The bane of my existence has always been wireless - family stopped complaining when I switched all the AP's to Ubiquity.
Never rebooted - uptimes in months and they are on battery backup.
It is amazing how much the stock firmware shipped by the likes of Broadcom/Realtek sucks so much - it is not like Mikrotik/Ubiquiti makes their own SOC's to make it more realizable.
I have 2 Ubiquiti U6LR APs serving most of the house (and 2 more older AC-Pros serving the yard/outdoor patio and lower priority/IoT networks in the house). I frequently get complaints from my kids that "my phone doesn't work very well on the WiFi at my friend's house".
The older one finally asked me "do you think the WiFi is just super-good at our house?!"
Speed doesn't matter, but packet loss and latency does.
People are surprised that I have the smallest fiber package (150Mb/150Mb and it's more than enough) and I have "better" internet than their gigabit cable.
QoS and other queue management strategies can help significantly to prioritize latency-sensitive apps (by deprioritizing less sensitive traffic). fq_codel for Ubiquiti [and some others] or other "smart queue management" configuration.
I'd like to see something with 6e but these are still incredible:
- Fast
- Wide compatibility across devices
- PoE
- Put it wherever you want, doesn't have to be in some closet near your modem/router/etc
- Just works. Really. I've run Ubiquity APs for years. Throw devices at it, literally never worry about Wi-Fi again. Say goodbye to it flaking out, slowing down for whatever reason, the occasional reboot, etc.
- Need more coverage? Plug in another AP, couple of clicks, done.
I run a local controller in an LXC container (VM, docker, local, etc available too) with all local login and none of that cloud and phone home stuff enabled.
One thing I like about ubiquity aps is that you can configure them with whichever controller you like and then remove/disconnect the controller but the AP still runs on its own. For years.
However, I wonder if this is true in either repeated or multi-ap setups ? That is, if I configure an AP and then one of those wall-mounted directional ubiquity repeaters with another AP on the other end … shared SSID … can that configuration run with no controller?
Yes. I have two unifi AC pros and two inwall APa. For the longest time , I had the controller as just an app that I launched on my desktop whenever I needed to change something or apply an update the APs. Then I would shut it down. Now I run the controller in a docker container , so the APs autoupdate. But to your original question, always running the controller isn’t required.
I just found out the other day that the original AC-LR is no longer supported in the most recent controller software and hasn't been for a year or so. It still works though. Probably time to upgrade :D
U6-Mesh were $179 MSRP but are going for $250-350 because of supply chain issues. The heat of the APs means they're working... or you're getting a radio RF burn. ;)
After several big-name routers that all sucked ass, and finally one that got hacked, I switched to Ubiquiti products. I have an EdgeRouter X and an AP AC Lite.
After several years of use, I can say that Ubiquiti software and support are trash. Their configuration app (I used the iOS version) almost never works, meaning that it almost always fails to find the AP that is one foot away from the phone. It also suffers from unprofessional UI-layout defects. Their Mac app won't run until you manually strip quarantine flags from it because it isn't even signed... then it won't run because it relies on Java 8, and Mac OS hasn't shipped with Java in a decade. And if you jump through enough hoops to get it to launch, it fails to detect any Ubiquiti devices.
Once I somehow tricked their iOS app into communicating with the AP and got it working, it did work for years and has pretty good range.
But now (and this appears to be a somewhat common problem), the AP randomly stops sending data on 2.4 gHz. Here's one of several posts about it: https://community.ui.com/questions/AP-AC-Pro-problems-with-2... And it appears to afflict multiple products.
This can last from minutes to days. Although you're connected to it, you can't even hit the router. Ubiquiti support is utterly useless; it's as if they do everything possible to drag out interactions until you go away, providing vague, terse, one-sentence answers every couple of days that contain no specifics.
My impression is that Ubiquiti is just hanging on, coasting on existing technology and doesn't even have support staff that knows how it works.
My understanding is that when there is a power failure in the neighborhood, the broadband provider's equipment is usually offline as well.
Of course, the answer is probably: "it depends on your broadband provider's local hardware setup." But I would be interested to hear peoples' thoughts.
We have AT&T fiber and it continues working when the power is out, at least for longer than my UPSes last. We have a fair number of short power outages, and I've never had an AT&T outage at the same time.
> My understanding is that when there is a power failure in the neighborhood, the broadband provider's equipment is usually offline as well.
I had a friend with a generator who got the opportunity to test this due to an extended power outage. Although I agree, it probably depends largely on how well your local ISP has their act together. He found that Comcast (consumer-grade Internet) in his neighborhood was actually able to keep Internet service running for a little over 24 hours. His generator evidently outlasted Comcast's generator and he lost Internet on the second day.
I'd love to see neighborhood-to-neighborhood, ISP-to-ISP comparisons of Internet connectivity longevity in the event of power outages.
Power outages are frequent enough that I invested in a 100AH battery and inverter to keep things going - the local fiber loop remains online as the local POP has batteries so I only need to power the ONT.
My house is brick/mortar so I need 2 AP's to cover the entire house - the AP is one kids bedroom - she insisted a wired LAN connection for her PS5 (online gaming and ping/lag) so I needed to power both a small switch and the AP - got a 12V battery system for that.
I've, historically, kept my cable/dsl/whatever modems and wireless routers on a UPS and almost always still have connectivity when the power goes out. The only exception was during a hurricane, which seemed like a fair exception in the scheme of things since power was out for most of the city for 1-2 weeks.
Not really true at all times, but may be for your situation. Comcast put gennys on our node recently and it works. So even when power goes out, internet stays up.
It's not exactly normal, but it's probably a common enough experience in the US with 120v circuits and 15A breakers. Especially if in an old building with imperfect wiring causing excess resistance.
Many devices also operate less efficiently in high heat. If the AC unit is on a circuit with other devices, it is possible that the influx current when starting the AC unit trips the breaker. One might even be able to get away with 2 AC units on a 15A breaker as long as both compressors never start at the exact same time, but cause a trip when then kick in together.
I started with ubiquity, but the company seems to be playing games (and it annoys me how the latest controllers don't properly handle EOL APs a few years old) - So I switched to TPLINK Omada - no problems so far.
Is this a situation where one company decides to break from the pack and care a little about security and then social media dogpiles them for not doing more?
> Is this a situation where one company decides to break from the pack and care a little about security and then social media dogpiles them for not doing more?
I believe they did something like force cloud-login with some software update a few years back.
I have some Ubiquiti stuff, and it works fine, but I've been meaning to look deeper into all this, but I just haven't had the time. I just stopped updating the controller software (none of their gear is external-facing, and IIRC it's only needed for configuration/management) because cloud login is an absolute dealbreaker for me.
> I believe they did something like force cloud-login with some software update a few years back.
No, what they did was update the software to prefer cloud-login and push you to set it up during onboarding for new products because they use cloud-login for remote management and anti-theft/device tracking.
It's always been entirely optional. I just set up a new network because I moved and gifted my previous network to the buyer's of my prior home. I'm still using local accounts only with no remote management, and it works perfectly fine on the latest generation of Ubiquiti gear with the latest firmwares. The only thing I login to my UI account for is to use the store and buy hardware.
The other thing with Brian Krebs was a faked security incident by an insider who was trying to extort money from Ubiquiti and Brian Krebs played the fool by assisting them.
Granted, there are /many/ issues I have with Ubiquiti, but generally speaking if you use local accounts and keep the firmware updated it is no worse than any other edge networking device exposed to the Internet.
> No, what they did was update the software to prefer cloud-login and push you to set it up during onboarding for new products because they use cloud-login for remote management and anti-theft/device tracking.
Was that all? Did they add telemetry or something else? I had read that I'd need to edit some text config file or something to opt-out of something I didn't want, because they provided no option in the UI.
> I just stopped updating the controller software (none of their gear is external-facing, and IIRC it's only needed for configuration/management) because cloud login is an absolute dealbreaker for me.
Yeah. Updates used to be a nightmare. I had to worry about Windows updates, Java updates, and of course Unifi updates.
I have 21 APs all controlled by the container on a Raspberry Pi 4. It's not even breaking a sweat. When I want to upgrade the Unifi application, I stop the container, and re-run the command to use the newer Unifi version. Three minutes later, it's back on the air.
You can turn off the remote login. It's encouraged as the default, but not necessary.
Even the local login, from a device on the network, can be set up to require two-factor auth. That alone makes it more secure than a lot of consumer-grade stuff which only requires a password, which is often never changed from the default.
I'm happy with my Unifi Dream Machine as a one-device home network. I thought about getting rid of it a while back when some bad press about Unifi security was published, but it turns out it was fake news and Brian Krebs has lost all credibility in my eyes for continuing to promote it even after it was debunked.
No, I think GP is referring to their big data breach last year[0]. From TFA linked in that discussion:
> the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.
It has shaken a lot of people's confidence in Ubiquiti's internal security practices.
I wonder if you saw the update to the article in the discussion you linked? The attacker was a software engineer who worked at Ubiquiti. I think it's fair to criticize any internal controls that allowed a single engineer to have this amount of access, but from other discussions[1] it sounds like he was unique in this organization.
I had started down the path of going all Ubiquity ~5 years ago. I started with cameras and their camera controller. It was super flaky, when everything was working, it was great, first class app experience. But any time the cameras rebooted (power outage, firmware upgrade), I would literally spend days with some cameras offline, until multiple reboots of impacted or all cameras would eventually fix it.
Then, a few years in a firmware upgrade to the switch (their 250W PoE switch) caused it to start isolating my Google WiFi APs because it would do some loop detection. An hour on the phone with their support (which in that instance was really good) resulted in a a prognosis of "This particular loop detection can't be turned off." So I had to drop a dumb switch in front of the Ubiquiti for the Google APs. I was considering replacing them with Ubiquiti, but needed to run some more wire throughout the house to get what I needed.
Then I ran into a firmware upgrade that bricked 3 of my 4 cameras. After going back and forth with their support and getting nowhere, I just gave up. I had replaced the controller with the CloudKey G2 at one point because the old one was no longer supported, and it seemed to help with but not totally resolve the days of rebooting cameras situation.
Honestly, having the cameras bricked was a relief, because of all the consternation that the firmware updates had been causing. I just couldn't bring myself to buy new Ubiquiti cameras.
I ended up pulling out all the Ubiquiti hardware, replacing it with $200 4K very low light cameras that are just amazing (rebranded HIK Vision, "Montavue"). I'm using BlueIris for the camera controller, which is fine. Still using the Google WiFi, which continues to work great. I have 4 APs (one in router role, 3 spread around the house).
I am not 100% happy with it but it is the best prosumer option I can find without making managing home network a full time job for myself.
Security wise it is not great, but I don't think it is worse than other consumer products (tplink, netgear...etc). At least ubiquiti patches vulnerabilities reasonably fast.
Their cloud infra sucks and the whole data breach / lawsuit drama people constantly bring up was all because (I think?) a former employee had a static AWS access key with admin level access. Small companies are usually not good at dealing with internal threats. I don't use the cloud service anyways and self-host the network controller.
Now my biggest complain is that I have to manage a mongodb 3.x cluster for the controller...
I know there are community maintained container images. "They" don't have an official one though. In fact I run it in a container as well, but I configures it to talk to an external mongodb cluster.
I need it to be an external cluster with some redundancy, so that I can easily backup the database, fix file corruption, and deal with other database errors.
Every since they moved their firmware development to Latvia, the pace and quality has decreased significantly.
I picked up a couple of Grandstream Wifi 6 APs to try and other than the gawdawful update process (that has thankfully improved - but you still have to get past the ridiculous initial firmware) they are wicked fast and so far a lot more stable/consistent than the Unifi counterparts. The unifi controller is indeed very slick/pretty to look at, but over the years I've come to realize that the "stats" it reports aren't very accurate so I'm back to librenms to gather/report on my network statistics.
Pretty funny that you identify Latvia as the turning point. Mikrotik is also from Latvia.
I still think Ubiquity rots from the head and whether they mismanage teams in one country or another should not reflect on the country the people are working from.
Intentions matter. If they outsource the development only for cost cutting reasons you'll get what you payed for. It has nothing to do with the capabilities of an average engineer in Latvia.
Me and some other colleagues worked for a US based company from Hungary. The company payed us well according to Hungarian standards, but wee where cheap according to US standards. (The payed US junior salaries for senior people). The people in the team were very knowledgeable, efficient and we delivered a lot of great stuff. It worked well for a couple of years, but then the company got greedy. They hired people from another outsourcing company from Ukraine (I think) and this time they went for the cheapest. The people we got only had little work experience and they paid by the delivered story point. The code quality suffered as they wanted to merge everything ASAP. I left shortly after for a different reason, but as I heard from previous colleagues the company went downhill after that.
So outsourcing can be a turning point, but for a different reason than you think.
I don't think you said anything different. I just wanted to bring an example that outsourcing can be a turning point for a company, but it doesn't mean that outsourcing is inherently bad.
I have an odd issue that clients on the AP cannot communicate with clients connected to the switch. As far as I can tell, this is nothing something in the switch or ap configuration.
I've deployed Unifi equipment in a number of small home and office environments without any problems at all. Some have been running for a decade or more. Management is a piece of cake and in homes it has high SAF (Spouse Appreciation Factor) because it just works.
If you have questions where you think I can help, drop me an email.
Just don't upgrade your firmware unless you have a damn good reason to and you will be fine with UBNT stuff. It's borderline criminal that automatic updates are turned on by default :p
I just swapped out my Ubiquiti Dream Machine for an eero Pro 6e because the UDM kept needing a hard reboot in the middle of the night and was very, very noisy. It's the only consumer router I can think of that both needs a fan and idles at 80℃.
This was partly why I recommended Amplifi to my parents. I like that Ubiquiti finally has a consumer brand this is mostly "off the shelf" configured.
I don't think Amplifi is getting enough love in the consumer market today. I know anecdotally when walking my parents through the Amplifi purchases I had to ask a Best Buy employee to leave and stop confusing my parents because he didn't understand why anyone would want the "weird new" Amplifi brand and not "the better brands" Google Home or Netgear Orbi. I didn't feel like explaining Ubiquiti's decades in Enterprise to the kid.
It doesn't help that Ubiquiti has had some recent troubles, and I'm still not sure even Ubiquiti knows what the long term horizon looks like for Amplifi products. But I appreciate that they are trying to make headway in the consumer space, and that from what I can tell the consumer products do show the experience from Enterprise products.
Amplifi has a poor value prop ever since UDM/Dream Router became a thing, although I previously recommended it for the same reasons you do.
It would be nice to have a less complex app/frontend management interface for less tech-savvy end users -- if you could use the Amplifi app to see status and do basic troubleshooting on an Unifi network for instance--
For this setup I would rather go with some of the Mikrotik gear. I have the hEX S as a router and if you only need 4 device ports it saves you having a separate switch. This one has a newish CPU so routing performance is pretty much line-rate and it also has an SFP cage so depending on your provider setup you might even get the fiber directly into this device (mine sadly uses GPON with dedicated crypto built into the media converter so I could not use it). It is very feature rich and only costs about 75EUR here.
The upgrade pick would be the RB5009 with SFP+, 2.5GBe and 8GBe ports, much-much more CPU. The availability of this is pretty bad tho, I have the PoE version on order.
Hardware side they're in completely different classes - dual vs hex core. 256mb vs 4gb. Don't see any benchmarks for the hex s, but lets just say 4 year newer quad core mediateks clocked twice as high still lose by a factor of 4x [0]
SFP is a plus though, and software support is pretty weak on R4S side - only getting openwrt official support in the upcoming 22.03 release...about a year after you could buy the device
Depends what do you expect from a router. Mikrotiks traditionally have a relatively weak hardware, but they are pretty optimized for what they do (for IPv4; IPv6 not so much).
> you might even get the fiber directly into this device (mine sadly uses GPON with dedicated crypto built into the media converter so I could not use it).
I'm in this situation.. But I have the fiber line coming directly into my gear with the ISP provided modem into another port on the switch. I use an EAP proxy to forward the authentication packets to modem, and all other traffic skips the modem entirely.
I did ask my install guy to give me the separate fiber transceiver (not integrated with the modem), because I didn't have an SFP cage to use the fiber line directly.
Thanks for the suggestion! When this router will be not sufficient, I’ll give a change to Mikrotik, I like their stuff! (But also the nanoPi R5S is nice for 2.5Gb)
I switched to Mikrotik from Unifi. With Unifi, I was always fighting it, with "most users do not need that, why you do?" (like site-to-site ipsec tunnel with the other side having valid dns hostname, but not fixed ip). With Mikrotik, I just set up the way I need it and it's done.
Agreed; Ubiquiti/unifi is easier to get started with. But as soon as you want to do anything more 'complex', it often can't do it or won't let YOU do it. Mikrotik is at better at not getting in your way. Though, Mikrotik setup is more involved and requires a bit more knowledge about networking than Unifi does. Only thing I really don't like about Mikrotik is the CAPSMAN/AP situation. They're pretty bad and very difficult in my experience, to get working right/seamlessly.
Agreed about the firewall side of things! I was complaining about the switch & VLAN side of things - I find myself pretty proficient in general Linux networking tools but couldn’t figure out their switching/bridging/VLAN configuration despite easily being able to do it on a Linux command line with brctl/etc. I suspect it’s a necessary evil though as Mikrotik’s custom config system for this may not actually use Linux networking subsystems and interacts directly with the hardware to enable hardware offload.
The wired buffer bloat screenshot seems quite high to me at 53 ms. Not sure if it's router or something else related. Have you tried connecting directly through the modem?
In my setup, FTTH of the GPON variety (1000/400), I get around 5 ms latency on the buffer bloat page. My old FTTC setup (1000/60, fiber to the curve + COAX through the building) was around 8.
My setup is GPON box -> managed switch -> Router (virtualized on KVM with pass-through NICs) -> managed switch (again) -> 2nd managed switch -> PC.
I’m very happy with the bufferbloat (0ms) not quite with the latency but I can’t do much, is my ISP that has about 15/20ms ping time.
The fiber arrives only to the street cabinet, and then there’s a copper cable to my home, I don’t know how you can have 1000/60 on FTTC setup, this is absolutely impossible in my country (Italy), we can have 200/20 max speed on FTTC (and this is what I’m using).
There’re already the fiber cables on the street, I’m waiting for the vertical lines to my home.
> I don’t know how you can have 1000/60 on FTTC setup
This was in an apartment building in Paris, not a detached house. It was a quite common setup when fiber started rolling out: it would arrive in the basement and apartments would be connected through the existing coax (TV) cables.
Checking Wikipedia, maybe FTTB is a more appropriate term.
Now it's mostly GPON FTTH.
---
edit: regarding the latency, your setup adds around 30 ms of latency, which to me seems rather high.
PING 192.168.1.3 (192.168.1.3): 56 data bytes
64 bytes from 192.168.1.3: seq=0 ttl=64 time=1.150 ms
64 bytes from 192.168.1.3: seq=1 ttl=64 time=1.252 ms
64 bytes from 192.168.1.3: seq=2 ttl=64 time=1.117 ms
64 bytes from 192.168.1.3: seq=3 ttl=64 time=1.170 ms
64 bytes from 192.168.1.3: seq=4 ttl=64 time=1.210 ms
64 bytes from 192.168.1.3: seq=5 ttl=64 time=1.204 ms
64 bytes from 192.168.1.3: seq=6 ttl=64 time=1.232 ms
64 bytes from 192.168.1.3: seq=7 ttl=64 time=1.190 ms
64 bytes from 192.168.1.3: seq=8 ttl=64 time=1.207 ms
^C
--- 192.168.1.3 ping statistics --- 9 packets transmitted, 9 packets received, 0% packet loss
round-trip min/avg/max = 1.117/1.192/1.252 ms
Related: what's the current best option for those of us who like old UniFi's ease of use, but don't like new Unifi's "use our cloud, or else..." attitude and the constant firmware issues?
None is probably the "best option" but this is the evolution I went through in the past few months:
1. had the UDM for about a year, then at some point found out that some firmware update had completely trashed 2.4GHz wifi. Like you can connect to it but if you transfer more than 1MB or so it just hangs, reconnect works but basically unusable, 5GHz works fine but in my house the office just did not get good enough coverage. Like, dude, you had ONE JOB!
2. Bought a Ruckus AP and an Mikrotik hEX S to do routing. Wifi is better but office still did not have good enough coverage.
3. Finally gave up and just ran some CAT 6A from the router to my office. Night and day.
From my research Ruckus gear is really good and requires no controller nor cloud connectivity whatsoever but expensive. Mikrotik is nice for wired stuff, but mostly quite dated for wireless, also they still carry a lot of their previous generation gear .. a lot of it has really wimpy CPU's, so do some research. Also the configuration can be a bit involved, tho lot of internet advice on a decent setup.
UDM Pros include their own local Unifi management runtime which will administer the full local network.
After the security incident a few years ago, Ubiquiti pushed an update that let's you login to it via a local credential rather than their cloud identity server.
I don't see anything in UDM Pro's Unifi that is dependent on their cloud (other than checking for updates)
I've switched to Mikrotik, for routing and switching. With wifi, Mikrotik still doesn't have good AX offer, so I kept nanoHDs for the time being.
It is more complex, you have to get used to Winbox, but after that, there's no way back to Unifi. There are no dashboards that look nice in screenshots, but on the other hand, the stats provided make sense.
But wrt firmware issues, Mikrotik also has occasional one.
If you want fancy dashboards, I'd suggest using a different product for that purpose. Can enable SNMP on the Mikrotik devices, and let something like Munin do the graphing for you.
No one (at least that I have found) has as mature/slick looking a controller as Unifi. And once I realized that I rarely changed settings for my core network, particularly on my AP's, I really started to broaden my search. A friend turned my onto the Grandstream APs (I thought they only did phones?!?) and I have to say so far I'm really impressed. They are a bit uglier than the Unifi UFOs and the update process for the firmware that shipped with them was an utter nightmare to figure out - but now that I'm past that I'm very pleased with them. They seem to be a lot faster and more stable than the Unifi equivalents.
I've set up a lot of UBNT kit, been heavily involved in the forums and their beta products - but the quality and timeliness of firmware updates has really fallen off the last five or so years. Unsurprisingly about the same time they shipped all the firmware coding overseas. One of the biggest reasons I was a huge proponent of them was the constant and tight interaction of the developers in their community forums. That also fell off a cliff around the same time. The market is ripe for someone else to step in.
Surprisingly Cisco, with their small business line, has one of the better looking contenders. No subscription - and I didn't need anything (not even an email) to download firmware updates or the controller (!!) Not your fathers Cisco! Their controller lags Unifi, but not by much. I scored a router and switch off of ebay just to dabble and it was pretty promising. I haven't looked at it for a while; I probably need to fire it back up and see if it's matured any. In the end for firewall I went back to OpnSense. Unifi switches are OK but their one year hardware warranty, frankly, sucks. If I were to by new switches I'd probably just go back to netgear. Their lifetime warranty is pretty hard to beat. I've had them replace 10 year old switches with nary a blink of the eye so it's not just lip service.
As far as I know you can set up a local UniFi management point using using the latest version of the Cloud Key Gen2 Plus firmware. However you won't be able to use Unifi Protect (the security camera offering) as that still requires a cloud account to set up. But once you have set up the cloud account you can revert back to local-only operation and no video data leaves your LAN.
The firmware issue is probably very individual device dependent. I remember the old USG plus an old cloud key (both no longer sold for a long time) had some stability issues maybe two or three years ago if you enabled every possible monitoring feature simultaneously, that issue is long gone. UniFi is much like MS or IBM in that they sell such an incredibly wide range of products its quite possible our experiences have nothing in common.
The original cloud key is quite slow but totally usable; there's a docker container and running on anything faster than a Pi its quite fast and snappy.
> but don't like new Unifi's "use our cloud, or else..." attitude
They don't have this attitude and never have. You can use local accounts, have always been able to use local accounts.
The only thing out there that's better than Ubiquiti is actual enterprise gear, all of which now requires subscription licensing. Unfortunately if you want a buy once / cry once solution for prosumer usage, Ubiquiti is the best option. I hunted for alternatives several times, and nobody is competitive. Microtik is the next closest option, but it's frankly garbage and with bigger security issues.
They heavily push their cloud management, apparently tried doing required cloud logins for their UDMs (implied in another comment), and 100% require you to purchase their hardware or use their cloud for Unifi Protect. In the past, one could run the Protect software on their own machine.
Ubiquiti is the least smelly networking solution in a room full of really smelly options. They are not consumer friendly like they used to be.
> Ubiquiti is the least smelly networking solution in a room full of really smelly options.
Agreed entirely. Unfortunately this is a market that's not well served because there's a lot more money to be made just shoveling consumer garbage out or putting small businesses over the barrel with subscriptions rather than offering a proper prosumer product.
I want to share my small take on this, from someone who runs a decent smart home setup. You want to avoid cloud stuff, if you keep that in mind a lot of options you can just exclude and your horizon becomes limited (in a sense) - but you get the best parts!
If you have a strong 2.4GHz wireless network already (a proper mesh system in your home), look into having your smart stuff run over wireless, no point in having zigbee. If you don't have a strong wireless network, first consider getting one, else look into zigbee devices.
Run home assistant, doesn't matter what devices you want to have on your network, home assistant is a must for a decent smart home experience. You can run it on a raspberry pi 3b+ or a spare server in a docker container. Spare server is faster but the pi can handle it.
Setup all your devices to talk to home assistant, then make home assistant expose the devices to Google Home or Alexa, instead of directly exposing the devices to the cloud services.
Smart TVs are not good, my experience with LG and Samsung has been of ADs and abandoned software, instead get a good TV (image quality, etc..) and plug a Mi Box or Roku or Amazon Firestick into it.
CCTV is a mixed topic, you can go the closed circuit camera option (NVRs and suff) or you can go with ip cameras. Just don't use wireless cameras, everything wired for this.
If you want some hardware brands and comparisons, check out The Hook Up on youtube for the specific topic. I can vouch for Sonoff, Shelly, Reolink, etc..
I'm not happy with ZigBee: Only a single, flaky edge between two floors means one floor sometimes craps out and can't be talked to by the coordinator/home assistant. The WiFi devices (Shelly&Sonoff) are much better thanks to great WiFi (3 indoor APs, one outdoor).
However, we have a few ZigBee remotes/portable buttons and sensors (motion and temperature/humidity), which are a great addition. I already know where to put another ZigBee router to finally make that floor reliable. But I can only do so once my SO&I agree on what fixture to put there, and that's complicated ;-)
Maybe look at the nVidia Shield as a more privacy-friendly alternative to FireTV et al. (at least that's what Mozilla says). Sadly it's pretty expensive.
Can't say anything about NVR.
The remainder I can totally agree with. If I unplug my modem, only thing lost are weather report and mower bot control.
It's infuriating that this is necessary -- now that printers are pretty optional and those of us that need one have settled on Brother laser-printers, consumer routers are now the 21st century home appliance of "holy shit why is this the worst device I own?"
I have a home network powered by Asus routers, but that's only after years of trial-and-error with other brands (Netgear, Linksys, TP-Link). The fact that Asus is the "crappy inconsistent B-minus grade devices" company normally and that's way above average in routers is a massive step forwards.
The extended features are a joke and I have to reset the routers maybe once a year at worst but they're the first solid home internet connection I've ever had.
If I have to go through the mayhem again, I'll be cribbing from guides like this, but I'll be really really angry about it.
Part of the problem is, most consumer-grade routers use CPUs that can kind of get by most of the time on passive cooling. Then when the weather is hot or your usage is above-average, it has problems.
Most people want to avoid active cooling on a router, because you've got it out in the open for line-of-sight / signal propagation purposes, and there's kind of a reliability argument for avoiding moving parts.
I'm not trying to say the only advantage of a pro setup is having fans on it, but it's definitely one of the advantages.
I use my Internet carrier's WiFi 6 router/modem combination. It works fine. It's free, and I don't get a discount for bringing my own equipment. I spent zero time configuring anything.
I have Internet. I haven't noticed any problems making Zoom calls or playing games online. What I don't know about my bufferbloat score doesn't really hurt me.
Anything I host is in a VPS so I don't need any advanced routing or VLANs.
A crapload of people have gone remote, though. Meaning they're experiencing the normal hiccups and drops as "oh shit I can't show up to my meeting". So they can't ignore it anymore.
All of that hardware in a wooden box scares me. I'd recommend keeping all that in a metal enclosure in a utility room where the hardware can catch fire without setting the entire house ablaze.
Ahah yes correct, I’m a bit scared too. This is why I have put inside the cabine a SwitchBot connected thermostat and I have a Homebridge plug-in that sends me various alerts via push notifications (using Pushover app) when the temperature inside the cabinet goes above “28-32-36-it’s_on_fire ºC”. And it works, see alerts screenshot: https://i.imgur.com/BvEesUD.png
I’ve explained my setup at the beginning of the post, there’s also the “temperatures alerts” in my previous blog post. Also if the temperature raise too much, the A/C above the wooden cabinet turns on and cools down all the hardware. During the night thishappened various times during this hot summer!
> I'd recommend keeping all that in a metal enclosure in a utility room where the hardware can catch fire without setting the entire house ablaze
Yes but you cannot agree with me that the metal racks are terrible/ugly =] I want to have my network things inside my house, possibly where I can see them, and I don’t want to have a metal rack inside my living room, see my first post with all the house rooms (http://giuliomagnifico.blog/networking/2022/01/14/my-home-se...).
Anyway I can’t say that the fire risk is concrete, as always with electrical things. But I prefer to monitor this risk with sensors and maintenance instead of “move the risk in the garage/car park or cellar” (I also have a fire extinguisher hidden inside a wardrobe, just in case…)
I wouldn't be worried about overheating - most hardware will shut down for safety way before you reach temperatures capable of igniting a fire. Instead I'm worried about catastrophic failure (especially of power-related components such as PSUs or that UPS) where the thing explodes out of the blue and spits out sparks and flames.
In this case, you'll very quickly get a self-sustaining fire (thanks to all that firewood around it) and will need to actively extinguish it - turning the power off or starting the AC will not save you.
The best solution, short of an active fire suppression system such as sprinklers (which obviously come with their own problems) is to put the hardware in a place where you can have a device catch fire and be confident that the fire won't spread or get out of hand.
Alerts and a fire extinguisher are great, but what can you do about them if they trigger while you're away?
The A/C starting if things get too hot is great, especially if it doesn't depend on any of said things not being out of order (say because it shut down because of the heat).
I can turn off the devices remotely if something gets too hot (via WireGuard), but I’ve never done it for the temperature.
But in my house, like every house, there’s a fridge, a boiler, the A/Cs, burners with gas, etc… everything could get on fire.
I can also call my parents or neighbors to ask if they are seeing smoke out of my house =] that’s the most efficient alarm!
> there’s a fridge, a boiler, the A/Cs, burners with gas, etc… everything could get on fire.
Most of these appliances don't actually have flammable materials right next to the active components that can catch fire. A circuit board can catch fire but it'll likely self-extinguish because it's in a metal enclosure away from anything flammable.
Is it much different from putting a bunch of A/V gear in a wooden cabinet? It's not that uncommon for a receiver, game console, cable box, blue ray player, etc... to be in wood furniture.
The main difference I see is that, at least in my case, the A/V gear will be off when I'm not actively using it, i.e., sitting in front of it.
My network gear runs 24/7, even if I'm away from home for multiple days at a time. I usually only turn it off when I leave for longer (>1 week) holidays.
If it has a working remote control or a soft start power switch its never "off".
Most cheap hardware does not have X or Y safety class capacitors so if there's any exposed conductor you're probably marginally safer on an insulator like wood.
I'd expect most components to fail under stress which is not the case in a low-power standby mode where only a single 5V power rail is active and sources a few milliamps.
Not great and I personally wouldn't put equipment in cabinets, but I'd expect most failures to occur when the equipment is actively being used & under stress, not during standby.
There is a self heating failure mode for capacitors that would depend a little bit on current drawn, but the voltage across a cap would be constant regardless of current drawn so safety and fire related failures are primary based on time.
"Name Brand" products with legitimate UL listings almost entirely use Class X or Y caps where safety regulations require them and would be immune to this problem due to internal construction differences. "No name gray market off aliexpress" would be an unwise choice.
It's surprising how few fires we have from household electronics. The odds are it'll be fine.
The UPS is not even lukewarm. I was scared too, first time I put UPS in another position (see other posts/releases of the setup) with more space but then, after one year of monitoring, I always see that its temperature is the lowest of all the hardware inside, I moved it there (anyway I can move it 5cm from the left side, there’s plenty of space). I have others UPS (another range of APC UPS) that are getting a bit warm, but not this one.
Out here in the Bay Area, I've been trying to figure out how to efficiently (and interestingly) use a 10gbe FTTH symmetric setup from Sonic. It's surprisingly hard to find anything for the thrifty consumer that can consume this kind of connection. I'm curious if there is something like the nanoPi R4S targetted at the 10gbe world.
I’ve been thinking about using maybe Netgate hardware running pfSense in an business setup. Apparently the 1537 model [1] can do over 10 Gbps routing and firewall according to their marketing tests. Base model is a bit over two grand in USD. But probably not super ‘efficient’ throwing a Xeon at it and not especially thrifty.
It looks like a branded generic Supermicro machine but seems convenient to get it out of the box and the price doesn’t seem bad considering what’s in it.
10gbe and thrifty is at least for now not a good match.
Could put in a PCIe dual x 10GBe card into an old PC and if that's not enough ports buy a vlan capable switch with a 10GBe uplink and enough 2.5gbe/1gbe ports for your needs.
I was just waiting for a comment like this as I anticipate getting the 10G at some point.
From what I've been able to tell, at 10G speeds, you pretty much have to build your own. Currently, I'm planning to get a SFFPC, stick a quad port 10G card in it, maybe run ESXi, router OS TBD: VyOS, DANOS, OpenWRT?
Very useful, informative and timely! I'm moving into a different house soon, and this has given me the motivation and opportunity to update my outdated consumer modem/router/wifi hardware. I'm still living in the past with 802.11n! At my old home, I personally ran ethernet to each room, but I'm older now and the thought of crawling around in a dusty crawlspace drilling holes and running cords no longer appeals to me like it used to. I'm almost ready to swallow my pride and accept the heresy that WiFi might be good enough, now that we are in the world of 802.11ax. I also like OP's choice to separate their router/switching hardware from their AP hardware. Might go down that route too.
I'm almost ready to swallow my pride and accept the heresy that WiFi might be good enough, now that we are in the world of 802.11ax
Wireless is fine if it's only half of your loop. For example, suppose you want to stream a game from your powerful computer/console to your phone/tablet. There's a perceptible difference between having just the receiver wireless and having the sender and receiver both wireless.
The primary factor for Wifi performance really is congestion. My Wifi in a rural location performs way better with just the isp router than my multi access point setup in a fairly tight suburb. So far there's just no way around that except temporary fixes with new bands like with Wifi 6E.
I see that Giulio here has attained an A+ buffer bloat rating for his or her home network. I've tried this in the past with limited success, mostly because I don't want to introduce another failure point (dedicated router, separate from wireless access point) to my network.
Am I being silly? I'm concerned about what could happen if there's a failure when I'm not home to maintain everything, since I'm the only person who can or wants to work with this equipment.
I'd love to reduce my buffer bloat to improve the quality of my my video and audio calls. But I'm not sure it's worth it. Or if the results in this post demonstrate an average use case with a crappy ISP.
If your router+ap supports OpenWRT you can reflash and have best of breed QoS up and running in a few clicks via the Luci web interface that IMO is vastly superior to the goofy web UIs that come on SOHO routers.
Bonus is OpenWRT also seems to be much more stable than manufacturer hardware as long as your hardware is well supported. Plus you don't have to worry about your manufacturer no longer supporting firmware on your model and OpenWRT is much faster to respond to the occasional security issue, etc.
OpenWRT has gotten some flak over the years by leaving devices behind when they no longer have enough flash and/or RAM. That said OpenWRT is likely going to support your hardware longer than the manufacturer will.
I have a router similar to the router in the linked post, and OpenWRT was a mess on there. Turns out that my router was saddled with a crappy processor downgrade at some point after initial release, and I got one of the crap CPUs.
OpenWRT didn't even support the CPU by default, and when I managed to get OpenWRT on there, I had serious QoS problems because the CPU wasn't up to snuff. I liked OpenWRT a lot but it was a really frustrating experience.
There’re lots of variables, like tour internet speed, your hardware, etc.. OpenWrt is great at managing bufferbloat, and a router + AP is not a +1 point of failure, if you consider that I can switch or turn off the AP but I can leave the home internet online.
Anyway I leave alone but With a VPN you can manage your home LAN from everywhere. I’ve done a similar setup for my parents, when they call me saying “we don’t have internet” I can simply check what’s going on, I wrote a post here: http://giuliomagnifico.blog/networking/2022/07/21/setting-up...
Not sure if it's mentioned in the webpage but the biggest possible issue with this WG setup is if the ISP's DHCP changes your endpoint IP (or worse, the ISP double NATs their customers).
While we're on this topic... What's the deal with having multiple wifi access points with the same SSID? I have heard some people say you should always use a single SSID because the clients know how to automatically pick the best one. But I have heard others disagreeing and saying that to ensure you're using the right access point you need to use different names for each one and also 2.4ghz vs 5ghz. Anyway, who's right here?
You should use the same SSID for 2.4GHz and 5GHz. You should also use the same SSID for all APs if they support roaming. Unifi does, for example. If you just get two random independent wifi routers, they won't and you might stay connected to the wrong antenna for a while.
All five APs in the house use the same SSID. Four of them have both 2.4 and 5Ghz radios; they use the same SSIDs. All of them are connected via ethernet to the switch.
Please look into CAKE to replace your SQM configuration. Dave Taht and the team have done some incredible work on this through their bufferbloat.net project.
So tidy. I have a whole closet with a 512 GiB/96 thread/120 TiB HDD/16 TiB SSD server running ESXi, OPNsense 740, Google Fiber 2 Gb, a Ubiquiti 6 mesh AP (POE switch powered), Philips Hue bridge, Flic bridge, Ring bridge, and DMX512 bridge. I'm about to install 10 GbE links between things to get the server up to 2 Gbps.
Saw that they’re using a NanoPi - I just picked up an R5S (dual 2.5gbe + single 1gbe) and it’s a pretty neat device. Haven’t done any significant benchmarks yet, but I was able to use the FriendlyElec wiki to build FriendlyWRT and run it, which makes me feel a little better about running no-name hardware out of China.
I’m currently running a Cisco ASA 5540 as the perimeter device (with NAT and DHCPD) at home. Replaced the stock fans because it was seriously noisy. Getting about 920Mbp/s. Also running a site-to-site VPN to AWS. It’s been working great for many years with absolutely no issues whatsoever. The only problem is that it’s starting to show some ageing with no firmware updates since 2018, so I’m replacing this with a recent Palo Alto Networks NGFW with 1+ Gbp/s firewall capability. The FW is then connected with OM3 fiber to a SFP port on a 48-port gigabit Cisco switch (2960G), with trunking ports to other managed Cisco switches in the house. The server is connected to the switch using 4 ports in LACP mode for better bandwidth and redundancy. If you can live with the noise I highly recommend old enterprise gear as it can be found for cheap.
Internet -> Modem -> router -> managed switch - access point ?
Anyway, thanks for sharing the setup. I love how everybody here has a different takeaway from this.
For me, it was nanoPi. I just ordered R4SE for my tinkering with OpenWrt.
I have a symmetric fiber gig connection that is quite stable but I’m thinking about getting a secondary connection from a different provider.
My “dream” is to have HA (active/passive) routers that can fall back on the backup (slower) line and back when there’s need. The rest of my HW is small and spread out throughout a house than not a single failure will severely affect my home.
> Internet -> Modem -> router -> managed switch - access point
Yes, also. depends if you are in download or upload =) be careful with the R4SE (the model with inside eMMC storage), I don't know if the R4S OpenWrt build will run also in the R4SE.
I checked their wiki before ordering and they sort of consider the SE model as a newer revision of R4S. So I’m hopeful. It if that doesn’t work, I’ll find some other use for it. Anything that does not run the Chinese flavor of Ubuntu or WRT lol
The only difference is the SE has the 32gb emmc inside and I’m skeptic that OpenWrt will run fine, surely it will not recognize the internal storage. Anyway you can use the FriendlyElect WRT, basically it’s an old release of OpenWrt with some customizations.
Anyone have experience with TP-link omada. The cost to set up Ubiquiti ( not to mention space for racks etc ) is just to much. I have gigabit internet so the UDR is out of the question for me. I wfh so I just need something that is solid and works ( I tend to run the same equipment at my parents house as well )
I have been happy with the TP-Link AXE-5300 mesh three-pack that I got from Costco for $300. The wifi 6e is slightly disappointing as my Samsung devices tend to pick the wifi 6 network instead. It's been reliable the whole time.
Currently I'm using: ATT fiber modem, Mikrotik CRS354-48P-4S+2Q+RM for PoE+, tplink deco axe5300
Anyone have recommendations for a small, passively cooled router with 2x2.5 gbe or better? Ideally with some extra ram for a service or two. Maybe the RK3588.
Huh? I have a pfSense firewall, a 16 port PoE switch, and several MacBook mini servers. All in the living room. They are all essentially silent (since that was a hard requirement for me). Silent (and good) gear definitely exists for spaces that require it.
True, especially if the setup is directly in the living space.
I'm not familiar with any of OP's components, but it's absolutely possible to have a silent setup.
In my case, I have an HP EliteDesk (salvage from work) that does the routing, etc, which is dead quiet, and it's connected to a fanless Brocade (Ruckus) switch. There's no coil while or anything. The most annoying parts are the blinking lights, which I fixed with some red tape.
Never rebooted - uptimes in months and they are on battery backup.
It is amazing how much the stock firmware shipped by the likes of Broadcom/Realtek sucks so much - it is not like Mikrotik/Ubiquiti makes their own SOC's to make it more realizable.