Mikrotik software firewall/router?
-
@PhlipElder Odd that you had stability issues. When properly configured I've never had any issues at all besides the occasional lightning strike back in the day on the PtP sites. When used in controlled environments they have world-class stability and reliability. At least that's been my experience with the 500+ that I've worked with.
-
@dmacf10 said in Mikrotik software firewall/router?:
@PhlipElder Odd that you had stability issues. When properly configured I've never had any issues at all besides the occasional lightning strike back in the day on the PtP sites. When used in controlled environments they have world-class stability and reliability. At least that's been my experience with the 500+ that I've worked with.
It's been a while, but they were primarily due to the site-to-site VPN going down and the occasional lockup.
There's always been "suspicion" around inexpensive products since we get what we pay for.
Ubiquiti is no less in the crosshairs of that suspicion with it being justified.
Once bitten, twice shy so really haven't looked back.
Are there folks that are running MicroTik now with no issues? It sounds like you are?
-
Mikrotik devices are usually very stable, rock solid. However, from time to time, there are serious problems with some models and it can take looooong time until they fix it. Last two fckups that I remember where problem with RB4011 disabling wifi interface for no reason and CCR2004 router rebooting on random. It took over a year in both cases to solve the problems.
-
I have seen them used in DC world. Though i myself do not have experience on them sorry
-
@PhlipElder said in Mikrotik software firewall/router?:
@dmacf10 said in Mikrotik software firewall/router?:
@PhlipElder Odd that you had stability issues. When properly configured I've never had any issues at all besides the occasional lightning strike back in the day on the PtP sites. When used in controlled environments they have world-class stability and reliability. At least that's been my experience with the 500+ that I've worked with.
It's been a while, but they were primarily due to the site-to-site VPN going down and the occasional lockup.
There's always been "suspicion" around inexpensive products since we get what we pay for.
Ubiquiti is no less in the crosshairs of that suspicion with it being justified.
Once bitten, twice shy so really haven't looked back.
Are there folks that are running MicroTik now with no issues? It sounds like you are?
Yeah cause the likes of Cisco have never had an issue like that.
-
@PhlipElder said in Mikrotik software firewall/router?:
There's always been "suspicion" around inexpensive products since we get what we pay for.
Ubiquiti is no less in the crosshairs of that suspicion with it being justified."You get what you pay for" is a standard marketing trick and is anything but true in IT, if anywhere in life. Routers are a key example, the most expensive brands are often crap and the cheapest, like Ubiquiti and Mikrotik, are some of the best. "You get what you pay for" mostly refers to getting hoodwicked by flashy "used car salesmen" who know when someone is unable to evaluate products and so uses price as a proxy because it's easy to not do due diligence.
Dealing with Cisco Meraki stability issues this week. At 1% of the fleet, it has more issues than the bulk of it. But isn't really a bad product, but certainly can't be considered in the same category as higher class (and cheaper) players.
-
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
-
@ITivan80 said in Mikrotik software firewall/router?:
I have seen them used in DC world. Though i myself do not have experience on them sorry
Being that human beings are imperfect anything we make will be imperfect.
It's a given that all products experience problems that need to be addressed.
It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.
-
@PhlipElder said in Mikrotik software firewall/router?:
It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.
that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say.
-
@scottalanmiller said in Mikrotik software firewall/router?:
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
Open Source may be as vulnerable or more vulnerable to the SolarWinds style "attack":
https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source
No system managed and run by human beings is exempt from issues with the product nor the malicious behaviours of perps.
-
@scottalanmiller said in Mikrotik software firewall/router?:
@PhlipElder said in Mikrotik software firewall/router?:
It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.
that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say.
Okay, I have a memory: A perp was running around Microsoft's CorpNet and snipping images of what they saw and posting them via Tw33ter or other social media platform. I did not save them, unfortunately.
So, have they been memory holed? Can you find them?
How about Microsoft's statement around the perps running around CorpNet after the SolarWinds fiasco? "Oh, they only saw not important code" or something to that effect. Has that been memory holed?
-
@PhlipElder said in Mikrotik software firewall/router?:
@scottalanmiller said in Mikrotik software firewall/router?:
@PhlipElder said in Mikrotik software firewall/router?:
It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.
that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say.
Okay, I have a memory: A perp was running around Microsoft's CorpNet and snipping images of what they saw and posting them via Tw33ter or other social media platform. I did not save them, unfortunately.
So, have they been memory holed? Can you find them?
How about Microsoft's statement around the perps running around CorpNet after the SolarWinds fiasco? "Oh, they only saw not important code" or something to that effect. Has that been memory holed?
The reason I ask is because it seems to be the standard order of procedure to hide everything instead of coming clean and being forthright.
iNSYNQ, Maersk, Wolters Kluwer are three public situations. I know of plenty of not public ones that never got broadcast beyond those impacted. No news item, no mention anywhere.
So, what's up with that?
-
@scottalanmiller said in Mikrotik software firewall/router?:
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
Three cluster setups:
1: Cisco Small Business Pro series Gigabit and 10GbE
2: NETGEAR Gigabit and 10GbE
3: Ubiquiti Gigabit and 10GbE
4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least?
-
@PhlipElder said in Mikrotik software firewall/router?:
@scottalanmiller said in Mikrotik software firewall/router?:
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
Three cluster setups:
1: Cisco Small Business Pro series Gigabit and 10GbE
2: NETGEAR Gigabit and 10GbE
3: Ubiquiti Gigabit and 10GbE
4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least?
I can't stand the suspense. Please tell!
-
@Pete-S said in Mikrotik software firewall/router?:
@PhlipElder said in Mikrotik software firewall/router?:
@scottalanmiller said in Mikrotik software firewall/router?:
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
Three cluster setups:
1: Cisco Small Business Pro series Gigabit and 10GbE
2: NETGEAR Gigabit and 10GbE
3: Ubiquiti Gigabit and 10GbE
4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least?
I can't stand the suspense. Please tell!
In order of stability and longevity:
4 1 2 3. -
@PhlipElder said in Mikrotik software firewall/router?:
@Pete-S said in Mikrotik software firewall/router?:
@PhlipElder said in Mikrotik software firewall/router?:
@scottalanmiller said in Mikrotik software firewall/router?:
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
Three cluster setups:
1: Cisco Small Business Pro series Gigabit and 10GbE
2: NETGEAR Gigabit and 10GbE
3: Ubiquiti Gigabit and 10GbE
4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least?
I can't stand the suspense. Please tell!
In order of stability and longevity:
4 1 2 3.Thanks, I suspected something along that line. Interesting!
-
@PhlipElder said in Mikrotik software firewall/router?:
@scottalanmiller said in Mikrotik software firewall/router?:
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
Three cluster setups:
1: Cisco Small Business Pro series Gigabit and 10GbE
2: NETGEAR Gigabit and 10GbE
3: Ubiquiti Gigabit and 10GbE
4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least?
Off the top:
4: ConnectX-3 VPI would not come back online after a cable swap no matter what. Had to reboot the node. SwitchX still up and running and we're getting close to 8 years.
1: We have some SG300x or SG350x series that came back from clients still humming along close to 10 years later. Had a few early hardware rev editions drop ports. Some issues with the UI and responsiveness but all and all a solid platform.
2: Solid. 10 years later still going though firmware tends to get persnickety after 24-36 months of uptime or longer so an occasional reboot needed.
3: Management UI installed the reset the adopted switches without any warning. Threw a cluster into chaos. Site does not mention that that would happen. Lesson learned. VLANs: If there are "too many" the switches randomly stop routing. Just stop. In a teamed setting not so bad but the VMs residing on the port that gets dropped just disappear. What a PITA totroubelshoottroubleshoot (dyslexic brain on overdrive today).We do get what we pay for. ;0)
-
@Pete-S said in Mikrotik software firewall/router?:
@PhlipElder said in Mikrotik software firewall/router?:
@scottalanmiller said in Mikrotik software firewall/router?:
The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.
Three cluster setups:
1: Cisco Small Business Pro series Gigabit and 10GbE
2: NETGEAR Gigabit and 10GbE
3: Ubiquiti Gigabit and 10GbE
4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least?
I can't stand the suspense. Please tell!
Cisco woudl be reliably the biggest problem. Never seen anything require more support, have more problems.
Netgear is cheap, and we've seen lots of issues. Nothing is as bad as Cisco, obviously, but Netgear relies on easy to manage, easy to replace and if you have the right mindset it'll crush Cisco in the big scheme.
Worked extremely little with Mellanox. Known to be really good stuff.
Ubiquiti is definitely what I'd use most of the time. Good management, better pricing, and has the "easy to replace" advantages that take Cisco out of the serious running. Nothing Cisco could do (but doesn't anyway) could touch the safety net of being able to have spares instead of waiting for clueless engineers to putz around.