Decline of Mikrotik?

okoun · Tue Nov 01, 2016 11:48 pm

Dear RouterOS devlopers,
I cannot help myself but feel that the focus of Mikrotik is no longer ISP market. It feels that later products and software development is geared towards end users - LTE and such...

We have been living with numerous bugs and missing implementations for past few years. Let´s mention missing radius attributes (Delegated-IPv6-Prefix, v6 accounting), non-workin flow control on x86 platform, non-operational BFD, buggered MPLS on CHR and missing drivers (SR-IOV or anything intel in past 10 years?) just to name a few. Those are features that I expect and care for from Mikrotik. Not a support for another USB modem.

We are exclusively Mikrotik shop at the moment, but as our network grows bigger so do your requirements (not the only one here I figure). We already hit the limit with IPv6 and CHR in production and as it is now, there is no way forward. The situation forces us to look for other vendors which we absolutely hate, but it is either that or not being able to grow which we hate even more.

Don´t even get me started on mythical version 7 which is supposed to fix all our problems and most likely even bring world peace and cure cancer. For real, how long have we been promised v7? 2 years? 3 years? 10 years? I wonder if it will ever come....

I would like to ask Mikrotik to consider where they are headed. Battle over wireles is over (Mikrotik lost) and routing/switching is all that´s left.

Wed Nov 02, 2016 12:11 am

Have you just woken up? Mikrotik does what makes the profit. I was sad for the orientation change towards home end users several years ago on this forum but uselessly. It is too late for tears now. Just take it as it is. Or take your money and make an offer to mikrotik owners...

Beone · Wed Nov 02, 2016 1:58 am

Not to mention the Hotspot but they introduced in V6 when they introduced CRL checks...

When a sudden powerfailure occurs, the hotspot using HTTPS with local certificate does not intialize properly and manually needs to be rebooted.

BUg there since at least 1 year unfixed... Same goes for RADIUS accounting missing when system reboots and WAN is using non-typical ethernet uplink like PPP (internet link is shutdown before flushing all records)

Wed Nov 02, 2016 10:45 am

It does seem that the home user is the market Mikrotik is targeting their products at.

Routing in v6 is severely broken, no fixes are forthcoming and there is constant promise from support of them being fixed in RouterOS v7.

The problem is, RouterOS v7 is 3 years overdue, and there is no sign of it coming anytime soon.

While Mikrotik have introduced service provider targeted hardware like the CCR, RouterOS currently lacks both the features and stability to be trusted by modern ISP's.

examples:
- BFD is completely unusable in RouterOS v6
- Polling routing information via SNMP can cause routing to crash
- L3VPN's do not send NLRI updates on PE-CE BGP changes.
- IPv6 recursive next-hop support is broken and cannot be used to advertise IPv6 loopback addresses.
- RouterOS is missing the features it needs to be used as a BRAS/BNG. (See section 5 of https://www.broadband-forum.org/technic ... ssue-2.pdf)
- Routing filters often need to be disabled/re-enabled to make them work.
- It is not possible to see routes advertised or received from a BGP peer in a VRF
- It is not possible to run admin services or a L2TP server in a VRF.
- RADIUS attributes to terminate PPP sessions into a VRF are missing.
- DHCP-RADIUS and PPP-RADIUS do not apply rate limits to prefixes defined by received RADIUS Framed-Route's
- RouterOS v6 by default does not meet RFC2865.
- DHCP Option-82 injection (DHCP snooping) is missing. This should inject CID and RID information for bridge ports, wireless clients and switch ports.
- IPv6 is a second class citizen in RouterOS v6.
- BGP4-MIB is missing
- EVPN is non existent, as is VXLAN

I really want to see RouterOS v7 released and resolve these issues, but as every month passes with no sign of it I am losing hope.

Wed Nov 02, 2016 11:13 am

nz_monkey, I think I saw a list in your post, but it's gone now. Can you re-post?

Arcticfox · Wed Nov 02, 2016 12:00 pm

Sadly to find out it, but i think current Mikrotikls focus is SMB/SOHO and WISP access, not BroadBand ISP (CCR could be very nice BRAS, but not IPv6 ready (radius attributes), and nor for Enterprise/ISP Core - issues with BGP (need to rebuild RIB saturation in case of BGP rebuilding), nor for enthusiasts - closed source, no kernel-integrated API (not about invoking CLI strings with POST/GET).

So i'm using it as WISP/ISP access and CE devices and it's good. No one should upgrade in production without testing on stand.
For it's segment Mikrotik is VERY good hardware with a bunch of possibilities (and bugs, and bugfixes, each release should be tested in lab before applying), very usefull GUI and native console.

There is a lot of pros and contras, just use it by its purpose (WISP access, BRAS, SMB/SOHO) and you will be satisfied. Forget about using it inside ISP core/aggregation (at least before ROSv7). But do not forget: Mikrotik is deaf to feature requests (by very own reason - currently our developers is busy and we not provide any possibility to closer integration).

For other cases you can use Linux - issues with interface, but you can build it by self.
And for topic starter - try Cisco XRv instead - up to 40G per core.

Wed Nov 02, 2016 12:03 pm

nz_monkey, I think I saw a list in your post, but it's gone now. Can you re-post?

Hi Normis,

I didn't want to be the guy that always complains...

it is back now.

Arcticfox · Wed Nov 02, 2016 12:19 pm

It does seem that the home user is the market Mikrotik is targeting their products at.

Routing in v6 is severely broken, no fixes are forthcoming and there is constant promise from support of them being fixed in RouterOS v7.

The problem is, RouterOS v7 is 3 years overdue, and there is no sign of it coming anytime soon.

While Mikrotik have introduced service provider targeted hardware like the CCR, RouterOS currently lacks both the features and stability to be trusted by modern ISP's.

examples:
- BFD is completely unusable in RouterOS v6
- Polling routing information via SNMP can cause routing to crash
- L3VPN's do not send NLRI updates on PE-CE BGP changes.
- IPv6 recursive next-hop support is broken and cannot be used to advertise IPv6 loopback addresses.
- RouterOS is missing the features it needs to be used as a BRAS/BNG. (See section 5 of https://www.broadband-forum.org/technic ... TR-101.pdf)
- Routing filters often need to be disabled/re-enabled to make them work.
- It is not possible to see routes advertised or received from a BGP peer in a VRF
- It is not possible to run admin services or a L2TP server in a VRF.
- RADIUS attributes to terminate PPP sessions into a VRF are missing.
- DHCP-RADIUS and PPP-RADIUS do not apply rate limits to prefixes defined by received RADIUS Framed-Route's
- RouterOS v6 by default does not meet RFC2865.
- DHCP Option-82 injection (DHCP snooping) is missing. This should inject CID and RID information for bridge ports, wireless clients and switch ports.
- IPv6 is a second class citizen in RouterOS v6.
- BGP4-MIB is missing
- EVPN is non existent, as is VXLAN

I really want to see RouterOS v7 released and resolve these issues, but as every month passes with no sign of it I am losing hope.

But it's suitable for BRAS with a lot of wooden crutches (Kostyli).

Neovr · Wed Nov 02, 2016 3:28 pm

it's true ...
Mikrotik is best for home users...
For ISP - MR have many-many bugs ... not for stable service ...
no nic drivers\BGP memory leak\bug in fast-track in last version\ospf not working corectly\no igmp-snooping ...
many many problems...

patrick7 · Wed Nov 02, 2016 3:35 pm

Unfortunately... true.
I suggest to not continue v6 development and focus on ROS v7.

jenechka · Wed Nov 02, 2016 4:56 pm

Mikrotik is best for home users...

Mikrotik certainly not for the house, there is no support for IPTV, P2P, high speed Wi-Fi out of the box, for me personally, this device for the last 2 years of the great went is not much worse, I know a lot of very cheap devices but they are not perfect, but there is everything you need out of the box, why not respond to the requests of users, or at least behave respectfully and not to reply "let's do it when we do" ???? you are losing tens of thousands of users and a lot of profit in this respect

paoloaga · Wed Nov 02, 2016 5:32 pm

I also am desperately waiting for ROS 7, in particular for the IPv6 fixes. They are really needed...

derr12 · Wed Nov 02, 2016 6:09 pm

I just wish they would quit releasing broken Dude servers in the current release tree. leave broken versions in the RC builds please! Its so broken it makes me yearn to go back to the windows server.

okoun · Wed Nov 02, 2016 6:45 pm

I wonder how many are in fact actively engaged in programming ROS? Sometimes I feel that they are doing only two programmers. Just a very few people.
So if a few people and no money to pay them, I suggest that the formation of any new licenses for ISPs to ensure timely repair and upgrade. I think it would be fair.

paoloaga · Wed Nov 02, 2016 7:27 pm

I wonder how many are in fact actively engaged in programming ROS? Sometimes I feel that they are doing only two programmers. Just a very few people.
So if a few people and no money to pay them, I suggest that the formation of any new licenses for ISPs to ensure timely repair and upgrade. I think it would be fair.

Programming is a quite difficult and time-intensive task, so it's not likely that they are just two. And so far they did a great job. My perception is just that their roadmap has different priorities than my (everyone's) requirements. And they have their reason to do it, therefore I just keep hoping that they will switch full time to ROSv7 development.

pe1chl · Wed Nov 02, 2016 8:00 pm

I wonder how many are in fact actively engaged in programming ROS? Sometimes I feel that they are doing only two programmers. Just a very few people.

Unfortunately the output of a group of programmers is not linearly proportional to the number of programmers.
In fact, the curve output-vs-number often shows a dip that can sometimes even drop to zero.
https://en.wikipedia.org/wiki/The_Mythical_Man-Month

rfauske · Wed Nov 02, 2016 9:11 pm

Just a little note, you do also got to have reasonable expectations of features. Shure its bad a few of the bugs in ROS but I would not expect to use a CHR, CCR or anything mikrotik to be able to do the same as the ASR 9000s we use in our network. Use the right product at the right place in the network.

For me it had been better with less software features on the WISP products (but better performance and hardware features, no problem with a price increase) and just leave the core network to the big vendors like Cisco, Juniper and so on..

Thu Nov 03, 2016 2:43 am

Just a little note, you do also got to have reasonable expectations of features. Shure its bad a few of the bugs in ROS but I would not expect to use a CHR, CCR or anything mikrotik to be able to do the same as the ASR 9000s we use in our network. Use the right product at the right place in the network.

The frustrating thing is that up until mid 5.x release train, Mikrotik were showing tremendous promise of being able to be used for ISP core networking, introducing their own routing engine with "routing-test", MPLS, DHCP-RADIUS and other such features, they were heading in the right direction. But then they just stopped...

jrpaz · Thu Nov 03, 2016 3:17 am

- Routing filters often need to be disabled/re-enabled to make them work. Bain of my existence.

Thu Nov 03, 2016 5:38 am

- Routing filters often need to be disabled/re-enabled to make them work. Bain of my existence.

Lol yep. The other fix I have found is sometimes I have to move their filters position in the chain up then back down. So say a filter is #7. I need to move it up to say #4 then back to #7 and it will start working.

When I first had it happen,I thought I just had my filter orders wrong, but have seen it happen hundreds of times since

hashbang · Thu Nov 03, 2016 7:20 am

I just got up and read this post. Same kind of thoughts were going in my mind when I got up and I found this discussion. My already recent post regarding sluggish performance as BRAS.
In MUM Mikrotik people gave all the diplomatic answers. Questions were :
1) What x86 h/w do u suggest as CCR is insufficient
2) Any performance enhancement in queues on v 7 (as queues sucks in MT). IF you have to pass traffic in gigs then firewall, queues are just cosmetic features.
These were the 2 questions I remember but without any answer.
I'm writing this post while changing 1 ccr 1036 to x86. Having some strange problem with ccr running as BRAS 1200 users.

Arcticfox · Mon Nov 07, 2016 3:51 pm

- Routing filters often need to be disabled/re-enabled to make them work. Bain of my existence.

Hammy · Mon Nov 07, 2016 5:48 pm

nz_monkey, I think I saw a list in your post, but it's gone now. Can you re-post?
Hi Normis,

I didn't want to be the guy that always complains... it is back now.

I let you complain for me. I'm busy enough with other vendors, I don't need to complain here much if you are.

paulct · Mon Nov 07, 2016 5:56 pm

I think it has more to do with clarity / feedback and openness regarding both hardware and ROS from Mikrotik. It would be great to have timelines/roadmaps, voting on features, new possible hardware etc...

I must commend Mikrotik on their ROS 6 updates, there is plenty being done - but maybe more focus is needed on specific issues rather than on some others.
Personally I think Mikrotik should almost split into two divisions e.g home/light user and SME/Coporate/ISP. Both have different requirements and features needed. At the end of the day I would be more comfortable knowing that in e.g Q1 of 2017 there are going to be new CCR routers, or Q2 2017 new CRS switch's and in Q2 the beta or RC version of ROS7 will be released for testing.

alexjhart · Mon Nov 07, 2016 8:30 pm

My ticket reporting IPsec driver issue on CCR has been open for nearly 1 year now with no resolution. Others are noticing too: http://forum.mikrotik.com/viewtopic.php?f=1&t=112545
The most frustrating part is that even with weeks between checking in, I repeatedly get told things like "I do not have any timeframe when it will be done", "it's ready when it's ready". I believe setting custom expectations and following through is important. Instead, an important feature is broken and I have no way to make business decisions other than going with another vendor that has a functioning feature.

sallen · Tue Nov 08, 2016 7:02 pm

My ticket reporting IPsec driver issue on CCR has been open for nearly 1 year now with no resolution. Others are noticing too: http://forum.mikrotik.com/viewtopic.php?f=1&t=112545
The most frustrating part is that even with weeks between checking in, I repeatedly get told things like "I do not have any timeframe when it will be done", "it's ready when it's ready". I believe setting custom expectations and following through is important. Instead, an important feature is broken and I have no way to make business decisions other than going with another vendor that has a functioning feature.

Agreed. I would appreciate a statement as to whether or not they are actually working on fix for this particular issue, and what the timeline is. I bit of history, I foolishly bought the RB850Gx2 rev 1 device when it first came out because it was claimed on this very forum by Mikrotik that it supported hardware encryption. Turns out that was not true, but it took me months of aggravation messing around with the IPSEC settings to come to that conclusion. Then they release a rev 2 version that actually has it.

Stupid me, I go ahead and do the same thing and buy the CCR1009-8G-1S-1S+PC when it comes out to try to get good IPSEC performance. And lo and behold it also doesn't work correctly for TCP streams (SMB/CIFS on windows) because of out of order packets.

This is beyond frustrating, and as much as I like Mikrotik, without any information on when or even if a fix for this issue is forthcoming, I also have to think about switching vendors. It has been two years of dealing with this!!!!

pauska · Thu Nov 10, 2016 1:01 pm

IKEv2, tunnel interfaces and VRF would have made my day. They are all scheduled for ROS 7

patrick7 · Thu Nov 10, 2016 1:58 pm

IKEv2 has been implemented in the last rc.

infused · Sat Nov 12, 2016 3:28 am

Came across this as im hunting around for fixes. Waiting on v7 so a number of fixes. We use the CCR's in our datacenters. But now hitting issues with ipv6. Is there some sort of date for v7?

Sob · Sat Nov 12, 2016 5:40 am

Not a date, but I believe it was promised to be released as soon as it's ready. It just remains to be seen when exactly that might be. You can only wait and hope for the best.

docmarius · Sat Nov 12, 2016 3:04 pm

It is more than 2 and a half years since we talk about v7 Longhorn...

Zorro · Sun Nov 13, 2016 6:48 am

It is more than 2 and a half years since we talk about v7 Longhorn...

hm, nope. ROSv7 become "magical unicorn" for much-much longer time, actually

Murmaider · Sun Nov 13, 2016 10:23 am

It is more than 2 and a half years since we talk about v7 Longhorn...

Longhorn / Unicorn.. a huh a clue..

daan99 · Mon Nov 14, 2016 10:06 pm

One thread BGP on CCR

.. Not mention about ugly working NV2 and nstream on AC.

server8 · Tue Nov 15, 2016 12:45 pm

The main question Is mikrotik developing synchronization and/or mu-mimo antenna system? If yes when we can hope to have an ETA?

I think a trasparent answer to this question from mikrotik is one step ahead to decide to stay with them or to choose other vendor. Cambium seems to work great in PtMP, Ubiquit will have AirFiber PtMP next year.....

maznu · Tue Nov 15, 2016 1:42 pm

One of the things that struck me from the UK MUM yesterday was the desire for better scripting within RouterOS.

There's a real danger of losing out to Ubiquiti's Edge Router, which has a more feature-filled full Linux shell for its command-line. I already see plenty of WISPs consider Ubiquiti for their backhaul - it'd be a real shame for MikroTik to no longer be a first choice for packet pushing too!

Hammy · Tue Nov 15, 2016 3:10 pm

The main question Is mikrotik developing synchronization and/or mu-mimo antenna system? If yes when we can hope to have an ETA?

I think a trasparent answer to this question from mikrotik is one step ahead to decide to stay with them or to choose other vendor. Cambium seems to work great in PtMP, Ubiquit will have AirFiber PtMP next year.....

Mikrotik is so far behind in the outdoor wireless game, they might as well just throw in the towel.

project25 · Tue Nov 15, 2016 4:19 pm

The main question Is mikrotik developing synchronization and/or mu-mimo antenna system? If yes when we can hope to have an ETA?

I think a trasparent answer to this question from mikrotik is one step ahead to decide to stay with them or to choose other vendor. Cambium seems to work great in PtMP, Ubiquit will have AirFiber PtMP next year.....

Mikrotik is so far behind in the outdoor wireless game, they might as well just throw in the towel.

With a lack of UNI-II they really are. They could have two major advantages if they had reliable equipment with UNI-II. The ability to utilize a central management point (CAPsMAN) and their relatively good grounding practices could put them on par with the lower end Ubiquiti gear, especially when you start talking about running fiber up a tower. That's really been the biggest noticeable negative with Ubiquiti…radios dying from static discharge (I operate in a very dusty environment) and lightning.

As far as the hardware goes, I think Mikrotik's sho router line has more or less priced the "Routerboard" options off the market. I lost a RB493 (lightning strike) a few months ago…didn't make sense not to replace with a RB2011.

As Ubiquiti builds the reputation of their routing products there will likely be a change. Mikrotik has a major following for small WISP's. I think they are a great solution for something like LMR backhauling non-mission critical projects as Cisco and Juniper have a very tight grip on those.

Sent from my iPhone using Tapatalk

Hammy · Tue Nov 15, 2016 4:50 pm

I'm not even concerned about Ubiquiti. They have such a difficult time actually executing on their grand visions.

I'm referring to Cambium, Mimosa and IgniteNet. Cambium for their MuMIMO, beamforming and sync capabilities, Mimosa for their dual channel and continuous spectrum analyzer and IgniteNet for their dual mode 60\5 GHz.

mrz · Tue Nov 15, 2016 4:58 pm

- Routing filters often need to be disabled/re-enabled to make them work.

Can we have more details sent to support?
Do you modify routing filters frequently?

alexjhart · Tue Nov 15, 2016 6:33 pm

- Routing filters often need to be disabled/re-enabled to make them work.
Can we have more details sent to support?
Do you modify routing filters frequently?

I've experienced this too and have helped many others with the same issue. Is Mikrotik unaware of this mrz?

patrick7 · Tue Nov 15, 2016 6:51 pm

+1, affected too. Moving the rules in the chain or dis and reenable solves the problem.

lukoramu · Tue Nov 15, 2016 7:36 pm

One of the things that struck me from the UK MUM yesterday was the desire for better scripting within RouterOS.

There's a real danger of losing out to Ubiquiti's Edge Router, which has a more feature-filled full Linux shell for its command-line. I already see plenty of WISPs consider Ubiquiti for their backhaul - it'd be a real shame for MikroTik to no longer be a first choice for packet pushing too!

Are there really that much WISPs that need Linux commandline (bash or whatever), and DON'T need performance and features of CCR ??? This concern looks *really* far-fetched to me..

Hammy · Tue Nov 15, 2016 7:57 pm

Native BASH is becoming much more used in networking gear. See SDN and open source networking.

maznu · Tue Nov 15, 2016 7:59 pm

Are there really that much WISPs that need Linux commandline (bash or whatever), and DON'T need performance and features of CCR ??? This concern looks *really* far-fetched to me..

MikroTik obviously recognise there is a future in "Software Defined Network" because they have an experimental OpenFlow module. The other definition of SDN is where you use software to implement and manage your network architecture, rather than building and deploying configurations by hand. As WISPs get bigger they'll have a strong desire to keep network management costs down by orchestrating their network at scale. The Dude does this... to a point.

This isn't about having linux command line on the router. This is about having a scripting language with e.g. better string or data (e.g. JSON) manipulation to make e.g. HTTP fetch more powerful. This is so that your network can automate its configuration e.g. by routers "pulling" in data, instead of needing some sort of central controller (e.g. The Dude) to "push" configuration changes to each device.

As for performance: Ubiquiti's EdgeRouter occupies a similar space in the market in terms of price and PPS performance (yes, CCR1072 goes a lot faster than ER8... but the CCR1009 vs ERLite-3 entry-level are comparable). The world now is one where most white label switches have Linux under the hood, and they have power and flexibility to do this kind of SDN. It's not a huge negative, but I fear that it will close doors to some customers if RouterOS left behind with a less featured scripting language.

maznu · Tue Nov 15, 2016 8:07 pm

Can we have more details sent to support?
Do you modify routing filters frequently?

We've seen this problem several times on CCR with very recent versions of RouterOS.

Day-to-day, I kept thinking I was going mad because I am sure I set up filters correctly. Disable the peer, enable it, same problem. Then you go and change something really trivial about the rules, like changing the order, and suddenly it starts working. Then a few months later I read several forum posts which show the same experience, and I realised it was not me going silly in my old age. Now that I recognise this is possibly a bug, what information would be useful for you, mrz, to help MikroTik track down the fault?

We don't modify routing filters frequently, but often enough as downstream customers' routers are added. The problem is that you create a routing filter specifically for a peer router, bring up the BGP session, and potentially you could screw up your routing table because the filters you created have not been used. The worst cases are when you enable a peer and get routes you didn't want and were deliberately filtering out. Less fatal (though still annoying) is when you don't get routes you did want. The situation I worry about is if we can't trust that the filter is working - we think everything is fine and is going to be filtered, but the customer might fat-finger their configuration and suddenly we receive routes we were expecting to be filtered.

pe1chl · Tue Nov 15, 2016 9:27 pm

I agree with the above. Today I added a subnet (also on a CCR): added address, BGP network, added routing out filter entry,
moved it up before the final reject, looked on the other router: nothing.
Disabled BGP peer, enabled: nothing.
Disabled routing filter entry, enabled: starts working OK (new subnet appears on other router, which is a RB750G r3)

Tue Nov 15, 2016 11:06 pm

- Routing filters often need to be disabled/re-enabled to make them work.
Can we have more details sent to support?
Do you modify routing filters frequently?

Wow.. How do Mikrotik support NOT know about this issue:

- Every ISP I talk to that uses Mikrotik for BGP complains about this issue.
- There are numerous threads on these forums about this issue.
- See Ticket#2013050266000072

What do I know about the problem:
- It seems to happen no matter how simple/complex the configuration is.
- It does not seem to be related to how often the filters are changed. (I have had it happen on new routers only advertising 2 prefixes and receiving 1)
- I have noticed it happens more often when a set of filters is pasted in via the CLI.
- I have mainly noticed it on egress filters, this may just be due to the fact that I modify these more often.

savage · Tue Nov 15, 2016 11:17 pm

Not only routing filters, but also frequently when adding new bgp peers the prefixes are received, visible in the routing table (/ip route print...) but traffic does not follow the routing table.

Disable the peer, re-enable the peer, and then all of a sudden traffic is routing correctly.

BGP, is FULL of bugs. I'm scared to have my core and peering routers on mikrotik, and will be looking at replacing them.

j2sw · Wed Nov 16, 2016 1:20 am

Scenarios where i routinely need to do stuff with routing filters.
1.Blackholing traffic to a blackhole peer (Cogent, etc.). I routinely have to drag filters around to make this happen.
2.Adding downstream peer advertisements
3.Adding padding or AS path manipulation

It's not necessarily how often you do these functions, but when 90% of the time it doesn't behave like it's supposed to it's frustrating. It turns a 30 second job into several minute job while you try to come up with creative ways to jack with it.

pe1chl · Wed Nov 16, 2016 12:28 pm

Not only routing filters, but also frequently when adding new bgp peers the prefixes are received, visible in the routing table (/ip route print...) but traffic does not follow the routing table.

Disable the peer, re-enable the peer, and then all of a sudden traffic is routing correctly.

BGP, is FULL of bugs. I'm scared to have my core and peering routers on mikrotik, and will be looking at replacing them.

That would be a completely different bug, and I cannot confirm it. What I observe is only that the prefixes do not appear in the table. When they do, they always work (for me).
It also would not be a BGP bug.

Maybe it is a fasttrack or route cache bug. That could be. I don't use those features.

maznu · Wed Nov 16, 2016 12:29 pm

That would be a completely different bug, and I cannot confirm it.
Maybe it is a fasttrack or route cache bug. That could be. I don't use those features.

+1, cannot confirm. Haven't had any phonecalls about reachability problems.

We don't have fasttrack, but we do have routecache.

savage · Wed Nov 16, 2016 12:34 pm

Maybe it is a fasttrack or route cache bug. That could be. I don't use those features.

Neither is used.

Will check again when it happens in the future. Perhaps I am mistaken about the routing table, and it's more a matter of the prefixes are received, but not populated in the routing table. Will check when this happens again and confirm.

savage · Wed Nov 16, 2016 3:54 pm

Confirmed now - the routes ARE in the routing table correctly, yet, a traceroute follows the wrong path...

Border 02 router, which peers with the ASN via public peering:

> /ip route print detail where dst-address=a.b.71.0/24      
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADb  ;;; AS34307 - NL-IX Route Server
        dst-address=a.b.71.0/24 gateway=c.d.116.103 gateway-status=c.d.116.103 reachable via  VLAN7 - NL-IX Peering distance=20 scope=40 target-scope=10 
        bgp-as-path="34305" bgp-local-pref=3080 bgp-med=0 bgp-origin=igp bgp-communities=65000:3080 received-from=AS34307v4 - NL-IX Route Server 01 (NL-IX) 

 1  Db  ;;; AS34307 - NL-IX Route Server
        dst-address=a.b.71.0/24 gateway=c.d.116.103 gateway-status=c.d.116.103 reachable via  VLAN7 - NL-IX Peering distance=20 scope=40 target-scope=10 
        bgp-as-path="34305" bgp-local-pref=3080 bgp-med=0 bgp-origin=igp bgp-communities=65000:3080 received-from=AS34307v4 - NL-IX Route Server 02 (NL-IX) 

 2  Db  ;;; AS34307 - AMS-IX Route Server
        dst-address=a.b.71.0/24 gateway=80.249.209.174 gateway-status=80.249.209.174 reachable via  VLAN1587  - AMS-IX Peering distance=20 scope=40 target-scope=10 
        bgp-as-path="34305" bgp-local-pref=3070 bgp-med=0 bgp-origin=igp bgp-communities=65000:3070 received-from=AS6777v4 - AMS-IX Route Server 01 (AMS-IX) 

 3  Db  ;;; AS34307 - AMS-IX Route Server
        dst-address=a.b.71.0/24 gateway=80.249.209.174 gateway-status=80.249.209.174 reachable via  VLAN1587  - AMS-IX Peering distance=20 scope=40 target-scope=10 
        bgp-as-path="34305" bgp-local-pref=3070 bgp-med=0 bgp-origin=igp bgp-communities=65000:3070 received-from=AS6777v4 - AMS-IX Route Server 02 (AMS-IX) 

> /routing bgp advertisements print "AS2bbbb9v4 - iBGP, BR01" detail where prefix=a.b.71.0/24       
 peer="AS2bbbb9v4 - iBGP, BR01" prefix=a.b.71.0/24 nexthop=c.d.116.103 as-path="34305" origin=igp local-pref=3080 med=0 communities=65000:3080

So, we have received the route through our peering arrangements, we have 4 paths available. Yet, we only advertise 1 path to our Border 1 router (we should advertise at least 2 paths, as the preferences & communities are different)...

On Border 01, which peers directly with Border 02 (iBGP), and has a transit link (full table):

/ip route print detail where dst-address=a.b.71.0/24
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADb  dst-address=a.b.71.0/24 gateway=c.d.116.103 gateway-status=c.d.116.103 recursive via e.f.48.35 VLAN100 - Edge Network distance=200 scope=40 target-scope=30 
        bgp-as-path="34305" bgp-local-pref=3080 bgp-med=0 bgp-origin=igp bgp-communities=65000:3080 received-from=AS2bbbb9v4 - iBGP, BR02 

 1  Db  ;;; AS49544 - Transit
        dst-address=a.b.71.0/24 gateway=31.204.159.165 gateway-status=31.204.159.165 reachable via  sfp-plus2 - Cable S03.R13.02 & 2622 distance=20 scope=40 target-scope=10 
        bgp-as-path="49544,34305" bgp-origin=igp bgp-communities=65000:3000 received-from=AS49544v4 - Transit

The ACTIVE route, is supposedly going via Border 02. A traceroute however:

traceroute to a.b.71.34 (a.b.71.34), 30 hops max, 60 byte packets
 1  e.f.48.129  0.455 ms  0.646 ms  0.672 ms		<- CORE router
 2  e.f.48.34  0.223 ms  0.262 ms  0.310 ms			<- BORDER 01 router
 3  g.h.159.165									<- TRANSIT
....

Traffic is not being send Border 01, Border 02, Peering. It is instead going Border 01, TRANSIT. Which is NOT what the routing table on Border 01 indicates.

Refresh/Resend the peering sessions, and the problem resolves itself after the BGP tables are loaded a second time. Happens with IPv4 as well as IPv6 traffic.

EDIT: From the ROUTER ITSELF (i.e. Border 01 router) the traceroute is correct (i.e. Border 01 -> Border 02 -> Peering). From devices BEHIND Border 01, the traceroute is incorrect (Border 01 -> Transit).

Route Cache is disabled, and RP Filter = no (on both routers)

Tonda · Fri Nov 18, 2016 2:55 pm

I also personally do not understand some (for me) non-logical things like power options in CCR models. Why some CCRs can be powered by 230V/PoE combination, some by 2x230V and current flagship CCR1036 has only one 230V plug? Power input redundancy is not important for their flagship device?
Other similar things are from my point of view non-consistent model lines. I can imagine for example more devices derived from hEX with new powerful CPU and with 5, 8, maybe 10 and 16 ports in same case like RB2011 uses and so on. Similar situation is IMHO with SPF,SFP+ and ethernet ports combinations in various devices.
Personally it seems to me that they write various features and number of ports to small sheets of paper, throwing them all from top floor staircase and then designing models depending on features from sheets which managed to fall to ground floor.
Also it is now necessary to maintain firmware for lot of different CPU architectures, which also brings lot of possibilities for various kinds of errors in hardware and software.

Antoher thing is the holy grail RouterOS v7. The fact, that they are not able to give us clear statement about RouterOS v7 is also not much credible. Lot of people (including me - I wait for newer USB dongles support) is impatiently waiting for new features. Now I have to decide - should I wait for RouterOS v7 which would allow me to finish current project with Mikrotiks only or should I look for another solution? Currently I am evaluating other solutions just because I am not able to build any plan on uncertain situation with Mikrotiks.

Hammy · Fri Nov 18, 2016 3:35 pm

Agreed on v7. Whomever is slowing down the roll out of v7 to focus on crap for v6 needs to take a walk.

StubArea51 · Fri Nov 18, 2016 4:57 pm

- Routing filters often need to be disabled/re-enabled to make them work.
Can we have more details sent to support?
Do you modify routing filters frequently?
Wow.. How do Mikrotik support NOT know about this issue:

- Every ISP I talk to that uses Mikrotik for BGP complains about this issue.
- There are numerous threads on these forums about this issue.
- See Ticket#2013050266000072

What do I know about the problem:
- It seems to happen no matter how simple/complex the configuration is.
- It does not seem to be related to how often the filters are changed. (I have had it happen on new routers only advertising 2 prefixes and receiving 1)
- I have noticed it happens more often when a set of filters is pasted in via the CLI.
- I have mainly noticed it on egress filters, this may just be due to the fact that I modify these more often.

Just an interesting side note, I do BGP on MIkroTik every day and I can't say I've run into this very often, but I do a soft-refresh in and out every time I change the filter because MikroTik isn't the only one who has this issue. I've been burned by similar behavior on Cisco 6500, 7600, ASR and Nexus 7K when modifying ACLs/Route Maps for BGP peerings which is why I got into the habit years ago of soft refresh in/out every time I change the BGP filters.

Having said that, It should be able to handle a change without causing a bug.

doush · Sat Nov 19, 2016 10:17 am

We use BGP Route Filters for sending prefixes to specific communities (blackhole etc..) and never run into any issue yet.

That being said, we need better multi core support for PPP interfaces, queues, firewall filters, NAT.

Maybe the path Mikrotik should follow now is making FPGA based Hardware for NAT, Queuing and Firewall Filters.

Time to play in the big league

pe1chl · Sat Nov 19, 2016 1:18 pm

Maybe the path Mikrotik should follow now is making FPGA based Hardware for NAT, Queuing and Firewall Filters.

In my opinion, MikroTik shines in making routers based on very inexpensive "general" communications processors
running the generic Linux OS (which has lots of networking capabilities not found in other OSes but is not dedicated
to routing).

This resuls in very feature-rich but still inexpensive routers that can be used in (relatively) small networks.
When you require top performance that demands dedicated hardware support, there are other manufacturers
that offer this, and have offered it for much longer. Expect to pay a lot more, as a lot more development resources
go into that kind of solution.

alexjhart · Sat Nov 19, 2016 5:10 pm

Maybe the path Mikrotik should follow now is making FPGA based Hardware for NAT, Queuing and Firewall Filters.
In my opinion, MikroTik shines in making routers based on very inexpensive "general" communications processors
running the generic Linux OS (which has lots of networking capabilities not found in other OSes but is not dedicated
to routing).

This resuls in very feature-rich but still inexpensive routers that can be used in (relatively) small networks.
When you require top performance that demands dedicated hardware support, there are other manufacturers
that offer this, and have offered it for much longer. Expect to pay a lot more, as a lot more development resources
go into that kind of solution.

I agree with you. They should focus on bug fix and feature release in software.

Murmaider · Mon Nov 21, 2016 7:31 pm

Just an interesting side note, I do BGP on MIkroTik every day and I can't say I've run into this very often, but I do a soft-refresh in and out every time I change the filter because MikroTik isn't the only one who has this issue. I've been burned by similar behavior on Cisco 6500, 7600, ASR and Nexus 7K when modifying ACLs/Route Maps for BGP peerings which is why I got into the habit years ago of soft refresh in/out every time I change the BGP filters.

Having said that, It should be able to handle a change without causing a bug.

Interesting you say that, I've always thought that it was just a regular formality to do a soft-refresh after any BGP config change.

StubArea51 · Mon Nov 21, 2016 9:29 pm

Just an interesting side note, I do BGP on MIkroTik every day and I can't say I've run into this very often, but I do a soft-refresh in and out every time I change the filter because MikroTik isn't the only one who has this issue. I've been burned by similar behavior on Cisco 6500, 7600, ASR and Nexus 7K when modifying ACLs/Route Maps for BGP peerings which is why I got into the habit years ago of soft refresh in/out every time I change the BGP filters.

Having said that, It should be able to handle a change without causing a bug.
Interesting you say that, I've always thought that it was just a regular formality to do a soft-refresh after any BGP config change.

If you do a lot of BGP in Cisco, you'll come across issues with filtering prefixes more often than you would think which is why a soft refresh has become a default practice for many network engineers.

Here is a recent example of a bgp filtering bug in Cisco, but there are plenty across all the platforms and versions of IOS they have developed throughout the years. All network vendors have bugs and issues - MikroTik doesn't have the market cornered on that.

https://quickview.cloudapps.cisco.com/q ... CSCts39535

alexjhart · Mon Nov 21, 2016 10:02 pm

While relevant, lets not get distracted too much from the larger theme with this routing filter issue

pe1chl · Mon Nov 21, 2016 10:24 pm

While relevant, lets not get distracted too much from the larger theme with this routing filter issue

I agree.
The route filter issue (inserted/moved filters are not always applied correctly) isn't fixed by refreshing, so it is not relevant to mention that.
The only way to fix the filters is to disable/enable them while they are at their final position and content.

maznu · Mon Nov 21, 2016 10:44 pm

While relevant, lets not get distracted too much from the larger theme with this routing filter issue
I agree.
The route filter issue...

I think Alex Hart meant we shouldn't get distracted from the larger theme: this thread is originally a discussion about whether we think RouterOS is moving forward fast enough, or if it might be left behind as competitors innovate quicker.

So far, it sounds like the jury is still out: lots of people who believe in and support MikroTik, and want them to succeed. But also quite a few people who have been caught out by "sharp edges" in some of the implementation details.

I have to say, I'm very pleased to look through the changelog for 6.38 release candidates and seeing some of the BGP issues starting to get sorted (e.g. the 0:0 community problem).

pe1chl · Mon Nov 21, 2016 11:30 pm

whether we think RouterOS is moving forward fast enough, or if it might be left behind as competitors innovate quicker.

So far, it sounds like the jury is still out: lots of people who believe in and support MikroTik, and want them to succeed. But also quite a few people who have been caught out by "sharp edges" in some of the implementation details.

To me, MikroTik RouterOS still has a lot more features than the OS of other routers in the same price category, and I think it is most
important that the existing features operate bug-free and that technologies like IPv6 are more completely supported.

There will always be people shouting booohooo MikroTik does not support X so I am going away to competitor Y!! Goodbye!
I think it is not reasonable to expect any manufacturer to support features that a competitor has and do it within the timeframe those
people usually want it (a week or so). Also I think a router should be a router and not some server platform and/or smart webfilter.

Unic · Tue Nov 22, 2016 12:29 am

hi,

i would like to add:

-no more than ONE connection from the same IP with L2TP/IPSec
-IKEV2 (its mention here that its in the new RC. That would be awesome)

EDIT: looks like 6.38rc24 is my new RouterOS 7. Just found this: http://forum.mikrotik.com/viewtopic.php ... 00#p566439. If this will come both problems are solved

syadnom · Tue Nov 22, 2016 5:39 am

I also have the bug where I have to disable/enable or move rules to make them work, or reboot the router.

I was all 'tik all the time for years. TONs of devices deployed. Not any more.

I feel like I've had to regress a bit as I'm building APU/PFSense boxes for some clients that don't want edgerouters, and I'm using edgerouters and usg

I do have some CCR and despite some of these issues, I can work around them and it's great for out small wISP. I also have a significant beta environment for ubnt's new gear and software and it's encroaching on the 'tiks strengths rapidly.

as far as tik at home, no way. I've abandon that long ago as I don't feel like 'tik is user friendly for the home, and the big gaps in features completely removes it as an option. I hate to say a netgear nighthawk is better....but it is.

StubArea51 · Tue Nov 22, 2016 6:20 pm

I think Alex Hart meant we shouldn't get distracted from the larger theme: this thread is originally a discussion about whether we think RouterOS is moving forward fast enough, or if it might be left behind as competitors innovate quicker.

Who do you see as competitors to MikroTik that are are currently beating them in innovation at the same price point?

syadnom · Tue Nov 22, 2016 6:22 pm

The obvious one.

maznu · Tue Nov 22, 2016 6:26 pm

Who do you see as competitors to MikroTik that are are currently beating them in innovation at the same price point?

Right now, I don't. I thought that I'd been clear in all my posts in this thread. I see that there are bugs, but I've had bugs on every platform I've ever used - just as you've said has been your experience with Cisco.

However, I've also said that I see a lot of strong competition: many WISPs I know have been deploying their "backbone" links on Ubiquiti (either moving from MikroTik or starting with Ubiquiti from day one). And I see the EdgeRouter platform as creeping in to the "high performance, low capital cost" router market that MikroTik has long held. Competition is healthy, and my worry had been that RouterOS v7 can't come soon enough. However, with some of the fixes we're starting to see in the 6.38 rc changelogs, many of the operational concerns of the routing platform of RouterOS are going to be addressed.

laniohma · Tue Nov 22, 2016 8:02 pm

I have even been asked to replace brand new Mikrotik wireless AC units with >3 year old 2.4Ghz UBNT wireless hardware because they like the way it performs better. (Capsman is only ok. Getting kicked off your AP to join another AP is archaic if your not used to it. It feels like a step backwards. Yall should really fix that. Don't say UBNT owns that because many multi radio systems are on the shelf now and you still can tell the capsman deployment from the rest because it sucks more)

This is the first year I have literally started having to look around. This is also the first year I chose to deploy alternative gear in order to ease a deployment and avoid performance issues with wireless.

10 years ago your gear was in black metal cases and it worked non-stop rock solid under most conditions. We used to brag about that.

Now its thin plastic and highly branded and some of it is worse than COTS equipment I can buy at my local store.

I already miss the old Mikrotik. (Prime example 493ah in metal case) I have for years. Now rather than being my first choice your one of a number of considerations and your features are behind and lacking when compared to COTS equipment.

Even Google is looking good for wireless right now. Mikrotik not so much. Yall have that hit & miss capsman thing and your wireless AC is only ok. (Only ok?)

Don't see many RMAs? Its because its not worth the few bucks I spent initially (even after 10+ failures) its especially not worth it for what I charge to install this gear.

You have gotten "cheap" too. Not cost effective cheap, but rather your hardware is cheap feeling, cheap looking & underperforming in many aspects. Wrong direction guys! Your current partnerships are making you look & feel like your competition.

Please fix yourself Mikrotik. Your starting to look and feel like TPLINK. Thats an insult because TPLink is plastic junk that doesn't work that well. Its hard to keep using Mikrotik when even my Mikrotik customers are noticing these issues ongoing.

Tue Nov 22, 2016 9:42 pm

Guys. I was telling those things years ago. And I still think the same like you, but remember that ebit to capital ratio is what an owner wants to be maximised every year. Making metal boxes thinner, replacing them by plastic and utilising all in one socs with ridiculous flash, removing wide range voltage regulators and other things are helping to meet such goals. Moving towards BFU market by dammed quickset and sell products on the same shelf like asuses, tendas and totolinks is helping it too. I believe that mikrotik makes much more money on 941 for 20 bucks than on all ccrs together during a year. We all can be pissed off, but the money matters. Mikrotik reached some reputation and is getting well known so they are trying to monetize it. You have to admit that isp business is not growing so fast comparing to BFU market. So that's it. And doesn't matter if you are going to buy few nanostations instead of sxt. Who cares? Home users are buying much more... You do not believe mikrotik anymore? Who cares? There is a heap of money that they are going to sell their reputation for. Their business. Their decision. Their future. Not ours.

StubArea51 · Tue Nov 22, 2016 10:47 pm

Guys. I was telling those things years ago. And I still think the same like you, but remember that ebit to capital ratio is what an owner wants to be maximised every year. Making metal boxes thinner, replacing them by plastic and utilising all in one socs with ridiculous flash, removing wide range voltage regulators and other things are helping to meet such goals. Moving towards BFU market by dammed quickset and sell products on the same shelf like asuses, tendas and totolinks is helping it too. I believe that mikrotik makes much more money on 941 for 20 bucks than on all ccrs together during a year. We all can be pissed off, but the money matters. Mikrotik reached some reputation and is getting well known so they are trying to monetize it. You have to admit that isp business is not growing so fast comparing to BFU market. So that's it. And doesn't matter if you are going to buy few nanostations instead of sxt. Who cares? Home users are buying much more... You do not believe mikrotik anymore? Who cares? There is a heap of money that they are going to sell their reputation for. Their business. Their decision. Their future. Not ours.

From a financial perspective, they are probably one of the hottest tech companies in the Baltic with over 121% growth up to 2014 and another 30% growth in 2015.

http://www.inc.com/profile/mikrotikls-sia

StubArea51 · Tue Nov 22, 2016 11:03 pm

The obvious one.

in the RF space, I'm assuming you mean Ubiquity, and while true in the North American and European markets, we see heavy MikroTik RF deployments in developing countries in Africa and South America. So there has to some regional adjustment when identifying competition because price is king in some markets whereas features and performance are key in others. Not everyone has the same use case either - WISP is only one use case for RF gear and not everyone needs GPS synch and more advanced RF features.

in the routing market, there really isn't any competition- the EdgeRouter shows promise but has years to go in features and stability.

in the switching market, they have a very strong proposition on features/performance for a 1U switch now that loop prevention protocols are coming out.

maznu · Tue Nov 22, 2016 11:07 pm

in the switching market, they have a very strong proposition on features/performance for a 1U switch now that loop prevention protocols are coming out.

I'm looking forward to an announcement of 10GE switches by MikroTik. The CCR1072 was a strong hint that this could happen.

Of course, the user interface in RouterOS for configuring the switch is a bit too much like "bare metal setup of the merchant silicon" for most people... but we're using them just fine.

project25 · Wed Nov 23, 2016 7:43 am

I have even been asked to replace brand new Mikrotik wireless AC units with >3 year old 2.4Ghz UBNT wireless hardware because they like the way it performs better. (Capsman is only ok. Getting kicked off your AP to join another AP is archaic if your not used to it. It feels like a step backwards. Yall should really fix that. Don't say UBNT owns that because many multi radio systems are on the shelf now and you still can tell the capsman deployment from the rest because it sucks more)

This is the first year I have literally started having to look around. This is also the first year I chose to deploy alternative gear in order to ease a deployment and avoid performance issues with wireless.

10 years ago your gear was in black metal cases and it worked non-stop rock solid under most conditions. We used to brag about that.

Now its thin plastic and highly branded and some of it is worse than COTS equipment I can buy at my local store.

I already miss the old Mikrotik. (Prime example 493ah in metal case) I have for years. Now rather than being my first choice your one of a number of considerations and your features are behind and lacking when compared to COTS equipment.

Even Google is looking good for wireless right now. Mikrotik not so much. Yall have that hit & miss capsman thing and your wireless AC is only ok. (Only ok?)

Don't see many RMAs? Its because its not worth the few bucks I spent initially (even after 10+ failures) its especially not worth it for what I charge to install this gear.

You have gotten "cheap" too. Not cost effective cheap, but rather your hardware is cheap feeling, cheap looking & underperforming in many aspects. Wrong direction guys! Your current partnerships are making you look & feel like your competition.

Please fix yourself Mikrotik. Your starting to look and feel like TPLINK. Thats an insult because TPLink is plastic junk that doesn't work that well. Its hard to keep using Mikrotik when even my Mikrotik customers are noticing these issues ongoing.

Though I rarely play on the enterprise wireless side, "broadband" wireless is my bread and butter. Over the years I've played with everything from Canopy to Aviat and back. Mikrotik to me was always a routing solution. Here recently I've noticed a lot of problems leading to frequent router replacements at sites. After the finial run of RB493's died The decision was made to migrate to the RB2011. Currently, most of the AP's are UBNT rockets. Usual problem is static discharges killing ports on the RB2011. Occasionally lightning takes out a router (unfortunately Ubiquiti is not great on providing grounding solutions for AP solutions. Average 2011 lasts about year and is retired when all of the ports are dead. 493's lasted 3+ years.

At one of my sites has a lot of stray RF from a piss-poor low power FM station install. Keeps knocking the Interface links down to 10M connections on the RB2011. As an experiment I recently purchased a few RB450G routers w/metal enclosures. Been trying to duplicate the problem with my service monitor by feeding RF right into the thing…can't. Same setup near my hAP AC lite (which is used for my home routing) and it starts freaking out. I'd definitely agree with your assessment of the legacy RouterBoard products being higher quality devices.

On a secondary note, I've never thought capsman would be great for an enterprise setup however, I think it could be a real tool for a PMP sectorized setup by offering a single control point.

Sent from my iPhone using Tapatalk

pe1chl · Wed Nov 23, 2016 10:57 am

At one of my sites has a lot of stray RF from a piss-poor low power FM station install.

I agree that this sometimes can be a problem, but I am not sure it can be blamed on MikroTik.
We use MikroTik routers in broadcast towers (kilowatts of transmit power) and in amateur radio repeaters
(e.g. in the close field of a 80W transmitter on 29 MHz) and indeed it causes ethernet problems in the latter
case but we fix those with ferrite clamps on the network cables.
(the gray plastic thingies with black ferrite cores inside that you sometimes find packed with equipment and
that most people discard because they don't know what they are for and don't bother to read manuals)

In cases like this you may often find that replacing some equipment with another type also appears to
cure it, but that does not really mean the other equipment is that much better designed. Similar for your
static discharge problem: you should just install your equipment correctly to solve this (earthing and
equipotential bonding) rather than rely on the ability of the equipment to absorb it.

savage · Wed Nov 23, 2016 4:23 pm

On a secondary note, I've never thought capsman would be great for an enterprise setup however, I think it could be a real tool for a PMP sectorized setup by offering a single control point.

Completely agree, including NV2 support for capsman. But MT pretty much already said no, not going to happen. Same with Virtual APs and NV2 (has been asked for, over, and over, and over, with VERY valid reasons).

Sometimes, I really just get the feeling that MT does not, or does not WANT to understand the WISP arena. Especially not when it comes to innovation and doing new things / doing things differently.

project25 · Wed Nov 23, 2016 4:41 pm

At one of my sites has a lot of stray RF from a piss-poor low power FM station install.
I agree that this sometimes can be a problem, but I am not sure it can be blamed on MikroTik.
We use MikroTik routers in broadcast towers (kilowatts of transmit power) and in amateur radio repeaters
(e.g. in the close field of a 80W transmitter on 29 MHz) and indeed it causes ethernet problems in the latter
case but we fix those with ferrite clamps on the network cables.
(the gray plastic thingies with black ferrite cores inside that you sometimes find packed with equipment and
that most people discard because they don't know what they are for and don't bother to read manuals)

In cases like this you may often find that replacing some equipment with another type also appears to
cure it, but that does not really mean the other equipment is that much better designed. Similar for your
static discharge problem: you should just install your equipment correctly to solve this (earthing and
equipotential bonding) rather than rely on the ability of the equipment to absorb it.

We actually tried it as well as using different stp cat5e runs (the corrugated stuff cambium likes to recommend hasn't helped much either). It also doesn't help this on top of a 40 year old 5 story building. Site grounding is next to non-existent. However, it hasn't caused any of the licensed links to go down so we can't really complain of much.

I agree that the static discharge issue is a grounding issue. Unfortunately, it's West Texas and it's just part of it when working with sites that pre-date R56 and no one wants to put forth the money to ground everything.

One site is a 30 year old broadcast tower (44 kW) so enhanced grounding is the best that can be done without completely overhauling the site. We do run surge suppressor son the cat5e with station grounding but seems like Ubiquiti forgot about providing grounding options for their rocket series radios as the ports on the RB2011 still die. Actually we didn't have a problem with that site until we put AP's on it. We removed that stations STL a few years ago when the FCC wanted everyone to recoordinate and migrated to Barix over a licensed 3.65 link. Actually did it with all of that broadcast company's STL's. Issues always seem to be with the APs.

Sent from my iPhone using Tapatalk

syadnom · Wed Nov 23, 2016 10:51 pm

Ubiquiti wireless outperforms Mikrotik wireless. It wasn't always the case, and there was a time that mikrotik's nv2 was better than airmax. Those times are passed. I've thoroughly tested both AC implementations and Ubiquiti's comes out as much better, with more stable latencies and stable links, and simply faster.

Mikrotik is a router platform as far as I'm concerned. Even at sites where I start with a routerboard w/ wifi, I end up turning it off and deploying Unifi APs.

I have some CCR's that are pretty great. There are flaws, but not show-stoppers.

As a warning to mikrotik though, ubiquiti's router hardware is encroaching VERY quickly. There was a time when Mikrotik was hands-down the best value in an MPLS, OSPF router, but now it's got competition.

syadnom · Mon Jun 19, 2017 5:49 am

just revisiting this. wondering where mikrotik is at on the 'next gen' v7. edgeos is very very quickly encroaching on the wisp routing market. Mikrotik had a very strong place in even cambium and ubiquiti networks but I'm seeing pretty rapid switchover these days. Many wisps are flocking to edgerouters. Mikrotik, what's the deal? Where's your fight?

Cha0s · Mon Jun 19, 2017 3:06 pm

I guess they don't care much.

It seems they are focusing more on SOHO by adding features like TR-069, or crippling features like multiple partitions by using 16MB flash chips, instead of finally releasing v7 and fixing all those problems that can't be solved on v6.

ajack46 · Thu Jun 22, 2017 3:17 pm

it is time they should bring in V7. High time.

SystemErrorMessage · Thu Jun 22, 2017 9:58 pm

i agree mikrotik is on the decline. Wheres the RB3011 with mini PCIe or wifi?
Lots bugs or limitations here and there. Its good to focus on the SOHO and home market but dont leave your existing customers in the dust. In the past the majority of mikrotik customers knew that there was no substitute for what mikrotik offers. In the home and SOHO market, things change quite a lot, now it seems attractive as more and more features that used to be enterprise only or only what you could do with openwrt or by installing your own linux server are getting implemented on home routers. However mikrotik is actually ill equipped to enter the home and SOHO market.

Just a few features i've been barking on about that mikrotik has been lacking
- DNScrypt (really needed everywhere actually)
- LACP on the switch chip.
- host based rules rather than IP based (so using domains, hosts, etc rather than having to use IPs in rule configurations and even general configurations). Home and SOHO actually prefer to use names, hosts and domains, not numbers or hex.
- software based additions that allow for some dynamics such as changing the routes that DNS requests use for example or allowing use of multiple WANs for DNS requests (or even multiple DNS server instances like with DHCP server to allow a per network configuration on a single device).
- ability to install some software (asus, openwrt, netgear are all capable of this). Netgear recently made it possible to install plex media server on their routers. On asus its possible to install the software you want by going in through ssh. This is the one advantage that ubiquiti routers have over mikrotik and a QoS algorithm too.

Very simple example, lets say i wanted to use pool.ntp.org as my NTP server to my mikrotik router, if i enter it in it gets converted into an IP or in some cases not allowed to be stored as a domain. On consumer routers you could enter a domain in your configuration (except for DNS ofcourse) and it will still accept it, the only difference is that once the domain expires in cache it is checked again.

So i think that mikrotik is taking the wrong path, or that they're taking a path and doing it wrong, missing out the essentials of it. Sure in the past consumer routers tend to be hopeless in stability, reliability and bugginess but now they're catching up on quality and features.

dhoulbrooke · Fri Jun 23, 2017 2:35 am

Very simple example, lets say i wanted to use pool.ntp.org as my NTP server to my mikrotik router, if i enter it in it gets converted into an IP or in some cases not allowed to be stored as a domain. On consumer routers you could enter a domain in your configuration (except for DNS ofcourse) and it will still accept it, the only difference is that once the domain expires in cache it is checked again.

The below works fine for me:

server-dns-names (Comma separated domain name list default: ) To set NTP server using its domain name. Domain name will be resolved each time NTP request is sent. Router has to have /ip dns configured.

pe1chl · Fri Jun 23, 2017 11:19 am

I think he just wanted to sum up some annoyances, was thinking about an example, then wrote about the pool.ntp.org
but forgot that in this particular case the problem does not exist becuase DNS names can be used there and are resolved
at usage time. There are some other places where that is true, e.g. for the destination of an L2TP tunnel.
But in many other places only fixed addresses can be used, and sometimes it is annoying.

It would be convenient when one could have some "hosts and networks table" where symbolic names can be assigned
to addresses and they can be used anywhere in the config. Not via DNS, because some of those configs simply are not
dynamic and cannot be made dynamic, but just for convenience when configuring.
There is the "address list" feature that can be used in the firewall, and I do use it for this purpose, but it is not
applicable everywhere. I can understand why that is: it is used as a lookup table for firewall matching only.
So it would be nice to have a feature that is more like a "/etc/hosts file" and the entries can be used everywhere, not
only in the firewall. It should also be possible to have subnets in there (not unlike /etc/networks but not as limited as that).
So a symbol can be set e.g. LANSUBNET = 192.168.88.0/24 and that can be used everywhere where you need that, e.g.
in the DHCP server, a possible IPSEC rule, maybe in the firewall, etc.

SystemErrorMessage · Thu Jun 29, 2017 8:51 am

there is another thread of this in general which did actually get mikrotik's response.

I would like to add for both threads that there seem to be many elitist/enterprise admins who dont know heads or tails about routers. Routers arent just pure routers theres a lot around them. For example you will find some enterprise network admins who would scold you if you had a torrent client feature on your router but truthfully, there are many features on routers that arent related to routing, for example you have the critical bit of DNS and NTP servers on routerOS and even GPS, which in a datacenter may all not be used in enterprise. Secondly mikrotik has an array of features such as scripting, API and so on, allowing for remote admin of the routerboard and for performing some complicated tasks, im sure enterprise users make use of this, even romon and dude as well, all features that have nothing to do with routing but are necessary to fit the role that users need from a router. Sure mikrotik has FTP, SFTP, SSH, TFTP and even winbox file transfers, none of which relate to routing but you can use them to update the router, put the needed files (like for use with hotspot for example) and so on. Even i make use of the tftp server on mikrotik.

So while the enterprise community may sound rigid, its very likely because they dont consider that a router has all these things to fit the requirements needed other than just doing routing. TFTP is particularly useful especially when the device thats handling DHCP for the main network is also doing it, as it makes it easy when booting via tftp using the main network such as to get internet access for updates on the target machine. Routers are computers too, so we shouldnt clamp down on mikrotik not to expand their features to things like cups and xsane for instance and in the future we may get more and more routing related stuff too so being too rigid on features just means that mikrotik could lack the necessary features in the future. Even cisco has an array of management features too on their routers.

Different features appeal to different customers, so if mikrotik could make them all without bugs that would still not make everyone happy as the elitist would come out and say that mikrotik should be a router only disregarding the fact that there are many non router related features that are already on mikrotik helping them do their job and making things easier.

pe1chl · Thu Jun 29, 2017 11:46 am

When what you really want is a Linux box, you are not at the correct place at MikroTik.
MikroTik have decided that Linux is used internally but externally they have their friendly interface which limits what you can do.
They keep some control over "security" (and probably also supportability) by not allowing access to the underlying Linux system, e.g. via a shell or by allowing installation of external software.
When you don't like that, go shopping somewhere where that is possible. I use bare Linux myself in some cases as well, but I like the MikroTik routers for many purposes.
Also, please don't think that what YOU consider important or essential, is valued by others as well. So for a company with many customers. telling them that "this feature is a must have for everything" is not going to automatically get it to the top of the list.

SystemErrorMessage · Thu Jun 29, 2017 3:14 pm

When what you really want is a Linux box, you are not at the correct place at MikroTik.
MikroTik have decided that Linux is used internally but externally they have their friendly interface which limits what you can do.
They keep some control over "security" (and probably also supportability) by not allowing access to the underlying Linux system, e.g. via a shell or by allowing installation of external software.
When you don't like that, go shopping somewhere where that is possible. I use bare Linux myself in some cases as well, but I like the MikroTik routers for many purposes.
Also, please don't think that what YOU consider important or essential, is valued by others as well. So for a company with many customers. telling them that "this feature is a must have for everything" is not going to automatically get it to the top of the list.

i know, but when i say important i mean you wouldnt be able to function without it. You dont need DNS for routing to work but you cant live without it either.

pe1chl · Thu Jun 29, 2017 5:03 pm

i know, but when i say important i mean you wouldnt be able to function without it. You dont need DNS for routing to work but you cant live without it either.

But my network functions well with the DNS provided by MikroTik and without the DNScrypt that you consider essential.
So apparently you have a different idea about "essential" than others.

docmarius · Thu Jun 29, 2017 5:09 pm

i know, but when i say important i mean you wouldnt be able to function without it. You dont need DNS for routing to work but you cant live without it either.

You can't live without it on your network, but you certainly can live without it on your router. And this is an important distinction, meaning that the needed network service can be provided by a third party, with better performances than using your router. Having everything crammed in one device is a compromise which we choose, usually from a cost perspective.
E.g. in my network I have a Linux machine running a full fledged DNS, while the router only forwards requests and acts as a minimal backup for the internal network.

SystemErrorMessage · Thu Jun 29, 2017 7:49 pm

i know, but when i say important i mean you wouldnt be able to function without it. You dont need DNS for routing to work but you cant live without it either.
You can't live without it on your network, but you certainly can live without it on your router. And this is an important distinction, meaning that the needed network service can be provided by a third party, with better performances than using your router. Having everything crammed in one device is a compromise which we choose, usually from a cost perspective.
E.g. in my network I have a Linux machine running a full fledged DNS, while the router only forwards requests and acts as a minimal backup for the internal network.

i doubt consumers would have that option to run mikrotik alongside a PC running linux.

docmarius · Fri Jun 30, 2017 1:40 am

i doubt consumers would have that option to run mikrotik alongside a PC running linux.

That's true, but on the other hand, I doubt consumers need all those full services. They actually need minimal but sufficient service support for regular tasks. Advanced services are out of the "consumer" scope.

Let's take again DNS as an example: IMHO a consumer device does not support/need zones and zone transfers, dnscrypt and other advanced features. It is the ISPs responsibility to provide an DNS service for their customers so that their consumer devices should work fully and transparent, while keeping end user costs down. On the other end of the spectrum, if a user really needs those features, he transcends the consumer condition and he could also run a full size Linux server to fulfill his needs of additional advanced services (and this could be, in our example, as low as a puny $15 NanoPi running bind).

Of course, having a complete support in the router would be nice, but is not not mandatory

Sob · Fri Jun 30, 2017 2:28 am

DNS is nice example where it's not that clear.

Imagine a simple home user who just needs to escape censorship that ISP is forced to do by some "enlightened" government (it looks like it's going to be increasingly popular need in the future). Fiddling with DNS is very popular method how to censor stuff, it's cheap and relatively effective against regular users. DNSCrypt can help with overcoming that. But keeping extra machine as DNS server is overkill and configuring it separately on each device connected to network is not practical either (too much work, or not even possible with many devices). How much happy would this user be, if router could handle it...

Or a small office that needs to connect to main office and needs to access internal servers. There's a local domain in use and they have to use its DNS servers to resolve internal hostnames. But that's just tiny fraction of their connectivity needs, so they don't want to fully depend on remote main office. A per-domain forwarding is the perfect answer, it would allow them to use main office's resolvers only for ourcompany.lan hostnames and they would be happy. But they have the same problem as home user had. Should they build a Linux server? For a tiny office that so far lived happily with one hAP lite and two notebooks? Again, the router is the right place for it.

SystemErrorMessage · Fri Jun 30, 2017 4:50 am

There are also other things as well.
If you look at whats in the consumer market, you'll find many gaming routers that have various features too, some related to routing directly (like QoS profiles for example). Having a site that can provide profiles for use with mikrotik can be very helpful too. I've seen various mikrotik tutorials for various things but not something easy to implement. Using hq codel algorithm for QoS could help simplify setting up an effective QoS for the user even if it is more CPU intensive.
Consumers have various categories.

You have the basic home user, who has no clue about networking. Just uses what the ISP provides or buys a cheap consumer router.

You have the more advanced home user who has some clue about networking and more advanced needs, like vlans which many consumer routers dont provide for LAN and even non routing related features like DNS and other things. These guys will use mikrotik but not if mikrotik doesnt have the basic features that even basic consumer routers include that arent related to routing.

Lastly you have the power user who goes for the highest end hardware and features, currently they wont consider mikrotik (they consider netduma though) due to the features and UI. Mikrotik has performance hardware but not the features and UI that attracts these and these guys will usually pay more. Theres really no reason why you cant buy a RB9xx with mini PCIe and make a monster of a wifi AP for bragging rights but no one in this class knows about being able to have more radios for less than the price of those triband consumer routers. Mikrotik really could do well here if it would combine the various versatile features their different routerboards give and for much less. You can find routers with decent hardware, mini PCIe and all the bells and whistles of a regular PC (like the intel atom based ones for example) and do it for much less than those kickstarter routers are charging but features also need to be added too.

Then you also have to consider trends. DNScrypt is getting popular due increase in internet filters and ISP spying for monetary purposes. Many VPN providers dont support mikrotik for non PPTP connections (its a big deal because consumers will want the latest, that means UDP openVPN compared to businesses that prefer to use L2TP/IPSEC). However even i cant make heads or tails of configuring other VPN types on mikrotik other than pptp. More and more consumer routers are including features that are developed by others, like netgear having hardware encoding and plex media server for use with a usb drive or even NAS. Perhaps mikrotik could allow other companies to develop software for use with mikrotik routerOS but only runs with lower priority than mikrotik's own packages. This way mikrotik could focus on making a good product and all the other not so important features can be made by others and downloaded when needed. Perhaps permission sets could be used like with recent android OSes where the required access is shown and the user can select which parts can be accessed by each individual software. Soon in many markets, features like DNScrypt could be the deciding factor into choosing a router with more internet being filtered and more unfair ISP spying and selling of information.

Sob · Fri Jun 30, 2017 6:16 am

I can't say that we're exactly on the same wave here, but don't understand it in a wrong way.

More features, definitely yes. The more, the better. Even such ones that will make some "hardcore enterprisers" weep.

Just kidding, nothing against them, all "crazy" stuff can be completely optional. But for me, I'd still like MikroTik to stick with those more network-related features. Things like media server are over the top for me.

On the other hand, if MikroTik decided to expand, multiply number of developers and let some work on these things, then why not. Create different optional packages, or even create new special RouterOS branch, or whole new different OS, ... But that's a little too far from current state of things.

Similar with different or "better" UI. I for one I'm very satisfied with current UI and options it offers. I like the "total control" approach (well, within the limits set by MikroTik), but still with friendly interface (by my standards). I understand that many users could be pleased if there was something easier, filled with "one-click wonders". But I just can't imagine, how these two approaches could go together. One example of simpler interface is existing QuickSet. It's probably far from what you meant, but I think it can be taken as first step. And you can already see that it's one or the other, you can't just fiddle with any advanced stuff you want and expect QuickSet to be able to deal with it. So expanding in this direction would probably also require some independent OS branch.

SystemErrorMessage · Fri Jun 30, 2017 6:37 am

i like the current UI too using winbox, but if mikrotik ever decided to sell to the high end consumers, they'd need a look that appeals. You dont need one click wonders, just pretty looking visual elements and presets that can be applied. Mikrotik themselves dont need to make the presets but it should be made easy for people to find and use them. What i mean is just downloading and applying scripts online for configuration, this is for ISPs that use more things, like google fiber for example or even QoS configs that could be applied as well. There isnt an easy to find online repository so if the wiki had links to professional sits with such scripts that could make things easier.

The enterprise tend to forget that they do use quite a lot of non router related features such as management, API and scripting. Consumers and small businesses however cant set aside a seperate machine and many businesses fall into the trap of using those horrible vpn routers like the cisco rv for example. That platform is severely underpowered, buggy and lacking vpn features that consumer routers come with now for many models.

Mikrotik routers are very capable but it requires an expert to make full use of it. If mikrotik home users had a security preset that could be applied, not just for their WAN interface but even LAN too to defend against attacks like droidsheep or session hijacking or even the pineapple hak for example, so far consumer routers still cant defend against this decades old attack. I've seen old cisco tutorials that actually uses mikrotik as some sort of database device to compliment their own managed switches for layer 2 security.

neutronlaser · Fri Feb 01, 2019 8:42 pm

I doubt a home user would even get a Mikrotik set up

mada3k · Sat Feb 02, 2019 12:22 pm

I'm also curios (and somewhat worried) where Mikrotik is going nowadays.

Trying to compete in the "TR-069 segment" is pointless. Big ISPs only make deals with cheap OEM's like Huawei/Compal/Technicolor where they can control everything.
Ubiquti is very strong in "Prosumer" WiFi & WISP solutions.
Many willing-paying customers chooses a typical "Gamer-router" (e.g Netgear Nighthawk, D-Link Ultra) because the looks promises speed. The software sucks but they never worry about it.
Many SOHO-users don't care about software features - it' should just be plug and play and provide Internet.
Mikrotik isn't that great on switching to be honest. VLAN is quite odd (in perspective to Cisco) and to many industry-standard features is missing (port security, 802.1x, etc.)
If I need a low-cost very-high-performance IPv4/IPv6 router/firewall in a datacenter, I choose a Linux/BSD box with BIRD or VyOS and some 10G interfaces.

Mikrotik has excellent features (a part for some oddly missing) and great CLI. Mikrotik is unique to offer enterprise features to small fanless DC-fed equipment. For many small-ISP/WISP the alternatives is Cisco/Juniper/xxxxx with hefty licensing fees and expensive mandatory support-contracts.

Mikrotik should focus on

Maintaining their enterprise-features.
Sensible models for small-ISP/WISP with features as redundant AC or DC and mixture of SFP/Copper combinations (CCR, RB1100, hEX)
Beef up on security out of the box, because the rumour isn't that nice today. Make SSH-tunnel mandatory for Winbox/DUDE (I don't use them personally)

pe1chl · Sat Feb 02, 2019 1:44 pm

SSH-tunnel by itself doesn't bring much. What you need is a separate network for management with proper authentication of the admin.
There would be an opportunity to offer this through IPcloud (some VPN with 2-factor authentication) but apparently it is not considered to do this.
(for now it is only used as a DynDNS service and for backup storage)

mada3k · Tue Feb 05, 2019 10:27 am

It will at least give some additional protection for the winbox-protocol (that some does over the Internet) that has been exploited several times.

pe1chl · Tue Feb 05, 2019 11:44 am

It will at least give some additional protection for the winbox-protocol (that some does over the Internet) that has been exploited several times.

But it introduces vulnerability of the SSH-protocol into the mix. So is that good?

Who is online