[HN Gopher] MikroTik RouterOS v7 stable released
___________________________________________________________________
MikroTik RouterOS v7 stable released
Author : opieters
Score : 149 points
Date : 2021-12-07 15:46 UTC (7 hours ago)
(HTM) web link (mikrotik.com)
(TXT) w3m dump (mikrotik.com)
| second--shift wrote:
| Yes! been waiting for this for years. Big Mikrotik fan, recommend
| them for nearly all applications.
| ericcholis wrote:
| Does MikroTik live in the same prosumer space that made ubiquiti
| products so popular early on?
| systemvoltage wrote:
| I just bought a bunch of Ubiquiti equipment (UDM Pro + 10G
| Switch Aggregate + U6-LR AP) and I've been super happy with it.
| Putting sexy UI aside, the performance is outstanding and rock
| solid.
|
| Unifi really does unify the entire ecosystem, it's basically
| the Apple of network gear down the quality of packging. I love
| it.
|
| I heard good things about Mikrotik but their product line feels
| scattered and unorganized.
| nullwarp wrote:
| I've always found the Ubiquiti interface flashy but
| borderline unusable. Things are scattered everywhere to the
| point you need 26 clicks to get to anything and they keep
| moving things around (especially their awful cloud UI for the
| UDM)
| systemvoltage wrote:
| Totally agree, I am not a fan of deeply hierarchical UI.
| detaro wrote:
| On the nerdier side of that. More exotic features, lot less
| nice UI, lots of (cheap) lower-performance options and
| sometimes obscure product variations.
|
| I.e. among people where I know what kind of stuff they have,
| anybody vaguely technical might have an Ubiquiti AP for their
| WiFi, whereas the people that love to tinker with networking
| stuff have some mikrotik device somewhere to play with.
| dcow wrote:
| I landed on MikroTik for a recent build because you simply
| can't get Ubiquity right now. And I'm glad I did, what a
| great product. Checkout their newest RB5000 and CCR2000
| series. Very powerful arm cores with sfp+ options at an
| incredibly reasonable price.
| brightball wrote:
| This is also my experience. Best technical person I know
| recommended it.
| gnfargbl wrote:
| Yes, but possibly with more ambition to be a budget alternative
| to Cisco and Juniper. Looking at the presentations under
| https://mum.mikrotik.com/, it seems there are quite a few ISPs
| running on MikroTik kit, especially in less-developed parts of
| the world.
| iso1210 wrote:
| A big complaint about routeros6 is the time it takes for a
| full BGP table to converge - especially on the top-of-range
| cloud core routers.
|
| I don't deal much with IXPs, but I did hear somewhere that
| there were a shockingly high number of mikrotik peers at one
| exchange point (10%+)
| iso1210 wrote:
| Lots of changes in v7 around routing, but this seems like a
| reasonable time to start work on it.
|
| Still seems to be missing certain features - like showing what
| routes you're advertising to a BGP peer, so certainly not ready
| for use. Of course the way that routeros is developed, it relies
| on users to do the testing and debugging.
| halz wrote:
| Tread softly, there are some reports1 that things like PIM/RIP
| are not working/not implemented.
|
| 1https://forum.mikrotik.com/viewtopic.php?t=180896
| iso1210 wrote:
| Massively disappointing, if that's the general direction I'll
| need to redouble efforts to move to fortigate.
| nullify88 wrote:
| Really happy with the CRS-305 and its value for money.
|
| Release candidates for 7.1 had container support which opens
| worlds of possibilities for the switch. But unfortunately was
| removed for the final version pending updates.
|
| Edit: Container support was introduced in rc3 and removed in rc5.
| vorpalhex wrote:
| Exciting! This should include native wireguard support..
| dcow wrote:
| Yep! I've been using the beta and it's awesome. What other
| vendors include native WG support? Historically the concept of
| a performant VPN router pushed you into the realm of enterprise
| level expensive hardware. Now you can do it on cheap arm cores.
| It's game changing.
| oriettaxx wrote:
| Yes, exactly!!
|
| Wireguard is a must for us now! I've been using professionally
| on MikroTik, too, almost everything worked as expected!
|
| (only some issue with being able to export settings... I hope
| it's solved now)
| Hamuko wrote:
| I used to want Wireguard on my router. It was in fact one of
| the reasons why I went with an EdgeRouter X.
|
| Then one day, when I was away from home and actually needed the
| VPN, it absolutely melted. Basically everything on the router
| stopped working, and I suspect it was Wireguard since the
| router went haywire when I was actually using it extensively.
| Needed a hard power cycle, which I couldn't actually do.
|
| These days I just leave my router to do its basic duties and
| have a Raspberry Pi dedicated to nothing but Wireguard. Haven't
| had issues since. The Pi 2 Model B also performs better for
| Wireguard and I imagine that the Pi 4 could saturate my 100
| Mb/s upload.
| liuliu wrote:
| I sort of only want WG support in EdgeRouter as WG client
| such that my homes in different geographical locations can
| share the same network transparently. Is that still a good
| use?
| techietim wrote:
| I have been using the Wireguard support in the beta release for
| most of this past year. Having a persistent connection from my
| Android phone and my wife's iPhone was simple with the built-in
| Mikrotik DDNS service. It makes checking on things like
| security cameras nice if you do not want to use a cloud
| service.
| blibble wrote:
| hopefully it's better than their IPSec support
|
| I love my mikrotik devices, but they can be a bit iffy around
| the edges
|
| (e.g. if my pppoe connection reconnects the ipsec stops working
| until the interface is bounced)
| beebeepka wrote:
| I've been thinking about going with Mikrotik at least twice but
| never pulled the trigger because I am sort of a chicken shit.
|
| Is it easy for a noob to setup things like port forwarding and
| vlans on a router/ap box?
| 28304283409234 wrote:
| I would suggest looking at their wiki and screenshots or
| youtube of their UI.
|
| I've managed cisco amd juniper routers. And I can't make heads
| nor tails of it.
|
| As soon as you wonder off the default track, you're expected to
| understand deep level networking terminology abstracted in a UI
| tailored for experts.
| dcow wrote:
| To setup port forwarding you have to understand how to
| configure the firewall, yes. This is both a drawback for
| simple use cases but a boon for more advanced ones. It cuts
| both ways. Personally I think it's rather unfair to call the
| UI unintelligible. If you don't like it just ssh to it and
| configure it that way. Everything you can do is packaged up
| in a nice command structure.
| james_in_the_uk wrote:
| It depends on your expectations of "easy".
|
| When compared to consumer router devices, then no.
|
| When compared to configuring enterprise networking kit using
| the CLI ... well ... perhaps. Mikrotik does have some short
| cuts / UI features. But if you want to do anything vaguely
| complex, you're going to need to put some serious time into
| getting your head around the way the system processes packets.
|
| If getting to grips with how packets flow through different
| subsystems in your router doesn't really appeal (check out
| https://wiki.mikrotik.com/wiki/Manual:Packet_Flow) then there
| are better, simpler options which are still powerful.
| blibble wrote:
| it's basically a (somewhat) pretty gui around iptables and
| /etc/network/interfaces
|
| everything more or less maps directly onto raw Linux
| functionality
| core-utility wrote:
| As someone with moderate networking experience in a Cisco
| environment, and having set up Ubiquiti products and a pfsense
| router, MikroTik tops the cake for worst learning curve. I
| wasn't even trying to use it as a router, I just wanted a basic
| L2/L3 switch with some VLANs. It's set up now and I'm happy
| with it, but prepare for lots of trial, error, and head
| scratching.
| mindslight wrote:
| I've got a few Mikrotik devices (CRS328, CSS326). Maybe I just
| haven't gotten it, but I find their RouterOS WebUI extremely
| confusing. Like go into three separate top-level tabs to assign
| a VLAN to a port. The CLI is okay, once you get stuff working
| and just need to duplicate/modify lines.
|
| Mikrotik's SwOS is alright and has most of the options you'd
| expect from a switch, but is missing the ability to have a
| human readable text config. I've got a Netgear switch as well,
| and I'd label its obtuseness on par with RouterOS. At the end
| of the day it seems every network vendor has their own bespoke
| proprietary UI that you have to suffer through.
|
| In general I'm much more at home with Linux's iproute2/bridge-
| utils/nft. What I really want is some low power switches that
| can run OpenFlow or the like so I can centralize all the config
| back to my Linux router. On a home network, most devices
| shouldn't be talking directly among themselves anyway!
|
| Another thing I really want is for network switches to have an
| RGB LED on each port that can indicate what VLAN it's
| configured for.
| minimaul wrote:
| I find that Winbox is much more usable than the WebUI - it
| runs well under wine (and even on m1, you can run it under
| wine64 under rosetta).
| iso1210 wrote:
| Yes, mikrotiks separate bridges, vlans, interfaces.
|
| If you want to set ether 3, 4 and 5 to untagged vlan called
| "Alf" with ID 11, ether 6 to untablled vlan "Bob" (id 12),
| and ether 7 and 8 to a trunk of both Alf and Bob, you can do
|
| 1) Create a bridge for Alf, and a bridge for Bob
|
| 2) Assign IPs for them (assuming your mikrotik is the
| router), and maybe dhcp pools, server etc
|
| 3) add ether3, 4 and 5 as bridge ports for Alf, and ether6
| for Bob
|
| 4) Create a vlan interface on ether7 for Alf with vlanid=11,
| add to bridge Alf
|
| 5) Create a vlan interface on ether8 for Alf with vlanid=11,
| add to bridge Alf
|
| 6) Create a vlan interface on ether7 for Bob with vlanid=21,
| add to bridge Bob
|
| 7) Create a vlan interface on ether8 for Bob with vlanid=21,
| add to bridge Bob
|
| But the killer is there are two different recommended ways to
| do it depending on the hardware.
| mindslight wrote:
| I haven't looked at my config in a while. It appears I've
| got a single bridge, and ports get added to it with their
| VLAN tags (for ingress, I believe) -
| /interface bridge port add bridge=_bridge
| interface=sfp-sfpplus1 add bridge=_bridge frame-
| types=admit-only-untagged-and-priority-tagged ingress-
| filtering=yes interface=sfp2 pvid=10
|
| But then I also have to define the VLAN ID for the bridge
| (for egress, I believe) - /interface
| bridge vlan add bridge=_bridge tagged=sfp-
| sfpplus1,_bridge, untagged=sfp2 vlan-ids=10
|
| The device is a CRS328-4C-20S-4S+RM. It seems like I am
| using the other recommended way. Which would make sense
| because I'm not really using the "router" part of the
| software, but rather configuring the built in switch chip
| to do its thing.
|
| Looking at the text config now it seems quite sensible, and
| isn't far from SwOS, Linux CLI, or switch chip datasheets.
| But I remember getting to that point in the WebUI being
| somewhat confusing, perhaps due to the alternative in-CPU
| way you described.
| tguvot wrote:
| you just need to remember that in case you make bridges:
|
| - you need to enable hardware offloading for it
|
| - different models have different limits on number of
| hardware offloaded bridges
|
| - if it's not hardware offloaded, you run all traffic
| through cpu and kill throughput
| iso1210 wrote:
| I tend to work with CCRs, so no hardware offloading -
| everything runs through the CPU (and normal throughput
| isn't an issue)
| sandGorgon wrote:
| yes. but more importantly, they are extremely popular - big
| ecosystem of freelancers.
|
| you can go on fiverr and upwork and get someone to remotely
| configure/manage it for you.
| trulyme wrote:
| Curious, would you trust someone to do that? For me when it
| comes to network, my paranoia level is sky high. I would
| definitely not allow some random person to configure my
| network...
| sandGorgon wrote:
| It's no different than devops.
|
| I'm not quite sure what you mean here. Everyone from banks
| to small shops use IT configuration services.
|
| Most people will supply you a resume, contact details and
| sign a NDA. That's quite good enough.
| tguvot wrote:
| worked for me. one suggestion though, get a serial cable, so in
| case you creative some too creative vlan config that will lock
| you out, you could fix it without having to reset entire box
| Sebb767 wrote:
| Alternatively, make a backup before screwing with the VLAN.
| Then resetting the box is not as much of a set-back.
| tguvot wrote:
| this is too. i guess ultimate solution is mix of backup and
| serial<>bt or serial<>wifi dongle. this is in case you
| gonna mess configuration frequently
| grenoire wrote:
| Yeah, got hAP ac^2 and it's literally plug and play. Port
| forwarding etc. are all really easy.
| minimaul wrote:
| Their firewall is essentially iptables. If you can work
| iptables, you can work the routeros firewall.
| Moeancurly wrote:
| I've been using a MikroTik router at home for 6+ years; I would
| say that RouterOS is absolutely NOT "easy for a noob". It's on
| the prosumer side of things, but you need to be willing to sink
| your teeth into some fairly gritty network configuration
| workflows.
|
| Anyone posting on HN will likely be able to figure out the
| basics, but it is definitely much less polished than other
| prosumer products such as Ubiquiti and the documentation can be
| a little rough around the edges.
| Toutouxc wrote:
| Both the GUI and their CLI are among the most unintuitive
| systems I've ever seen. I definitely spent more than one
| evening trying to configure my Mikrotik from scratch as a
| typical home router + switch + AP. I'm no networking guru, I
| only did some Cisco stuff a few years ago at uni, but I didn't
| understand 80 % of the terms used in their OS.
| izacus wrote:
| Nope, it's really not for noobs. Basics things you can get via
| click on other SoHo routers like sane default firewall
| configuration, NAT loopback or simple VPN setup do not exist
| here. Setting up a Mikrotik is more akin to setting up a DSL
| connection on 1992 Linux - it's all "technically" available in
| the UI, but the UI is just a clickable version of all the CLI
| complexity and you need to know network terminology to get to
| capability of a default SoHo router configuration.
|
| Having said that - if you know network setup very well, then
| Mikrotiks are very powerful and allow for network setups that
| are much more flexible than consumer equipment.
| groone wrote:
| But once you know that you need a NAT loopback, you can
| quickly follow instructions on internet to create that rule.
| thequux wrote:
| Most of their devices come out of the box in a sensible
| configuration for a home router, and port forwarding/vlans are
| very straightforward to set up. If you're really worried, you
| can run the cloud-hosted router software in a VM to play around
| with it and find out if it will meet your needs.
| vladgur wrote:
| So what is a good mesh wifi system that would allow me to put all
| my IoT things on a separate VLAN? Dream Machine is not a mesh
| system...the only alternative that I could find by googling was
| Orbi Pro
| izacus wrote:
| What do you mean by "dream machine is not a mesh system"? UniFi
| APs can use wireless backhaul and mesh as well. What exactly do
| you need?
| bigyellow wrote:
| Sincere question: why would someone trust a closed source OS for
| their router?
| core-utility wrote:
| Any ISP-provided gateway will be closed source. Cisco products
| are closed source. Netgear products are closed source. TP-Link
| products are closed source. Aruba products are closed source.
|
| To my knowledge, the only viable open-source project is that
| one Linksys router/AP combo, and that doesn't necessarily fit
| the features someone might be looking for.
|
| While it's nice to think everything could be open source, in
| the hardware/firmware world it's just not common.
| _joel wrote:
| I've flashed a number of devices with OpenWRT, for a number
| of vendors.
| Arnt wrote:
| I tracerouted to a host across the world now and poked at the
| routers along the path. All of the routers whose vendor or OS I
| can identify use closed source. So whatever the answers to
| "why?" may be, it's a common thing to trust.
| wmf wrote:
| Because open source hasn't caught up.
| _joel wrote:
| OpenWRT is outstanding (for my needs) on Microtik hardware,
| not sure what you mean?
| wmf wrote:
| OpenWRT doesn't run on higher-end routers.
| _joel wrote:
| It can run on bare metal x86, surely you could get enough
| grunt. Do you still need ASICs for packet mangling?
| wmf wrote:
| x86 router: 1 Tbps for $30K
|
| ASIC router: 10 Tbps for $10K
|
| And the efficiency also scales down; ASICs should be
| faster for any budget above $2K.
| [deleted]
| q3k wrote:
| For your needs.
| MikusR wrote:
| Do you perform a full audit of your open source rooter?
| new_realist wrote:
| As soon as your router hands off packets to your ISP, packet
| handling is either closed source software, or closed source
| hardware, anyway. Even if your gateway is open source, the
| chips it uses are not.
| mmastrac wrote:
| Does anyone know what the scripting support looks like in v7?
| Scripts have always been a bit awkward on RouterOS (I spend ages
| perfecting one that turned DHCP reservations into dynamic DNS
| entries). I'm hoping they have worked on this a bit.
| ok_dad wrote:
| So, what's the best wifi gateway with extra access points for a
| home that I don't have to screw with and doesn't spy on me or
| have cloud crap? My ISP sent a Google wifi thing but I'd rather
| pay a few hundred than use that for 10 bucks a month to rent that
| thing, and I don't trust Google.
|
| Edit: Thanks for all the answers, from me and anyone else who was
| looking! I have some good ideas from the below comments and
| hopefully this thread helps some others as well.
| dprice1 wrote:
| I used to work on a product for secure small-biz Wifi, and so
| dogfooded my own product in my house. When that was over and I
| took that out of my house, I had my eyes on Ubiquiti, and it is
| an impressive ecosystem. But as others have said, it's out of
| stock all the time, and Ubiqiti are teasing people right now
| with their next-gen product which is available but also
| unobtainable.
|
| Eventually I picked the Asus ZenWifi system, and honestly it
| works great (I have no affiliation with Asus). There's no cloud
| account to create when you install it. The app is acceptable.
| There are various security things you can turn on which seem to
| require cloud assistance, but the core product seems to work
| very nicely. Any time you try to turn on something which might
| cause the system to share extra data, a popup appears to
| explain that to you.
|
| It's so powerful, Wifi-wise, that I bought three nodes and only
| deployed two. I use it with Ethernet backhaul but it has a
| dedicated radio for wireless backhaul. It has ethernet LAN
| ports on each node, and each node is identical to every other
| node (i.e. there is no "base" and "satellite"). I went from
| spotty Wifi throughout my 2,000 sq ft house to very strong Wifi
| throughout. I wrung my hands for a long time because I gave up
| VLANs and some other things I wanted, and then said the heck
| with it.
| ok_dad wrote:
| This sounds like a good plan for me, thanks for the
| information, I will put this on my list of things to research
| more.
| dont__panic wrote:
| I'm not sure I would call Ubiquiti "impressive" after their
| recent bout of security breaches:
| https://krebsonsecurity.com/2021/03/whistleblower-
| ubiquiti-b...
|
| Not exactly what I want to see in the device that can
| literally compromise all of my other devices. Am I missing
| something -- did this turn out to be nothing, or did folks
| decide that Ubiquiti has bounced back? This seemed really
| really serious at the time and turned me completely off from
| ever purchasing one of their products.
| ksec wrote:
| And that breach was from an insider?
|
| https://krebsonsecurity.com/2021/12/ubiquiti-developer-
| charg...
| dangoor wrote:
| As noted in the update to the article, Ubiquiti was a
| victim of an extortion attempt from an employee. This is a
| pretty difficult attack to prevent.
| dont__panic wrote:
| Ah, that's a fair point. I guess at some level a
| sufficiently privileged employee can manage this in
| almost _any_ system. But there 's also some discussion of
| backdoors and inadequate access control in Ubiquiti's
| backend here that could concern privacy-minded folk.
| raesene9 wrote:
| this is true but if the details in this post
| https://news.ycombinator.com/item?id=29456593 and others
| in that thread are to be believed, they have some serious
| security problems.
| InTheArena wrote:
| Turns out this story was planted by the perp to tank the
| stock after Unifi refused to give in to his "anonymous"
| ransom demand.
|
| Not great - but more classic insider attack, then security
| breach.
| formerly_proven wrote:
| Ubiquiti seems to have turned into a complete shit-show in
| the last five years.
| donmcronald wrote:
| Subscriptions are coming I bet. The whole ui.com account
| thing where they force you to create an account and link
| new devices like the UDM Pro are the writing on the wall
| IMO. They back-peddled on adding it to the v2 firmware of
| Cloud Key's IIRC, but the end game is likely to get
| everyone paying per device per month.
|
| The last time they had a pay per device per month service
| it started at $1/device/month and then they bumped it to
| $10/device/month. Somehow they thought the one time cost of
| a device should become an annual cost and that people would
| adopt it. Obviously that flopped.
|
| Now think of the same scenario, but everyone's gotten
| complacent and are getting dependent on their devices that
| are linked back to ui.com. They might not blatantly flip
| the switch, but now that they have a hook for licensing
| checks they can start shifting development so new features
| are licensed for a monthly fee rather than getting them
| free forever when you buy a device.
|
| IMO as soon as the all-in-one devices that perform
| management (ex: UDM Pro) while being linked to a ui.com
| account get enough adoption they'll shift to some kind of
| feature licensing or simply release new devices / revisions
| that require "cloud licensing" or something similar.
|
| They're also very flippant when it comes to breaking
| devices in a way that prevents a connection to the
| controller. They think SSHing into broken devices to fix
| them is reasonable and it's not if you have to deal with
| many sites / devices.
| nullwarp wrote:
| Yeah easily the most annoying hardware we have to manage to
| the point where we will no longer use it.
| InTheArena wrote:
| Its gotten much much better over the last six months or
| so. The transition to generic linux for their router line
| was rough, but the worst seems to be over.
| dhess wrote:
| I've heard good things about TP-Link's Omada EAP series. Did
| you happen to look into that platform?
| InTheArena wrote:
| I tried it when Unifi was in bad straits last year. It's a
| poor copy of the Ubiquti interface. They copied the worst
| aspects of that UX.
| depingus wrote:
| One of the nice things about the Omada AP's is that it
| can run (and be configured) in standalone mode without
| the need of a controller. I bought one to replace the
| single Ubiquiti I had and its been solid; better even!
| ksec wrote:
| >and Ubiqiti are teasing people right now with their next-gen
| product which is available but also unobtainable.
|
| Any links or reference. Cant find anything with a quick
| Google Search.
| InTheArena wrote:
| Unifi Dream Router. You must create a account on
| store.ui.com, then enable pre-release hardware in the menu
| options.
| ksec wrote:
| Thx, it is the same UDR with Wifi 6.
| InTheArena wrote:
| There is also the classic UDM. Also purchaseable on
| store.ui.com. For people who want a prosumer alternative to
| the crappy routers that telcos/cables give, this is a great
| option. Highly recommend, but it also a gateway drug.
| gorkish wrote:
| Unfortunately the UDR which replaces the UDM costs a mere
| $79 and delivers more functionality including Wifi 6. UDM
| is kind of a poison pill at the moment.
| duffyjp wrote:
| I went from AirPort Extreme -> Google Wifi -> Asus RT-AX86U.
| They all have their pros and cons but the Asus is immensely
| more powerful. I love that it can mount a large USB drive as
| Time Machine, and the wireless is so fast it's actually
| usable. When there's a 2.5G WAN port you know they mean
| business.
| tw04 wrote:
| Synology has been far and away the best I've deployed for
| "friends and family". I've not received a single phone call for
| support and it's the first wifi product I can say that about.
|
| They also are introducing full VLAN support in DSM 1.3 which
| should be out soon if you're a power user. Honestly if they
| supported PoE for their extenders I probably would have
| switched out to it. The extenders will mesh wired or wireless
| which is nice.
| nrclark wrote:
| Do their products have much in the way of phone-home / cloud
| access?
| tw04 wrote:
| They have a reverse tunnel that you can enable for remote
| access, but you can disable it.
|
| https://kb.synology.com/en-
| global/SRM/help/SRM/NetworkCenter...
|
| I personally like that because I can safely remotely access
| the routers I've deployed for others if I ever have a
| reason to. They just need to check a box to turn it on or
| off in the GUI.
|
| They also have an "experience improvement" program that
| sends home telemetry that can also be disabled. As far as I
| know there's no "phone home" that you can't turn off if you
| don't want it.
| imiric wrote:
| I'm currently in the process of moving my home network from
| Ubiquiti to an open solution with a few Mikrotik RBM11Gs to
| serve as APs, and will probably also replace my Netgate SG-3100
| with pfSense with likely a PC Engines machine. All will
| probably be running OpenWrt, though if that's too limiting /
| buggy, I'll just use plain Linux or OpenBSD on them.
|
| The major benefit of this setup is that you don't depend on
| some manufacturer for updates. Given Ubiquiti's and Netgate's
| recently hostile actions towards users and open source, this
| provides a great peace of mind. The other benefit is that
| you're free to upgrade your hardware as needed, which
| particularly for WiFi cards is great to have. Right now I'm
| sticking with WiFi 5 because of the costs, but in the future
| upgrading to 6E would just be a matter of changing the cards
| (assuming they're supported by the OS).
|
| Speaking of cards, I went with Compex WLE1216V5-20, which have
| an Atheros chip and are thus much better supported on Linux
| than Broadcom, etc.
| ericd wrote:
| I've been considering replacing my EdgeRouter with a pfsense
| box (probably the Netgate 6100), have you been dissatisfied
| with your Netgate?
| imiric wrote:
| I also have an EdgeRouter, but will probably replace that
| last since it works fine and doesn't require any of the
| Ubiquiti Controller / Cloud shenanigans.
|
| I've had intermittent LAN dropouts on the SG3100 that I
| couldn't explain from the logs. That in addition to
| Netgate's hostility towards open source with how they're
| handling pfSense, and the whole pfSense+ product, just puts
| a bad taste in my mouth when it comes to supporting the
| company. For the hardware and software stack they provide,
| the devices are very overpriced IMO. Same with Ubiquiti,
| though at least with Ubiquiti you're paying for a set-it-
| and-forget-it network, as long as you're willing to fully
| invest in their ecosystem. They're the Apple of network
| prosumer equipment.
|
| But my main interest in abandoning both is investing in
| devices that I can upgrade and maintain independently and
| at my own pace. It will also be cheaper in the long run,
| though it does require some tinkering to setup.
| magicalhippo wrote:
| Unless something radical has changed in the last half year
| or so, pfSense will be a giant PITA if you have
| "residential" IPv6. That is, anything but a completely
| static prefix.
| simplyaccont wrote:
| i build in the past a few times APs with compex cards. the
| problem it's that some of them have extra large form factor
| and won't fit standard mpcie slots. i had to build an adapter
| :/ eventually instead of upgrading to new iteration i got a
| couple of netgear r7800 and flashed them with openwrt. the
| router is on separate x86 box
| donmcronald wrote:
| Have you ever looked at VyOS (https://vyos.io/)? IIRC EdgeOS
| was a fork of Vyatta and Vyatta became VyOS. Their LTS
| pricing doesn't work for small businesses, but the rolling
| release might be an option for home use.
|
| It's sad that everyone only wants to accept huge amounts of
| cash these days. Take VyOS as an example. The smallest
| licensing option they have is $6k per year for _unlimited_
| installs. That makes it completely unobtainable for a person
| that I build firewalls for, so we don 't even evaluate it.
|
| In terms of percentages, we could probably add about 15% to
| every firewall sold and that could be passed along to a
| software vendor. If we had a self serve portal where we could
| download LTS releases and generate _lifetime_ licenses we 'd
| send them 15% of our firewall (sales) revenue and they'd
| basically never hear from us.
|
| In real numbers that would be about $1-1.5k a year as long as
| we could pay per device as we sell/install them. Using
| pfSense as an example it'd be in the range of $10k since we
| started using pfSense and, in the last 5 years, I think I've
| only had 1 issue I couldn't figure out on my own where I had
| to go ask on their forum.
| 60Vhipx7b4JL wrote:
| how about openwrt/openwisp?
| ctoth wrote:
| As far as I understand, no Wi-Fi 6 routers actually run
| Openwrt. The only way to get somewhat open software on your
| Wi-fi 6 or newer device is to use Merlin's fork of Asuswrt.
| Merlin is pretty big on not making large modifications
| though, so, for instance, it's very difficult to get Docker
| running on the device because the default Kernel doesn't ship
| with a lot of necessary modules. There are some nice apps
| that use the router directly like Diversion but I would
| really love a little device that managed everything from VLAN
| tagging to running little docker appliances and also provided
| a fast modern AP. Imagine an app store where the moderate
| power user could click and install apps on their router that
| all lived in little containers.
| JeremyNT wrote:
| > As far as I understand, no Wi-Fi 6 routers actually run
| Openwrt.
|
| This is no longer the case. Some devices (albeit not too
| many) now have working 802.11ax [0].
|
| I know most about the Linksys E8450, which does require a
| newer snapshot of OpenWRT (it's not yet in a stable
| release).
|
| [0] https://openwrt.org/toh/views/toh_available_16128_ax-
| wifi
| icybox wrote:
| I'm running Netgear N600 / WNDR3800 with OpenWRT since day
| one. So if you (can) plan for OS before buying, you can dodge
| a bullet when $VENDOR stops giving f*cks. That particular box
| has been released in 2011! Mikrotik is good enough (tm)
| probably, but it's licensed/closed-source. bcantrill once
| mentioned that "Infrastructure software should be open-
| source" and I'm adhering to this mantra for 10 years now.
| Dodged many bullets coming my way ... (i.e. if you want to
| buy something, can you plan for linux/BSD OS when vendor just
| doesn't care anymore?)
|
| Would like to hear ideas about Apple's airports running
| custom NetBSD ... are you guys still running those as
| edge/internet routers with wifi or have you pushed them to
| the inside of the network and promoted some other box to the
| firewall role? I'm kinda stuck in the conundrum "it's unix
| with PF, it can handle itself" and "it's does not get updates
| anymore".
| bigyellow wrote:
| PC Engines with OpenBSD or Debian Linux. 100% open source
| hardware, firmware and software, not this closed-source
| "RouterOS" which is probably bugged.
| dehrmann wrote:
| I tend to use OpenWRT on Mikrotik devices, but I used a board
| from PC Engines, and I was was impressed by it. The hardware
| is very standard, and their support was good. I had a
| question about the max power the mini PCI port could supply.
| I got an answer and info on a change I can make that adds a
| capacitor to help in this scenario.
| yjftsjthsd-h wrote:
| Yes, this is easily superior to most options;
| Debian/OpenBSD/whatever is far more trustworthy than any
| commercial offering (and many noncommercial options), and
| hostapd isn't especially hard to set up - a bit of effort up
| front and then you can just sit on it for years with no more
| maintenance than installing updates (and even that can be
| automated with unattended upgrades in Debian). The result is
| a capable little box that will get security updates
| indefinitely and which only serves your interests.
| zajio1am wrote:
| I also use PC Engines Alix with Debian as home router and
| it is in many ways superior to commercial options, but
| quality of wifi drivers in Linux is long-term issue.
|
| Also note that in unpatched hostapd channel bonding (40MHz
| and more channels) does not really work. There is a check
| whether neighboring channel is crowded (which always is due
| to overcrowded spectrum) that disables channel bonding.
| AFAIK Openwrt has patch that allows to override this check,
| but Debian does not.
|
| As a result, i get consistently higher wifi speeds from
| commercial wifi APs than from my Alix router.
| _joel wrote:
| Lovely little systems. Used them to build VPN gateways and
| for our OOB access at POPs etc.
| ahepp wrote:
| I agree that this is what I would want to use, but doesn't
| the lack of any kind of specialized switching hardware make
| it uncompetitive in terms of price/power consumption/speed?
|
| I have on order a mikrotik rb5009UG+S+, which has nine
| gigabit ethernet ports, one 2.5 gigabit ethernet port, and a
| 10g sfp+ cage. It has zero fans and benchmarks show it
| capable of 10 gigabit routing. It costs less than $200.
|
| I love vyos, and I would definitely prefer an open source
| router. But people I talk to love their mikrotik products. It
| doesn't seem like the old ones are being abandoned.
| djanogo wrote:
| Unify Dream Machine, it's constantly out of stock, you have to
| keep checking Ubiquiti website to get it. It has cloud access
| which is used by app to monitor or control it from outside of
| your house, but you can disable it.
| bigyellow wrote:
| > It has cloud access which is used by app to monitor or
| control it from outside of your house, but you can disable
| it.
|
| Nope, don't trust them to do that after
| https://community.ui.com/questions/Ubiquiti-ignoring-auto-
| up...
| djanogo wrote:
| Having owned UDM for over a year with auto update off, they
| never pushed any forced update, I always do it manually
| every few months. Based on number of updates[1] that they
| push I can totally give them benefit of doubt that it was a
| bug.
|
| They have dozens of products which they update constantly,
| picking one bug at one time as malice and blacklisting a
| company is not correct. If you go that route you won't have
| any company left to buy from.
|
| [1]https://community.ui.com/releases
| InTheArena wrote:
| You don't need it. You can disable the cloud access
| starting with the latest firmware.
| nullwarp wrote:
| We use UDM's at work and I really feel like they are half
| baked products at best. I'm really not a fan and we've
| stopped using them completely in new installations because of
| it and have gone back to MikroTik hardware which has never
| given us issues.
|
| I also just find the UDMs interface an absolute shit show to
| navigate and find things.
| sebazzz wrote:
| I'm not a fan, but surely the prosumer version has one! Due
| to system load being above 1 all the time it causes quite
| some heat, and thus fan noise. Crappy firmware, never
| fixed.
| specto wrote:
| Agreed... their old edgerouter was much better. Hoping
| their unifi OS (containerization of their platforms on
| their hardware) becomes more flexible without the hacks
| people use now. Until then, I'll keep using my
| edgerouter...
| davidandgoliath wrote:
| Ubiquiti amplifi hd. I use the mesh stuff.
| cycomanic wrote:
| I heard good things about PCengines APU products (e.g. see here
| https://teklager.se/en/products/routers/apu3d4-open-source-r...
| I'm not affiliated). You essentially run openwrt or pfsense on
| your own hardware. Alternatively, many people are now putting
| pfsense/opnsense on their own hardware. In particular thin-
| clients are very capable and some can be easily be retrofitted
| with multiple ethernet ports (however, prices have gone up
| significantly for some of these over the last year). The one
| thing you need to be careful with is wifi hardware
| compatibility.
|
| Some instructions here: https://boratory.net/pfsense-firewall-
| futro-s900/
| https://forums.servethehome.com/index.php?resources/introduc...
| ValentineC wrote:
| > _The one thing you need to be careful with is wifi hardware
| compatibility._
|
| I'd suggest using old consumer routers as access points.
| darkr wrote:
| Not sure if it passes the "don't have to screw with" test (as
| configuration generally requires a decent level of networking
| knowledge), but I'm quite happy with Mikrotik Audience access
| points/routers.
| InTheArena wrote:
| If you can get your hands on it - Check out the pre-release
| Unifi Dream Router. PoE (to drive other AP), Gateway and built
| in AP all in one.
| dont__panic wrote:
| Hot take: All routers completely suck right now, and most of
| them are built to spy on your network at worst and accidentally
| expose you to cyberattacks at best.
|
| There are two choices, the way I see it:
|
| 1. Invest in a decent router (probably $150-200 at least) and
| throw openwrt on it. You'll need something with serious CPU
| beef because openwrt relies more on software than hardware, and
| most routers use hardware for QoS etc., hence the price tag.
| You'll also need to actually understand the multitude of
| settings offered by openwrt if you care at all about security
| or performance -- this is nontrivial if you aren't already a
| network engineer.
|
| 2. Buy a used Apple Airport router. The last generation support
| AC wifi, which is... basically as fast as the best things out
| there right now, barring wifi 6E. On the plus side: this comes
| with mostly sane defaults and good performance, I easily get
| 600+ mbps up/down on my gigabit internet. On the downside... I
| think you can only configure airport routers through macOS (and
| a mostly-dead iOS app), and they don't let you configure _all_
| the settings you might want. A fair tradeoff for good, non-
| footgun defaults IMO, but YMMV.
|
| There's also the third option of creating some bespoke
| raspberry pi + wifi hardware solution for yourself, but that's
| likely to get you punched by your flatmates when it inevitably
| reboots incorrectly during a power outage or overheats or
| whatever and suddenly you need to spend 2 hours debugging
| problems without a working wireless connection and everyone
| else is pissed they can't use the internet. Unless, of course,
| you're a brilliant network engineer who would never make a
| silly mistake or have a bug in their custom router solution.
|
| Which I guess is why most people use Google or Amazon spyware
| for internet in their homes.
| Integer wrote:
| You could try Turris Omnia, it has beefy hardware and sane
| defaults. Or some other solutions with OpenWRT pre-installed.
| dont__panic wrote:
| Thanks for this suggestion, I'll have to keep an eye on
| this the next time I need a router. Definitely on the
| pricey side, but given that it's fully open source, that's
| a con I can live with.
| ValentineC wrote:
| > _1. Invest in a decent router (probably $150-200 at least)
| and throw openwrt on it. You 'll need something with serious
| CPU beef because openwrt relies more on software than
| hardware, and most routers use hardware for QoS etc., hence
| the price tag. You'll also need to actually understand the
| multitude of settings offered by openwrt if you care at all
| about security or performance -- this is nontrivial if you
| aren't already a network engineer._
|
| Why not OPNsense on an old x86 box?
|
| > _but that 's likely to get you punched by your flatmates
| when it inevitably reboots incorrectly during a power outage
| or overheats or whatever and suddenly you need to spend 2
| hours debugging problems without a working wireless
| connection and everyone else is pissed they can't use the
| internet._
|
| I thought for a couple of years that my OPNsense setup would
| pass the Family Acceptance Factor, but one day (a few months
| back!) it spontaneously wiped itself of its settings --
| requiring me to plug in a monitor, reconfigure it to boot,
| and restore my settings from a backup.
|
| My (very annoyed) family had to ask why we had to jump
| through hoops, and not use a simple consumer router like
| everyone else.
|
| I'd imagine that OpenWrt would be the same, or worse.
| quesera wrote:
| In my (extensive) experience on several different hardware
| platforms, OpenWRT is far more stable and featureful than
| stock firmware.
|
| In the worst case, stock firmware would require a hard
| reset (power cycle) every few weeks. I've had OpenWRT
| firmware running without interruption (on UPS) for _years_
| at a time.
| ok_dad wrote:
| Thanks for that, it is what I figured. I have a really old,
| nice, router running one of the WRT-like OSes and I really,
| really don't want to do that anymore. I have a small family
| and do not want to mess with this stuff. I might just bite
| the bullet and hook up a few more of the Google routers. I
| hate using Google, and don't trust them, but I probably trust
| them more than most other brands in this space. Also, I can't
| argue that I don't get good performance from their stuff. The
| only problem is, if I turn off the cloud features with this
| thing, I can't even do port forwarding or anything! Who the F
| puts that behind a cloud? Anyways, thanks for the answer.
| dont__panic wrote:
| Yeah, I've been frustrated with the router space for a
| while recently so I figured you might benefit from my
| research (and likely bias as well). Too bad others in this
| thread downvoted me without responding, though -- if
| anybody can recommend a decent answer to this question that
| I didn't cover or explain why I'm wrong, I'm happy to admit
| that. I would really like there to be a decent router out
| there for my use case.
|
| The biggest reason I don't use a Google router or something
| of that ilk is exactly what you mentioned in this comment:
| I don't want basic functionality like port forwarding
| locked behind some cloud account that I might have to pay
| for monthly eventually (or might get shut down). At least
| my current hardware will likely work perfectly until the
| hardware fails.
| yardstick wrote:
| What's your opinion on Mikrotik devices?
| dont__panic wrote:
| I looked into them a while back, and they do generally
| seem to be capable devices. I think they fall into the
| too-footgun-y category I mention above, though -- if you
| don't already know a lot about networks, you can easily
| leave gaping holes in your network security since there
| are so many options to screw up. They're a bit on the
| expensive side, too, and honestly even trying to figure
| out which router to buy was enough of a nightmare to
| dissuade me.
| cycomanic wrote:
| I think the reason why you got downvoted is because you
| made broad sweeping statements without anything to back
| it up. It also does not reflect my experience, the amount
| of routers running open source systems that one can buy
| is much larger than it has ever been (I pointed out some
| options further up the thread), ASUS uses dd-wrt IIRC and
| others. Also the openwrt/pfsense/opnsense solutions are
| not really slower than commercial offerings, many
| offerings now are capable of running OpenVPN at
| reasonable speeds, in particular if your CPU has AES-NI
| support.
|
| The way it was written your statement sounded like a
| Apple shill really.
| comeonseriously wrote:
| I use an Edgerouter-x with an eap225 AP located centrally. I
| have not noticed any spying.
| lephty wrote:
| +1 for the TP-Link EAP225 and its brethren (they have a cloud
| management portal, but with just a handful of units they can
| be managed individually or via self-hosted management
| server).
|
| I use mine with a Mikrotik RB4011. A very stable and reliable
| combination.
| djhworld wrote:
| I've been building a little TP-Link Omada setup for my home.
| There is a cloud option for the controller software or you can
| buy the hardware controller (or...run it yourself)
|
| Was going to go all in on Ubiquiti but was put off when reading
| about the reliability issues, plus was way more expensive.
|
| Pleased with my router + access point + PoE switch + hardware
| controller :)
| ksec wrote:
| It is a real shame Apple stopped their AirPort Express. But if
| you could still get one 2nd hand it is great.
| InTheArena wrote:
| I know it's "in" to shit on ubiqitui right now - but the new
| Ubiquti Dream Router and the older Unifi Dream Machine are
| the best spiritual successor I have seen to this device. The
| UDM comes out of the box with the switch and AP, which
| performas well, while the UDR also has PoE switches and WIFI
| 6 in case you want to run other APs or security cameras.
|
| And before anyone else jumps in with old information,as of
| the latest firmware, it does not require cloud access. And
| the PPoE performance problem has been fixed.
|
| It was a bumpy transition for a bit because they moved off of
| Vyatta to generic Linux for the routers.
| willis936 wrote:
| I bought a used Ruckus R610 on ebay for a modest $160 (not
| including power adapter). I am extremely happy with the
| hardware performance and the stability and options of the
| Unleashed firmware.
|
| It says it supports a gateway mode, but as a power user I want
| a bit more control than what I would expect a WAP to offer. I
| use an EdgeRouter-4 running whatever the latest official
| release is. Having separate boxes grants me freedom to do
| things like mess with Wi-Fi settings while my SO watches a show
| on Apple TV connected via Ethernet. It's the little things.
|
| I often think of a pfSense build, but then I remember how happy
| I am with the performance and efficiency of a dedicated box.
| wcfields wrote:
| Before Ubiquiti turned into a garbage fire my go to
| recommendation for power/performance/budget was used Ruckus
| APs and pfSense router.
| c0nsumer wrote:
| FWIW, I do OPNsense on a dedicated box (Protectli FW4B) and
| then an R610 for wireless, with an eBay special EOL'd Brocade
| switch in the middle.
|
| A dumber switch would be just fine, but I wanted something
| with 802.1at POE and good VLAN support because I like to
| break things up a bit.
|
| OPNsense is darned handy, and I like that it does more than
| an EdgeRouter would, like terminate a Wireguard VPN. The R610
| works wonderfully, and the switch... well... it's a switch.
| Once configured it's kinda transparent.
|
| Moving houses soon, so I got a second R610 to fill in signal
| on what I perceive will be dead spots due to plaster+lathe
| construction, and in testing thus far it all seems to Just
| Work. And like you appreciate, since it's all modular it's a
| lot easier to maintain than the UniFi stuff when things go
| sideways.
|
| Very, very happy with this setup.
| squarefoot wrote:
| > I do OPNsense on a dedicated box (Protectli FW4B)
|
| Interesting, thanks. Looks similar to one I'm considering
| to purchase when I'm moving next year. I'd be using
| OpnSense too.
|
| https://www.ipu-system.de/index.html
| gonzo wrote:
| I own Netgate and run R610s at work and at home, if that says
| anything.
| InTheArena wrote:
| I would really like to see a open source alternative that can
| interface with all sorts of different hardware to manage my
| infrastructure with a single pane of glass. Sorta Ubiquti - but
| leveraging things like the Unifi API & the new REST api on
| Microtek to get me out of vendor lock in.
|
| I don't think I have ever seen anything along those lines out
| there.
|
| Im actually happy with my unifi setup - but there are some things
| (like multiple load balanced WAN ports) that should be easy to
| do, but instead are impossible.
| jedahan wrote:
| OpenWISP looks to be the furthest along, though right now I
| think it only supports OpenWRT
| https://openwisp.io/docs/index.html
| ctoth wrote:
| I know that the Asuswrt integration with Home-assistant lets me
| manage devices which is kind of cool, but I too would love a
| little deeper access via a 3rd party app. Most of these things
| use web scraping or ssh to the device though, not an actual API
| as very few routers give access to one.
| cedricgle wrote:
| There is some OS tooling in the SDN realm, like Stratum[1] for
| example, or a P4 board for the serious. But the hardware behind
| it isn't cheap.
|
| I wish router for personal use were as "easily" programmable as
| an OpenFlow compatible equipment with a external controller.
| Even if you need some extra tooling to reach all the feature of
| RouterOS, like a compute node for the DNS. I don't know if this
| kind of evolution will ever reach the consumer space.
|
| [1] https://opennetworking.org/stratum/
| ahepp wrote:
| I've always wondered if one could use SNMP for this.
| trulyme wrote:
| Doubtful. Some basic stuff is supported across almost all
| devices (interface names, speeds, status,...), but more
| detailed info varies widely between vendors, their OS
| versions and devices. SNMP SET support is mostly a joke and
| not worth the trouble. Better use whatever API each vendor
| came up with.
| lormayna wrote:
| I am a huge fan of Mikrotik. In the past, I have been worked for
| an ISP, and we made fantastic stuff with them. A CCR box that
| costs less than 1000EUR can handle the same number of users, with
| advanced QoS queueing than an equivalent Cisco that costs 20x.
| Having (almost) the same features to ever model, from the big
| boxes to the core routers, it's a big plus, they are very
| flexible, and they have almost all the features that a carrier-
| class router needs (the big lack at that time were OSPF-v3 and
| multi-core BGP). Once you learn the CLI and some quirky
| configuration, it's worth the money.
|
| The only problem is the availability: they are not stable as a
| Cisco/Juniper, but you can add several layers of redundancy with
| a fraction of the costs. Also the support is very basic.
| noja wrote:
| Wireshark support is here!
| pilsetnieks wrote:
| I think you meant Wireguard; you could make a packet capture
| for Wireshark a long long time ago already.
| [deleted]
| candiddevmike wrote:
| I wish I could install Debian on my mikrotik devices, I don't
| need a CLI or GUI--give me networkd or ifupdown instead.
| Arnt wrote:
| Oh neat.
|
| I wish to declare that I'm a Mikrotik fanboy. My hardware is ten
| years old, doesn't break, and Mikrotik supports it on the latest
| versions, apparently without plans to ever sunset the support.
| Ooh aah.
| stingraycharles wrote:
| Big supporter of Mikrotik here, it's a perfect middle ground
| between consumer "crap", and $10,000 enterprise network
| equipment.
|
| Rolled out a 10gbit / 25gbit network at home. My biggest
| complaints are:
|
| * Wireless is really difficult to get "decent speeds". I also
| have my ISP's router and a Draytek at home, these easily do
| 500mbit, and it's nearly impossible to get my router board to
| do the same. When asking support there's mainly a lot of hand-
| waving "you'll never get better than 100mbit anywhere anyway",
| etc. Even if other router vendors use hacks / cheats to achieve
| what they do, I would want an explanation what exactly it is
| they're doing, and why Mikrotik can't do that.
|
| * I know their Linux Kernel supports certain features, I would
| really like an "escape hatch" so I can just run traffic shaping
| commands manually. Eg if I want to use RED with ECN, the lack
| of a UI checkbox shouldn't be the limiting factor;
|
| * Upgrades while being in their development branch has been a
| big pain, many times losing crucial configurations; I guess
| this is fair game when I'm on the beta channel.
|
| * Hardware is a bit underpowered for my needs, but I guess
| that's why enterprise equipment is 10x - 50x as expensive.
| Doing traffic shaping on anything more than 1gbit is pretty
| much impossible; probably the best solution is to use some
| dedicated hardware with a whole bunch of network cards inside.
| james_in_the_uk wrote:
| Top tip - if your Mikrotik APs will run OpenWRT, do it.
|
| https://openwrt.org/toh/mikrotik/common
|
| Standalone wireless on Mikrotik is bad. CapsMan is even worse
| as it seems to hobble some of the standalone settings.
| Mikrotik are good at engineering routers but bad at
| engineering Wifi drivers.
|
| I tried _every which way_ to get Mikrotik wifi to work well,
| at reasonable speed, without dropping packets when roaming.
| No dice.
|
| Now I have three HAP AC running OpenWRT, connected to a CCR
| for switching and a HEX S for routing, the latter two still
| running RouterOS 6. 5 VLANs, PoE, queues, several forwarded
| services, Solid as a rock.
|
| (I've said it now... massive network wobble likely on the
| way).
| oynqr wrote:
| The HEX S is really nice for OpenWRT too :)
| iso1210 wrote:
| You can always run routeros on X86 hardware. I think the
| problem with things like mangle rules run into. Had loss and
| a hell of a lot of reorders at just 500mbit through a CCR1036
| the other week, disabled 100 or so mangle rules and it
| vanished, but from looking at other routers I think it's more
| of a limit in the linux kernel (perhaps just the 2.6 one).
| Maybe routeros7.1 will be better, something to test in the
| coming weeks.
|
| 10/25 feels like a CCR2004? Or are you just talking
| switching.
|
| If routing remember it isn't full bandwidth - the 170gbit of
| ports is squished into 2x25 before hitting the CPU[0]. Not
| sure how much is offloaded to the PIPE.
|
| [0] https://i.mt.lv/cdn/product_files/CCR2004-1G-12Splus2XS_2
| 004...
| Arnt wrote:
| It's possible that they still haven't merged the smallish
| patch described here: https://www.usenix.org/system/files/con
| ference/atc17/atc17-h...
|
| The hardware is underpowered because they optimise for people
| who deploy a hundred routers on mountaintops, with excellent
| lines of sight but poor access for replacement. Underclocking
| severely helps reliability.
| nullwarp wrote:
| Yeah huge fan of MikroTik stuff, all of it has been running
| flawlessly for me for so long.
|
| Works great, the interfaces are a little basic, but they are
| extremely fast and absolutely work flawlessly.
| NelsonMinar wrote:
| The release notes say "completely new NTP client and server
| implementation". Anyone know what they went with?
| aequitas wrote:
| systemd-timesyncd? ;)
___________________________________________________________________
(page generated 2021-12-07 23:02 UTC)