Something I've been meaning to do for a while now is replace my Unifi USG 3P. It's a nice device to use, but I want more. More performance and more capabilities, like being able to play with routing, and hosting a Wireguard VPN server directly on the router instead of being a separate box. Mikrotik has a bunch of good options, even if it means I won't get the nice integration and management UI that I get right now.
Well my USG carked it recently, and actually I'd already bought a Mikrotik several months earlier but never sat down and put in the effort to configure it and get it up and running; now I don't have a choice. 😂
I didn't realise until later but the USG exhibited this exact problem with the unit chirping due to a dead power brick - the router itself is fine! https://old.reddit.com/r/Ubiquiti/comments/yx2izr/psa_if_you_are_still_using_a_usg3p/
Anyway I chose the Mikrotik RB5009UPr+S+IN, I figured while I'm at it I might as well find something that can replace the Unifi 8-port PoE switch in my network core as well, and sure enough this fits the bill perfectly. It's got 8 ports of gigabit connectivity and PoE-out on all the ports, and is somehow way smaller than either the Unifi 150W PoE switch, AND produces less heat. It's a really nice piece of kit.
Initially I was eyeing off their CRS326, not least because having 24 ports would be hilarious overkill, but it doesn't have PoE so I wouldn't be improving anything, and it'd be even more of a pain in the arse to fit in the telco cupboard right now.
The power brick is a bit chonky, but that's to be expected when it can supply up to 96W of power. Yes it's less than the Unifi switch's 150W capacity, but I'm only running about 15W worth of Wifi APs and computers so it's way more than I need anyway. Unsurprisingly it all pretty much Just Works out of the box.
With a bit of poking I got IPv6 working great, and after some mucking about managed to get my head around the way VLANs work on the bridged interfaces, so now my IOT stuff is happy again. The one downside that people mention is that you need an mDNS proxy to bridge VLANs together so that IOT devices can see each other across firewalled segments, but I'll deal with that sometime in future. I run enough servers here that surely one of them can run a simple daemon for it. Here's some people talking about repeaters and reflectors and apparently stuff Just Works on Unifi, and that's what I need.
It did take a while to get things nicely tuned for the way I want to use it, but it's really nice and the config syntax is pretty okay once you get used to it.
One of the things I'm looking forward to doing is joining dn42 to play around with dynamic routing protocols. I do a little of that at work, but it's just not the same unless you can break it yourself at home y'know.
They also support something called TZSP which I'd never heard of before, it's basically running tcpdump in one place but sending all the traffic to another station for analysis. Much like what I imagined a few years ago when I started at Arista, wishing I could do tcpdump on a switch to see what's flying past (normally you can't because the CPU (and thus tcpdump) doesn't see the traffic, it never leaves the switching ASIC). That makes it super easy to do stuff like adhoc tcpdump, IDS scanning, traffic accounting, etc.