Buy from the Ubiquiti Store (Affiliate): - US: store.ui.com/us/en/pro/products/udm-pro-max?a_aid=CameronGray - EU: store.ui.com/eu/en/pro/products/udm-pro-max?a_aid=CameronGray
Excellent video and explanation on exactly how this works and what to do in different situations. Since I have UNVR Pro's, I don't have to worry about loosing historical video footage. But I appreciate the very thorough explanations. All of the other videos I have seen on this was just how it failed over and then switched back. Your video is the first I have seen that goes over all of the different scenarios of failure and what to do in each. Bravo.
what is really annoying about people pushing Unifi products is that they never mention they are more than likely out of stock. Point in case is the UDR which has not been in stock for weeks. I do worry about choosing a supplier that can not manage its stock and manufacturing process correctly.
Fantastic. Ive been trying to understand how can I connect my single WAN (BT) connection to both UDM's. This video is the only video that answers that question (at time index 7:35). I had a feeling/thought where I needed a switch but this video actually answered that question. Thank you Cameron!
Do you know if you're upgrading firmware, will it upgrade the first gateway, switch over to the second, and then switch back to the first and upgrade the second -- or does it upgrade both at the same time?
My ISP will attach one IP address to one MAC address. If the gateway is changed, a new IP address will have to be obtained (usually by modern reboot) Does this setup appear as a single device to the ISP?
Great video! Clear and detailed. Have to wonder about adding the other two points of failure to the system though. I wonder if Ub will make a switch device to go between them.
This setup is only really intended for large networks so you're already going to have LAN switches so you wouldn't really be adding a point of failure there. You are still technically adding one if you need a switch on the WAN side, but switches are generally pretty reliable and if you're at the point of running redundant UDMs, you'd probably also have redundant WAN connections, each with their own switch.
Interesting; would this be functional through USW-Aggregation switch with dac cables? ISP to Aggregation * 2.5Gbps Fiber* Dac to UDM-Pro 1 & Dac to UDM-Pro 2?
If you were going to the expense of HA you would likely have a separate uvr and not have any cameras on udm. The reason I originally liked unifi was every thing was separate not Kean on the all in the one devices although they are good I personally think it's a backwards step and would prefer just a gateway with 10 GB ports.
I would say having them need to be switched back is a overside. Imagine you have some glitchy power conditioner done the chain, that looses poeer then powers up again, then looses power and so on. (I know not fhe most likely, but it is possible). Then the udm will switch constantly, sou will probably loose internet connection constantly and unify protect properly has a footage issue. I understand that it's probably hard to implement it because the first one doesn't knoenit failed when it comes back online but still, it would be great
Does it support dual WAN assuming the same unifi SFP Adapter? I would be inclined to use 1 LAN trunk port and configure VLANs on downstream switches and manually move over the trunk patch cable. Excellent video!
Dual WAN works the same way as on a single UDM except with Automatic Shadow Mode you'd connect both WAN connections into both of the UDMs. Not sure what you mean about the trunk port and manually swapping the cable? With Automatic Shadow Mode you'd configure a trunk port on both UDMs and connect both of them to the switches at the same time, that way failover will happen automatically without requiring any cabling changes.
Thanks! These are the exact cables I'm using but you can find similar slim CAT 6 cables from many other suppliers: patchsavesolutions.com/773-slim-small-diameter-pvc-snagless-patch-cables
They do look interesting and I'd love to check them out in the future, but since I don't necessarily have a use for them personally, the cost is unfortunately a bit hard to justify purely to make a video on them.
That’s weird I have 2 udmse and I got them to sync but I don’t have the option for the auto failover. Maybe it just happens without having to select it now?
It's a Little disappointing they not replicating video storage between the two units, Might be bandwidth or processor constraints, but surely they could create another interface just dedicated to video traffic but the processor might be harder to overcome.
For the most part, in the WAN side yours ISP's modem may have multiple LAN ports than you can connect the UDMs, or you may use 1 simple switch. Simple unmanaged Switches from reputable brands may be really reliable because their simplicity, so they are intrinsically less prompt to failure. On the LAN side you got lots of options, depending on the size of your network, if you have only one downstream core switch you can just connect the 2 UDMs to your core switch. If you have multiple downstream switches you can connect both UDMs to every switch, or you may use STP (Spanning Tree Protocol) to create a Daisy Chain Ring between them. There are looots of options depending on the size of the network, number of switches and which are the critical ones. Cheers!
On the LAN side, you could have a pair of stacked core switches, and make sure each one has a link going to your access switches. Not sure if that’s something you can setup with a Unifi setup or not, not too familiar with their switches. Also, switches with dual power supplies On the WAN side, it’d depend on what your ISP supports, but if you do just get 1 network port handoff from them, at least going into a reliable dual power supply switch would be a good idea. Having a single point of failure somewhere along the line is something you’ll have to live with, unless you start going down some much more complicated setups, and likely needing more enterprise grade gear
I can't see why not, although that does raise an interesting situation - with the switch sitting on the WAN side of the UDM, I don't think it would automatically be manageable through the UniFi controller. I haven't tested this but I suspect you'd need to also have the switch connected to your LAN to allow management through UnFi and then add a VLAN that includes all of the ports used for your WAN connection (the ports linking to each UDM and the port(s) uplinking to your ISP).
Does it have any interface tracking features? For example, if your WAN cable gets damaged on the primary and becomes disconnected, would it trigger a failover to keep the internet live to the network? Or would it stay as it is an you would loose connectivity?
I haven't tested this, although I suspect not. Automatic Shadow Mode is designed purely to handle the complete loss of a UDM (hardware failure, software crash.etc). When it comes to WAN redundancy, the expected setup would be to have a pair of WAN connections which are both connected to both UDMs.
@@camerongray1515 on the tp link switches, usually you connect the upstream cable to port 5 (labelled Link/Act) and you connect downstream devices to ports 1-4. you connected the uplink cables from the dream machines to ports 3 and 4. how does that work?
There is no difference between any of the ports, they all work the same. A switch doesn't care which port is used to uplink to the router, it doesn't even see any difference between a router and a client device - all general Layer 2 switches like these do is forward traffic between connected devices based on MAC addresses. You may sometimes see switches with ports labeled "Uplink" but that usually just defines either, a higher speed port (e.g. 10GbE port on an otherwise 1GbE switch, or 1GbE port on an otherwise 10/100 switch) or on a PoE switch it may be used to label a single port that doesn't provide PoE.
I honestly think the protect is not reliable enough at the moment. it should maybe have an option to replicate the footage across both nodes/record on both nodes simultaneously, or something along these lines. I dont trust unifi for my own home cctv anyways, and if I were to turn my cctv system into a highly available system i'd simply buy another network video recorder and have it record the same cameras twice
Buy from the Ubiquiti Store (Affiliate):
- US: store.ui.com/us/en/pro/products/udm-pro-max?a_aid=CameronGray
- EU: store.ui.com/eu/en/pro/products/udm-pro-max?a_aid=CameronGray
Excellent video and explanation on exactly how this works and what to do in different situations. Since I have UNVR Pro's, I don't have to worry about loosing historical video footage. But I appreciate the very thorough explanations. All of the other videos I have seen on this was just how it failed over and then switched back. Your video is the first I have seen that goes over all of the different scenarios of failure and what to do in each. Bravo.
what is really annoying about people pushing Unifi products is that they never mention they are more than likely out of stock. Point in case is the UDR which has not been in stock for weeks. I do worry about choosing a supplier that can not manage its stock and manufacturing process correctly.
Absolutely. I ended up finding a second hand UDR after waiting 3 months without luck. That was a while ago now and they're still not in stock
Plenty of stores that sell them.. You don't need to buy it at the Ubiquiti Store...
@@SmokingCrop Have a link? I couldn't find one in stock anywhere in UK/EU that I could find
Fantastic. Ive been trying to understand how can I connect my single WAN (BT) connection to both UDM's. This video is the only video that answers that question (at time index 7:35). I had a feeling/thought where I needed a switch but this video actually answered that question. Thank you Cameron!
Great video, but what happens if I have two ISPs, one active and the other in failover mode? The question is, where do I connect the second ISP?
Do you know if you're upgrading firmware, will it upgrade the first gateway, switch over to the second, and then switch back to the first and upgrade the second -- or does it upgrade both at the same time?
What about two IPS's?
My ISP will attach one IP address to one MAC address. If the gateway is changed, a new IP address will have to be obtained (usually by modern reboot)
Does this setup appear as a single device to the ISP?
Great video! Clear and detailed. Have to wonder about adding the other two points of failure to the system though. I wonder if Ub will make a switch device to go between them.
This setup is only really intended for large networks so you're already going to have LAN switches so you wouldn't really be adding a point of failure there. You are still technically adding one if you need a switch on the WAN side, but switches are generally pretty reliable and if you're at the point of running redundant UDMs, you'd probably also have redundant WAN connections, each with their own switch.
Gotcha! Makes sense! Thanks for the reply and video.
Interesting; would this be functional through USW-Aggregation switch with dac cables?
ISP to Aggregation * 2.5Gbps Fiber* Dac to UDM-Pro 1 & Dac to UDM-Pro 2?
What about dual WAN from 2 different ISP’s. How do App and Firmware updates work with Automatic failover?
If you were going to the expense of HA you would likely have a separate uvr and not have any cameras on udm. The reason I originally liked unifi was every thing was separate not Kean on the all in the one devices although they are good I personally think it's a backwards step and would prefer just a gateway with 10 GB ports.
gateway with just 10g ports, that would be the UXG
I would say having them need to be switched back is a overside. Imagine you have some glitchy power conditioner done the chain, that looses poeer then powers up again, then looses power and so on. (I know not fhe most likely, but it is possible). Then the udm will switch constantly, sou will probably loose internet connection constantly and unify protect properly has a footage issue.
I understand that it's probably hard to implement it because the first one doesn't knoenit failed when it comes back online but still, it would be great
Hi will it be able to spit the load between two router in Shadow Mode? Thanks.
Shadow mode is purely active/standby high availability - it doesn't perform any sort of load balancing.
Does it support dual WAN assuming the same unifi SFP Adapter? I would be inclined to use 1 LAN trunk port and configure VLANs on downstream switches and manually move over the trunk patch cable. Excellent video!
Dual WAN works the same way as on a single UDM except with Automatic Shadow Mode you'd connect both WAN connections into both of the UDMs. Not sure what you mean about the trunk port and manually swapping the cable? With Automatic Shadow Mode you'd configure a trunk port on both UDMs and connect both of them to the switches at the same time, that way failover will happen automatically without requiring any cabling changes.
Absolutely amazing video and very clear presentation. Really enjoyed thank you. Could you please link the those clear though patch cables please
Thanks! These are the exact cables I'm using but you can find similar slim CAT 6 cables from many other suppliers: patchsavesolutions.com/773-slim-small-diameter-pvc-snagless-patch-cables
@@camerongray1515thank you so much
I'm wondering if there is a way to sync the footage to the standby over the HA link.....
Great video Cameron, would love to see some videos on peplink devices like the balance one 5g
They do look interesting and I'd love to check them out in the future, but since I don't necessarily have a use for them personally, the cost is unfortunately a bit hard to justify purely to make a video on them.
Will this work with the uxg pro?
this is exactly what i was thinking, i hope it does because it could be super useful at work, as long as it still supports dual WAN
That’s weird I have 2 udmse and I got them to sync but I don’t have the option for the auto failover. Maybe it just happens without having to select it now?
Doch,, die Option ist nur als Link sichtbar (daneben ist ein Ausrufezeichen). Einfach auf den Link klicken.
It's a Little disappointing they not replicating video storage between the two units,
Might be bandwidth or processor constraints, but surely they could create another interface just dedicated to video traffic but the processor might be harder to overcome.
So how do you now make the two additional switches have the same level of redundancy?
For the most part, in the WAN side yours ISP's modem may have multiple LAN ports than you can connect the UDMs, or you may use 1 simple switch. Simple unmanaged Switches from reputable brands may be really reliable because their simplicity, so they are intrinsically less prompt to failure.
On the LAN side you got lots of options, depending on the size of your network, if you have only one downstream core switch you can just connect the 2 UDMs to your core switch. If you have multiple downstream switches you can connect both UDMs to every switch, or you may use STP (Spanning Tree Protocol) to create a Daisy Chain Ring between them.
There are looots of options depending on the size of the network, number of switches and which are the critical ones.
Cheers!
On the LAN side, you could have a pair of stacked core switches, and make sure each one has a link going to your access switches. Not sure if that’s something you can setup with a Unifi setup or not, not too familiar with their switches. Also, switches with dual power supplies
On the WAN side, it’d depend on what your ISP supports, but if you do just get 1 network port handoff from them, at least going into a reliable dual power supply switch would be a good idea.
Having a single point of failure somewhere along the line is something you’ll have to live with, unless you start going down some much more complicated setups, and likely needing more enterprise grade gear
I have a 10g Ethernet with 5g/5g WAN connection so I wonder if the switch between the the WAN and the UDM could be a unifi aggregation switch.
I can't see why not, although that does raise an interesting situation - with the switch sitting on the WAN side of the UDM, I don't think it would automatically be manageable through the UniFi controller. I haven't tested this but I suspect you'd need to also have the switch connected to your LAN to allow management through UnFi and then add a VLAN that includes all of the ports used for your WAN connection (the ports linking to each UDM and the port(s) uplinking to your ISP).
Does it have any interface tracking features? For example, if your WAN cable gets damaged on the primary and becomes disconnected, would it trigger a failover to keep the internet live to the network? Or would it stay as it is an you would loose connectivity?
You would hope it fails over purely because of the WAN packet loss
@@NaokisRC hope being the key word here
I haven't tested this, although I suspect not. Automatic Shadow Mode is designed purely to handle the complete loss of a UDM (hardware failure, software crash.etc). When it comes to WAN redundancy, the expected setup would be to have a pair of WAN connections which are both connected to both UDMs.
Does this only work on the new Pro Max or also UDM Pro Se and Pro ?
This feature is being rolled out to all rackmount UDMs, so that includes the UDM Pro, UDM SE and UDM Pro Max.
Do you need the Max or is it coming to the SE ?
This will come to all rack mount UDMs - so the UDM Pro, UDM SE and UDM Pro Max should all be getting it!
Oh boy, a mass of cables.
Don’t you need to use the Link ports on those switches? How can that work?
I'm not sure what you mean?
@@camerongray1515 on the tp link switches, usually you connect the upstream cable to port 5 (labelled Link/Act) and you connect downstream devices to ports 1-4. you connected the uplink cables from the dream machines to ports 3 and 4. how does that work?
There is no difference between any of the ports, they all work the same. A switch doesn't care which port is used to uplink to the router, it doesn't even see any difference between a router and a client device - all general Layer 2 switches like these do is forward traffic between connected devices based on MAC addresses. You may sometimes see switches with ports labeled "Uplink" but that usually just defines either, a higher speed port (e.g. 10GbE port on an otherwise 1GbE switch, or 1GbE port on an otherwise 10/100 switch) or on a PoE switch it may be used to label a single port that doesn't provide PoE.
What is it for a laptop?
Looks to be a Framework laptop.
Is video content moved between them?
Did you look at the video?
Unifi always have great ideas but OMG their updates can be an absolute nightmare and brick your machine.
I honestly think the protect is not reliable enough at the moment. it should maybe have an option to replicate the footage across both nodes/record on both nodes simultaneously, or something along these lines. I dont trust unifi for my own home cctv anyways, and if I were to turn my cctv system into a highly available system i'd simply buy another network video recorder and have it record the same cameras twice