Return to Level1Techs.com

Quality of Mikrotik Hardware

helpdesk
questionsandanswers

#1

Hey guys, I’m looking to upgrade my network to 10gb and was on the market for a switch that can do the job. I’m looking for one with sfp+ for fiber. I know the ubuiqiti stuff is usually recommended, but I found what I think would be a good performer for a significantly lower cost, however, I have no experience with their stuff and would like some community feedback in any of you have experience with their products.

The switch is a Mikrotik Cloud Router Switch 317-1G-16S+RM

CC’ing @oO.o


Good option for a 8-16 port home switch?
#2

No experience with their fiber stuff, but I love all their other stuff I’ve used. Physically durable, and their software is endlessly configurable. If you’re looking for something simple, this isn’t it. But sweet mother, once it’s set up the way you like it, it goes like a hot damn…


#3

It says “Router OS” and “Switch OS” but I couldn’t find anything else about it. Is it completely proprietary or is there a Linux or BSD kernel in there somewhere?


#4

From their wiki: "RouterOS is MikroTik’s stand-alone operating system based on linux v3.3.5 kernel."
https://wiki.mikrotik.com/wiki/Manual:RouterOS_features

Web demos available here: https://mikrotik.com/software

SwitchOS is RouterOS with some changes. Wiki here: https://wiki.mikrotik.com/wiki/SwOS


#5

Thanks! I must have overlooked it.


#6

Haven’t personally worked with one but I’ve heard from other network guys that they are pretty good. I think it’s a safe buy.


#7

Found this:


EDIT

That’s from 2014, so kind of dated now. This is also incorrect:

they use the same OS as their routers

Ubiquiti routers run a fork of Vyatta, and Ubiquiti switches run Linux with Broadcom FastPath.


#8

My home firewall is a RB850x2 and it works well. It has never been the cause of any trouble, with zero reboots needed. At my previous job we deployed a lot of Mikrotik gear at small, remote sites that didn’t need any sort of IDS/IPS. RouterOS can take some time to learn but it is very configurable.


#9

Thanks for all the replies guys!

I’m gonna give this switch a try once I get some funds.

Haha, its fine. I love learning, and want a quality product above all. I can learn no problem, do you happen to have any resources or should I just google “mikrotik os”?


#10

An older model but might be useful


#11

Perfect relevant thread from 3 years ago.


#12

The wiki is probably my most used resource. They do a pretty good job of keeping it up to date.


#13

I got a hAP ac lite for my apartment about 6 months ago, very happy with it. It’s not exactly a switch, but I appreciate the deep configurability, ability to administrate through ssh, scripting, etc. It’s small but still has a great signal, and minimal branding on the case. I’d be confident about anything else MikroTik. The MikroTik wiki is useful for figuring out how stuff works, though it’s not super fleshed-out. I suspect it’s entirely written by the MikroTik staff, but it’s still useful if it covers what you’re doing or something similar.


#14

How are they with security updates?


#15

Generally, really really good.

For example when the krack stuff came out, they basically said that anyone who’s upgraded over the last two months is already fine, because they’re on the short list of companies who had a heads up, and were able to ship fixes as part of their regular updates.

And they weren’t as affected as some of the others either, because they have their own WiFi stack because, their devices typically in addition to CSMA/CA also do their own variant of TDMA, my guess is they probably happened to tweaks something along the way that made them more secure than most other wpa2 implementation by default.


In terms of release engineering of software, generally they have 3 branches of RouterOS firmware for each one of their platforms (they have around a hundred if not more devices but only 7 or 8 platforms). Branches are called “rc”, “current”, and “bugfix”.

There’s 5 year old (or more) routerboards out there that are still getting updates.

What happens is, they keep adding new features to “rc”, let’s say 6.42rc6 (next will be rc7, rc8… and so on). These go out roughly weekly, and some are really bad. Sometime at around rc10 usually, … they’ll say, “hey this is good enough”, and will promote 6.42 to “current” branch, and will spin off 6.43rc0 for new feature work.

Then as it happens with software, even though it’s mostly good more fixes will be needed, 6.42, … so “current”, will receive a 6.42.1 and 6.43 will receive a fix in whatever is the next rc update, and so on.

They also have a super stable branch called bugfix, this is meant for things that run in the middle of nowhere in the desert, or on islands in the pacific where you need a plane or a boat and depending on weather you may not be able to get to. These are currently at 6.38.3.

What happened at some point where they had a security issue in the http server used for configuring devices, … basically that afternoon, a new “bugfix”, “current”, and “rc” all came out, … containing only that one fix.

Basically this means, if you have “skin in the game”, let’s say maybe you’ve deployed a few hundred devices, you’re going to keep just a couple of devices in your lab, and you’ll basically be reporting issues to Mikrotik, who’d be super responsive to you if your issues are on RC. And your devices deployed in the field will be running "current, so by the time “rc” is promoted current, it’s actually good for you.

Now, it’s also very easy to upgrade, downgrade, rollback, change branches to test things out and so on.


#16

Thanks, that’s great info.

Is switchOS basically the same story?


#17

I don’t have any SwOS devices … but if I had to make an educated guess, based on my experience that doing release engineering one way is simpler than doing it in multiple ways, I’d guess yes.

SwOS also has way fewer features, there’s also way fewer devices using it, meaning less stuff to support, meaning less attack surface for security bugs and easier releases.

If you’re looking at CRS317 specifically, it can run either SwOS or RouterOS; I think it’s just the RB260GSP, and CSS326 that can’t run RouterOS and have to run SwOS.


#18

I believe aquantia stuff will soon hit mainstream and 5gbit and 10gigabit over copper is going to be way cheaper. e.g. ~$250-$350 for a decent 8 port switch and ~$75 for a 10 gigabit adapter.

The older sfp+ gear has some warts in general use in terms of lack of optimization and not being able to deal with a high # of packets per second.

ymmv though.


#19

These threads are really opening my eyes on how a guy at home with a NAS and workstation can get some cheap more SPEED.
@Wendell this could be a great hobbyist video that many cheapskates and students could value.


#20

If Apple continues to adopt NBase-T, that will hopefully drive up demand as well. Make it less niche.