Ubiquiti network or all-in-one router?

[coxhaus]

Your throughput may be lower, or your connection rates could be even higher with less APs properly spaced. Or maybe you have all concrete walls and it is warranted. But it is not prudent to suggest everyone put an AP in every room. I don't have any problems, my throughput hits the peak of what AC is capable of (except wireless to wireless since my 1900 doesn't have the horsepower for it). Anything I'm doing large transfers with, at least one end is hardwired so no issues there.

Using QOS on a VLAN on an L3 switch happens at L2, no different than an L2 switch. There are additional QOS things you can do at L3 but COS/TOS is applied by the VOIP phone, and the switch is simply configured (typically by default) to prioritize that traffic at L2, to pass it upstream, where an eventual router also prioritizes it. L2 is the first place to apply QOS in a typical LAN environment in order to have prioritization, otherwise everyone is fighting for bandwidth until they hit the L3 interface. If you're segmenting your L3 switch into multiple VLANs with multiple ports in each, hate to break it to you, but your QOS is probably being done at L2.

Obviously if you have 600 clients you shouldn't be putting them in the same L2 segment/broadcast domain, you have a distribution tier (pair of L3 switches or routers) with an access tier (L2 switches, each with one VLAN/subnet, sometimes two if you are running VOIP out of band). But that's not what we're talking about here, if you have 600 clients, snbforums and SOHO AIO routers are not for you.

I was not talking about Cisco SMB switches, those are not much better than SOHO stuff. Even their lower level enterprise L3 switches like Cat 3K series (and the Cat 9k that are replacing them) are not excellent at consistent low latency and jitter. Those are in the thousands or tens of thousands of dollars new. Luckily most audio and video applications are programmed these days to adjust for and deal with latency and jitter fluctuations and deal with it, so as long as there is not severe saturation somewhere, QOS typically isn't even needed at all (in the home environment anyway).

If you want the best latency, the Nexus 3548 is an amazing switch, can do L3, NAT, VLANs (no QOS though) at around 250ns. If you get rid of L3, NAT and VLANs it drops to about 150. Even with QOS it is only in the 1-2 uS range. The switch is only about $15k but unfortunately the 10G SFPs are absurdly priced even at the 92% discount we get. And of course if you use a non-Cisco SFP, it disables the ultra low latency and you jump up to a few uSec through the switch.

L3 adds plenty of overhead on top of L2 but that really has nothing to do with QOS or performance, all of that is done in hardware. But routing is slower than switching, even in an L3 switch.

Your belief that L3 switches are needed because broadcasts "stop all network traffic" is completely misguided. Especially since you still have broadcasts. Even if you put every device in its own VLAN or router interface, there are still broadcasts. If you really want to design for the future and have a professional network, look into CCNA or Network+ or something like that to gain an understanding of the fundamentals. Once you have that, everything makes a ton more sense. Or do it for a living for a few decades like I have, you start to think like a network device and it makes even more sense.

Or maybe my Cisco APs work better. Thoughput is fine on my APs. You have no real idea as you don't do this.
Yes, the high end Cisco switches are nice. You don't bother to talk about power requirements or AC requirements. I would not want to pay the bill as they pull a lot of power. I bought as big of Cisco switches we could get for the core of our big sites back in my days with dual power supplies from ATT as they were our vendor for Cisco networking gear. We did about a million dollars every year for gear and circuits. Of course that was a long time ago for me. I retied over 15 years ago.

And by the way I passed CCNA way before you as I am a lot older. You were probably a kid when I passed the CCNA.

You act like you know layer 3 switches, but you don't run any of it now. It seems like you run an all-in-one router, Asus at home which I do not get. It seems dumb to me as there are lots of draw backs doing that. You should have made a lot of money being a big network guy, but you don't come across that way. So, I am not really sure you can really do it, maybe just talk.

 

[drinkingbird]

Or maybe my Cisco APs work better. Thoughput is fine on my APs. You have no real idea as you don't do this.
Yes, the high Cisco switches are nice. You don't bother to talk about power requirements or AC requirements. I would not want to pay the bill as they pull a lot of power. I bought as big of Cisco switches we could get for the core of our big sites back in my days with dual power supplies from ATT as they were our vendor for Cisco networking gear. We did about a million dollars every year for gear and circuits.

And by the way I passed CCNA way before you as I am a lot older. You were probably a kid when I passed the CCNA.

You have no idea how old I am, and looks like it is time for a refresher course on networking, nowhere in the CCNA would they have taught you that broadcasts halt all network traffic. In the days of half duplex hubs, they were more of an issue (especially since back then it was common to have hundreds of clients all sharing one segment with lots of hubs), nowadays broadcasts have basically 0 impact. CCNA has changed a lot, it has simulator now (has for quite a while) and is a lot harder than it used to be. I do this every day of my life for work (wired, not so much wifi). I get paid very well to design and integrate networks and QOS is a huge function of the product I work on and specialize in. Multiple layers of policing and shaping (parent and child) plus COS and TOS, and DSCP at layer 3. Back in the old days we used CAR. It was crude, but effective.

Yes, agreed, I disbanded my Cisco home network years ago mostly due to the power bill (and the cost of business class internet with static IP). Realized I could outsource my hosting for a fraction of the cost. They are very hungry, they run as though they're doing 100% of their ability even when they're only doing 5%. I have stacks of EOS/EOL hardware that my company sends me, millions of dollars worth (but worth a small fraction of that now). Occasionally I get new stuff but I have to send that back after testing sadly. So I have all of the gear, including APs and controllers, but I have no need for it and it is not worth the cost to run it. I did run them in the past, obviously Cisco APs are far better than a SOHO router, but it does not change the fact that if you have too many, you're likely hurting yourself in one way or another. This is why site surveys are done. Not saying your throughput isn't fine, but it may be better with less APs. Even if you show a lower link rate, the throughput could be higher due to less interference and overlap.

If you want to throw stats around, my company is a Cisco Gold partner, globally we are their largest client, we buy direct from them and spend over $1B a year on hardware alone, mostly for our own use but also for resale as a distributor (not to mention maintenance contracts on top of that). Every month we order $1M worth of SFPs alone. My former company also used ATT and Verizon as vendors (via a distributor called Select Sales). That was only about $10M a year so could not buy direct.

Circuits are in the hundreds of millions globally.

In my former role I also deployed hundreds of Cat6Ks up to the 6513 with the dual 4000watt power supplies to power the cisco IP phones, so I'm familiar with that setup you're talking about. Prior to that it was 5ks but obviously those were far less capable and had no POE.

Whatever. The point is suggesting that an L3 switch is necessary in the home environment or placing APs in every room is a good idea is just patently bad advice, that's all my point was. Like every other discussion we have, I'm going to give up on this one as we're just going in circles.

 

[coxhaus]

You have no idea how old I am, and looks like it is time for a refresher course on networking, nowhere in the CCNA would they have taught you that broadcasts halt all network traffic. In the days of half duplex hubs, they were more of an issue (especially since back then it was common to have hundreds of clients all sharing one segment with lots of hubs), nowadays broadcasts have basically 0 impact. CCNA has changed a lot, it has simulator now (has for quite a while) and is a lot harder than it used to be. I do this every day of my life for work (wired, not so much wifi). I get paid very well to design and integrate networks and QOS is a huge function of the product I work on and specialize in. Multiple layers of policing and shaping (parent and child) plus COS and TOS, and DSCP at layer 3. Back in the old days we used CAR. It was crude, but effective.

Yes, agreed, I disbanded my Cisco home network years ago mostly due to the power bill (and the cost of business class internet with static IP). Realized I could outsource my hosting for a fraction of the cost. They are very hungry, they run as though they're doing 100% of their ability even when they're only doing 5%. I have stacks of EOS/EOL hardware that my company sends me, millions of dollars worth (but worth a small fraction of that now). Occasionally I get new stuff but I have to send that back after testing sadly. So I have all of the gear, including APs and controllers, but I have no need for it and it is not worth the cost to run it. I did run them in the past, obviously Cisco APs are far better than a SOHO router, but it does not change the fact that if you have too many, you're likely hurting yourself in one way or another. This is why site surveys are done. Not saying your throughput isn't fine, but it may be better with less APs. Even if you show a lower link rate, the throughput could be higher due to less interference and overlap.

If you want to throw stats around, my company is a Cisco Gold partner, globally we are their largest client, we buy direct from them and spend over $1B a year on hardware alone, mostly for our own use but also for resale as a distributor (not to mention maintenance contracts on top of that). Every month we order $1M worth of SFPs alone. My former company also used ATT and Verizon as vendors (via a distributor called Select Sales). That was only about $10M a year so could not buy direct.

Circuits are in the hundreds of millions globally.

In my former role I also deployed hundreds of Cat6Ks up to the 6513 with the dual 4000watt power supplies to power the cisco IP phones, so I'm familiar with that setup you're talking about. Prior to that it was 5ks but obviously those were far less capable and had no POE.

Whatever. The point is suggesting that an L3 switch is necessary in the home environment or placing APs in every room is a good idea is just patently bad advice, that's all my point was. Like every other discussion we have, I'm going to give up on this one as we're just going in circles.

So, I am just curious if you bought hundreds of the 6513 switches you must have had a standard, what was your standard hardware configuration of the switch.

 

[Michael3421]

I've used Ubiquiti and found it to be very good. You have to run a controller but it doesn't have to run all the time if you don't care about collecting long term stats etc. It runs on windows or linux.

The consumer oriented Ubiquiti stuff does not require controller software. Their early Amplifi mesh systems, for example, did not require it. Also, their Alien line does not require standalone controller software.

 

[drinkingbird]

So, I am just curious if you bought hundreds of the 6513 switches you must have had a standard, what was your standard hardware configuration of the switch.

The only standard for all the Cat6k we used (6006, 6009, 6506, 6509, 6513) was the supervisor and to some extent the power supplies. Access tier got SUP2 running CatOS. Distribution got single or dual SUP2/MSFC2 (depending on the criticality of the building) running hybrid CatOS/IOS then eventually SUP720/MSFC3 which required native IOS.

Power supplies and line cards were spec'd out in each build and our VAR populated them from that spec before shipping. The most common card was the 48 port 10/100 switch card with amphenol connectors, pretty much every access switch was loaded with those, made it very easy to connect to the 110 block. Distribution switches would have mostly 1G GBIC cards and usually a 48 port RJ45 gig card. A few data centers had the 4 and 8 port 10G cards in the distribution tier and 1G cards in the access tier. The 8 port 10G was a PITA as it could only do 40G of throughput on the card and only had a 20G backplane connection. This was before the fabric enabled cards (40/80G backplane access) came along. Plus each pair of ports shared an ASIC so some applications like heavy multicast you had to use every other port. It essentially was an 8 port 5G card.

1000 watt (6x06) and 1300 watt (6x09) dual power supplies (in redundancy mode) until we rolled out VOIP with POE then it went to 3000 and 6000. Except the 6513s used 3000w minimum even without VOIP, as those required something like 2000w if you wanted to run all 13 slots, it would disable 4 of them if you didn't. In a pinch you could disable redundancy mode and run two 1000 or 1300 though. Had to do that once when the electrician wired the 3000w as 120v instead of 240v, just to get it up and running for a week until they could get him back out.

A couple large but standalone remote sites just had a pair of 6513s which acted as core, distribution, and access. Those would each have a FlexWAN in them with DS3 or OC3 PA along with SUP2/MSFC2, RJ45 gig, and a bunch of 48 port amp 10/100 cards. Pretty sure I did dual SUP in those sites but don't remember.

Extranet ran 6509s with a mix of RJ45 and GBIC cards, SUP2/MSFC2, and some flexwans with assorted PAs to handle all the different vendor connection types (channelized T1 and DS3 PAs mostly).

At my current company we used the SUP2T with the E series 6k and all fabric enabled 1G and 10G line cards. Finally got to see what the 6k was capable of. I had the opportunity to take a pair of them when we tore them out, but resisted. Everything is Nexus and some Juniper QFX now.

Satisfied? Nice try though. In trying to call my bluff, you picked the Cisco switch that, by a wide margin, I have the most experience with. I'll probably remember "ses 15" even after I've forgotten my own name.

 

[drinkingbird]

The consumer oriented Ubiquiti stuff does not require controller software. Their early Amplifi mesh systems, for example, did not require it. Also, their Alien line does not require standalone controller software.

Lots of their stuff doesn't but if you're going to run an ER-X and multiple APs, unifi is the sensible choice and that does need the controller. It doesn't have to run all the time and doesn't need much horsepower, theoretically could even run it on a NAS or possibly even Ras pi. Or just get their cloud key and have it hosted, but probably not sensible for a home user with a few devices to do that.

 

[coxhaus]

The only standard for all the Cat6k we used (6006, 6009, 6506, 6509, 6513) was the supervisor and to some extent the power supplies. Access tier got SUP2 running CatOS. Distribution got single or dual SUP2/MSFC2 (depending on the criticality of the building) running hybrid CatOS/IOS then eventually SUP720/MSFC3 which required native IOS.

Power supplies and line cards were spec'd out in each build and our VAR populated them from that spec before shipping. The most common card was the 48 port 10/100 switch card with amphenol connectors, pretty much every access switch was loaded with those, made it very easy to connect to the 110 block. Distribution switches would have mostly 1G GBIC cards and usually a 48 port RJ45 gig card. A few data centers had the 4 and 8 port 10G cards in the distribution tier and 1G cards in the access tier. The 8 port 10G was a PITA as it could only do 40G of throughput on the card and only had a 20G backplane connection. This was before the fabric enabled cards (40/80G backplane access) came along. Plus each pair of ports shared an ASIC so some applications like heavy multicast you had to use every other port. It essentially was an 8 port 5G card.

1000 watt (6x06) and 1300 watt (6x09) dual power supplies (in redundancy mode) until we rolled out VOIP with POE then it went to 3000 and 6000. Except the 6513s used 3000w minimum even without VOIP, as those required something like 2000w if you wanted to run all 13 slots, it would disable 4 of them if you didn't. In a pinch you could disable redundancy mode and run two 1000 or 1300 though. Had to do that once when the electrician wired the 3000w as 120v instead of 240v, just to get it up and running for a week until they could get him back out.

A couple large but standalone remote sites just had a pair of 6513s which acted as core, distribution, and access. Those would each have a FlexWAN in them with DS3 or OC3 PA along with SUP2/MSFC2, RJ45 gig, and a bunch of 48 port amp 10/100 cards. Pretty sure I did dual SUP in those sites but don't remember.

Extranet ran 6509s with a mix of RJ45 and GBIC cards, SUP2/MSFC2, and some flexwans with assorted PAs to handle all the different vendor connection types (channelized T1 and DS3 PAs mostly).

At my current company we used the SUP2T with the E series 6k and all fabric enabled 1G and 10G line cards. Finally got to see what the 6k was capable of. I had the opportunity to take a pair of them when we tore them out, but resisted. Everything is Nexus and some Juniper QFX now.

Satisfied? Nice try though. In trying to call my bluff, you picked the Cisco switch that, by a wide margin, I have the most experience with. I'll probably remember "ses 15" even after I've forgotten my own name.

Yes, CAT OS was just early on with the route modules running IOS. It was left over from the 5000 and 5500 switches. Cisco pushed us to switch to ISO which was most of our switches. We only had a few of the older ones. Yes, if your power supplies were not big enough then you had no redundancy. It would run off both, but no redundancy. And the power supplies needed to be big enough. We only had a few 6513 as we needed a lot of copper and fiber blades. Most of my 6509 switches ran fiber. I used routers for communication lines. The older 6509 switches I changed over to copper and used it in our larger wiring closets where we had hundreds of connections.

I was not expecting this much detail just a memory summary which I thought you could do in a few minutes not hours. I only bought about 20 65XX switches and I remember them. Our standard was the 6509.

 

[drinkingbird]

Yes, CAT OS was just early on with the route modules running IOS. It was left over from the 5000 and 5500 switches. Cisco pushed us to switch to ISO which was most of our switches. We only had a few of the older ones. Yes, if your power supplies were not big enough then you had no redundancy. It would run off both, but no redundancy. And the power supplies needed to be big enough. We only had a few 6513 as we needed a lot of copper and fiber blades. Most of my 6509 switches ran fiber. I used routers for communication lines. The older 6509 switches I changed over to copper and used it in our larger wiring closets where we had hundreds of connections.

I was not expecting this much detail just a memory summary which I thought you could do in a few minutes not hours. I only bought about 20 65XX switches and I remember them. Our standard was the 6509.

I'm a fast typer, no hours involved. Just making sure any doubts were put to rest. If I just said "dual power supplies and 48 port cards" I don't think that would have satisfied your suspicions that I was embellishing the truth.

The FlexWAN card was essentially a standalone router inside the chassis. It was the perfect solution for certain scenarios but people were afraid to use it because it was being put into a "switch". Then they released the 7600 which was just a 6500 with wan modules in it, but called it a core router and everyone jumped all over it.

But that's enough thread jacking/crapping.

 

[coxhaus]

I'm a fast typer, no hours involved. Just making sure any doubts were put to rest. If I just said "dual power supplies and 48 port cards" I don't think that would have satisfied your suspicions that I was embellishing the truth.

The FlexWAN card was essentially a standalone router inside the chassis. It was the perfect solution for certain scenarios but people were afraid to use it because it was being put into a "switch". Then they released the 7600 which was just a 6500 with wan modules in it, but called it a core router and everyone jumped all over it.

But that's enough thread jacking/crapping.

Well, our standard was a 6509 with 1 copper blade and 4 fiber blades with dual power supplies. Then we varied from that if need be. We used EIGRP for our routing protocol and some statics. No BGP as there was an organization that bought tier 1 for everybody as it was over hundred thousand of PCs and got a great rate. Our group was only a little over 4000 PCs. I paid $5000 a month for our group for tier 1 internet at our boarder. We had a 1-point internet access.

 

[AndrewJacob]

Hi All!
I currently have a 3Gbit symmetrical fiber connection at home, with the ISP router connected to my Mesh AX86U system running the latest Merlin firmware (one connected to the ISP router, and the other connected to the first AX86U through the 2.5Gbit port). My home is wired with cat6 Lan.
I have a lot of wired devices and quite a few wireless ones. When I run a speed test, I get a ping of 2ms.
I also have a NAS capable of 2.5Gbit connected, but everything is bottlenecked at 1Gbit.
I'm thinking of 2 options:
1- Using my current setup and tweaking it with minor hardware changes/additions
2- Ubiquiti
FYI I'm not willing to go down the route of raspberry pi and separate computer/server-run systems...

Would there be any tangible benefits with switching over to Ubiquiti? Or am I better off sticking with my Asus setup and tweaking it to handle beyond Gigabit speeds?

 

[L&LD]

Of course, it's always worth looking at switching hardware when your ISP and device LAN speeds have effectively dwarfed your routing equipment (The RT-AX86U and the RT-AX86U Pro are effectively obsolete in 2024 with their unbalanced hardware).

However, it is also worth considering 2x RT-AX88U Pro's with a couple of 2.5GbE switches too. While you won't get the full 3Gbps speeds from any single or multiple device usage from your ISP, it is close enough and I believe the cost difference is easily warranted today.

With a working setup such as suggested above, you will be in a position to properly design, evaluate, and upgrade to a better network (if you still think it's necessary after seeing what you have), and sell the 2x RT-AX88U Pros and 2.5GbE switches to go a long way towards decreasing that cost to a completely different setup.

Myself, I wouldn't be considering Ubiquiti. Look for something better if you truly want a solid upgrade from what you're used to (even with your current equipment).

 

[Tech9]

I currently have a 3Gbit symmetrical fiber connection at home

Your main issue is chasing the ISP speed. It usually starts with a great offer from your ISP and leads to hundreds of dollars investment in speed tests.

 

[L&LD]

And once again, missing the point by a mile.

 

[AndrewJacob]

Of course, it's always worth looking at switching hardware when your ISP and device LAN speeds have effectively dwarfed your routing equipment (The RT-AX86U and the RT-AX86U Pro are effectively obsolete in 2024 with their unbalanced hardware).

However, it is also worth considering 2x RT-AX88U Pro's with a couple of 2.5GbE switches too. While you won't get the full 3Gbps speeds from any single or multiple device usage from your ISP, it is close enough and I believe the cost difference is easily warranted today.

With a working setup such as suggested above, you will be in a position to properly design, evaluate, and upgrade to a better network (if you still think it's necessary after seeing what you have), and sell the 2x RT-AX88U Pros and 2.5GbE switches to go a long way towards decreasing that cost to a completely different setup.

Myself, I wouldn't be considering Ubiquiti. Look for something better if you truly want a solid upgrade from what you're used to (even with your current equipment).

Thank you so much as usual for great advice! I have looked at the AX88 Pro and they seem like good options. I'm definitely ok with 2.5Gbit.
A few questions:
1- "wouldn't be considering Ubiquiti. Look for something better if you truly want a solid upgrade": what do you suggest and how would it compare to the dual AX88 Pro?
2- Any recommendation on solid switches?
3- What's the best platform to sell a used router on besides Facebook marketplace? The AX86U's seem niche so not sure how easily they'd sell.

Thanks again!

 

[L&LD]

1- Many others on the forums here can answer that much better than me. Compared to the RT-AX88U Pro, less absolute (maximum) WiFi performance, but with enough APs, better coverage. Much more expensive. But with more business/enterprise hardware, may be more targeted by hackers and (for a period, until a patch is issued), more insecure than the AIO Asus routers I recommend. I would stay away from anything that relies on the cloud to be set up/managed. Local management only for maximum security, longest useful life out of your hardware, and I can't stress enough; NO apps to control your network/devices (worst security ever).

2- I personally use and recommend the QNAP QSW-1105-5T-US 5-Port Unmanaged 2.5GbE Switches.

3- Find the appropriate sub-forum right here!

You're welcome!

 

[coxhaus]

But with more business/enterprise hardware, may be more targeted by hackers and (for a period, until a patch is issued), more insecure than the AIO Asus routers I recommend.

I think this statement is totally ridiculous.

 

[L&LD]

No, it's not.

Read the forums. That is today's reality.

 

[coxhaus]

If anything, small business networks are more secure than any consumer routers. The code is more robust in small business networks. ASUS would not be having thousands of routers added to a bot net chain for attacking things. I would say Pfsense is more secure than any ASUS wireless router. ASUS does not even fix bugs that they deem are not that important. They let them exist. They all end up having bugs. It is how they go about dealing with them that is important.

Hackers are going to hack whatever they can hack.

 

[L&LD]

Denial of the facts.

 

[L&LD]

Such as today's new wave of attacks on non-consumer products.

Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks

Perimeter devices ought to prevent network hacks. Why are so many devices allowing attacks?

arstechnica.com