Almost everyone I know that's ever used JunOS from a command line for 'serious' ISP things finds RouterOS painful and cumbersome.
The way things are laid out in a hierarchy in a full system "/export" from a Mikrotik is so weird and annoying compared to a hierarchical junos configuration from a "show configuration" on a juniper router.
If people want to make a real router of an x86-64 system rather than putting a mikrotik pci-e card into it (wtf, why?) I'd recommend they go with vyatta or VyOS instead, or install something like a barebones centos or debian and then add FRR to it.
As a network engineer who’s worked on Cisco, Juniper, Foundry, Brocade, Extreme, HP, Dell, and even Netgear, let me assure you that while the urban legend is that “JunOS is IOS done right”, the reality is that they’re all terrible in their own ways.
JunOS is generally better than IOS(-XR), but it’s still got its sharp edges. VyOS / Vyatta are poor enough clones that they will bite and seriously suck to anyone who’s actually got real JunOS experience.
Let’s be real. The goal in improving network configuration standards is to suck less. That’s it. Everything in networks sucks. Anyone who tells you otherwise either lacks experience in general, lacks experience suffering at the bleeding edge, or lacks my cynicism and genuinely sees the world as a better place than I do (I envy them for any of the above)
I don't disagree with any of this - have been using JunOS since the M40 was the absolute apex of service provider core router technology. Lots and lots of weird bugs in various versions of IOS and JunOS on all their platorms.
Big difference between what you might get spending $15,000 for a Juniper MX204 running JunOS and a Mikrotik $800 router. I mentally categorize Mikrotik RouterOS and similar ultra low cost things in the same tier as VyOS. It's cheap but there are tradeoffs to going cheap. One has to understand the risks and tradeoffs of running a lot of your traffic or important things through cheap routers. Sometimes it's a risk worth taking.
Foundry, as we've seen, was a straight knockoff of the IOS 12.2/12.4 CLI and interface. Used plenty of Foundry switches in a previous role.
Everything does suck. Some things suck less. Sometimes you can pay money to get things that suck less.
I have worked for a medium size ISP and we had Juniper, Cisco and lot of Mikrotiks.
For me the big lack in Mikrotik, compared to the bigger vendor, is the lack of real support. No TAC services, no SLA, etc. The only way to get support is via email, but you have to wait days for a response. And also the system is not stable like the one from big vendors.
Anyway, the performances of Mikrotik are impressive for the cost.
and TAC/support is half the reason you buy from the known vendors in the first place. (the other being well rounded and actual trustworthy performance numbers when using more niche network technologies, especially in regards to encapsulation).
for a comparison, I once had an issue where both routers in a redundant setup failed within half an hour of each other. (was a pure coincidence, the setup was redundant).
then, the sparefallback unit would not boot, and jtac send us a replacement within 3 HOURS...
100% agree.
At a moment we decided to buy 6/8 CCR instead to buy a couple of Juniper and keep the unused one as passive hot spare, just because it was cheap and sometimes the CCR failed.
Another point is the feature development: BGP implementation, in Mikrotik was single core only and this was a bottleneck especially when you want to calculate the full routing table. Everyone in the forum asked for this new feature, but Mikrotik always refuse to work on that.
As someone who’s a home networking enthusiast, and has too much Mikrotik gear at home, I can kind of understand what they’re coming from. RouterOS has the usability of “enterprise-grade” network equipment (meaning it’s arcane and non-intuitive), but at the same time has lots and lots of half-working features.
I simply cannot believe how terrible their IPv6 support is (still no connection tracking!), and plenty of weird glitches, etc.
But! Their hardware is very reasonably priced, and an excellent gateway to “real” networking equipment for the hobbyist. It’s unfair to compare it against Juniper and the likes: yes, it’s much better, but yes, the products are also 10x - 100x as expensive.
While everything that’s done in RouterOS can also be done under vanilla Linux, I buy Mikrotik precisely because I don’t want to build a custom Linux router. I want something that comes with a GUI, and I won’t have to spend too much time setting up.
Having said that, I would absolutely kill for an “escape” Linux shell. I know that RED supports ECN in Linux, please allow me to use it!
Seriously? Is it not possible to have stateful firewall rules for IPv6 traffic? Or is it just NAT that won't work (I don't care about NAT, NAT can die)? I was considering getting a microtik router but this would be a dealbreaker.
7.1 is only required on their brand new router targeted at enthusiast home users. The RB5009, which specifically says it's targeting home labs and explicitly came with the caveat of 7.1 being the minimum version and there is no LTS in the 7.x branch as-of yet. This is the only product that requires the 7.x branch.
Everything else ships with 6.48.x LTS or 6.49.x Stable. Nearly all serious users are using the LTS branch. The 7.x branch is well known within the RouterOS community to not be "production" ready... although that's where new features and stuff are going. It will be, one day.
> make a real router of an x86-64 system rather than putting a mikrotik pci-e card into it (wtf, why?) I'd recommend they go with vyatta or VyOS instead
One thing I've been looking for is a hardware box that can replicate what Ubiquiti's EdgeRouter Infinity does: a handful of 10Gbps SFP+ ports (sorry, I know that the term is "cages" but I just can't) and a couple of copper 1Gbps ports.
So far I haven't found anything but I feel like my search will get motivated in the next couple of years since it feels like Ubiquiti has forgotten that EdgeRouter exists.
Do you have any rack form factor x86-type systems you like for VyOS?
> a hardware box [with] a handful of 10Gbps SFP+ [..] and a couple of copper 1Gbps ports
I have a couple of (fanless!) CRS305-1G-4S+IN[0] at home, one in my study and one in the utility room. They each connect with 10GbE fibre (or DAC) to ConnectX-3 cards in my PCs and servers.
I appreciate the recommendation but that's kind of a gap from the EdgeRouter Infinity (ER-8-XG). The Infinity has 8x10Gbps SFP+ ports, a single copper 1Gbps port, 16GB of RAM, and a multi-core processor because it's designed as an inexpensive core router for a mid-sized network.
Where I work, we use one of them as our main router with multiple peering sessions and two transit uplinks. According to Cacti, right now we're pushing about 30Gbps through the router.
That's what I'm looking to eventually replace, if Ubiquiti doesn't start up with software updates to the EdgeRouter line again. But I think that's the problem: the EdgeRouter line is so amazingly inexpensive for all of the power you get, there's no financial incentive for Ubiquiti to invest in it and all of the players with the "proper" routers--the Junipers and Ciscos and the like--start at three times the price of an ER-8-XG.
Have look at Mikrotik CCR2004-1G-12S+2XS (1G-12S+2XS means 1x1Gbps RJ45, 12xSFP+, 2xSFP28) or CCR2116-12G-4S+ (12G-4S+ = 12x1Gbps RJ45, 4xSFP+), depending how many ports and what kind of routing performance you need (check the block diagrams, they tell the story).
However, neither of them will route 80 Gbps full duplex.
Then there is CCR2216-1G-12XS-2XQ (1x1Gbps, 12xSFP28, 2xQSPF28); this one is supposedly capable of routing shy of 200 Gbps @1518 packet size.
Edit: another thing on Mikrotik naming conventions: CRS = switches; CCR = routers.
If people have anywhere near 80 to 200 Gbps of real world IP traffic and are thinking of using a mikrotik for it, they seriously need to re-examine the revenue from customers that's going through that >50Gbps of traffic, business risk profile and how serious they are about things...
At that scale you'd better have a redundant identical twin pair of routers with 1+1 or N+1 redundant everything (fans, power supplies, routing engines, etc) 24x7x365 service contract, and so on. Not something you can or should do with mikrotik.
> Have look at Mikrotik CCR2004-1G-12S+2XS (1G-12S+2XS means 1x1Gbps RJ45, 12xSFP+, 2xSFP28) or CCR2116-12G-4S+
Both of these look fantastic. The second one, with the four SFP+ ports, looks like an almost drop-in replacement for the Infinity, particularly with its 16GB of RAM. (We use soft-reconfiguration inbound which bloats the amount of RAM needed for the tables.)
> However, neither of them will route 80 Gbps full duplex.
That's actually fine, at least for our needs. We only have 50Gbps of connectivity between peer, IXP, and transit links and today's 30Gbps is high because of end-of-month activities. We got the Infinity largely because it was the only EdgeRouter that could do what we needed. Like the gap between EdgeRouter Infinity and "every other router that can do what it does," there's a rather large gap in Ubiquiti's EdgeRouter line. The next one down in the list is the EdgeRouter-12 that is a small fraction of the capability of the Infinity.
> another thing on Mikrotik naming conventions: CRS = switches; CCR = routers
That's good to know. I hadn't started down the Mikrotik path yet but I'll give it a look. We have a leaf router at a small office where we experiment and maybe I can put one in there to start.
> that's kind of a gap from the EdgeRouter Infinity (ER-8-XG)
Indeed, not least on price. How much was your ER-8-XG? My CRS305-1G-4S+IN were about USD180 each.
EDIT: If there were a silent version of the CRS326-24S+2Q+RM[0][1] I'd have bought one already...
"The MikroTik CRS326-24S+2Q+RM is an insane switch. Its specs are relatively mundane by modern standards. It has 24x SFP+ 10GbE ports and 2x QSFP+ 40GbE ports making it not even as powerful as mainstream previous-generation switches like the QCT QuantaMesh T3048-LY8 that we installed in our lab years ago. Instead what makes the switch insane is that it offers all of that performance at $475"
For what it's worth - there is a healthy "modding" community for some of these Mikrotik switches. People convert them into fanless/silent units pretty regularly, or swap the fans for higher flow / lower rpm fans, etc.
a crs326 is a layer 2 switch - not comparable with a router. you could categorize it as more like a cisco 3750G from ten years ago in capability of 24 ports of copper gigabit in one place.
any mikrotik CRS series has very limited routing/layer 3 ability compared to a CCR series. Different things for different purposes.
look at the logical block diagrams mikrotik provides of their crs series equipment. it's all a bunch of ethernet switch chips in a few blocks of 8 ports and then something like a single 1GbE link to the CPU. the moment you start telling it to do layer 3 things its capability is very limited.
When space permits I prefer full-size 1U systems that have dual/hotswap power supplies and room for three low profile pci-e slots, such as a Dell R630/R640 or similar. With Intel chipset 4-port 10GbE SFP+ NICs this would max out at twelve ports plus whatever is on the motherboard daughtercard for network interfaces (2 x 10GbE + 2 x 1GbE copper, or whatever).
for smaller or shallow stuff, supermicro, msi, tyan, asus
if you want a mikrotik, buy a mikrotik hardware 1U router, despite the many issues with them the one thing they do have going for them are low power consumption and small space use. an actual ccr2004 1U box is not that large and can be mounted almost anywhere.
If you have enough traffic to need multiple SFP28 interfaces in colo and can't pay $150-250/mo extra to put in place a real hardware router, or stop paying by the 1U increment and get 1/4, 1/3 or 1/2 of of a cabinet, priorities and risk tolerance are misaligned in my opinion.
if you have >10Gbps traffic flows and are putting the router and other hosting environment/linux things all together in one 1U piece of hardware as a single x86-64 server, that's a "too many eggs in one basket" problem.
also worth noting that many colo/hosting ISPs won't offer 25GbE circuits on SFP28 anyways, you can buy either a 10GbE transit link or 100GbE, or maybe 2x10GbE bundled together in a 802.3ad or similar.
In this case, I was thinking about moving a currently half a rack worth of equipment from premises to colo, as the (internal) users are mostly on WFH anyway. They would not generate 1 Gbps of external traffic, not even in spikes. Currently, as it is, it makes more sense to stay on premises, but if some increase of density happened, it could make some sense.
However, it is not going to happen, it would be somewhere at bottom with priority. It was just an exercise, what could be done.
We're all different, I find Cisco and Vyatta awkward because of different reasons. RouterOS is not the best there is but it's less awkward, in my opinion.
The way things are laid out in a hierarchy in a full system "/export" from a Mikrotik is so weird and annoying compared to a hierarchical junos configuration from a "show configuration" on a juniper router.
If people want to make a real router of an x86-64 system rather than putting a mikrotik pci-e card into it (wtf, why?) I'd recommend they go with vyatta or VyOS instead, or install something like a barebones centos or debian and then add FRR to it.