Mikrotik software firewall/router?
- 
 The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. 
- 
 @ITivan80 said in Mikrotik software firewall/router?: I have seen them used in DC world. Though i myself do not have experience on them sorry  Being that human beings are imperfect anything we make will be imperfect. It's a given that all products experience problems that need to be addressed. It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had. 
- 
 @PhlipElder said in Mikrotik software firewall/router?: It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had. that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say. 
- 
 @scottalanmiller said in Mikrotik software firewall/router?: The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. Open Source may be as vulnerable or more vulnerable to the SolarWinds style "attack": https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source No system managed and run by human beings is exempt from issues with the product nor the malicious behaviours of perps. 
- 
 @scottalanmiller said in Mikrotik software firewall/router?: @PhlipElder said in Mikrotik software firewall/router?: It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had. that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say. Okay, I have a memory: A perp was running around Microsoft's CorpNet and snipping images of what they saw and posting them via Tw33ter or other social media platform. I did not save them, unfortunately. So, have they been memory holed? Can you find them? How about Microsoft's statement around the perps running around CorpNet after the SolarWinds fiasco? "Oh, they only saw not important code" or something to that effect. Has that been memory holed? 
- 
 @PhlipElder said in Mikrotik software firewall/router?: @scottalanmiller said in Mikrotik software firewall/router?: @PhlipElder said in Mikrotik software firewall/router?: It's also one of the main reasons why a red flag gets raised when vendors, especially the hyper-cloud sized ones, remain silent about any issues they've had. that's a tough one because how do we know when they are being silent or not, or just have had fewer issues? It's hard to say. Okay, I have a memory: A perp was running around Microsoft's CorpNet and snipping images of what they saw and posting them via Tw33ter or other social media platform. I did not save them, unfortunately. So, have they been memory holed? Can you find them? How about Microsoft's statement around the perps running around CorpNet after the SolarWinds fiasco? "Oh, they only saw not important code" or something to that effect. Has that been memory holed? The reason I ask is because it seems to be the standard order of procedure to hide everything instead of coming clean and being forthright. iNSYNQ, Maersk, Wolters Kluwer are three public situations. I know of plenty of not public ones that never got broadcast beyond those impacted. No news item, no mention anywhere. So, what's up with that? 
- 
 @scottalanmiller said in Mikrotik software firewall/router?: The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. Three cluster setups: 
 1: Cisco Small Business Pro series Gigabit and 10GbE
 2: NETGEAR Gigabit and 10GbE
 3: Ubiquiti Gigabit and 10GbE
 4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least? 
- 
 @PhlipElder said in Mikrotik software firewall/router?: @scottalanmiller said in Mikrotik software firewall/router?: The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. Three cluster setups: 
 1: Cisco Small Business Pro series Gigabit and 10GbE
 2: NETGEAR Gigabit and 10GbE
 3: Ubiquiti Gigabit and 10GbE
 4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least? I can't stand the suspense. Please tell! 
- 
 @Pete-S said in Mikrotik software firewall/router?: @PhlipElder said in Mikrotik software firewall/router?: @scottalanmiller said in Mikrotik software firewall/router?: The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. Three cluster setups: 
 1: Cisco Small Business Pro series Gigabit and 10GbE
 2: NETGEAR Gigabit and 10GbE
 3: Ubiquiti Gigabit and 10GbE
 4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least? I can't stand the suspense. Please tell! In order of stability and longevity: 
 4 1 2 3.
- 
 @PhlipElder said in Mikrotik software firewall/router?: @Pete-S said in Mikrotik software firewall/router?: @PhlipElder said in Mikrotik software firewall/router?: @scottalanmiller said in Mikrotik software firewall/router?: The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. Three cluster setups: 
 1: Cisco Small Business Pro series Gigabit and 10GbE
 2: NETGEAR Gigabit and 10GbE
 3: Ubiquiti Gigabit and 10GbE
 4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least? I can't stand the suspense. Please tell! In order of stability and longevity: 
 4 1 2 3.Thanks, I suspected something along that line. Interesting! 
- 
 @PhlipElder said in Mikrotik software firewall/router?: @scottalanmiller said in Mikrotik software firewall/router?: The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. Three cluster setups: 
 1: Cisco Small Business Pro series Gigabit and 10GbE
 2: NETGEAR Gigabit and 10GbE
 3: Ubiquiti Gigabit and 10GbE
 4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least? Off the top: 4: ConnectX-3 VPI would not come back online after a cable swap no matter what. Had to reboot the node. SwitchX still up and running and we're getting close to 8 years. 
 1: We have some SG300x or SG350x series that came back from clients still humming along close to 10 years later. Had a few early hardware rev editions drop ports. Some issues with the UI and responsiveness but all and all a solid platform.
 2: Solid. 10 years later still going though firmware tends to get persnickety after 24-36 months of uptime or longer so an occasional reboot needed.
 3: Management UI installed the reset the adopted switches without any warning. Threw a cluster into chaos. Site does not mention that that would happen. Lesson learned. VLANs: If there are "too many" the switches randomly stop routing. Just stop. In a teamed setting not so bad but the VMs residing on the port that gets dropped just disappear. What a PITA totroubelshoottroubleshoot (dyslexic brain on overdrive today).We do get what we pay for. ;0) 
- 
 @Pete-S said in Mikrotik software firewall/router?: @PhlipElder said in Mikrotik software firewall/router?: @scottalanmiller said in Mikrotik software firewall/router?: The same sales tactic is used to sell expensive "you have to pay the vendor extortion rates for support" over open source products that are known to be far better for decades. It's probably the best known scam in our industry. And once people overpay and get too little, the vendor has customers over a barrel and they feel that they can't expose to management that they spent a fortune and got less than they would have gotten for cheap or for free. And so the spending spree continues because no one up the chain wants to expose what they've done. Three cluster setups: 
 1: Cisco Small Business Pro series Gigabit and 10GbE
 2: NETGEAR Gigabit and 10GbE
 3: Ubiquiti Gigabit and 10GbE
 4: Mellanox/NVIDIA 10GbE, 40GbE, 50GbE, 100GbEGuess which ones we've had the most grief with? Which one's the least? I can't stand the suspense. Please tell! Cisco woudl be reliably the biggest problem. Never seen anything require more support, have more problems. Netgear is cheap, and we've seen lots of issues. Nothing is as bad as Cisco, obviously, but Netgear relies on easy to manage, easy to replace and if you have the right mindset it'll crush Cisco in the big scheme. Worked extremely little with Mellanox. Known to be really good stuff. Ubiquiti is definitely what I'd use most of the time. Good management, better pricing, and has the "easy to replace" advantages that take Cisco out of the serious running. Nothing Cisco could do (but doesn't anyway) could touch the safety net of being able to have spares instead of waiting for clueless engineers to putz around. 

