What's new

Network Advice

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

rk13

New Around Here
[COLOR=rgba(0, 0, 0, 0.701961)]Hi,

I'm a student at UC Berkeley currently living in a fraternity house with about 30 others. We recently set up a new network here but it's not performing well and was hoping that someone would be able to point me in the right direction. I think our biggest problem is the router we currently use but I'm not sure.

Comcast is our ISP and I think we are on a plan right now that's 100 Mbps. We have a Motorola SB 6141 modem and a
TP-LINK TL-R600VPN router. We have 2 Ubiquiti Unifi APs connected to the router and a TP-LINK TL-SG1008PE switch with an additional 6 Unifi APs connected to it (for a total of 8 APs). The house is 3 stories with the majority of people living on the 2nd and 3rd floors. Because of that, there are 2 APs on the first floor and 3 each on the 2nd and 3rd. Everything is connected via CAT6 cables that were put in place less than a year ago.

The network performs well during off hours when not many people are on it. However, with around 30 people living here and each person having multiple devices connected to the network, it slows down to a pretty much unusable speed during peak hours. The network used to have a total of 6 APs (each floor had 2) and we thought that maybe they were becoming congested so we added 1 more to each of the top 2 floors. That didn't solve the problem or really even make it slightly better, which is why I believe that the router is the main source of the problem (although now that I think about it, the switch could be a problem too). Am I correct, or is there something that I've overlooked?

If the router is the main culprit, which router do you recommend we buy? I was looking at the tables on SmallNetBuilder and was thinking that we should go with the Netgear FVS336G-300 (assuming that replacing the router would make a significant difference). However, we are on a budget so I was wondering if the Ubiquiti Edgerouter Lite would suffice for our situation.

Thank you all for your help,
Riley[/COLOR]
 
Nice network - nice campus... I'm more of a Titan's fan, LOL...

Go UCSD!!!

Might consider a couple of more AP's - the router itself is fairly robust, but in dorms it can get a bit busy on the WiFi these days - this is all based on my son's experience - but UC is odd, so the AP's need to be behind a NAT, and the campus network cops might frown on that..
 
Thanks for the reply. I'm not in the dorms, however, so I'm not sure that the same applies. Also, I'm very inexperienced with this so I'm not quite sure what it means to be "behind a NAT." Anyway, I thought that it couldn't be a problem at the level of the APs because adding the 2 extra didn't help the situation - do you think it's definitely the APs or could it be something else?
 
You've tried just throwing more APs at the situation. Now you're going to need to do some network analysis to see what the real solution is.

The good news is you're using UBNT APs. So use the reporting / status tools there to see how many clients are associated per AP. I think Ubiquiti lets you limit # of clients per AP and you will need to do that for busy APs.

How many devices are in use? If it's more than 255, you could be exhausting your DHCP pool if you are using the typical default Class C subnet.

It doesn't take too many smartphones/ tablets with 1x1 radios to exhaust available bandwidth. You may need to enable band-steering to move dual-band capable clients to 5 GHz.

You many also need to put per-client bandwidth limiting in place. 20 people doing an HD Netflix stream just about eats up your 100 Mbps downlink pipe. You'll probably also need to look for the bandwidth hogs and have a chat and/or put bandwidth limiting in place.

You're running a busy small network, with bandwidth hungry users. You need to approach the situation like a pro network admin.
 
Is there a different type of router that isn't a VPN router that would work better? We purchased this one because at the time it was one of the highest ranked routers on SNB at an affordable price.

I'd estimate that there are about 100 devices connected during peak hours. The reason I'm confused (and didn't think it could be a problem with APs) is that the documentation for the Unifi APs says that they should each be able to handle many clients. I can check how many clients are connected to each AP using the GUI but I'm not really quite sure what that information should lead me to do. I'd love to handle this like a network pro although I'm just an amateur who's not really sure what his plan of action should be.
 
Is there a different type of router that isn't a VPN router that would work better? We purchased this one because at the time it was one of the highest ranked routers on SNB at an affordable price.

I'd estimate that there are about 100 devices connected during peak hours. The reason I'm confused (and didn't think it could be a problem with APs) is that the documentation for the Unifi APs says that they should each be able to handle many clients. I can check how many clients are connected to each AP using the GUI but I'm not really quite sure what that information should lead me to do. I'd love to handle this like a network pro although I'm just an amateur who's not really sure what his plan of action should be.
Realistically no AP can handle more than 20 active clients per Radio. Reasonably well.
The UAP spec of 100 is for devices connected but not transmitting as well as using only other Ubiquiti client stations.

Let's clean up the WiFi to start.

First things first, do you have a dual band UAP-pro/Ac or just the standard UAP.

Second, you must take the APs off of auto channel. Set up a plan only using channels 1,6,11 on 2.4ghz where no two adjoining devices share the same channel.

Third, reduce the power levels of the AP from auto to medium first. You are probably getting co-channel interference. The only true way to test this though is to do a site survey.

On the subject of routers.
The router from tp-link sized for your needs is the tl-er6120.
There are many other options but the best way to test if the router really is the issue is to have a wired client connected during periods of congestion on the same switch the access points are using as an uplink.
If the issue persists to the wired client, replace the router as well.
If not, do some more trouble shooting on the WiFi.

Edit:
If you really want a router with a bit more "oomph" on the cheap, Ubiquiti has a line of routers that for most applications, can route at full gigabit.
Mikrotik, also has quite a few although I personally try and stick with the RB850 and up. Definitely harder to work with than Ubiquiti.
If you have any CS majors in the dorm, consider buying a used Cisco 2821 on eBay.
 
Last edited:
Hi rk - taking cloud's points into consideration, make sure you do whatever is necessary with your wireless config to ensure each AP has an appropriate load, including repositioning and/or even adding more APs. If all the residents were home with a few active wifi devices each, and each had a guest, or there was a party full of people, you're looking at perhaps 150-200 clients across all 8 single-radio APs: about 25-30 clients per AP. Certainly not a trivial number, which could be made worse if a couple of APs were under higher load than the others for whatever reason (poor channel/balancing config, skewed floor plan, etc.).

Assuming the previous is troubleshooted, we might turn to the router. While SNB's R600 test showed limits of 30,000 sessions and 350+Mb/s aggregate routing, that doesn't mean it's really built or optimized to run anywhere near those numbers with any kind of consistency. In fact, TP-Link advertises 120Mb/s NAT and 10K sessions. I don't know what your upload speed is, but at 100Mb/s down and, say, several hundred active connections per dorm resident, you're well on your way to maxing out the capabilities right there. Then add to that a lack of properly-running QoS and the R600 may indeed be your culprit.

IMHO, to route that kind of traffic reliably, you'll want something that is designed to route/NAT at least 25-50% faster than your aggregate WAN speed (down + up in Mb/s) and handle enough connections, for proper breathing room, as well run effective QoS without bottoming-out performance. You might have luck with ARM-based consumer boxes, but in my opinion the results can be quite a mixed bag, especially for novices just wanting something that works. Beyond that, you're looking at stuff like other "SMB" routers (beefier TP-Links/Cisco RV/Linksys LRT/Netgear FVS -- feedback varies widely, definitely buy-and-try), UBNT/ Mikrotik (attractively cheap at first but high skill required), Peplink (pricey), UTMs (pricey, moderate skill required), DIY firewalls (pFsense, etc; somewhat pricey for your needs, skill required). And a bad config could make even the fanciest of those choices run like crap, so again I'd urge you to grab a buddy on campus to help out if you can find someone.
 
Last edited:
Echoing Trip,
To start off with the easiest way to do channel planning, use the map function in the Unifi dashboard.

It should look something like this:
zdUVjVf.png
 
Thanks again for the replies. It makes me happy to see that there are people out there willing to go out of their way to help me.

We have the UAP, not the Pro. I've set the channels to 1, 6, and 11 and made sure that none of the APs near each other have the same channels. I've also put all their strengths on medium. I'll wait until the network slows down and plug in to the switch to see if it's still slow and the report to you guys.
 
If the router is the culprit there are better routers at managing a large number of users. PFsense has firewall, QoS and you can use a web proxy cache to reduce the amount of bandwidth used if you would even cache downloads and media content. In an environment of students, a lot of them will be doing the same things and downloading the same things so having a large hard drive as a web cache can significantly reduce your web traffic. You could have 2x 1TB disk drives in RAID 0 giving a total of 2TB would be enough to cache all web traffic including videos with a few days of expiry and fast enough to cope with gigabit speeds. Important bit here when choosing your hardware is not to use realtek NICs. Intel server NICs are the best here but other NICs are good too such as marvel, broadcom and atheros NICs that have hardware offload and other hardware capabilities. Pfsense has a lot of interesting features including RADIUS server and some protection aside from firewalls.

Mikrotik has a web proxy too which you can use with cache but the web proxy on mikrotik routerOS isnt as good as pfsense however you can get a really fast router like the RB1100AHx2 and fill it full of rules and it will do 100Mb/s of NAT with all the rules you need. It will also do the same speed in VPN. There are faster routers from them but i think the dual core PPC router at 1Ghz is the slowest that your network can use if you need hundreds of QoS and firewall rules. They require a lot of skill and are really good as a pure router but there is no support if something goes wrong. The only support you get from them is hardware warranty but they are the cheapest in price/performance and are really great as pure routers.

ubiquiti have dual core 64 bit MIPS edgerouters and may not be as good as a router as mikrotik but you can make use of the underlaying linux OS for other things. It may not do that well with heavy configs and features but is easier to configure than mikrotik. You do get a little bit more support than mikrotik but only on the forums from proactive fans. Mikrotik customers are more of the do not care type (such as small ISPs around asia who run hotels) and will point to experts for hire for any support. The minimum model would be the edgerouter POE-5 since any lower is either too slow or too problematic.

UTMs are great to give your network some protection and you can get embedded or as an x86 OS however they have licenses. If you want a UTM make sure to get one that has features that pfsense doesnt if you want the protection.

Peplink is very pricey for price/performance but you do get support however i am not sure if their routers are suited for your network. Their focus is on multiWAN and VPN over multiple WANs.

You can get a real enterprise router like cisco, juniper which would be expensive but you would get their full hardware, software and support. Make sure you're looking at their enterprise models and not their lower end ones for consumers such as the ciscoRV which is a VPN router and very unstable.

If your needs arent that heavy you can get a dual core ARM A9 router and use 3rd party firmware on it. Netgear has good hardware in this regard such as the R7000 while ASUS has the AC68U and AC3200 to offer. The importance is that you need to check if they support a 3rd party firmware such as RMerlin, openwrt and tomato choosing the ones based on features and performance. Some have used the netgear r7000 in crushing network stress in AP modes so it is an alternative to consider if your ubiquiti access points are a problem.

Avoid routers that advertise themselves as VPN such as the ciscoRV since they are very unstable. So far Ubiquiti is the most stable in this regard since they use the same CPU as the VPN routers though with different hardware configurations and a linux based firmware that has more linux stuff than the rest.

You can also use full linux servers as the router instead but it is a lot to configure and read up on since unlike a product labeled as router the OS doesnt show you all the options like a typical router does. It involves installing the required softwares, reading their documentations and installing them. If you have a network admin whos job is to manage servers and network than you can go with this route assuming he is an employee who is proficient in linux servers and not an outside contractor. This is obviously the best route but also the hardest.

Its important to note that for mikrotik the only help you can get is from their wiki and from people like myself who speak english and understands network configuration correctly unlike what many of mikrotik customers do. There are many nonsensical mikrotik tutorials from the wrong people but there are some good ones from english speaking professionals on the web so youtube is out of question.
 
Thanks for the reply. I'm not in the dorms, however, so I'm not sure that the same applies. Also, I'm very inexperienced with this so I'm not quite sure what it means to be "behind a NAT." Anyway, I thought that it couldn't be a problem at the level of the APs because adding the 2 extra didn't help the situation - do you think it's definitely the APs or could it be something else?

No, it probably doesn't then..

Campus folks are pretty hardcore (good network admins), lol...

So basically, frathouse, eh?

Consider 25 clients per AP, and/or 1500 sq ft per AP - consider also folks have 3 clients per user (laptop/desktop, tablet, phone) so work the numbers..

That being said - dense AP's - reduce power on the AP's if you can, keeping long distance clients from impacting the AP and other users associated.

The big challenge is getting a bunch of folks on to the internet at large - and there, perhaps, going with pfSense might be an option - they've got a few boxes for less than a grand that would be very suited for the fireware/gateway, and then drop in AP's as needed...

Buy me a ticket to SFO, and I can take the BART over and help you guys out, but I guess this is out of the question :D
 
One thing I forgot to ask you RK13.
If you run a speed test with 0 users (internet down for maintenance) connected, what are the results?
Please give results from both speedtest.net and speedof.me
Have the test done on a wired computer.

Thanks!

Edit:
What is the switch you are using?
Some model switches are known to have issues with a mix of Fast Ethernet and Gigabit.
 
Last edited:
One thing to take into consideration is that it may not just be the wireless that slows down under load, but your Comcast connection as well. If lots of people in your area can get on, your bandwidth can be affected. Do you have the regular Xfinity connection? You may try to upgrade to a business account if possible. Business accounts are more expensive, but they usually come without bandwidth caps and I think business customers have slight priority in traffic. You also get to deal with the business help line if there is a problem. Downside is your TV options are reduced and it's a bit more expensive.

Secondly, I would probably look at getting yourself a device that will do some traffic shaping. Essentially you don't want one person downloading game of thrones off the internet to use up the entire house's bandwidth. The TP Link has some basic functions, but it is dependent on IP address for most of its functions. I think you are looking at a UTM in order to get some sort of application control. THe best you can do is limit ALL clients at all times to a certain amount of bandwidth (say 1/10 of your max speed), with the downside that nobody gets super fast downloads. For 30 users, you can do something like midrange (fortigate 60d, or sonicwall tz300). They will cost you around $1000 though, but you will be able to monitor bandwidth very well.

How many SSIDs are you running? You may setup a guest network with a different password that is also bandwidth limited to reduce the number of clients. Also, change your WiFi key every quarter. In any shared space, those types of things become public knowledge quickly.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top