Mikrotik
We wanted to see the full potential of the good, old, reliable 10G networking combined with a modern CPU. Mikrotik CCR2116-12G-4S+ allows you to forget about CPU limitations in your setup. Like its younger brother – the amazing CCR2004, this router features the mighty Amazon Annapurna Labs Alpine CPU.
But with 16 cores running at 2 GHz, this CCR eats the other one for breakfast. For example, we see at least a 15% increase in single-core performance. And that is the most important aspect when it comes to heavy operations based on per-connection processing. Like queues, for example. Mikrotik CR2116-12G-4S+ sets a new standard of single-core performance in the whole CCR product family! And it supports Layer 3 Hardware Offloading!
Obviously, you need the right connectivity to harness this power. There are four 10G SFP+ ports. They have a separate, full-duplex line connected to the Marvell Aldrin family switch chip. Then we have Gigabit Ethernet ports. 12 of them are running through the Marvel chip. And there is another Gigabit port connected directly to the CPU. For management purposes.
Each group of 4 ports has a separate full-duplex connection to the switch chip. No bottlenecks here. You can expect switch-like throughput in most setups. The new generation of processors offers mind-blowing performance. If we look at the Mikrotik CCR1036 - the powerhouse with a 36 core CPU, the new CCR2116 can easily double the performance. 16 cores vs 36 cores. Double the performance. Or even more.
If you are a rather large ISP, dealing with dynamic routing, massive BGPs, complex firewall rules, and intricate quality of service configurations..This is the right device for you. Combination of raw power and utility with the reliable 10G networking. And yes, like with any ISP-level device, we’ve included a dual-redundant power supply. So you have one less thing to worry about.
Mikrotik CCR2116-12G-4S+: technology tested by time, built for the future.
RouterOS
the operating system (firmware) of Mikrotik RouterBOARD
It can also be installed on a PC and will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more.
Firewall and Router
- Stateful Packet Inspection (SPI)
- GeoIP blocking
- Anti-Spoofing
- Time based rules, Connection rules
- Dynamic DNS, Reverse proxy
- Captive portal guest network
- Supports concurrent IPv4 and IPv6
- NAT mapping (inbound/outbound)
- VLAN support (802.1q)
- Configurable static routing
- IPv6 network prefix translation
- IPv6 router advertisements
- Multiple IP addresses per interface
- DHCP server, DNS forwarding
- Wake-on-LAN, PPPoE Server
VPN
- IPsec and OpenVPN
- Site-to-site and remote access VPN support
- SSL encryption
- VPN client for multiple operating systems
- L2TP/IPsec for mobile devices
- Multi-WAN for failover
- IPv6 support
- Split tunneling
- Multiple tunnels
- VPN tunnel failover
- NAT support
- Automatic or custom routing
- Local user authentication or RADIUS/LDAP
Intrusion Prevention System
- Snort-based packet analyzer
- Layer 7 application detection
- Multiple rules sources and categories
- Emerging threats database
- IP blacklist database
- Pre-set rule profiles
- Per-interface configuration
- Suppressing false positive alerts
- Deep Packet Inspection (DPI)
- Optional open-source packages for application blocking
Enterprise Reliability
- Optional multi-node High Availability Clustering
- Multi-WAN load balancing
- Automatic connection failover
- Bandwidth throttling
- Traffic shaping wizard
- Reserve or restrict bandwidth based on traffic priority
- Fair sharing bandwidth
- User data transfer quotas
User Authentication
- Local user and group database
- User and group-based privileges
- Optional automatic account expiration
- External RADIUS authentication
- Automatic lockout after repeated attempts
Proxy and Content Filtering
- HTTP and HTTPS proxy
- Non Transparent or Transparent caching proxy
- Domain/URL filtering
- Anti-virus filtering
- SafeSearch for search engines
- HTTPS URL and content screening
- Website access reporting
- Domain Name blacklisting (DNSBL)
- Usage reporting for daily, monthly, etc.
Double the usual performance: we took your feedback from the MikroTik User Meetings to create the perfect home lab router: compact, powerful, with multiple powering options and efficient cooling.RB5009 has it all, and even more!
The board features 9 wired ports and a full-sized USB 3.0. Seven of the ports are Gigabit Ethernet, another one is 2.5 Gigabit Ethernet, and the last one is a 10G SFP+ cage. All the ports are connected to a powerful Marvell Amethyst family switch-chip with a 10 Gbps full-duplex line leading to the Marvell Armada Quad-core ARMv8 1.4 GHz CPU. Both CPU and the switch-chip are located on the bottom of the board – so the case acts as a massive heat-sink!
Boards come with 1GB of DDR4 RAM and 1GB NAND storage. This combination of ports and components, compared to our other products in a similar form factor, provides almost double the performance in configurations with heavy CPU loads.
With a simple set of mounting accessories, you can mount FOUR of these routers in a single 1U rackmount space! No more server-room-Tetris, just pure productivity.
Administrator
Configuration
- Web-based configuration
- Setup wizard for initial configuration
- Remote web-based administration
- Customizable dashboard
- Easy configuration backup/restore
- Configuration export/import
- Encrypted automatic backup to Netgate server
- Variable level administrative rights
- Multi-language support, Simple updates
- Forward-compatible configuration
- Serial console for shell access and recovery options
System Security
- Web interface security protection
- CSRF protection
- HTTP Referer enforcement
- DNS Rebinding protection
- HTTP Strict Transport Security
- Frame protection
- Optional key-based SSH access
- Block private networks of WAN as default
- Block bogon networks as default
- L2TP VPN, OpenVPN, IPsec
- Block bogon networks as default
Reporting & Monitoring
- Dashboard with configurable widgets
- Local logging
- Remote logging
- Local monitoring graphs
- Real-time interface traffic graphs
- SNMP monitoring
- Notifications via web interface, SMTP, or Growl
- Hardware monitoring
- Networking diagnostic tools
- BandwidthD, MRTG like traffic chart