Quality of Mikrotik Hardware

Dynamic_Gravity · January 8, 2018, 10:02pm

Hey guys, I’m looking to upgrade my network to 10gb and was on the market for a switch that can do the job. I’m looking for one with sfp+ for fiber. I know the ubuiqiti stuff is usually recommended, but I found what I think would be a good performer for a significantly lower cost, however, I have no experience with their stuff and would like some community feedback in any of you have experience with their products.

The switch is a Mikrotik Cloud Router Switch 317-1G-16S+RM

CC’ing @oO.o

eggmaster · January 8, 2018, 10:25pm

No experience with their fiber stuff, but I love all their other stuff I’ve used. Physically durable, and their software is endlessly configurable. If you’re looking for something simple, this isn’t it. But sweet mother, once it’s set up the way you like it, it goes like a hot damn…

oO.o · January 8, 2018, 10:26pm

It says “Router OS” and “Switch OS” but I couldn’t find anything else about it. Is it completely proprietary or is there a Linux or BSD kernel in there somewhere?

eggmaster · January 8, 2018, 10:39pm

From their wiki: "RouterOS is MikroTik’s stand-alone operating system based on linux v3.3.5 kernel."
https://wiki.mikrotik.com/wiki/Manual:RouterOS_features

Web demos available here: https://mikrotik.com/software

SwitchOS is RouterOS with some changes. Wiki here: https://wiki.mikrotik.com/wiki/SwOS

oO.o · January 8, 2018, 10:46pm

Thanks! I must have overlooked it.

Ethereal · January 8, 2018, 10:47pm

Haven’t personally worked with one but I’ve heard from other network guys that they are pretty good. I think it’s a safe buy.

oO.o · January 8, 2018, 10:58pm

Found this:

EDIT

That’s from 2014, so kind of dated now. This is also incorrect:

they use the same OS as their routers

Ubiquiti routers run a fork of Vyatta, and Ubiquiti switches run Linux with Broadcom FastPath.

ibreakthings · January 9, 2018, 12:00am

My home firewall is a RB850x2 and it works well. It has never been the cause of any trouble, with zero reboots needed. At my previous job we deployed a lot of Mikrotik gear at small, remote sites that didn’t need any sort of IDS/IPS. RouterOS can take some time to learn but it is very configurable.

Dynamic_Gravity · January 9, 2018, 1:04am

Thanks for all the replies guys!

I’m gonna give this switch a try once I get some funds.

Haha, its fine. I love learning, and want a quality product above all. I can learn no problem, do you happen to have any resources or should I just google “mikrotik os”?

Dexter_Kane · January 9, 2018, 1:07am

An older model but might be useful

Confessions of a 10 Gigabit Networking NEWB (Mikrotik CRS226 Review) Networking Hardware

Hello Tek Syndicate! After Wedell's video review of the Netgear XS712T: @wendell please bring us the next part of that series!!!!!!! My hunger for more network bandwidth was reignited. I've been interested in deploying 10G at home for a while now, but until this point the cost was just too absurd, especially because I don't really "need" it. Now, let me explain how I saved a boatload of money and got 2 10 Gig clients on my network. Mikrotik, a small European company basted in Latvia, makes a line of very powerful (specifically in terms of Software) Routers and Switches running an operating system based on Linux they call RouterOS. In the past couple years they have released several Switches in their Cloud Router Switch (CRS) series that pack two SFP+ 10 GIG cages. What does that mean? 10 GIG fiber for cheap. Currently they offer 3 versions of these switches, an 8 port, and 2 24 port models, one is a desktop model and one is a rackmount one. The 8 port one, the CRS210-8G-2S+IN sells for around $180 bucks on Amazon in the US. The 24 port desktop model sells for around $245. The Rackmount version sells for around 20 bucks more. For those of you looking to dig a bit deeper, theres a pretty good review of the 24 port desktop model Mikrotik CRS226-24G-2S+IN, on ServeTheHome. it includes a breakdown of the hardware, and an explaination of the nifty LCD screen. Now; let me start with my review, I bought the rack mount version of the switch and so far I love it. My first impressions of the switch were actually pretty bad. The build quality of the case is kinda crappy metal It's actually very light, much lighter than my old Cisco SG300 10 port switch. Heatsinking is okay, but could be better Although it has a fan mount on the back of the case, it lacks both a fan and a fan header. It does NOT support LACP or Spanning Tree But there is much good! With all the compaints above, temps have been fine, the CPU temp has not been reported to go over 4…

Dynamic_Gravity · January 9, 2018, 1:11am

Perfect relevant thread from 3 years ago.

eggmaster · January 12, 2018, 5:17pm

The wiki is probably my most used resource. They do a pretty good job of keeping it up to date.

MrFigs · January 12, 2018, 7:39pm

I got a hAP ac lite for my apartment about 6 months ago, very happy with it. It’s not exactly a switch, but I appreciate the deep configurability, ability to administrate through ssh, scripting, etc. It’s small but still has a great signal, and minimal branding on the case. I’d be confident about anything else MikroTik. The MikroTik wiki is useful for figuring out how stuff works, though it’s not super fleshed-out. I suspect it’s entirely written by the MikroTik staff, but it’s still useful if it covers what you’re doing or something similar.

oO.o · January 14, 2018, 7:30pm

How are they with security updates?

risk · January 14, 2018, 8:59pm

Generally, really really good.

For example when the krack stuff came out, they basically said that anyone who’s upgraded over the last two months is already fine, because they’re on the short list of companies who had a heads up, and were able to ship fixes as part of their regular updates.

And they weren’t as affected as some of the others either, because they have their own WiFi stack because, their devices typically in addition to CSMA/CA also do their own variant of TDMA, my guess is they probably happened to tweaks something along the way that made them more secure than most other wpa2 implementation by default.

In terms of release engineering of software, generally they have 3 branches of RouterOS firmware for each one of their platforms (they have around a hundred if not more devices but only 7 or 8 platforms). Branches are called “rc”, “current”, and “bugfix”.

There’s 5 year old (or more) routerboards out there that are still getting updates.

What happens is, they keep adding new features to “rc”, let’s say 6.42rc6 (next will be rc7, rc8… and so on). These go out roughly weekly, and some are really bad. Sometime at around rc10 usually, … they’ll say, “hey this is good enough”, and will promote 6.42 to “current” branch, and will spin off 6.43rc0 for new feature work.

Then as it happens with software, even though it’s mostly good more fixes will be needed, 6.42, … so “current”, will receive a 6.42.1 and 6.43 will receive a fix in whatever is the next rc update, and so on.

They also have a super stable branch called bugfix, this is meant for things that run in the middle of nowhere in the desert, or on islands in the pacific where you need a plane or a boat and depending on weather you may not be able to get to. These are currently at 6.38.3.

What happened at some point where they had a security issue in the http server used for configuring devices, … basically that afternoon, a new “bugfix”, “current”, and “rc” all came out, … containing only that one fix.

Basically this means, if you have “skin in the game”, let’s say maybe you’ve deployed a few hundred devices, you’re going to keep just a couple of devices in your lab, and you’ll basically be reporting issues to Mikrotik, who’d be super responsive to you if your issues are on RC. And your devices deployed in the field will be running "current, so by the time “rc” is promoted current, it’s actually good for you.

Now, it’s also very easy to upgrade, downgrade, rollback, change branches to test things out and so on.

oO.o · January 14, 2018, 9:10pm

Thanks, that’s great info.

Is switchOS basically the same story?

risk · January 14, 2018, 9:33pm

I don’t have any SwOS devices … but if I had to make an educated guess, based on my experience that doing release engineering one way is simpler than doing it in multiple ways, I’d guess yes.

SwOS also has way fewer features, there’s also way fewer devices using it, meaning less stuff to support, meaning less attack surface for security bugs and easier releases.

If you’re looking at CRS317 specifically, it can run either SwOS or RouterOS; I think it’s just the RB260GSP, and CSS326 that can’t run RouterOS and have to run SwOS.

wendell · January 14, 2018, 11:48pm

I believe aquantia stuff will soon hit mainstream and 5gbit and 10gigabit over copper is going to be way cheaper. e.g. ~$250-$350 for a decent 8 port switch and ~$75 for a 10 gigabit adapter.

The older sfp+ gear has some warts in general use in terms of lack of optimization and not being able to deal with a high # of packets per second.

ymmv though.

Marten · January 15, 2018, 10:41am

These threads are really opening my eyes on how a guy at home with a NAS and workstation can get some cheap more SPEED.
@Wendell this could be a great hobbyist video that many cheapskates and students could value.

oO.o · January 16, 2018, 6:42am

If Apple continues to adopt NBase-T, that will hopefully drive up demand as well. Make it less niche.