Announcement

Collapse
No announcement yet.

Ubiquiti USG Pro and failover

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Ubiquiti USG Pro and failover

    While this is not really HomeSeer related, it really doesn't fit in Off Topic either. It is a very long story, but I will make it as short as possible. Sorry for the big images, but they need to be.

    Early last year I switched from a Netgear Wireless Router to Ubiquiti APs. I love them. I built a pfSense router gateway to replace the router portion of the Netgear R7000. Again another wonderful move. I also put a UniFi controller on my HS server so I could administrate the APs. When you have a Ubiquiti controller, you are presented with just how much data you could have if you only had their switches and gateway. The pfSense router gave me a lot of good data once I had installed a few add ins.

    Months went by with everything working perfectly, but I was really wanting to get the rest of the information. Late last year, I sold my Cisco POE switch and replaced it with a Ubiquiti US-48-500W. At that time I also added a Cloud Key to offload the controller from the HS server and replaced the pfSense box with a USG. The information was wonderful. I could see at a glance the entire path of connection from any device back to the gateway. The wealth of data and the amount of control was a thing of beauty.

    Youi can see devices, how long they have been connected and to which switch port or AP

    Click image for larger version  Name:	capture.png Views:	1 Size:	53.6 KB ID:	1256631

    At a glance network status

    Click image for larger version  Name:	Capture1.PNG Views:	1 Size:	176.0 KB ID:	1256632

    And accumulated usage. It was reset for the beginning of a new month this morning. You can drill down to clients and applications.

    Click image for larger version  Name:	Capture3.PNG Views:	1 Size:	281.2 KB ID:	1256633

    This is just a portion of the complete map it generates of every connected device ant the path back to the router

    Click image for larger version  Name:	Capture4.PNG Views:	1 Size:	574.0 KB ID:	1256634

    Then a few months ago they added GEOIP Filtering and IPS (Intrusion Prevention System). IPS is hardware intensive and disables hardware offload, so my USG was only good for ~85Mbps flow. We have Comcast internet that is promised for 250 Mbps and usually delivers closer to 300. I needed to upgrade to a USG Pro to be able to handle the speed, but I couldn't spend any more money.

    As luck would have it I purchased a "for parts only" USG Pro on eBay for $70 shipped. It had damage to the left side rack mount tab and it was dead according to the listing. I disassembled it, repaired the bent tab and a crack in the PC board killing the power supply. It was up and running. I sold the USG. With all the new features enabled, we have had excellent performance 100% uptime and very tight security.

    Now to the point of this post. My Wife works from home via a secure tunnel. It is imperative that she stay connected, or she has pack up and drive to work. We save a lot of money with her staying home and she has about an hour more of her own time ecch work day and she can make lunch at home. It has really been nice for all of us. about two weeks ago Comcast became very flakey, not resolving addresses and other silly things. Michelle's tunnel stayed up without issue. This did get us to thinking about what we would do if it was down altogether. I looked at an LTE backup, but didn't like the cost.

    Along came CenturyLink with their new bonded, vectored VDSL 100 Mbps service for $55 "for life" with no contract. We have DirecTV giving us a $10 per month credit, making the net cost $45. I purchased a Zyxel C3000Z modem on eBay for $90 so I don't need to lease one for $10.81 per month. I just got it installed today.

    It took all of 10 minutes to set the CenturyLink modem to transparent bridge mode, connect it to the secondary WAN port on the USG Pro and to configure the USC for PPPoE credentials and for failover.One can chose weighted load balancing or failover, for now I chose failover so it will default to the higher Comcast speed. I tested it several times and the failover is almost instantaneous. I pulled the plug on the Comcast modem, pulled the coax from the modem and disconnected the modem from the gateway. Each time we never saw a blip in Internet connectivity and it just as quickly rolled back to Comcast when it was restored.

    While we could still loose both CenturyLink and Comcast copper due to a disaster, it is unlikely we would ever lose both at any other time. I just love it when a plan comes together.

    This is also another testament to the Ubiquiti ecosystem. While it is not perfect, it was very good to begin with and they are rolling out new features almost monthly. It was a bit expensive to make the move, but looking in my rear view mirror, it was well worth it.
    Last edited by rprade; November 8, 2018, 08:04 PM.
    Randy Prade
    Aurora, CO
    Prades.net

    PHLocation - Pushover - EasyTrigger - UltraECM3 - Ultra1Wire3 - Arduino

    #2
    And another post by Randy that is going to cost me time and now money to improve my life in a good way. I already have unifi in the house, and have been wanting a new project. Time to write that letter to Santa.

    Comment


      #3
      Click image for larger version  Name:	584FC62D-69CA-42CC-B454-5657832BD830.png Views:	1 Size:	386.3 KB ID:	1256662 We have Spectrum at 80Mbps which is sufficient for our current needs and so the UniFi USG works quite well. I agree with Randy that UniFi equipment is really good for the price.

      We have:

      USG
      8x60 watt switch
      8x150 watt switch
      16x150 watt switch
      2 AP AC-Pro access points
      Cloudkey
      Michael

      Comment


        #4
        Dang you guys. I was looking to replace some network hardware and was thinking pfSense and/or another vendor. Now I am rethinking that.

        Can one of you explain the Cloudkey in laymans terms?

        And why the USG and not EdgeMax EdgeRouter?

        Comment


          #5
          The CloudKey is a POE Linux computer that is really small and light weight. I have ours plugged into one of our POE switches in the garage. It is the brain behind UniFi.

          You could run the software on a computer, but having it running on a dedicated CloudKey means that user interference is limited - meaning I’m the only one who might screw it up!

          The USG is a baby Edgerouter. Every day it is becoming more like it’s bigger brother but the Edgerouter does not integrate with the UniFi experience that Randy discussed in his post.
          Michael

          Comment


            #6
            Originally posted by Rvtravlr View Post
            Click image for larger version Name:	584FC62D-69CA-42CC-B454-5657832BD830.png Views:	1 Size:	386.3 KB ID:	1256662 We have Spectrum at 80Mbps which is sufficient for our current needs and so the UniFi USG works quite well. I agree with Randy that UniFi equipment is really good for the price.

            We have:

            USG
            8x60 watt switch
            8x150 watt switch
            16x150 watt switch
            2 AP AC-Pro access points
            Cloudkey
            If you wanted to backup internet by an LTE modem or another service, the USG supports it through the VOIP port.

            Randy Prade
            Aurora, CO
            Prades.net

            PHLocation - Pushover - EasyTrigger - UltraECM3 - Ultra1Wire3 - Arduino

            Comment


              #7
              Originally posted by rprade View Post
              If you wanted to backup internet by an LTE modem or another service, the USG supports it through the VOIP port.
              I configured the VOIP port as a failover WAN port but haven’t decided on a provider yet. Here in Reno we have limited options. I’m looking for a provider like the old Clear - wireless.
              Michael

              Comment


                #8
                Originally posted by spike5884 View Post
                Dang you guys. I was looking to replace some network hardware and was thinking pfSense and/or another vendor. Now I am rethinking that.

                Can one of you explain the Cloudkey in laymans terms?

                And why the USG and not EdgeMax EdgeRouter?
                As Michael said, the cloud key is the controller. You can run a Java app on another computer for the same results. The Cloud Key is dedicated and at about $70 is not terribly sophisticated. For data collection or device management the controller must be running.

                As far as network usage stats the Edgerouter has it built in, but it cannot monitor or configure switches and APs. The Edgerouter actually provides more network data AFAIK, but it will not work with the Cloud Key or UniFi controller.

                Then crux of it is that the UniFi controller gives you everything in one place. All configuration, control, management, firmware updates and device adoption is handled in one place. Say you have several APs and you want to change the SSID, you can do it at the controller. The controller takes care of assignment between 5G and 2.4G all under the same SSID. A guest network can be setup and managed across all APs and the network. You can block internal IPs or reset WiFi connections. It is like a network superstore.

                Randy Prade
                Aurora, CO
                Prades.net

                PHLocation - Pushover - EasyTrigger - UltraECM3 - Ultra1Wire3 - Arduino

                Comment


                  #9
                  Originally posted by Rvtravlr View Post
                  We have Spectrum at 80Mbps which is sufficient for our current needs...
                  We don't need 250Mbps, but it is there, so I want it available.

                  Just like I don't need 320 HP, but it is good to know it is there


                  More pix
                  Last edited by rprade; November 1, 2018, 10:21 PM.
                  Randy Prade
                  Aurora, CO
                  Prades.net

                  PHLocation - Pushover - EasyTrigger - UltraECM3 - Ultra1Wire3 - Arduino

                  Comment


                    #10
                    Originally posted by rprade View Post
                    We don't need 250Mbps, but it is there, so I want it available.

                    Just like I don't need 320 HP, but it is good to know it is there


                    Now, you’re just showing off! Love the car.
                    Michael

                    Comment


                      #11
                      I have been watching the USG product steadily improve for a while now but have never purchased one. The big weakness is VPN server support. The last I checked there was no support for IKEv2. pfSense is a far superior product for this one aspect as IKEv2 with certificates is supported and hardware acceleration for encryption/decryption is supported. For support of about 20 VPN users or less, pfSense works great. It works with multiple endpoints running different OS's although it takes a very technical effort to get it all working. IKEv1 (ipsec) has been compromised and is worthless.

                      I have been very happy with other Ubiquiti products. However, I have some very old Ubiquiti AP's that are no longer supported. Since new firmware updates are not available to fix security holes, there is no choice but to replace the hardware (even though it still 'works').

                      Randy, since you got rid of pfSense, what are you using for a VPN server (if anything)?

                      Comment


                        #12
                        Very nice Randy!!!

                        Doing everything a la carte here hardware wise. First time implementing WiFi automation using an autonomous dedicated AP / Mosquitto.

                        Using PFSense here with a 3G/LTE T-Mobile failover. $20 / Month. The modem is used for backup to voice lines too. Only thing that I have noticed is that when Comcast quits working but broadband remains up failover internet quits working. Thinking of going over to AT&T DSL as a back up to primary Comcast ISP cable line.

                        Nice car. Here like silver and have a silver BMW SUV X3 and 330XI. The 330XI is a pocket rocket. It'll hit around 146 MPH in just a few seconds on the interstate.

                        Check out BMW CCA. Typically they will have all sorts of events. For a few years here we did a fall tour then a spring tour event.

                        Here is a picture of the CO CCA spring tour.

                        Click image for larger version

Name:	CCASpringTourCO2018.jpg
Views:	531
Size:	135.7 KB
ID:	1256752
                        Last edited by Pete; November 2, 2018, 10:51 AM.
                        - Pete

                        Auto mator
                        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                        HS4 Pro - V4.1.2.0 - Ubuntu 18.04/VB W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.10.0.104
                        HS4 Lite -

                        X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                        Comment


                          #13
                          Originally posted by Pete View Post
                          Very nice Randy!!!

                          Doing everything a la carte here hardware wise. First time implementing WiFi automation using an autonomous dedicated AP / Mosquitto.

                          Using PFSense here with a 3G/LTE T-Mobile failover. $20 / Month. The modem is used for backup to voice lines too. Only thing that I have noticed is that when Comcast quits working but broadband remains up failover internet quits working. Thinking of going over to AT&T DSL as a back up to primary Comcast ISP cable line.

                          Nice car. Here like silver and have a silver BMW SUV X3 and 330XI. The 330XI is a pocket rocket. It'll hit around 146 MPH in just a few seconds on the interstate.

                          Check out BMW CCA. Typically they will have all sorts of events. For a few years here we did a fall tour then a spring tour event.

                          Here is a picture of the CO CCA spring tour.
                          Pete;

                          I really liked pfSense and it is a much more powerful gateway, but the consolidation and ease of Ubiquiti had me at the first AP.

                          Thanks for the suggestions. The one above is a 2015 435xi. It is an all weather rocket as well. Been a BMW CCA member for years since i bought my first in 2008.



                          My wife bought an X3 the same year. I have ridden BMW motorcycles for years, have been a member of BMWMOA and BMWRA since 1999. I helped found and and create a 501(c)c organization Curve Cowboy Reunion that sponsored annual rides and raised over $250,000 for charity from 2000 until I resigned 2012. It was dedicated to two-up luxury touring. It was a unique idea that had an end of summer annual ride at a single hotel. We had riders from all over the country and all o9ver the world. It was truly a joy. Our first Reunion after organizing was in Hot Springs AR September 23, 2001. One of my friends so wanted to join us for dinner he rode from Virginia to Hot Springs for Dinner, then back to Virginia after dinner. The next year he set a record riding 186,000 miles in a single year on one motorcycle. He needed to clear his mind, since he was in the pentagon September 11, just two weeks before our Reunion. Three years later he became Surgeon General of the navy.The organization was dissolved in 2014, but the gang still gets together. I started two websites in 2005 devoted to BMW motorcycles www.bmwlt.com and www.k-bikes.com I sold them to motorcycle.com in 2012. In 2005 I was chairman of CCR (my 2nd of 4) and hosted over 400 riders at The Jackson Lake Lodge in Grand Teton National park. We were the first motorcycle group to ever be invited to a national park due to the reputation we had garnered from past Reunions and charitable contributions. After a handful of BIG Federal speeding tickets were issued at Yellowstone on the last day, we may have been the only

                          It was the bikes that pushed me to try the cars. The bikes took us on the most memorable trips of our lifetimes, including a 30 day trip to the Arctic Circle in NWT.

                          Arctic Circle 2007 travel log.



                          But enough offroading - back to HA
                          Last edited by rprade; November 2, 2018, 03:17 PM. Reason: typo
                          Randy Prade
                          Aurora, CO
                          Prades.net

                          PHLocation - Pushover - EasyTrigger - UltraECM3 - Ultra1Wire3 - Arduino

                          Comment


                            #14
                            Like German cars. Had a Benz/AMG when I was 19. Brought it over from Germany. But seems a waste when one can't drive them for what they were designed to do. Glad that I got out of cars. Of course, then picked boats which is another money drain…. At least I can sleep in it, right?

                            Have been by the BMW headquarters in Munich many times. Love the cars. At least BMW supports wireless Car Play! No one (car manufacturers) else does. It's bad when you're in the market for a new car and can't find the one you want because they don't support the tech that you want...

                            I think that we derailed from the original post....
                            HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

                            Comment


                              #15
                              The USG line is getting better all the time, but it still can't compete with the flexibility of PFsense. Not everyone needs all that, but in terms of VPN options, PFBlockerNG support, Snort and Suircata integration and the Avahi plugin that makes all my chromecasts work across VLAN's, PFsense is very capable.

                              I really wish there was a way of integrating PFsense into the Unifi dashboards, but I don't see ubquiti having an economic interest in making that work. The integration of the switching and AP's into a unified UI has made it really easy to find all sorts of problems, and unifi hardware is hard to beat from a price/performance POV.



                              Comment

                              Working...
                              X