|
namlosh posted:That’s interesting… what would be the cheapest/simplest setup that could do this? If you want to do BGP then you're definitely outside of the consumer devices and residential Internet connections space. It should be possible to set up something like that with a colocated router in a datacenter with providers willing to set up BGP with you connecting back to your home network via tunnels. There will be some non-negligible costs for this with regards to obtaining an ASN and provider-independent IP space, as well as hardware and colo costs though. Some VPS providers will run BGP with you if you want to use your own number resources, so that could be a less-expensive way in if you don't need huge bandwidth.
|
#
?
May 25, 2023 13:35
|
|
|
|
| # ? May 30, 2024 02:59 |
|
|
I don't know what BGP is but I'm pretending it means Bidirectional Giga Packets.
|
|
#
?
May 25, 2023 14:01
|
|
|
withoutclass posted:I don't know what BGP is but I'm pretending it means Bidirectional Giga Packets. It's the thing that Facebook hosed up and broke everything that touched them for a day and that Rogers in Canada broke and took out most of the internet for the entire country
|
|
#
?
May 25, 2023 14:09
|
|
|
SamDabbers posted:If you want to do BGP then you're definitely outside of the consumer devices and residential Internet connections space. It should be possible to set up something like that with a colocated router in a datacenter with providers willing to set up BGP with you connecting back to your home network via tunnels. There will be some non-negligible costs for this with regards to obtaining an ASN and provider-independent IP space, as well as hardware and colo costs though. Some VPS providers will run BGP with you if you want to use your own number resources, so that could be a less-expensive way in if you don't need huge bandwidth. Yeah see I am woefully dumb about this stuff past a certain point. If not BGP, then how do you have a redundant internet connection. Really, I was just intrigued by BSD saying you could set up a network with consumer stuff that had no single point of failure. I had assumed BGP would be involved, but if not that’s cool, how then?
|
|
#
?
May 25, 2023 14:21
|
|
|
namlosh posted:Yeah see I am woefully dumb about this stuff past a certain point. If not BGP, then how do you have a redundant internet connection. The router/firewall/edge device steers traffic out the internet connections based on things like whether the link is up, packet loss, latency, and jitter. It's all outbound traffic, inbound is usually still tied to one connection or another. BGP isn't really needed unless you've got a very large network hosting many externally accessible services. Which is out of the scope of consumer/small business level networks.
|
|
#
?
May 25, 2023 15:15
|
|
|
Yeah, I'm not even sure why BGP is being talked about in this scenario. Really the most concerning thing about this whole thing, is that they want to use a Sonicwall (lol). I do have a personal hatred for SonicWALL after taking over 40+ of them and administering them for 5 years. The day the project got approved to rip them out and replace them with another solution was a good day.
|
|
#
?
May 25, 2023 16:43
|
|
|
SonicWALL and lower-end Fortigate gear can eat poo poo.
|
|
#
?
May 25, 2023 16:49
|
|
|
namlosh posted:That’s interesting… what would be the cheapest/simplest setup that could do this? As others have said BGP isn't necessary unless you want to get into influencing route selection for inbound traffic, but if you really want to do it on the cheap MikroTik has it in RouterOS. I have no idea how well it functions because I've never even had a reason to deploy an IGP at home, but I can see the options on WinBox if I log into my switch.
|
|
#
?
May 25, 2023 16:59
|
|
|
A couple of lunatics can and do run BGP at home, here's a writeup: https://aaka.sh/posts/20230129-bgp-at-home.html quote:To give an idea of cost, Verizon (and most other providers) will basically sell you whatever circuit speed you want, but often some pre-set "tiers" make the most sense (as of this writing, VZ was pricing 50Mbps commited @ $455/mo; 100Mbps @ $661/mo; 1Gbps @ $999/mo; 5Gbps @ $2,099/mo; and 10Gbps @ $3,099/mo). For a 1gbps connection, you're over $1300/mo including taxes. Edit: Oh, and that setup looks like single-homed BGP on Verizon, unless I'm missing something. They're also reporting longer outages than I have ever had in 6 years of my AT&T fiber consumer service. https://www.youtube.com/watch?v=RT-1DU33xIk
|
|
#
?
May 25, 2023 17:04
|
|
|
Thanks for the good answers and info guys and dolls, but I must have misspoke: I didn’t mean to ever suggest BGP was the solution to OPs problem nor do I really care about BGP in a home setting. The original question I had was: How can you set up a home network such that your router isn’t a single point of failure. From BSDs comments it seemed like it was possible, so i was intrigued to lean more
|
|
#
?
May 25, 2023 17:07
|
|
|
Just buy a good router. Your chances of that being your failure are slim compared to the ISP losing connection for some period of time.
|
|
#
?
May 25, 2023 17:10
|
|
|
namlosh posted:Thanks for the good answers and info guys and dolls, but I must have misspoke: I didn’t mean to ever suggest BGP was the solution to OPs problem nor do I really care about BGP in a home setting. So you're wanting a high availability pair of routers? That's going to be a lot more of a pain than a single router that's set up to failover between two internet connections. The budget-friendly setup I've seen for reliable internet is one fast primary connection that you use 99% of the time, and then a slower, secondary connection that's a standby to failover onto.
|
|
#
?
May 25, 2023 17:13
|
|
|
namlosh posted:Thanks for the good answers and info guys and dolls, but I must have misspoke: I didn’t mean to ever suggest BGP was the solution to OPs problem nor do I really care about BGP in a home setting. edit: I misinterpreted the question and started talking about one router with dual uplinks, which is still a single point of failure. You can add another router and another uplink, but your client devices are still mostly going to connect through one port each. You end up with a big aggregation switch and two routers upstream of it - now isn't the switch the thing you're worried about? You could get an enterprise router that has hardware redundancy for every component save the chassis itself, but that's $$$$$. I guess if each router has an AP hanging off it and every client is either wireless or has dual NICs connected to both routers, the client device itself would be the only place that a single failure could take you out. edit 2: As for how to do it in a software sense, my naive approach would be to pick software that supports policy based routing with connectivity tests. Set it up to have both routers checking for connectivity through the primary uplink, and if that goes down then they route traffic out the secondary uplink instead. Looks like OPNsense could maybe do it, from their Multi-WAN documentation. This also would require setting up clients to have two default routes with different metrics for primary and secondary, unless you want to do something like VRRP... Feels like kind of a rabbit hole. Eletriarnation fucked around with this message at 17:41 on May 25, 2023 |
|
#
?
May 25, 2023 17:17
|
|
|
namlosh posted:Thanks for the good answers and info guys and dolls, but I must have misspoke: I didn’t mean to ever suggest BGP was the solution to OPs problem nor do I really care about BGP in a home setting. You can get a pair of routers that support High Availability. When one goes down/stops responding, the other takes over. Goes without saying that only business class routers support this. Maybe something like pfsense does also? Haven't really looked into it.
|
|
#
?
May 25, 2023 18:56
|
|
|
chocolateTHUNDER posted:You can get a pair of routers that support High Availability. When one goes down/stops responding, the other takes over. Goes without saying that only business class routers support this. Maybe something like pfsense does also? Haven't really looked into it. PFSense does support it, but each interface you want to have HA failover for needs at least three IP addresses, LAN side it's not a big deal, but your residential ISP is probably only giving you a single WAN address. And to split your incoming ISP connection into multiple routers you're probably connecting first to a switch and that becomes your single point of failure, unless you are also setting up multi-WAN.
|
|
#
?
May 25, 2023 19:19
|
|
|
Having basic dual WAN (eg. Fiber with Starlink failover), is already more than most small businesses actually need for redundancy.
|
|
#
?
May 25, 2023 19:34
|
|
|
After my router died a month ago, and I looked into redundant pf/opnsense routers sharing a single cable modem connection, the answer I came up with was "keep a cold spare router on the shelf". Currently that's a Netgear POS I picked up locally while I waited for another generic AliExpress four port mini PC to show up and get setup. My only downtime now would be limited to the time it takes me to physically plug in and swap the cables over to the spare. If I wanted minimum disruption, I'd just buy a second AliExpress PC and make sure to power it on and sync the config to it occasionally. But running a hot spare seems excessive for most home use cases.
|
|
#
?
May 25, 2023 23:52
|
|
|
Cold spare seems like a great idea actually. Thx all for the ideas/discussion
|
|
#
?
May 26, 2023 02:40
|
|
|
Cold spare is the real answer here, yeah.
|
|
#
?
May 26, 2023 09:04
|
|
|
namlosh posted:That’s interesting… what would be the cheapest/simplest setup that could do this? On FreeBSD, pf is nowadays (as in, on the stable/13 branch) a very fast firewall, whereas pfsync exists to synchronize packet state over a out-of-band (usually direct, non-switched) connection, and carp is a alternative to the proprietary Cisco VRRP option. opnSense is a fork of pfsense that's using a much more modern version of FreeBSD and it can do CARP - and they'll sell you ready-made appliances, too. The above method doesn't involve BGP at all. BlankSystemDaemon fucked around with this message at 09:41 on May 26, 2023 |
|
#
?
May 26, 2023 09:36
|
|
|
I need to get wifi out to the further reaches of my back yard. I'm having the cabling run next week so that bit is sorted. I've got a POE switch so I'm good there as well. What Unifi AP should I use? I see that they've got the UAP-AC-M at $99, the UAP-FlexHD and the U6-Mesh both at $179. Will the UAP-AC-M work for me? The AP will be pole-mounted and outside. I'm already invested in the Unifi ecosystem so it'll need to be something from Unifi. sporkstand fucked around with this message at 20:00 on May 28, 2023 |
|
#
?
May 26, 2023 20:15
|
|
|
BlankSystemDaemon posted:UDMPro (and everything Ubiquiti) is Linux, not FreeBSD - so no pf, pfsync and carp. Very cool, thanks for the explanation. Above my head at the moment but I like just knowing it can be done.
|
|
#
?
May 26, 2023 20:37
|
|
|
sporkstand posted:I need to get wifi out to the further reaches of my back yard. I'm having the cabling run next week so that bit is sorted. I've got a POE switch so I'm good there as well. What Unifi AP should I use? I see that they've got the UAP-AC-M at $99, the UAP-FlexHD and the U6-Mesh both at $179. Will the UAP-AC-M work for me? Probably a U6-lite if you're not doing anything heavy duty with it.
|
|
#
?
May 26, 2023 20:58
|
|
|
withoutclass posted:Probably a U6-lite if you're not doing anything heavy duty with it. Definitely nothing heavy duty. 3-5 clients would be typical, streaming video/music. This is going to be mounted outdoors, on a pole, so the U6-lite ain't gonna cut it in this use-case.
|
|
#
?
May 26, 2023 21:14
|
|
|
BlankSystemDaemon posted:proprietary Cisco VRRP option. VRRP is actually from the IETF, although it's extremely similar to Cisco's HSRP.
|
|
#
?
May 26, 2023 22:23
|
|
|
I need a wireless AP recommendation. I have a 1,000 Mbps fiber connection to my home, which is wired throughout with CAT6 ethernet. The home is about 1,600 sq. ft. I'm not picky between local or cloud management. Though my heaviest bandwidth use happens over ethernet, there's still a lot of demand via wifi. So I don't want to skimp - but I also don't want to badly overpay for something I'm not taking advantage of. I am debating a couple Aruba AP15s, but that may be overkill? I'm not sure, so I'm coming to you for advice.
|
|
#
?
May 27, 2023 04:23
|
|
|
I use Aruba Instant On AP22 and AP25s (AP17 for pool areas) at work and have zero complaints. They do charge a higher MSRP compared to Unifi/Omada/etc because of the cloud functionality though. The APs themselves have the model numbers of the enterprise Aruba APs printed on them which makes me think they have the same internals, just a different case and OS. There is no AIO router* so if you ever want a full stack under the same GUI it isn’t happening. That doesn’t matter to me personally (I use Fortigate at work).
|
|
#
?
May 27, 2023 10:33
|
|
|
Eletriarnation posted:VRRP is actually from the IETF, although it's extremely similar to Cisco's HSRP. CARP is still better, because Cisco only pinky-promised to not pursue any claims on their patent - which had the chilling effect Cisco intended.
|
|
#
?
May 27, 2023 16:54
|
|
|
Considering that the patent on HSRP has expired and some of Cisco's direct competitors proudly advertise VRRP support for a long time running, it's unclear to me who is being chilled and how. Could you explain more?
|
|
#
?
May 27, 2023 18:54
|
|
|
Cyks posted:
That's fine, AT&T forces me to use their stupid router anyway  Why do you use the different models? Should I consider those model numbers for my home?
|
|
#
?
May 27, 2023 20:27
|
|
|
Chimp_On_Stilts posted:That's fine, AT&T forces me to use their stupid router anyway The AP2# line is WiFi 6 (802.11ax) while the AP1# is WiFi5 (802.11ac on 5ghz and 802.11n on 2.4ghz). I would personally go with AP22s in a home setting as I don’t personally find 4x4 APs justifiable for a home setting. I only use the AP25s at our main office and AP22s at all of our managed locations.
|
|
#
?
May 27, 2023 21:15
|
|
|
Who out there has a 6E AP that I can configure in standalone? I was hoping to wait until Engenius came out with theirs, but I've got a deadline now. Or does it look like we're mostly just skipping straight past 6E to 7? SwissArmyDruid fucked around with this message at 08:31 on May 29, 2023 |
|
#
?
May 29, 2023 08:26
|
|
|
The only one I can spot quickly is the U6 Professional from ubiquity.
|
|
#
?
May 29, 2023 16:02
|
|
|
withoutclass posted:The only one I can spot quickly is the U6 Professional from ubiquity. Me: That one scene from The Godfather III. https://www.youtube.com/watch?v=UneS2Uwc6xw
|
|
#
?
May 29, 2023 18:05
|
|
|
withoutclass posted:The only one I can spot quickly is the U6 Professional from ubiquity. Did you mean the U6-Enterprise which you linked to? I don't know much about networking equipment, but I set up two of them for work and they work pretty well. What I don't really understand though is the role of Ubiquiti's Dream devices. I've set up the APs with my phone but I would of course prefer if this was not the case. Do we need that hardware to configure Ubiquiti equipment?
|
|
#
?
May 30, 2023 09:59
|
|
|
Dream devices are routers with built in controllers, so you don’t need to run one on a always on computer or dedicated controller appliance. A controller is not required to configure and in a home setup, largely unnecessary.
|
|
#
?
May 30, 2023 12:49
|
|
|
Fragrag posted:Did you mean the U6-Enterprise which you linked to? Looks like it, sorry the new store UI got me mixed up.
|
|
#
?
May 30, 2023 13:57
|
|
|
withoutclass posted:Looks like it, sorry the new store UI got me mixed up. No fair enough, the site is honestly pretty poo poo. I find myself googling Ubiquiti equipment rather than browse their site. I still can't figure out how to find a specific PoE+ switch
|
|
#
?
May 30, 2023 14:19
|
|
|
I am on Centurylink Fiber using pppoe with a Edgerouter X and I am having a hellish time trying to port forward to my NAS so I can run Wireguard. As far as I could tell I was following all of the correct settings on my existing config so I reset the router and I am still unable to open the drat port with a fresh configuration. I have the WAN interface set to my vlan tagged pppoe interface, I have the LAN interface set to switch0, I have hairpin and auto firewall checked. What am I missing here?
|
|
#
?
Jun 6, 2023 04:36
|
|
|
|
| # ? May 30, 2024 02:59 |
|
|
Cyks posted:I would personally go with AP22s in a home setting as I don’t personally find 4x4 APs justifiable for a home setting. I only use the AP25s at our main office and AP22s at all of our managed locations. I've had these up and running for over a week now and they're working great. Thanks for the suggestion.
|
|
#
?
Jun 7, 2023 21:15
|
|