Well, for eg. configuring VLANs. I think that regular users would be much more happier if they had some kind of wizard or something to do that. Take a look at ubiquiti and how they have that solved.Where are the examples of the ROS complexity?
One was so rich it sold out to HPE (who will ruin it). The other probably makes decent money for the founder/owner and staff.Why they never scaled up and take VC money like Juniper is beyond me. Look up founded date/year of Juniper and MikroTik, both started in the same era, one's rich, one's broke…
why does ROS not resolve the caveats behind the curtains magically without having the user to know every aspect of any platform and what is wrong and right depending on just a piece of chipset/hardware.
Any network engineer who's worked with MikroTik, Cisco, Juniper, Arista, Huawei, Cumulus Linux will know what complexity. This forum itself is full of it. I'm not going to point out the obvious if you can't see it.Where are the examples of the ROS complexity?
I looked at the VyOS docs. Their config management is very interesting in terms of features like versioning.
But VyOS seems to be a full blown Linux OS. Why do we compare with embedded device OS like ROS?
A fair comparison would be OpenWrt. But their CLI and config management is crap TBH. And the luci webui isnt much better. Too sluggish.
Doesn't take away the fact that Juniper hardware + software are carrier-class in the industry, even better than Cisco. Can you call CCR2216 as carrier-class?One was so rich it sold out to HPE (who will ruin it). The other probably makes decent money for the founder/owner and staff.
If MikroTik cannot afford an end-to-end software engineering team who can handle NOS development from front-end CLI/API to back-end dataplane, then perhaps they should become like Edge Core and sell hardware with ONIE, let us install our own NOS instead.Because MT obviously lacks a few developers to do something from start to end and not stop half way. They started great by hiding switch peculiarities behind L2 HW offloaded bridge. They are sticking to it for new products, but not all of them received offload (yet). But: they did not come around to do it for all capable older devices either (CRS1xx, CRS2xx, smaller devices with Qualcomm switch chips). And the new bridge is around already for ages. The way I read lack of HW offload on these devices is that they de-facto decided they were EOL but they are not willing to admit it yet.
I don't agree on one thing. MikroTik creating “RouterOS Lite” or some crap, this will be dumb down their hardware capabilities, check Cisco, Juniper, Nokia “enterprise” APs etc, they are dumb as hell and can't do crap beyond basic functionality.Well, for eg. configuring VLANs. I think that regular users would be much more happier if they had some kind of wizard or something to do that. Take a look at ubiquiti and how they have that solved.
I mean you can't satisfy all users but if Mikrotik is doing a push towards regular home users then I think that GUI needs redesign.
I am a peasant.But, yes, WebFig/Mobile app overlay abstraction model (like TP-Link?) could be made for "lite” SOHO/End users who can't even differentiate BGP from OSPF, leaving full SP features intact in the core of the OS for SOHO users who create home labs etc and make use of MPLS/BGP etc. I run BGP in my own home as well, static routing is for peasants!
The real issue here is MikroTik lacks software engineering expertise, may be financial reasons, may be understaffed, maybe both, maybe more, but they don't seem to care. Who the hell still sells NEW hardware with 32-Bit software in 2024, even? See below:We all are peasants when comparing with for eg. @DarkNate.
For someone who isn't into networking Mikrotik was my first real touch with networks and i got used to it so i don't really know how other vendors have GUI sorted. (Juniper, Nokia, Cisco)
But one feature that i would really love to see is PPSK.
I want to have one SSID no 5 of them... I used user manager and radius but problem is that i run out of sessions due to license limitation and it's really unnecessary complication...
I take a different view: Mikrotik is what happens when you let engineers run a company. The results are predictable.The real issue here is MikroTik lacks software engineering expertise, may be financial reasons, may be understaffed, maybe both, maybe more, but they don't seem to care.
If Nokia, a REAL CARRIER-CLASS network vendor, can benefit from open source, so can MikroTik:Probably if RouterOS had been open source,
ForumOS64 would now exist with everything it needed...
Even the useless Dark-Mode...
Depends, not all engineers are like that, many engineers have good business decision-making skillset, prioritisation skillset and seeing a project from start to end to release for public use. In fact, some of the big multi-million dollar companies I know and worked for, were founded, operated, structured and built by engineers.I take a different view: Mikrotik is what happens when you let engineers run a company. The results are predictable.
They just keep adding features that are mostly done & move onto new shine things before the last thing was actually done. This lack of focus on quality/completeness shows in recent software releases.
I more blame a complete lack of product/program management to "rationalize" the feature set, and incomplete/piss-poor documentation that basically only a reference manual, not a practical guide to anything.
e.g. Have you ever see someone with "Product Manager" as their title in ANY of there videos? Or anyone really... explain their strategy/direction/roadmap in them? If a new feature is released – how anyone test, even internally, if there is no documentation on how it should work is my worry!
Or, at least START by having some method to allow the V7 RouterBOOT to install (or at least boot) an alternative Linux disto. But I don't think the NIH mentality is going away.If Nokia, a REAL CARRIER-CLASS network vendor, can benefit from open source, so can MikroTik:Probably if RouterOS had been open source,
ForumOS64 would now exist with everything it needed...
Even the useless Dark-Mode...
https://github.com/nokia?q=srlinux&type ... &sort=name
Off-topic, got any good resources for Engineering Management learning materials?There is a reason there are different engineering disciplines. Engineering Management or Industrial engineering is more geared towards project management, covering forecasting, budgeting, scheduling and statistics, and knowing enough about a wide scope of engineering disciplines to be able to understand risks, complexity, delays etc.....
Forget RouterBOOT, they can save up money/R&D efforts and just use ONIE, which is a bootloader.Or, at least START by having some method to allow the V7 RouterBOOT to install (or at least boot) an alternative Linux disto. But I don't think the NIH mentality is going away.
Personal note: consider following an MBA. See if there are universities/schools near you where you can follow it, if possible evening/weekend classes.Off-topic, got any good resources for Engineering Management learning materials?
Industrial engineering is relevant for MikroTik, because they manufacture hardware.
I'm fortunately in a position where papers (certs, degrees etc) have no value to me for prospects in job or businesses opportunities. However, knowledge is key, got any links for free MBA full course materials? Video playlists or something? Specifically for Engineering management related MBA.Personal note: consider following an MBA. See if there are universities/schools near you where you can follow it, if possible evening/weekend classes.
Don't go for online course where you basically buy the degree, you will not learn anything from it.
My personal view.
I am glad that I haven't seen anyone with the title "product manager" in their videos yet. You often come across such "product managers" in videos from companies like Cambium, Grandstream, and others. In reality, they are pure salespeople and not actual company-internal "product managers". MikroTik, if I understand correctly, avoids this sales layer and relies on distributors. Sure, MikroTik could involve distributors in video production, but they are not local and can't come to their studio.e.g. Have you ever see someone with "Product Manager" as their title in ANY of there videos?
Manual H is not really a problem, since the instructions in it are anyway only applicable to devices that have ARM processor (64 and not 32 bit), and PoE output, but only those with redundant power supplies, but not those that are running version 6.79.12, if the factory software was earlier than 6.11.4, and can only be applied on wednesday nights, if there is full moon (this of course only applies to indoor devices).... but be aware of a critical fact buried in manual H (but not pointed out in manual A)
Who even talks about "Cambium, Grandstream, and others"? These are not carrier-class network vendors, nobody cares.I am glad that I haven't seen anyone with the title "product manager" in their videos yet. You often come across such "product managers" in videos from companies like Cambium, Grandstream, and others. In reality, they are pure salespeople and not actual company-internal "product managers". MikroTik, if I understand correctly, avoids this sales layer and relies on distributors. Sure, MikroTik could involve distributors in video production, but they are not local and can't come to their studio.
MikroTik IS wildly different, I work with MikroTik, Cisco, Juniper, Arista, Huawei, Cumulus Linux in data centre and service provider domain, MPLS/EVPN/VXLAN/eBGP DC designs, all the good stuff.I would quite like Mikrotik to stick with its current direction. In my opinion, the reality is that these are not suitable devices for people who don't have a good practical grasp of IP, Ethernet, routing, bridging, VLAN and WiFi fundamentals.
Having done enterprise networking since the days when variable length subnet masks were rare, I've seen several generations of network kit and operating systems. I don't think Mikrotik is wildly different. Where it is different from a lot of high grade gear is, it's not expensive whilst still exposing a wide variety of network options, which is great! What it's not similar to is domestic gear!
There are issues of course, and for me the most frustrating thing is wide dispersion of key information, e.g. follow manual A from start to finish, but be aware of a critical fact buried in manual H (but not pointed out in manual A)
Yeah, doesn't take three years to fix serious issues with JTAC… Just saying…Thee is anyway a post on the forum about a possible way to workaround the issue until fixed in a next release ( a ticket was opened three years ago and Mikrotik's response was that they will fix it, but unfortunately no ETA).
@DarkNateMikroTik sells boxes with ASICs that are advertised for 100Gbps ASIC switching, that's a foot in the door of carrier-class network engineering. And you need product managers, good ones.
You would lose your bet. I didn't say I continued exclusively in the Enterprise domain, did I?Enterprise is not carrier-class networking, nor even DC-grade… I bet you never even deployed eBGP driven IPv6-only EVPN anycast gateways in your “enterprise” segments.
If you've had SP/DC experience with other vendors, and assuming you worked with software engineers for network programmability or automation, you'd know MikroTik RouterOS is poor software code, horrible API etc.You would lose your bet. I didn't say I continued exclusively in the Enterprise domain, did I?
No streaming telemetry, no gRPC, no OpenConfig, no YAML/JSON-like API input/output, CLI in/out, no root access like Juniper or Nokia SR-Linux.
I agree with you. When performing strategic corporate procurements, I've always weighted software quality, reliability and end-to-end programmatic observability and manageability as higher than performance or cost per port. For these reasons it's unlikely that Mikrotik would get very far in the procurement process. But then I don't think that is their target market. Like you, I think they need a rethink about the management interface/API to be closer to best practice, but I can't see them breaking into the telecoms/corporate core network market as a primary supplier.[If you've had SP/DC experience with other vendors, and assuming you worked with software engineers for network programmability or automation, you'd know MikroTik RouterOS is poor software code, horrible API etc.]
I think that a large part of the perplexities derive from the different directions that Mikrotik already took, though.A very interesting thread, thank you. It is also clearly obvious how different people have different needs and different ideas about our products. We sure can't go in all directions this thread would want us to
Well, I did mean powerful.Overuse of the word powerful in the explanation, flexible would be more apropos.
One direction is the easiest:A very interesting thread, thank you. It is also clearly obvious how different people have different needs and different ideas about our products. We sure can't go in all directions this thread would want us to
Computer Networking, as an engineering domain, operates under distinct constraints that often limit the number of “systemically optimal” solutions:For the longest time I thought the same as you, but over time, it was clear that it was my lack of networking knowledge and Ros Principals that was keeping me from unlocking the flexibility.
There are many ways to skin a cat [ as mkx & rextended would say ] with RoS, and that leads to many ways to solve issues.
Tasks/decisions/issues like you describe here aren't solved by just throwing lots of software engineering manpower at it. But I think you already knew that (because you already mentioned the term "product managers" and I assume you were talking about the role in a software development cycle). From what we can see from the outside how ROS evolves I can just make a wild guess. But I dont believe that there is someone with a clear "product-vision" nor someone who defines a roadmap of upcoming ROS features. It seems to be mainly driven by customer feedback (bug reports) and maybe some engineers personal goals (e.g. BTH feature that nobody asked for, sure it is nice, but does it address the real painpoints? nope)OR, they hire more software engineers who can build ROSv8 or whatever to be on-par with Nokia SR-Linux:
With that I agree, if you are network administrator you know what are you doing (probably) and it's easier for them to understand what to do if they are working with ROS for the first time for but what in case of the home users ?No praying is necessary, but if you are administrating a network, you better at least understand networking.
and others complain that quickset is already too complex for home usermaybe make quickset a little bit more functional, some of the suggestions:
- VLAN manager of some sort, option to use or not to use VLANs
Yea... in that case they will provide you with SIM card if possible and tell you that you can buy your own router. You get Huawei from them if you are lucky...Croatia is one country, there are some more countries. And also, why not? Maybe you should ask the LTE provider to give you Chateau, not Re-Labeled noname brand.
and others complain that quickset is already too complex for home usermaybe make quickset a little bit more functional, some of the suggestions:
- VLAN manager of some sort, option to use or not to use VLANs
Well, it is both "too complex" for SOHO. But QuickSet is how I workaround the "configuration abstraction complexity", at least for LTE devices. I view more as a way to have "configuration template" to a custom defconf. But not sure an "improved QuickSet" does not really address @DarkNate's main complaints, as they don't involve setup.and others complain that quickset is already too complex for home usermaybe make quickset a little bit more functional, some of the suggestions:
- VLAN manager of some sort, option to use or not to use VLANs
Hit the nail on the head. I know how bridging works... but if was a given a random Mikrotik model, I'd have to re-read many pages to confirm what's possible (and likely still have search the forum because something still may not be clear). And with L3HW becoming more common on devices, this problem gets even more complex on "what optimal".configuration of bridge VLANs/VLANs in general etc are easy just like Juniper, Cisco, Nokia etc? misconfig doesn't lead to performance issues (issue unknowingly routing/bridging traffic through CPU)."
Not sure the issue here is the protocols themselves... Mikrotik does have a JSON API via REST. But even if config was represented in protobufs used by gRPC, not sure that alone help anything.MikroTik UI/UX is just plain terrible. No streaming telemetry, no gRPC, no OpenConfig, no YAML/JSON-like API input/output, CLI in/out, no root access like Juniper or Nokia SR-Linux.
I will be at IETF next month, will you ?What's strange about MikroTik as a network vendor is we don't see them in IETF meetings, we don't see them in NANOG, SANOG, UKNOG, NLNOG etc.
Other vendors, small or big, attend these events, especially IETF, since all are interested to mingle, improve, and make business deals, but MikroTik employees are nowhere to be seen. If you search for Normis or MikroTik employees on LinkedIn, good luck finding them. Now search for VyOS, Nvidia Cumulus, Arista etc, and see the difference.
Cisco, Juniper, Arista, Huawei etc have all contributed tons of RFCs to the community, which RFC draft/spec has MikroTik ever contributed to?
No, I live in economies that are far away from most IETF events. But have fun, and maybe try to get MikroTik employees to go there instead. They never participated in the IETF since 1997.I will be at IETF next month, will you ?
It would be good to meet up.
Both the RB5009 and L009 block diagram shows that the SFP port plugs directly into the integrated marvell switch.
To get full performance, should the SFP port be used as a WAN on the bridge? Or should a layer 3 vlan be created on the SFP and not included in the bridge?
The internet is received from the ISP in vlan20.
So this is the right thing to do? Setting 1:
/interface bridge
add frame-types=admit-only-vlan-tagged name=BDI100 port-cost-mode=short protocol-mode=none pvid=99 vlan-filtering=yes
/interface bridge port
add bridge=BDI100 comment=PC01 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=2
...
add bridge=BDI100 comment=WAN frame-types=admit-only-vlan-tagged interface=sfp1 pvid=20 --> WAN PORT
/interface bridge vlan
add bridge=BDI100 tagged=BDI100,sfp1 vlan-ids=20 --> WAN VLAN ISP
Or this other? Setting 2:
/interface vlan
add interface=sfp1 name=vlan20 vlan-id=20
// Not included SFP on bridge with LAN ports
Thanks
Regards,
Hello,
Thank you for contacting MikroTik Support.
In terms of performance, both setups should offer similar throughput since they both involve VLAN tagging and handling. However, if you anticipate heavy WAN traffic or specific QoS requirements, you might need to test both setups to determine which one performs better in your environment.
Best regards,
All old text books circa 1980s LOL
Many industry folks (outside Latvia) are of the opinion that MikroTik operates using Soviet economic/business model and that's their major bottleneck. The facts and timeline of Latvia<>USSR seems to indicate that MikroTik never adapted 21st century business model nor engineering management.At which time Latvia was still part of Soviet Union. So those western (US in particular) books were probably banned ... or at least ignored because Soviet communism did things differently.
So it might be that all of these concepts are somehow unknown to MT management.
Any 2020-2024 edition of these books? I'm sure the authors have updated some of them. 2024 tech business is vastly different to what it was in 1980.@darknate: Resources: Engineering Management ( besides the academics of maths, physics, statistics-probability, electrical, programming, chemistry, drawing, thermodynamics etc...)
All old text books circa 1980s LOL
PRODUCTION/OPERATIONS MANAGEMENT: Concepts Structure & Analysis --> Richard J Tersine 1980
ENGINEERING ECONOMICS --> James L. Rigg 1977
Management ( and accompanying Study Guide & Workbook ) --> James F. Stoner 1978
Information Systems: Theory and Practice -->: John G Burch Jr, Felix R. Strater, Gary Grudnitski 1979
Maintenance Replacement and Reliability --> AKS Jardine 1973
Measurement Systems: Application and Design --> Ernest O. Doebelin 1975
INDUSTRIAL ENGINEERING HANDBOOK: Third Edition H.B Maynard 1971
INTRODUCTION TO OPERATIONS RESEARCH: Third Edition Hillier and Lieberman 1980
HUMAN FACTORS IN ENGINEERING DESIGN: Fifth Edition Ernest J. McCormick, Mark S Sanders 1982
RELIABILITY IN ENGINEERING DESIGN --> KC Kapur, LR Lamberson 1977
Many industry folks (outside Latvia) are of the opinion that MikroTik operates using Soviet economic/business model ...
Unfortunately, that's the reality of humanity as a whole.It's often very hard to get rid of some mental petterns if they are given (or enforced) to a few generations in a row.
One of them is "USA are the greatest in known Universe in all aspects" mentality, deeply engraved in majority of US population.
Redhat doesn't have a Soviet business model. It's a fine line difference between “low-margin” business and “Soviet margin” business. Don't insult Redhat by clubbing it with MikroTik.Certainly Mikrotik has a curious business strategy from this silicon valley denizen POV. I kinda view Mikrotik more as a redhat that made the choice to fund itself by selling low-margin hardware, over a high-margin services. It's a choice.
On this front and to @DarkNate points on “config complexity”. Why is UBNT the clear winner in high-volume, low-cost router/AP market in the US? My guess: it's more plug-and-play - not better hardware or more reliable – just some UI for beginners. In US/elsewhere, labor sometimes a much higher cost than hardware, so if it takes 3-5X as long to configure Mikrotik over UBNT/etc for similar setup, that makes Mikrotik a tougher sell.
But on the enterprise/DC side discussion of “configuration abstraction complexity”, be curious to know if @DarkNate is looking for Mikrotik hardware to run something like Cumulus/etc and dump RouterOS? Or, is issue that RouterOS cannot be configured using standard protocols like NETCONF/etc and/or lack of routing protocols (EGIRP, EVPN etc) the BIGGER problem?
Speaking of software dataplanes with DPDK/VPP, 100Gbps with full tables on arm64-CPU-only forwarding is possible. I can't site sources for this as this project wasn't public.
I'll try to ask my source again for the hardware product page, but I may not be able to reach them. But it wasn't Ampere, it was a Single Board Computer in fact with few cores arm64 CPU, similar to a high-powered Banana Pi. RAM was 8 GB if I recall correctly. It had 2×100G SFP cages. This was 2–3 years ago.Can you tell us something about the hardware? ARM64 varies between, say a Raspberry Pi and a 192-core Ampere One I'm guessing it's more like the latter...
I'll try to ask my source again for the hardware product page, but I may not be able to reach them. But it wasn't Ampere, it was a Single Board Computer in fact with few cores arm64 CPU, similar to a high-powered Banana Pi. RAM was 8 GB if I recall correctly. It had 2×100G SFP cages. This was 2–3 years ago.
Configuration abstraction complexity stems from the simple fact that MikroTik never built their own custom data-plane, they relied on Linux kernel data-plane all these years instead ...
To be fair, and without sharing too much non-public information and risk getting myself identified for said information.Well, Mikrotik obviously doesn't have in-house development resources to go for custom anything large scale. They did go down this path with their custom wireless drivers (which worked fine for a while) and we all saw where it ended (they are using chipset vendor's drivers now which is fine for most users but sorely lack some functionality upon which some WISPs rely). So perhaps it's better for MT to stick to stock linux kernel data-plane in the long run and simply pass the high-performance market.
I've seen what VPP/DPDK achieves on x86 machines and it's really impressive. I have not had the possibility to see results on the ARM architecture.
jeezzzz LFMAOAs someone said this, Mikrotik is not plug and play it's more like plug n pray
Untill it meets DDdoS world... and its software routing crashes... whilst other vendors are using hardware based routing, firewall etc....which makes a hughe difference in the end compared to software rounting systems...... i guess we have to accept the fact of the RoS limitations... its good for small ISPs up to 1000 clients.. once u get past that..unfortunatelly you have to start looking into other vendors options in the market if you want to grow pacefully with quality like huawei,juniper,cisco ASRxxxx... Thunder A10 and other players emerging..I like all this talk about Nokia, Cisco, Juniper etc.
But, MikroTik is routing the world.
Never forget.
Other “vendors” as in DDoS scrubbing companies do not use Huawei, Cisco, Juniper, Nokia, Arista for DDoS mitigation/filtering/re-routing/scrubbing.Untill it meets DDdoS world... and its software routing crashes... whilst other vendors are using hardware based routing, firewall etc....which makes a hughe difference in the end compared to software rounting systems...... i guess we have to accept the fact of the RoS limitations... its good for small ISPs up to 1000 clients.. once u get past that..unfortunatelly you have to start looking into other vendors options in the market if you want to grow pacefully with quality like huawei,juniper,cisco ASRxxxx... Thunder A10 and other players emerging..
Huawei, Cisco, Juniper and Nokia all use Broadcom with the occasional dump of their own ASICs, stop spreading fake information.I don't get the "why can't just mikrotik do x86 stuff like anyone else with fancy linux dataplane thing" complaints. If Mikrotik doesn't suits your needs, stick with x86-boxes with Linux then. Serious traffic should be done in hardware anyways.
Huawei, Cisco, Juniper and Nokia all makes their own sillicon and builds functionality around that.
I agree that RouterOS sometimes is over-flexible. It allows users to do something the wrong way and mess stuff up. Other vendors forces the users to do it a certain way only. And Mikrotik sometimes has a schizophrenic approach when adding new products and software features. DLNA, Kid-control and BGP & MPLS-VPN in the same box... Then certain common usual features that you find almost everywhere just doesn't exist and just seems to be ignored. Mikrotik can't really make up it's mind what target audience it should have.
As for configuration. Yes. I also wish that switching logic was better. Yes, it's fiddly to remove/change stuff. I also wish that there was a "commit" mode. Personally I find YANG a bit overrated.
I don't agree with that!1. Cleanup old documentation -ie delete it
wiki.mikrotik.com and mikrotik.com/download/pdf/MT_Manual.pdf are a couple of examples that really need to go.
Thats good, nice constructive post.It is already bad enough that most MikroTik documentation is not linked a version history of RouterOS.
i agreeI don't agree with that!1. Cleanup old documentation -ie delete it
wiki.mikrotik.com and mikrotik.com/download/pdf/MT_Manual.pdf are a couple of examples that really need to go.
It is already bad enough that most MikroTik documentation is not linked a version history of RouterOS.
When you are running 6.49.15, there is really no way to get documentation that pertains to that version.
wiki.mikrotik.com is the closest that you can get. It should NOT be deleted for at least several years.
It would be best when the versions of the help.mikrotik.com system (yes, the pages are in a versioning system) would somehow be linked to the RouterOS version, so you could e.g. retrieve documentation as it is for version 7.12 and that does not include features for higher versions.
When that is really not possible (for me that would be a total disqualification of the Atlassian system!), at least each feature introduced should have a "first available in 7.xx" note.
Is the old wiki good for you because it contains information specific to the ROS6?"old" wiki is still very useful
Yes, and because it is more complete and easier to read/follow than the new one.Is the old wiki good for you because it contains information specific to the ROS6?"old" wiki is still very useful
Is the old wiki good for you because it contains information specific to the ROS6?"old" wiki is still very useful
1000000% agree with your point and statements. I've personally been also voicing my opinion to MikroTik support channel, hopefully it gets directed to appropriate team.@jaclaz
1. Nobody is asking for a Juniper MX2020 from MikroTik.
2. MikroTik HARDWARE isn't the problem. In last 10 years of MikroTik, 1/10 are hardware issues.
3. MikroTik SOFTWARE is the problem. In last 10 years of MikroTik, 10/10 are software issues.
They can opt for fastest/cheapest solution i.e. enable official ONIE flashing support. OR, they hire more software engineers who can build ROSv8 or whatever to be on-par with Nokia SR-Linux:
1. Open source components and data model
2. Contribute back to upstream Linux kernel
3. Remove Linux dataplane
4. Move to DPDK/VPP or XDP for software dataplane
Its a tough spot they put themselves into. Like they're confused for market segment. hAP products for price directly complete with SOHO / residential TP-Link, Belkin, Cisco, etc etc... So consumers purchase due to price and end up returning due to complexity. They have the Home App available -- but its not provided in box documentation or a QR code. etc etc.Id be very much against a split segment model
One of the best parts of MikroTik is NOT artificially gimping functionality and having a (mostly) uniform OS across the board regardless of what piece of hardware you pick up. Aside from a few things (like wireguard not on MIPS chipsets) you can use any of their hardware to do anything
Waking up one day to find you can't do an EoIP tunnel unless you change hardware or upgrade to a subscription licence or some other utter BS would be horrible
I'm all for improvement where it's viable improvement - some hardware definitely needs improvement, PoE capability sucks - I just don't understand the mentality of "well just make it more like TP-Link/Cisco" when TP-Link/Cisco already exists. Why? Just go over to that side and use their products
Wait, what????.... Old switch menu is horrible. Bridge menu isn't the best and it does not automatically handle certain capabilities in hardware across all models despite them supporting it (and this still needing to do it in switch menu)Especially complicated when the vlan bridge method changed to be more CPU bound [all vlan bridge], instead of relying on switch chip [specfic models].
But why? Do you have shares in the company or are a distributor and benefit from the number of units shifted? Residential market is amply serviced by other vendors. We don't install mikrotik anywhere a customer wants access to it precisely for the reasons you stated, we provide them when it's a managed device and they don't touch it
I want to recommend MikroTik to friends/family--- but cant due to complexity for them.
I agree. The old vlan method or switch menu was a nightmare. When first migrating to the new bridge vlan method, it was confusion. But now it makes sense - but takes experience. For outsiders who are use to iOS access/trunk type setup; its difficult.Wait, what????.... Old switch menu is horrible. Bridge menu isn't the best and it does not automatically handle certain capabilities in hardware across all models despite them supporting it (and this still needing to do it in switch menu)Especially complicated when the vlan bridge method changed to be more CPU bound [all vlan bridge], instead of relying on switch chip [specfic models].
However it is SUBSTANTIALLY better and easier than the old switch menu. Configuring CRS1xx/2xx are an absolute nightmare, exponentially more complicated to do very basic switching. If you want to go back to that method you're insane
But why? Do you have shares in the company or are a distributor and benefit from the number of units shifted? Residential market is amply serviced by other vendors. We don't install mikrotik anywhere a customer wants access to it precisely for the reasons you stated, we provide them when it's a managed device and they don't touch it
I want to recommend MikroTik to friends/family--- but cant due to complexity for them.
I cannot imagine a situation where you would usefully have a port as an untagged member of multiple VLANs, which is a flexibility that this config provides. Most other manufacturers do not even allow such a configuration.
Well, what you would get would be similar to what you get when you connect a Windows PC to a hybrid port: the traffic towards the device would be the merged traffic of all configured VLANs, and the traffic from the device would all go to one specific VLAN (the PVID).I can't even imagine how such a config would work in practice. Destination IP or MAC-based VLANs or something like that?I cannot imagine a situation where you would usefully have a port as an untagged member of multiple VLANs, which is a flexibility that this config provides. Most other manufacturers do not even allow such a configuration.
As a networker who cut his teeth on Cisco IOS, I'm #TeamPort myself
(I cannot understand that Microsoft still has not fixed this design error in 2024)
I cannot imagine a situation where you would usefully have a port as an untagged member of multiple VLANs, which is a flexibility that this config provides. Most other manufacturers do not even allow such a configuration.
I can't even imagine how such a config would work in practice. Destination IP or MAC-based VLANs or something like that?
As a networker who cut his teeth on Cisco IOS, I'm #TeamPort myself
LOL, #TeamPort, agree I think.... I take you to mean being able to express normal things like "access"/"trunk"/"hybrid" on /interface/bridge/port including what's tagged for trunks WITHOUT having to use convoluted /interface/bridge/vlans stuff. They already do a lot of "dynamic config" in bridge VLAN setting (i.e. PVID becomes untagged) but they same dynamic config isn't possible for trunks from config of a bridge port itself.As a networker who cut his teeth on Cisco IOS, I'm #TeamPort myself
One use case is where you want port isolation but the switches don't support it. I.e. you are setting up a hotel network, you bought Cisco CBS250 switches and discover they artificially gimp out that functionality because reasons....I cannot imagine a situation where you would usefully have a port as an untagged member of multiple VLANs, which is a flexibility that this config provides. Most other manufacturers do not even allow such a configuration.
I can't even imagine how such a config would work in practice. Destination IP or MAC-based VLANs or something like that?
As a networker who cut his teeth on Cisco IOS, I'm #TeamPort myself
Port isolation aka Private VLAN is supported in the original Linux bridge codebase, it's also on Tik:One use case is where you want port isolation but the switches don't support it.
So won't all networking solutions based on the Linux kernel have the same issues/limitations?It's not a MikroTik problem, it's a Linux switchdev/DSA problem, which will never be solved because it's embedded deep into Linux Kernel source code.
Sure and it's all well and good to mention best practices, the reality is the real world doesn't always work that way for a multitude of reasons. One such may be that there's 30x PoE switches in place that work perfectly fine yet are basic SOHO units that do support neither private VLAN's nor port isolation but do support VLAN tagging. What I suggested is a perfectly valid solution to work around the problem without needlessly dropping $30,000+ on new switchesPort isolation aka Private VLAN is supported in the original Linux bridge codebase, it's also on Tik:One use case is where you want port isolation but the switches don't support it.
https://help.mikrotik.com/docs/display/ ... tisolation
I've used this feature in ISP use-cases combined with DHCP Snooping on the switch and local-proxy-arp on the BNG.
RouterOS is an abstraction layer and can still achieve tasks whilst presented in a totally different way to the user. It does not need to specifically follow any other set standards. And wherever the hardware doesn't support it, it can often be emulated in software. Which is what already happens with the Bridge configurationWell, sort of. It still is the chip that sets the limitations.
Though SAI offers significantly greater flexibility in managing the configuration process from user space (ie ROS) directly to the driver without having to adopt to and pass through the Linux kernel DSA interface structures (which BTW was originally developed in the early 2000s for a Marvell chipset).
Once the chip manufacturers' drivers start to mature, I think we'll see a rapid transition to SAI that will likely benefit all parties.
It's not an “issue” in terms of raw networking functionality. But it is an issue in terms of UI/UX and human design elements.So won't all networking solutions based on the Linux kernel have the same issues/limitations?
The problem with SONiC and SAI is how fragile the “open source” aspect is for the dataplane, Broadcom calls all the shots and only gives them a firmware blob. It's not open like original DSA/switchdev of Marvell.Well, sort of. It still is the chip that sets the limitations.
Though SAI offers significantly greater flexibility in managing the configuration process from user space (ie ROS) directly to the driver without having to adopt to and pass through the Linux kernel DSA interface structures (which BTW was originally developed in the early 2000s for a Marvell chipset).
Once the chip manufacturers' drivers start to mature, I think we'll see a rapid transition to SAI that will likely benefit all parties.
I smell an enterprise guy right here from 1995, who's still doing layer 2 access networks and switch daisy chains. No sir, where I come from, we've moved SP, DC and enterprise (offices or campus etc) to 10000% layer 3 routed networks all the way to each access switch in the office room or floors etc. The layer 2 doesn't span. For layer 2 adjacency of Wi-Fi, EVPN + MPLS or VXLAN is used, some Cisco fanboys prefer using LISP, both solutions are 10000% superior to layer 2 spanning AND it REMOVES the need for port isolation because everything is Layer 3 up-to access switch with local-proxy-arp + DHCP Snooping enabled on the access port, for additional security, we enable client isolation on the Wi-Fi APs to block “switching” of clients in the same broadcast domain.Sure and it's all well and good to mention best practices, the reality is the real world doesn't always work that way for a multitude of reasons. One such may be that there's 30x PoE switches in place that work perfectly fine yet are basic SOHO units that do support neither private VLAN's nor port isolation but do support VLAN tagging. What I suggested is a perfectly valid solution to work around the problem without needlessly dropping $30,000+ on new switches
You're making this a complex explanation. It's called UI/UX design and programming. That's what MikroTik (and the Linux kernel netdev contributors) need to fix.RouterOS is an abstraction layer and can still achieve tasks whilst presented in a totally different way to the user. It does not need to specifically follow any other set standards. And wherever the hardware doesn't support it, it can often be emulated in software. Which is what already happens with the Bridge configuration
I'd just like to see it be rewritten in a more sensible manner (like not having to set VLAN's in so many tabs, and laid out in a grid not drop down lists) and handle the abstraction better. There are still a lot of things that disable HW acceleration needlessly, i.e. enabling VLAN filtering on many of the older devices. Necessitating the use of the Switch menu even just for basic functionality like changing the PVID or port isolation without losing HW acceleration. It absolutely could be extrapolated to handle this automatically behind the scenes and keep the config uniform across many more chipsets. It's bloody annoying having to use a CRS1xx/2xx amongst other 3xx switches, or even substituting in something like a powerbox or HEX PoE as the config is all entirely different across them all unless you don't mind 80mbit/s through the CPU
... start by getting rid of Broadcom in an anti-competitive lawsuit across the globe.
You're making this a complex explanation. It's called UI/UX design and programming. That's what MikroTik (and the Linux kernel netdev contributors) need to fix.
Remember, it's often “nerds” making software for nerds, not many nerds know how to make software for non-nerds and that's why UI/UX design experts (like those at Apple) make millions of dollars each year in total comp, because so many few of them are alive in the world.
Yes, MikroTik abstraction is better than vanilla Linux kernel dataplane config (Debian, Ubuntu, OpenWRT-ish although OpenWRT is also abstracted itself).Couldn't agree more, though I think MT is actually pretty decent compared to pure Linux firewalls/routers like OpenWrt, pfSense/OPNSense and similar systems.
Nah, it's terrible and doesn't even function like *BSD real pf stack or in today's world, eBPF.Although macOS PF is pretty okay
See this here is the problem with this thread in general. If you get to work solely with companies that just throw money around willy nilly on high end gear and needlessly replace infrastructure for little to no practical benefit (which makes me think why are you even bothering with the MikroTik forums) then thats great for you but ironically worthless in many other segments.
I smell an enterprise guy right here from 1995, who's still doing layer 2 access networks and switch daisy chains. No sir, where I come from, we've moved SP, DC and enterprise (offices or campus etc) to 10000% layer 3 routed networks all the way to each access switch in the office room or floors etc. The layer 2 doesn't span. For layer 2 adjacency of Wi-Fi, EVPN + MPLS or VXLAN is used, some Cisco fanboys prefer using LISP, both solutions are 10000% superior to layer 2 spanning AND it REMOVES the need for port isolation because everything is Layer 3 up-to access switch with local-proxy-arp + DHCP Snooping enabled on the access port, for additional security, we enable client isolation on the Wi-Fi APs to block “switching” of clients in the same broadcast domain.
You're missing the points and issue with MikroTik completely. Re-read this thread one more time. It has nothing to do with $30k routers or switches.See this here is the problem with this thread in general. If you get to work solely with companies that just throw money around willy nilly on high end gear and needlessly replace infrastructure for little to no practical benefit (which makes me think why are you even bothering with the MikroTik forums) then thats great for you but ironically worthless in many other segments.
Your focus aligns better with the Cisco/Juniper space (which is already served just fine), not so much the broader MikroTik demographic. A lot of what you say has merit but its a bit like trying to sell Ferrari's, great if you're in Hollywood, not so great in South Africa where a Toyota is far better suited
You're missing the points and issue with MikroTik completely. Re-read this thread one more time. It has nothing to do with $30k routers or switches.
Isn't this the basis of many threads? Love the hardware (mostly), love the power of RouterOS (but not without it's annoyances) and recognise there are multiple use cases that fall broadly into SOHO and the rest. The rest is usually supported by trained IT professionals so the complexity is accepted, sometimes grudgingly. Although it's up against CISCO, Juniper etc which is a tough battle to win.Yet are more than happy to not comprehend and disregard what others say by then mentioning a substantially more complex setup that suits a completely different market segment
People already agree with me, both in this anonymous forum, and also in the real life global telecom industry. You can disagree, but I got 100 people agreeing with me for every 1 person that disagrees with me.And yet you completely missed what I wrote. Maybe try re-reading my post
The purpose was to illustrate a simple use case with MikroTik of
1) not needlessly spending a lot of extra money on gear to provide functionality that isn't needed and has no tangible benefit in that particular use case
2) massively simplifying the configuration and deployment
You keep preaching #2, its the entire basis of this thread right? Simplify and unify configuration. Yet are more than happy to not comprehend and disregard what others say by then mentioning a substantially more complex setup that suits a completely different market segment
MikroTik are actually fantastic at point #1 which is a big reason why they are so widespread. Are they perfect? Hell no, but bang for buck absolutely phenomenal and as already mentioned, they allow you to bend/break rules and 'best practices' where appropriate. Exactly like the scenario I mentioned.
They're the Leatherman of networking, perfect? nope, but you can do almost everything to accomplish a certain outcome. Not always as well as a dedicated tool, yet that is their network segment
Ubiquiti is absolutely horseshit. MikroTik should learn from VyOS developers (who are by the way, real network programmers in 2024 who embraced VPP/DPDK stack), learn some product management approaches of Juniper, Nokia SR-Linux dev team, and… Hire global talent, not just limit itself to a small pool of engineers inside Latvia (literally a tiny stretch of land that's smaller than some private properties in larger countries).This Unifi fantasy tale like stories - I feel the urge to respond.
To setup a AP with ROS is straight forward and by far no rocket science. I don't talk about bugs that should be fixed. Unifi software has no bugs? sure! Just read about a Unifi AP Firmware release recently that was only 1 day in Early Access and release the next day as stable. People freaked out due to issues.
And on Mikrotik I am not obliged to use a damn controller software, or publish my network to the cloud. The only offline offer from Unifi (besides a Gigabyte blown Controller Java Software) is an Android app, a crippled down thing (Unifi even tells you so) that even does not allow you to configure WPA3 on a U6+ - you need to use the full fledged controller for this setting. Completely insane. And not butter smooth as well: This year I did a initial configuration for an U6+ using the app. Then adopted it via controller and afterwards did a change in the app. result: AP dead. it broadcasted some random string SSIDs suddenly, couldn't connect and a factory reset / forget was needed. But have to admit: provisioning was just a reset button away.
And once you switch from "auto" (which is for max compatibility and disables many features like WPA3, FT, etc) to "manual" you enter the "same atmosphere of problems" you criticize on ROS.
Ubiquiti is absolutely horseshit. MikroTik should learn from VyOS developers
a small pool of engineers inside Latvia (literally a tiny stretch of land that's smaller than some private properties in larger countries).
@Larsa, when I say VyOS, I specifically only cared about the dataplane options (DPDK 100GB code is not the only option), which would be perfect for MikroTik embedded ROS (on modern arm64 hardware).You're way off base!
It's in no way not fair to compare an embedded NOS like MT/ROS to VyOS, which is a full-fledged Debian Linux solution primarily for x86_64 boxes or virtual NOSes that at a minimum requires 2 GB of storage and 512 MB of RAM. ROS should be compared with NOS built on embedded systems such as VxWorks, QNX, FreeRTOS, or NOS solutions like OpenWrt, Tomato, etc. The other players you mentioned belong to a completely different division as well.
And BTW, VyOS is still a standard Linux distribution NOS, which, like any other Linux distribution, can implement applications using the DPDK libraries. DPDK appliances typically require 10-12 GB of memory at cold boot but more demanding apps, when warmed up, usually require several times more, i.e. +64 GB for mid- to high-end systems [EDIT: which btw are the most common configurations on the market]
So please get the facts straight and stop wh*ng about things that are not comparable.
Don't know what you mean. I talk the same “unprofessional tirades” at work, with clients, with boss/managers/owners/C-suites, peers etc. No problems making $$$$ or developing solutions or buying solutions.Are you trying to get banned with all these unprofessional tirades?
EdgeRouter is forked from Vyatta, not VyOS. Please stop with the fake news.Bad language aside, UBNT's EdgeRouter series were based on a fork of VyOS. (Source) If VyOS is the fount of networking wisdom…? The mind boggles attempting to string the logic together here.
Larry Ellison — one of the major tech billionaires — is famous for owning nearly all of Lanai, at 364 km², with an estimated population of around 3400.
Latvia is 177× larger, with ~540× the population. It's roughly the size of West Virginia on both measures.
You're not helping your case by using "literally" in a comparison that's 2 orders of magnitude off the observable facts. It makes us ask what other facts you've distorted in an attempt to make your case.
@Larsa, when I say VyOS, I specifically only cared about the dataplane options (DPDK 100GB code is not the only option), which would be perfect for MikroTik embedded ROS (on modern arm64 hardware).
I just said "not the only option", AKA it MEANS, DPDK is NOT the only option.DPDK in an MT embedded system using a standard SoC? You're joking, right? BTW, it's not 100GB of code we're talking about here, but hugepages for buffer sizes, queue depths, etc..
RouterOS CHR/bare-metal — DPDK/VPPBut you've been going on about how MikroTik should look into DPDK. What are you trying to say? That MikroTik should develop DPDK high end appliances, or did I miss something like an alternative to DPDK?
Don't VyOS and EdgeRouter have the same legacy root of Vyatta so it's reasonable to compare EdgeRouter and VyOS, albeit the fork seems to have been a long time ago.EdgeRouter is forked from Vyatta, not VyOS. Please stop with the fake news.
That explains a lot. My take on Mikrotik history is that someone had the idea to put a Cisco IOS face over Linux sysctl. Then, double-down by creating their own scripting language to rival Cisco TCL's complexity. So yeah if you "hate" Cisco IOS config, the yeah RouterOS config be a real disappointment.I hate Ccisco [...]
I dislike Arista for being a Cisco-fake
RouterOS CHR/bare-metal — DPDK/VPP
RouterOS embedded — XDP/eBPF
Well, RouterOS v8 could be “from scratch” maybe Rust-based or Zig-based or something. Max performance, memory safety built-in, supports modern day programming features and frameworks etc.That explains a lot. My take on Mikrotik history is that someone had the idea to put a Cisco IOS face over Linux sysctl. Then, double-down by creating their own scripting language to rival Cisco TCL's complexity. So yeah if you "hate" Cisco IOS config, the yeah RouterOS config be a real disappointment.
If Mikrotik wanted to rid the world of cisco, would/should have continued that and supported EIGRP. Shipped likely sailed, but it's stuff like that keeps folks locked into cisco etc IMO. So not sure some new nifty eBPF architecture with modern data plane actually help too many of current Mikrotik users. If starting from scratch, perhaps that kinda of architecture is what you'd do. But Mikrotik isn't starting from scratch and they have existing customers to appease.
Do you not understand what DPDK/VPP is? There is no "appliance", it's 100% software-only using CPU. MikroTik only needs to delete the code for netfilter framework dataplane and replace with with DPDK/VPP for the dataplane, control and MGMT plane will retain netfilter framework code (ideally augmented with XDP/eBPF instead).DPDK is a set of user-space libraries that normally won't fit into an embedded system. I don't see the point of using ROS to develop a bare-metal DPDK appliance for a tailor-made solution on a market Mikrotik doesn't operate within (i.e. way out of their league).
While XDP/eBPF is very capable performance-wise, it is still a Linux Kernel extension and cannot be compared to a tailor-made user-space application based on the DPDK libraries.
Or in RouterOS v7, don't fuck with the data plane. Fix bugs, and there many. Make the AX more centerialized and simple. And add more docs, especially on interop with cisco/etc.RouterOS v8 could be “from scratch” [...] For RouterOS v7, the only option is XDP/eBPF data-plane. Forget DPDK/VPP probably.
Probably yeah.Or in RouterOS v7, don't fuck with the data plane. Fix bugs, and there many. Make the AX more centerialized and simple. And add more docs, especially on interop with cisco/etc.
NOW... For RouterOS V8, you're not wrong: XDP/eBPF architecture is pretty nifty. In theory, existing V7 config could be "compiled" to some V8 eBPF runners.
DarkNate ... if you are so annoyed with Miktorik as company and with that forum so be so corteuos and just stop posting....Again, you guys seem to have never interacted with DPDK/VPP/XDP/eBPF programmers in real life before and have no idea what you're talking about.
Well, it is a thread @DarkNate started – not some bitting invective injected into someone else's posting. Kinda different cases IMO.Agreed?
Do you not understand what DPDK/VPP is? There is no "appliance", it's 100% software-only using CPU. MikroTik only needs to delete the code for netfilter framework dataplane and replace with with DPDK/VPP for the dataplane, control and MGMT plane will retain netfilter framework code (ideally augmented with XDP/eBPF instead).
For embedded arm64 hardware, I don't think you understand how powerful XDP/eBPF based data plane is. Again, you guys seem to have never interacted with DPDK/VPP/XDP/eBPF programmers in real life before and have no idea what you're talking about.