"Indystry standarts" -In this case i mean the mainstream high end devices!What's a standart?
Yes i mean industry standarts!First start with the requirements. What does the SLA look like? Who is going to maintain the solution? Installation? Budget?
Choosing hardware is like one of the latest steps do perform.
I assume you are referring to industry standards!?
I don't know why you think that, maybe you had bad experience with a specific company that is very stuck in the past.why so many IT companies are not even advising to think about MK
I don't think he is the one stuck in the past, rather the "IT companies" (more like Cisco resellers), which prefer to charge 10.000€ for a Cisco that does 1/10 of what a MikroTIk will do at 1/10 the price.Don't get stuck in the past
For any government bureaucracy and especially in the IT world the number one concern is Timely SUPPORT...price...and...Timely SUPPORT.Companies who want take part of it - all say: Mikrotik is not an option - need to go with poducts form HP ARUBA, Ruckus, FortiNet, PaloAlto, CISCO, JUNIPER - these are INDUSTRY STANDARTS!
I ask why - Mikrotik is no safe, not stable, hardware is no qualitative, updates are bugy... so on!
One argument i agree - mikrotik dont have DPI what is nice on gateway.....
I don't, my partner companies think that! As i mentioned i LOVE MT and previously work only with your products since 2007... (but in small scale up to ~80devices and maybe the security level was not my first priority), but now i accepted to run one city council IT department (In Latvia ~20k inhabitants) and our partners are very skeptic... that why i need some other opinion to fight back.... i need provide some arguments for that...I don't know why you think that, maybe you had bad experience with a specific company that is very stuck in the past.why so many IT companies are not even advising to think about MK
Just think about the fact, that MikroTik is one of the largest companies in Latvia and is exporting the high end models to nearly all countries in the world. Even Google offices use MikroTik CCR devices for their office networks. Even SpaceX uses MikroTik devices.
Don't get stuck in the past
This is probably 95% of the issue. I have government clients who purchase high end gear, then pay 25-50% of the purchase price for 24x7x4 hour on site support contracts. I point out that they could have plenty of spares on hand and fully stock a lab environment to boot, and they will be able to fix any failed gear or correct any issues faster than <big name> support will most of the time. However, government tends to be a big ship that turns very slowly. And you actually have to have the expertise either on staff or nearby to be able to resolve any issues in the same time-frame as the <big name> companies.For any government bureaucracy and especially in the IT world the number one concern is Timely SUPPORT...price...and...Timely SUPPORT.
From a Features/Capability and SUPPORT Perspective === MikroTik cannot compete in the league of HP ARUBA, Ruckus, FortiNet, PaloAlto, CISCO, JUNIPER or Ubquiti [wireless] ... MikroTik can compete on certain functionality and PRICE but NOT on SUPPORT.
Agreed, and I don't think a router should be expected to incorporate this functionality. I think it ends up asking 1 device to do too much, and complicates administration and management. I perfer standalone devices for packet-inspection functionality where required.On the other hand you have sometimes hard limits in functionality. You simply can't control in Mtik, who is allowed to post in F*book and who shall only read. Or at least not out of the box. That continues with many protocols of industrial control systems. Just to give some examples. That application layer is not yet covered in filtering capabilities. If it goes beyond Protocol&Port, dest/orig, state then it becomes very shallow.
Even running a filter proxy for malware domains costs a fortune in CPU cycles. Memory limits can easily be reached. Try the attached file as an example but make sure you know how to handle the filters first!
I think, that Mikrotik is overly complicated in a lot of things.
For example Layer-2 configuration:
- subinterfaces plus bridges
- vlan filtering within the bridge
- vlan-handling on the switch itself
This is very annoying. No other vender forces you to learn three ways to do simple VLAN stuff.
This is an unfair comparison. The CCR is a fix-chassis toy compared to the ASR1006-X which was (waaaaaaaaaay)³ too powerful for such simple requirements stated...so whoever "spec'ed" this setup overdid it...A LOT. You can blast 10 interfaces with 10Gbits/sec each concurrently and it will still work ;-)I was the Network Architect in charge of designing the company's new flagship Data Center in New York. Originally, the DC was supposed to use 4 Cisco ASR1006-X routers (2 for IP Transit and 2 for aggregation of MPLS L3VPN circuits - I think it was approximately $200,000 USD worth of gear ), we found out that Cisco was delayed on their shipping timelines by 8 weeks and would not have routers for the data center.
Because they had been using MikroTik in non-critical roles, I suggested that we use (4) CCR1036-8G-2S+ since they met the following requirements:
- 1 Gbps of throughput per router for IP Transit
- 1 Gbps of throughput per router for MPLS L3VPN circuits from Verizon
- BGP and BGP Communities
- OSPF
- QoS with DSCP for corp voice and video
The company resisted, but since Cisco had no solution and we could not bring the DC online in time, they agreed to have 4 x CCR1036 shipped to the DC in Manhattan so I could install them and bring the DC online.The company expected to have these online only for a few weeks until the Cisco equipment came in. We brought everything online successfully.
As is often the case in big companies they moved onto other things since the DC was working well. About a year later, someone asked if we even needed $200K worth of Cisco routers since the MikroTik routers had been running the DC successfully for a year.
Here is a list of what that DC was used for:
1) Corp HQ connectivity to the Internet for about 4000 employees across NYC
2) Exchange connectivity for roughly 30k employees in North America
3) Application connectivity for over 1000 branch locations in North America
4) Main DCI connection point to DCs in Europe
And that all ran on $5000 USD worth of routers :)
This DC ran on CCRs for a total of 2 years until they realized Cisco wouldn't refund their money and they were forced to use the ASR1006-X routers.
Okay, then I wasn't clear enough: no other vendor forces you to learn three different configuration styles per device.[...][...]
This is very annoying. No other vender forces you to learn three ways to do simple VLAN stuff.
MikroTik does not - it's not *wrong*, it's just not they way they do it. Once you realize this, you can design and use it accordingly.
I can second that.The reason that Cisco is the standard is because their product support is OUTSTANDING .....
The C6500 platform was the most successful switch/platform product on this planet ever! (> 20 billion $ sales)Also I am quite astonished how long that oldish Cisco gear lasts. Just think of the venerable C3750 or C6500 series.The reason that Cisco is the standard is because their product support is OUTSTANDING .....
This is an unfair comparison. The CCR is a fix-chassis toy compared to the ASR1006-X which was (waaaaaaaaaay)³ too powerful for such simple requirements stated...so whoever "spec'ed" this setup overdid it...A LOT. You can blast 10 interfaces with 10Gbits/sec each concurrently and it will still work ;-)
I would had done all of this with a entry model ASR 1001-X ... and even that model would have lots of CPU cycles doing nothing ;-)
Getting an unsupported C6509 filled with 8x48 Gigports, one Supervisor, and redundant PSUs doesn't cost more than 2000 Euros.The C6500 platform was the most successful switch/platform product on this planet ever! (> 20 billion $ sales)
A real giant back in the dark old days ;-)
If MikroTik officially kept close business relationship with integrators like yours in providing a responsive support for paying business customers, that would finally begin to look like Cisco's way of conducting business.Since we run the largest MikroTik consulting firm in the world, I have some thoughts on this :)
I disagree with this point. Cisco and all the rest have open telnet, SSH, and other services by default most of the time. They just don't have an IP address assigned yet, so out of the box you have to connect a console cable. Otherwise, management access is restricted during configuration, just like Mikrotik.I would also like to add one reason why MikroTik is rarely seen in enterprises: security audits. You simply can not ship network device with 20 different services, many of which are proprietary, active by default (winbox, ssh, telnet, ftp, www, api, mac telnet/winbox/ping server, etc) and expect it to be adopted as an industry standard in any way. No company wants to spend time assessing what kind of impact those service unknown by the industry have on the platform itself and security of the whole ecosystem.
Yup - it's the age-old "You never get fired for recommending Cisco/IBM/SAP" etc. Although familiarity and support of the equipment is an important requirement as salary costs are usually way higher than hardware over a longer period. I've had to invest a lot of my own personal time learning RouterOS (and I've got a long way to go) because I think it's worth the effort in that I can pass on the savings to my client.To me, it's just ignorance and many times arrogance.
honestly: I like Mikrotik products for their versatility and flexibility. But for large scale and support I need other solutions.
I question your arguments :-)Agreed, and I don't think a router should be expected to incorporate this functionality. I think it ends up asking 1 device to do too much, and complicates administration and management. I perfer standalone devices for packet-inspection functionality where required.
Most models have default firewall, depends on the device.>winbox, ssh, telnet, ftp, www, api, mac telnet/winbox/ping server, etc
Is there an article on hardening a Mikrotik router? I thought that is was pretty hardened by default from the WAN side?
Thanks - ticket raised to read and digest later.
But then is about the companies business case. They make profit from selling Cisco and they keep their internal capability/knowledge footprint limited to Cisco. A valid point.They insisted on Cisco equipment or would not do the job. I compared prices and it was ~x3 more for the Cisco. But my customer isn't short of cash so I let it go. But it does irk the Yorkshire man in me that money was spent that could have been saved.
I don't disagree but it doesn't make it "right" in the scheme of things :-) Technology history is littered with tales of upstarts beating the big boys. The reason is the later have a natural tendency to become complacent and resistant/unable to change. Blackberry and Nokia all but killed by Apple. IBM was once the biggest company in the world etc.They make profit from selling Cisco and they keep their internal capability/knowledge footprint limited to Cisco. A valid point.
Yeah, lets talk about Mikrotik and IPv6 or wireless or... ;)Don't get stuck in the past
Indeed, in current times phishing, which often takes advantage of an OS vuln as a second step, is a more common vector.>The organizations that don't do this are the ones that you read about every day where the entire network infrastructure is encrypted for a ransom.
Isn't that usually by an exploit in the OS and/or users unwittingly installing the ransomware software? Not a compromised network?
I generally agree with your examples. Sorry I wasn't clear. In that post, I was talking about the full packet-capture and inspection functionality that Cisco tries to incorporate in their Firepower products. I've never used it, but my impression from reading other commentary is that they aren't good devices. I have a Palo Alto FW that I manage that I am a big fan of. They work very well. That level of traffic management simply can't efficiently be done in a traditional router IMHO.I question your arguments :-)Agreed, and I don't think a router should be expected to incorporate this functionality. I think it ends up asking 1 device to do too much, and complicates administration and management. I perfer standalone devices for packet-inspection functionality where required.
1) Mtik is far more than a router. You really want to tell you want separate devices for DNS, DHCP, Filtering, Mangling, NTP, Proxy, VPN etc. ??
2) Adminstering dedicated devices as saud above is NOT more complicated than having it in one place???
3) Did you think about what that means for the number of ports in your network?
4) Did you think about power consumption?
5) Did you think of investments?
6) Did you think of technology spread and competence?
Honestly, I would argue rather the opposite. And in practice I try to use as much from my RB as it can serve. Because it simply performs great given the hardware!
5. Yes. The client has to decide how much they want to invest in their security posture. It is ultimately up to them. My job is to advise them of their options, risks, etc, so they can make informed decisions.
I completely agree. Many orgs think breaches aren't expensive, and if they can keep it quiet, they usually aren't very expensive.5. Yes. The client has to decide how much they want to invest in their security posture. It is ultimately up to them. My job is to advise them of their options, risks, etc, so they can make informed decisions.
I've been involved in the security planning and execution for a number of large companies as well as mitigation of breaches that later became public for a few of them
And here is the sad reality...for medium & large enterprises, it's cheaper to deal with a breach than spend the money needed to secure the org. Companies know this and spend accordingly
I don't disagree with your points on securing and auditing services that are vectors of attack, but I found plenty of issues with Cisco / Juniper gear in the breaches i've been involved with. Which had more to do with outdated versions of network operating systems and outdated applications that support networking like AAA / Identity Management / Wireless Controllers / Etc
The number of proprietary extensions to standards based protocols in Cisco and Juniper is staggering, so it's only fair to paint them with the same brush
It's not that black and white as you say. The companies business structure and process make a big difference.I've been involved in the security planning and execution for a number of large companies as well as mitigation of breaches that later became public for a few of them
And here is the sad reality...for medium & large enterprises, it's cheaper to deal with a breach than spend the money needed to secure the org. Companies know this and spend accordingly
As an example I was directly involved in 2019 biggest ransom attack
Don't they understand CPU cycles or what?
That explains why world governments are so horrible with techno-politics.Don't they understand CPU cycles or what?
Generally, no - people don't tend to realise that network devices are computers with a CPU, RAM, storage and IO with inherent resource constraints. I fell slightly into this camp until I started learning RouterOS in more detail and started to realise how it all works together.
IPAsupport, excellent perspectives.Most people use MikroTik because
1) It's versatile and reliable
.........
3) The price point is *so* much better than Cisco, Juniper, etc
If MikroTik incorporated all of the suggestions to make them more like Cisco and Juniper, the price would go up and we'd lose everything that makes everyone want MikroTik in the first place.
And even beyond, "SDN" (Software Defined Networking) is there. On the Cisco 9000 Catalyst "switches" series (x86 CPU) there is concept of app-hosting where it can run (docker) containers with you own apps. There are some interesting use-cases to (pre)process certain traffic-flows straight on the switching chassis. (without sacrificing any performance) or have some IPS/IDS probes deployed there.That explains why world governments are so horrible with techno-politics.Generally, no - people don't tend to realise that network devices are computers with a CPU, RAM, storage and IO with inherent resource constraints. I fell slightly into this camp until I started learning RouterOS in more detail and started to realise how it all works together.Don't they understand CPU cycles or what?
A router vendor in my local area once said a router does not have RAM. And he calls himself a network expert. What a sad world we live in.
x86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etcAnd even beyond, "SDN" (Software Defined Networking) is there. On the Cisco 9000 Catalyst "switches" series (x86 CPU) there is concept of app-hosting where it can run (docker) containers with you own apps. There are some interesting use-cases to (pre)process certain traffic-flows straight on the switching chassis. (without sacrificing any performance) or have some IPS/IDS probes deployed there.That explains why world governments are so horrible with techno-politics.Generally, no - people don't tend to realise that network devices are computers with a CPU, RAM, storage and IO with inherent resource constraints. I fell slightly into this camp until I started learning RouterOS in more detail and started to realise how it all works together.Don't they understand CPU cycles or what?
A router vendor in my local area once said a router does not have RAM. And he calls himself a network expert. What a sad world we live in.
Although that gap is closing rapidly... Apple wouldn't drop Intel for ARM if they weren't sure their own bespoke chips could compete.x86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etc
Intel® x86 CPU complex with 8-GB (DDR4 2400 MT/s) memory, and 16 GB of flash and external USB 3.0 SSD pluggable storage slot to host containersx86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etcDon't they understand CPU cycles or what?
Should jolly well hope so for £3,500!! Do Mikrotik do a 48 port switch? I can find MikroTik CRS328-24P so would need two for £750. Serious question, what extra does the Cisco Catalyst 9300 bring to the table?So yes ... they pack a lot of performance.
stacking, stack-power, SDN (Simplified device deployment//Unified management of wired and wireless networks//Network virtualization and segmentation//Group-based policies//Context-based analytics) POE+ and 60Watt UPOE (Cisco Universal Power over Ethernet)Should jolly well hope so for £3,500!! Do Mikrotik do a 48 port switch? I can find MikroTik CRS328-24P so would need two for £750. Serious question, what extra does the Cisco Catalyst 9300 bring to the table?So yes ... they pack a lot of performance.
Should jolly well hope so for £3,500!! Do Mikrotik do a 48 port switch? I can find MikroTik CRS328-24P so would need two for £750. Serious question, what extra does the Cisco Catalyst 9300 bring to the table?So yes ... they pack a lot of performance.
True that I consider Cisco today more really as a software company, where 5-10 years ago "hardware" was more the focus with monolithic software designs.
Agree on the licensing too, you almost need a phd to understand that (same with Microsoft etc) and pricing.
Like you say, sooo much equipment out there to "fit" the needs of customer / project. What a joy there is so much to choose from.
We (well, our customers) use PoE+ mainly for powering Wireless AP'sAside - anyone else think that massive PoE switches are on the danger list with the use of physical handsets being on the wane? My largest client moved office just before the pandemic and I finally got them to dump the handsets. They've gone pure Teams telephony with USB headsets and/or using their mobile. So the PoE requirement was just six PoE access points in an office of 80.
https://www.statista.com/statistics/271 ... ince-2006/It's true that many companies still want the "fuzzy warm blanket" of 24/7/365 support whenever it is needed, but we are starting to see that attitude change as budgets get smaller due to the global pandemic.
Hmm, I'm not so sure although one plus (ha!) of the pandemic is that desk phones have rarely followed people home and their business has continued to communicate. I got a gold star for recommending my client got rid of them - lucky timing..."phones on the desk" are gone already for some time now.
https://www.globenewswire.com/news-rele ... table.html>In the first quarter of 2020, Cisco had a share of 52 percent of the global market Ethernet switch market,
I know that switches can have all sorts of features what with all the layers, VLANs etc. But don't the majority of then end up just switching packets as fast as possible around the LAN? Now routers and firewalls - they are very different beasts.
So technically they are x64 CPUs.Intel® x86 CPU complex with 8-GB (DDR4 2400 MT/s) memory, and 16 GB of flash and external USB 3.0 SSD pluggable storage slot to host containersx86 (I think they are possibly x64?) enough said. That's high-horsepower. You could do a bunch of things that's not possible on arm, arm64, MIPS etc
Sure these are 64-bit CPU's, New 1.8-GHz x86 quad-core CPU for the CAT9300 , the CAT9400 has 4-core 2.4Ghz
So yes ... they pack a lot of performance.
It depends what you need. Which products would you like to buy?Does MK have so many problems when used in big scale? Your experience?
Juniper îs The King of routers. Can not compare mikrotik with Juniper.I use mikrotik for my bras. Over the last few months, I started moving the gateways to juniper mx 204. Because of static addresses, it could take 20 plus seconds for the routes to come up in the mikrotk with a full route. The juniper only took a few seconds to update from the bras.
The Juniper MX204 (part of the 5G Universal Routing Platform series) has some bad-ass ASIC architecture handling A LOT of aspects within these ASIC's and because of this obviously enabling blazing speeds of 400Gbit/sec in a 1U chassis !! (support 40/100GigEthernet interfaces)Juniper îs The King of routers. Can not compare mikrotik with Juniper.I use mikrotik for my bras. Over the last few months, I started moving the gateways to juniper mx 204. Because of static addresses, it could take 20 plus seconds for the routes to come up in the mikrotk with a full route. The juniper only took a few seconds to update from the bras.
Also, juniper price îs very high.
The Juniper MX204 (part of the 5G Universal Routing Platform series) has some bad-ass ASIC architecture handling A LOT of aspects within these ASIC's and because of this obviously enabling blazing speeds of 400Gbit/sec in a 1U chassis !! (support 40/100GigEthernet interfaces)Juniper îs The King of routers. Can not compare mikrotik with Juniper.I use mikrotik for my bras. Over the last few months, I started moving the gateways to juniper mx 204. Because of static addresses, it could take 20 plus seconds for the routes to come up in the mikrotk with a full route. The juniper only took a few seconds to update from the bras.
Also, juniper price îs very high.
We saw the exact same trend during the GFC when I was based in New Zealand, which is why I switched my focus from Juniper to Mikrotik during this period. Once the economy recovered and money was flowing more freely, I started using Juniper/Cisco routers again where it was beneficial to do so e.g. stable MPLS ;)They certainly are trying hard to become a software and services company and they recently discussed the idea of buying core network hardware "as a service" in response to the stock falling. I think many customers are tired of the "As a Service model" mainly due to public cloud. "XaaS" creates large OPEX budgets at a time when companies are trying to lower OPEX.
This is why I see a huge value in MikroTik and have been a fan for almost a decade....in the example I gave, the company was prepared to spend $200K CAPEX and the same workload was handled by $5K. Spend part of the difference on training or outside help and the company will still save significant amounts of money while providing the same level of service.
It's true that many companies still want the "fuzzy warm blanket" of 24/7/365 support whenever it is needed, but we are starting to see that attitude change as budgets get smaller due to the global pandemic.
Okay, then I wasn't clear enough: no other vendor forces you to learn three different configuration styles per device.[...][...]
This is very annoying. No other vender forces you to learn three ways to do simple VLAN stuff.
MikroTik does not - it's not *wrong*, it's just not they way they do it. Once you realize this, you can design and use it accordingly.
I am well aware of IOS-XR and IOS Layer-2 configuration styles, since I use them daily.
You either got briding-configuration with subinterfaces in IOS-XR
or port-VLAN-configuration in IOS.
For sure there is a third style: Port-membership-configuration per VLAN like in Brocade FastIron oder ICX devices.
But again: these vendors do not force you to learn three different configuration styles per device
Yeah, dude forget about bugs and performance issues. RouterOS does not even have NPTv6 among a bunch of other core networking features.Mikrotik cannot be used in enterprise. Its only for home with low-speed wan.
Its too bugged and have very poor support.
For example - see CCR\GRE\IPSEC saga:
viewtopic.php?t=84465
viewtopic.php?t=87892
viewtopic.php?t=88432
viewtopic.php?t=88991
viewtopic.php?t=93466
viewtopic.php?t=94625
viewtopic.php?t=95118
viewtopic.php?t=97164
viewtopic.php?t=102564
viewtopic.php?t=109068
viewtopic.php?t=112545
viewtopic.php?t=113437
viewtopic.php?t=115696
viewtopic.php?t=119051
viewtopic.php?t=140855
viewtopic.php?t=146665
viewtopic.php?t=161313
And problems still exist.
I have an open request for technical support, but they still haven't found a solution to the problem.
Some equipment is specific in nature such as the Barracuda equipment which is primarily known (in my day) for handling the email side of things.Mikrotik is nice and very good but it's missing it's own Central and Remote Management Solution like the bigger Companies like Cisco, HP, Ubiquity and even Barracuda have.
Configuration of these devices is done Remotely from this Central Management Platform.
This is a point they really have to tackle before they're devices will be massively used in very large environments.
They're still missing Stacked Switches like Dell has (there you can have up to 8 switches stacked into 1 big switch).
But there new products are getting more performant and piece by piece they're working on it to fill the GAP between the bigger Ones.
There is for certainly many millions of dollars put in to R&D there.
I am sorry but I find your dissing of the people who upgraded (myself included) appalling and I believe it misdirects the blame to the user instead of the company.I'm sure that every admin out there that respects his job went ahead and quickly updated all his production routers and switches just before new year not even a day after the build was released.
That admin that did such a thing is not "industry standart (whatever a standart is)".
Also the stable releases that go through a version bump from 6.xx to 6.yy (switching from the test channel) are known to have a few uncaught bugs before release, more reasons to not update right away when such a version change occurs.
Also there is always the downgrade option.
Cheers.
You really should try to move away from PPPoE. It's a real performance hog. Running a DNS resolver can be done on any Linux-box, or just use some public ones.When we hit a brick wall in terms of performance (DNS resolver, PPPoE server, etc.)
....
We are testing splitting BRAS / NAT functionality across two CCRs (suggested by other community members), but that instantly doubles our cost base, in a market where $15/mo for a 5Mbps service is luxury.
The company I work for also has millions of PPPoE users/customers too ;-)Sooooo move away from PPPoE to what exactly? We are talking 15.000 CPEs, I’m open to suggestions.
Movistar, my home fibre ISP, with millions of customers, runs PPPoE...
Sooooo move away from PPPoE to what exactly? We are talking 15.000 CPEs, I’m open to suggestions.
Movistar, my home fibre ISP, with millions of customers, runs PPPoE...
The company I work for also has millions of PPPoE users/customers too ;-)
But we are running several "areas" & "sub-areas" in the country each with our gear to terminate PPPoE sessions (Nokia).
Looking at the stats, I would say they handle up to about 7k subscribers max but some lower density sub-area's (smaller towns) perhaps only have 1500 or 2000 users on it.
If neither of those are concerns, i'd look at moving to DHCP + Option 82 + RADIUS for IPv4 and DHCPv6-PD for IPv6. Then utilize a QoE system for intelligent shaping
PPPoE for sure is going to stay where I work. With the scale-out we do across the country I don't think there is any concern on "performance"We also divide our network up, we have some 15 network areas now. Simply saying "move away from PPPoE" does not help, specially while also saying "my company has millions of PPPoE customers". My complaint is we don't have clear specs as to how many sessions will be supported by a given hardware scenario.
Thanks for this suggestion, our issue is we need traffic accounting in some cases, and we need to know what our users are consuming for tight dimensioning of our quite expensive upstream supply (we operate in Africa).
They shouldn't leave the market but they sure do have a lot of work left in making things a bit more stable and predictable.a MONTH(!!!) has passed since the bugged version 6.48 appeared! this version remains presented on the download page!
there are still no fixes!
in my opinion this is an EPIC FAIL!
such a company should leave the market.
The problem is with this 'Mikrotik world'. Normal people live in the normal world en not some parallel universe in which the word stable had a different explanation.As I already wrote above: in general it is best to not update to a 6.xx version released to stable.
In the MikroTik world, "stable" does not mean stability in performance, but stability in updating.
"testing" is the version where new things are tried out and regular new versions appear, "stable" is the version which is not updated so often and where usually no major new features will be added within the sub-versions.
It does not mean the system will be stable. Especially not when the testing version has just been promoted to stable: that is the moment when suddenly a much wider audience is going to test the new version and a lot of bugs appear that were missed during the testing phase.
When you need a stable system (as opposed to a stable version), wait until a couple of updates have appeared in the new stable channel, e.g. 6.xx.2 or 6.xx.3
That is when the new bugs discovered and reported by a wide audience have been fixed.
Until then it is better to remain at a long-term version or just take the last version in the previous stable channel (6.47.8 in this case).
This "hickup" every time a new stable release appears is annoying, but you can work around it.
This misunderstanding is quite common in the free software world as well. Just like with the word "free". There are different meanings.The problem is with this 'Mikrotik world'. Normal people live in the normal world en not some parallel universe in which the word stable had a different explanation.
When Mikrotik annouces a new Stable version people just want it to be eat least a little bit stable.
That is a completely different topic. I would expect Windows to be able to do all the stuff that Linux can do for years now.Also when purchasing a device with wifi we expect it to be able to do the stuff all other vendors support for years now.
I certainly am worried about the long delay of v7 and the slow progress now that there are betas.It is my opinion that Mikrotik makes same great devices but the software makes many of those devices crippled, and progress on V7 is not showing much urgency to address these things.
Shame UBNT doesn't do the same - installed three UniFi access points about four years ago and now end of line :-(Two, that they keep supporting even 10 year old products with the last version