LAN and VLANs
The hEX has four 10/100/1000 Ethernet ports. You can control MTU size, create IP and GRE tunnels, add VLANs, implement Virtual Router Redundancy Protocol (VRRP), channel bonding, and LTE interfaces for backup to your wired connections.
RouterOS supports port based and 802.1Q tagged VLANs. I was able to successfully test 802.1Q VLANs on the hEX router. Using the GUI, I added a test VLAN and attached it to the hEX's LAN interface as shown below.
I then configured my test VLAN with an IP address and DHCP server. Using an 802.1Q capable access point connected to the hEX's LAN with an SSID configured for both the default VLAN and my test VLAN, I was able to connect to both VLANs based on the SSID I attached to, validating the hEX's VLAN tagging capability.
The RouterOS firewall menu presents numerous firewall options for controlling traffic in and out of the hEX.
Filtering rules are added to an access control list and processed from top down. Traffic can be filtered by source and destination address, source and destination port, protocol, as well as inbound and outbound interfaces. NAT and VPN optimizations are also controlled via the firewall menu.
As mentioned previously, I created a firewall rule to allow Winbox access to the router's WAN port to enable remote management access. The rule, shown below, involved accepting TCP traffic to port 8291, which appears to be the port Winbox uses to connect to the router.
RouterOS Firewall Rule
I also created a firewall rule to enable PPTP connections. For both of my firewall rules, I had to make sure they were listed above the final drop rule. The GUI comes in handy for this step as you can simply drag your newly created rule up the list to ensure it is processed before the final drop rule.
There are no web filtering options available to those who don't want to deal with the CLI. But entering block websites into MikroTik Wiki search box, which uses Google search, came up with this article on configuring a proxy to do domain filtering.
QoS options are similarly not for the networking novice. Searching for QoS brought up this page, which is enough to make it clear that anyone looking for a point-and-click QoS menu is out of luck.
Advanced Network Features
In addition to the above features, the hEX offers MPLS, Routing, and Queuing options. At a high level, RouterOS MPLS options include enabling MPLS switching, Routing options include BGP, OSPF, and RIP protocols. Queuing options include simple bandwidth management. Aside from Queuing, which I'll get to shortly, these are not options home networkers would need.
I applied a simple bandwidth management rule following the example shown here and ran before and after tests using TotuSoft's LAN Speed Test tool. Unfortunately, my tests showed that bandwidth remained unchanged. I tried multiple combinations of configurations, but was unable to affect my throughput with any of the simple rules I tried.
Last, RouterOS offers multiple views into the traffic flows and activity on the network. From the interface screen, you can see live traffic going in and out the active interfaces, as shown below.
The System menu has multiple displays of the router's health and performance. Below is a display of the System options.
System MenuFor example, a look at the Resources menu shows memory and CPU usage as shown below.
Testing by Tim Higgins
We ran the hEX through the Revision 10 performance test process with v6.39.2 firmware loaded, which was the most recent at time of test. As mentioned earlier, I later upgraded the firmware to v6.40.3 for my functional and feature review. The table summarizes router performance results.
|Test Description||MikroTik hEX|
|WAN - LAN Throughput (Mbps)||939|
|LAN - WAN Throughput (Mbps)||939|
|HTTP Score - WAN to LAN (%)||65.8|
|HTTP Score - LAN to WAN (%)||57.9|
|Bufferbloat Score- Down Avg.||680|
|Bufferbloat Score- Down Max.||515|
|Bufferbloat Score- Up Avg.||559|
|Bufferbloat Score- Up Max.||437|
|CTF Score (%)||41.9|
The hEX maxed out the iperf-based WAN-LAN and LAN-WAN throughput tests, which don't put much stress on the router. Bufferbloat scores were at the top of the Average and Maximum downlink charts, beating all other products, the EdgeRouter Lite included. But on uplink, the EdgeRouter Lite topped both average and maximum charts. For reference, all latency values, both average and maximum, ran between 1.5 and 2.3 ms.
I compared the hEX HTTP scores against the ASUS GT-AC5300 and the Ubiquiti EdgeMAX EdgeRouter Lite, the only two higher scoring routers for these benchmarks. The winner of the three remains the ASUS, but the hEX held its own against the ASUS and outperformed the EdgeRouter Lite in the smaller filesize tests running WAN to LAN.
The CTF score is a measure of the effect on throughput when various routing features are enabled. Or in the hEX's case, with "FastTrack" disabled, which is their term for Cut Through Forwarding. The chart below shows hEX's throughput was reduced to around 42% of the normal 939 Mbps measured with the default state of FastTrack enabled. Note the EdgeRouter Lite did worse, dropping to 12.9% of normal throughput (~940 Mbps) when CTF was disabled on it.
On a practical performance level, I initially experienced packet loss during my testing, indicated by intermittent periods of network slowness. Continuous ping tests also showed dropped packets. I tried resetting the router multiple times, yet the packet loss continued.
I initially thought the packet loss might be due to using the GUI at the same time as my testing, but that theory didn't prove out as the packet loss occurred even when I wasn't logged in.
Through the course of this review, I reset the router numerous times. At the end of my testing, I couldn't duplicate the packet loss, so I'm not sure of the cause. Perhaps the problem was user error, perhaps just an anomaly. Nevertheless, it is important to mention.
Amazon's prices for the routers I compared to the hEX paints an interesting story. The ASUS GT-AC5300 currently lists for $389, the EdgeRouter Lite lists for around $94, and the MikroTik hEX for $50. That's an amazing difference in price for three devices with similar routing performance numbers! To be fair, the ASUS GT-AC5300 is also a highly capable Wi-Fi router, while the Ubiquiti and MikroTik are wired-only routers, without Wi-Fi radios. Still, the hEX's bang-for-the-buck is obvious if all you want is a capable, high-throughput wired-only router.
At the end of the day, I came away impressed with the massive amount of features in RouterOS loaded into such a small and inexpensive package. I was also very aware that I had only scratched the surface of its capabilities. I had success in configuring most of the features I tried, but also had experienced a temporary issue with packet loss and an inability to apply working bandwidth management.
The bottom line is the hEX is an inexpensive but powerful router for network experts and those who aspire to be. This is not the inexpensive plug-and-play router you're looking for.