Quick Guide: Sizing Up And Selecting A Mikrotik Router

You too can have impressive uptime with Mikrotik hardware!

Mikrotik devices are incredibly robust, stable and advanced users are drawn to them for their command-line configurability but how do you know which model is right for you?

Mikrotik publishes ETHERNET TEST RESULTS for each and every device they sell, these are a set of test results of what the device is capable of before being restricted by CPU. This information is on every product page, at the end of the specifications.

Keep in mind that when a Mikrotik device is pegged at 100% CPU, it still functions (does not lock up) but there will be increased latency and/or packet loss.

I started off my Mikrotik journey with a hAP lite:

Screenshot 2026-01-26 at 5.01.13 PM782×283 24 KB

Let’s take a look at the Routing — none (fast path) row, these are the fastest speeds the device is capable of without hardware offloading, CPU only, under ideal conditions.

Generally, you want the value for Routing — 25 ip filter rules at 64 bytes to be around 30% to 50% of your internet speed. The higher it is, the more headroom you have. But 50% at 64 bytes is already crazy high since most traffic these days have packet sizes of either 512 or 1518 bytes (streaming, etc).

This particular model is perfectly fine for 100Mbps networks and is currently the cheapest Mikrotik device you can buy new today — and it runs off usb power!

After a year of using it, and learning everything I can about RouterOS, I upgraded to the original hEX S:

Screenshot 2026-01-26 at 5.11.41 PM782×282 24.3 KB

This model has a USB port, which allowed me to connect a Jio hotspot as a backup internet connection. Infact, I could connect a hub and upto six Jio devices. Life was wild during the lockdown.

Anyway, here you’ll see that this fast path test result for 64 byte packets can easily cross 300Mbps, but the 25 ip filter rule test result is only marginally better than the hAP lite.

This model often hit CPU limits with 250 users, that’s when I upgraded to the hAP AC2:

Screenshot 2026-01-26 at 5.21.48 PM786×283 25.4 KB

This thing has some serious performance, almost quadrupling the hEX S for 25 ip filter rules at 64 bytes!

It never crossed 30% CPU with 250 users. But then I brought the hammer down with the RB4011:

Screenshot 2026-01-26 at 5.24.11 PM785×285 25.3 KB

I personally tested this beauty with 9 WAN connections and 2000 users and the CPU stayed under 40%.

Of course there’s a lot more things to consider when selecting a router (ports, storage, power) but here’s a TLDR for the ETHERNET TEST RESULTS table:

Routing - none (fast path) — Best case scenarios, the upper limit of what the device can handle without packet loss.

Routing - 25 ip filter rules — The last value (64 bytes, Mbps) should be around 30% to 50% of your internet speed.

Why is there a ups thread attached to this post?

Also, why not rb5009 instead?

Ha, just for that uptime screenshot that I posted a while ago, that’s for the RB4011.

Discourse is a sea of noodles, and we’re all swimming in it

Today, that’s a really good option. Back when I upgraded, it wasn’t available yet.

I just realized that means I’ve been running the RB4011 for five years now, wow. Time literally flew.

Even Rb5009 is also 4 years old now.

As long as it gets security updates its fine imo.

Do you still have hap ac2.

Saw that you got L009UiGS as well. Lol.

I still have all my mikrotik devices!

I use the hap lite as a public access point behind a nat for relatives when they visit.

The L009 will replace two hex s devices, it’ll do multiwan failover and load balancing.

I’ll probably keep the rb4011 forever, it’s the most I’ve ever spent on networking gear.

At some point I’ll sell the hex s and hap ac2 since I prefer a cloud license for that class of device.

I’ve gotten so used to using routeros scripting for logic flows that it’s my first choice, second being javascript (nodered) third is bash and a distant fourth is php. I never learned perl or python but I am trying to learn golang.

In case if you are interested in Rb5009 poe version, I’ve few RB5009UPR

… I’ll sell my neighbour’s mango tree and get back to you in a week.

I will also sell my townships mango and guava trees and buy the routers.

@rsaeon i have a hap ac2 which is bootlooping - routeros7 led to low ram.

would you be able to assist in anyway, since you are quite the expert ?

running hap ac, hap ac2s and an ac3

Have you tried netinstall?

tried to the best of my limited abilities..

it should work but I have hardware limitations in terms of machines.

I’m just a vocal enthusiast, the real experts are @smnrock and the super cool guys in @anmolbhard004’s whatsapp group, they talk about this kind of stuff on such a high level that I feel like a kid playing with building blocks.

But yeah, I could attempt a netinstall if you send me the router and then ship it back to you.

Need that group’s link ASAP dm pls

I too would like the group link if possible

@Pauljacob is now the captain of that ship.

Wonderful write up. I had to do the netinstall method for a microtik device once - i cant recall the model. Some weird lightning strike caused some issue.

My hap ac2 had a boot loop issue a while ago due to a faulty power supply. I was away from home and the power supply failed in a weird way leaving the device in constant loop of power on/power off. I thought the device is gone, but with a netinstall, it was back up and running without any problem. It’s still rocking 3 years later.

So do give it a try and the device should be back to normal.

Just finished setting up a Hex as my gateway. With SQM/Cake, 35 Firewall rules and 150/100 bandwidth the peak CPU load is 37% when running waveform bufferbloat test

Got a rude shock when I realized the router was compromised. Did a netinstall and am configuring it again now.

The router was probably exposed when I was doing the firewall rules replacing the default rules.