In Telegram chat
In this article, I will not touch on the licensing of Mikrotik hardware devices, since they have the maximum license installed from the factory that the hardware can serve.
Where did Mikrotik CHR come from?
Mikrotik produces various network equipment and installs on it a universal operating system of its own production - RouterOS. This operating system has a huge functionality and a clear administration interface, and the equipment on which it is used is not very expensive, which explains its wide distribution.
To use RouterOS outside of their hardware, Mikrotik released an x86 version that could be installed on any PC, giving a second life to ancient hardware. But the license was tied to the hardware numbers of the equipment on which it was installed. That is, if the HDD died, then it was possible to say goodbye to the license ...
The x86 version had another problem - it was not very friendly with hypervisors as a guest. But if high loads were not expected, then a completely suitable version.
The legal RouterOS x86 in the trial can only work fully for 24 hours, and the free one has a lot of restrictions. No system administrator will be able to fully evaluate all the functionality of RouterOS in 24 hours ...
From a pirated resource, it was easy to download an image of a virtual machine with an already installed RouterOS x86, of course with its crutches, but for me, for example, that was enough.
"If you can't beat the crowd, lead it"
Over time, the competent management of Mikrotik decided that it was impossible to fight piracy and that it was necessary to make it unprofitable to steal their operating system.
So there was a branch from RouterOS - "Cloud Hosted Router", aka
The licensing system has also changed:
The limitation applies only to the speed of network ports. On the free version, it is 1 Mbps, which is enough to build virtual stands (for example, on
The paid version on the official website bites a lot, but you can buy a little cheaper from official dealers:
And if you are satisfied with the speed of 1 Gbit / s on the ports, then the P1 license is enough for you:
What is CHR for? My examples.I often hear the question: what for do you need this virtual router? Here are a couple of examples of what I personally use it for. Please do not holivar on these decisions, as they are not the topic of this article. This is just an application example.
Central router for combining offices
Sometimes it is required to combine several offices into one network. There is no office with a fat Internet channel and a white ip. Perhaps everyone is sitting on Yota, or a 5 Mbps channel. And the provider can filter any protocols. For example, I noticed that L2TP simply does not rise through the St. Petersburg provider Comfortel ...
In this case, I raised CHR in the data center, where they give a fat stable channel for one vds (of course, I tested it from all offices). There, the network very rarely falls off completely, unlike "office" providers.
All offices and users connect to CHR via the VPN protocol that is the most optimal for them. For example, mobile users (Android, IOS) feel great on IPSec Xauth.
At the same time, if a database of several tens of gigabytes is synchronized between office 1 and office 2, then the user watching the cameras on the site will not notice this, since the speed will be limited by the channel width on the end device, and not by the CHR channel.
Gateway for hypervisor
When renting a small number of servers in the DC for several tasks, I use VMWare ESXi virtualization (you can use any other, the principle does not change), which allows you to flexibly manage the available resources and distribute them among the services raised in the guest systems.
Network and security management I trust CHR as a full-fledged router, on which I manage all network activity, both containers and the external network.
By the way, after installing ESXi, the physical server does not have white ipv4. The maximum that can appear is an ipv6 address. In such a situation, detecting a hypervisor with a simple scanner and taking advantage of a βnew vulnerabilityβ is simply not realistic.
Second life for an old PC
I think I already said it :-). Without buying an expensive router, you can still raise CHR on an old PC.
Full CHR for free
Most often I meet that they are looking for a free CHR to raise a proxy on a foreign vds hosting. And they donβt want to pay 10k rubles for a license from their salary.
Less common, but there are: wildly greedy leadership, forcing admins to build infrastructure from shit and sticks.
Trial 60 days
With the advent of CHR, the trial has increased from 24 hours to 60 days! A prerequisite for its provision is the authorization of the installation under the same login and password that you have on
A record of this installation will appear in your account on the site:
Will the trial end? What's next???
But nothing!
The ports will operate at full speed and all functions will continue to work...
It will only stop receiving firmware updates, which for many is not critical. If you pay enough attention to security when setting up, then you wonβt even need to go to it for years. What you need to pay special attention to I wrote in this article
And if you still need to update the firmware after the end of the trial?
We reset the trial in the following way:
1. We make a backup.
2. We take it to our computer.
3. Reinstall CHR on vds completely.
4. Log in
Thus, information about the next installation of CHR will appear in the personal account on the Mikrotik website.
5. Expand the backup.
Settings restored and again 60 days left!
Can't be reinstalled
Imagine that you have a hundred stores where an ancient PC with CHR is used as a router. You monitor CVE and try to respond quickly to discovered vulnerabilities.
Once every two months, reinstalling CHR on all objects is a waste of admin resources.
But there is a way that requires at least one purchased CHR P1 license. Virtually any office can find 2k rubles, and if it canβt, then you should run away from there ^_^.
The idea is to legally transfer the license through your personal account on mikrotik.com from device to device!
We select "System ID" we need a router.
And click "Transfer subscription".
The license "moved" to a new device, and the old device, which lost its license, received a new trial in 60 days without any reinstallation and additional gestures!
That is, with only one license, you can service a huge CHR fleet!
Why has Mikrotik relaxed its licensing policy so much?
Due to the availability of CHR, Mikrotik has created a huge community around its products. An army of specialists and enthusiasts tests their product, makes reports on found bugs, generates a knowledge base on various cases, etc., that is, it behaves like a successful open source project.
Thus, not just a pool of chaotic knowledge is accumulated in a virtual environment, but specialists are trained who have sufficient experience with a particular system and, accordingly, give preference to the equipment of a particular vendor. And business leaders tend to listen to the specialists working for them.
Why ArtΠΎyat affordable training and ongoing MUM conferences! In a specialized community in Telegram
Thus, Mikrotik's main income comes from selling equipment, not licenses for $45.
Here and now we are witnessing the rapid growth of an IT giant that appeared relatively recently - in 1997 in Latvia.
I wonβt be surprised if in 5 years D-Link announces the release of another router running RouterOS from Mikrotik. This has happened many times in history. Remember when Apple abandoned its own PowerPC in favor of Intel processors.
I hope that this article has dispelled some of your doubts in the way of using products from Mikrotik.
Source: habr.com