Difference between revisions of "MikroTik-Fail"

From W9CR
Jump to navigation Jump to search
(MikroTik)
 
 
(3 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
This is a list of basic failures that I've found MikroTik Routers to have.  This is by no means exhaustive.
 
This is a list of basic failures that I've found MikroTik Routers to have.  This is by no means exhaustive.
 +
 +
= IS-IS Support =
 +
 +
<s>Mikrotik doesn't support and will not support ISIS.  </s>
 +
 +
The stated [https://forum.mikrotik.com/viewtopic.php?t=30587#p149066 reason] is it's not a "coooool protocol" like OSPF.
 +
 +
EDIT- Maybe now it's "coooool". IS-IS is being introduced into RouterOS starting in
 +
v7.13. As of v7.14beta8 there is now IS-IS support being EVE-NG tested.
 +
* [https://discord.com/channels/936294190948687922/1108700927365500978/1199781869470883861 https://discord.com/channels/936294190948687922/1108700927365500978/1199781869470883861]
 +
* [https://mikrotik.com/download/changelogs#show-tab-tree_2-id-fbb68df8e99f8b3afd4862846ad531f7 https://mikrotik.com/download/changelogs#show-tab-tree_2-id-fbb68df8e99f8b3afd4862846ad531f7]
 +
 +
= No ability to show bridge table =
 +
In a bridge wireless network where CPE are bridging the LAN port to Wireless, then to the AP, and out the AP Ethernet port, one cannot find the MAC address of the CPE radio and what MAC's it's bridging to the AP.  There has to be a table of this internally in the AP, but it is not exposed.  This makes locating a misbehaving MAC address complex as you have to look at each CPE device's MAC table. 
 +
 +
Alvarion/Cisco/Symbol/Karlnet/Canopy has had this since like 1995.
 +
 +
= VRF table ignored for local responses =
 +
 +
In a VRF, where you have a traceroute going through it, MT will source it's ICMP TTL packets using an IP from the main routing table.  This means anyone tracrouting to the VRF will be able to see IP it's going over, or if it's a private IP that the main table has, it will likely just show "* * *" as the IP will be unreachable.   
 +
 +
This is a [https://forum.mikrotik.com/viewtopic.php?t=78816&start=100 known issue].
 +
 +
https://old.reddit.com/r/mikrotik/comments/5ixk1u/intermediate_hop_dont_show_in_traceroutes_when/
 +
 +
= RFC3021 /31 links =
 +
 +
Mikrotik doesn't support this.  This is an over 20 year old RFC.  Come on.
 +
 +
https://forum.mikrotik.com/viewtopic.php?p=163163
 +
 +
= /export changes at random across different firmware =
 +
 +
/export is not idempotent between OS upgrades on the same hardware. 
 +
 +
This means config backups are basically worthless unless you can input them manually and see what breaks.  There's no revision testing on it either by MT.
 +
 +
= 4 byte ASN =
 +
 +
Per [https://mailman.nanog.org/pipermail/nanog/2022-August/220138.html this message] on NANOG, they can't do 4 byte ASN's

Latest revision as of 13:56, 24 January 2024

This is a list of basic failures that I've found MikroTik Routers to have. This is by no means exhaustive.

IS-IS Support

Mikrotik doesn't support and will not support ISIS.

The stated reason is it's not a "coooool protocol" like OSPF.

EDIT- Maybe now it's "coooool". IS-IS is being introduced into RouterOS starting in v7.13. As of v7.14beta8 there is now IS-IS support being EVE-NG tested.

No ability to show bridge table

In a bridge wireless network where CPE are bridging the LAN port to Wireless, then to the AP, and out the AP Ethernet port, one cannot find the MAC address of the CPE radio and what MAC's it's bridging to the AP. There has to be a table of this internally in the AP, but it is not exposed. This makes locating a misbehaving MAC address complex as you have to look at each CPE device's MAC table.

Alvarion/Cisco/Symbol/Karlnet/Canopy has had this since like 1995.

VRF table ignored for local responses

In a VRF, where you have a traceroute going through it, MT will source it's ICMP TTL packets using an IP from the main routing table. This means anyone tracrouting to the VRF will be able to see IP it's going over, or if it's a private IP that the main table has, it will likely just show "* * *" as the IP will be unreachable.

This is a known issue.

https://old.reddit.com/r/mikrotik/comments/5ixk1u/intermediate_hop_dont_show_in_traceroutes_when/

RFC3021 /31 links

Mikrotik doesn't support this. This is an over 20 year old RFC. Come on.

https://forum.mikrotik.com/viewtopic.php?p=163163

/export changes at random across different firmware

/export is not idempotent between OS upgrades on the same hardware.

This means config backups are basically worthless unless you can input them manually and see what breaks. There's no revision testing on it either by MT.

4 byte ASN

Per this message on NANOG, they can't do 4 byte ASN's