Announcement

Collapse
No announcement yet.

router? mesh router?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    The router would most likely be in a different place compared to where the current one is, so the usb port on the router would not be of use. The whole network upgradewas a bit of a longer term planning which became more urgent due to the network issues at my girlfriend's parents.

    Do you know where I can find data on the DPI/IPS performance of the Mikrotik?

    I was looking at the Ubiquiti USG, but enabling DPI and IPS drops the datarate to 85 Mbps. We have a 300Mbps connection, and getting a router like this knowing in advance that some functionality would already be a bottleneck seems a bit of a shame. The Ubiquiti Pro version limits to 250Mbps and the XG to 1 Gbps... Then they have the Dream Machine, which can go to 850 Mbps and includes some other interesting features... but a bit of a weird formfactor...

    But first: not sure if I need it... Still, high end routers of other brands (Asus, TP-Link, ...) in the same price-range seem capable of DPI/IPS (although details on the performance are scarce). The Ubiquiti USG Pro is very overkill (esp. price wise), the Dream Machine is even more expensive but has wireless built in and would allow me to do everything with one device. Still, price is right up there with high end models from any other brand and if one device suffices (and at our flat one access point ought to be enough, if it is well positioned), then why go to whole unify thing...
    Last edited by VJ; 14 January 2020, 04:39.
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

    Comment


    • #17
      If you want DPI / IPS you want something like Fortigate or Mini ITX PC with wifi card and Linux. I know some newer Mikrotiks such as 4011 have hardware acceleration for VPN encryption, etc... But I think capable 300Mbps DPI inspection solution will range in >= 400-500€ range.

      Comment


      • #18
        The Ubiquiti Dream Machine (850 Mpbs dpi/ips) is 300-400 euro. A pro version (rack mount, no wifi) is expected for quite some time now - specs are visible as it has been submitted to FCC. From what I gather, their current USG range is getting a bit outdated, so they most likely are renewing everything soon. This may mean there is less sense in getting e.g. a USG-Pro (250 euro), but it may not rule out the USG (110 euro) as it could be a nice platform to start with. I don't have DPI/IPS at this time, so for sure I don't need it soon, if I would need it later, I could keep the access point and upgrade the router independently.
        I would like to move to something that is VLAN capable, mainly to learn, but that rules out most consumer routers. I was even looking at some microITX board and pfsense, but it quickly gets above the price range I'm looking at.

        The Mikrotik look nice from a hardware point of view, but their settings seem a bit intimidating. Still haven't ruled them out, although it seems to me that many devices are also already quite old (e.g. the 2011 range).
        pixar
        Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

        Comment


        • #19
          Mikrotik is simple, you set up everything you need for basic internet access and wifi on quick setup screen which is similar to consumer routers. For advanced stuff you can drill down in menus in winbox or web management and you may google article and paste command lines in shell which you can access in winbox (mikrotik program for managing routers) or by ssh.

          Comment


          • #20
            I placed an order: in the end I decided to go for the Ubiquiti... I don't think it will be such a difference for my purpose, what put me to the decision was mainly the interface (I could try out the different simulators) combined with a nice promotion on Amazon... It may be a bit under-powered for enterprise usage, but for sure it seems like a good entry-point for me to start with a better equipped network. My girlfriend and I often work remotely (through VPNs), and she often has pauses and disconnections (wifi stays connected, just the remote desktop pauses). I'm hoping that an entry level enterprise-class device would be better for this purpose than most consumer routers... So let's see. Added benefit over a consumer router is that I could better plan my network (when I count, it is ridiculous how many devices a single two-person household has: 9 ethernet connected devices (not counting smart switch or router), 3 devices that are mainly on wifi but also have ethernet and then a number of tablets/phones...).
            pixar
            Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

            Comment


            • #21
              Router arrived, accesspoint is not here yet...

              From what I learned on the Ubiquiti forums, to get the pc onto 2 VLANs, the easiest would be to use two network cards. The other option would route all the traffic through the router as my switch is not level-3 and does not do inter-vlan traffic. And getting a computer on multiple VLANs with a single nic is problematic.

              The traffic from the smarthome server to the rest of the network is limited, so no issue in passing that one through the router. The layout would be

              router lan 1 --trunk--> switch
              router lan 2 --> smarthome server

              pc nic1 ----> switch port for vlan1
              pc nic2 ----> switch port for vlan2

              A bit of an issue is that I have just two ethernet ports where that pc is, and one should be used for the media player... For now I can have a workaround, but I may have to look at some switch to make it more elegant (or when devices get added)...
              Last edited by VJ; 23 January 2020, 04:39.
              pixar
              Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

              Comment


              • #22
                Access point arrived also, but have not much time to play with it. It is really a step up from the consumer-routers: the hardware feels solid, the software very advanced. Hope to find some time soon...
                pixar
                Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                Comment


                • #23
                  I did new wifi at work:

                  3 Ubiquiti AP-AC LR access points in management VLAN (for now, we'll expand this to old parts if we go fully operational again - tomorrow we will likely reduce most operations to minimum)
                  Debian Unifi Controller box (just put a VM on ESX) in management VLAN

                  2 wifi networks one for corporate and one for guests on different VLANs

                  Everything on Aruba POE switch.

                  Once you realize you need Debian 9 for mongodb for controller, everything was pretty straightforward. Additional APs you just plug in POE, configure DHCP reservations and adopt them in controller web interface.

                  Did a test setup in corporate VLAN with test controller VM and single AP first. I thought I'll need help from vendor but I did everything myself.
                  Last edited by UtwigMU; 26 March 2020, 07:52.

                  Comment


                  • #24
                    Finally managed to install it... It was a bit troublesome as I had been playing around with the devices, so I first had to unbind them. And then some IP address issues on my computer (I'm not on the standard domain of ubiquiti). But once those were bypassed, installation went very smooth. A few issues for though:
                    • The need for a controller complicates home use a little bit. It is not dramatic, as the whole system works without it; but to configure something you need to have the computer that hosts the controller up and running. Restoring a backup of the configuration onto a new computer is always possible, but there are some firewall issues to be remembered. The Dream Machine and Dream Machine Pro have an integrated controller, so for those there is no need for a separate device/computer.
                    • The USG gets hot. Perhaps not too much of an issue, but with its metal casing it is very noticeable.
                    • The USG is limited to 85 Mbps throughput when threat protection is on (Dream Machines are up to 1 Gbps), and of course they just upgraded my connection to 300/100...
                    • The Ubiquiti system does not like fixed IP addresses. They don't always show up in the system and generally should be avoided (you can use static DHCP)
                    • Internet traffic data appears sometimes incomplete to me... Tags are not always reliable but the general type is ok (e.g. is shows Windows Media Player for a free standing internet radio).
                    • It does not see a non-Ubiquiti switch as a connection point; devices appear directly connected to the closes Ubiquiti device.


                    But our connections are stable. Wifi perfectly identifies where the go and moves devices between 2.4 and 5 GHz if possible. Bands are perfectly chosen. No issues with dropped connections or lower quality (videoconferencing also looks better quality); at times we have 3 VPN connections with multiple remote desktops, 2 internet radios and an ongoing video connection... Perhaps not too much, but it goes without issues at all.

                    I still like the hardware, esp. as the network is so stable, but now I think I either should have gone for the Dream Machine (but it is an all integrated device), or should have waited for the Dream Machine Pro (although people are saying it has many bugs and needs many fixes).
                    It makes most sense to have all Ubiquiti equipment though, as it is clear that then it shines.
                    Last edited by VJ; 9 May 2020, 01:21.
                    pixar
                    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                    Comment

                    Working...
                    X