Can you audit your CPU? Can you audit your mainboard, which was probably assembled in China and has some microcontrollers with firmware installed in China? Mikrotik is made in Europe in a democratic state.
I cannot. But this is another software stack, another CPU and another mainboard with DMA access.
It's a big bucket of additional weak links in my chain of security security. The whattabouttery in these replies isn't s good approach. It only takes one component to get hacked. More than doubling your surface area isn't something to do lightly.
yeah, atrocious: I can reach roughly 20Gbps routed on my not too expensive home Opnsense box with firewalling and many other features (which is absolutley unnecessary for me). No routing by a CPU is not for routing between Comcast and Google, but it has it´s place and works so well, that a lot of opensource routing projects were supported by big vendors and telcos. Also networking for containers depends on this...
It´s too early to tell. This card was hit by the chip shortage, estimated delivery times here in EU begin with Mai. So it will take some time for Openwrt devs to lay hands on this. There is lot of ongoing successful work (for example RB5009) on other Mikrotik devices and the HW is fairly hackable.
Anyway RouterOS is worth a try, it gives you probably much better performance than Openwrt. You can see a lot of comments like it´s being unstable and lacking features. IMHO that comes from the bad relesae timing by MT. They have released RoS 7 as stable in a state of rather being beta. It have seen lots of improvements lately. So until we can buy one Ros 7 will probably be OK for production use.
Huhh, all big vendors have made and are still making similiar mistakes on a regular basis, just look up Cisco related CVEs.
While I don´t know it for sure yet, as this card is not yet available at my favorit suppliers, this might very well work with Linux. While Mikrotik does not directly support installing Linux on their HW, they don´t lock the HW down.
There is support by Openwrt for many different Mikrotik devices.
Anyway I wouldn´t replace RouterOS.
