I wish I had the money to play around with TP-Links Omada series of routers, switches, and access points - I keep hearing good things about it, to the point that it seems to be what Ubiquiti used to be. Case in point, it's centrally managed by a piece of software that can be hosted on any Unix-like (because it's Java ) and the hardware is cheap yet lets you do a ton of stuff with it.
|
|
# ¿ Aug 31, 2022 20:35 |
|
|
# ¿ May 17, 2024 18:42 |
Counterpoint: If you have devices that benefit from anything more than 1000BaseT, you'll probably benefit more from doing 10GBaseSR using OM3 as it has lower latency, uses less power, and is not going to be impacted by other people setting up their own BSSIDs and loving with your airtime. If I understand things right, Wifi 6+ (and LTE(A), and most other modern standards) have time division which is made to work in environments where different beacons/cells can talk together over the wired connection to negotiate airtime - to ensure maximum coverage based on how many clients each device handle while minimizing the hidden node problem. If you've got a lot of neighbours with a similar technology but your networks aren't connected together, you don't benefit from this and with enough neighbours, there'll be no airtime.
|
|
# ¿ Sep 11, 2022 09:32 |
Bits or bytes per second, orders of magnitude thereof, don't matter when there's no airtime. Video generally is measured in bits per second, not bytes - and that's true for any bandwidth measurement.
|
|
# ¿ Sep 12, 2022 13:37 |
Because I think people should have realistic expectations about what wireless speeds they can get, I'm gonna keep harping on about airtime being the determining factor for what bandwidth you get - because what the specs say has nothing to do with reality which is where base stations usually exist. Also, DFS is very explicitly a passive state, in that it starts listening for certain signals like radar, which governments (who own and regulate the airwaves) have reserved for their primary (though no longer exclusive) use. If a radar or similar device is active, it'll pick another channel where everyone else has moved onto, and there'll be even less airtime - because it always comes back to airtime, when you're dealing with time division multiplexing. BlankSystemDaemon fucked around with this message at 18:20 on Sep 12, 2022 |
|
# ¿ Sep 12, 2022 18:15 |
Eletriarnation posted:You are correct, but I think I am missing your point. What/who are you arguing against here? As far as I see posters have been clear that you can't ever expect to get close to the full rated speed of a base station on a single endpoint, and even getting the performance you should expect can depend on a number of assumptions about the environmment. The people who make the specifications, gear, and anything else haven't achieved those speeds and neither will anyone else, unless they do a stunt like setting up two uni-directional antennas pointing straight at each other with nothing in the Fresnel zone. Unless you live far from anyone else, you realistically can't use a 160MHz channel. The best wifi I ever set up was achieved from having one unit in each room, all configured to just have enough signal strength to not pass through the walls, and not having to deal with devices that can't roam properly. BlankSystemDaemon fucked around with this message at 20:42 on Sep 12, 2022 |
|
# ¿ Sep 12, 2022 20:40 |
Wibla posted:This is good advice. It got so bad, that we seriously talked about using standard connectors - because they're intended to be used by providers who need to move the connections around with some regularity and we found that Lucent connectors are only rated for around a thousand disconnects.
|
|
# ¿ Sep 28, 2022 12:27 |
The software, specifically their built-in 802.11 signal simulation, is also an entirely reasonable argument for buying it, if you've got a machine to self-host it on (it uses java and mongodb, so it can run basically anywhere including an RPI and comes packaged most places). The signal simulation lets you use a building schematics, the measurements on it, and a built-in placement tool to input devices, walls (including material, density and thickness), windows, doors, and everything else. This gives anyone a good hint about where it might be an idea to put another access point, when you adjust the one(s) you have to not send more than the devices can send, so that you instead make use of roaming and strong signal strength everywhere. BlankSystemDaemon fucked around with this message at 18:57 on Oct 12, 2022 |
|
# ¿ Oct 12, 2022 18:54 |
Pihole is just a project that integrates a WebUI and combined DHCP daemon and recursive caching name server daemon called dnsmasq. You either configure your devices to use it to look up things via resolv.conf (or the equivalent on other OS), or get clients up for you by relying on the DHCP functionality. It looks to me like it's not got the right permissions in /etc/pihole/, so that'd be the first thing to fix.
|
|
# ¿ Oct 19, 2022 13:35 |
It's kinda impressive how many Octeon CPUs that Cavium managed to get onto the market, before they got acquired by MicroSemi, for there to still be stock left. The ASIC they use to fastpath network traffic (unless you're doing DPI, if memory serves) is plenty fast for doing 1Mpps of 64 byte Ethernet packets when I used it. If you're doing DPI, set up a divert port to a more powerful machine running suricata.
|
|
# ¿ Oct 22, 2022 13:31 |
Head Bee Guy posted:What’s a good linux program for viewing/analyzing web traffic from CLI?
|
|
# ¿ Nov 21, 2022 22:13 |
Stuff that can test even up to cat6a is insanely cheap, yeah. I think I bought the one I have now for $42 at some point, and I'd be surprised if they're that expensive now.
|
|
# ¿ Nov 23, 2022 03:23 |
CopperHound posted:Lol what? You have a $42 analyzer that actually measures cable performance instead of a basic continuity/miswire check? As for 10G, I use SFP+ because anything that's 10G in my network is also going to benefit from the order of magnitude lower latency that SFP+ has over RJ45. I still maintain that the only proper way to do a speedtest is using iperf (preferably v2, as v3 can't do multithreading properly).
|
|
# ¿ Nov 23, 2022 23:08 |
MadFriarAvelyn posted:So my apartment has ethernet wired through the walls, but whoever setup the patch panel only wired one ethernet port in each room instead of both. This throws a wrench in my networking plans. I've been dealing with this for almost a year now and want to get my switch wired back up so I can get every device in my apartment that has an ethernet port plugged into wired ethernet. It'll also give you a really easy way to deploy multiple access points to make use of roaming, which makes wireless function about as well as it can.
|
|
# ¿ Nov 23, 2022 23:43 |
KS posted:I sure wish this would die because no it will not benefit. That latency is measured in microseconds and it's a really really dumb reason to go with fiber at home in a small network. Weigh cost, power efficiency, and a need for mgig or poe support. Also, used X520 NICs can be had for insanely cheap in most places.
|
|
# ¿ Nov 24, 2022 05:28 |
KS posted:It does not make a difference. The difference in 10gbase-T SFP+ vs fiber SFP+ is ~2µs. Here are links in that chain that dwarf switch latency: SFP+ has a latency of about 0.3μs whereas RJ45 with 8P8C has a latency of about 2.5μs. If the SCSI READ command of the iSCSI initiator returns something that was cached by the system that acts as the iSCSI target, it doesn't matter how fast the underlying storage is, since memory accesss happens on the order of 100ns. I don't know what kernel you think takes 40μs to handle any networking request, but it certainly isn't FreeBSD which is what I'm using. zpool iostat -w and -l showed a clear difference when I was testing by booting and using my buildserver off an iSCSI target. Unfortunately I don't have the numbers anymore, but here's an example of the latency distribution from my T480s running FreeBSD 14-CURRENT as of a few days ago: pre:zroot total_wait disk_wait syncq_wait asyncq_wait latency read write read write read write read write scrub trim rebuild ---------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- 1ns 0 0 0 0 0 0 0 0 0 0 0 3ns 0 0 0 0 0 0 0 0 0 0 0 7ns 0 0 0 0 0 0 0 0 0 0 0 15ns 0 0 0 0 0 0 0 0 0 0 0 31ns 0 0 0 0 0 0 0 0 0 0 0 63ns 0 0 0 0 0 0 0 0 0 0 0 127ns 0 0 0 0 0 0 0 0 0 0 0 255ns 0 0 0 0 2.54K 2.95K 469 59 1 2 0 511ns 0 0 0 0 415K 68.0K 186K 31.1K 7 875 0 1us 0 0 0 0 876K 100K 172K 89.7K 2 6.32K 0 2us 0 0 0 0 1.09M 240K 39.2K 166K 0 25.4K 0 4us 0 0 0 0 269K 138K 13.0K 350K 1 48.2K 0 8us 0 0 0 0 9.51K 59.7K 1.70K 129K 1 81.4K 0 16us 0 0 0 0 1.17K 870 1.60K 45.3K 2 688 0 32us 14.4K 0 15.3K 0 692 548 2.39K 88.8K 7 230 0 65us 37.6K 67.5K 39.1K 537K 235 195 3.72K 190K 30 11 0 131us 1.78M 367K 1.85M 1.28M 260 313 8.07K 341K 34 1 0 262us 901K 903K 858K 2.70M 301 676 19.5K 665K 23 3 0 524us 310K 1.42M 334K 1.56M 122 2.71K 22.3K 1019K 17 2 0 1ms 63.5K 1.35M 34.5K 168K 10 7.09K 15.5K 987K 13 2 0 2ms 26.7K 1.23M 11.0K 125K 196 1.57K 6.97K 1.07M 16 28.4K 0 4ms 6.98K 816K 4.36K 248K 13 456 1.45K 516K 1 67.1K 0 8ms 1.91K 319K 1.00K 28.0K 18 297 1.19K 265K 0 135K 0 16ms 1.01K 148K 10 441 1 174 940 125K 0 354K 0 33ms 237 51.3K 4 57 0 140 193 43.8K 0 52 0 67ms 97 9.95K 2 26 0 251 69 8.90K 0 8 0 134ms 0 1.59K 0 6 0 305 0 1.20K 0 0 0 268ms 0 122 0 1 0 0 0 119 0 0 0 536ms 0 0 0 0 0 0 0 0 0 0 0 1s 0 0 0 0 0 0 0 0 0 0 0 2s 0 0 0 0 0 0 0 0 0 0 0 4s 0 0 0 0 0 0 0 0 0 0 0 8s 0 0 0 0 0 0 0 0 0 0 0 17s 0 0 0 0 0 0 0 0 0 0 0 34s 0 0 0 0 0 0 0 0 0 0 0 68s 0 0 0 0 0 0 0 0 0 0 0 137s 0 0 0 0 0 0 0 0 0 0 0 --------------------------------------------------------------------------------------- BlankSystemDaemon fucked around with this message at 21:21 on Nov 24, 2022 |
|
# ¿ Nov 24, 2022 21:16 |
Inept posted:I think the omada routers also don't have stateful firewalls
|
|
# ¿ Dec 3, 2022 06:49 |
Cyks posted:It’s not true.
|
|
# ¿ Dec 3, 2022 14:38 |
I had to do a triple-take.
|
|
# ¿ Dec 16, 2022 20:51 |
Rexxed posted:I was able to setup a guest network with a ubiquiti cloud key for one of my clients. I don't know if it requires the server software to be running all of the time on something but you could consider a cloud key or putting it on a VM or something if you needed it.
|
|
# ¿ Jan 3, 2023 01:08 |
Yeah, I laughed at that too.
|
|
# ¿ Feb 5, 2023 19:19 |
You can also use headscale to host your own orchestration software that tailscale connects to.
|
|
# ¿ Feb 12, 2023 16:38 |
SwissArmyDruid posted:My Edgerouters seem to finally be dying, so they're getting replaced. TNSR is a DPDK-based appliance, so it's not really using the Linux kernel for the networking part and thereby doesn't have to suffer its inferior performance when it comes to networking. e.pilot posted:pfsense did some shady poo poo with wireguard, I’d go opnsense
|
|
# ¿ Feb 15, 2023 12:34 |
pfSense/OPNsense is an appliance - it's just an appliance OS. The alternative to an appliance OS, in this case, would be FreeBSD with pf configured - but that also gives you the option of using ipfw, which pfSense/OPNsense doesn't. As for hardware that'll run FreeBSD, a AMD64/x86_64 or Aarch64 (not on a SBC, though) with an Intel/Chelsio/Mellanox NIC is probably the best choice.
|
|
# ¿ Mar 7, 2023 14:37 |
devmd01 posted:This is the way, one per floor isn’t overkill at all. MarcusSA posted:So if these are the networks around me is there any reason not to use auto for the channel selection?
|
|
# ¿ Mar 16, 2023 11:46 |
Well, kismet uses either a TUI or webUI - so if someone's semi-comfortable on a Unix-like, it can be made to work on Windows. For macOS, the fork is called KisMac.
|
|
# ¿ Mar 16, 2023 17:49 |
cr0y posted:Fiber doesn't really have "modems", the box is called an ONT and it converts fiber to coax or ethernet, from there you plug it into your router or a router that the ISP gives you. Although with the recent spat of *PON-capable SFP(+) modules, it's become a lot easier. BlankSystemDaemon fucked around with this message at 10:49 on Mar 22, 2023 |
|
# ¿ Mar 22, 2023 10:45 |
For Ethernet using TCP, linerate is ~116MBps, for UDP it's 125MBps, assuming MTU is 1500 bytes.
|
|
# ¿ Mar 23, 2023 13:50 |
Traceroute isn't really a useful diagnostic tool anymore, since almost every router on the internet will de-prioritize the ICMP echo/replies with decrementing TTLs, going from attempting to not answer it as fast as possible (or at all) all the way up to sending the traffic via an entirely different route - both of which result in different results packet switched networks compared with normal traffic This can sometimes be worked around by using TCP, but very few implementations of traceroute support doing that because it requires keeping track of RSTs. This, of course, requires that the routers are configured to send RSTs on a closed port, instead of simply not responding - which is the better option, and is usually the default on OS' that implement half-open connections, which not every OS does, and routers don't tend to like to accept being the destination for.
|
|
# ¿ Mar 26, 2023 11:19 |
wolrah posted:What's everyone with stupid fast home fiber doing hardware-wise these days?
|
|
# ¿ Mar 31, 2023 12:33 |
That Works posted:I’m not familiar. What’s that one? It was quite popular on Soekris hardware. EDIT: The way it saved its configuration to a separate filesystem in /cfg was also quite revolutionary for its time, and is the reason why things like NanoBSD and TrueNAS is partitioned the way it is, to this day. BlankSystemDaemon fucked around with this message at 01:19 on Apr 1, 2023 |
|
# ¿ Apr 1, 2023 01:15 |
priznat posted:What’d be a good router option to connect to a fibre pon modem if it is 10G SFP? This was one of the main reasons I was eyeing a udm se. Forwarding at 10G isn't difficult, firewalling (especially statefully) can be - so I'd recommend going with commodity hardware and a 10G SFP+ PON adapter from FiberStore, then installing BSDRP on it. It's based on FreeBSD -CURRENT so has all the speed-ups that the pf firewall has gotten (which makes it about as fast as ipfw is), and has everything you should need.
|
|
# ¿ Apr 10, 2023 11:51 |
Just remember that an iperf test (no matter if it's version 2 or 3, though they're different) doesn't measure the firewalling speed of the hardware, which is what matters.
|
|
# ¿ Apr 10, 2023 16:44 |
Speaking LTE networks, even if they're for backup - I wanna get a hold of a LTE-A EM160R-GL. It does LTE-A Cat 16, meaning it's supposed to be capable of the full 1Gbps/150Mbps uplink that's advertised for stationary devices.
|
|
# ¿ Apr 14, 2023 21:57 |
unknown posted:IIRC, for unifi, they only channel scan on startup since they don't have a secondary radio. (or if you hit the scan button, but that shuts down normal usage for a minute). Maybe their higher end gear has the bonus radio for scanning though. I refuse to believe that you can't use multiple device nodes with different operating modes, so that one is a hostap and another is station and a third is monitor.
|
|
# ¿ Apr 27, 2023 14:06 |
It probably also needs to be said that if you set things up properly with pf, pfsync, and carp, a firewall isn't the single point of failure that a lot of people think it is. It is also entirely doable on off-the-shelf consumer hardware for a multi-gigabit FTTH connections. If the internet is as important as it seems like it is for them, it's worth finding an IT guy that can ensure it stays up. chocolateTHUNDER posted:ISP Modem/ONT > Firewall > Switch > WAP Even if you're doing everything on a pair of boxen using the above method using a pair of GPON SFP+ modules, you still need to conceptualize it like that - otherwise, you risk configuring it wrong. BlankSystemDaemon fucked around with this message at 12:57 on May 25, 2023 |
|
# ¿ May 25, 2023 12:53 |
namlosh posted:That’s interesting… what would be the cheapest/simplest setup that could do this? On FreeBSD, pf is nowadays (as in, on the stable/13 branch) a very fast firewall, whereas pfsync exists to synchronize packet state over a out-of-band (usually direct, non-switched) connection, and carp is a alternative to the proprietary Cisco VRRP option. opnSense is a fork of pfsense that's using a much more modern version of FreeBSD and it can do CARP - and they'll sell you ready-made appliances, too. The above method doesn't involve BGP at all. BlankSystemDaemon fucked around with this message at 09:41 on May 26, 2023 |
|
# ¿ May 26, 2023 09:36 |
Eletriarnation posted:VRRP is actually from the IETF, although it's extremely similar to Cisco's HSRP. CARP is still better, because Cisco only pinky-promised to not pursue any claims on their patent - which had the chilling effect Cisco intended.
|
|
# ¿ May 27, 2023 16:54 |
There's still 802.11a and 802.11b out there.
|
|
# ¿ Jun 11, 2023 04:44 |
There's a very classic network design called "router-on-stick" where you have one LAN port connected to a L2 or L3 switch, and then the switch is responsible for, well, switching traffic between the LAN devices, whereas the router does the actual routing (and firewalling) - and it's effectively what you get in any router with more than a couple ports, because it's such a simple design it's very hard to gently caress up. It seems to me that the UDM Pro would do very well for what you're hoping to have it do, and with the SFP+ ports, you can even add one or more switches. If you add a switch with PoE (or, better yet, use the PoE ports on the device, and add a switch for all other devices), you also have the option of doing Power-over-Ethernet for the unifi cameras which can record onto the storage that you can install into the UDM Pro - similar to how the access point you linked can be do power-over-ethernet. Do also remember to make liberal use of VLANs - one for management, one for regular devices you trust, one for home surveillance, one for IoT devices you don't trust, one for guests if you end up using the hotspot functionality, and so on and so forth. They don't require cloud access at all (though, if memory serves, you have to explicitly tell it that you don't want it). BlankSystemDaemon fucked around with this message at 10:42 on Jun 20, 2023 |
|
# ¿ Jun 20, 2023 10:35 |
|
|
# ¿ May 17, 2024 18:42 |
Sniep posted:I still doubt they'd let you use that port to it's capacity but regardless.. nice. I'm kinda surprised my ISP puts up with me using the 1/1Gbps@~$78/month at linerate.
|
|
# ¿ Jun 21, 2023 14:33 |