So, I finally broke. It was one too many WiFi drop-outs on a day when I just really wanted to be able to watch a TV show without having to fiddle.
And I guess that’s where I should start. 10 years ago, our house would be “far from normal”. It’d be modern, edgy, technologically advance, “how the other half live”, etc.
But not today. Today our house is “typical”. Very average. “Unremarkable” even.
You see, back when I was a kid, if you wanted to make a phone call – you picked up the phone. If there was a problem making a call, it’d be a physical hardware fault – something in the very non-silicone driven copper cabling between my telephone and my friends’.
And the TV and radio were only slightly more advanced. Still a significant lack of silicone involved. An analogue signal was being continually blasted from a high-power transmitter in the region, picked up by a large antenna on the house – driven down a thick coaxial cable and not so much “decoded” as used to simply drive an electron beam having been passed through a series of band-pass filters.
Things were, how should I put it? Unremarkable. But very advanced at the time.
Now move on 30 years, and even listening to the radio has become something of dark magic. Analogue signals have become digital signals, and most of the way I watch and listen has moved to on-demand. Not unlike a VHS back 30 years ago, only now, I don’t own the VHS. I just request someone to digitally stream me the content from a huge vault somewhere. Same with music, and to an extent – same with radio. Telephone’s only major change has been that it now shares the exact same underlying infrastructure as all these other services (radio, TV, web, [e]books, clocks [self-synchronising], even – remarkably – Suzanne’s watch).
We’ve done it to ourselves. We’ve begun to kill traditional scheduled TV services by buying into cheaper alternatives with greater flexibility. And we’ve fallen into habits. This is now normal. We expect to be able to watch what we want, when we want – to pause, rewind, fast forward, and have it all instantly.
So it was in this context that my patience was momentarily exhausted when after a day at work fixing technology related problems, I came home and had to fix more technological problems just to watch 20 minutes of TV.
Ha. Oh how progress can often look a lot like failure!
At the time we were rocking a very dated (but remarkably reliable) Apple AirPort Express. We’d had it many years, and typical for Apple – it just worked. Very infrequently it’d require a power-cycle. But it’s technology was old, 802.11n (and an older draft of the spec at that), it’s internal antennas weren’t as advanced as today’s, and Apple (who had long since discontinued producing networking equipment) had never intended for the AirPort Express (clue is in the name!) to underpin a moderately demanding house like ours in 2020.
And to top it off, I’d been aware that I was on borrowed time for security fixes from Apple. They’ve graciously continued providing fixes well past their discontinuing all models in the line, but that grace will eventually expire. It was time for us to upgrade.
Chapter 1: My career history as a context
Before we continue, you need to know my career history. I’m a born-again Christian first, joyfully married second, and a geek at heart third (although sometimes 2 and 3 get muddled). My working career has revolved around technology, I’ve had moderate exposure to enterprise networking kit (notably Cisco) and voluntarily maintain a “enterprise inspired” budget-driven network at my church. I’m no stranger to VLAN tagging, static and dynamic IP routes, firewall ACLs, and the alike (and even the much deeper).
When I came to research the options on the market, I had the entire length of the scale in mind. The AirPort Express boasted utter simplicity and ignorance. Plug it in, feed it a username and password, and away we went. If anything ever misbehaved – power cycle it.
Now on the other end of the extreme is the “full hog”. Multiple access points, at least one guest VLAN with a captive portal, QoS tweaking on the WAN connection, isolation of IoT devices, multiple access points covering the property. And when things go wrong here, there’s a high chance I’ve misconfigured something. For cost reasons, this would have to be sourced on eBay – but a PoE layer-3 switch, an edge router for NAT, a wireless LAN controller, several access points, and a Zabbix server to monitor it would be something akin to what we have at the church (and which has worked for many years and continues to work admirably – except when being ‘tweaked’).
But then there’s the Netflix thing. The stress of contemplating doing more than “turning it off and on again” to resolve another glitch at 7pm after a full day at work is – not what I want.
I’m increasingly of the view that both my time and my sanity are worth more and more as the years progress. Particularly in my independent life, it really can be that black and white – if I can’t work, it costs me money. Plus, I want to be happy and few things make me less happy than computer bits going wrong.Troy Hunt
Yes. This. I subscribe to this fully.
So I settled on some middle ground. A DrayTek setup – a VDSL modem and several access points – and a router with their built-in WLC (wireless LAN controller). I’d picked the model – one supporting multiple VLANs (just in case, and guest WiFi of course) and support for fail-over to 3G (again, just in case).
But something niggled me.
DrayTeks are, forgive me please, straight out the 1990s.
They are – I must admit – rock solid. I’d recommend them in a heartbeat (and have done and will continue) to any small business owner who’s outgrown their BT Home/Business Hub. A decent DrayTek with VoIP built in, a WLC, site-to-site VPN with little more than a few clicks, they’re awesome. They’re not Cisco, but then neither are they a BT Home Hub. They’re license free (Meraki) – and they’re highly extensible (Apple AirPort). And they’re incredibly priced. A perfect fit for a lot of situations.
But it just didn’t feel “right” for my home. They have such a 1990s appearance. Their functionality is always age proven stability over weeping edge today. And I’ve used them before. I’m not pushing my boundaries of experience if I just confirmation biasedly[sic] stick with what I know. (Which is why I unashamedly say, “Apple just works”. I’m certain equally many other brands do too – but I’ve always stuck with what I know.)
Chapter 2: The discovery. Ubiquiti.
I owe a moderate debt of gratitude to Troy Hunt, the many various YouTubers who have sought to document and review Ubiquiti’s fine range of products, and the very active Reddit and Ubiquiti forum members. And most especially my brief contracting partner in crime – Sarit, who’s forgotten more than I’m likely to ever know. He spoke first hand of UniFi in his own home, and gave it his seal of approval.
While I sincerely hope I don’t have to go to these places and people for solutions to too many problems going forward, I thoroughly appreciate the buying advice given by all.
My research drew attention to a couple of things:
- Cost. Ubiquiti is incredibly affordable (if we ignore “free” routers thrown in by ISPs), but can quickly run you up a large bill if you’re an over-thinker like me…
- Grade. Ubiquiti is definitely “enterprise” in the sense that DrayTek is and an ASUS home router isn’t, but is definitely not “enterprise” in the sense that Cisco Meraki is and a NetGear ReadyNAS isn’t. I’ve heard that their chipsets etc are fairly commodity, and the user-interfaces are definitely far more accessible (and often simplified) compared to what others provide. You also don’t get 4hr on-site hardware replacement support etc.
- “Agile development”. Ubiquiti move fast. And they break things. You can grab beta firmware (and I don’t think I ever will be out of choice!), and sometimes even their stable firmware has been reported to cause the occasional issue (but it does seem rare). Again, compare and contrast to the likes of other players … they’re keeping their firmware and support rolling for 13+ years on some kit (compare that to Sonos please) but equally aren’t just trying to maintain the stable status quo (like Cisco’s catalyst switches rightly do).
- Looks. This stuff looks the biz. Not in a “I’m a gamer’s ASUS router” sort of way. In a “Wife Acceptance Factor 9/10” way. In a, “I installed this on my brand new downstairs ceiling, and it looks like it belongs there” sort of way.
- Functionality. I didn’t say they’re “bleeding edge” above, because they’re not. There is a carefully selected balance between “what is proven to work” verses “what tomorrow is bringing”. You won’t find draft-802.11 specs here, for example. You might be on last generation WiFi in places.
So all that said… I researched, and researched, and went around in circle after circle before floating the idea past SWMBO (she who must be obeyed) – and to my great surprise, proposed a WiFi-upgrade-cost-budget that she found highly acceptable. (Perhaps she too was fed up of Netflix dropping out twice a week.)
Chapter 3: Putting our money where my mouth was.
I’d used LinItx.com before, who are themselves a master Ubiquiti reseller. They gave me very competitive prices and shipped fast.
The kit turned up and I set about plugging it all together. My choices were:
- 1st Gen Cloud Key. (The cost of a Gen 2 wasn’t justifiable – if I ever really need one, I’ll upgrade.) I’ve heard that the 1st Gen can become corrupted if there’s a power cut. I’ve had a few since installing the kit, and nothing’s broken yet. I have however got daily backups enabled JustInCase(TM).
- UniFi Security Gateway. Again, I’ve heard “these aren’t powerful enough for fast home broadband”. My experience on a 80/20 VDSL line has been the USG doesn’t even come close to breaking a sweat – and I have the somewhat controversial IPS functionality enabled (which I’d happily turn off to regain hardware acceleration if needed). Look if you care that much and are thinking about running PFSense and the works – maybe UniFi possibly isn’t the right Ubiquiti “tier” to go for, or just limit your adoption of it to WiFi!
- UniFi 8-port PoE switch. Because I wanted PoE to reduce cable clutter – and because I wanted the VLAN management for our guest WiFi to just work (with the UniFi app).
- UniFi AC-Pro. And I should have gone for the Lite or LR instead. But more on that in a mo!
In this blog I don’t want to waste my time showing you out-dated screenshots of how to configure all this stuff up. It’s safest for me to just say that:
- For anyone with even a modest experience of configuring home WiFi kit, it’s super straight forward.
- Plenty of guides and instructions are available online, for free.
- I did have one hiccup – which was of my own making – because I tried to keep the “WiFi downtime” to a minimum (and unsurprisingly it turns out that running both your existing router with DHCP etc enabled at the same time as your new router – can cause some issues. I knew that, I’m plenty experienced to know better, but I tried to be clever and lived to regret it. A quick factory reset of the Cloud Key let me start over – which given I was only 5 minutes in was no pain at all.) So either plan a “zero downtime” migration – like I would at work, or just rip everything old out first – like I should of at home 😉
And make sure you’ve got the mobile app if you can. The web UI is great on a laptop – but seriously, the convenience of just tapping on the app – it’s unrivalled (compared to anything I’ve experienced elsewhere).
Chapter 4: The wife acceptance factor.
This WiFi upgrade all coincided with my having ripped down our entire ceiling on the ground floor. The old ceiling was not up to building regulations (it was a serious fire risk – best you don’t ask) and looked fairly horrible in places (and was spider central with all those gaps).
While the ceiling was down, I ran cables to a few obvious locations. This made a little unused corner of our open-plan downstairs a candidate location for “core switching”, so to speak.
We subsequently sourced a little glass corner table to keep everything safe from accidental knocking, which encouraged me to make the network stack more of a “feature” (rather than something to hide away somewhere). The cabling job isn’t my finest, but you know – a 19″ data rack isn’t exactly going to look great in our open-plan living area! (Maybe if our house was bigger than it is – it’s relatively small for our village, but plenty big enough for the two of us.)
There is a long-term intention to add an office on the side of our house. If that ever happens, I fully expect this kit will be relocated there (leaving just a switch where all this guff currently resides).
This is something relevant perhaps to note for anyone thinking of going Ubiquiti. Most of their UniFi devices have a single purpose, so you’re going to end up with multiple devices – tied together by CAT5e+ cabling. If you don’t get a PoE switch, you’ll also have (fairly discrete) PoE injectors with mains power cables muddled into the situation too.
In the pictures here you can see the USG (second shelf) beside a Philips Hue hub. The 1st Gen Cloud Key is next to the fully managed 8 port PoE switch, and there’s an unmanaged switch extending it (because the cost of a 16-port switch was too much). There’s an Apple TV visible in the corner, and a NAS at the bottom. Several network points around the house terminate on the wall there.
I went with the ceiling for the AP. I’ve already mentioned that our house is modestly sized. With the AP positioned where it is, there are few locations anyone would sit and have a brick wall between them and the AP.
For your reference, the furthest point from the AP is probably our upstairs office. It’s somewhere around 12-18 ft (x/y/z), and WiFi signal is travelling through my body mass, a stud wall, and a wooden floor (and plasterboard ceiling). Also, the office is “behind” (above) the AP. I’ve been working-from-home due to the UK coronavirus lockdown for 8 weeks now, and the signal has never been below 4/5 on 5Ghz there (mid-range Lenovo ThinkPad).
The only problem area in the house so far has been our front door – with the Ring doorbell. It’s a Pro model Ring, so it supports (and preferences) the 5Ghz WiFi – but 5Ghz (as is well proven) reflects off and stops at brick walls far more than it penetrates. Between the AP and the doorbell are 3 brick walls (a double layer cavity outer wall, and a single thickness internal one).
For the Ring doorbell, 5Ghz is utterly unreliable – although it too is only 15-20ft away. And that’s probably the one big lesson I’ve learned in all this. Getting the Pro model AP means theoretical higher 5Ghz throughput, but does nothing for pushing 5Ghz further! So the Lite AP or LR may have made more sense – and certainly would suffice for 90% of homes. (My advice would be get several Lite APs rather than less Pro APs if your budget is limited like mine.)
So for the Ring doorbell, I run a IoT 2.4Ghz SSID to force the doorbell off 5Ghz (because it keeps latching on, no matter how unreliable the connection is). I think it’s the Ring doorbell that is failing to transmit a strong-enough signal back more than the AP is failing to reach the doorbell. But I’ve no definitive proof of that.
Chapter 5: Concluding.
If we ever extend the two ends of our house – I’ll be adding more APs (one in either room on either end) – because 5Ghz simply doesn’t cut through brick. If you’re in a very bricky house (plenty of brick interior walls), more Lite APs (or UniFi in-wall APs) are going to be better than trying to blast a signal both directions any day. As a point of reference, 20ft through stud walls etc doesn’t break a sweat on our AP – and we get a perfectly solid 5Ghz link on our phones in the garden (which is a cavity brick wall between us and the AP). If you’ve a larger garden – I’d look toward the UniFi outdoor mesh APs (which are very attractively priced for their ability – and don’t, despite the name, mean they aren’t fully capable weatherproof 5Ghz 802.11ac APs).
The UniFi web UI is plenty powerful – I dipped into it to enable the (currently) beta “WiFi AI” thing – it’s a tick-box to enable daily WiFi scans so my AP doesn’t sit on a channel used by my neighbours (of who there are fortunately few). Everything else I’ve done via the mobile app.
And the mobile app is beautiful, a leading example of good user-experience. I’ve embraced the risks that if Ubiquiti give up or die the app will go with them. There is nothing in the app that isn’t in the web UI (although there are things in the web UI which are currently missing from the mobile app).
Particularly pleasant are the drill-down details for WiFi clients – that was precisely what revealed to me the issue with the Ring doorbell (which, I must point out, was an issue of unreliability with the AirPort Express too – it was only that before I had the UniFi mobile app, I couldn’t so easily diagnose the problem a relating to 5Ghz SNR and the Ring doorbell “switching and sticking” to it).
Would I make the same choices that I have all over again? Except for going Lite over Pro on the AP – I’d not change a thing. If I didn’t have a Ring doorbell and wanted some non-Ring CCTV solution, I’d get the UniFi 2nd Gen Cloud Key with HDD, and pair it with some UniFi Protect CCTV cameras faw shaw.
No, all in all, I give the entire experience 10/10. I’m a tinkerer by trade and have fiddled with many of the settings available in the app – but to be honest, while there’s power under the hood for the professionals (particularly those who are far more experienced specifically in 802.11 wireless than I am), the defaults really do JustWork(TM). And the defaults are mostly what we’re now rocking.
As way of a finale – here’s a heat map created with the UniFi mobile app (I mentioned all this stuff is supplied free by Ubiquiti right?) – which might be of use to anyone planning a home UniFi rollout of their own! (Note how much the chimney stack absolutely annihilates the signal – and the several brick walls heading out to the front of the house downstairs.) Anything which isn’t blue has a signal well exceeding 150Mbps, which is ample for anything I’m doing with it. Tested on an iPhone 7, with no particular care to orientation!