* RHEL/Fedora/openSUSE is the distros I use
In principle, you could set up a Linux box in place of the hAP ac³: a 1U server with a 4-port network card and a USB wireless dongle would run circles around it. The thing is, it'd pull something on the order of 100W of continuous power to do that, meaning the hAP will literally pay for itself inside a year in power costs alone.
A second factor is management: if you have the skills to issue firewalld commands and set up dnsmasq and everything else available on a RHEL box to replace the hAP features point-by-point, you get a much more powerful general-purpose device that can do anything. The hAP is a much more limited device in terms of CPU power, available RAM, software features, and so on.
Yet, if the hAP does everything you want while pulling less power and taking less space, there is no rational choice between Linux and RouterOS. Only if you need something outside
the wide scope of RouterOS does it make sense to speak on the topic. One that came up recently was a mail server: RouterOS doesn't do that, so if mail service absolutely positively has to happen on the same box, RouterOS isn't for you.
I say all this because if you choose the relative simplicity of RouterOS over the general purpose do-anything Linux option, your Linux skills largely go out the window. It's not that there aren't points of commonality, but that they're far enough apart that it's effectively a whole new world. Both OSes use the same kernel, but you're not going to get a naked Bash shell on the RouterOS box. This has many consequences. Just off the top of my head:
- There's a CLI on the RouterOS box, but no "vi" and no piles of /etc files to edit.
- Though both OS's firewalls are based on netfilter and thus have certain necessary points of commonality, RouterOS firewall commands don't match Red Hat style firewalld commands
- RouterOS provides a DHCP server, and a DNS server, and a bunch more, but they aren't dnsmasq and BIND, so you're likely to run into expectation mismatches from time to time
- There's an SSH server on RouterOS, but it isn't OpenSSHD, and there isn't a POSIX shell behind it, so a bunch of the trickier things you can do with SSH can't be done directly on RouterOS, like tar piped thru the SSH tunnel to back up a config subdirectory.
* The 10G network will replace the existing 1G network, so, it will not be for storage but general purpose.
I'd recommend against messing with jumbo packets and such, then. Get the thing running and stable before playing nonstandard optimization games. Chances are, your devices have more latency in their software, OS, and I/O than can yield any consistent benefit under anything less than an artificial benchmark anyway. It doesn't matter if you can peg the SFP+ limits with iperf3 if what you're actually doing is running a piggy modern web browser to download files off the Internet.
I cannot use one WiFi AP, due to coverage.
Then I'd put in a third-party mesh system and stop trying to play mix-and-match games with dual (dueling!) APs.
Yes, a good mesh system costs more than a cheap hAP router. There's a reason for that.
I have to change the Zyxel because it's performance (wired & wifi) is awful.
Putting it into bridge mode as you plan should fix that. It should then be able to shuttle data at wire speed, being a mere media converter between vDSL and Ethernet. If it's still underperforming in bridge mode, either:
- its broken, possibly by design;
- it's mismatched to the line's capabilities, though that's unlikely if it's ISP-provided CPE
- the vDSL line or the ISP beyond it is the true bottleneck, and no amount of futzing about with CPE will fix that
I don't see the need to create VLANs for the LAN network
Nor do I. For home use, I find that an isolated guest WiFi network gives me all the security I want with respect to IoT threats and such.
But to get it, you either need a cooperating wireless mesh or a VLAN backbone, else you're trying to push insecure traffic over the secure network, with all the risks that attach thereto.
Even the standard WiFi can be on the same VLAN.
You trust the TV's spyware on your LAN?
Me, I want it to go out to the Internet and nothing else. If I were more paranoid, I'd even control specifically
which services each individual IoT device could use on the Internet.
Always remember: the "S" in IoT stands for "security."
The RB5009 is an amazing device, but it costs as much as the hap and the CRS305-1G-4S+IN together!
I'm not sure where that recommendation is coming from, when you speak of vDSL. It's been an awful long time since I've done anything with DSL, but i'm seeing "up to 52 Mbit/sec".
A hAP ac³ can manage that, even with full routing, queues, firewalling, and small packets in play.
Now, if you were planning on replacing that Internet link with something more robust, then yes, we can definitely talk you into a gruntier router with perfect justification.
in order to improve the WiFi performance I need a MIMO/Dual chain device. Is that correct?
Radio is an incredibly complex topic. There's an awful lot that goes into a "good" WiFi system than just that one bullet point. This is one of many reasons I'm recommending that you get your WiFi from a specialist provider, not try to bundle it. MikroTik's fallen behind, and it's my opinion that this isn't out of some personal failing on the part of the EEs over in Latvia but because the state of the art has progressed far past the COTS stage.
Once upon a time, everyone bought WiFi chips and radios and antennas off the shelf and integrated them, leading to weak-tea appliances like your Zyxel. In the past 5 or so years, though, there have been a few vendors that have gone after this area
hard in an attempt to work around the many problems of running gigabits over a shared medium. If you know what you're talking about, it becomes clear that we shouldn't be speculating about what's gone wrong at MikroTik but what kind of Satanic rite the top-tier providers went through to get their stuff to work as well as it does.