Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

LAN and VLANs

The hEX has four 10/100/1000 Ethernet ports. You can control MTU size, create IP and GRE tunnels, add VLANs, implement Virtual Router Redundancy Protocol (VRRP), channel bonding, and LTE interfaces for backup to your wired connections.

RouterOS supports port based and 802.1Q tagged VLANs. I was able to successfully test 802.1Q VLANs on the hEX router. Using the GUI, I added a test VLAN and attached it to the hEX's LAN interface as shown below.

RouterOS VLANs

RouterOS VLANs

I then configured my test VLAN with an IP address and DHCP server. Using an 802.1Q capable access point connected to the hEX's LAN with an SSID configured for both the default VLAN and my test VLAN, I was able to connect to both VLANs based on the SSID I attached to, validating the hEX's VLAN tagging capability.

Firewall

The RouterOS firewall menu presents numerous firewall options for controlling traffic in and out of the hEX.

Filtering rules are added to an access control list and processed from top down. Traffic can be filtered by source and destination address, source and destination port, protocol, as well as inbound and outbound interfaces. NAT and VPN optimizations are also controlled via the firewall menu.

As mentioned previously, I created a firewall rule to allow Winbox access to the router's WAN port to enable remote management access. The rule, shown below, involved accepting TCP traffic to port 8291, which appears to be the port Winbox uses to connect to the router.

RouterOS Firewall Rule

RouterOS Firewall Rule

I also created a firewall rule to enable PPTP connections. For both of my firewall rules, I had to make sure they were listed above the final drop rule. The GUI comes in handy for this step as you can simply drag your newly created rule up the list to ensure it is processed before the final drop rule.

There are no web filtering options available to those who don't want to deal with the CLI. But entering block websites into MikroTik Wiki search box, which uses Google search, came up with this article on configuring a proxy to do domain filtering.

QoS options are similarly not for the networking novice. Searching for QoS brought up this page, which is enough to make it clear that anyone looking for a point-and-click QoS menu is out of luck.

Advanced Network Features

In addition to the above features, the hEX offers MPLS, Routing, and Queuing options. At a high level, RouterOS MPLS options include enabling MPLS switching, Routing options include BGP, OSPF, and RIP protocols. Queuing options include simple bandwidth management. Aside from Queuing, which I'll get to shortly, these are not options home networkers would need.

I applied a simple bandwidth management rule following the example shown here and ran before and after tests using TotuSoft's LAN Speed Test tool. Unfortunately, my tests showed that bandwidth remained unchanged. I tried multiple combinations of configurations, but was unable to affect my throughput with any of the simple rules I tried.

Last, RouterOS offers multiple views into the traffic flows and activity on the network. From the interface screen, you can see live traffic going in and out the active interfaces, as shown below.

Interface Traffic

Interface Traffic

The System menu has multiple displays of the router's health and performance. Below is a display of the System options.

System Menu

System Menu
For example, a look at the Resources menu shows memory and CPU usage as shown below.

Resource Utilization

Resource Utilization

Performance

Testing by Tim Higgins

We ran the hEX through the Revision 10 performance test process with v6.39.2 firmware loaded, which was the most recent at time of test. As mentioned earlier, I later upgraded the firmware to v6.40.3 for my functional and feature review. The table summarizes router performance results.

Test Description MikroTik hEX
WAN - LAN Throughput (Mbps) 939
LAN - WAN Throughput (Mbps) 939
HTTP Score - WAN to LAN (%) 65.8
HTTP Score - LAN to WAN (%) 57.9
Bufferbloat Score- Down Avg. 680
Bufferbloat Score- Down Max. 515
Bufferbloat Score- Up Avg. 559
Bufferbloat Score- Up Max. 437
CTF Score (%) 41.9
Firmware Version v6.39.2

The hEX maxed out the iperf-based WAN-LAN and LAN-WAN throughput tests, which don't put much stress on the router. Bufferbloat scores were at the top of the Average and Maximum downlink charts, beating all other products, the EdgeRouter Lite included. But on uplink, the EdgeRouter Lite topped both average and maximum charts. For reference, all latency values, both average and maximum, ran between 1.5 and 2.3 ms.

WAN2LAN Performance

WAN2LAN Performance

I compared the hEX HTTP scores against the ASUS GT-AC5300 and the Ubiquiti EdgeMAX EdgeRouter Lite, the only two higher scoring routers for these benchmarks. The winner of the three remains the ASUS, but the hEX held its own against the ASUS and outperformed the EdgeRouter Lite in the smaller filesize tests running WAN to LAN.

LAN2WAN Performance

LAN2WAN Performance

The CTF score is a measure of the effect on throughput when various routing features are enabled. Or in the hEX's case, with "FastTrack" disabled, which is their term for Cut Through Forwarding. The chart below shows hEX's throughput was reduced to around 42% of the normal 939 Mbps measured with the default state of FastTrack enabled. Note the EdgeRouter Lite did worse, dropping to 12.9% of normal throughput (~940 Mbps) when CTF was disabled on it.

CTF score

CTF score

On a practical performance level, I initially experienced packet loss during my testing, indicated by intermittent periods of network slowness. Continuous ping tests also showed dropped packets. I tried resetting the router multiple times, yet the packet loss continued.

I initially thought the packet loss might be due to using the GUI at the same time as my testing, but that theory didn't prove out as the packet loss occurred even when I wasn't logged in.

Through the course of this review, I reset the router numerous times. At the end of my testing, I couldn't duplicate the packet loss, so I'm not sure of the cause. Perhaps the problem was user error, perhaps just an anomaly. Nevertheless, it is important to mention.

Closing Thoughts

Amazon's prices for the routers I compared to the hEX paints an interesting story. The ASUS GT-AC5300 currently lists for $389, the EdgeRouter Lite lists for around $94, and the MikroTik hEX for $50. That's an amazing difference in price for three devices with similar routing performance numbers! To be fair, the ASUS GT-AC5300 is also a highly capable Wi-Fi router, while the Ubiquiti and MikroTik are wired-only routers, without Wi-Fi radios. Still, the hEX's bang-for-the-buck is obvious if all you want is a capable, high-throughput wired-only router.

At the end of the day, I came away impressed with the massive amount of features in RouterOS loaded into such a small and inexpensive package. I was also very aware that I had only scratched the surface of its capabilities. I had success in configuring most of the features I tried, but also had experienced a temporary issue with packet loss and an inability to apply working bandwidth management.

The bottom line is the hEX is an inexpensive but powerful router for network experts and those who aspire to be. This is not the inexpensive plug-and-play router you're looking for.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Security fix- Fixed a DDoS vulnerability. Thanks for Altin Thartori's contribution. Bug fix- Fixed Samba server compatibility issue.- Fixed OpenVPN re...
Hi there.I just got a RT-AC2900. I flashed it with Merlins latest FW first thing and all seem to be running fine.A question thou - the LED-button on t...
This company is planning to release a MoCA 2.5 network adapter that uses 2.5 Gb Ethernet connection.http://en.lusterinc.com/network/products/moca-wi-f...
Hi All,First time poster. Been running Merlin on my Asus router. Very satisfied and basically no issue for the past year, and if any it won't need tha...
I'm only interested in a VPN for its security features. I'm not interested in hiding my identity or appearing to be in a different country.Normally, t...

Don't Miss These

  • 1
  • 2
  • 3