What's new

Edgerouter 12 vs Mikrotik RB4011

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

paraplu

Regular Contributor
Last edited:
Tried the RB4011 thinking it would replace my router and switch setup with a single device. Unfortunately it didn’t work out: SFP was not working towards my ISP. The Rb4011 has limitations on SFP support. Discussed in the MT forums; but only recently MT paged this limitation on their product website. Which is:

Note: The RB4011 does not support Passive DAC modules, 1GB copper SFP modules and SFP GPON modules

In addition it only works with common SFP optical only with both interface sides set to manual speed; which is basically not possible with auto sensing ISP’s.

Quite a bugger for the RB4011.

Edit: SFP works fine now since latest stable release.
 
Last edited:
Hardware designs are pretty standard on both models. So a decisive factor would be firmware features, support and the talent behind it.

Edgemax firmware at the moment is a little mess (if not a huge one..). UBNT had gone insane to release an alpha grade FW for ER-X as 2.0.0 in the past week or so. ER-X perhaps is their most popular sales. Not unexpectedly quite a few early birds got a "bricked" router as a result.

The FW mess (and a 2+ yr stagnation in development before it) probably should be enough hints for potential new Edgerouters users and give a second consideration on Mikrotik stuff if there is no other options..

As an aside..on the new 2.0.0 FW

Personally my ERX got "bricked" in 2.0 beta 2 and again in beta 3 and... again in 2.0 release. Luckily I saved the router in quick rescue operations. At the end even sorted out what's the bug and a workaround.

Given UBNT's poor track records on previously reported issues, and their forum's fanboy culture, this time around I'm not going to tell them what's the issue and the solution. :cool:
 
I have both ubiquiti and mikrotik, security wise both are good, dont listen to what others say when it comes to vulnerabilities because no one should be able to access your winbox port from WAN in a home environment, same for management interfaces as well for both brands.

Ubiquiti is more like a jack of all trades master of none kind of router as you can run other linux programs on it, something you cant do on mikrotik. Mikrotik is a very good router, it just cant do much more than being a router unless you can hack it, but they delete any guides to it on their forums that let you use it as a regular linux device.

Both are quad cores. The edgerouter boasts a 64 bit MIPS based CPU, its a decent MIPS, the mikrotik uses a 32 bit ARM A15 quad core CPU at a higher clock. Clock per clock the ARM A15 is either on par or faster than the edgerouter's MIPS. 64 bit or 32 bit doesnt matter in this case.

Then you have interfaces and switches, look and compare the architectures like switches and stuff. Mikrotik were earlier than other brands at using bigger links between the switch chips and CPU and you can plug a cable from one switch chip port to another to avoid traffic going through the CPU for that if you want.

Ubiquiti's investment brochure paints a very shady picture about Ubiquiti itself as above has mentioned when it comes to dealing with problems/updates.

Still while neither brand is perfect (you get what you pay for), As a router, mikrotik is better, as an embedded linux device, ubiquiti can do that, its really up to you for choice and architecture and use should be the main decider. Do you want something thats only a router or jack of all trades? Are the architectures fit for what you intend to do(switch arrangements, interfaces, etc)? Can you add ram and storage if you plan on using more features or things that use (example transparent proxy cache).

Another minor thing, you can plug a GPS receiver into mikrotik to get time, but you cannot make it a stratum-1 NTP server.
 
Hardware designs are pretty standard on both models. So a decisive factor would be firmware features, support and the talent behind it.

Edgemax firmware at the moment is a little mess (if not a huge one..). UBNT had gone insane to release an alpha grade FW for ER-X as 2.0.0 in the past week or so. ER-X perhaps is their most popular sales. Not unexpectedly quite a few early birds got a "bricked" router as a result.

The FW mess (and a 2+ yr stagnation in development before it) probably should be enough hints for potential new Edgerouters users and give a second consideration on Mikrotik stuff if there is no other options..

As an aside..on the new 2.0.0 FW

Personally my ERX got "bricked" in 2.0 beta 2 and again in beta 3 and... again in 2.0 release. Luckily I saved the router in quick rescue operations. At the end even sorted out what's the bug and a workaround.

Given UBNT's poor track records on previously reported issues, and their forum's fanboy culture, this time around I'm not going to tell them what's the issue and the solution. :cool:

My ER4 had no trouble at all with the 2.0 release. Surprises me that you installed it for the ERX while the readme clearly mentioned some outstanding limitations with ERX and this release.
 
I have both ubiquiti and mikrotik, security wise both are good, dont listen to what others say when it comes to vulnerabilities because no one should be able to access your winbox port from WAN in a home environment, same for management interfaces as well for both brands

Fully agree on the security aspect. Also having quite some bit of experience with both brands. It’s the software that makes or breaks it. With routeros I am getting lots of conntrack invalid packets in the forward chain. With edgeOS none. Both with basic setups. Would you have any explanation for this?
 
Fully agree on the security aspect. Also having quite some bit of experience with both brands. It’s the software that makes or breaks it. With routeros I am getting lots of conntrack invalid packets in the forward chain. With edgeOS none. Both with basic setups. Would you have any explanation for this?
Its the way they consider a connection. Are you having any issues with mikrotik in terms of it working when you are seeing invalid packets?

Its just a difference in how they consider something and report things to you. https://forum.mikrotik.com/viewtopic.php?t=127846 should answer your question.

The CPU in the RB4011 is only a bit faster than the ER-12 too, they arent the same in hardware but very very different both in terms of routing performance, VPN performance and software performance with each CPU excelling in particular areas, even the hardware architecture is different, things like upgradeable ram, different interfaces, or internal slots, things you can add to it and even the switch groups, these things do matter especially switch groups depending on use case. Also as he mentioned mikrotik has a SFP+ port which is great if you have a file server with a 10Gb/s port (though you may need adapter). Mikrotik uses the ARM A 15 rather than the slower ARM A9 and equivalents you see in consumer routers, which is a huge difference in performance compared to other ARMs making the CPU faster clock per clock and it has higher clocks too. The MIPS used in ubiquiti is no slouch either and better than the MIPS you get in consumer routers clock per clock too.

the ER-12 vs mikrotik rb4011 is clear, each going in opposite directions. On the software ubiquiti is a jack of all trades, master of none while mikrotik is a master of being a router, but really poor at doing other things, then on the hardware side its the same deal as both are totally different, so essentially it really depends on use case when comparing these 2.

As for security, make sure you check for backdoors. With mikrotik there are known cases of middleman inserting backdoors into the firmware but mikrotik has introduced a way to solve them when updating firmware. As long as you configure it right to prevent any possible access to your management of the device you should be fine unless it ignores the rule and continues. Both platforms offer ways to enable/disable various services so you could use https rather than http instead for example. Note that on both platforms for scripts, if you do not use something like https or api-ssl your passwords will be plaintext, but most tutorials are interchangeable allowing you to just add the ssl in without any other changes.
 
The RB4011 gives me my full 750/750mbps throughput with Fasttrack disabled and a couple of simple queues.
The Edgerouter stalls at around 520mbps with Codel enabled. Still not bad. CPU power of the MT clearly wins here.
 
Its the way they consider a connection. Are you having any issues with mikrotik in terms of it working when you are seeing invalid packets?

Its just a difference in how they consider something and report things to you. https://forum.mikrotik.com/viewtopic.php?t=127846 should answer your question.

Interesting read, but both OS are based on iptables conntrack module so why different stats? Unfortunately routeros does not publish its source code.
 
Interesting read, but both OS are based on iptables conntrack module so why different stats? Unfortunately routeros does not publish its source code.
different rules. If you read the link he is saying things that terminate at the router like l2 packets and such are considered invalid and appear on stats, something other routers dont do.
 
Overall been a Ubquiti customer since June 2018, and overall happy with their products, so I would suggest them. Good Luck.
 
Overall been a Ubquiti customer since June 2018, and overall happy with their products, so I would suggest them. Good Luck.

Used ERL a couple of years back in 2013 but had to replace the internal cheap USB stick TWICE. A good thing they use an onboard eMMC in the latest models.
 
different rules. If you read the link he is saying things that terminate at the router like l2 packets and such are considered invalid and appear on stats, something other routers dont do.

Okay, still sounds odd.
 
you can copy/divert invalid packets to wireshark/sniffer and see what they are.

A simple logging rule exposed those drops. Mostly ACK FIN and ACK PUSH l3 packets towards (previously) established NAT connections. I guess MT has customized the nf/conntrack module to drop these packages.
By default MT has some aggressive conntrack time outs. After changing these time out values to Linux (and edgerouter) values, I still receive the same drops.
 
Last edited:
A simple logging rule exposed those drops. Mostly ACK FIN and ACK PUSH l3 packets towards (previously) established NAT connections. I guess MT has customized the nf/conntrack module to drop these packages.
By default MT has some aggressive conntrack time outs. After changing these time out values to Linux (and edgerouter) values, I still receive the same drops.
i think you can adjust it in MT as well. it isnt good to have long timeouts either.
 
As a follow up on this topic:

Decided to go for the RB4011, selling my ER4.

Reasoning:
- ER4 bridging IPTV between ISP vlan and eth/vlan gives too much load = no hardware offload.
- ER4 SFP didn’t work out. RB4011 is working fine since recent release, with my SFP adapter.
- GUI interface of ER4 is pretty limited. RB4011 gives all.
- RB4011 is giving me 2 switches. ER4 none. Though; switch functions without VLAN support on the RB; configure carefully!
 
I think once you go to separates switches ports on the router having little meaning and purpose. You should use a large managed switch. The best choice would be a layer3 switch but you can get by OK with layer2. Maybe even a POE+ switch so you can run wireless APs and cameras and other things. It is a much cleaner setup for devices.
 
Similar threads
Thread starter Title Forum Replies Date
B Logging inbound connections on Edgerouter X Routers 1
C OpenWRT on EdgeRouter Lite 3 Routers 5

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top