Yaakov Online


I fight with computers

Yaakov
Author

Share


Tags


A Ubiquiti Home Network

For a while, I've been eyeing an upgrade of my home network. It's basically been running on ISP-provided equipment, and consumer ISP equipment is usually quite bad.

Back in the good old days, my ISP gave us a cable modem, and then we were responsible for the rest. Nowadays, ISPs ship devices which act as a modem, router, switch, and Wi-Fi access point. They're not particularly good at most of those jobs, and it very much becomes a case of "jack of all trades, master of none."

Requirements

I very much like the UNIX philosophy of "do one thing and do it well," and the Netgear (and formerly Cisco) cable devices that my ISP supplies are the complete opposite of that.

So, when looking for home networking equipment, I wanted a few things:

  1. It must be composable or modular to scale up if I needed to, or down.
  2. It must be small, so no rack-mounting.
  3. It cannot be overly complicated or expensive.
  4. It must be well-maintained and supported. My existing modem never gets firmware updates, and I want something that at minimum gets security fixes rapidly (e.g. "Broadpwn")
  5. It cannot require a huge amount of power or generate a huge amount of noise.
  6. It must have a large Wi-Fi range, or have a working mesh networking solution. I already have a top-of-the-line consumer range extender, but it actually just doesn't work.
  7. It must not look like a mutant robot spider flipped on its back, like so many consumer Wi-Fi routers these days. I don't know what's gotten into the industrial designers responsible, but I don't like it.

Ubiquiti

Ubiquiti came across my radar a year ago when Andrew Buntine used Ubiquiti syslog events to play personalized theme music when people enter the office.

Since then, I've also followed Troy Hunt who has done a series of blog posts about Ubiquiti's consumer/prosumer/enterprise products, as well as Scott Hanselman who did a post on Amplifi, their newer more-consumer-friendly option.

After doing further research, it seemed that Ubiquiti ticks all the boxes for me. It's expensive but not outrageously so, has different products for distinct roles that all work together, and are regularly shipping firmware updates for their products.

In the end it came down to the prosumer/enterprise "UBNT"/UniFi gear, or the consumer offering, AmpliFi. I went with the UBNT gear instead becauase I wanted some of the more powerful features that AmpliFi does not appear to offer, plus I had started using a wired network too (not just Wi-Fi) and wanted some control over the wired parts.

I eventually settled on the following combination of gear:

  1. ISP-provided cable modem in bridge mode. Only LAN port 1 is active, and it gets a public IP Address. All NAT, routing and wireless is disabled.
  2. 1x Security Gateway - this acts as the router/firewall, and sits immediately behind the modem.
  3. 1x AP-AC-Pro Wi-Fi access point, selected for high 5GHz throughput without going completely overboard. If I need more Wi-Fi range, I can get a UniFi Mesh Point afterwards.
  4. 2x 8-port 60W Power-over-Ethernet switches. One sits with the modem and gateway, the other one on my desk. I could have gone with 1x PoE and 1x non-PoE, but the new Raspberry Pis support PoE and I have some fun ideas for that.
  5. 1x Cloud Key - this is a little dedicated device that runs the network controller software. I could have run this on another device - my NUC, or NAS, or even in the cloud by paying Ubiquiti a bit more - but that would break the do-one-thing rule.

Boxes of Ubiquiti Hardware

Setting it up

I was quite surprised by how straightforward the process was. For each device I basically just had to:

  1. Take it out of the box.
  2. Plug in the power (for the gateway + switches).
  3. Plug it into the network.

In order to configure the network I plugged my computer into the ethernet, and to my surprise the network was already operational with perfectly fine defaults. I had to download a Chrome application in order to find the Cloud Key and run through the setup wizard, but the out-of-box experience was painless.

Seriously.

The most difficult part of the entire procedure was removing the rear mounting bracket from the AP-AC-Pro - it took me a while to find a paperclip, as the instructions call for one, but the device does not ship with one.

The Good

The Bad

Network Topology Map

The Ugly

Nothing. I have no major complaints, nothing that's made me reconsider the whole thing, nothing that's frustrated me or left me scratching my head wondering what the heck to do.

DPI and Statistics

The default configuration of the UniFi gear is to have Deep Packet Inspection enabled. This has me concerned somewhat - not that Ubiquiti is watching what I'm doing, but simply the amount of information that's available by passively observing network traffic, i.e. without doing TLS interception or other crazy things.

Almost all of the statistics and information that Ubiquiti gathers is also observable by my ISP, and potentially already part of the Government-mandated metadata collections.

There's some basic stats, for example, by looking at the traffic flow, one can easily see what time the first person in the house gets up, what time the last person goes to bed, and times that the household is idle, which is likely when nobody is home. For example, guess when I woke up this morning:

Traffic Flow Chart

Furthermore, for the week or so since I've installed the gear, here's the current traffic breakdown:

Traffic Analysis

Each of these categories can be further subdivided, like so:

Network Streaming Traffic Analysis

From this it's easy to see that, for example, the single largest use of my internet traffic for the last week has been Netflix.

Because I'm on the household's side of the modem, I can subdivide it further by device. For example, my iPad is the biggest consumer of Internet traffic purely because I've been binge-watching Tintin on Netflix for the past week:

Single Device Traffic Analysis

My ISP can't see that level of detail, but there's still a lot of information that you can garner from this at a per-subscriber level. I would not be surprised if at least one ISP was selling this information or doing other shady things with it.

Summary

I could quite realistically just copy Troy Hunt's summary here word for word because I've had basically the exact same experience, just with a smaller house and no jetski.

I've been running this configuration for about a week and had zero major issues. My cable modem now does only what it does best, and it's other roles have been taken over by dedicated hardware units that do them a heck of a lot better.

The Wi-Fi coverage and speed are both surprisingly great even with a single access point, and the wired network is running at full speed. I am now able to hog my full 100Mbps internet connection from nearly anywhere in the house. 😁

The hardware is great, the software is amazing, and if I had to do this all again, I probably wouldn't do it any differently.

Author

Yaakov