Thoughts on Ubiquiti Setup for Home

[litercola]

I'm interested in going beyond my current AirPort Extreme setup and investing in a more consistent and capable platform. After a lot of research, the Ubiquiti products look like a great match, but I wanted to get a second set of eyes on my project before committing.

Current Setup

• 2xAirport Extreme AC in Access Point Mode
• 1xAT&T Wireless Gateway (Routing Only)
• Netgear 16-Port Gigabit Unmanaged Switch

Home Layout

• 3 Floors- Floor 1: 1,550 sqft
  - Floor 2: 1,500 sqft
  - Basement: 1,437 sqft
• Cat6 run throughout the house, terminated in the basement

Goals

• Excellent 5GHz Signal throughout all three floors for client devices (2xMacBook Pro w/AC, Surface Pro 3, 2xiPhone 6 Plus, 2xiPad Air 2)
• Excellent 2.4GHz Signal throughput all three floors for connected devices (Nest, Rachio Iro, Printers, etc)
• Maximum hard wired gigabit connection speed for client devices (Mac Pro, Home Theater Equipment, Sonos, etc)
• Potential for bonding two Gigabit Internet connections (AT&T GigaPower and Google Fiber) and load balancing across them

Current Challenges

• Unable to maintain a solid 5GHz signal throughout the house
• Large drops in performance when not within 25' of router
• Lack of insight into connected clients
• No QoS or connection load balancing options

Proposed Ubiquiti Configuration

• EdgeRouter Lite
• Unifi Managed POE 24-Port Switch (250W)
• UAP-AC AP 3 Pack

Proposed Install

• AT&T Gateway to EdgeRouter
• EdgeRouter to Unifi Switch
• One AP installed per floor in the ceiling

I appreciate your thoughts and guidance on this deployment and whether you feel it will meet my needs for stability, range, and maximum performance!

 

[System Error Message]

aside from ubiquiti theres also mikrotik, pfsense and a lot of UTMs to choose from.

The edgerouter lite only has 3 ethernet ports, how will you get more than 1 Gb/s internet when there are only 3 ports and 2 of them are WANs. You're going to need an edgerouter with more ports or you can go with the mikrotik CCR1009. I suggest the mikrotik CCR1009 because it has at least 8 ethernet ports, has a fanless model that has SFP+ and SFP (no need modem for fibre optics) and way more CPU power than the edgerouter. The hardware acceleration on the edgerouter applies to routing whereas the CCR1009 is capable of multi gigabit NAT and vpn. The use of MIPS CPU in the edgerouter gives it very poor vpn throughput while the CCR1009 is capable of a total of 2.7Gb/s of PPTP vpn throughput.

The suitable routers for your setup would be
http://routerboard.com/CCR1009-8G-1S-1SplusPC from mikrotik or
https://www.ubnt.com/edgemax/edgerouter-poe/ from ubiquiti.

Both routers have at least 4 ethernet gigabit ports that let you have 2 gigabit WANs whereas the edgerouter lite's 4th ethernet port is only used for console and management, not for networking. The CCR1009 can do inteface bonding for your LAN with different bondings to choose from while load balancing can be done automatically via general rules or specific rules.

i suggest the mikrotik over ubiquiti because
- the CCR uses software NAT, in ubiquiti you cannot use hardware NAT acceleration with a complicated setup such as with firewall and QoS rendering their hardware capacity 1-2Million pps pointless.
- The MIPS software NAT is very slow and will at most do <1Gb/s with the MIPS CPU in the edgerouter on a best case scenario.
- RouterOS has many more features than ubiquiti such as RADIUS server and a bunch of network services including TFTP server which is used in some cisco security LAN examples
- RouterOS QoS has many more options and features than ubiquiti
- CCR has very high software NAT throughput. On ports connected to the CPU it is capable of multi gigabit NAT throughput even with loads of firewall and QoS rules. This has been confirmed in testing that 2Gb/s of NAT uses up to 1 core while the CCR1009 has 9 cores.
- CCR has upgradeable ram
- CCR despite being a powerful router has POE in

The only downside of routerOS over ubiquiti's OS is that in routerOS you can only get per user stats and configs if you use RADIUS or hotspot. If you visit http://demo.mt.lv you will find a demo of routerOS based on one of their lower end devices. Take a look at the features they have and QoS capability compared to ubiquiti. There are cheaper CCRs but they can be noisy with their dual 1U fans and lack of SFP+.

Pfsense will do all what you want and takes less skill to configure. I also suggest UTM because having a networked antivirus is beneficial even to home networks when you have non technical users.

In routerOS you can create rules to track whoever is connected to your network. I use this in creating address lists that can than be used for other rules or even scripts.

With your wireless setup i suggest you use other APs because internal antennas dont seem to be doing well for you. 5 Ghz have poor penetration though so you may benefit with APs that use external antennas.

The switch you've chosen is totally fine.

 

[netwrks]

I use the the UBNT PoE5 at home as my router / firewall. I have been running for a couple of months now, with UBNT's latest firmware. No issues. (knock on wood..).

The Wizard works great for start up , and lots of support on their web site. Off the UBNT I have a NG managed switch, which all my device are plugged into. I use an an R7000 as an AP.

I considered the ERL, but I saw alot of posts from user's, who were having failures, etc, after a couple of months of use. So I went for the PoE5. More ports to occupy at a later date.

 

[AdvHomeServer]

I owned an ER-Lite and eventually tossed it out. I bought it used online at a discount. I never used it because of some unusual limitations in the GUI that required CLI coding to overcome. OpenVPN appeared to be a nightmare to set up and I never tried. My infatuation with the idea of CLI coding passed when the reality of it hit.

I had planned to keep it as a backup for a router I recently built but encountered something weird when I attempted to update it to V1.7. The GUI reported my firmware as counterfeit and, after upgrade, reported it as vaguely defective - I couldn't pin down a firm explanation for the warning message in the spot where it was formerly reported as counterfeit.

A little history: the ER-Lite puts firmware on a flash drive that is accessible if you open the router. I replaced the flash drive with a larger one. ER-Lite flash drives have been reported as defective from time to time and I wanted to be prepared if mine was going to be one of the bad ones eventually. Some imaging software migrated the OS. It booted fine.

After re-installing the original flash drive, I got the same counterfeit software warning message. Internet research did not yield a satisfactory answer about what it meant or how to replace it with software the ER-Lite recognized as not-counterfeit. I even found a thread on an ER-Lite oriented forum that detailed how to replace the image and offered links to a couple. It was old and appeared to be well tried by others. Same results. I also found a page that asked me to use a console cable and follow some very obscure steps. Given that imaging software exists and is easier to use, I chose not to try this recovery method.

Since I do on-line banking, I decided the best course was to trash it.

Edit: Also, your proposed system looks like a larger version of what I just completed. I only need one wireless access point, though, due to my home's open layout. Plus it's smaller.

I like your idea of a coordinated wireless configuration among all floors. Having said that, I have no experience with one, but it's exactly what I would look at first. Making it look professional will add value to your home. Planning for the future will make it easily up-gradable as tech changes.

I just added a pfSense home built router. It would be the high cost option for you if you build a low powered small form box. Lots of growth potential, though. Mikrotik is popular and not costly. I haven't use one. Actually, any decent home router with the wireless off will work in the basement.

 

[System Error Message]

he cant use any decent home router because he wants to combine 2 gigabit speed ISPs which would require a total of 4 Gb/s of NAT and there is no consumer router that supports that not to mention he wants to use QoS. However you can use a decent home router as a wireless AP. Although the RB1100AHx2 would be able to do 4 Gb/s of NAT it has a weird hardware architecture that makes it unsuitable for your setup. since it has 3 ports connected to the CPU, 2x5port switch chips each having 1 Gb/s link to CPU meaning that you cannot simply get 4Gb/s of NAT without some complicated setup that may not work.

 

[abailey]

It really depends on what you want from your router and switches as well as what your budget is. I will say I was once a big fan of Ubiquiti gear and now I am luke warm to them. The biggest problem I had with their equipment is that it is "half baked". It is almost like they are selling equipment in beta and letting consumers test it for them and then they produce updates to address issues. I had an Edgerouter Lite. Compared to consumer class stuff, and pretty much anything in its price range, it was awesome. It was so much faster and better than my previous router. Soon, though, I started to see many limitations. If you want to do anything besides basic NAT and firewall then it gets really difficult. Even with the latest release you have to do many things with the command line, and even get into the underlying file structure itself. Things like DDNS, VPN, Load Balancing, etc. mostly have to be done through the command line. Even as an IT professional I found it very frustrating (especially when it is the main router for my home and I can't be just experimenting with it while it is in use for all occupants). I quickly decided that yes, for the money it is a good deal, but I was willing to spend more for a better product. I have not used Ubiquiti switches but have heard good things about them and they appear to be an excellent value for the money. I would just suggest you look in the forums on their site to see what people are saying. It is there you find out problems that are not evident from the sales page. This is true with all Ubiquiti products. Another example is the Ubiquiti AP's. The 2.4ghz AP's are well baked and worked very well for me. I upgraded to their dual band Ap-pro series and started to learn of little things that drove me crazy. For instance one of the things I liked with the 2.4ghz only AP's was the zero handoff. It worked really well. I tried to set it up on the AP-pro in the 5ghz region and found out it only supports 20mhz channel width. What a bummer. That seriously hampers throughput. Last I heard the UAP-AC does not even support zero handoff yet (though the literature says it does). Anyway it is little things like this (I actually have a list of many things like this) that have turned me off to Ubiquiti.
I have not used Mikrotik in a long time. The one time I had one of their routers, it was riddled with bugs and not stable. It seems maybe they have fixed the problems as it seems System Error Message is a big fan. I will say this, if you are comparing Ubiquiti to Microtik routers then if you are looking at the Microtik CCR1009-8G-1S-1S+PC you need to compare it to the Ubiquiti ER-8 Edgerouter series as that is a much closer price match (I believe the ER-8 still cost less). The ER-8 has about twice the processing power of the ERlite or ER-Poe.
What I finally decided on and use at my house is the Zyxel USG40. It can do pretty complicated routing and firewall as well as other featues if you wish (like Anti-malware protection, anti-virus, anti-spam, content filtering, IDP, next-generation application intelligence, VPN, DDNS) all from the GUI. I find it much easier to program than the Ubiquiti ERL For your setup you might need a higher level model like the USG60 or USG110 depending on what all you want to do.
Anyway I am not trying to discourage you from getting Ubiquiti gear, I am just saying make sure you define what you want first and then research to see if Ubiquiti can actually deliver it in a manner you can administer.

 

[System Error Message]

as long as you use a stable firmware release for mikrotik and not the beta or RC than it is not buggy. Ever since i used mikrotik the bugs have been minor such as routerOS sniffer crashing MIPS based routerboards and in some updates they can break minor things for lower end routerboards. I have yet to experience bugs on my mikrotik CCR.

 

[netwrks]

It really depends on what you want from your router and switches as well as what your budget is. I will say I was once a big fan of Ubiquiti gear and now I am luke warm to them. The biggest problem I had with their equipment is that it is "half baked". It is almost like they are selling equipment in beta and letting consumers test it for them and then they produce updates to address issues. I had an Edgerouter Lite. Compared to consumer class stuff, and pretty much anything in its price range, it was awesome. It was so much faster and better than my previous router. Soon, though, I started to see many limitations. If you want to do anything besides basic NAT and firewall then it gets really difficult. Even with the latest release you have to do many things with the command line, and even get into the underlying file structure itself. Things like DDNS, VPN, Load Balancing, etc. mostly have to be done through the command line. Even as an IT professional I found it very frustrating (especially when it is the main router for my home and I can't be just experimenting with it while it is in use for all occupants). I quickly decided that yes, for the money it is a good deal, but I was willing to spend more for a better product. I have not used Ubiquiti switches but have heard good things about them and they appear to be an excellent value for the money. I would just suggest you look in the forums on their site to see what people are saying. It is there you find out problems that are not evident from the sales page. This is true with all Ubiquiti products. Another example is the Ubiquiti AP's. The 2.4ghz AP's are well baked and worked very well for me. I upgraded to their dual band Ap-pro series and started to learn of little things that drove me crazy. For instance one of the things I liked with the 2.4ghz only AP's was the zero handoff. It worked really well. I tried to set it up on the AP-pro in the 5ghz region and found out it only supports 20mhz channel width. What a bummer. That seriously hampers throughput. Last I heard the UAP-AC does not even support zero handoff yet (though the literature says it does). Anyway it is little things like this (I actually have a list of many things like this) that have turned me off to Ubiquiti.
I have not used Mikrotik in a long time. The one time I had one of their routers, it was riddled with bugs and not stable. It seems maybe they have fixed the problems as it seems System Error Message is a big fan. I will say this, if you are comparing Ubiquiti to Microtik routers then if you are looking at the Microtik CCR1009-8G-1S-1S+PC you need to compare it to the Ubiquiti ER-8 Edgerouter series as that is a much closer price match (I believe the ER-8 still cost less). The ER-8 has about twice the processing power of the ERlite or ER-Poe.
What I finally decided on and use at my house is the Zyxel USG40. It can do pretty complicated routing and firewall as well as other featues if you wish (like Anti-malware protection, anti-virus, anti-spam, content filtering, IDP, next-generation application intelligence, VPN, DDNS) all from the GUI. I find it much easier to program than the Ubiquiti ERL For your setup you might need a higher level model like the USG60 or USG110 depending on what all you want to do.
Anyway I am not trying to discourage you from getting Ubiquiti gear, I am just saying make sure you define what you want first and then research to see if Ubiquiti can actually deliver it in a manner you can administer.

Gonna have a look at the Zyxel - thx!

 

[migueln]

There is also edmax poe it is great your solution semms great do implement it but it is not so easy to configure the first time.

Best of luck!!


Sent from my iPhone using Tapatalk

 

[AdvHomeServer]

he cant use any decent home router because he wants to combine 2 gigabit speed ISPs which would require a total of 4 Gb/s of NAT and there is no consumer router that supports that not to mention he wants to use QoS. However you can use a decent home router as a wireless AP. Although the RB1100AHx2 would be able to do 4 Gb/s of NAT it has a weird hardware architecture that makes it unsuitable for your setup. since it has 3 ports connected to the CPU, 2x5port switch chips each having 1 Gb/s link to CPU meaning that you cannot simply get 4Gb/s of NAT without some complicated setup that may not work.

Sorry ... didn't notice that last item. That really raises his hardware requirements. What does a home user do with 2Gbps? Seems a little odd to have 2Gbps in and wireless-N / AC concerns in a household environment unless the family is massive and online all the time. I, personally, would decompose the problem into parts that work together and match the router and line-in to the home internals.

 

[sfx2000]

Goals

• Excellent 5GHz Signal throughout all three floors for client devices (2xMacBook Pro w/AC, Surface Pro 3, 2xiPhone 6 Plus, 2xiPad Air 2)
• Excellent 2.4GHz Signal throughput all three floors for connected devices (Nest, Rachio Iro, Printers, etc)
• Maximum hard wired gigabit connection speed for client devices (Mac Pro, Home Theater Equipment, Sonos, etc)
• Potential for bonding two Gigabit Internet connections (AT&T GigaPower and Google Fiber) and load balancing across them

This are all good goals, but spend some time/effort to define what "Excellent" really means - as in a measurable metric - because if you can't test it, it's not a realistic requirement.

Just as a thought - you've got three floors - focus on where people generally congregate - this is where you really want the bandwidth/capacity to be high - family room, kitchen/dining room... bedrooms... and then backfill with 2.4GHz at a minimum of 72Mpbs (enough for average SmartPhone/Tablet).

I did my Mother's home, which is about the same size, with a single AP - but that's understanding the needs - upstairs where the bedrooms are, it was media streamers (Roku/AppleTV/SmartTV type of devices), so a minimum there was 50-72 Mbps, enough so that Netflix/Hulu work - downstairs, on the main floor - home office, which I wired up two desktops, family room/dining room (which are adjacent), and the garage (designated smoking area) and patio were secondary targets, where again, 2.4GHz as the backfill. The basement, which is fully finished, so technically a 3rd occupied floor was a smaller family room and a small craftroom there - not occupied that often, so 2.4GHz was sufficient, and I did drop a CAT5 down to the desktop in the craftroom.

Total number of fixed nodes in the house was 23, max was 50 with visitors, etc... note that the house is wood/sheetrock, full basement, and no stucco/plaster in the house...

I was able the light up the whole house with a single WRT1900ac on the first floor, located in the innermost wall of the home office, which was just about mid-floorplan on the first/ground floor...

Why the WRT1900ac? Well - it's a fairly decent performer in 5GHz, and a very good performer in 2.4GHz - and good wired performance to boot.
​

I guess my point is - before throwing a lot of money and hardware, is take a close look at how the network is being used - it's about the best experience, and put the wireless were the people are.

 

[sfx2000]

Potential for bonding two Gigabit Internet connections (AT&T GigaPower and Google Fiber) and load balancing across them

Well - that does throw a bit of a clinker in the works - but there, you're raising the level of complexity (e.g. cost) by about double, just for that one item.

where the challenge is that you're looking to potential bond two circuits from two different providers - take it from me, this is a challenge and can be very frustrating - I work in the carrier space, and do this all the time - in the Home space, you're better off ordering two circuits from the same provider, and bonding them.

In any event, this does ratchet up the cost on the ingress router quite a bit - as most consumer grade gear does this poorly, and they rarely have the CPU horsepower and RAM to make it work well.

EdgeRouter might do it, or perhaps MicroTik with some of their RouterBoard products, but this is a pre-sales question before you put money down - be clear with your intents, and make sure your requirements are locked down.

 

[stevech]

why would a home user want to pay $$$ for bonding two feeds, when most Internet host servers are lethargic?

 

[litercola]

why would a home user want to pay $$$ for bonding two feeds, when most Internet host servers are lethargic?

The reason is really two fold...

1. The cost is $140/mo for both connections, which is actually much cheaper than what I paid for Verizon FiOS for a 300/300 connection before moving to Kansas City.

2. I work in IT and I just kind of wanted to see if it could be done. It's absolute overkill, but it seemed fun to try out!

 

[litercola]

Well - that does throw a bit of a clinker in the works - but there, you're raising the level of complexity (e.g. cost) by about double, just for that one item.

where the challenge is that you're looking to potential bond two circuits from two different providers - take it from me, this is a challenge and can be very frustrating - I work in the carrier space, and do this all the time - in the Home space, you're better off ordering two circuits from the same provider, and bonding them.

In any event, this does ratchet up the cost on the ingress router quite a bit - as most consumer grade gear does this poorly, and they rarely have the CPU horsepower and RAM to make it work well.

EdgeRouter might do it, or perhaps MicroTik with some of their RouterBoard products, but this is a pre-sales question before you put money down - be clear with your intents, and make sure your requirements are locked down.

Agreed on adding to the complexity and ultimately it isn't necessary for this to occur. I was just hopeful I could give it a shot!

 

[litercola]

This are all good goals, but spend some time/effort to define what "Excellent" really means - as in a measurable metric - because if you can't test it, it's not a realistic requirement.

Just as a thought - you've got three floors - focus on where people generally congregate - this is where you really want the bandwidth/capacity to be high - family room, kitchen/dining room... bedrooms... and then backfill with 2.4GHz at a minimum of 72Mpbs (enough for average SmartPhone/Tablet).

I did my Mother's home, which is about the same size, with a single AP - but that's understanding the needs - upstairs where the bedrooms are, it was media streamers (Roku/AppleTV/SmartTV type of devices), so a minimum there was 50-72 Mbps, enough so that Netflix/Hulu work - downstairs, on the main floor - home office, which I wired up two desktops, family room/dining room (which are adjacent), and the garage (designated smoking area) and patio were secondary targets, where again, 2.4GHz as the backfill. The basement, which is fully finished, so technically a 3rd occupied floor was a smaller family room and a small craftroom there - not occupied that often, so 2.4GHz was sufficient, and I did drop a CAT5 down to the desktop in the craftroom.

Total number of fixed nodes in the house was 23, max was 50 with visitors, etc... note that the house is wood/sheetrock, full basement, and no stucco/plaster in the house...

I was able the light up the whole house with a single WRT1900ac on the first floor, located in the innermost wall of the home office, which was just about mid-floorplan on the first/ground floor...

Why the WRT1900ac? Well - it's a fairly decent performer in 5GHz, and a very good performer in 2.4GHz - and good wired performance to boot.
​

I guess my point is - before throwing a lot of money and hardware, is take a close look at how the network is being used - it's about the best experience, and put the wireless were the people are.

Thanks for the great response! I have two Airport Extreme's acting as AP's today and my 2.4GHz coverage is fantastic throughout the house. It's simply the 5GHz coverage that I'm struggling with.

Great advice focusing on the areas where we spend the most time, which would be my office, our media room, living room/kitchen, and the master bedroom.

 

[coxhaus]

I have been thinking about how to handle a dual gig internet system for a while. I brought it up several months ago when Google came to town. Of course I do not have access to gig connections as I am too far out, so it is all theory. Since there is not a consumer router which will handle the load when using firewall services why not divide the internet and use 2 separate routers. Then use layer 3 switches to control the local network. Behind the routers use a layer 3 switch for each router. Each layer 3 switch will provide DHCP for it's VLANs. There would be overlap in the management VLAN with both layer 3 switches providing DHCP so that VLAN would be random DHCP but if not really populated then it would not provide an issue. Each layer 3 switch would use it's router as its' gateway. Static routes would be setup for all VLANs on each layer3 switch so they can access resources off the whole network. It would be nice if lower level switches and routers had a gateway and a gateway of last resort. I think it would come in handy for some of this. A routing protocol might be handy also. Just to be clear the layer 3 switches are connected physically together using the management VLAN.
I think this would allow you to get around not having routers powerful enough to handle 2 one gig pipes. It is not load balancing but you could divide the network traffic based on loads. The layer 3 switches would be fast enough to switch the internet traffic flow plus local LAN traffic. You just let the routers route with no other load which should allow for hardware acceleration to keep the speed of the routers up. If you had an internet pipe go down you could just switch the default gateway to the other router on the layer 3 switch to get by with only a small network interruption. What do you think?

 

[System Error Message]

Or you could use a non consumer router like pfsense, mikrotik, cisco, juniper and enjoy the benefits of the enterprise features they have aside from the faster speeds. The problem with failover is that you dont get to combine both speeds and some desktops have 2 ethernet ports that can be bonded.