Amazing work and another warning that Microtik remains subpar when it comes to security and doubly worrying because their strategy seems obfuscation rather than engaging the community.
It’s a shame because their hardware seems great for the price point (especially their point to point mmWave gear)
That's been my experience as well. Fantastic hardware value, but not great software.
And not just "insecure" libraries etc, just... strange design decisions. For example, SwitchOS doesn't allow configuration of a default gateway on the management interface, instead it just returns the request on whatever interface/vlan it gets it from. It leads to some very very strange behaviour when setting up firewall rules...
It's a shame, because the hardware is absolutely brilliant. I just wish they would open enough of their bootloader/hardware platform to allow 3rd party firmware to run easily.
Also, just the need to support two different OSes on the same hardware.
Network hardware should be rock solid appliances that live up to their specs on every front that I can just set and forget, and maybe occasionally need to do a security update. I shouldn't have to think of the pros and cons of one firmware choice over another, I don't have time for that crap.
Just make a fully-featured switch and fully-featured router and release them as such, instead of a crippled SwitchOS and crippled RouterOS, neither of which live up to the hardware's full potential.
What would a basic home Wi-Fi network with two access points, a router, and a switch look like? I attempted to figure this out since I wanted to set up a network with multiple VLANs to separate work machines, IOT devices, and trusted devices once I started working remote. I couldn't figure it out so just bought Ubiquity gear. They were the sweet spot for configurability with out spending weeks learning how to configure network equipment as far as I could tell.
I picked up a RB750 and a TP-Link AP several years back to enhance my networking knowledge. Took me several days of trial, error, and figuring out the right search terms to get a network like you described. I enjoyed the process but it's not for everyone.
But for about $130 the speed and stability blows away any equivalent-priced consumer technology with the added bonus of being much more configurable.
not allowing routing on the management interface is a big deal breaker for anyone trying to seperate their management networks from their revenue traffic.
This, including a couple of other issues, is keeping me from adapting mikrotik for anything more then a homelab.
I've been using it for about a year in a RBM11G for my home internet. it's been as stable as the Cradlepoint CBA750B it replaced. I reused the outdoor ABS box, still mounted on a 10ft steel pipe above my roof latitude 38 Eastern US, we get some pretty hot summers.
My answer here _used_ to be the Ubiquity Edgerouter-X series, but unfortunately Ubiquity has killed that line of products and they don't seem to be in the prosumer grade affordable router market anymore.
I still enjoy my little Edgerouter-X SFP, it's fast, compact, power efficient and I can plug my fiber internet connection straight into the SFP slot. Management can be done via SSH. What's not to like?
Edit: and yes, I know the edgerouters are still listed in the ubnt shop, but they have been 'sold out' for the past 3 years now. I don't think they'll ever return.
I would love to know as well, because I’ve been looking at MirkoTik as well. They are basically the only European manufacturer of network gear I’ve been able to find, for “consumers”.
I used to use MikroTik pretty extensively in the past (15y ago). My experience has always be that they are super solid. I even miss the time managing MT based networks.
I've bought three Protectli servers/routers and put OpenBSD on all of them with great success. (With coreboot!) I highly recommend taking a look at https://protectli.com/product-comparison/ though they do cost more than the microtik routers.
Another option if you don't need tremendous performance is https://pcengines.ch/ which also runs OpenBSD very well.
Is Draytek any good? I've just gotten their AX router as the first installment in a mesh home network - ultimate goal is to have separate VLANs for IOT vs core devices.
Immediate experience has been so so - the router kept rebooting every 12 hours - had to disable the AX interface and keep it wired only. WiFi is currently coming through a Netgear AC access point, which defeats the purpose of the system. I'm thinking if I should switch manufacturers before I get in too deep...
It’s a shame because their hardware seems great for the price point (especially their point to point mmWave gear)