Short review of the new MikroTik hAP AC2

In March 2018, the new product from MikroTik finally arrived on sale - hAP AC2 (encoded by the vendor RBD52G-5HacD2HnD-TC . This device has been waiting for fans for a long time, they have discussed the expected operating characteristics for a long time and in advance. For the low price of the SOHO segment, the most expected were implemented in it:

• two radio modules 2.4GHz and 5GHz band
• five gigabit ethernet ports
• hardware encryption acceleration AES-128,256
• Quad-core ARMv7 CPU with a frequency of 716MHz

Just yesterday, the device from the first batch brought to Russia fell into my hands
(special thanks to the guys from WiFiMag for their speed). At home, the possibilities of full-fledged testing are a bit limited for me, so a “quick test on my knee” was conducted on the available limited home hardware base. Therefore, there is no review:

• full-load IPSec performance test
• 5GHZ WiFi full load test
• much more

Outside

So, the device is received. We start by unpacking. Immediately we note a slightly updated box design. Hm. Pattern - tribute to marketers? We open. Yeah! This is already more interesting. A new version of the case is made of “soft” plastic. In addition to the PSU, the kit includes a foot stand, installation instructions, and even screws for wall mounting. The case itself is made quite soundly. He does not creak in his hands, he does not stick out anything superfluous. The connectors do not hang out, as was the case with some old models. The indicators are dim - at night they will not disturb by light, while they are normally visible. The only, in my opinion, significant minus of the material is that it is exceptionally easily soiled . Fingerprints remain on the case and you have to work hard to erase them. In some photos they are noticeable.








24 volt power supply 800mA - nothing special. Works. Especially not heated. The new case is universal, can be fixed both in vertical and horizontal position. In the “lower” end and in one of the sides of the slot-slot for a transparent leg-stand. In the leg of the stand itself there are holes for fastening with screws to the wall.

Inside

The device is built on the new IPQ-4018 chip with four cores and a clock frequency of 716MHz.
Block Diagram of the device: It makes no sense to retell the rest of the details; they are listed on the manufacturer’s page . At the request of readers, I add about the “offal”. Carefully open the case and see the board Large radiator. The guys did not stint on cooling. I hope this really saves you from overheating. Reverse: There are antennas and rather interesting connectors near them. Chips filmed larger (clickable pictures). That, in fact, is all about the insides. We pass to testing.

In work

After turning on the device, an unpleasant surprise awaited me. The device comes preloaded with RouterOS 6.40.6, in which it is impossible to control a new switch chip through winbox. There is no “switch” menu item, and there are no master-port options in the interface properties. This should be the case in versions starting from 6.41, but not in this case. Moreover, ether3-5 ports are honestly displayed in the bridge as “slave”, but it is impossible to exclude them from the bridge and untie them from ether2 using winbox. The problem is solved by updating to branch 6.41.x and higher. Starting with version 6.41, in RouterOS, switching control is available through the “bridge” menu. I had to immediately update the device to RouterOS 6.41.2 (stable) in order to continue the intended testing. Now look at the properties. What does hAP AC2 tell us about itself?









It can be seen that the device’s RAM is quite enough, even more than indicated on the MikroTik block diagram (“Did they put me more valuable fur?”). But the manufacturer again squeezed the capacity of the data warehouse. Shameful 16Mb. Well, nothing, this is a router, not a network attached storage. I did not check whether dude-server, the package of which for arm is available, will work under such conditions. Also visible is a small margin for CPU overclocking.

The device is not locked under Russia, like other MikroTik devices supplied to the market since 2018, so there is no need to carry out the NetInstall procedure. A complete list of countries and superchannel mode are available without this.



Due to the lack of a normal high-speed source of IPSec traffic, the IPSec / L2TP express method was used. On the router, a l2tp server with IPSec support was raised, the laptop acted as a client. In such a configuration, it is impossible to achieve maximum performance in IPSec, but it still gives some idea of ​​it. It is strange that one core was loaded almost to the maximum. I got the impression that the whole thing is in ppp / l2tp. If it were pure IPSec, performance would probably be higher. In general, banwidth-test running on a computer works quite strange and does not want to show full performance. Later, I ran tests between two MikroTik devices - the results are different. I admit that the problem may be in the computer.






So, the “direct” bandwidth test between hAP AC2 and 3011 without IPSec showed some asymmetry between the received and transmitted traffic. At the same time, both routers had a margin of CPU resources. To test the performance in the 5GHz range, I did not find a decent pair for hAP AC2. HAP ac lite was extracted from the bins , having only one stream in the 5GHz range and a weak CPU. Nevertheless, the channel speed reached 390Mbps for reception and 263Mbps for transmission. Further, everything rested not even on one wifi stream of the old router, but on the performance of the old CPU on hAP ac lite:
















It turned out to be quite difficult to conduct full-fledged testing at 2.4GHz due to the high noise level of the ether. Purely subjective, it seemed that in the 2.4GHz new device it works more stable than the 951 series. But it’s hard to say without a load.

Now about what is NOT in hAP AC2.

Compared to the popular 951 series, there is no “tweeter”. Play it "imperial march" will not work. It also reboots silently.

Not in hAP AC2 and METAROUTER. Sorry a little. Asterisk inside installed metarouter several times helped.

Routing and NAT

Naturally, I became interested in the performance of the device when it translated address sourec-nat and without it.
At home, it was possible to test the connection only on gigabit links. For verification, a design was assembled from a router and two samsung laptops with gigabit ethernet interfaces. The nat rule was not modified - the more resource-intensive “masquerade” action from the default config was left by default.
Results:
When using fasttrack, the bandwidth rested on the physical limit of the gigabit interface. CPU load floated from 3 to 13%.
Without fasttrack, throughput decreased by about 2%, and CPU utilization increased to 26-32%.

hAP AC2 quietly NATit gigabit without config optimization! Excellent result!

Summary

In my opinion, MikroTik turned out to be a good device. Equipped enough to conquer the market. Most likely, over time, it will supersede the 951 and desktop 2011 series having a number of undoubted advantages over them. The device covers most of the needs of both the home user and the needs that arise when connecting a small office / branch.