ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Mikrotik software firewall/router?

    Scheduled Pinned Locked Moved IT Discussion
    31 Posts 9 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @PhlipElder
      last edited by

      @PhlipElder said in Mikrotik software firewall/router?:

      @dmacf10 said in Mikrotik software firewall/router?:

      @PhlipElder Odd that you had stability issues. When properly configured I've never had any issues at all besides the occasional lightning strike back in the day on the PtP sites. When used in controlled environments they have world-class stability and reliability. At least that's been my experience with the 500+ that I've worked with.

      It's been a while, but they were primarily due to the site-to-site VPN going down and the occasional lockup.

      There's always been "suspicion" around inexpensive products since we get what we pay for.

      Ubiquiti is no less in the crosshairs of that suspicion with it being justified.

      Once bitten, twice shy so really haven't looked back.

      Are there folks that are running MicroTik now with no issues? It sounds like you are?

      Yeah cause the likes of Cisco have never had an issue like that.

      1 Reply Last reply Reply Quote 2
      • scottalanmillerS
        scottalanmiller @PhlipElder
        last edited by

        @PhlipElder said in Mikrotik software firewall/router?:

        There's always been "suspicion" around inexpensive products since we get what we pay for.
        Ubiquiti is no less in the crosshairs of that suspicion with it being justified.

        "You get what you pay for" is a standard marketing trick and is anything but true in IT, if anywhere in life. Routers are a key example, the most expensive brands are often crap and the cheapest, like Ubiquiti and Mikrotik, are some of the best. "You get what you pay for" mostly refers to getting hoodwicked by flashy "used car salesmen" who know when someone is unable to evaluate products and so uses price as a proxy because it's easy to not do due diligence.

        Dealing with Cisco Meraki stability issues this week. At 1% of the fleet, it has more issues than the bulk of it. But isn't really a bad product, but certainly can't be considered in the same category as higher class (and cheaper) players.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller
          last edited by

          The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

          PhlipElderP 2 Replies Last reply Reply Quote 1
          • PhlipElderP
            PhlipElder @ITivan80
            last edited by

            @ITivan80 said in Mikrotik software firewall/router?:

            I have seen them used in DC world. Though i myself do not have experience on them sorry 😞

            Being that human beings are imperfect anything we make will be imperfect.

            It's a given that all products experience problems that need to be addressed.

            It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @PhlipElder
              last edited by

              @PhlipElder said in Mikrotik software firewall/router?:

              It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.

              that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say.

              PhlipElderP 1 Reply Last reply Reply Quote 0
              • PhlipElderP
                PhlipElder @scottalanmiller
                last edited by

                @scottalanmiller said in Mikrotik software firewall/router?:

                The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

                Open Source may be as vulnerable or more vulnerable to the SolarWinds style "attack":

                https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source

                No system managed and run by human beings is exempt from issues with the product nor the malicious behaviours of perps.

                1 Reply Last reply Reply Quote 0
                • PhlipElderP
                  PhlipElder @scottalanmiller
                  last edited by

                  @scottalanmiller said in Mikrotik software firewall/router?:

                  @PhlipElder said in Mikrotik software firewall/router?:

                  It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.

                  that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say.

                  Okay, I have a memory: A perp was running around Microsoft's CorpNet and snipping images of what they saw and posting them via Tw33ter or other social media platform. I did not save them, unfortunately.

                  So, have they been memory holed? Can you find them?

                  How about Microsoft's statement around the perps running around CorpNet after the SolarWinds fiasco? "Oh, they only saw not important code" or something to that effect. Has that been memory holed?

                  PhlipElderP 1 Reply Last reply Reply Quote 0
                  • PhlipElderP
                    PhlipElder @PhlipElder
                    last edited by

                    @PhlipElder said in Mikrotik software firewall/router?:

                    @scottalanmiller said in Mikrotik software firewall/router?:

                    @PhlipElder said in Mikrotik software firewall/router?:

                    It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had.

                    that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say.

                    Okay, I have a memory: A perp was running around Microsoft's CorpNet and snipping images of what they saw and posting them via Tw33ter or other social media platform. I did not save them, unfortunately.

                    So, have they been memory holed? Can you find them?

                    How about Microsoft's statement around the perps running around CorpNet after the SolarWinds fiasco? "Oh, they only saw not important code" or something to that effect. Has that been memory holed?

                    The reason I ask is because it seems to be the standard order of procedure to hide everything instead of coming clean and being forthright.

                    iNSYNQ, Maersk, Wolters Kluwer are three public situations. I know of plenty of not public ones that never got broadcast beyond those impacted. No news item, no mention anywhere.

                    So, what's up with that?

                    1 Reply Last reply Reply Quote 0
                    • PhlipElderP
                      PhlipElder @scottalanmiller
                      last edited by PhlipElder

                      @scottalanmiller said in Mikrotik software firewall/router?:

                      The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

                      Three cluster setups:
                      1: Cisco Small Business Pro series Gigabit and 10GbE
                      2: NETGEAR Gigabit and 10GbE
                      3: Ubiquiti Gigabit and 10GbE
                      4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbE

                      Guess which ones we've had the most grief with? Which one's the least?

                      1 PhlipElderP 2 Replies Last reply Reply Quote 1
                      • 1
                        1337 @PhlipElder
                        last edited by

                        @PhlipElder said in Mikrotik software firewall/router?:

                        @scottalanmiller said in Mikrotik software firewall/router?:

                        The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

                        Three cluster setups:
                        1: Cisco Small Business Pro series Gigabit and 10GbE
                        2: NETGEAR Gigabit and 10GbE
                        3: Ubiquiti Gigabit and 10GbE
                        4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbE

                        Guess which ones we've had the most grief with? Which one's the least?

                        I can't stand the suspense. Please tell!

                        PhlipElderP scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • PhlipElderP
                          PhlipElder @1337
                          last edited by

                          @Pete-S said in Mikrotik software firewall/router?:

                          @PhlipElder said in Mikrotik software firewall/router?:

                          @scottalanmiller said in Mikrotik software firewall/router?:

                          The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

                          Three cluster setups:
                          1: Cisco Small Business Pro series Gigabit and 10GbE
                          2: NETGEAR Gigabit and 10GbE
                          3: Ubiquiti Gigabit and 10GbE
                          4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbE

                          Guess which ones we've had the most grief with? Which one's the least?

                          I can't stand the suspense. Please tell!

                          In order of stability and longevity:
                          4 1 2 3.

                          1 1 Reply Last reply Reply Quote 1
                          • 1
                            1337 @PhlipElder
                            last edited by

                            @PhlipElder said in Mikrotik software firewall/router?:

                            @Pete-S said in Mikrotik software firewall/router?:

                            @PhlipElder said in Mikrotik software firewall/router?:

                            @scottalanmiller said in Mikrotik software firewall/router?:

                            The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

                            Three cluster setups:
                            1: Cisco Small Business Pro series Gigabit and 10GbE
                            2: NETGEAR Gigabit and 10GbE
                            3: Ubiquiti Gigabit and 10GbE
                            4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbE

                            Guess which ones we've had the most grief with? Which one's the least?

                            I can't stand the suspense. Please tell!

                            In order of stability and longevity:
                            4 1 2 3.

                            Thanks, I suspected something along that line. Interesting!

                            1 Reply Last reply Reply Quote 0
                            • PhlipElderP
                              PhlipElder @PhlipElder
                              last edited by PhlipElder

                              @PhlipElder said in Mikrotik software firewall/router?:

                              @scottalanmiller said in Mikrotik software firewall/router?:

                              The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

                              Three cluster setups:
                              1: Cisco Small Business Pro series Gigabit and 10GbE
                              2: NETGEAR Gigabit and 10GbE
                              3: Ubiquiti Gigabit and 10GbE
                              4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbE

                              Guess which ones we've had the most grief with? Which one's the least?

                              Off the top:

                              4: ConnectX-3 VPI would not come back online after a cable swap no matter what. Had to reboot the node. SwitchX still up and running and we're getting close to 8 years.
                              1: We have some SG300x or SG350x series that came back from clients still humming along close to 10 years later. Had a few early hardware rev editions drop ports. Some issues with the UI and responsiveness but all and all a solid platform.
                              2: Solid. 10 years later still going though firmware tends to get persnickety after 24-36 months of uptime or longer so an occasional reboot needed.
                              3: Management UI installed the reset the adopted switches without any warning. Threw a cluster into chaos. Site does not mention that that would happen. Lesson learned. VLANs: If there are "too many" the switches randomly stop routing. Just stop. In a teamed setting not so bad but the VMs residing on the port that gets dropped just disappear. What a PITA to troubelshoot troubleshoot (dyslexic brain on overdrive today).

                              We do get what we pay for. ;0)

                              1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @1337
                                last edited by

                                @Pete-S said in Mikrotik software firewall/router?:

                                @PhlipElder said in Mikrotik software firewall/router?:

                                @scottalanmiller said in Mikrotik software firewall/router?:

                                The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done.

                                Three cluster setups:
                                1: Cisco Small Business Pro series Gigabit and 10GbE
                                2: NETGEAR Gigabit and 10GbE
                                3: Ubiquiti Gigabit and 10GbE
                                4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbE

                                Guess which ones we've had the most grief with? Which one's the least?

                                I can't stand the suspense. Please tell!

                                Cisco woudl be reliably the biggest problem. Never seen anything require more support, have more problems.

                                Netgear is cheap, and we've seen lots of issues. Nothing is as bad as Cisco, obviously, but Netgear relies on easy to manage, easy to replace and if you have the right mindset it'll crush Cisco in the big scheme.

                                Worked extremely little with Mellanox. Known to be really good stuff.

                                Ubiquiti is definitely what I'd use most of the time. Good management, better pricing, and has the "easy to replace" advantages that take Cisco out of the serious running. Nothing Cisco could do (but doesn't anyway) could touch the safety net of being able to have spares instead of waiting for clueless engineers to putz around.

                                1 Reply Last reply Reply Quote 1
                                • 1
                                • 2
                                • 1 / 2
                                • First post
                                  Last post