Mikrotik is Awesome

Little known fact, I was a network admin back in the college days. I was a part of the Campus Dorm-net Promotion Association (CDPA) in National Sun-Yet-Sen University, Taiwan. The group is defunct now. But I had my fair share of messing with Juniper, Zyxel, Aruba switches and an Arista router. We are not a full blown ISP, but a subnet of the school's network and provides internet access to students living in droms. While the school's IT provides routing service for all of Taiwan's southern academic institutions. Often times, I feel the gear we have is overkill for the job. We simply need to keep a watch on the ARP table, map flow back to ports and run STP to prevent loops. There's limited HA, no real need for BGP, and we built our own coarse gran QoS and firewall. Our routing is also very simple. 2G of WAN and a few hops to the school's core router.

That's 3 years ago. Recently, I bought myself a Mikrotik CRS310-8G+2S+IN so I can have 10G networking to (research) systems in LAN that can take advantage of it. I am instantly impressed by the feature set and interface of RouterOS. IT GAVE YOU A SANE COMMAND LINE! Gosh! I remember the days when I have to login to a switch, run show running-config to confirm what's enabled right now the a series of commands:

configure terminal
vlan 1
name VLAN1
exit
interface 1
tagged vlan 1
exit

# After we are sure vlan is working
write memory

Now, I can simply do:

# Enable safe mode in Winbox or hit Ctrl-X in terminal to prevent accidental broken changes
> /interface/vlan/add name=VLAN1 vlan-id=1 interface=ether1

And that's it. 1 line. Same goes for many features that used to be a pain to configure. Split the switch into 2 different bridges (not VLANs), NTP, disabling interfaces, querying the MAC on the other side of the link, etc. All doable at most 4 lines.

What's better, Mikrotik eases the planning pain with their unified feature set across the entire product line. ANY Mikrotik, as long as it runs RouterOS, can switch, route, NAT, firewall, VPN, DHCP, BGP, IPSec, you name it. RouterOS licensing is also dead simple. All RouterOS licenses gives you the full feature set. Just with a higher limit on the number of connections as the level increases. Mikrotik is also very generous with their licensing. My CRS310 comes with a Level 5 license. Which is more then enough for my entire home network, several times.

Sure, features may not be offloaded to hardware. Or be damn slow because you try to route on a 400MHz CPU. But it will work. There's no surprises of "oh the specific flag is not supported on this model, get the next one up" and having to delay the project.

On the other hand, with other vendors, good luck getting BGP or Wireguard on entry level gear. You have to pay for the "Enterprise" line. And even then, you may have to pay for a license to enable the feature. And the license may be several Mikrotik's worth. Cost sensitive projects would just throw in a server or 2 at this point. Which back in CDPA, we had an entire cluster to pick up jobs that we can't afford to run on network gears.

In retrospect, we could have just thrown a few Mikrotik's in and save a lot of money.

So, what's not to like about Mikrotik? They are cheap (networking gear standards), full featured, and easy to use. They may not come with the best performance, but if you don't need it, don't pay for overpriced equipment and licenses.

Call me a fanboy. But I'm willing to be a sucker for products that just works, cheap and still gives you full control.