Choose between Mikrotik CCR1009, CCR1016 or Unifi Dream Machine Pro based on your needs.
Choose between Mikrotik CCR1009, CCR1016 or Unifi Dream Machine Pro based on your needs.
Comparing Mikrotik models CCR1009, CCR1016 and Unifi Dream Machine Pro for your requirements. You need a workstation server for software backend and mining rig, plus a router that handles high traffic (monthly ~1TB, 10MB/s upload, 80MB/s download) with strong DDOS protection and solid security features.
Are you certain these speeds are accurate? Measuring internet speed in bytes is uncommon. Usually DDoS attacks will take over ISP connections, making your equipment irrelevant. You might want an untangle or OPNsense instead. Their interfaces are more appealing. Do you know any other Unifi appliances?
DDOS is not safe. I have assigned a public IP to my workstation server at home. It connects to the WAN via ONT through a 1000MB/S LAN or 1GB/S SFP connected via modem, and also to a backup internet connection using a USB modem at 100MB/S LAN. It links to my smart home server (managed by Raspberry Pi and Jetson Nano) for automation, surveillance, etc. It connects to my workstation server through mobile apps, websites, software dev, and scientific tools. It also links to my mining rig with 24 GPUs and an RX 580. All traffic passes through the ONT router, then to various services. Issues with the router can potentially let unauthorized access to my home door, bank account, backend server, and other sensitive data.
Is a DDoS issue? Usually they consume a lot of resources so people don't just perform them randomly. Do you have switches available? I wouldn't connect everything directly to the router. They would also need access to those devices, making it not instant. Make sure your local network has solid security as well—it will function fine. Personally, I'd prefer to simplify this section for a better interface and stronger protection features. The Mikrotik units are more like routers than NGFW devices.
Essentially a router combined with a firewall and additional advanced features such as web filtering, intrusion prevention, country blocking, and VPN support. The specific capabilities vary by model.
It makes sense to add another PC as a gateway server. Anything sent through the router gets rechecked by this server—such as blacklisting, whitelisting, and advanced filtering like smart home access controls (API auth, etc.). My Smart Home server uses unpublished syntax and TCP-based authentication, making it simple to detect and block incorrect connections automatically.