[HN Gopher] My network home setup v3.0
___________________________________________________________________
My network home setup v3.0
Author : giuliomagnifico
Score : 138 points
Date : 2022-08-15 10:06 UTC (12 hours ago)
(HTM) web link (giuliomagnifico.blog)
(TXT) w3m dump (giuliomagnifico.blog)
| Nextgrid wrote:
| All of that hardware in a _wooden_ box scares me. I 'd recommend
| keeping all that in a metal enclosure in a utility room where the
| hardware can catch fire without setting the entire house ablaze.
| giuliomagnifico wrote:
| Ahah yes correct, I'm a bit scared too. This is why I have put
| inside the cabine a SwitchBot connected thermostat and I have a
| Homebridge plug-in that sends me various alerts via push
| notifications (using Pushover app) when the temperature inside
| the cabinet goes above "28-32-36-it's_on_fire oC". And it
| works, see alerts screenshot: https://i.imgur.com/BvEesUD.png
|
| I've explained my setup at the beginning of the post, there's
| also the "temperatures alerts" in my previous blog post. Also
| if the temperature raise too much, the A/C above the wooden
| cabinet turns on and cools down all the hardware. During the
| night thishappened various times during this hot summer!
|
| > I'd recommend keeping all that in a metal enclosure in a
| utility room where the hardware can catch fire without setting
| the entire house ablaze
|
| Yes but you cannot agree with me that the metal racks are
| terrible/ugly =] I want to have my network things inside my
| house, possibly where I can see them, and I don't want to have
| a metal rack inside my living room, see my first post with all
| the house rooms
| (http://giuliomagnifico.blog/networking/2022/01/14/my-home-
| se...).
|
| Anyway I can't say that the fire risk is concrete, as always
| with electrical things. But I prefer to monitor this risk with
| sensors and maintenance instead of "move the risk in the
| garage/car park or cellar" (I also have a fire extinguisher
| hidden inside a wardrobe, just in case...)
| vladvasiliu wrote:
| Alerts and a fire extinguisher are great, but what can you do
| about them if they trigger while you're away?
|
| The A/C starting if things get too hot is great, especially
| if it doesn't depend on any of said things not being out of
| order (say because it shut down because of the heat).
| giuliomagnifico wrote:
| I can turn off the devices remotely if something gets too
| hot (via WireGuard), but I've never done it for the
| temperature. But in my house, like every house, there's a
| fridge, a boiler, the A/Cs, burners with gas, etc...
| everything could get on fire.
|
| I can also call my parents or neighbors to ask if they are
| seeing smoke out of my house =] that's the most efficient
| alarm!
| Nextgrid wrote:
| > there's a fridge, a boiler, the A/Cs, burners with gas,
| etc... everything could get on fire.
|
| Most of these appliances don't actually have flammable
| materials right next to the active components that can
| catch fire. A circuit board can catch fire but it'll
| likely self-extinguish because it's in a metal enclosure
| away from anything flammable.
| giuliomagnifico wrote:
| My house is all made of wood:
| http://giuliomagnifico.blog/networking/2022/01/14/my-
| home-se...
| Nextgrid wrote:
| I wouldn't be worried about overheating - most hardware will
| shut down for safety way before you reach temperatures
| capable of igniting a fire. Instead I'm worried about
| catastrophic failure (especially of power-related components
| such as PSUs or that UPS) where the thing explodes out of the
| blue and spits out sparks and flames.
|
| In this case, you'll very quickly get a self-sustaining fire
| (thanks to all that firewood around it) and will need to
| actively extinguish it - turning the power off or starting
| the AC will not save you.
|
| The best solution, short of an active fire suppression system
| such as sprinklers (which obviously come with their own
| problems) is to put the hardware in a place where you can
| have a device catch fire and be confident that the fire won't
| spread or get out of hand.
| giuliomagnifico wrote:
| The floor, like the ceiling, are made of wood, I have other
| UPS on the floor, also my desk with the notebook is made of
| wood...
| http://giuliomagnifico.blog/networking/2022/01/14/my-home-
| se...
|
| I understand what you say, unfortunately! I hope that
| nothing will ever happen...
| criddell wrote:
| Is it much different from putting a bunch of A/V gear in a
| wooden cabinet? It's not that uncommon for a receiver, game
| console, cable box, blue ray player, etc... to be in wood
| furniture.
| vladvasiliu wrote:
| The main difference I see is that, at least in my case, the
| A/V gear will be off when I'm not actively using it, i.e.,
| sitting in front of it.
|
| My network gear runs 24/7, even if I'm away from home for
| multiple days at a time. I usually only turn it off when I
| leave for longer (>1 week) holidays.
| VLM wrote:
| If it has a working remote control or a soft start power
| switch its never "off".
|
| Most cheap hardware does not have X or Y safety class
| capacitors so if there's any exposed conductor you're
| probably marginally safer on an insulator like wood.
| Nextgrid wrote:
| I'd expect most components to fail under stress which is
| not the case in a low-power standby mode where only a
| single 5V power rail is active and sources a few
| milliamps.
|
| Not great and I personally wouldn't put equipment in
| cabinets, but I'd expect most failures to occur when the
| equipment is actively being used & under stress, not
| during standby.
| VLM wrote:
| There is a self heating failure mode for capacitors that
| would depend a little bit on current drawn, but the
| voltage across a cap would be constant regardless of
| current drawn so safety and fire related failures are
| primary based on time.
|
| "Name Brand" products with legitimate UL listings almost
| entirely use Class X or Y caps where safety regulations
| require them and would be immune to this problem due to
| internal construction differences. "No name gray market
| off aliexpress" would be an unwise choice.
|
| It's surprising how few fires we have from household
| electronics. The odds are it'll be fine.
| 57FkMytWjyFu wrote:
| I was thinking you were too worried, and then I went back and
| saw the UPS. I wouldn't put that inside any enclosure.
|
| From the manual "* Provide 5 cm clearance on top and sides for
| adequate airflow around the unit."
| giuliomagnifico wrote:
| The UPS is not even lukewarm. I was scared too, first time I
| put UPS in another position (see other posts/releases of the
| setup) with more space but then, after one year of
| monitoring, I always see that its temperature is the lowest
| of all the hardware inside, I moved it there (anyway I can
| move it 5cm from the left side, there's plenty of space). I
| have others UPS (another range of APC UPS) that are getting a
| bit warm, but not this one.
| exitb wrote:
| I imagine its temperature habits might be different in case
| it becomes active with a power loss or when it recharges
| after an incident.
| pantalaimon wrote:
| Looks like it's IPv4 only?
| giuliomagnifico wrote:
| Yes, my ISP has some issues with IPv6. I will switch all to
| IPv6 as soon as I get the FTTH connection (I hope!)
| Pxtl wrote:
| It's infuriating that this is necessary -- now that printers are
| pretty optional and those of us that need one have settled on
| Brother laser-printers, consumer routers are now the 21st century
| home appliance of "holy shit why is this the worst device I own?"
|
| I have a home network powered by Asus routers, but that's only
| after years of trial-and-error with other brands (Netgear,
| Linksys, TP-Link). The fact that Asus is the "crappy inconsistent
| B-minus grade devices" company normally and that's _way above
| average_ in routers is a massive step forwards.
|
| The extended features are a joke and I have to reset the routers
| maybe once a year at worst but they're the first solid home
| internet connection I've ever had.
|
| If I have to go through the mayhem again, I'll be cribbing from
| guides like this, but I'll be really really angry about it.
|
| How do normies live?
| nix0n wrote:
| > why is this the worst device I own?
|
| Part of the problem is, most consumer-grade routers use CPUs
| that can kind of get by _most_ of the time on passive cooling.
| Then when the weather is hot or your usage is above-average, it
| has problems.
|
| Most people want to avoid active cooling on a router, because
| you've got it out in the open for line-of-sight / signal
| propagation purposes, and there's kind of a reliability
| argument for avoiding moving parts.
|
| I'm not trying to say the only advantage of a pro setup is
| having fans on it, but it's definitely one of the advantages.
| shepherdjerred wrote:
| > How do normies live?
|
| I think the phrase 'ignorance is bliss' explains this
| Pxtl wrote:
| A crapload of people have gone remote, though. Meaning
| they're experiencing the normal hiccups and drops as "oh shit
| I can't show up to my meeting". So they can't ignore it
| anymore.
| mmcnl wrote:
| I have a lot of TP-Link networking hardware equipment. Works
| flawlessly. Never had to reboot anything. Just works.
| dangus wrote:
| Necessary? Not really.
|
| How do the normies live? Quite easily.
|
| I use my Internet carrier's WiFi 6 router/modem combination. It
| works fine. It's free, and I don't get a discount for bringing
| my own equipment. I spent zero time configuring anything.
|
| I have Internet. I haven't noticed any problems making Zoom
| calls or playing games online. What I don't know about my
| bufferbloat score doesn't really hurt me.
|
| Anything I host is in a VPS so I don't need any advanced
| routing or VLANs.
| jnsaff2 wrote:
| For this setup I would rather go with some of the Mikrotik gear.
| I have the hEX S as a router and if you only need 4 device ports
| it saves you having a separate switch. This one has a newish CPU
| so routing performance is pretty much line-rate and it also has
| an SFP cage so depending on your provider setup you might even
| get the fiber directly into this device (mine sadly uses GPON
| with dedicated crypto built into the media converter so I could
| not use it). It is very feature rich and only costs about 75EUR
| here.
|
| The upgrade pick would be the RB5009 with SFP+, 2.5GBe and 8GBe
| ports, much-much more CPU. The availability of this is pretty bad
| tho, I have the PoE version on order.
| Havoc wrote:
| Hardware side they're in completely different classes - dual vs
| hex core. 256mb vs 4gb. Don't see any benchmarks for the hex s,
| but lets just say 4 year newer quad core mediateks clocked
| twice as high still lose by a factor of 4x [0]
|
| SFP is a plus though, and software support is pretty weak on
| R4S side - only getting openwrt official support in the
| upcoming 22.03 release...about a year after you could buy the
| device
|
| [0] https://www.cpubenchmark.net/compare/Rockchip-RK3399-vs-
| Medi...
| vetinari wrote:
| Depends what do you expect from a router. Mikrotiks
| traditionally have a relatively weak hardware, but they are
| pretty optimized for what they do (for IPv4; IPv6 not so
| much).
|
| Hex S can route gigabit; barely, but still. See
| https://mikrotik.com/product/hex_s#fndtn-testresults For a 6W
| device, that's pretty neat.
| SparkyMcUnicorn wrote:
| > you might even get the fiber directly into this device (mine
| sadly uses GPON with dedicated crypto built into the media
| converter so I could not use it).
|
| I'm in this situation.. But I have the fiber line coming
| directly into my gear with the ISP provided modem into another
| port on the switch. I use an EAP proxy to forward the
| authentication packets to modem, and all other traffic skips
| the modem entirely.
|
| I did ask my install guy to give me the separate fiber
| transceiver (not integrated with the modem), because I didn't
| have an SFP cage to use the fiber line directly.
| giuliomagnifico wrote:
| Thanks for the suggestion! When this router will be not
| sufficient, I'll give a change to Mikrotik, I like their stuff!
| (But also the nanoPi R5S is nice for 2.5Gb)
| Nextgrid wrote:
| Mikrotik is a great cost/performance ratio but the complexity
| and user experience of configuring it is horrible.
| blibble wrote:
| most of it seems to be a very thin layer on top of the
| standard linux networking tools (e.g. iptables)
|
| this can be both a pro and a con :)
| Nextgrid wrote:
| Agreed about the firewall side of things! I was
| complaining about the switch & VLAN side of things - I
| find myself pretty proficient in general Linux networking
| tools but couldn't figure out their
| switching/bridging/VLAN configuration despite easily
| being able to do it on a Linux command line with
| brctl/etc. I suspect it's a necessary evil though as
| Mikrotik's custom config system for this may not actually
| use Linux networking subsystems and interacts directly
| with the hardware to enable hardware offload.
| vetinari wrote:
| I switched to Mikrotik from Unifi. With Unifi, I was always
| fighting it, with "most users do not need that, why you
| do?" (like site-to-site ipsec tunnel with the other side
| having valid dns hostname, but not fixed ip). With
| Mikrotik, I just set up the way I need it and it's done.
|
| So yes, the difference is like this:
| https://i.redd.it/slaeayro0o061.png But in the end, it is
| worth it.
| PenguinCoder wrote:
| Agreed; Ubiquiti/unifi is easier to get started with. But
| as soon as you want to do anything more 'complex', it
| often can't do it or won't let YOU do it. Mikrotik is at
| better at not getting in your way. Though, Mikrotik setup
| is more involved and requires a bit more knowledge about
| networking than Unifi does. Only thing I really don't
| like about Mikrotik is the CAPSMAN/AP situation. They're
| pretty bad and very difficult in my experience, to get
| working right/seamlessly.
| vladvasiliu wrote:
| Are you happy with the latency?
|
| The wired buffer bloat screenshot seems quite high to me at
| 53 ms. Not sure if it's router or something else related.
| Have you tried connecting directly through the modem?
|
| In my setup, FTTH of the GPON variety (1000/400), I get
| around 5 ms latency on the buffer bloat page. My old FTTC
| setup (1000/60, fiber to the curve + COAX through the
| building) was around 8.
|
| My setup is GPON box -> managed switch -> Router (virtualized
| on KVM with pass-through NICs) -> managed switch (again) ->
| 2nd managed switch -> PC.
| giuliomagnifico wrote:
| I'm very happy with the bufferbloat (0ms) not quite with
| the latency but I can't do much, is my ISP that has about
| 15/20ms ping time. The fiber arrives only to the street
| cabinet, and then there's a copper cable to my home, I
| don't know how you can have 1000/60 on FTTC setup, this is
| absolutely impossible in my country (Italy), we can have
| 200/20 max speed on FTTC (and this is what I'm using).
|
| There're already the fiber cables on the street, I'm
| waiting for the vertical lines to my home.
| vladvasiliu wrote:
| > I don't know how you can have 1000/60 on FTTC setup
|
| This was in an apartment building in Paris, not a
| detached house. It was a quite common setup when fiber
| started rolling out: it would arrive in the basement and
| apartments would be connected through the existing coax
| (TV) cables.
|
| Checking Wikipedia, maybe FTTB is a more appropriate
| term.
|
| Now it's mostly GPON FTTH.
|
| ---
|
| edit: regarding the latency, your setup adds around 30 ms
| of latency, which to me seems rather high.
| giuliomagnifico wrote:
| Oh okay, then FTTB is more appropriate. Anyway the 30ms
| it's only on this service/server, my setup adds about
| 1-1,5ms: https://www.speedtest.net/result/i/5236800213
|
| Ping time from router to AP root@R4S:~#
| ping 192.168.1.3
|
| PING 192.168.1.3 (192.168.1.3): 56 data bytes 64 bytes
| from 192.168.1.3: seq=0 ttl=64 time=1.150 ms64 bytes from
| 192.168.1.3: seq=1 ttl=64 time=1.252 ms64 bytes from
| 192.168.1.3: seq=2 ttl=64 time=1.117 ms64 bytes from
| 192.168.1.3: seq=3 ttl=64 time=1.170 ms64 bytes from
| 192.168.1.3: seq=4 ttl=64 time=1.210 ms64 bytes from
| 192.168.1.3: seq=5 ttl=64 time=1.204 ms64 bytes from
| 192.168.1.3: seq=6 ttl=64 time=1.232 ms64 bytes from
| 192.168.1.3: seq=7 ttl=64 time=1.190 ms64 bytes from
| 192.168.1.3: seq=8 ttl=64 time=1.207 ms^C --- 192.168.1.3
| ping statistics --- 9 packets transmitted, 9 packets
| received, 0% packet loss round-trip min/avg/max =
| 1.117/1.192/1.252 ms
| runjake wrote:
| Readable: PING 192.168.1.3 (192.168.1.3):
| 56 data bytes 64 bytes from 192.168.1.3: seq=0
| ttl=64 time=1.150 ms 64 bytes from 192.168.1.3:
| seq=1 ttl=64 time=1.252 ms 64 bytes from
| 192.168.1.3: seq=2 ttl=64 time=1.117 ms 64 bytes
| from 192.168.1.3: seq=3 ttl=64 time=1.170 ms 64
| bytes from 192.168.1.3: seq=4 ttl=64 time=1.210 ms
| 64 bytes from 192.168.1.3: seq=5 ttl=64 time=1.204 ms
| 64 bytes from 192.168.1.3: seq=6 ttl=64 time=1.232 ms
| 64 bytes from 192.168.1.3: seq=7 ttl=64 time=1.190 ms
| 64 bytes from 192.168.1.3: seq=8 ttl=64 time=1.207 ms
| ^C --- 192.168.1.3 ping statistics --- 9 packets
| transmitted, 9 packets received, 0% packet loss
| round-trip min/avg/max = 1.117/1.192/1.252 ms
| giuliomagnifico wrote:
| Thanks, I inserted two spaces before the text but it
| didn't format all the code, just the first line, maybe
| because I'm on mobile?
| tibbydudeza wrote:
| The bane of my existence has always been wireless - family
| stopped complaining when I switched all the AP's to Ubiquity.
|
| Never rebooted - uptimes in months and they are on battery
| backup.
|
| It is amazing how much the stock firmware shipped by the likes of
| Broadcom/Realtek sucks so much - it is not like Mikrotik/Ubiquiti
| makes their own SOC's to make it more realizable.
| NonNefarious wrote:
| After several big-name routers that all sucked ass, and finally
| one that got hacked, I switched to Ubiquiti products. I have an
| EdgeRouter X and an AP AC Lite.
|
| After several years of use, I can say that Ubiquiti software
| and support are trash. Their configuration app (I used the iOS
| version) almost never works, meaning that it almost always
| fails to find the AP that is one foot away from the phone. It
| also suffers from unprofessional UI-layout defects. Their Mac
| app won't run until you manually strip quarantine flags from it
| because it isn't even signed... then it won't run because it
| relies on Java 8, and Mac OS hasn't shipped with Java in a
| decade. And if you jump through enough hoops to get it to
| launch, it fails to detect any Ubiquiti devices.
|
| Once I somehow tricked their iOS app into communicating with
| the AP and got it working, it did work for years and has pretty
| good range.
|
| But now (and this appears to be a somewhat common problem), the
| AP randomly stops sending data on 2.4 gHz. Here's one of
| several posts about it: https://community.ui.com/questions/AP-
| AC-Pro-problems-with-2... And it appears to afflict multiple
| products.
|
| This can last from minutes to days. Although you're connected
| to it, you can't even hit the router. Ubiquiti support is
| utterly useless; it's as if they do everything possible to drag
| out interactions until you go away, providing vague, terse,
| one-sentence answers every couple of days that contain no
| specifics.
|
| My impression is that Ubiquiti is just hanging on, coasting on
| existing technology and doesn't even have support staff that
| knows how it works.
| sokoloff wrote:
| I have 2 Ubiquiti U6LR APs serving most of the house (and 2
| more older AC-Pros serving the yard/outdoor patio and lower
| priority/IoT networks in the house). I frequently get
| complaints from my kids that "my phone doesn't work very well
| on the WiFi at my friend's house".
|
| The older one finally asked me "do you think the WiFi is just
| super-good at _our house_?! "
| BrandoElFollito wrote:
| Ah, how great it would be to hear that from my children :)
|
| There is hope, though, they recently started to speed test
| the networks they are in and mine is so far winning.
|
| All this does not matter, really, as having 40 vs 200 Mbps on
| a phone did not matter much.
| JohnBooty wrote:
| they are on battery backup
|
| Is this useful?
|
| My understanding is that when there is a power failure in the
| neighborhood, the broadband provider's equipment is usually
| offline as well.
|
| Of course, the answer is probably: "it depends on your
| broadband provider's local hardware setup." But I would be
| interested to hear peoples' thoughts.
| tibbydudeza wrote:
| Power outages are frequent enough that I invested in a 100AH
| battery and inverter to keep things going - the local fiber
| loop remains online as the local POP has batteries so I only
| need to power the ONT.
|
| My house is brick/mortar so I need 2 AP's to cover the entire
| house - the AP is one kids bedroom - she insisted a wired LAN
| connection for her PS5 (online gaming and ping/lag) so I
| needed to power both a small switch and the AP - got a 12V
| battery system for that.
| ryandrake wrote:
| > My understanding is that when there is a power failure in
| the neighborhood, the broadband provider's equipment is
| usually offline as well.
|
| I had a friend with a generator who got the opportunity to
| test this due to an extended power outage. Although I agree,
| it probably depends largely on how well your local ISP has
| their act together. He found that Comcast (consumer-grade
| Internet) in his neighborhood was actually able to keep
| Internet service running for a little over 24 hours. His
| generator evidently outlasted Comcast's generator and he lost
| Internet on the second day.
|
| I'd love to see neighborhood-to-neighborhood, ISP-to-ISP
| comparisons of Internet connectivity longevity in the event
| of power outages.
| zippergz wrote:
| We have AT&T fiber and it continues working when the power is
| out, at least for longer than my UPSes last. We have a fair
| number of short power outages, and I've never had an AT&T
| outage at the same time.
| asdff wrote:
| Yes. Summer means my AC units regularly trip breakers. If I
| didn't have my networking equipment on an APC I would be
| dropping zoom calls all day.
| Jtsummers wrote:
| I've, historically, kept my cable/dsl/whatever modems and
| wireless routers on a UPS and _almost_ always still have
| connectivity when the power goes out. The only exception was
| during a hurricane, which seemed like a fair exception in the
| scheme of things since power was out for most of the city for
| 1-2 weeks.
| croutonwagon wrote:
| Not really true at all times, but may be for your situation.
| Comcast put gennys on our node recently and it works. So even
| when power goes out, internet stays up.
| kkielhofner wrote:
| For the cost ($99) IMO it can't be beat:
|
| https://store.ui.com/collections/unifi-network-wireless/prod...
|
| I'd like to see something with 6e but these are still
| incredible:
|
| - Fast
|
| - Wide compatibility across devices
|
| - PoE
|
| - Put it wherever you want, doesn't have to be in some closet
| near your modem/router/etc
|
| - Just works. Really. I've run Ubiquity APs for years. Throw
| devices at it, literally never worry about Wi-Fi again. Say
| goodbye to it flaking out, slowing down for whatever reason,
| the occasional reboot, etc.
|
| - Need more coverage? Plug in another AP, couple of clicks,
| done.
|
| I run a local controller in an LXC container (VM, docker,
| local, etc available too) with all local login and none of that
| cloud and phone home stuff enabled.
| rsync wrote:
| One thing I like about ubiquity aps is that you can configure
| them with whichever controller you like and then
| remove/disconnect the controller but the AP still runs on its
| own. For years.
|
| However, I wonder if this is true in either repeated or
| multi-ap setups ? That is, if I configure an AP and then one
| of those wall-mounted directional ubiquity repeaters with
| another AP on the other end ... shared SSID ... can that
| configuration run with no controller?
|
| I would think it could but .. I have not tried...
| thrashh wrote:
| I have a multi-AP setup (but no repeater, all Ethernet
| backhaul) and I've never even set up a controller. I just
| used the iOS app once per AP
| nirav72 wrote:
| Yes. I have two unifi AC pros and two inwall APa. For the
| longest time , I had the controller as just an app that I
| launched on my desktop whenever I needed to change
| something or apply an update the APs. Then I would shut it
| down. Now I run the controller in a docker container , so
| the APs autoupdate. But to your original question, always
| running the controller isn't required.
| Chris2048 wrote:
| I started with ubiquity, but the company seems to be playing
| games (and it annoys me how the latest controllers don't
| properly handle EOL APs a few years old) - So I switched to
| TPLINK Omada - no problems so far.
| hotcoffeebear wrote:
| I am seeing mixed reviews about ubiquity these days.
| EricE wrote:
| Every since they moved their firmware development to Latvia,
| the pace and quality has decreased significantly.
|
| I picked up a couple of Grandstream Wifi 6 APs to try and
| other than the gawdawful update process (that has thankfully
| improved - but you still have to get past the ridiculous
| initial firmware) they are wicked fast and so far a lot more
| stable/consistent than the Unifi counterparts. The unifi
| controller is indeed very slick/pretty to look at, but over
| the years I've come to realize that the "stats" it reports
| aren't very accurate so I'm back to librenms to gather/report
| on my network statistics.
| zzyzxd wrote:
| I am not 100% happy with it but it is the best prosumer
| option I can find without making managing home network a full
| time job for myself.
|
| Security wise it is not great, but I don't think it is worse
| than other consumer products (tplink, netgear...etc). At
| least ubiquiti patches vulnerabilities reasonably fast.
|
| Their cloud infra sucks and the whole data breach / lawsuit
| drama people constantly bring up was all because (I think?) a
| former employee had a static AWS access key with admin level
| access. Small companies are usually not good at dealing with
| internal threats. I don't use the cloud service anyways and
| self-host the network controller.
|
| Now my biggest complain is that I have to manage a mongodb
| 3.x cluster for the controller...
| xxpor wrote:
| FWIW they have a docker option for the controller (what I
| use) and I'm barely aware it runs mongo.
| zzyzxd wrote:
| I know there are community maintained container images.
| "They" don't have an official one though. In fact I run
| it in a container as well, but I configures it to talk to
| an external mongodb cluster.
|
| I need it to be an external cluster with some redundancy,
| so that I can easily backup the database, fix file
| corruption, and deal with other database errors.
| xxpor wrote:
| Yeah, sounds like your deployment is probably a lot
| larger/more serious than my 2 AP at home deployment then
| ;)
| deelowe wrote:
| I have an odd issue that clients on the AP cannot communicate
| with clients connected to the switch. As far as I can tell,
| this is nothing something in the switch or ap configuration.
| open-paren wrote:
| I just swapped out my Ubiquiti Dream Machine for an eero Pro
| 6e because the UDM kept needing a hard reboot in the middle
| of the night and was very, very noisy. It's the only consumer
| router I can think of that both needs a fan and idles at 80.
| jaywalk wrote:
| You must have had defective hardware. I can never hear the
| fans on my UDM Pro, and it idles right around 40.
| open-paren wrote:
| It was a non-pro model. From my limited research a while
| ago, I came to the conclusion that it's common among the
| non-pro models.
| linsomniac wrote:
| I had started down the path of going all Ubiquity ~5 years
| ago. I started with cameras and their camera controller. It
| was super flaky, when everything was working, it was great,
| first class app experience. But any time the cameras rebooted
| (power outage, firmware upgrade), I would literally spend
| days with some cameras offline, until multiple reboots of
| impacted or all cameras would eventually fix it.
|
| Then, a few years in a firmware upgrade to the switch (their
| 250W PoE switch) caused it to start isolating my Google WiFi
| APs because it would do some loop detection. An hour on the
| phone with their support (which in that instance was really
| good) resulted in a a prognosis of "This particular loop
| detection can't be turned off." So I had to drop a dumb
| switch in front of the Ubiquiti for the Google APs. I was
| considering replacing them with Ubiquiti, but needed to run
| some more wire throughout the house to get what I needed.
|
| Then I ran into a firmware upgrade that bricked 3 of my 4
| cameras. After going back and forth with their support and
| getting nowhere, I just gave up. I had replaced the
| controller with the CloudKey G2 at one point because the old
| one was no longer supported, and it seemed to help with but
| not totally resolve the days of rebooting cameras situation.
|
| Honestly, having the cameras bricked was a relief, because of
| all the consternation that the firmware updates had been
| causing. I just couldn't bring myself to buy new Ubiquiti
| cameras.
|
| I ended up pulling out all the Ubiquiti hardware, replacing
| it with $200 4K very low light cameras that are just amazing
| (rebranded HIK Vision, "Montavue"). I'm using BlueIris for
| the camera controller, which is fine. Still using the Google
| WiFi, which continues to work great. I have 4 APs (one in
| router role, 3 spread around the house).
| dano wrote:
| I've deployed Unifi equipment in a number of small home and
| office environments without any problems at all. Some have
| been running for a decade or more. Management is a piece of
| cake and in homes it has high SAF (Spouse Appreciation
| Factor) because it just works.
|
| If you have questions where you think I can help, drop me an
| email.
| EricE wrote:
| Just don't upgrade your firmware unless you have a damn
| good reason to and you will be fine with UBNT stuff. It's
| borderline criminal that automatic updates are turned on by
| default :p
| mbesto wrote:
| Been using for 6+ years now. Around ~10 APs purchased. I've
| never looked back.
|
| I think the mixed reviews are from HN where people are
| complaining about their security posture (for good reason).
| gurchik wrote:
| What about their security posture?
| jjoonathan wrote:
| Is this a situation where one company decides to break
| from the pack and care a little about security and then
| social media dogpiles them for not doing more?
| tablespoon wrote:
| > Is this a situation where one company decides to break
| from the pack and care a little about security and then
| social media dogpiles them for not doing more?
|
| I believe they did something like force cloud-login with
| some software update a few years back.
|
| They also apparently were downplaying a major security
| incident, and sued Brian Krebs for reporting on it:
| https://arstechnica.com/tech-policy/2022/03/ubiquiti-
| sues-jo....
|
| I have some Ubiquiti stuff, and it works fine, but I've
| been meaning to look deeper into all this, but I just
| haven't had the time. I just stopped updating the
| controller software (none of their gear is external-
| facing, and IIRC it's only needed for
| configuration/management) because cloud login is an
| absolute dealbreaker for me.
| twblalock wrote:
| You can turn off the remote login. It's encouraged as the
| default, but not necessary.
|
| Even the local login, from a device on the network, can
| be set up to require two-factor auth. That alone makes it
| more secure than a lot of consumer-grade stuff which only
| requires a password, which is often never changed from
| the default.
|
| I'm happy with my Unifi Dream Machine as a one-device
| home network. I thought about getting rid of it a while
| back when some bad press about Unifi security was
| published, but it turns out it was fake news and Brian
| Krebs has lost all credibility in my eyes for continuing
| to promote it even after it was debunked.
| tristor wrote:
| > I believe they did something like force cloud-login
| with some software update a few years back.
|
| No, what they did was update the software to prefer
| cloud-login and push you to set it up during onboarding
| for new products because they use cloud-login for remote
| management and anti-theft/device tracking.
|
| It's always been entirely optional. I just set up a new
| network because I moved and gifted my previous network to
| the buyer's of my prior home. I'm still using local
| accounts only with no remote management, and it works
| perfectly fine on the latest generation of Ubiquiti gear
| with the latest firmwares. The only thing I login to my
| UI account for is to use the store and buy hardware.
|
| The other thing with Brian Krebs was a faked security
| incident by an insider who was trying to extort money
| from Ubiquiti and Brian Krebs played the fool by
| assisting them.
|
| Granted, there are /many/ issues I have with Ubiquiti,
| but generally speaking if you use local accounts and keep
| the firmware updated it is no worse than any other edge
| networking device exposed to the Internet.
| tablespoon wrote:
| > No, what they did was update the software to prefer
| cloud-login and push you to set it up during onboarding
| for new products because they use cloud-login for remote
| management and anti-theft/device tracking.
|
| Was that all? Did they add telemetry or something else? I
| had read that I'd need to edit some text config file or
| something to opt-out of something I didn't want, because
| they provided no option in the UI.
|
| I believe this might be what I was thinking of: https://w
| ww.reddit.com/r/Ubiquiti/comments/fhlowt/where_is_t....
|
| I took a wait and see before I sorted it all out (since
| none of their stuff is external facing on my network),
| and haven't gotten around to it.
| drewzero1 wrote:
| No, I think GP is referring to their big data breach last
| year[0]. From TFA linked in that discussion:
|
| > the attacker(s) had access to privileged credentials
| that were previously stored in the LastPass account of a
| Ubiquiti IT employee, and gained root administrator
| access to all Ubiquiti AWS accounts, including all S3
| data buckets, all application logs, all databases, all
| user database credentials, and secrets required to forge
| single sign-on (SSO) cookies.
|
| It has shaken a lot of people's confidence in Ubiquiti's
| internal security practices.
|
| 0: https://news.ycombinator.com/item?id=26638145
| TheRealYeti wrote:
| We've been running 4x UAP AC Lites unattended with no
| controller via Ubiquiti Toughswitch for 5 years and have had
| zero issues.
| WorldMaker wrote:
| This was partly why I recommended Amplifi to my parents. I like
| that Ubiquiti finally has a consumer brand this is mostly "off
| the shelf" configured.
|
| I don't think Amplifi is getting enough love in the consumer
| market today. I know anecdotally when walking my parents
| through the Amplifi purchases I had to ask a Best Buy employee
| to leave and stop confusing my parents because he didn't
| understand why anyone would want the "weird new" Amplifi brand
| and not "the better brands" Google Home or Netgear Orbi. I
| didn't feel like explaining Ubiquiti's decades in Enterprise to
| the kid.
|
| It doesn't help that Ubiquiti has had some recent troubles, and
| I'm still not sure even Ubiquiti knows what the long term
| horizon looks like for Amplifi products. But I appreciate that
| they _are_ trying to make headway in the consumer space, and
| that from what I can tell the consumer products _do_ show the
| experience from Enterprise products.
| gorkish wrote:
| Amplifi has a poor value prop ever since UDM/Dream Router
| became a thing, although I previously recommended it for the
| same reasons you do.
|
| It would be nice to have a less complex app/frontend
| management interface for less tech-savvy end users -- if you
| could use the Amplifi app to see status and do basic
| troubleshooting on an Unifi network for instance--
| m_eiman wrote:
| Related: what's the current best option for those of us who like
| old UniFi's ease of use, but don't like new Unifi's "use our
| cloud, or else..." attitude and the constant firmware issues?
| zapt02 wrote:
| As far as I know you can set up a local UniFi management point
| using using the latest version of the Cloud Key Gen2 Plus
| firmware. However you won't be able to use Unifi Protect (the
| security camera offering) as that still requires a cloud
| account to set up. But once you have set up the cloud account
| you can revert back to local-only operation and no video data
| leaves your LAN.
|
| https://community.ui.com/questions/BUG-USG-PPPoE-or-Static-I...
| VLM wrote:
| The firmware issue is probably very individual device
| dependent. I remember the old USG plus an old cloud key (both
| no longer sold for a long time) had some stability issues maybe
| two or three years ago if you enabled every possible monitoring
| feature simultaneously, that issue is long gone. UniFi is much
| like MS or IBM in that they sell such an incredibly wide range
| of products its quite possible our experiences have nothing in
| common.
|
| The original cloud key is quite slow but totally usable;
| there's a docker container and running on anything faster than
| a Pi its quite fast and snappy.
| giuliomagnifico wrote:
| Some Ubiquity devices support OpenWrt:
| https://openwrt.org/toh/ubiquiti/start
| dotBen wrote:
| UDM Pros include their own local Unifi management runtime which
| will administer the full local network.
|
| After the security incident a few years ago, Ubiquiti pushed an
| update that let's you login to it via a local credential rather
| than their cloud identity server.
|
| I don't see anything in UDM Pro's Unifi that is dependent on
| their cloud (other than checking for updates)
| tristor wrote:
| > but don't like new Unifi's "use our cloud, or else..."
| attitude
|
| They don't have this attitude and never have. You can use local
| accounts, have always been able to use local accounts.
|
| The only thing out there that's better than Ubiquiti is actual
| enterprise gear, all of which now requires subscription
| licensing. Unfortunately if you want a buy once / cry once
| solution for prosumer usage, Ubiquiti is the best option. I
| hunted for alternatives several times, and nobody is
| competitive. Microtik is the next closest option, but it's
| frankly garbage and with bigger security issues.
| unethical_ban wrote:
| They heavily push their cloud management, apparently tried
| doing required cloud logins for their UDMs (implied in
| another comment), and 100% require you to purchase their
| hardware or use their cloud for Unifi Protect. In the past,
| one could run the Protect software on their own machine.
|
| Ubiquiti is the least smelly networking solution in a room
| full of really smelly options. They are not consumer friendly
| like they used to be.
| tristor wrote:
| > Ubiquiti is the least smelly networking solution in a
| room full of really smelly options.
|
| Agreed entirely. Unfortunately this is a market that's not
| well served because there's a lot more money to be made
| just shoveling consumer garbage out or putting small
| businesses over the barrel with subscriptions rather than
| offering a proper prosumer product.
| EricE wrote:
| No one (at least that I have found) has as mature/slick looking
| a controller as Unifi. And once I realized that I rarely
| changed settings for my core network, particularly on my AP's,
| I really started to broaden my search. A friend turned my onto
| the Grandstream APs (I thought they only did phones?!?) and I
| have to say so far I'm really impressed. They are a bit uglier
| than the Unifi UFOs and the update process for the firmware
| that shipped with them was an utter nightmare to figure out -
| but now that I'm past that I'm very pleased with them. They
| seem to be a lot faster and more stable than the Unifi
| equivalents. I've set up a lot of UBNT kit, been heavily
| involved in the forums and their beta products - but the
| quality and timeliness of firmware updates has really fallen
| off the last five or so years. Unsurprisingly about the same
| time they shipped all the firmware coding overseas. One of the
| biggest reasons I was a huge proponent of them was the constant
| and tight interaction of the developers in their community
| forums. That also fell off a cliff around the same time. The
| market is ripe for someone else to step in.
|
| Surprisingly Cisco, with their small business line, has one of
| the better looking contenders. No subscription - and I didn't
| need anything (not even an email) to download firmware updates
| or the controller (!!) Not your fathers Cisco! Their controller
| lags Unifi, but not by much. I scored a router and switch off
| of ebay just to dabble and it was pretty promising. I haven't
| looked at it for a while; I probably need to fire it back up
| and see if it's matured any. In the end for firewall I went
| back to OpnSense. Unifi switches are OK but their one year
| hardware warranty, frankly, sucks. If I were to by new switches
| I'd probably just go back to netgear. Their lifetime warranty
| is pretty hard to beat. I've had them replace 10 year old
| switches with nary a blink of the eye so it's not just lip
| service.
| jnsaff2 wrote:
| None is probably the "best option" but this is the evolution I
| went through in the past few months:
|
| 1. had the UDM for about a year, then at some point found out
| that some firmware update had completely trashed 2.4GHz wifi.
| Like you can connect to it but if you transfer more than 1MB or
| so it just hangs, reconnect works but basically unusable, 5GHz
| works fine but in my house the office just did not get good
| enough coverage. Like, dude, you had ONE JOB!
|
| 2. Bought a Ruckus AP and an Mikrotik hEX S to do routing. Wifi
| is better but office still did not have good enough coverage.
|
| 3. Finally gave up and just ran some CAT 6A from the router to
| my office. Night and day.
|
| From my research Ruckus gear is really good and requires no
| controller nor cloud connectivity whatsoever but expensive.
| Mikrotik is nice for wired stuff, but mostly quite dated for
| wireless, also they still carry a lot of their previous
| generation gear .. a lot of it has really wimpy CPU's, so do
| some research. Also the configuration can be a bit involved,
| tho lot of internet advice on a decent setup.
| vetinari wrote:
| I've switched to Mikrotik, for routing and switching. With
| wifi, Mikrotik still doesn't have good AX offer, so I kept
| nanoHDs for the time being.
|
| It is more complex, you have to get used to Winbox, but after
| that, there's no way back to Unifi. There are no dashboards
| that look nice in screenshots, but on the other hand, the stats
| provided make sense.
|
| But wrt firmware issues, Mikrotik also has occasional one.
| PenguinCoder wrote:
| If you want fancy dashboards, I'd suggest using a different
| product for that purpose. Can enable SNMP on the Mikrotik
| devices, and let something like Munin do the graphing for
| you.
| vetinari wrote:
| Nah, I'm fine with few windows in Winbox. Fortunately,
| Winbox remembers what was opened last time, so that's my
| dashboard.
| wiradikusuma wrote:
| Does anyone know a "for dummies" guide for setting up home
| network, esp. for "smart" home (CCTV, smart TV, speakers, Google
| Home)?
|
| Not only software-level, but "hardware" e.g. best location,
| enclosure, cabling, etc.
| jamiegreen wrote:
| Definitely also need this. I am too dumb to understand this
| setup haha
| Fabricio20 wrote:
| I want to share my small take on this, from someone who runs a
| decent smart home setup. You want to avoid cloud stuff, if you
| keep that in mind a lot of options you can just exclude and
| your horizon becomes limited (in a sense) - but you get the
| best parts!
|
| If you have a strong 2.4GHz wireless network already (a proper
| mesh system in your home), look into having your smart stuff
| run over wireless, no point in having zigbee. If you don't have
| a strong wireless network, first consider getting one, else
| look into zigbee devices.
|
| Run home assistant, doesn't matter what devices you want to
| have on your network, home assistant is a must for a decent
| smart home experience. You can run it on a raspberry pi 3b+ or
| a spare server in a docker container. Spare server is faster
| but the pi can handle it.
|
| Setup all your devices to talk to home assistant, then make
| home assistant expose the devices to Google Home or Alexa,
| instead of directly exposing the devices to the cloud services.
|
| Smart TVs are not good, my experience with LG and Samsung has
| been of ADs and abandoned software, instead get a good TV
| (image quality, etc..) and plug a Mi Box or Roku or Amazon
| Firestick into it.
|
| CCTV is a mixed topic, you can go the closed circuit camera
| option (NVRs and suff) or you can go with ip cameras. Just
| don't use wireless cameras, everything wired for this.
|
| If you want some hardware brands and comparisons, check out The
| Hook Up on youtube for the specific topic. I can vouch for
| Sonoff, Shelly, Reolink, etc..
| archi42 wrote:
| I'm not happy with ZigBee: Only a single, flaky edge between
| two floors means one floor sometimes craps out and can't be
| talked to by the coordinator/home assistant. The WiFi devices
| (Shelly&Sonoff) are much better thanks to great WiFi (3
| indoor APs, one outdoor).
|
| However, we have a few ZigBee remotes/portable buttons and
| sensors (motion and temperature/humidity), which are a great
| addition. I already know where to put another ZigBee router
| to finally make that floor reliable. But I can only do so
| once my SO&I agree on what fixture to put there, and that's
| complicated ;-)
|
| Maybe look at the nVidia Shield as a more privacy-friendly
| alternative to FireTV et al. (at least that's what Mozilla
| says). Sadly it's pretty expensive.
|
| Can't say anything about NVR.
|
| The remainder I can totally agree with. If I unplug my modem,
| only thing lost are weather report and mower bot control.
| bilal4hmed wrote:
| Anyone have experience with TP-link omada. The cost to set up
| Ubiquiti ( not to mention space for racks etc ) is just to much.
| I have gigabit internet so the UDR is out of the question for me.
| I wfh so I just need something that is solid and works ( I tend
| to run the same equipment at my parents house as well )
| gre wrote:
| I have been happy with the TP-Link AXE-5300 mesh three-pack
| that I got from Costco for $300. The wifi 6e is slightly
| disappointing as my Samsung devices tend to pick the wifi 6
| network instead. It's been reliable the whole time.
|
| Currently I'm using: ATT fiber modem, Mikrotik
| CRS354-48P-4S+2Q+RM for PoE+, tplink deco axe5300
|
| https://www.amazon.com/gp/product/B087X7KNWS
|
| https://www.amazon.com/TP-Link-AXE5300-Tri-Band-Whole-Home-S...
| bilal4hmed wrote:
| thank you :)
| dont__panic wrote:
| I see that Giulio here has attained an A+ buffer bloat rating for
| his or her home network. I've tried this in the past with limited
| success, mostly because I don't want to introduce another failure
| point (dedicated router, separate from wireless access point) to
| my network.
|
| Am I being silly? I'm concerned about what could happen if
| there's a failure when I'm not home to maintain everything, since
| I'm the only person who can or wants to work with this equipment.
|
| I'd love to reduce my buffer bloat to improve the quality of my
| my video and audio calls. But I'm not sure it's worth it. Or if
| the results in this post demonstrate an average use case with a
| crappy ISP.
| giuliomagnifico wrote:
| There're lots of variables, like tour internet speed, your
| hardware, etc.. OpenWrt is great at managing bufferbloat, and a
| router + AP is not a +1 point of failure, if you consider that
| I can switch or turn off the AP but I can leave the home
| internet online.
|
| Anyway I leave alone but With a VPN you can manage your home
| LAN from everywhere. I've done a similar setup for my parents,
| when they call me saying "we don't have internet" I can simply
| check what's going on, I wrote a post here:
| http://giuliomagnifico.blog/networking/2022/07/21/setting-up...
| master_crab wrote:
| Not sure if it's mentioned in the webpage but the biggest
| possible issue with this WG setup is if the ISP's DHCP
| changes your endpoint IP (or worse, the ISP double NATs their
| customers).
| giuliomagnifico wrote:
| I'm using DDNS to retrieve the IP every time it changes,
| it's mentioned in the article. I set the IP endpoint to
| xyz.duckdns.org not to the IP
| kkielhofner wrote:
| If your router+ap supports OpenWRT you can reflash and have
| best of breed QoS up and running in a few clicks via the Luci
| web interface that IMO is vastly superior to the goofy web UIs
| that come on SOHO routers.
|
| Bonus is OpenWRT also seems to be much more stable than
| manufacturer hardware as long as your hardware is well
| supported. Plus you don't have to worry about your manufacturer
| no longer supporting firmware on your model and OpenWRT is much
| faster to respond to the occasional security issue, etc.
|
| OpenWRT has gotten some flak over the years by leaving devices
| behind when they no longer have enough flash and/or RAM. That
| said OpenWRT is likely going to support your hardware longer
| than the manufacturer will.
| dont__panic wrote:
| I have a router similar to the router in the linked post, and
| OpenWRT was a mess on there. Turns out that my router was
| saddled with a crappy processor downgrade at some point after
| initial release, and I got one of the crap CPUs.
|
| OpenWRT didn't even support the CPU by default, and when I
| managed to get OpenWRT on there, I had serious QoS problems
| because the CPU wasn't up to snuff. I liked OpenWRT a lot but
| it was a really frustrating experience.
| EricE wrote:
| to be fair, the real problem was the crappy hardware you
| tried to run it on - not OpenWRT :p
| [deleted]
| 404mm wrote:
| Should the flow be described as:
|
| Internet -> Modem -> router -> managed switch - access point ?
|
| Anyway, thanks for sharing the setup. I love how everybody here
| has a different takeaway from this. For me, it was nanoPi. I just
| ordered R4SE for my tinkering with OpenWrt.
|
| I have a symmetric fiber gig connection that is quite stable but
| I'm thinking about getting a secondary connection from a
| different provider. My "dream" is to have HA (active/passive)
| routers that can fall back on the backup (slower) line and back
| when there's need. The rest of my HW is small and spread out
| throughout a house than not a single failure will severely affect
| my home.
| giuliomagnifico wrote:
| > Internet -> Modem -> router -> managed switch - access point
|
| Yes, also. depends if you are in download or upload =) be
| careful with the R4SE (the model with inside eMMC storage), I
| don't know if the R4S OpenWrt build will run also in the R4SE.
| 404mm wrote:
| I checked their wiki before ordering and they sort of
| consider the SE model as a newer revision of R4S. So I'm
| hopeful. It if that doesn't work, I'll find some other use
| for it. Anything that does not run the Chinese flavor of
| Ubuntu or WRT lol
| giuliomagnifico wrote:
| The only difference is the SE has the 32gb emmc inside and
| I'm skeptic that OpenWrt will run fine, surely it will not
| recognize the internal storage. Anyway you can use the
| FriendlyElect WRT, basically it's an old release of OpenWrt
| with some customizations.
| ryandrake wrote:
| Very useful, informative and timely! I'm moving into a different
| house soon, and this has given me the motivation and opportunity
| to update my outdated consumer modem/router/wifi hardware. I'm
| still living in the past with 802.11n! At my old home, I
| personally ran ethernet to each room, but I'm older now and the
| thought of crawling around in a dusty crawlspace drilling holes
| and running cords no longer appeals to me like it used to. I'm
| almost ready to swallow my pride and accept the heresy that WiFi
| might be good enough, now that we are in the world of 802.11ax. I
| also like OP's choice to separate their router/switching hardware
| from their AP hardware. Might go down that route too.
| kcb wrote:
| The primary factor for Wifi performance really is congestion.
| My Wifi in a rural location performs way better with just the
| isp router than my multi access point setup in a fairly tight
| suburb. So far there's just no way around that except temporary
| fixes with new bands like with Wifi 6E.
| causi wrote:
| _I 'm almost ready to swallow my pride and accept the heresy
| that WiFi might be good enough, now that we are in the world of
| 802.11ax_
|
| Wireless is fine if it's only half of your loop. For example,
| suppose you want to stream a game from your powerful
| computer/console to your phone/tablet. There's a perceptible
| difference between having just the receiver wireless and having
| the sender and receiver both wireless.
| blurrybird wrote:
| Please look into CAKE to replace your SQM configuration. Dave
| Taht and the team have done some incredible work on this through
| their bufferbloat.net project.
| giuliomagnifico wrote:
| Yes I'm using CAKE on the OpenWrt router/WAN interface. The
| screenshot is only the switch SQM.
| logotype wrote:
| I'm currently running a Cisco ASA 5540 as the perimeter device
| (with NAT and DHCPD) at home. Replaced the stock fans because it
| was seriously noisy. Getting about 920Mbp/s. Also running a site-
| to-site VPN to AWS. It's been working great for many years with
| absolutely no issues whatsoever. The only problem is that it's
| starting to show some ageing with no firmware updates since 2018,
| so I'm replacing this with a recent Palo Alto Networks NGFW with
| 1+ Gbp/s firewall capability. The FW is then connected with OM3
| fiber to a SFP port on a 48-port gigabit Cisco switch (2960G),
| with trunking ports to other managed Cisco switches in the house.
| The server is connected to the switch using 4 ports in LACP mode
| for better bandwidth and redundancy. If you can live with the
| noise I highly recommend old enterprise gear as it can be found
| for cheap.
| aliljet wrote:
| Out here in the Bay Area, I've been trying to figure out how to
| efficiently (and interestingly) use a 10gbe FTTH symmetric setup
| from Sonic. It's surprisingly hard to find anything for the
| thrifty consumer that can consume this kind of connection. I'm
| curious if there is something like the nanoPi R4S targetted at
| the 10gbe world.
| newman314 wrote:
| I was just waiting for a comment like this as I anticipate
| getting the 10G at some point.
|
| From what I've been able to tell, at 10G speeds, you pretty
| much have to build your own. Currently, I'm planning to get a
| SFFPC, stick a quad port 10G card in it, maybe run ESXi, router
| OS TBD: VyOS, DANOS, OpenWRT?
| sliken wrote:
| 10gbe and thrifty is at least for now not a good match.
|
| Could put in a PCIe dual x 10GBe card into an old PC and if
| that's not enough ports buy a vlan capable switch with a 10GBe
| uplink and enough 2.5gbe/1gbe ports for your needs.
| stephen_g wrote:
| I've been thinking about using maybe Netgate hardware running
| pfSense in an business setup. Apparently the 1537 model [1] can
| do over 10 Gbps routing and firewall according to their
| marketing tests. Base model is a bit over two grand in USD. But
| probably not super 'efficient' throwing a Xeon at it and not
| especially thrifty.
|
| It looks like a branded generic Supermicro machine but seems
| convenient to get it out of the box and the price doesn't seem
| bad considering what's in it.
|
| 1. https://shop.netgate.com/collections/rack-
| appliances/product...
| btgeekboy wrote:
| Saw that they're using a NanoPi - I just picked up an R5S (dual
| 2.5gbe + single 1gbe) and it's a pretty neat device. Haven't done
| any significant benchmarks yet, but I was able to use the
| FriendlyElec wiki to build FriendlyWRT and run it, which makes me
| feel a little better about running no-name hardware out of China.
| vachina wrote:
| The last thing you'd probably want at home is a whiny
| router/switch/IoT device.
| danesparza wrote:
| Huh? I have a pfSense firewall, a 16 port PoE switch, and
| several MacBook mini servers. All in the living room. They are
| all essentially silent (since that was a hard requirement for
| me). Silent (and good) gear definitely exists for spaces that
| require it.
| vladvasiliu wrote:
| True, especially if the setup is directly in the living space.
|
| I'm not familiar with any of OP's components, but it's
| absolutely possible to have a silent setup.
|
| In my case, I have an HP EliteDesk (salvage from work) that
| does the routing, etc, which is dead quiet, and it's connected
| to a fanless Brocade (Ruckus) switch. There's no coil while or
| anything. The most annoying parts are the blinking lights,
| which I fixed with some red tape.
| giuliomagnifico wrote:
| Whiny? There's no noise, it doesn't make any sound (no moving
| parts/fans, including electrical noise)
| ufo wrote:
| While we're on this topic... What's the deal with having multiple
| wifi access points with the same SSID? I have heard some people
| say you should always use a single SSID because the clients know
| how to automatically pick the best one. But I have heard others
| disagreeing and saying that to ensure you're using the right
| access point you need to use different names for each one and
| also 2.4ghz vs 5ghz. Anyway, who's right here?
| dsr_ wrote:
| All five APs in the house use the same SSID. Four of them have
| both 2.4 and 5Ghz radios; they use the same SSIDs. All of them
| are connected via ethernet to the switch.
|
| It all works very nicely.
| cmer wrote:
| You should use the same SSID for 2.4GHz and 5GHz. You should
| also use the same SSID for all APs _if_ they support roaming.
| Unifi does, for example. If you just get two random independent
| wifi routers, they won 't and you might stay connected to the
| wrong antenna for a while.
|
| https://community.ui.com/questions/Wireless-LAN-Roaming-FAQ/...
| unethical_ban wrote:
| Some cheap IoT hardware seems to be incapable of connecting
| to a mixed network, and I have had to have a dedicated 2.4
| only SSID for them.
___________________________________________________________________
(page generated 2022-08-15 23:02 UTC)