Straying into Ubiquiti territory for a home network experiment, part 1

As many of you know, I run my home, lab, and store networks primarily on Meraki gear. Employee discounts and internal system engineer promos make it a reasonably priced platform for me, but I can understand why non-Cisco employees might not build out a substantial home network on their own dime with Meraki.

Having cut directly over from the Linksys WRT1900AC as a router to a mix of MX security appliances, MS switches, and MR access points, I didn’t really take the time to evaluate other options. However, with many friends getting into Ubiquiti, I figured it was worth trying that platform out, especially when some of the devices went on sale at a local computer store.

In this post I’ll talk about the initial deployment and the gear I’ve purchased. I do have a few items from Ubiquiti that I won’t be using for this environment (like the EdgeRouters and a couple of relatively ancient 24v POE access points).

Spoiler: I’m still a big Meraki fan, and if I were deploying in a business environment where I didn’t want to tweak much or where I wanted enterprise-grade features, I’d still lean toward that platform. However, for a home network, home office, or early stage  startup, the Ubiquiti option is definitely worth a look.

Initial Bill of Materials

ubnt-cloudkey-aa-1.jpg

UC-CK Cloud Key, with two AA batteries for scale

Note that Amazon offers some combos with multiple elements, like this $349 combo with Cloud Key, Switch, and Security Gateway. You may be able to get quicker shipping and/or save a buck or two that way, but look around at the combos to see what makes the most sense. If you decide to buy multiples, there may be discounted packs of devices (like this 5-pack of AP-AC-PRO which saves you about $15 per device).

You’ll also find the items on Newegg, including Newegg on eBay, Central Computers (if you’re in the SF Bay Area), and direct from Ubiquiti. If you use the Amazon or eBay links above, we get a few bucks that will go back into gear to review here and on rsts11travel.

Why did I choose this particular gear?

ubnt cloudkey

UniFi Cloud Key

Like Meraki, Ubiquiti uses the concept of a “cloud controller.” Unlike Meraki, you can place the controller on your own private cloud, or purchase a “Cloud Key” to run on your own network for management. There is still a “public” website to view and manage the network, but you can access the local controller via ssh, https, or a mobile app.

Since I don’t currently have a full-time system running that would host the controller, I chose to buy the older Cloud Key. They have newer versions, with more powerful controller hardware, battery  backup, and more features, but since this is meant to be a basic deployment on a budget (and I wanted to pick up the cloud key locally), I went with the first gen device. This device is about the size of four AA  batteries; can be powered by PoE or a USB cable; and of course still requires a LAN connection even if powered by USB.

ubnt accesspoint

UniFi AC Pro

For wireless access, there are over a dozen different AP models, compared and contrasted on the Ubiquiti knowledgebase. The three devices in the “wave 1” family (UniFi AC) include the Lite, the LR (long range), and the Pro. My decision on the Pro was based primarily on “ooh, it’s on sale” but I’m pretty comfortable with the features including extended 5GHz radio rate of 1300 Mbps, and the dual Ethernet ports for redundancy.

ubnt switch

UniFi Switch 8 60W

The switch is meant to let me offload both the AP and the Cloud Key from their current home on my Meraki MS42P switch, so that I can put them behind the security gateway for more thorough testing. The AP uses 9 watts and the Cloud Key uses 5 watts, so the 60 watt PoE switch should be enough for the near term.  There is a 150 watt version (US-8-150W, for about $190) with two additional SFP modules, if you do need more power. And interestingly, the switch is the only piece in the bill of materials that has a metal shell as opposed to plastic.

ubnt security gateway

Unifi Security Gateway 3-port

Finally, with the USG security gateway, I get additional visibility into the Internet connection itself and my use thereof. Without the USG in the data path, I can see per-device information within my network, and status of the APs and switches, but I don’t have the visibility at a network level.

Starting the deployment

I bought the access point first, and went back a day or two later for the cloud key once I decided not to run the controller on my own hardware. So the CK went up first, plugged in via the tiny Ethernet cable to a port on my Meraki PoE switch.

When I logged in, of course, it was behind a few versions on the firmware. I had issues with firmware updates and “adopting” the device into my Ubiquiti cloud portal. The adoption failed claiming the device was unreachable, and the firmware upgrade didn’t seem to start, much less complete.

So I ended up doing some minor workarounds using some steps from a community post here for the firmware update. I wish I could remember the fix for the adoption, although I suspect I’ll figure it out again on a future device and can report back then.

Once the Cloud Key was recognized, updated, and working properly, I adopted the Access Point and updated it. I configured a wireless network and went downstairs from the home office to connect my iPad to the new network and test it out.

Not surprisingly, the network was as fast and efficient as it was through the MR34 at the same distance. I did learn from the Ubiquiti interface that there were at least 50 networks detected by the AP-AC-PRO, which was slightly surprising. Despite that, I’m seeing about 20% utilization on 2.4GHz and 3% utilization on 5GHz and noticeable but not overwhelming “interference” registering primarily on 2.4GHz.

I also realized that the extra MR34 downstairs, connected through an MS220-8P switch that was uplinked through Powerline networking, was definitely throttling my connectivity when I associated with it. Unplugging the AP forced my iPad to connect to the upstairs MR34, and I didn’t have any issues even at the distance. So for now, the Powerline network is driving two tiny Verium miners and my two printers, as well as an Intel NUC in the living room.

What comes next?

After reorganizing a bit of the home office, I’ll be turning up the USG security gateway and the 8-port switch very soon. At that point I’m likely to put all four pieces behind my secondary Internet connection (to enable the home network SLA to be maintained), and run some traffic through it.

I’m also giving serious thought to powering the USG through a PoE splitter like the Wifi Texas one ($18 on Amazon) so that all four devices can be powered from a single wall outlet (for the switch).

Check in soon for the second part of this journey, and feel free to share any suggestions, comments, references, designs, etc in the comments below.

 

 

Test-driving third party optics from StarTech in the RSTS11 labs

Disclosures at the end, as usual.

This fall John Obeto asked if I’d be willing to try out some third party optical modules in some of the varied and random switches I have around the rsts11 home lab. Always willing to help a friend and try some new gadgets, I accepted the challenge. Today I’ll give you an idea of why you might consider third party optics for your switching, why you might not, and how the compatible modules from StarTech.com impressed me.

2018-12-01 14.02.27WHAT ARE OPTICAL MODULES?

First, a word on optical modules. For decades, switch manufacturers have made two kinds of ports on their switches, a fixed port and a modular port. Fixed ports were long popular on line cards, where you wanted to get 24-48 (or more) optical ports for fiber cabling into a small amount of space, and you knew your customer was not going to change their optical requirements on the fly.

Modular (or “pluggable”) ports, however, made it possible to sell switches at a lower initial cost and allow the uplinks to be populated later. It also enabled customers to use different connection lengths and media with the commensurate power considerations.

In Gigabit Ethernet (and 1/2/4 gigabit Fibre Channel), the standard has been the Small Formfactor Pluggable, or SFP, module. About the size of a AA battery or a small USB flash drive, it connects to a small blade port inside the switch, and “translates” the connection to short (SR), long, (LR), or extended/extreme (XR) range optics, or even to 1000Base-T copper.

For 10 Gigabit Ethernet (and 8/16 gigabit Fibre Channel), the standard is an extension of the same module called SFP+. Many installations within a rack or in adjacent racks will use copper SFP+ cabling (with no fiber involved), sometimes called Direct Attach Copper or DAC cabling. Continue reading

Looking back on InteropITX 2017 – the good, the bad, and the future

My fifth Interop conference is in the books now. Let’s take a look back and see how it turned out, and where I think it will go next year. See disclosures at the end if you’re into that sort of thing.

Ch-ch-ch-changes…

The event scaled down this year, moving down the strip to the MGM Grand Conference Center after several years at Mandalay Bay. With the introduction of a 30-member advisory board from industry and community to support the content tracks, Interop moved toward a stronger content focus than I’d perceived in past events.

The metrics provided by Meghan Reilly (Interop general manager) and Susan Fogarty (head of content) showed some interesting dynamics in this year’s attendance.

The most represented companies had 6-7 attendees each, as I recall from the opening callouts, with an average of about 2 people per company. More than half of the attendees were experiencing Interop for the first time, and nearly two thirds were management as opposed to practitioners.

The focus on IT leadership, from the keynotes to the leadership and professional development track for sessions, was definitely front and center.

How about that content?

Keynotes brought some of the big names and interesting stories to InteropITX. There wasn’t always a direct correlation, but there was some interesting context to be experienced, from Cisco’s Susie Wee talking about code and programmability in an application world (and getting the audience to do live API calls from their phones), to Kevin Mandia of Fireeye talking about real world security postures and threat landscapes. Andrew McAfee brought the acronym of the year to the stage, noting that often the decisions in companies are not made by the right person, but the HiPPOs — Highest Paid Person’s Opinion.

With five active tracks, there was content for everyone in the breakouts this year as well. Some tracks will need larger rooms next year (like the Packet Pushers Future Of Networking, which seemed to demand software-defined seating when I tried to get in) and others may need some heavier recruiting.

Attendees can access the presentations they missed (check your Interop emails), and some presentations may have been posted separately by the presenters (i.e. to Slideshare or their own web properties) for general access. Alas, or perhaps luckily, the sessions were not recorded, so if you haven’t heard Stephen Foskett’s storage joke, you’ll have to find him in person to experience it.

Panic at the Expo?

But the traditional draw of Interop, its expo floor (now called the Business Hall), was still noteworthy. With over a hundred exhibitors, from large IT organizations like VMware to startups and niche suppliers, you could see almost anything there (except wireless technology, as @wirelessnerd will tell you about here). American Express OPEN was even there again as well, and while they couldn’t help with fixing Amex’s limited retort to Chase Sapphire Reserve (read more about that on rsts11travel if you like), they were there to help business owners get charge card applications and swag processed.

The mega-theatre booths of past years were gone, and this year’s largest booths were 30×30 for VMware and Cylance among others.

Some of the big infrastructure names were scaled way back (like Cisco, with a 10×10 along with a Viptela 10×10 and a Meraki presence at the NBASET Alliance booth) or absent (like Dell, whose only presence was in an OEM appliance reference, and HPE, who seem to have been completely absent).

These two noteworthy changes to the expo scene were probably good for the ecosystem as a whole, with a caveat. With a more leveled playing field in terms of scale and scope, a wider range of exhibitors were able to get noticed, and it seemed that the booth theatre model and the predatory scanner tactics were mostly sidelined in favor of paying attention to people who were genuinely interested.

The caveat, and a definite downside to the loss of the big names, was that Interop was one of the last shows that gave you a chance to see what the “Monsters of IT Infrastructure” were doing, side by side, in a relatively neutral environment. For this year at least, VMworld is probably as close as you will get to the big picture.

Some of this may have to do with the conference ecosystem itself; Dell EMC World was the previous week in Las Vegas, with HPE Discover the first full week of June and Cisco Live US the last full week of June. These events often occupy speakers and exhibition staffs for weeks if not months beforehand, and the big players also had events like Strata Hadoop World in London to cope with as well. (See Stephen Foskett’s Enterprise IT Calendar for a sense of the schedule.)

Will the “Monsters of IT” come back next year?

I’d like to see them return, as fresh interest and opportunity is a good way to sustain growth, but I have a feeling that focusing on their owned-and-operated events and away from the few (one?) remaining general IT infrastructure event is likely to continue. They may just field speakers for the content tracks and assume that people will come to them anyway.

Meanwhile,  smaller players will continue to grow. While they appear to just be nipping at the heels of the big players, they’re building a base and a reputation in the community, and they don’t need to beat the Cisco/Dell/HPE scale vendors to succeed. So maybe everyone wins.

But what about InteropNet?

The earliest memory I have of Interop, from my 2013 visit, was finding a pair of Nortel Passport (nee Avaya ERS) 8600 routing switches in the InteropNet network. InteropNet has been a demonstration platform that brought together a wide range of vendors including routing and switching, wireless, and software layers (monitoring and management in particular), and it was noticeably absent this year as well.

Part of this may be due to the smaller size of the Business Hall, but part is also due to the cost (time and money at least) of setting up and operating the multivendor environment. The absence of most of the enterprise network hardware vendors may also have played into it, although I don’t know if that was a cause or an effect. As fascinating as Extremo the Monkey was, I don’t think an all-Extreme Networks InteropNet would have really demonstrated interoperability that well.

I didn’t talk to any of the network vendors who weren’t there, but some of the software layer vendors were unabashedly disappointed by the loss of InteropNet. It’s one thing to show a video recording or demo over VPN back to a lab somewhere, but it’s a much more convincing story to show how your product or service would react to a real world environment that your prospective customer is a part of, at that moment.

There were a number of OEM/ODM type network (and server) manufacturers, as well as software-defined networking companies like Cumulus and 128 Networks, but I think at least one big name would have to be there to make InteropNet work. Two or three would make it even better.

One interesting thought to make InteropNet more interesting and practical would be for a hardware refurbisher or reseller to bring in gear from the big names and set it up. Whether it’s ServerMonkey or another vendor of that class, or even a broad spectrum integrator like Redapt, it would be a good way to show a less-than-bleeding-edge production-grade environment that might appeal more to the half of the attendees whose companies are smaller than 1000 people. It would be a great opportunity for companies like that to showcase their consulting and services offerings as well.

Looking into the rsts11 crystal ball…

I don’t remember any mention of venue for next year, but I would guess some rooms and locations would be tweaked to optimize MGM Grand for InteropITX 2018. It’s very convenient for economical rooms and minimal leaving-the-hotel-complex requirements for attendees.

The new tracks structure worked, for the most part, although I expect adjustment and evolution in the content. Don’t be surprised if more hands-on sessions come around. Even though wireless tech was in short supply in the Business Hall, it was very popular in the breakouts.

I’m not expecting the Monsters of IT to have a resurgence in 2018, although it might be a good thing if they did. More security, management and automation, and some surprising new startups, are more likely to find their way into the Business Hall.

Where do we go from here?

I was asked at Interop for suggestions on how to make InteropNet more practical next year. I had some ideas above, but I could use some help. Do you feel that it was an unfortunate omission, or were you more inclined toward “I wouldn’t say I was missing it, Bob” ??

We’ll have some more coverage in the next couple of weeks, including another update on NBase-T network technology (which made a much more substantial showing in terms of available-to-buy-today offerings this year), so stay tuned to our “interop” tag for the latest.

And of course, while it’s too early for me to apply for media credentials, it’s not too early to start thinking about InteropITX 2018.

Registration isn’t quite ready yet, but you can sign up to be notified (and get updates on submitting to present next year as well!). Click above or visit interop.com to join the notification list today!

Disclosure: I attend InteropITX as independent media, unrelated to and unaffiliated with my day job. Neither UBM/InteropITX nor any vendor covered have influence over or responsibility for any of my coverage.

Internet on the Road, part 2 – how to optimize your travel connectivity

rsts11 note: This is the second of a two-part series featuring mobile internet routers. The first part is posted over on rsts11travel.com, as it is a bit milder technology. The second part appears on #rsts11 since it’s a bit more POHO than random travel, and will be cross-promoted on the travel side. 

When you travel, you probably have a number of devices that demand connectivity.

Many venues limit your allowed devices, and maybe you don’t want your devices out on the open network. Additionally, you may want to use streaming devices or shared storage in your room, and that may not work with typical public network setups. Last time we looked at some battery powered routers with charging functions and other network features.

Today on rsts11 we’ll look at some choices for sharing a wired connection as well as a cellular modem. We’ll briefly revisit the Hootoo and Ravpower routers from part 1, and then dive into Meraki, Peplink, and Cradlepoint devices for the higher-power user.  Continue reading

Internet on the Road part 1 – A crossover with #rsts11travel

rsts11 note: This is the first of a two-part series started on #rsts11travel, featuring mobile internet routers. The second part will appear here on #rsts11 since it’s a bit more POHO than random travel, and will be cross-promoted on the travel side. 

When you travel, you probably have a number of devices that demand connectivity. However, a lot of venues limit your allowed devices, and maybe you don’t want your devices out on the open network. Additionally, you may want to use streaming devices or shared storage in your room, and that may not work with typical public network setups.

Today on rsts11travel we’ll look at a couple of options for aggregating, optimizing, and even protecting your connectivity on a public hotspot, hotel network, or even on your own cellular connection.

There are three schemes we’ll consider in this series.

  1. Connecting multiple devices to wifi
  2. Connecting multiple devices to a wired network
  3. Connecting multiple devices through a mobile hotspot/cellular modem

A caveat up front with regard to security and obfuscation: Not all of these options offer the same level of security for your devices, and most will not limit visibility of your connectivity as far as the facility staff, the ISP, or others on your network is concerned. Nothing in this series should be taken as replacing your OS and application updates, antivirus and anti-malware/anti-spyware software, and of course realization that security is subjective.

Read more at rsts11travel.com