MicroTik RB750GR3 hEX Router Reviewed

[thiggins]

Mikrotik's hEX is a very powerful, cheap router that may drive you crazy trying to configure it.

Read on SmallNetBuilder

 

[schultzter]

Great review!

Can the USB plug be used for anything like file sharing? Or is it limited to LTE dongles and loading files onto the router?

And similarly to your Ubuiqiti review, can we expect you to review a Mikrotik switch to pair with this router to expand the capacity? Ideally I would love to see desktop form factor routers with more ports (i.e.: all ports, including power, on the back of the device and status LED on the front).

 

[System Error Message]

@thiggins , you can always ask me for help with configuring, granted the average user will likely throw this out the window.

You can use usb for storage. I have a microSD in my CCR with some linux OS files for tftp booting, it makes a great tftp server too. You can also use usb storage as a cache for transparent web proxy.

FTP is the best way to upload files to the router. Never use drag and drop over winbox or web as it is unreliable.

 

[Nullity]

@thiggins , you can always ask me for help with configuring, granted the average user will likely throw this out the window.

If you could help Tim setup QoS ("bandwidth management"?) I'd be grateful. For me, that's a very important topic for a tutorial to include.

 

[System Error Message]

If you could help Tim setup QoS ("bandwidth management"?) I'd be grateful. For me, that's a very important topic for a tutorial to include.

definitely, it does require a bit of experimenting and browsing through choices of algorithms. It will require some graphics so i will prepare powerpoint too. I've used it in the past but my router is in transit as i've moved.

 

[thiggins]

@thiggins , you can always ask me for help with configuring, granted the average user will likely throw this out the window.

You can use usb for storage. I have a microSD in my CCR with some linux OS files for tftp booting, it makes a great tftp server too. You can also use usb storage as a cache for transparent web proxy.

FTP is the best way to upload files to the router. Never use drag and drop over winbox or web as it is unreliable.

I should have said I tried to get SMB file sharing to work and got an error regarding file attribute changes using my Robocopy script. I updated the review to reflect this.

Like most everything else on the hEX, configuration isn't straightforward.

 

[DanH]

It takes some tinkering, but even a novice can get it doing a lot. I think the issue is, the mikrotik community is just not as helpful (for free) as other communities. Also not as many native English speakers, which makes getting help another barrier.

 

[System Error Message]

It takes some tinkering, but even a novice can get it doing a lot. I think the issue is, the mikrotik community is just not as helpful (for free) as other communities. Also not as many native English speakers, which makes getting help another barrier.

the low cost of mikrotik has made it very popular in 3rd world countries, hence the less english speaking community. I started learning mikrotik way before they came up with any certs and newbies get picked over me

 

[mjdavis871]

So if I wanted to run IOT devices on a separate wireless router, and keep my home network isolated from them, would this router have that configurability?

Sent from my LG-H872 using Tapatalk

 

[thiggins]

So if I wanted to run IOT devices on a separate wireless router, and keep my home network isolated from them, would this router have that configurability?

This product has no Wi-Fi. But there are other Mikrotiks that do.

Either way, it supports the VLANs you would need for separation.

 

[Nullity]

This product has no Wi-Fi. But there are other Mikrotiks that do.

Either way, it supports the VLANs you would need for separation.

If the AP doesn't support VLANs, can the hEX isolate based on the ethernet ports?

 

[thiggins]

If the AP doesn't support VLANs, can the hEX isolate based on the ethernet ports?

Yes. But since many IoT devices are wireless, you'll need to connect hubs and bridges to the same port(s). A switch will do that.

 

[CrystalLattice]

Try setting TTL to 64 to prevent packet loss:
/ip firewall mangle add chain=prerouting out-interface=!local action=change-ttl new-ttl=set:64 passthrough=yes

 

[System Error Message]

Try setting TTL to 64 to prevent packet loss:
/ip firewall mangle add chain=prerouting out-interface=!local action=change-ttl new-ttl=set:64 passthrough=yes

I just realised that there is an option called change TCP mss, this helps.

I dont accept change TTL as a valid option (thrust me you really dont want to change TTLs as its useless and suggested by the indians as a way to bypass NAT detection).

 

[paraplu]

I just realised that there is an option called change TCP mss, this helps.

I dont accept change TTL as a valid option (thrust me you really dont want to change TTLs as its useless and suggested by the indians as a way to bypass NAT detection).

Changing mss would only be required for smaller MTU like pppoe or vpn. If your ISP supports RFC4638 baby jumbo there is no need for pppoe mss mangle, just increase the MTU of the physical port with 8. But for VPN yes you need to catch this. Cisco has a good paper on this: https://www.cisco.com/c/en/us/suppo...ing-encapsulation-gre/25885-pmtud-ipfrag.html

 

[paraplu]

Disappointing IPSec results. Is it the linksys which limits this test?

 

[System Error Message]

Changing mss would only be required for smaller MTU like pppoe or vpn. If your ISP supports RFC4638 baby jumbo there is no need for pppoe mss mangle, just increase the MTU of the physical port with 8. But for VPN yes you need to catch this. Cisco has a good paper on this: https://www.cisco.com/c/en/us/suppo...ing-encapsulation-gre/25885-pmtud-ipfrag.html

I know for ISPs you dont need to use this, only for VPNs and tunnels it helps.

Packet drops in the router itself cannot be solved by TTL as the router does not decrement the TTL in the pre and post routing steps. The only 2 things to check is 1) CPU is not maxed, 2) Interface (both external and internal arent maxed out).

The 2nd is tricky as while the hex3 has decent options, all ports can be switched and some routers allow configuring a port to either be part of a switch or not. While some routerboards have bigger internal busses, if all parts (both WAN and LAN) use the same link to the CPU you are capped to 500Mb/s throughput in some severe situations.

RouterOS makes efficient use of ram so ram bandwidth/speeds doesnt affect throughput as much but the internal busses and caches of these chips are sometimes limited (For example some desktop CPUs have L3 caches that are slower than ram.

Hence why i said that TTL doesnt solve packet drops, only if the TTL is 1 which would make any router drop it but this is a very rare condition that effects every router as whenever traffic is routed the TTL is decremented by 1 for every router/gateway.

 

[snbplan]

I've had one of these boxes for a few days - bandwidth management seems to work.

Here is my setup -

First set up a main queue for all your traffic, then set up child queues for your devices. I had to turn off the single firewall rule enabling fasttrack to see the correct real-time bandwidth figures in my queue table.

Also used the "default" queue option - not "default-small" -

So adjust the firewall, set up main queue, set up child queues - should be able to control traffic/queue(this video may help too - you can try default small for queue type, I went with default).

 

[System Error Message]

I've had one of these boxes for a few days - bandwidth management seems to work.

Here is my setup -



First set up a main queue for all your traffic, then set up child queues for your devices. I had to turn off the single firewall rule enabling fasttrack to see the correct real-time bandwidth figures in my queue table.

Also used the "default" queue option - not "default-small" -

So adjust the firewall, set up main queue, set up child queues - should be able to control traffic/queue(this video may help too - you can try default small for queue type, I went with default).

The problem is that the default queue uses bfifo (bit rate first in first out) which can cause bufferbloats due to the requirement of a buffer, hence why im making a tutorial.

 

[CrystalLattice]

The problem is that the default queue uses bfifo (bit rate first in first out) which can cause bufferbloats due to the requirement of a buffer, hence why im making a tutorial.

Other problems with Mikrotik RB750GR3 are:

1.) OpenVPN can only run under TCP, as Mikrotik has been unable to code for UDP.

2.) Intermittent packet loss experienced by Tim Higgins was not experienced by Jim Salter, ArsTechnica.com, who reports relatively smooth waveforms with some connection failures like any router except for his minimal diy Ubuntu, and Ubiquiti-ER Pro.

3.) Previous poor record of European router hacks by Mikrotik(probably not configured or password coded, though), and previous poor hardware defect record of RB750GR2.

Despite all this, it may be a solution as head home/office router and firewall, on future firmware update, relegating any expensive name brand router to AP use only.