I'd consider that a bad-faith argument. "What if there is no control/management plane protection to the device?"
If any box is on the public Internet without management plane protection, you're going to be compromised. Sure, some may be faster than others, but that doesn't excuse you from rudimentary protections. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Barry Greene" <[email protected]> To: "North American Network Operators Group" <[email protected]> Cc: "Mike Hammett" <[email protected]> Sent: Monday, February 9, 2026 12:53:14 PM Subject: Re: Router Recommendations Hi Mike, Where are your security requirements? What is the worth of a router today if you put an v6 ACL on it and you drop all your packets to the punt path? What if you cannot get Netflow/IPFIX/sFlow running at a sample rate with export that does not blogged down the control/management plane? What if there is no control/management plane protection to the device? Remember, the are a whole class of threat actors that LOVE Mikrotik’s success. It gives them more boxes to ‘own' and use with minimal operational impact to the operator. Barry > On Feb 10, 2026, at 06:10, Mike Hammett via NANOG <[email protected]> > wrote: > > I'm looking for new BGP routers. I'm currently running Mikrotik, which has > served me well so far, but looking at interface speed, count, FIB size, etc. > and they just aren't going to cut it. > > I'm looking for: > • Has at least 6x 100G ports > • Has a smattering of 10G/25G ports > • Has meaningful packet buffers > • Routes in hardware at least 2m routes combined of IPv4 and IPv6, more is > better > • Has reasonably low power usage, I don't need 1 kw going to a router > • Is cost-effective > • Used is fine > > > I like how the MX301 looks, but it's way more than I'd want to spend, > primarily because there really isn't a used market for them yet. > Arista and Cisco NCS are close, but to check all of the boxes, you're up to > about $15k - $20k. To get to $5k or less, you're compromising on at least two > of the things I'm looking for. > EdgeCore and UfiSpace may have some models that are in the $5k - $8k range, > once you purchase OcNOS. > > > I'd have no problem with the EdgeCore and UfiSpace direction, but I wanted to > make sure I wasn't leaving anything out of consideration. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/ANH4UUU6K3CMCSWSBHAALWTYLHK32OGG/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/UW2FQIME6LQJU5PAOWC3AGWSEYO4USK4/
