED]

Sat Aug 29, 2020 7:58 am

Thanks all!
I deside to go with MT devices in my LAN network, but on gateway it seems i will go with Palo Alto.
 
geneb846
just joined
Posts: 6
Joined: Fri Jul 10, 2009 2:27 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Sun Aug 30, 2020 8:05 am

I use mikrotik for my bras. Over the last few months, I started moving the gateways to juniper mx 204. Because of static addresses, it could take 20 plus seconds for the routes to come up in the mikrotk with a full route. The juniper only took a few seconds to update from the bras.

Sent from my SM-T860 using Tapatalk

 
hostclub
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue May 12, 2020 2:23 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Sun Aug 30, 2020 10:19 am

I use mikrotik for my bras. Over the last few months, I started moving the gateways to juniper mx 204. Because of static addresses, it could take 20 plus seconds for the routes to come up in the mikrotk with a full route. The juniper only took a few seconds to update from the bras.
Juniper îs The King of routers. Can not compare mikrotik with Juniper.

Also, juniper price îs very high.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Sun Aug 30, 2020 10:44 am

I use mikrotik for my bras. Over the last few months, I started moving the gateways to juniper mx 204. Because of static addresses, it could take 20 plus seconds for the routes to come up in the mikrotk with a full route. The juniper only took a few seconds to update from the bras.
Juniper îs The King of routers. Can not compare mikrotik with Juniper.
Also, juniper price îs very high.
The Juniper MX204 (part of the 5G Universal Routing Platform series) has some bad-ass ASIC architecture handling A LOT of aspects within these ASIC's and because of this obviously enabling blazing speeds of 400Gbit/sec in a 1U chassis !! (support 40/100GigEthernet interfaces)

https://www.juniper.net/documentation/e ... O_MX5G.pdf
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Sun Aug 30, 2020 10:45 am

I use mikrotik for my bras. Over the last few months, I started moving the gateways to juniper mx 204. Because of static addresses, it could take 20 plus seconds for the routes to come up in the mikrotk with a full route. The juniper only took a few seconds to update from the bras.
Juniper îs The King of routers. Can not compare mikrotik with Juniper.
Also, juniper price îs very high.
The Juniper MX204 (part of the 5G Universal Routing Platform series) has some bad-ass ASIC architecture handling A LOT of aspects within these ASIC's and because of this obviously enabling blazing speeds of 400Gbit/sec in a 1U chassis !! (support 40/100GigEthernet interfaces)

https://www.juniper.net/documentation/e ... O_MX5G.pdf
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2171
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Sun Aug 30, 2020 1:48 pm

They certainly are trying hard to become a software and services company and they recently discussed the idea of buying core network hardware "as a service" in response to the stock falling. I think many customers are tired of the "As a Service model" mainly due to public cloud. "XaaS" creates large OPEX budgets at a time when companies are trying to lower OPEX.

This is why I see a huge value in MikroTik and have been a fan for almost a decade....in the example I gave, the company was prepared to spend $200K CAPEX and the same workload was handled by $5K. Spend part of the difference on training or outside help and the company will still save significant amounts of money while providing the same level of service.

It's true that many companies still want the "fuzzy warm blanket" of 24/7/365 support whenever it is needed, but we are starting to see that attitude change as budgets get smaller due to the global pandemic.
We saw the exact same trend during the GFC when I was based in New Zealand, which is why I switched my focus from Juniper to Mikrotik during this period. Once the economy recovered and money was flowing more freely, I started using Juniper/Cisco routers again where it was beneficial to do so e.g. stable MPLS ;)
 
User avatar
kehrlein
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Jul 09, 2019 1:35 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Sun Aug 30, 2020 8:42 pm

[...]
This is very annoying. No other vender forces you to learn three ways to do simple VLAN stuff.
[...]
MikroTik does not - it's not *wrong*, it's just not they way they do it. Once you realize this, you can design and use it accordingly.
Okay, then I wasn't clear enough: no other vendor forces you to learn three different configuration styles per device.

I am well aware of IOS-XR and IOS Layer-2 configuration styles, since I use them daily.
You either got briding-configuration with subinterfaces in IOS-XR
or port-VLAN-configuration in IOS.

For sure there is a third style: Port-membership-configuration per VLAN like in Brocade FastIron oder ICX devices.

But again: these vendors do not force you to learn three different configuration styles per device


I totally agree! Even if I am very familiar with MT products and do like them very much.
 
User avatar
harry66
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Sep 10, 2020 9:31 am

What I think the point is: Mtik is a good adaptation of the hardware near functionality. I compare this with designing UDP around IP, compared to TCP with far more bells and whistles.

Just to give some examples:
  • Handling of L2 config is a constant hassle with a steep learning curve and prone to config errors
  • Network zone design not supported. Of course you can work with network zone (and you should) but you have to deal with this on your own by using interface groups and dedicated firewall chains. The config interface does not support you in that by wrapping things as zones. It is like programming object oriented in C instead of C++. Of course you can do it, but you are lacking the support (in making meaningful and error-free design) from your compiler.
  • Missing macro function in firewall rules design. There is no way to define a rule set as a template and use that. In turn you have to carefully apply changes to very single occurrence of a functional block in your rule set.
  • Some hard limitations in scripting. Did you ever try to copy a file locally? Rather important if you need to deploy some things to your environment. Does anyone remember, that there was Lua?
  • Upgrade procedures. I can only to a certain degree understand that the kernel (aka Routerboard upgrade) is a separate step. But there really should be a button to make this automagic.
These are just some examples that I pull from my head where I see the difference in maturity in day-to-day use compared to the "big guys".

Another thing is the product lifecycle:
  • Mtik does not maintain a feature timeline. You never know, what they have in the pipe.
  • And even if there is a discussion around the integration of a new feature, you don't know when it will be available (see wireguard)
As a consequence you don't know what you are investing in. And please don't argue with cheap hardware. A am talking about overall integration efforts in rolling out and developing internal capabilities of operating and environment.

Did you ever look at the question: Whom do I call if I want to get things done with external support?
Let's change the angle of view: If you want to make a business from selling network services, would you want to sell Mikrotik if you can't tell your customer about feature timelines? Would you want to take the risk of telling the customer, that the Mikrotik solution will hit hard limits in scaling up with his business? Just because efficient tools for a bigger fleet management are missing?

I think these are the main reasons why Mikrotik only serves a small niche and is not considered as an industry standard.
In Ericsson we always said: Know your numbers. Mikrotik is good for home use, small office, maybe some university campus and all the not so critical stuff that will survive a day of maintenance. For everything else you have to make compromise.

/Uwe
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Sep 10, 2020 12:16 pm

I would say the firmware could be upgraded automatically. Just for me it is something that I have switched off.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Sep 10, 2020 12:27 pm

I had to upgrade the firmware on managed Netgear switch yesterday. That wasn't fun! But that just shows that it's all about familiarity and the general level of support/understanding. It was hard on the Netgear because it wasn't obvious - was looking for "Upgrade firmware" in web.
 
kos
Frequent Visitor
Frequent Visitor
Posts: 64
Joined: Mon Oct 31, 2016 11:51 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Tue Oct 13, 2020 1:56 pm

Some of the worst reasons:

No one cares about CCR1072 watchdog reboot:

viewtopic.php?f=3&t=122525&start=100

You bought a very nice product once and normally after that, you buy another one, which is in the same box, but consist only the half of the content:

viewtopic.php?f=2&t=156887

Fake test results:

viewtopic.php?f=2&t=150484&p=741520&hil ... ce#p741520
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Dec 23, 2020 12:50 am

Mikrotik cannot be used in enterprise. Its only for home with low-speed wan.
Its too bugged and have very poor support.
For example - see CCR\GRE\IPSEC saga:
viewtopic.php?t=84465
viewtopic.php?t=87892
viewtopic.php?t=88432
viewtopic.php?t=88991
viewtopic.php?t=93466
viewtopic.php?t=94625
viewtopic.php?t=95118
viewtopic.php?t=97164
viewtopic.php?t=102564
viewtopic.php?t=109068
viewtopic.php?t=112545
viewtopic.php?t=113437
viewtopic.php?t=115696
viewtopic.php?t=119051
viewtopic.php?t=140855
viewtopic.php?t=146665
viewtopic.php?t=161313

And problems still exist.
I have an open request for technical support, but they still haven't found a solution to the problem.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Dec 23, 2020 11:41 am

Mikrotik cannot be used in enterprise. Its only for home with low-speed wan.
Its too bugged and have very poor support.
For example - see CCR\GRE\IPSEC saga:
viewtopic.php?t=84465
viewtopic.php?t=87892
viewtopic.php?t=88432
viewtopic.php?t=88991
viewtopic.php?t=93466
viewtopic.php?t=94625
viewtopic.php?t=95118
viewtopic.php?t=97164
viewtopic.php?t=102564
viewtopic.php?t=109068
viewtopic.php?t=112545
viewtopic.php?t=113437
viewtopic.php?t=115696
viewtopic.php?t=119051
viewtopic.php?t=140855
viewtopic.php?t=146665
viewtopic.php?t=161313

And problems still exist.
I have an open request for technical support, but they still haven't found a solution to the problem.
Yeah, dude forget about bugs and performance issues. RouterOS does not even have NPTv6 among a bunch of other core networking features.

I'm leaving MikroTik for VyOS in the near future. MikroTik is good enough to deploy for home users who are tech-savvy though, better than consumer-grade devices for sure.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Dec 23, 2020 1:41 pm

Many of those posts are several years old and appear to focus mainly on IPSEC?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21224
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Dec 23, 2020 3:45 pm

Mikrotik is nice and very good but it's missing it's own Central and Remote Management Solution like the bigger Companies like Cisco, HP, Ubiquity and even Barracuda have.
Configuration of these devices is done Remotely from this Central Management Platform.
This is a point they really have to tackle before they're devices will be massively used in very large environments.
They're still missing Stacked Switches like Dell has (there you can have up to 8 switches stacked into 1 big switch).
But there new products are getting more performant and piece by piece they're working on it to fill the GAP between the bigger Ones.
Some equipment is specific in nature such as the Barracuda equipment which is primarily known (in my day) for handling the email side of things.
Nothing wrong wtih getting the right peripherals for the job as has been noted time and time again. Knowing the requirements and all the use cases, will drive the right solution every time, plain and simple.
 
mada3k
Forum Veteran
Forum Veteran
Posts: 737
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Dec 25, 2020 12:48 pm

There is for certainly many millions of dollars put in to R&D there.
 
flameproof
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Sep 01, 2015 3:17 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Dec 31, 2020 1:09 pm

I chip into this one as someone who has deployed 50+ CCRs (from 1016 all the way to 1072s), and some 15.000 CPEs (hAP Lite mainly), with very basic requirements - we keep our architecture purposefully "light" so as to not need OSPF or BGP experts in field services, it's all very basic flat L2 networks with clever filtering, isolation, etc.

However...

When we hit a brick wall in terms of performance (DNS resolver, PPPoE server, etc.) we find we have zero ways to properly debug the bottleneck (including no real interest from support), or even measure where the trigger point is for failures. We've had 1016s running 700+ PPPoE clients not failing, yet a 1072 won't handle more than 1200. There doesn't seem to be a correlation between box size and capabilities, so why do I care if a 1072 has 8x SFP+ cages, if it cannot move more than 1.5 Gbps when acting as a BRAS? Our core 1072, however, moves over 10Gbps on two BGP upstream connections...

We are testing splitting BRAS / NAT functionality across two CCRs (suggested by other community members), but that instantly doubles our cost base, in a market where $15/mo for a 5Mbps service is luxury.

I quite like Mikrotik, it has its place in our network, but it's definitely not in the same league as the Junipers of the world (won't mention the C-word...). You get what you pay for, indeed - which is not meant in derogatory manner, just as a fact-of-life. You can have the same argument over Samsung phones vs. any of the cheap sub-$50 Chinese vendors.
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 08, 2021 2:44 pm

What about the story with "stable" version 6.48? They released a buggy version a week before the new year, and there is still no fix!
They haven't even removed it from the download page!
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1350
Joined: Mon Sep 23, 2019 1:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 08, 2021 3:09 pm

I'm sure that every admin out there that respects his job went ahead and quickly updated all his production routers and switches just before new year not even a day after the build was released.
That admin that did such a thing is not "industry standart (whatever a standart is)".
Also the stable releases that go through a version bump from 6.xx to 6.yy (switching from the test channel) are known to have a few uncaught bugs before release, more reasons to not update right away when such a version change occurs.
Also there is always the downgrade option.
Cheers.
 
User avatar
R00tKit
just joined
Posts: 9
Joined: Fri Nov 07, 2014 12:24 am

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Jan 14, 2021 4:40 pm

I'm sure that every admin out there that respects his job went ahead and quickly updated all his production routers and switches just before new year not even a day after the build was released.
That admin that did such a thing is not "industry standart (whatever a standart is)".
Also the stable releases that go through a version bump from 6.xx to 6.yy (switching from the test channel) are known to have a few uncaught bugs before release, more reasons to not update right away when such a version change occurs.
Also there is always the downgrade option.
Cheers.
I am sorry but I find your dissing of the people who upgraded (myself included) appalling and I believe it misdirects the blame to the user instead of the company.

I love Mikrotik products, just like I love any networking company that makes good products. I have been using Cisco, Juniper and Mikrotiks depending on the needs of each business case I come across.

By now, I have learned the hard way to be cautious with new releases from Mikrotik and for a new release to have some bugs is expected. Any person using Mikrotiks over the years who can learn a lesson has been "trained" to do so.

This does not mean that we should think that this is an acceptable business practice, and that we should shift the blame to the poor people who put their trust on this company, first by buying their products and then by upgrading them when a new release on the *stable* channel comes up.

I also disagree with the people who constantly nag about it too. We have learned to expect such fails every now and then. Report the bugs you encountered and either downgrade and move on, or wait for the next release. It is not drama, it is networking.

Apart from ranting, my personal response to the topic starter is the following: Use your common sense and buy the appropriate products for the situation. It is true that Mikrotiks can perform just as good as a cisco, and especially in small installations you can buy two of them (if we are talking about routers), configure VRRP and you will still be on 1/10th of the price of one equivalent cisco router. It all depends on your knowledge of each hardware and your needs. There is no "one size fits all" in the networking world, you need to adapt.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Jan 14, 2021 5:13 pm

Bugs occur with any manufacturer. I have been fighting with CISCO bugs as well as with MikroTik, and the problem with CISCO is that they only help you when you have an expensive support contract (instead of taking reports of bugs from everyone who has bought their products for big money and deserves a working product without paying more).

And about updating: in general it is best to not update to a 6.xx version released to stable. Wait for the 6.xx.2 or above.
MikroTik tend to release testing versions to stable with known open bugs, and of course always when a beta is widely deployed new bugs are discovered that those that installed the betas did not see, or reported and did not get fixed.
As soon as the stable version is widely deployed usually a storm of bug reports come in (see the 6.48 release topic) and a new version .1 and .2 etc appears that slowly becomes the real stable.

I normally never update a production device to a 6.xx release. Only some testing CHR and/or some for-playing device.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1741
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Jan 14, 2021 5:35 pm

The software quality of major network vendors like Cisco/Juniper has gone down in the last 5 years as they lean more on customers for QA.

We've been incredibly successful using the long term version of RouterOS in production networks for both enterprise and service provider.
 
mada3k
Forum Veteran
Forum Veteran
Posts: 737
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Jan 14, 2021 7:24 pm

When we hit a brick wall in terms of performance (DNS resolver, PPPoE server, etc.)
....
We are testing splitting BRAS / NAT functionality across two CCRs (suggested by other community members), but that instantly doubles our cost base, in a market where $15/mo for a 5Mbps service is luxury.
You really should try to move away from PPPoE. It's a real performance hog. Running a DNS resolver can be done on any Linux-box, or just use some public ones.

And yes, splitting up functionally is key for scaling up. One big box that does everything won't make it in the long run. Cisco and Juniper professionals will laugh if you suggest to run everything and some services on the same box.
 
flameproof
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Sep 01, 2015 3:17 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Jan 14, 2021 7:28 pm

Sooooo move away from PPPoE to what exactly? We are talking 15.000 CPEs, I’m open to suggestions.

Movistar, my home fibre ISP, with millions of customers, runs PPPoE...
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Thu Jan 14, 2021 9:13 pm

Sooooo move away from PPPoE to what exactly? We are talking 15.000 CPEs, I’m open to suggestions.

Movistar, my home fibre ISP, with millions of customers, runs PPPoE...
The company I work for also has millions of PPPoE users/customers too ;-)
But we are running several "areas" & "sub-areas" in the country each with our gear to terminate PPPoE sessions (Nokia).
Looking at the stats, I would say they handle up to about 7k subscribers max but some lower density sub-area's (smaller towns) perhaps only have 1500 or 2000 users on it.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1741
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 15, 2021 4:40 pm

Sooooo move away from PPPoE to what exactly? We are talking 15.000 CPEs, I’m open to suggestions.

Movistar, my home fibre ISP, with millions of customers, runs PPPoE...

This really depends on why you want PPPoE. In 2021, PPPoE is typically deployed because you want:

1) Traffic accounting via RADIUS
2) Efficient IPv4 utilization with /32 routing

If neither of those are concerns, i'd look at moving to DHCP + Option 82 + RADIUS for IPv4 and DHCPv6-PD for IPv6. Then utilize a QoE system for intelligent shaping

We've designed and built ISPs with 100,000+ subscribers using that approach. Moving the CPEs will require some effort and the best thing to do is put new subscribers on DHCP and then migrate one section of the network at a time. Run both PPPoE and DHCP until you've migrated everything.
 
flameproof
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Sep 01, 2015 3:17 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 15, 2021 5:09 pm

The company I work for also has millions of PPPoE users/customers too ;-)
But we are running several "areas" & "sub-areas" in the country each with our gear to terminate PPPoE sessions (Nokia).
Looking at the stats, I would say they handle up to about 7k subscribers max but some lower density sub-area's (smaller towns) perhaps only have 1500 or 2000 users on it.

We also divide our network up, we have some 15 network areas now. Simply saying "move away from PPPoE" does not help, specially while also saying "my company has millions of PPPoE customers". My complaint is we don't have clear specs as to how many sessions will be supported by a given hardware scenario.

If neither of those are concerns, i'd look at moving to DHCP + Option 82 + RADIUS for IPv4 and DHCPv6-PD for IPv6. Then utilize a QoE system for intelligent shaping

Thanks for this suggestion, our issue is we need traffic accounting in some cases, and we need to know what our users are consuming for tight dimensioning of our quite expensive upstream supply (we operate in Africa).
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1086
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 15, 2021 6:45 pm

We also divide our network up, we have some 15 network areas now. Simply saying "move away from PPPoE" does not help, specially while also saying "my company has millions of PPPoE customers". My complaint is we don't have clear specs as to how many sessions will be supported by a given hardware scenario.

Thanks for this suggestion, our issue is we need traffic accounting in some cases, and we need to know what our users are consuming for tight dimensioning of our quite expensive upstream supply (we operate in Africa).
PPPoE for sure is going to stay where I work. With the scale-out we do across the country I don't think there is any concern on "performance"

For your accounting -> Not possible to use an external device either connected on the network with a "tap" device (3 port, in-out-tap) or some 2-port NIC that has "pass-fail" capabilities and will act as a piece of wire in case it breaks down just to avoid interruptions?
You can do all the accounting you want, non-intrusive and salable.
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 22, 2021 11:28 am

a MONTH(!!!) has passed since the bugged version 6.48 appeared! this version remains presented on the download page!
there are still no fixes!
in my opinion this is an EPIC FAIL!
such a company should leave the market.
 
huntermic
Member Candidate
Member Candidate
Posts: 111
Joined: Wed Oct 26, 2016 3:42 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 22, 2021 11:38 am

a MONTH(!!!) has passed since the bugged version 6.48 appeared! this version remains presented on the download page!
there are still no fixes!
in my opinion this is an EPIC FAIL!
such a company should leave the market.
They shouldn't leave the market but they sure do have a lot of work left in making things a bit more stable and predictable.
The current 'Stable' versions are getting worse and the time we are waiting for a usable ( for at least the basic stuff ) V7 beta is getting ridiculous.
Not even to start on WIFI. I had to get accesspoints from another brand ( tp-link eap245 ) to get stabe wifi, couldn't get that with Mikrotik stuff.
They should focus on routers only.
It is better to do one thing good than multiple things worse.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 22, 2021 11:57 am

As I already wrote above: in general it is best to not update to a 6.xx version released to stable.
In the MikroTik world, "stable" does not mean stability in performance, but stability in updating.
"testing" is the version where new things are tried out and regular new versions appear, "stable" is the version which is not updated so often and where usually no major new features will be added within the sub-versions.
It does not mean the system will be stable. Especially not when the testing version has just been promoted to stable: that is the moment when suddenly a much wider audience is going to test the new version and a lot of bugs appear that were missed during the testing phase.

When you need a stable system (as opposed to a stable version), wait until a couple of updates have appeared in the new stable channel, e.g. 6.xx.2 or 6.xx.3
That is when the new bugs discovered and reported by a wide audience have been fixed.

Until then it is better to remain at a long-term version or just take the last version in the previous stable channel (6.47.8 in this case).

This "hickup" every time a new stable release appears is annoying, but you can work around it.
 
huntermic
Member Candidate
Member Candidate
Posts: 111
Joined: Wed Oct 26, 2016 3:42 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 22, 2021 12:11 pm

As I already wrote above: in general it is best to not update to a 6.xx version released to stable.
In the MikroTik world, "stable" does not mean stability in performance, but stability in updating.
"testing" is the version where new things are tried out and regular new versions appear, "stable" is the version which is not updated so often and where usually no major new features will be added within the sub-versions.
It does not mean the system will be stable. Especially not when the testing version has just been promoted to stable: that is the moment when suddenly a much wider audience is going to test the new version and a lot of bugs appear that were missed during the testing phase.

When you need a stable system (as opposed to a stable version), wait until a couple of updates have appeared in the new stable channel, e.g. 6.xx.2 or 6.xx.3
That is when the new bugs discovered and reported by a wide audience have been fixed.

Until then it is better to remain at a long-term version or just take the last version in the previous stable channel (6.47.8 in this case).

This "hickup" every time a new stable release appears is annoying, but you can work around it.
The problem is with this 'Mikrotik world'. Normal people live in the normal world en not some parallel universe in which the word stable had a different explanation.
When Mikrotik annouces a new Stable version people just want it to be eat least a little bit stable.
Also when purchasing a device with wifi we expect it to be able to do the stuff all other vendors support for years now.
It is my opinion that Mikrotik makes same great devices but the software makes many of those devices crippled, and progress on V7 is not showing much urgency to address these things.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 22, 2021 12:21 pm

The problem is with this 'Mikrotik world'. Normal people live in the normal world en not some parallel universe in which the word stable had a different explanation.
When Mikrotik annouces a new Stable version people just want it to be eat least a little bit stable.
This misunderstanding is quite common in the free software world as well. Just like with the word "free". There are different meanings.
The choice of names is a little unfortunate. It would be better to call long-term "stable", stable "testing" or "bleeding edge" and testing "beta".
Also when purchasing a device with wifi we expect it to be able to do the stuff all other vendors support for years now.
That is a completely different topic. I would expect Windows to be able to do all the stuff that Linux can do for years now.
You just cannot compare different vendors. Each vendor is in it for a different goal.
I agree that MikroTik is not a real choice for the usual indoor WiFi AP.
It is my opinion that Mikrotik makes same great devices but the software makes many of those devices crippled, and progress on V7 is not showing much urgency to address these things.
I certainly am worried about the long delay of v7 and the slow progress now that there are betas.
But I am not the one managing such a company that has to make money to pay all the employees from manufacturing lowcost devices.
Maybe they make $10 on every lowcost device they sell, but that does not bring you much towards a software developer's salary.
I have no idea how many developers they have working on RouterOS (vs people that work on hardware, manufacturing, sales, support, management, etc) but I am happy that I am not the one who would have to decide on that.
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 22, 2021 6:14 pm

pe1chl
You are very inattentively reading what they write to you (or deliberately divert the conversation in the other direction).
The system is characterized not by the error, but by the reaction to it.
1) a good company would remove the buggy firmware from Downloads ASAP (to minimize problems for users).
2) a good company would release a fix ASAP, not a MONTH later.

Mikrotik is not good company because they don't care about user problems.
 
nostromog
Member Candidate
Member Candidate
Posts: 226
Joined: Wed Jul 18, 2018 3:39 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Fri Jan 22, 2021 7:06 pm

I love primarily two things of Mikrotik:

One, that they support a very wide range of architectures, chipsets, devices and functions with the same OS and configuration/scripting language.

Two, that they keep supporting even 10 year old products with the last version, which means that products are not obsoleted. Probably v7 will force them to obsolete low memory and perhaps slop CPU products.

Both at a very competitive price and with good manufacturing quality. One means that one can program/configure for one device and use the experience in other ones; Two means that the investment in learning to use it is long lived. With other not-so-expensive products all the configuration commands, scripts... are throw away knowledge.

I understand that having a stable codebase is difficult when a product is not open source and can only be tested when released to a public channel. Testing seems to be not so much tested now that all the action is in the 7 betas, which is kind-of a second testing channel. Mikrotik could confirm it with download numbers and I could count feedback/complain posts in both releases posts if I was not so lazy. :) So I guess people wanting to jump into a stable version should probably refrain a bit from installing the "stable" version, at least until the release post accumulates enough feedback or else the XX.1 ... gets released.

I guess stability will improve when 7 gets released and 6 goes into some sort of legacy mode.
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 690
Joined: Fri Jun 21, 2019 12:04 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Wed Apr 21, 2021 11:45 am

Two, that they keep supporting even 10 year old products with the last version
Shame UBNT doesn't do the same - installed three UniFi access points about four years ago and now end of line :-(
 
TomosRider
Member Candidate
Member Candidate
Posts: 209
Joined: Thu Nov 20, 2014 1:51 pm

Re: Mikrotik or NOT!!! Industry standarts say no!! Why?

Mon Sep 20, 2021 5:27 pm

Here are my two cents, sorry if i revive an old discussion.
I have Mikrotik all across my company.
Wireless solutions, critical services, hotspot solutions, you name it.
We use a wide range of MT products, from Dyna Dishes for our links to 1100AH series of routers.
I just love these pieces of technology. I love that "normal" users are affraid of them, mainly because they dont know how to utilize everything Mtik has to offer.
If you dont know what are you doing, sure it can be hell. We had cases of hijacking, but it was our fault we did not followed best practices and secured our equipment better.
After ROS updates, firewall tweaks and lessons learned, i can say that Mtik is valueable as any industrial equipment out there. Fight me. :)

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], Josephny and 44 guests