I would not say above average. I've seen use cases where a single mikrotik AP was capable of serving more than 100 users without breaking and the feature set with wifi is good. Its not the best or most up to date in wifi features but neither is ubiquiti too as they both lack some of the features that come with the more expensive cisco APs but such features are rarely needed for most. This is mainly because many of the features are done in the OS rather than hardware which reduces some of the hard limits so as long as you have enough CPU, RAM and a good config for the limited bandwidth it will not fail from heavy use.

I would not recommend using hotspot on routerboards that come with wifi because of https redirection CPU loads.

Time internet international bandwidth is even worse than TM, but with mikrotik and a good QoS setup, everything worked flawlessly that while before only kb/s of bandwidth was used, now both gaming and video despite not using up all the bandwidth works well.

http://www.dslreports.com/speedtest/27611115

Tested from wifi with the most stressful test i could do and with high resolution bufferbloat.

With TM there was once a torn cable but that only caused loss of internet which was changed and fixed. The time internet isnt mine, only running my hardware but the retransmit was caused by a momentary packet loss that happens when you burden wifi. During the test i was pinging the router and it timed out only once because of wifi being suddenly loaded. Wifi has inconsistent pings when loaded so getting A+ requires not only a good WAN but also internal network.

But to get A+ on wifi is not easy. After TM was installed in another place i did a test both via wifi and wire using the provided hardware (tp link). Wire got C for both and wireless got F for both (on 5Ghz wifi AC).

My configuration is mikrotik as router, asus as wifi.

the other results are different, i increased the test stress so it dropped quality from A+ to A but bufferbloat still staying in A+. Some results werent done on the same ISP/hardware even and some done while i was tuning QoS.

Per connection classifier. Route the connections not packets using mangle and separate NAT and QoS rules

does anyone have a list of suppliers/distributors of mikrotik in malaysia that i can deal with as a business that isnt hiked by 50-100% in price?

Its not pure mikrotik, wheres the mikrotik AP and also a mikrotik AP with sim card slot and usb modem.

You can also bond ports between the AP and router and just do some configs to use less devices overall.

with mikrotik, CPU usage matters only for bandwidth use and not number of users. So even one of mikrotik's indoor routerboard APs could handle hundreds of users which is something i've read from user experiences when used in halls with hundreds of people all at the same time. The netgear r7000 is another AP that can also handle hundreds at a time and not collapse. So this means you only need 1 device and QoS will also be fine if using 4G as the bandwidth isnt much to overload the wierdly interesting MIPS CPU it has unless hotspot proves too resource intensive. I mention this because i've also read about remote monitoring wifi networks powered by solar and batteries only that use these mikrotik AP (9xx) routerboards.


range is also good on it too, has option for enclosure and external antenna. Combine one of their APs with a mini PCIe card for wifi to get a tri/quadband monster.

My own personal setup is mikrotik as router with asus for wifi and raspberry pi 2/3 for other tasks that neither can do, and soon a repurposed desktop for IDS/IPS with mikrotik.

i've been messing with mikrotik for 8 years. I also do have ubiquiti but im not really fond of it as i also have the ERPRO.

radio support actually is not hundreds of users, its highly dependent on the radio firmware and the device firmware. This is why some devices can handle hundreds of users and some collapse after a few users. The radio chips themselves have a processor that also handles clients, and some devices use their radios transparently by having the main firmware handle everything.

4x4 MIMO radio is about multi user though. Its not really about how many users but about maximising bandwidth and im surprised to see ubiquiti fixing their APs as in the past they would only handle 15 simultaneous before collapsing.

For instance have you even done layer 2 with layer 3 NAT with mikrotik in bypassing some really good NAT detection?

SG gets way better speeds than malaysia and one of the options you get as a router is the CCR1009.
However even the RB1100AHx4 can do 1Gb/s NAT using no hardware acceleration. Its not about the speed but about the config, as long as you do not max out the port/internals.

First is to make sure you do not use an interface that is connected to a switch chip, as many routers have the switch chip connected to the CPU at only 1Gb/s. Just changing the master/slave port doesnt solve this, you have to check your router's block diagram. Some mikrotik routerboards have 2Gb/s+ to the CPU though.

Some mikrotik routerboards have switch chips that can do various bonding modes , again must make sure connection to CPU is also 2Gb/s or higher for that switch chip if using across WAN.

The last thing is to check the bonding mode and status. Check on both the PC and router if both ports are up and bonded, check that traffic is flowing through both ports. I've done various bonding with mikrotik before, including mixing but mikrotik routerOS bonding gives more options than using the switch mode bonding (bonding via CPU).

@soonwai i here have bonding at home, i use it quite a lot between my PCs and switch. My file based servers get 10Gb/s while others get 4Gb/s (4x1Gb/s bonded) because i do clustering and compute. I'm quite surprised you would think i dont have the skill/knowledge as i've been using mikrotik for many years now way before mikrotik came out with certs and classes. Im just having trouble to find a complicated and real world enough setup for me to configure to create mikrotik tutorials to help even more rather than answering PMs and forums at other sites. I do frequent networking forums.

Even my own personal setup is unbelievable I've used mikrotik to bypass NAT detection (can tether for free and use webe ), create a dual connection setup to the same ISP for better speeds and reliability, fiddled with layer 2 for better security and lots more, i doubt any contractor/consultant in malaysia actually configure layer 2 for customers for security and monitoring.

This post has been edited by System Error Message: Mar 11 2018, 04:57 PM

First thing to do is check which ports are everything connected to. 5 of the ports of the CCR1009 is connected to a switch chip that has a 1Gb/s connection to the CPU, find out which CCR1009 you have and go to the mikrotik product page of it and look at the the block diagram.
https://i.mt.lv/routerboard/files/CCR1009-8...60128140835.png is an example. As long as both the WANs and LANs are connected to a CPU connected port you will be fine.

2nd thing to do is to go to routerOS, create the bonding for both WANs and LANs. They dont need to have the same mode of bonding though, different bonding modes have different ways that they work, whats important is to pick a bonding mode thats compatible which has the result you want. In order to make use of both links you either want to use a bonding that splits traffic equally or use the first link before using the 2nd one. This can be done on layer 3 as well via use of PCC based setup if the ISPs dont support bonding.

https://wiki.mikrotik.com/wiki/Manual:Interface/Bonding more on different bonding modes

You dont normally need to tweak the settings normally except if your ISP uses bonding and uses a specific setup. As long as the bonding setup on mikrotik matches that of the PC and your ISP, it will work, which means using the correct bonding mode with the correct settings.

Im surprised no one bothers to ask me as i use bonding on a daily basis with mikrotik through different types of bonding modes as i combine different devices and used to use a more complicated internet setup. You can PM me for advice on the configs.

the internal antenna is good but it wont beat external antennas. A lot of mikrotik routerboards have slots for external antennas though which can greatly increase the range. Since Malaysia isnt strict on wifi transmit powers and frequencies, if we can get a routerboard without a locked wifi firmware it would be good as it would let us use the full tx power (1.5W is huge, most consumer routers dont exceed 500mA) and mikrotik lets you also pair it with an antenna of your choice. Part of the wifi performance/range is down to the rf design of the AP and a match antenna which is why you dont see consumer routers with gigantic or crazy antennas.

High dB antenna is good for 5Ghz. too much 2.4Ghz coverage is a bad thing. Although i dont use mikrotik for wifi i use a lower tx power for 2.4Ghz and highest for 5Ghz as this gives better performance on both bands when having a multi AP setup, and its also good for your neighbours too (your neighbours should also use the same setup).

There are also antennas like directional antennas. Directional antennas with 120 degrees can be used if wifi coverage can be localised if need to go through walls and floors, though directional usually focuses it to 1 level. Not good for a multi story house.

Although ubiquiti indoor APs beat mikrotik in coverage with internal antennas, mikrotik APs are less likely to crash under load with the indoor APs being able to handle hundreds of simultaneous clients which is something ubiquiti indoor APs cannot do which makes mikrotik indoor APs great for halls where less coverage is needed but many many simultaneous clients. Mikrotik indoor APs with external antennas have very good range, just make sure to match up the right antenna and not choose one that has too low or too high dBi.

Mikrotik can control itself and similar devices via dude, which requires setting up and a compatible routerboard/PC as the dude server. It cant control which clients connect to which wifi AP but it can help managing many devices and monitor them. I myself use it for its pretty graphs and monitoring.

This post has been edited by System Error Message: Mar 16 2018, 07:06 PM

From my experience with powerline, if you are in a high rise building expect it to not work even if you have the best in class AV2000 or newer as i have a pair and couldnt get it to work. If at home it will work better because the distance between you and a potential source of interference is greater.

Even when it worked for me well, the best i got was 200Mb/s out of AV2000 with MU-MIMO and all sorts of trickery.

You'll do much better using mikrotik with directional antennas and wifi AC to pass through walls and floors than with powerline both in latency and bandwidth. The only time i use powerline is if it works is between my router and modem as long as the internet i use doesnt exceed the practical powerline bandwidth.

The only time you use powerline for LAN is when you have a concrete wall that is either radiation proof or you live in faraday cages because powerline is actually more expensive than wifi and the performance is worse than wireless AC.

If your router can be seen from any of the management ports, your firewall configuration sucks.
In any of the tutorials i've done, despite not being complete i always block all input on WAN except for NTP and DNS to whitelisted servers. If you want to manage your mikrotik remotely, set up VPN on it and allow VPN because VPN does not interface with the OS directly, only the networking part so you can secure it. It is recommended to run your own internal VPN server (if you use ASUS as APs like i do, can use that too) but make sure that it is secured.

Never use blankets, always specify every access. So if you have an automated whitelist, make sure that the whitelist is specific in every way (service, ports, addresses). Dont allow input from google DNS for everything. only for specifics as an example. Not to mention that google does try to spy on you alongside many other servers so making sure they cant access your network is important even if its google or facebook as they're a pain when you set up an IPS as they always get blocked.

And use drop rather than deny as no response is better than unauthorised response.

TM Unifi have IPV6 already? So we can have both IPV4 and IPV6 public addresses?

it works the same way using tagged and untagged vlans. You have to take care to note at which level as mikrotik gives you the option to vlan via CPU or switch chip (if device has it). To routers like mikrotik, a vlan is simply an interface, so if you attach a vlan to a port, you set your rules to the vlan rather than the port as that vlan is basically your new port.

its called will it route

When getting any routerboards, even the CCR you're quite wrong about which one to get.

Firstly, you dont need 10Gb/s for WAN, sure i have a 36 core CCR with 2 SFP+ but i also use it for other things that arent network related.
2nd is that if you need software processing speeds, mikrotik has quad core ARM routers coming out thats faster than the RB3011 so it will handle TM's fastest new internet. The RB3011 does 500Mb/s of software processing for NAT, QoS, firewall without using hardware acceleration. Still the CCR1009 would be a better choice for full symmetrical connections (2Gb/s). When preparing for >1Gb/s, you can bond ports together.

This post has been edited by System Error Message: Jul 31 2018, 04:15 PM

was actually agreeing with you, disagreeing with the guy you quoted.

no such thing is that 4011, i searched.
However i did find https://mikrotik.com/product/wireless_wire which says it has a range of 200meters or more, so for those who want gigabit speeds without powerline or wifi, this is the answer, or if you want unifi at some other address and beam to your address, i think line of sight is important too which is useful if your condo(fake in malaysia)/apartment has VDSL and you want fiber optic unifi to one of the homes nearby.

10Gb SFP . SFP is normally 1.25Gb.
I hope you know what SFP is.

Im hoping mikrotik will use the updated Tilera architecture now owned and released by mellanox replacing their MIPS like manycore with ARM instead, but it'd have to be clocked higher than the Tilegx CPUs just to get an edge as MIPS is faster than ARM for NAT and routing clock per clock, this has been tested. So at the same clocks and core count, MIPS is faster than ARM for networking but ARM is faster when running software or if you need VPN, proxying and so on, basically will run dude better.