However everything I looked at was somewhat disappointing. One router I was looking at had an unpowered USB port, that was a low speed (USB 1), which just seemed to be a weird caveat when consumer routers of the time were all USB-2 and capable of running at least a small pocket hard drive or at least mount a USB key.
At this point there seems to be a lot of good commercial routers which are strong, cheap, and don't require much blob code etc and are easy to find (sometimes it was vague what kind of chips you'd get with different commercial hardware).
I don't have any Microtik hardware at all, so I don't have any vested interest here - I am just curious what people are liking these days. The vast majority of the consumer networking gear I've tried has been terrible, even with alternate firmware (e.g. OpenWRT doesn't keep crappy Linksys routers from overheating).
Previously I had, over the span of 18 months, an ASUS "Dark Knight" (whose 5GHz network slowly faded and then _disappeared_, apparently a known issue), an ASUS RT-AC66U (frequently just choked, requiring a reboot), an a Netgear Nighthawk AC1900 (same, and also issues with unstable wifi).
By contrast, the Mikrotik has been rock stable for the time I've had it (6 months). I also love the WebFig UI. It's a lot more technical than consumer routers, but it's responsive, consistent and doesn't hide any technical details from me. I don't need 90% of the RouterOS features, but I know that if I needed something obscure, I could set it up. You basically get an industrial-quality Linux-based router/switch OS for almost nothing.
(I do like the fine-grained metrics, though. You can get bandwith and connection data not just per interface, but also per NAT rule, for example.)
How does it achieve that? They both use TLS, in both, you can pick your ciphers.
Additionaly, they both use OpenSSL, which is often found buggy and the ciphers are not hw accelerated.
This is my #1 gripe with mikrotik, you can't figure out if the feature you want to use is half-baked or not without testing it. And then once it works you had better not upgrade versions or it may very well break.
Finding a version which has all the features you need working used to be a nightmare.
As for Router support - the best one would be the Archer C7 from TPLink (http://www.dd-wrt.com/wiki/index.php/Supported_Devices#TP-Li...)
TPLink started to lock down the firmware, due to the new regulation about locking down wifi devices. So if you get an unlocked C7, you are fine, if locked, you get to keep their firmware on the device.
Currently, the only safe choices for OpenWRT are Linksys WRT1900ACS and Turris Omnia. Both are a bit pricier.
While Mikrotick sells its RouterOS, it's not that hard to install Openwrt on it. Ubnt was quite Openwrt friendly at the start, not so any more.
These days I'm just assembling my own x86 routers. PCengines and Soekris do not have the best performance/price ratio nowadays, and they somehow just feel a bit out of date.
They're not designed to be a home router and the learning curve if you want to use one like that would be similar to someone without Cisco IOS knowledge trying to configure a Cisco IOS device as a home router.
Not many routers can do 5-10gb/s+ throughput for the price. Their most recent model has 8x10Gb ports, costs USD $2,500 and will route the full 80gb/s [1]
They have come a long way since the RB433 and running on Soekris/PCEngines boards. UBNT is just getting started in the real router field(Not their Radio-with-a-router, those are quite mature now but very limited in features) and I do not care for their current EdgeRouter UI. It's a mess. For example: You need local access just to add the interface you're accessing it from to a bridge. (Because you can't add an interface WITH an IP on it to a bridge, and you can't remove the IP from the interface without losing access. You can apply multiple commands at once, but the command validation doesn't honor the order that you enter them, thus tosses an error because it tries to add the interface to the bridge before removing the IP)
Sure you can put something x86 together and run one of the many many firewall/routing OSes, or even roll your own with (pick your flavor)Linux, Zebra and IPTables, but I don't have time to make something work and prefer something that just works and isn't priced at the Cisco/Juniper level.
I wouldn't recommend either for mission-critical ENTERPRISE grade routing, without significant planning into redundancy, but, if you are doing things at that level, then you probably have the funds to purchase enterprise grade gear.
[1] http://www.stubarea51.net/2015/10/09/mikrotik-ccr1072-1g-8s-...
No, it won't route 80Gbps, because any single flow on a CCR uses a single core on their multi core Tilera CPUs. The CCRs struggle to really do 10Gbps of real world IP transit traffic.
If you're pushing 5Gbps+ of your customers' IP traffic in a daily sine wave pattern to/from upstream and adjacent BGP peers (paid IP transit and peering at a local IX), and have $2,500 to spend, you will be MUCH better off buying a proper routing platform that has things like hotswap fan trays, hotswap 1+1 or N+1 power supplies, redundant hotswap routing engines, etc. You can do this with a used/refurb Cisco or Juniper for the same price as the higher end Mikrotiks. I can build a Cisco 7604 or 7606 with dual RSP720 for less than $2000.
The CCRs have a single motherboard in them that is about the same quality as a $85 PC motherboard. If you're running an ISP that is moving multi-Gbps of customer traffic and have potentially thousands of singlehomed customers downstream of you, do you want to rely on a 'core' router that has absolutely zero hardware redundancy?
Mikrotiks have their place at edge and small aggregation but when you start talking about things that are $2,000+, please, buy a real router.
The only catch is that anything done inside of OpenWRT has to be configured by hand from a terminal (obviously), instead of through Mikrotik's admin console.
2 core: http://www.supermicro.com/products/motherboard/Atom/X10/A1SR...
4 core: http://www.supermicro.com/products/motherboard/Atom/X10/A1SR...
8 core: http://www.supermicro.com/products/motherboard/Atom/X10/A1SR...
When I started at the ISP, I had never even heard of Mikrotik. Having been using high-end Cisco/Juniper gear for years, I was quite skeptical that those cheap little Mikrotiks were worth a damn.
I've actually been quite surprised. While all of my "critical" infrastructure runs on Cisco, I've got several Mikrotik routers running in production, almost exclusively as access concentrators (for PPPoE sessions). I really use very little of their features, but they handle PPPoE and OSPF just fine.
We also have an MSP side, which is mostly our ISP customers whom we also handle managing their local networks for. Our guys have deployed a handful of Mikrotiks at the edge of these customer networks as well but, again, this is just basic office router functionality (DHCP, NAT, firewalling, etc.).
For the price point, they're actually pretty decent devices. I don't own any myself (excluding a couple in my "networking test lab" here at home, but those belong to $work) and wouldn't personally use one. This is mostly on principle -- I disagree with their beliefs when it comes to the GPL and compliance.
Also, I wouldn't recommend using them for anything you deem "critical" or even "really important". Just read through the Changelogs for their firmware releases -- some of the bugs/fixes do not instill confidence in their software engineering.
FWIW, my router at home (on a fiber connection) is (was?) designed and sold as a RouterOS device [0], although I removed the Mikrotik CF card and replaced it with another one that I installed an OpenBSD image onto [1]. It's mounted read-only (except when I want to modify things, of course) to preserve the lifetime but lately, I've been considering installing an SSD into it. It's actually a pretty powerful (albeit low-end) PC disguised as a router. It can easily provided all the basic network services one might need at home (DHCP, DNS, NAT, firewalling, TFTP, etc.). It wasn't cheap, though -- $600, IIRC, but it's a few years old now. I wrote a bit more about it [2] a few months ago.
[0]: http://www.balticnetworks.com/docs/routermaxx%206%20port.pdf (PDF)
