Competitive Brief · BNGSOFT XDP BNG vs MikroTik RouterOS
Same Job, Different Engine: an XDP Data Plane vs a CPU-Forwarding Router
MikroTik is an excellent, affordable router for the access edge — but for a large PPPoE/IPoE BNG with CGNAT, per-subscriber QoS and DDoS protection, RouterOS forwards every packet in the CPU and its PPPoE path doesn't scale across cores. BNGSOFT runs the same workload in an in-kernel XDP/eBPF data plane — more subscribers per box, fewer boxes, lower latency.
The question isn't "is MikroTik good?" — it is. The question is what happens at 20k, 50k, 100k subscribers with CGNAT and QoS turned on. That's where CPU/PPS forwarding hits a wall and an XDP data plane keeps going.
~64k
BNGSOFT / 2×100G box
NIC-limited (200G ÷ ~3 Mbps) vs ~4–5k stable PPPoE on a CCR2216
~1–2
servers for 50k
vs ~16 × CCR2216 NAS + a separate CGNAT cluster
Line RATE
XDP in the NIC path
vs every packet through the CPU (PPS-bound)
ALL-IN-1
one data plane
BNG+CGNAT+QoS+security; no FastTrack trade-off
Fair framing. MikroTik RouterOS is a mature, low-cost platform with first-class routing (BGP/OSPF/MPLS), a huge community, and it is a great fit for access/edge routing and small-to-mid PPPoE deployments (a few thousand users per box). This brief is specifically about large-scale subscriber BNG + CGNAT + QoS, where the architectures diverge. Figures for MikroTik are from MikroTik's own documentation and widely-reported operator/community real-world numbers (sources listed); they vary with configuration and traffic.
1 · The core difference — where packets are processed
RouterOS is a Linux-based router that forwards in the CPU. Its fast path (FastTrack) speeds simple routed/NAT flows, but FastTrack bypasses connection tracking, simple queues and queue trees — exactly the features a BNG needs. So per-subscriber shaping and CGNAT accounting force traffic onto the slow CPU path. BNGSOFT runs forwarding, CGNAT, source-validation and shaping together in one XDP/eBPF program in the NIC driver path — at line rate, with all features on.
RouterOS processes every BNG packet in the CPU (FastTrack can't be used with per-subscriber queues or CGNAT accounting). BNGSOFT runs all data-plane functions in one XDP program in the NIC driver path; the control plane only writes pinned maps and never touches the hot path.
The single-thread ceiling. Operators widely report that RouterOS PPPoE is not fully multi-thread scalable — one CPU core saturates while total CPU still looks low. That's why a 16-core CCR2216 tops out around 4–5k stable PPPoE users with QoS, not "16× a single core."
2 · Scale — subscribers per box, and boxes per network
Stable PPPoE subscribers per box (with per-subscriber QoS)
MikroTik figures: MikroTik forum / operator real-world reports. BNGSOFT: BNGSOFT deployment data. Indicative — varies by traffic mix.
MikroTik CCR1036
1–2k
~1–2k
MikroTik CCR2216 (16-core)
4–5k
~4–5k
MikroTik x86 (high-end)
6–10k
~6–10k*
BNGSOFT (2×100G server)
~64k all-features (NIC-limited)
~64k
*Community-reported; many operators see instability beyond ~5k–8k PPPoE on RouterOS even on strong x86, and split load across more NAS boxes.
What 50,000 FTTH subscribers (with CGNAT) actually take
A common carrier design pattern vs the BNGSOFT equivalent.
MikroTik
~16 × CCR2216 NAS + separate CGNAT cluster
17+ boxes
BNGSOFT
~4–5 servers
4–5 boxes
"Add another NAS, not optimize harder." The standard MikroTik large-FTTH design distributes ~5k users per node across many CCR2216 routers and runs CGNAT on a dedicated cluster (e.g. ~12.8M NAT sessions for 80k subs at 80% NAT) — because PPPoE termination and CGNAT can't both scale on the same box. BNGSOFT runs termination + CGNAT + QoS + security on the same server.
3 · Cost-effectiveness — fewer boxes, less of everything
Hardware is only the start. Each additional NAS multiplies rack units, power, SFP optics, spares, RADIUS/monitoring endpoints and operational surface. Consolidating ~16 NAS + a CGNAT cluster into a handful of commodity servers compounds savings across CapEx and OpEx.
Relative box count to serve 50k FTTH + CGNAT (directional)
CCR2216 ≈ US$2,200–2,800 each (retail, June 2026). BNGSOFT runs on standard x86 servers you already procure; software-licensed. Exact TCO depends on your hardware and rates.
MikroTik — NAS fleet
16 × CCR2216
≈ $37–45k HW
MikroTik — CGNAT tier
+ cluster
extra
BNGSOFT — all-in-one
~4–5 servers
+ license
Consolidation is the saving. Fewer physical boxes → less rack/power/cooling, fewer optics and spares, one software image to manage, and one place (NOC2) to operate the fleet. You also avoid a second hardware tier just for CGNAT.
4 · Latency & subscriber experience
RouterOS can do modern AQM (CAKE / FQ-CoDel in RouterOS v7), but there's a catch: those queues run in the CPU and bypass FastTrack, so on a busy BNG you trade throughput for latency, and at 5k–10k per-subscriber queues the scheduler overhead itself becomes the bottleneck. BNGSOFT does per-subscriber AQM in XDP at line rate — and adds L4S and per-subscriber QoE telemetry — with no FastTrack/queue trade-off.
MIKROTIK Software queues, CPU-bound
FastTrack vs AQM trade-off: CAKE/FQ-CoDel bypass the fast path — you pick speed or low latency.
Scheduler overhead: 5k–10k simple/PCQ/queue-tree entries cost CPU and cap scale.
No L4S; QoE/latency visibility is manual.
Per-core saturation means latency rises as the PPPoE core fills.
BNGSOFT AQM in XDP, line rate
No trade-off: per-subscriber shaping + AQM run in the same fast path as forwarding.
L4S + AQM low-latency queue management built in.
Per-subscriber QoE telemetry and interactive-flow protection.
Latency stays flat as subscriber count scales on the box.
5 · Feature & architecture comparison
Dimension
MikroTik RouterOS
BNGSOFT XDP BNG
Forwarding engine
CPU / PPS-bound; FastTrack fast path bypasses CT & queues
XDP/eBPF in NIC driver path — all features at line rate
PPPoE scaling
Single-core bound; ~4–5k (CCR2216), instability often >5–8k
~64k/2×100G server (NIC-limited) with QoS + CGNAT on
CGNAT
Conntrack-based; large scale needs a separate cluster
Port-block CGNAT on the same box; full-cone/symmetric/FCFS, deterministic + IPFIX
Per-subscriber QoS
Software queues; scheduler overhead at scale; bypassed by FastTrack
In XDP at line rate; L4S/AQM + QoE telemetry
Anti-spoof (BCP38)
RPF / firewall rules in CPU path
Per-subscriber source validation in XDP, IPv4 + IPv6, drop at ingress
DDoS protection
Firewall/raw rules (CPU); no built-in outbound-abuse quarantine
Pairs with your routers/route reflectors; BNG-focused
Cost per box / entry
Low — strong for small/edge
Commodity x86 + license; lowest cost per subscriber at scale
Where MikroTik wins: price-per-box at the small end, integrated BGP/OSPF/MPLS routing, and ecosystem maturity. Many operators correctly start on MikroTik. The case for BNGSOFT is the scale-out inflection — when per-box session ceilings, the CGNAT tier, and per-subscriber QoS start forcing you to buy and operate ever more boxes.
6 · When to choose BNGSOFT
BNGSOFT vs MikroTik · the decision
▲
You're past the single-box ceilingSubscribers per node keep capping at a few thousand and you're adding NAS boxes to keep up.
⊞
You run a separate CGNAT tierCollapse PPPoE/IPoE + CGNAT + QoS + security onto one data plane and drop the extra cluster.
⚡
Latency/QoE matters under loadLine-rate L4S/AQM per subscriber with no FastTrack-vs-queues trade-off.
$
TCO per subscriber is the metricFewer boxes = less rack, power, optics, spares and operational surface at scale.
🛡
You need edge security inlineBCP38 anti-spoof + DDoS protection in the data plane, not bolt-on firewall rules.
↺
Maintenance can't be an outageZero-downtime upgrades across the fleet, CGNAT sessions preserved.
7 · Operations & management — NOC2 vs MikroTik tooling
Performance is only half the job; the other half is running the fleet day to day. MikroTik gives you Winbox/WebFig per device, The Dude for SNMP/ping monitoring, and the RouterOS API to script the rest yourself — all per-box, with no subscriber-centric operations out of the box. BNGSOFT ships NOC2: one web console for the whole BNG fleet, with ISP operations built in — included with the platform, nothing extra to assemble or license.
Operations task
MikroTik (Winbox / The Dude / API)
BNGSOFT NOC2
Management model
Per-device Winbox/WebFig; one window per NAS
Single web console for every BNG at once
Monitoring
The Dude (separate app) — SNMP/ping/up-down
Built-in live metrics + AQM/L4S/IFP, CGNAT pool, anomaly & capacity
Find one subscriber
Log into the right NAS, hunt the session by hand
One search box — username / IPv4 / IPv6 / MAC → live session + 24 h history; public-IP:port → subscriber (CGNAT lookup)
RBAC + 2FA, region scoping, SSH PIN, full audit trail
Standards / northbound
SNMP, RouterOS API
gNMI / OpenConfig read-only telemetry for any NMS
Cost
The Dude is free, but per-box and you assemble the rest
Included with the BNG license — no extra ops product
What NOC2 gives your NOC & your customers: a single pane for the whole fleet instead of one Winbox per box; three-second subscriber triage instead of SSH-and-hunt; and a branded status page + outage email + self-service line check that deflects support calls — none of which RouterOS provides on its own. Fewer minutes-to-resolution, fewer tickets, and an operator experience that scales with the box count.
The bottom line
MikroTik is a great router that also does BNG. BNGSOFT is a purpose-built BNG/CGNAT data plane: because it forwards in XDP instead of the CPU, it carries ~64k subscribers on a 2×100G server with CGNAT, QoS and security all on (NIC-limited at ~3 Mbps busy-hour) — so 50k FTTH is ~1–2 servers, not ~16 NAS plus a CGNAT cluster.
Same job. A faster engine, fewer boxes, lower latency, lower cost per subscriber.
Sources & honest framing: MikroTik® and RouterOS® are trademarks of Mikrotīkls SIA; BNGSOFT is not affiliated with MikroTik. This is a competitive technical brief comparing architectural approaches for large-scale subscriber BNG with CGNAT and per-subscriber QoS; it is not a benchmark report. MikroTik figures are drawn from MikroTik's own documentation and from widely-reported operator/community real-world results, and vary substantially with configuration, traffic profile and RouterOS version. Key references: large-FTTH NAS/BNG design and per-platform stable-user figures (CCR1036 ~1–2k, CCR2216 ~4–5k, x86 ~6–10k; "PPPoE not fully multi-thread scalable / one core saturates"; "~16×CCR2216 @5k + dedicated CGNAT cluster for 50k+"; "add another NAS, not optimize harder") — aacable.wordpress.com (Syed Jahanzaib) and forum.mikrotik.com; FastTrack bypasses connection tracking, simple queues and queue trees — help.mikrotik.com (Packet Flow / FastTrack); L3 hardware offloading scope and CPU fallback — help.mikrotik.com (L3 HW Offloading); CAKE/FQ-CoDel CPU trade-offs — help.mikrotik.com (CAKE); CCR2216/CCR2004 specifications and pricing (~US$2,200–2,800, June 2026) — mikrotik.com, retail listings. BNGSOFT figures are throughput-driven: per-server subscriber capacity ≈ NIC usable line rate ÷ busy-hour per-subscriber rate (e.g. 2×100G ÷ ~3 Mbps ≈ ~64k), capped by a ~131,000-subscriber per-node map ceiling; the data plane forwards in XDP at ~one core per ~55 Gbps with CGNAT+QoS on. These are from BNGSOFT deployment data and are indicative; exact results depend on hardware, NIC, traffic mix and enabled features and should be validated per deployment. Cost figures are directional, hardware-only, and exclude software licensing, servers, optics and operational costs on both sides. Prepared as a management overview for operators evaluating BNG/CGNAT platforms.