TCCoA Forums banner

1 - 12 of 12 Posts

·
Registered
Joined
·
2,438 Posts
Discussion Starter #1
Recently I've been asked to be the interim field tech / analyst for a different department within my organization. Budgets are independent of departments, and the department I come from is flush with cash and therefore able to buy everything under the sun, have a full fledged support staff with various areas of expertise and / or duties: field tech (what I am there), systems analysts, help desk, network infrastructure team, active directory team, application support, A/V team, etc. etc. etc. This department I'm currently assisting, has none of that. I'm a one man show for all that. Granted, I can ask my originating department for assistance from time to time, but I can't always rely on them. That said, here's the situation:

The department I'm assisting is very unstructured in terms of its IT infrastructure at all of its sites with four exceptions: Administration, warehouse, and two of the school 37 sites. These four exceptions are all on the domain managed by the department I come from. With those four exceptions, all of their network, OS licensing, user management, etc. resources are managed by my office's network, AD, and server resources. That leaves me with 35 sites I have to oversee a very unstructured network environment consisting of, often, multiple internet gateways which have been a combination of Cable, FiOS, DSL, and HotSpot (3G/4G) ISPs. In addition to this, some sites have more than one internet modem on its premises for a variety of reasons, though the most common reason is that one location of the campus cannot receive internet / network connectivity from the location where the internet modem is placed. I've been tasked with fixing that.

Two weeks ago I was asked to begin an assessment of internet services at five sites as they are on DSL services only. Last week, I was asked to contact the ISPs for those five sites to see what high speed internet services are available for the area. I was also asked to begin assessing internet services at all of the other sites and report any sites that require high speed internet. Although I am unlikely to bring all of these sites onto my organization's domain at this time, I'd like to at least centralize each sites' network. This is especially true for sites that have multiple DSL / internet modems in order to bring overall site costs down. The first site on the list to do, I will be contacting the ISP to install the upgraded internet services early next week.

In my head, I have the basic layout for this, and subsequently, future sites for centralized network infrastructure per site. The devil is in the details, of course. There's the modem --> router --> switch --> AP / repeater --> nodes. The attached picture shows a better detail of what I'm looking to accomplish. Some sites are just a really big building where cable runs will be likely, though will also likely need a switch / repeater somewhere in the middle to ensure signal strength between line drop locations. Think an exaggerated building 1. Such a site will typically have at least a second modem somewhere on the site premises. Other sites are actually relatively close together, but have no direct connection from one building to the next and will also have a second modem on the premises to accommodate internet needs of the staff at the other building. Some sites are a compilation of small buildings, and may or may not be within range of the wireless signal from the building with the modem, again, making the requirement of the current setup to have multiple ISP modems on the premisis. While I have an idea of how to design the network as I'm proposing in the diagram I've attached, this is where I need help. I do not know the intriquicies of how to get this setup exactly.

I asked on a Facebook group I'm a part of how to get this started, and these guys suggested to look into a company called Ubiquity and their UniFi AP series of products. Originally I was thinking of a repeater to do this task, but I've come to learn a few things about repeaters and Access Points. For starters, I've learned that APs and repeaters are not the same thing although they do, in the end, the same thing. However, the manner in which APs and repeaters handle the tasks of what they do are entirely different. The big difference is the need to have a controller in place for the AP whereas a repeater does not need a controller. I've also learned that a repeater does not maintain the same bandwidth that an AP would. Additionally, the more devices connected to the repeater, the slower the bandwidth on each device connected to the repeater, whereas the AP will not suffer from this.

Well, after looking into Ubiquity, I've come to learn that they do not have traditional appliance AP controller device that I can plug into the network. Instead, it's a type of dongle thing that plugs into a PoE switch which will allow for local and remote management. Ubiquity boasts ease of use with their entire product line and there are plenty of reviews to back that up. For me, it's territory I've never ventured into, and therefore, unfamiliar with the actual practice of setting up such a location.

I know there are tons of different solutions out there for what I'm trying to accomplish, but it seems that UniFi appears to provide an enterprise level network solution at low cost residential pricing. I know that this department I'm working for on the intirum basis will desire this over a full blown enterprise solution. I'm curious to know if anyone here has had any experiences with it and what those experiences have been with UniFi. If not UniFi, what solutions have you guys here on the forums used and how did it work out for you?

https://www.ubnt.com/products/#default
 

Attachments

·
Registered
Joined
·
2,747 Posts
I knew a guy who was an analyst reporting on Ubiquiti; he doesn't do it anymore but I seem to recall him telling me that they built their name selling products using merchant silicon and adding fancier mgmt software on top of it.

You are suggesting that your school/whatever adopt this company as a low-buck alternative to CISCO, right?
Before risking your reputation on it, I totally get the desire to do some more research. While I cannot offer direct experience with their products, I think you should investigate if you want to hook your horse (aka your reputation) to products made by a company that seems "too good to be true."

While this analyst report is clearly done by a company that makes money selling stocks short has some pretty damning feedback.
Citron exposes Ubiquiti Networks ? Citron Research

If I was in your shoes and trying to figure a fairly widespread network deployment (35 sites?!), my first question would be exactly how much support am i going to be able to get with setting up such a network (esp if lots of them have unique requirements instead of "cookie cutter" setups and I don't have a ton of previous experience with network designs of this complexity).

Everything I see says that the company operates pretty thinly and the "forums"/userbase is your biggest line of support.
This doesn't look like that active a community to me (see number of replies per thread).
Q: You sure you want to bet your reputation (and potentially your income) on such a supplier?
https://community.ubnt.com/t5/UniFi-Wireless/bd-p/UniFi


-g
 

·
Super Moderator
Joined
·
3,594 Posts
TLDR; :wink2:

I'm running Ubiquiti at home right now because of the many features and capabilities that I've seen from it. I'm running all Unify products which include the USG (router), Smart switch 24 x 1g, Enterprise Wireless AP 802.11AC and the Cloud Key.

The USG allows for stateful deep packet inspection and behaves mostly like many other routers/firewalls. It is very capable and there are a ton of features like RADIUS support and a wide array of firewall capabilities. It runs EdgeOS which is their Linux-based distribution so you can figure it out relatively easily.

The Smart switch is just a managed switch that participates in the Unify software ecosystem. Lots of neat features that you would find useful.

The AP has a lot of enterprise features including guest portals, RADIUS integration and a lot of others. The documentation indicates that you can create a wireless mesh with many of these devices. Another neat feature is the ability to daisy chain three of the APs together physically so that you don't have to have as many homeruns back to the core switch. It is a PoE device.

The Cloud Key is just a PC on a stick that is PoE powered and runs the Unify server as an appliance. It's nice for me because I don't have to have other servers to rely on to make sure that it's up and running. You can run the Unify server on just about anything though so you don't need this unless you want to use it as a device outside the control of the usual server admins. I like it a lot because it also manages the rest of your devices and has a ton of neat features including things like being able to see all of your connected clients down to the mac level and includes topology maps, physical implementation maps and just about everything else that makes your network management easier.

That being said, this is not Cisco and I consider it a good thing. Cisco has gotten bloated and are extremely overpriced. The knock on companies like Ubiquiti is that they are using merchant silicon. Well, Cisco has moved the Nexus 9k line to using off the shelf ASICs so I don't know that the original argument holds water. However, if you are afraid of Ubiquiti at the low end then there are other fish in the sea including Arista, Aruba, Juniper, and Netgear. Linksys is now owned by Cisco so I don't include them in alternatives by you could probably consider that as well.

There are a lot of options but you have to pick the one that will keep your job. If you are a Cisco guy and you have the money for it then I don't think you can go wrong. I think there are better solutions however and you should check out things like Arista because they are the biggest competitor to Cisco in the enterprise right now.
 

·
Super Moderator
Joined
·
9,357 Posts
A client insisted we try using the UniFi stuff as a Cisco AP replacement at their site a while back. Didn't work out so great but mainly because they didn't do their research.

Software based controller was buggy, APs got saturated and choked way sooner than Cisco APs (they'd start dropping clients at about 20 devices vs. 40-50+ the Cisco APs will handle).

Now - I deployed the same stuff for a different client and they work marvelously, but we're also not trying to load the APs down with tons of devices.

A lot of my clients have some HP switches, I'm not the biggest fan of them because of the non-uniform management capabilities of each flavor but they do their job. I'll confess, I'm a Cisco guy... :)
 

·
Registered
Joined
·
2,438 Posts
Discussion Starter #5
I knew a guy who was an analyst reporting on Ubiquiti; he doesn't do it anymore but I seem to recall him telling me that they built their name selling products using merchant silicon and adding fancier mgmt software on top of it.

You are suggesting that your school/whatever adopt this company as a low-buck alternative to CISCO, right?
Before risking your reputation on it, I totally get the desire to do some more research. While I cannot offer direct experience with their products, I think you should investigate if you want to hook your horse (aka your reputation) to products made by a company that seems "too good to be true."

While this analyst report is clearly done by a company that makes money selling stocks short has some pretty damning feedback.
Citron exposes Ubiquiti Networks ? Citron Research

If I was in your shoes and trying to figure a fairly widespread network deployment (35 sites?!), my first question would be exactly how much support am i going to be able to get with setting up such a network (esp if lots of them have unique requirements instead of "cookie cutter" setups and I don't have a ton of previous experience with network designs of this complexity).

Everything I see says that the company operates pretty thinly and the "forums"/userbase is your biggest line of support.
This doesn't look like that active a community to me (see number of replies per thread).
Q: You sure you want to bet your reputation (and potentially your income) on such a supplier?
https://community.ubnt.com/t5/UniFi-Wireless/bd-p/UniFi


-g
I'm open to suggesting UniFi as the low-buck alternative to Cisco, yes. However, I'm also open to suggestions on other vendors to for me to propose as a low-buck alternative to Cisco. I'm looking at options available to make this project go through. The first site to be upgraded with high speed internet will be by middle of next month at the latest.

Deployment of 35 sites will be a long term task and the network will be centralized to each location only. It'd be nice if I had the ability to do remote network management too should the need arise.

TLDR; :wink2:

I'm running Ubiquiti at home right now because of the many features and capabilities that I've seen from it. I'm running all Unify products which include the USG (router), Smart switch 24 x 1g, Enterprise Wireless AP 802.11AC and the Cloud Key.

The USG allows for stateful deep packet inspection and behaves mostly like many other routers/firewalls. It is very capable and there are a ton of features like RADIUS support and a wide array of firewall capabilities. It runs EdgeOS which is their Linux-based distribution so you can figure it out relatively easily.

The Smart switch is just a managed switch that participates in the Unify software ecosystem. Lots of neat features that you would find useful.

The AP has a lot of enterprise features including guest portals, RADIUS integration and a lot of others. The documentation indicates that you can create a wireless mesh with many of these devices. Another neat feature is the ability to daisy chain three of the APs together physically so that you don't have to have as many homeruns back to the core switch. It is a PoE device.

The Cloud Key is just a PC on a stick that is PoE powered and runs the Unify server as an appliance. It's nice for me because I don't have to have other servers to rely on to make sure that it's up and running. You can run the Unify server on just about anything though so you don't need this unless you want to use it as a device outside the control of the usual server admins. I like it a lot because it also manages the rest of your devices and has a ton of neat features including things like being able to see all of your connected clients down to the mac level and includes topology maps, physical implementation maps and just about everything else that makes your network management easier.

That being said, this is not Cisco and I consider it a good thing. Cisco has gotten bloated and are extremely overpriced. The knock on companies like Ubiquiti is that they are using merchant silicon. Well, Cisco has moved the Nexus 9k line to using off the shelf ASICs so I don't know that the original argument holds water. However, if you are afraid of Ubiquiti at the low end then there are other fish in the sea including Arista, Aruba, Juniper, and Netgear. Linksys is now owned by Cisco so I don't include them in alternatives by you could probably consider that as well.

There are a lot of options but you have to pick the one that will keep your job. If you are a Cisco guy and you have the money for it then I don't think you can go wrong. I think there are better solutions however and you should check out things like Arista because they are the biggest competitor to Cisco in the enterprise right now.
You're going to be my hero if I end up going with the UniFi solution, lol.

The daisy chain feature of the APs. They work off of a single PoE injector or a single PoE port on the PoE supported switch?

The Cloud Key. I was trying to figure out what it was, but didn't quite understand it until now that you stated this.

I'm not afraid of Ubiquiti. I'm afraid of networking! I understand networking theory, and I know that can be an asset to me, but networking overall is my weak point in my experience. I mean, I know how to setup a basic LAN, login to a router and verify settings, change settings, assign IPs and such, but on an wanna-be enterprise level (or actual enterprise level) environment, I'm ground beef. The shitty part for me, is that my undergrad was all about networking. I've come to learn though that networking is a "use it or lose it" skill. I haven't used it since graduating and that was back in 2013. I'm sure I can pick these skills back up, but I'll need time.

I'm open to other options outside of Ubiquiti and another company product line has been suggested to me, EnGenius. I'll look into them as well and see what would likely work best for these sites. I do know that I want it all uniform, so whatever product I end up going with, I'll want that throughout all of the sites.

A client insisted we try using the UniFi stuff as a Cisco AP replacement at their site a while back. Didn't work out so great but mainly because they didn't do their research.

Software based controller was buggy, APs got saturated and choked way sooner than Cisco APs (they'd start dropping clients at about 20 devices vs. 40-50+ the Cisco APs will handle).

Now - I deployed the same stuff for a different client and they work marvelously, but we're also not trying to load the APs down with tons of devices.

A lot of my clients have some HP switches, I'm not the biggest fan of them because of the non-uniform management capabilities of each flavor but they do their job. I'll confess, I'm a Cisco guy... :)
I'm curious now, if the UniFi APs you deployed became saturated because the software wasn't configured properly. You stated it was buggy, so I wonder if that had anything to do with it. They state on their website, and supported by customer reviews, that their setup is easy to do. Though, I don't remember if any of the reviews stated the number of devices they had connected to them.

With you stating that HP switches have non-uniform management, I'll consider them out of the equation. I want uniformity.
 

·
Super Moderator
Joined
·
5,005 Posts
The solution for HP switches are to order enough of the exact same model at the same time.

The non-uniform management is because they've soaked up several families over the decades, and therefore have multiple methods of doing the exact same thing.

Cisco has the same problem ... Meraki units don't talk like the older IOS units, which are different from even older IOS units, which are different from the Linksys inherited units, which are different from ...

RwP
 

·
Super Moderator
Joined
·
3,594 Posts
Maddmartigan said:
You're going to be my hero if I end up going with the UniFi solution, lol.

The daisy chain feature of the APs. They work off of a single PoE injector or a single PoE port on the PoE supported switch?
They work off of a single injector. Just to be clear, they also work off the aggregate bandwidth of the head end AP so you're limited to 1Gbps even if you put three on top of it. It should be OK unless you try and overload the office completely. It's a coverage and minimized cabling play more than a aggregation play. Pay attention to theterminator93's pointer about overloading the APs with clients.

The Cloud Key. I was trying to figure out what it was, but didn't quite understand it until now that you stated this.
You've got it. The Cloud Key isn't a manager of managers as far as I can tell and it also isn't something that can be federated across sites. However, that doesn't mean that all of the sites can't report in to a single Unifiy server. I also work in a large enterprise and I wouldn't use the Cloud Key for corporate use unless I was intending to operate each site as it's own island. I would virtualize a server running Unify and make sure I had HA for it.

I'm not afraid of Ubiquiti. I'm afraid of networking! I understand networking theory, and I know that can be an asset to me, but networking overall is my weak point in my experience. I mean, I know how to setup a basic LAN, login to a router and verify settings, change settings, assign IPs and such, but on an wanna-be enterprise level (or actual enterprise level) environment, I'm ground beef. The shitty part for me, is that my undergrad was all about networking. I've come to learn though that networking is a "use it or lose it" skill. I haven't used it since graduating and that was back in 2013. I'm sure I can pick these skills back up, but I'll need time.

I'm open to other options outside of Ubiquiti and another company product line has been suggested to me, EnGenius. I'll look into them as well and see what would likely work best for these sites. I do know that I want it all uniform, so whatever product I end up going with, I'll want that throughout all of the sites.
I think this is a much lower cost solution to solve the problem and there is a large community behind it. I think you would learn a lot doing it this way.

I'm curious now, if the UniFi APs you deployed became saturated because the software wasn't configured properly. You stated it was buggy, so I wonder if that had anything to do with it. They state on their website, and supported by customer reviews, that their setup is easy to do. Though, I don't remember if any of the reviews stated the number of devices they had connected to them.
Two thoughts from my perspective; one is that you don't by a $130 AP and expect to perform like something from Cisco that cost thousands of dollars. The second is that it's based on an Open Source model and early versions are going to have bugs. It's really a question of how much you want to spend to reduce your exposure to bugs. I'm willing to bet that the trend is that people aren't willing to spend as much as they used to spend.
 

·
Registered
Joined
·
2,438 Posts
Discussion Starter #8
They work off of a single injector. Just to be clear, they also work off the aggregate bandwidth of the head end AP so you're limited to 1Gbps even if you put three on top of it. It should be OK unless you try and overload the office completely. It's a coverage and minimized cabling play more than a aggregation play. Pay attention to theterminator93's pointer about overloading the APs with clients.
So, if the head AP is 100Mbps, all subsequent APs will also be 100Mbps? If I'm understanding this correctly, that's pretty standard practice in networking for all devices to slow down to the slowest device on the network.

You've got it. The Cloud Key isn't a manager of managers as far as I can tell and it also isn't something that can be federated across sites. However, that doesn't mean that all of the sites can't report in to a single Unifiy server. I also work in a large enterprise and I wouldn't use the Cloud Key for corporate use unless I was intending to operate each site as it's own island. I would virtualize a server running Unify and make sure I had HA for it.
I didn't think of it as a "manager of managers". From what I had read previously, I had already understood that it was needed to be part of the ecosystem in order for the APs to function properly.

I think this is a much lower cost solution to solve the problem and there is a large community behind it. I think you would learn a lot doing it this way.

Two thoughts from my perspective; one is that you don't by a $130 AP and expect to perform like something from Cisco that cost thousands of dollars. The second is that it's based on an Open Source model and early versions are going to have bugs. It's really a question of how much you want to spend to reduce your exposure to bugs. I'm willing to bet that the trend is that people aren't willing to spend as much as they used to spend.
I'm not expecting a $130 AP to perform like something from Cisco. I'm expecting a $130 AP to support, at most, 130 users. I also know that not one AP will have all 130 users connected to it. I'm anticipating...at most....40 users (tablets specifically) to be connected to one AP, and this would be from one of my larger sites.
 

·
Super Moderator
Joined
·
3,594 Posts
So, if the head AP is 100Mbps, all subsequent APs will also be 100Mbps? If I'm understanding this correctly, that's pretty standard practice in networking for all devices to slow down to the slowest device on the network.
Yep, that's the case. The serial linking of APs is just one way to do it. The APs can also be directly linked to your switch infrastructure.

I didn't think of it as a "manager of managers". From what I had read previously, I had already understood that it was needed to be part of the ecosystem in order for the APs to function properly.
Yep. When you get into the larger enterprise solutions the idea that you operate from a single pane of glass is expected. In this price range it probably isn't realistic.

I'm not expecting a $130 AP to perform like something from Cisco. I'm expecting a $130 AP to support, at most, 130 users. I also know that not one AP will have all 130 users connected to it. I'm anticipating...at most....40 users (tablets specifically) to be connected to one AP, and this would be from one of my larger sites.
I think the calling out of the type of device is pretty critical. A PC or Mac running fat client applications isn't going to operate the same as a tablet or phone. That being said, 40 users is a lot from a single AP. However, because these APs are so cheap, running multiple APs is much more feasible. Besides, the limitation in this design isn't the uplink to the network but the radio(s) in the AP. In any event, the comparable Cisco product is 3 times the price and doesn't include any of the required management functionality.
 

·
Registered
Joined
·
2,438 Posts
Discussion Starter #10
I think the calling out of the type of device is pretty critical. A PC or Mac running fat client applications isn't going to operate the same as a tablet or phone. That being said, 40 users is a lot from a single AP. However, because these APs are so cheap, running multiple APs is much more feasible. Besides, the limitation in this design isn't the uplink to the network but the radio(s) in the AP. In any event, the comparable Cisco product is 3 times the price and doesn't include any of the required management functionality.
OK. Then from what you're saying here, I'm thinking I may have to expand on the number of APs I was thinking of from before. Perhaps from 2 - 3 to....maybe 6 or 7? There will be overlap per AP, of course, but you've reminded me, and theterminator93 first mentioned it, that these UniFi APs have a max of about 20 - 30 devices that can connect to them.

As for as the point-to-point connectivity, how can it be done without directly connecting an AP via ethernet? This is another important aspect of my project at a few of my sites. A repeater is what I was thinking, which is why I brought it up. But will an AP function as a repeater if properly connected? I know that there are technologies out there such as RF antennas, lasers, etc. for wireless point-to-point, but those can get real spendy real quick. Additionally, how do such devices impact available bandwidth, both on the LAN and to the WAN?

And as I made this post, it made me think about the type of network. Some of these sites are going to be a miniaturized CAN!
 

·
Super Moderator
Joined
·
3,594 Posts
OK. Then from what you're saying here, I'm thinking I may have to expand on the number of APs I was thinking of from before. Perhaps from 2 - 3 to....maybe 6 or 7? There will be overlap per AP, of course, but you've reminded me, and theterminator93 first mentioned it, that these UniFi APs have a max of about 20 - 30 devices that can connect to them.

As for as the point-to-point connectivity, how can it be done without directly connecting an AP via ethernet? This is another important aspect of my project at a few of my sites. A repeater is what I was thinking, which is why I brought it up. But will an AP function as a repeater if properly connected? I know that there are technologies out there such as RF antennas, lasers, etc. for wireless point-to-point, but those can get real spendy real quick. Additionally, how do such devices impact available bandwidth, both on the LAN and to the WAN?

And as I made this post, it made me think about the type of network. Some of these sites are going to be a miniaturized CAN!
Yeah, you'll need ethernet connectivity to the AP. However, if you can get connectivity to one then you can daisy chain up to two more which will get you about 60-90 clients. It won't get you maximum bandwidth but the limiting factor with that many clients is really the radio.
 

·
Registered
Joined
·
2,438 Posts
Discussion Starter #12
Update:

This is approaching VERY fast. I'm meeting with the ISP and my cabling department Thursday for a site walk. If all goes well, the site will be upgraded to 20Mbps fiber (up from 3x DSL lines at 3Mbps each, with each being their own separate network), a week after that. I've decided on most everything in terms of hardware. There's just one snag I'm coming into, and that's routing:

Ubiquity Edge Router or Ubiquity Secure Gateway 4. Depending on capabilities of the smaller Ubiquity USG unit, I may go with that instead. I'm liking the 4 over the USG because of it being rackmountable and it being a fair more robust, hardware wise at least. The Edge Router though, from my understanding is far more robust in capabilities but it does require being far more competent in networking capabilities for setup configuration purposes. I don't think my networking skill-sets are quite there yet and the learning curve I'll have to get it setup in place with the features I want / need may be too great. So, I'm leaning on the USG / USG-4 units right now. I know that those do require the Unify Controller to operate properly, and those will be part of the infrastructure regardless anyway.

If anyone here has specific skills working with the Edge Router and / or the USG / USG-4 units, please let me know as this is where I'm struggling at most at the moment.

Other than that, I have a list of everything else I need for all my sites. Some sites will also be using the Point-to-Point antennae and a smaller 16 or 24 port switch on the receiving end of it to continue the network infrastructure.

 
1 - 12 of 12 Posts
Top