There are numerous occasions where real-time (synchronous) communication with MikroTik devices is required. This includes scenarios where API access is necessary to fetch information from the MikroTik, such as real-time configuration updates, SNMP data, syslog messages, NetFlow or traffic flow data, and enabling users to log into their devices via our transient access (remote management) feature.

In version 4, we've built infrastructure that enables the deployment of VPN servers at the network's edge, closer to the user's location. This significantly reduces latency and enhances the scalability of our system by transitioning to a distributed architecture from a centralized one.

We have also implemented DNS-based load balancing to distribute traffic evenly across these regional servers and incorporate health checks to reroute traffic if a particular region encounters issues.

This approach ensures high availability and scalability of our management service. The management VPN in version 4 is a 128 bit encrypted AES-CBC tunnel that runs on TCP port 443.

Our management system is designed for robust performance, even when MikroTik devices are situated behind one or multiple firewalls without a public IP address, effectively navigating NAT environments.