My setup is definitely more on the prosumer side, but it's been so build out and inspect my network with their tools.
I've also had three instances where upon rebooting due to a power outage or a system update, my inbound firewall / port forwarding was just broken. UniFi simply did not pass packets to my server. Once again, a full reboot of every UniFi device on the network resolved it.
I really want to like UniFi, and I appreciate how much access I have to SSH in and figure out what's going on (and I did take tcpdumps and have a support case open), but it has definitely not been plug-and-play for me.
I'm using a UDR7, U7 Lite, a number of managed UniFi switches, and just recently added the U6 extender.
Still 100X better than the competition though. My UDM has worked wonderfully with support for dual IPs and seamless failover
I was quite a lot happier after the switch, as I didn't have to hassle with UniFi and my APs stopped needing roughly-monthly reboots.
My experience is very binary. I had some Mikrotik RF installs that Just Worked, and never needed attention. And some that were just problem children constantly demanding reboots.
Mikrotik code isnt the most stable beast in the world, but if you keep it at a certain point in time you are usually safe. But then that brings you back around to the security issues again.
Their long-distance wireless and outdoor wireless are great, but their regular WiFI access points and software are at most adequate. They are not keeping up with the state of the art.
In that same house switching over to Ubiquiti just worked, and worked well. I had the same setup (mesh nodes on every floor), but performance was substantially better (2-4x).
I've moved house, and now have wired APs on every floor, and get phenomenal performance. The management UI to see what is where / how its connected, and when something doesn't work is very good. It also enables things that were hard / difficult with other non-'prosumer' gear. Like I can have multiple WAN ports, and plug in a cellular modem, so that when my internet doesn't just work (which happens way too often) it auto-fails over to the cellular modem, and continues just working.
The reason I went with Ubiquiti in the first place was their Unifi Protect line of cameras, and again those 'just work' from the wireless small ones to domes / etc plugged into wired connections they all just seamlessly connect to my dream machine, and provides a great UI, and the data is on prem which I want.
The only thing Ubiquiti doesn't do the way I want is DHCP + DNS, so I have a seperate raspberry pi doing that.
After years of fussing around with either linux / pfsense / ... routing + firewall solutions, and different AP / meshing configurations the ubiquiti stuff is very hands off.
Right. Just like 5Gbit PPPoE uplinks over VLAN. In fact there is no Ubiquiti router which can handle 1.5Gbit+ PPPoE for some reason. So, I have a mikrotik in front of UDMPM just to termiate PPPoE and I had to buy a IPv4 /29 subnet to avoid double not.
Everything just works, sure.
I ended up going with TP-Link Omada and have been happy so far (a managed switch and wifi 6 WAPs). I am a bit concerned about their security track record given how bad their soho products are, so I ended up sticking with my opnsense router at the perimeter as the first line of defense.
I’m curious to hear what you think you’re missing out on with Omada.
TP-Link stepped in and have been working hard on Omada being a direct competitor. It's clearly inspired liberally from UniFi but that's A-OK by me, it's healthy for both to be going head to head. In my experience it had somewhat fewer features, particularly initially, and they definitely don't cover the full breadth of cool and useful niches that Ubiquiti does either. But what there is has worked well and been more reliable for me, particularly in a mixed environment. For example Omada worked perfected day 1 with automatic L3 controller discovery using a simple DHCP Option 138 set on my OPNsense unit pointing right at my controller FQDN. It was easy and built-in to supply a proper certificate for the Web GUI. I never got either of those to work with the UniFi controller. The switching has been rock solid reliable and the WiFi more performant, better coverage, and features like PPSK were added way before Ubiquiti did and have a much better interface.
However, Ubiquiti does seem to perhaps be turning things around a bit. Their router hardware is no longer garbage, even if it is of course far less then you can do yourself. From what I can see in simple ongoing tests they do a better job on the software side for router features now as well, so if you're all-in on both systems for the total single-pane experience UniFi might once again be better. Their announcement of the "UniFi OS Server" 3 months ago (in Early Access) and publicly last month was both a surprise and heartening. Rarely does one see companies that start down the path of lock-in reverse course at all. If they make it possible to run all their various controller applications on your own hardware I'd definitely start to add more back into my mix.
So if you've got decently modern Omada hardware (and you probably do because not like it's been around that long, in terms of networks anyway) I'd be in no massive rush to switch to UniFi unless you see some key specific things you'd like. If you think you ever might want to roll your own other infra same thing even harder. But if you're thinking about a bunch of upgrades anyway then worth keeping an eye on and looking carefully at the various feature mixes each have.
And that's a really statement that makes me super happy to say, because I think each is now driving the other, which is really healthy for this ecosystem!
I am eyeballing the new NAS to play with soon.
It used to be that in the event of a major outage or hardware failure you would need to issue additional debug commands to the effect of "I know this isn't your approved SFP but please just try it," if you were trying to replace a first party SFP with a third party one. TAC would more or less laugh at you and hang up if you sought support.
I'm not sure if this product will _actually_ change any of that, but here's hoping.
This is common belief and even a dire warning when filing TAC tickets. However, unless the third-party SFP is the prime suspect, I have never experienced a TAC from any major networking vendor[1] refuse support, let alone "laugh and hang up," even metaphorically.
It's good SOP to keep at least a couple SFPs for each networking manufacturer on the shelf, but third-party SFPs are normally in the ballpark of 10% of the cost of OEM and tend to be manufactured better[2].
1. Mostly Cisco, Juniper, HPE, Fortinet
2. I've had a far greater failure rate on OEM SFPs than SFPs from third-parties like Fs.com and USCritical. That and they feel much less flimsy than OEM.
I bucket it into there being three options: genuine, clone, and good-clone.
We had a bad run with fs.com QSFP+s. Their SFP+s have been better to me, but reckon I have had a couple fail.
Atgbics SFP+s have been a reliable clone supplier for us. I don't think I have had any of those fail, and they have been my main vendor for a while now. You can order them programmed with personalities for Cisco, etc.
Part of the edge of fs.com is that it is so easy to place an order and get fast delivery. My main site is in another country to where I live, and I do a few trips a year. Several times they have made low-notice projects possible.
The nexus line being more modern in spirit also helps. Catalysts still reject non-cisco optics without a configuration line afaik.
A good rule of thumb is whether the equipment tries to vendor-lock you in.
Another example that comes to mind is at least one generation of Intel NICs (don't remember if it's the 5xx or the 7xx), where even the open-source mainline (!) driver will reject the optic without a driver argument passed to it when modprobe'ing it.
The two X520s that I have will refuse to work with non-Intel transceivers unless either you're running Linux and have set the 'allow_unsupported_sfp' option, or have edited the card's EEPROM to unset the "shut down unless the transceiver is a Genuine Intel part" bit. It's my understanding that very many Intel NICs are like this.
I remember [0] the Juniper switches that I used to have (before I switched to Mikrotik) refusing to work with anything other than Official Juniper transceivers.
[0] ...and may MISremember...
I know there are these XPS-GROUPON with "8311 firmware" SFP modules or something to bypass it but they cost $130+ and just wondering if there's something for <$50 before I pull the trigger.
Also
> 1000% lower pricing
What the hell does that mean? If some other vendor sells it for $1000, you sell it for -$9000?
https://hack-gpon.org/ont-wo-mac/
You would need the ISP to "adopt" your ONT into their network similar to what is observed with cable modems.
In short, a gpon network is not quite the same as rolling to Walmart or whatever and just grabbing a replacement cable/dsl modem.
SFP programmers have been around forever and work great. This will solve the issue. The only really unique thing here is the form factor and price. I think the last time I looked at a programmer 8 years ago I seem to recall it was about 10x this price. I’m guessing cheaper ones have popped up out of China since then.
It depends, but for typical networking I'd say Ubiquti is actually offering better pricing here (outside of 10G LR) - and I'm saying that as someone who has sold 10s of thousands of FS modules to customers.
| FS | Ubiquiti
-----------+------+-----------
Programmer | $369 | $49
10G SR | $25 | $12 ($20)
10G LR | $34 | $59 ($85)
25G SR | $49 | $29 ($49)
25G LR | $74 | $69 ($119)
100G SR4 | $99 | $39 ($69)
Side note for the HN crowd: For ridiculous homelab 100G shenanigans look for Intel 100G-CWDM4 on sites like Ebay. They go for $4 and work with SM LC fiber from 0-2000 meter runs, making great DAC replacements (cheaper+thinner replaceable cabling). They run great, I've had 8 going for a year. Even if all 8 failed tomorrow and I bought 8 more that's still cheaper than a single 100G SR4 from FS. You can pair these with used 100G NICs for ~$100, making a 100G direct connection between 2 machines ~$250 after shipping+tax.
Ubiquiti's 10GB LR of $59 is for a 2-pack, not per-module. So that still comes out cheaper than FS for the sale duration at least. Not by a lot, granted, but still cheaper.
Assuming 2.5W typical consumption, $0.18/kWh rate. More like $8/year if you are in a high rate area!
It remains to be seen if UB's pricing (particularly $50 on the "Wizard") is just temp to get their foot in the door. I suspect it is; and we'll see the price increase later.
I used to use Ubiquiti gear a number of years ago, but left when they started moving into an Apple-esque "prosumer" direction with corresponding price increases. That, and the constant bugs.
https://www.flexoptix.net/en/fo-fb-5.html?option875=1
If you're buying at scale you can get a Flexoptixs box for free, long as you promise to write a review. At least, you used to be able to.
I have two ISPs, one with IPv6 (Starlink) and one without (Frontier).
I want to use Frontier for all IPv4, with IPv4 failover to Starlink, and I want to use Starlink only for IPv6.
UniFi networking won’t let you configure this, and I’m not going to SSH in to my UDM to manually set routes, that will be lost at next boot.
I had a great stint with OpenBSD on an older Pentium 4 Dell tower a few years back. For basic firewall rules, I had line-rate performance on my NICs. But for a home network I'd love to have something more energy efficient.
All my switches are MikroTik. My SFP+ modules are MikroTik, Ubiquiti, and some 3rd party ones from before I knew better.
I've had modules that will only run at gigabit in one switch but will give me the full 10 gb in another. I've had modules that refuse to work in one MikroTik switch but will happily work in a different MikroTik switch. I've just had a world of pain.
I've got everything basically working after months of fiddling and I'm inclined to just not… touch… anything.
* I will note that the 10gb sfp+ modules from 10gtek on a Mikrotik just don't work.
These 10gtek fiber modules on the other hand have worked flawlessly so far. [2]
This Mikrotik module would not establish a 10 gb link with my Thunderbolt dock no matter what I tried. Works fine with my servers though so I swapped it out.
I've pretty much resigned myself to just buying the full brand Ubiqitui SFP+ adapters [4] for converting to copper.
I recently purchased [5] to run to my living room, but I have not found the time/energy to do the run.
1. https://www.amazon.com/dp/B01KFBFL16
2. https://www.amazon.com/dp/B08BP4M8LV
3. https://www.amazon.com/dp/B078SNK1MY
4. https://store.ui.com/us/en/category/accessories-modules-fibe...
Weird. For the past three years, I've had 10Gtek 10gbit SFP+ optical modules in all of my Mikrotik switches [0] and they Just Work.
My switches are the CRS326-24G-2S+, and the SFPs were the "generic" versions. I wonder why yours were so troublesome.
[0] ...and (after fixing their eeproms) my Intel x520 NICs...
It's one of the reasons I switched to running fiber even to desktops at home; it's like 1/10th the heat output.
Often Cisco/etc will refuse support cases if you aren't using their optics, if the switches/routers even work with them in the first case, which isn't a given as often they'll refuse to work with non branded optics.
Really just a money grab by the big network vendors.
This box allows you to flash the firmware on the optic to say its from whatever brand you want (Cisco, Dell, Aruba, Juniper etc) so that you can get it to work in that companies switch/router.
For most SMEs, the brand of optics makes no difference. Maybe keep a few legit branded ones around for debugging and when you need to raise a support case. But otherwise, the generic ones flashed to look like branded ones work just fine.
As others here have pointed out, Cisco reserves the right to do this but doesn't do it in practice. They don't even have a realistic chance to _detect_ a Cisco-programmed FS SFP, since it simply identifies the same as a genuine Cisco module.
If your case was directly related to the SFP (“I can't get a link on this fiber port”), then yes, they could probably refuse it. But if your case is about basically anything else on the switch, they won't care.
That's not the only difference. I have had situations where I ran equivalent optics side-by-side, and then touched one and it was hot, and touched the other and it was not hot. They do contain different components. In the case of that test - the atgbics SFP was cool, and the other clone unit was hot. My dealer was able to get me in contact with someone technical at atgbics (the cool-running unit) who explained the difference, "The DSP might be say 13nm where more modern more expensive ones are 5nm."
But you definitely do not need to pay for "genuine" optics to get high-reliability optics. You just need to shop around the clones - atgbics is a clone.
This is the SFP DAS and fiber links in the current place:
workstation - switchUpStairs - switchMainFloor - switchBasement - nas
Edge devices are a mix between 100meg, 1gig, 2.5gig, so anything wired is limited mostly by its own nic or the ISP.
I've got some 10g at my current house, but it's over cat5e cause that was already in the walls. Also adding a few 2.5g with a 4x2.5g + 2xsfp+ 10g switch that goes into a 10g capable switch.
Because pre-terminated cable assemblies [0] can be 10% of the cost of a more modular link, I used conduit large enough to pass QSFP28 with ease. May not be possible in every home but I'm happy with the result.
> I am also thinking it might need to be shrouded in EMT conduit
Why would you need to run your fiber in metal pipe? EMI isn't a problem with fiber.
Utter pain in the ass, broke one fibre pulling it through conduit with way too much force (like, 2000+N), another got eaten by a fox before I’d put it in a conduit, and terminating fibre is a royal pain if you have to do it.
But yeah, totally worth it.
most manufacturers of devices - the things with the holes, NICs, switches, routers - make their devices only officially work with modules that claim to be manufactured by that same manufacturer. so, you can either buy modules from that manufacturer, or buy modules from some other company (e.g. fs.com, 10gtek) who programs the modules to claim that they are from that manufacturer. "officially" can mean anything from "we won't help you if you open a support case" to "the device will make a whiney log message on boot if it's not one of our modules" to "it simply doesn't work unless you hack an EEPROM on the device".
this is somewhat annoying, since it means you need to buy specific modules for specific devices, you can't just keep a pile of SFP+ 10G-LR modules around, you need some "Intel SFP+ 10G-LR" and some "Cisco SFP+ 10G-LR", etc.
so, these third party manufacturers of the modules, like fs.com and 10gtek, will also sell you programmers for the modules, which lets you change what manufacturer the module claims made it. these programmers have been, historically and hilariously, tied to the actual manufacturer of the modules! so you can buy some 10G-LR SFP+ modules from fs.com and a fs.com programmer to set make some "Intel" and some "Cisco", but if you buy some 10gtek 10G-LR modules, you would need to buy a 10gtek programmer.
~so, this device that Ubiquiti has made is the meta-programmer - it can apparently program any module, from any actual manufacturer, to claim to be made by any manufacturer.~
edit: the post seems deliberately confusing - what they are actually selling is a device that can re-program Ubiquiti SFP+ modules by copying the manufacturer code from another SFP+ module that you insert into the programmer. so it's the same as what fs.com and all the other sell, but Ubiquiti's is ~1/10th the price (e.g. https://www.fs.com/uk/c/fs-box-3389).
Over here in NL we now get more and more access to >1gbps speeds, the office of my small business for instance has a 4gbps connection, and the ISP offers up to 8gbps on a standard consumer / small business package. We're in the process of upgrading our gear to take advantage of that. With WiFi 7 we've seen some real world throughput speeds of 1800-2000mbps going through a Ubiquiti U7 Pro straight to the ISP supplied router.
I wasn't really keeping up with networking gear, so I was pleasantly surprised when I looked into this stuff recently and figured out the gear has just magically gotten better and running 2.5gbit everywhere is surprisingly easy.
Still, compared to the SFP+ gear it's ridiculously overpriced. NICs are <$20 on ebay and an 8x10G port managed switch is $120 on aliexpress.
> Over here in NL we now get more and more access to >1gbps speeds
Same in France, yet the main "geek" ISP (free) has an 8Gbps symmetric ISP router with a 10G SFP+ cage for full bandwidth to the LAN. RJ45 ports are 2.5G.
And it's hard to fault them, as customers that are likely to even hardwire stuff to the router and moreso at 10Gbps are usually enthusiasts that do prefer SFP+ due to the abundance of hardware on the used market. Oh, and their team designing the router are a bunch of nerds that most likely all have a 10Gbps network.
I never knew you could program them. How smart are they? Are there ones capable of running Linux?
I certainly don't need or want their rack augmented reality... 'feature'? fad? And their clunky web UI is both limiting and slowing me down. Thanks, I'm perfectly fine with a console and simple LEDs.
Didn’t need reprogramming.
The quality is fine, oldest modules more than 5 years old and only 1 failure in 100.
Also, reading "Just insert any brand’s SFP or QSFP module, select Copy, and insert any UI module to write the profile." suggests that this only works to reprogram UI optics
The programming boxes (Ubiquiti's and others) get the Rx/Tx power from the DDM (Digital Diagnostics Module) built into most SFPs - it exposes the power levels from the receiver and transmitter inside the SFP and dumps it onto an SPI bus in a standardised way which is read by the box.
> Just insert any brand’s SFP or QSFP module, select Copy, and insert any UI module to write the profile.
It's pretty common for SFP rewrite boxes to only allow writing to that particular brand's SFP modules. It's partly a sales tactic, but also often vendor "genuine" optics will ship with a write-protected EEPROM (requiring a passcode) that stops them from being written to.
If you're after something a little more "open", Reveltronics[1] make a barebones version along with software for brute-forcing EEPROM keys.
And does it only write to SFP modules from Ubiquiti (looking at you FS BOX)?
Another tool you can use for this (without a nice UI) is the SFP Buddy: https://oopselectronics.com/product/SFPB
https://www.fs.com/products/96657.html
Which, while it works, is the poster child for how NOT to develop desktop software as it's a really shitty .NET GUI app they shoehorned onto non-Windows platforms.
> Instantly tests SFP and QSFP module health, including Rx/Tx power.
Most SFP modules will fail due to heat, like LED bulbs. So an instant test is of course instantly useful, but not indicative of production-use SFP health.
As a programming tool, of course it's awesome.
Of course, in typical ubiquiti fashion, it's out of stock with no way to backorder.
Oh come on!