Comment by mohaine
1 day ago
I love by Dream Machine Pro. Seems to just work and keep everything up to date. I have it running my security cameras as well and it has been pretty much bullet proof.
What needs do you have for a router that the Cloud Gateway is missing or is bad at? A PiHole equivalent is about all I can think I'm missing.
IPv6 support is basic at best. The zone-based firewall is very prescriptive and limited. ACL stuff is not great. To increase the MTU of the physical interface connected to the ISP I would need to hack a systemd unit that did it on boot (I either need it at 1508 so the PPPoE interface uses 1500, or I need to MSS clamp it and have it effectively reduced to 1492). Initial configuration requires the device to be connected to the Internet.
There were a few other niggles, and in the end I just found it easier to do what I need on OpenWRT.
1492 is the default frame size set by unifi on wan pppoe. You neither need to know such esoteric details nor need to set them. “It just works”
You can also modify your frame size: Unifi Devices - Gateway - Settings - MSS Clamping.
In my view , unifi gives you all the power and very good defaults at a very reasonable price. Their nearest competitors (eero on consumer side and ruckus / Aruba on business side) have less features and more price.
just genuinely curious about your MTU use case and why this is required...?
PPPoE introduces an 8 byte overhead per packet. The "MTU of the Internet" is 1500, so that's what more or less everything defaults to.
This includes physical NICs on Linux, but the PPPoE interface has to tunnel through one of such physical NICs.
If the physical NIC has an MTU of 1500 (and can't be changed), the PPPoE NIC must do MSS clamping, effectively reducing the MTU from my network to the Internet to 1492. This increases fragmentation and overhead.
If I can increase the physical NIC's MTU to 1508 (and the ISP supports it, which mine does), then the PPPoE tunnel can use the full 1500 when talking to the Internet.
So, it's technically not _required_ but it's an improvement I should be able to implement easily (in OpenWRT I literally type 1508 on the MTU box for the NIC, or issue a single uci command).
The MTU thing is a bit bizarre - all connections I've seen on PPPoE in practice (fiber or DSL) used 1492 MTU to fit data into frames (and ISPs configured their routers like that too). What are you trying to hack with this unusual 1508 frame size?
It's not a hack. It's literally having the tunnel at 1500 MTU.
Check my answer to the sibling comment [0]. It's also known as mini jumbo frames, and is documented in RFC4638 [1]. And here's a post [2] talking about using it on OpenReach FTTC, which is similar to my own infrastructure, only I'm FTTP.
[0] https://blah.cloud/networks/enabling-mini-jumbo-frames-rfc46...
I really like the DM Pro and have it deployed to an office of about 50 people. It's a pretty no-fuss solution and fairly simple to manage.
For my personal setup, I decided to go with OPNSense and I couldn't be happier. Much more control, at the cost of being a little more hands on.
I think the best (rough) comparison here is MacOS vs Linux (or more accurately in this case, FreeBSD).
I'm slowly in the process of migrating from an EdgeRouter and Edgeswitches (including the 16XG for my SAN backplane) to Unifi. Am comfortable at the command line (and actually just had Claude help me build a bunch of configs and an IaC harness for my whole infrastructure) but the SPOG will be nice - that and Ubiquiti has basically abandoned the Edge* line. This was prompted by not wanting to by having persistent problems with the Cat 6 STP termination and the length of the run between my office and the rack in my garage, and my Mac Studio and Edgeswitch would generally only negotiate at 5gbps and even then be error prone, so I got a Unifi switch with 8 ports and 2 SFP+ and ran fiber to the garage for the uplink, and just a short 10' run between the switch and my studio gave me rock solid 10gig (I just run the controller, for now, on a small VM, with my 2 WAPs, but will go all in when I pull the trigger, though, oof, $2,500 for everything I need).
+1 for Dream Machine Pro. Own one at home and have stretched them pretty far in SMB environments.
I use it with 8 APs in a mesh and a few switches, all UI, and it just works. I also have a lot of success helping out some local SMBs by setting up UI for them.
My UniFi Fiber has an adblock integrated, wouldn't UDM also have it?