I aspire to be as self actualized as you are Jeff, I thank you for your inspiration and your insane home networking setup that I get to nerd out about.
Best explanation I've seen because you talk about all the possible scenarios particularly having 2 ISP connections. You also explain what interfaces are up/down and why.
Yea, I have been slowly switching over things as it really makes administration easier, especially if I am traveling. I was surprised the failover worked so quickly and without and configuration. I have spent many hours on failover in the Cisco world!
I have a remote Ubiquiti Aircam up and running over 10 years no issues. However, the internet provider router sometimes used to crash. A simple “mains timer plug” which cuts power between 3am and 4am has worked a charm. Router gets a hard reboot every day! If it ever stops responding, just need to wait until the morning. 👍
That Arista is going to have 6x ASICS’s, probably the Fulcrum ones. At the time the max 10G ports you could have on a commercially available ASIC was 24, so you could have a single ASIC 24 port switch but if you wanted 48 ports of none-blocking 10G in one switch you needed 6 ASICS to achieve that in a CLOS architecture, with 4 ASICS’s providing 12 ports forward facing each and then the two ASICS’s for the backend to connect the other four. So that contributed to some of the high power use :) if you open up the switch you will see the six ASIC’s in the 4 - 2 arrangement
Ah yea, that makes sense... and indeed it was a great switch for the time.. and of course it still works! However when I power up three of them my UPS beeps. ;) If I remember correctly, these Arista switches also have an X86 processor in them.
@@jeffsponaugle6339yeah their OS is built on a Linux Kernel and indeed runs on a X86 chip, as it’s not used for inline processing of packets it does not bottleneck the switches performance but it’s used or run the routing protocols and all the background stuff needed. Equally you can get access to the Linux kernel and run all sorts of things on the switch that it’s technically not meant to run, so lot’s of things that can be fun to experiment with
Jeff, love your videos and your setup. Just getting started with your channel, but wondering what you do for IPAM? Flat L2 network? Routes L3? Any routing protocols in use?
At around 21:40 you mentioned that you could create a VLAN on the Ubiquiti switch to "split" your ISP connection. You said that if you lose your internet, you lose the ability to connect to the UDM and any other part of your network. If you are using a backup ISP to the UDMs, wouldn't that still allow you to connect to them (the backup ISP modem has two ports available so it would not be relying on the Ubiquiti switch for splitting the backup connection)?
Great Video! I have a UDM Pro and a UDM SE. I know one is a bit slower/etc. than the other but can I use shadow mode between my PRO and SE? One question I did have with your setup. It seems you just moved the single point of failure from the UDM to the small switch between your modem and UDMs... But I can't think of any way to get past that if your incoming modem doesn't have 2 working ports.
I love all your videos but on my phone the volume is a bit low. I always put on the cc. Those work great but im not sure if more would benefit from a bit louder voice. ❤❤
We have been on a quest to get rid of single points of failure all over our network, and this will be the next step. One thing I'm currently looking at: I have fiber coming in to the office and this is going directly into the UDM Pro. Do you know if it's possible to do a splitter so the fiber can go in to the other one as well? It would be fantastic, if there was a way to do this without an active "fiber switch" box. After this, the 10G aggregation switch is the last failure point. And I am considering exactly what you proposed - to do a backup ethernet based switch to each of the servers. But as you say, network equipment is pretty reliable, and it's very easy to replace a switch. It's not easy replacing a UDM, because of the UniFi controller.
The way that you would accomplish it with a single ISP connection would be ISP router to a switch with a vlan. Then both firewalls wan ports to the vlan on the switch. You could also use a dumb switch to accomplish this. The firewalls would need to be connected to each other (typically a standard ethernet cable but could be fiber) then both configured with vrrp, carp or hsrp. With this configuration you would have 3 points of failure. ISP failure before demarc, ISP hardware failure on prem or your switch failure on prem. To do it right you would do 2 ISP's coming into both firewalls and vrrp carp or hsrp between the 2.
I was just trying to build a segregated VLAN so I can connect my Comcast internet to it in my data closet and then I can drop that VLAN off another Unifi switch on my test bench so I can use my public /29 on the UDM-SE and on my bench. Just not sure how I would setup that VLAN in the UDM. Any suggestions?
I have 2 UDM PRO and already set to shadow mode and it connected to 1 unifi USW-Pro-Aggregation (core switch) but I think again that what if my core switch die? and my question is, is it possible to use two unifi USW-Pro-Aggregation connected to each UDM PRO that already set up with shadow mode? Thanks Jeff
Interesting.. I have not tried one in part because LTE coverage is so terrible at house. Since I am on the top of a range that overlooks Portland the cell towers are all down lower.. thus why I have Starlink as backup.
Hey Jeff, I have been very critical of many YTer's who have all been getting free UniFi nopw the UBNT have gone to the bribe-style product flogging like 45-Drives did. All You-Floggers claimed to be unbiased in their revies but sadly, many of the reviews / reviewers were in many cases, out of their depth and in a shiny-blinky trance. Outcome has been biased and niave to the history of bad firmwares and UBNT's claims of enterprise grade since day one and is only just getting there now. I must say, your review was clearly deep and detailed and as you are strong with your UniFi Kung-Fu, I happily watched despite you getting demo gear which we both know, unlikely to be swayed.
I can understand that anyone doing a video about a product has the potential of bias..and no doubt that bias can come from many places. I genuinely use Ubiquiti gear and have been since 2009. In this particular case the HA feature is an interesting and useful feature given the system dependency on a single controller. It does work surprisingly well without a lot of configuration work, which for many people will be important. On the Protect side, I have been running BlueIris for for than 7 years and recently switched over some cameras to try out the latest iteration of Protect. There are of course features in BlueIris that don't exist in Protect, and of course there are advantages of having the Protect inside the HA envelope of a pair of UDMs. As I mentioned in the opening, Ubiquiti gear has the advantage of a very straightforward ecosystem that most people can use and understand, but of course that limits the complexity and configurability. If you take a look at PFSense you can see that difference, and the important question is to always ask what things are really important for your use case. Perhaps the single most important judgement I have to offer is the simple observation that I have been using a UDM+APs since I built my current house (~4 yrs), and my wife and daughter have not complained about the Internet not working. ;) Some of lifes' wins are easy. Cheers.
I aspire to be as self actualized as you are Jeff, I thank you for your inspiration and your insane home networking setup that I get to nerd out about.
Best explanation I've seen because you talk about all the possible scenarios particularly having 2 ISP connections. You also explain what interfaces are up/down and why.
Just going down the Ubiquity rabbit hole, great videos on these recently.
Yea, I have been slowly switching over things as it really makes administration easier, especially if I am traveling. I was surprised the failover worked so quickly and without and configuration. I have spent many hours on failover in the Cisco world!
Technically it is ubiquiti end with an i not a y😅
I love your channel. Inspiring stuff
Love your videos
I have a remote Ubiquiti Aircam up and running over 10 years no issues. However, the internet provider router sometimes used to crash. A simple “mains timer plug” which cuts power between 3am and 4am has worked a charm. Router gets a hard reboot every day! If it ever stops responding, just need to wait until the morning. 👍
That Arista is going to have 6x ASICS’s, probably the Fulcrum ones. At the time the max 10G ports you could have on a commercially available ASIC was 24, so you could have a single ASIC 24 port switch but if you wanted 48 ports of none-blocking 10G in one switch you needed 6 ASICS to achieve that in a CLOS architecture, with 4 ASICS’s providing 12 ports forward facing each and then the two ASICS’s for the backend to connect the other four. So that contributed to some of the high power use :) if you open up the switch you will see the six ASIC’s in the 4 - 2 arrangement
Ah yea, that makes sense... and indeed it was a great switch for the time.. and of course it still works! However when I power up three of them my UPS beeps. ;) If I remember correctly, these Arista switches also have an X86 processor in them.
@@jeffsponaugle6339yeah their OS is built on a Linux Kernel and indeed runs on a X86 chip, as it’s not used for inline processing of packets it does not bottleneck the switches performance but it’s used or run the routing protocols and all the background stuff needed. Equally you can get access to the Linux kernel and run all sorts of things on the switch that it’s technically not meant to run, so lot’s of things that can be fun to experiment with
Great video!
Jeff, love your videos and your setup. Just getting started with your channel, but wondering what you do for IPAM? Flat L2 network? Routes L3? Any routing protocols in use?
Never stop making videos!!
At around 21:40 you mentioned that you could create a VLAN on the Ubiquiti switch to "split" your ISP connection. You said that if you lose your internet, you lose the ability to connect to the UDM and any other part of your network. If you are using a backup ISP to the UDMs, wouldn't that still allow you to connect to them (the backup ISP modem has two ports available so it would not be relying on the Ubiquiti switch for splitting the backup connection)?
Great Video! I have a UDM Pro and a UDM SE. I know one is a bit slower/etc. than the other but can I use shadow mode between my PRO and SE? One question I did have with your setup. It seems you just moved the single point of failure from the UDM to the small switch between your modem and UDMs... But I can't think of any way to get past that if your incoming modem doesn't have 2 working ports.
I love all your videos but on my phone the volume is a bit low. I always put on the cc. Those work great but im not sure if more would benefit from a bit louder voice. ❤❤
Yes, I somehow mixed that low and will fix it!
We have been on a quest to get rid of single points of failure all over our network, and this will be the next step.
One thing I'm currently looking at: I have fiber coming in to the office and this is going directly into the UDM Pro. Do you know if it's possible to do a splitter so the fiber can go in to the other one as well? It would be fantastic, if there was a way to do this without an active "fiber switch" box.
After this, the 10G aggregation switch is the last failure point. And I am considering exactly what you proposed - to do a backup ethernet based switch to each of the servers. But as you say, network equipment is pretty reliable, and it's very easy to replace a switch. It's not easy replacing a UDM, because of the UniFi controller.
The way that you would accomplish it with a single ISP connection would be ISP router to a switch with a vlan. Then both firewalls wan ports to the vlan on the switch. You could also use a dumb switch to accomplish this. The firewalls would need to be connected to each other (typically a standard ethernet cable but could be fiber) then both configured with vrrp, carp or hsrp. With this configuration you would have 3 points of failure. ISP failure before demarc, ISP hardware failure on prem or your switch failure on prem. To do it right you would do 2 ISP's coming into both firewalls and vrrp carp or hsrp between the 2.
Is it possible to make several computers connected together that behave like it’s actually 1 computer?
I was just trying to build a segregated VLAN so I can connect my Comcast internet to it in my data closet and then I can drop that VLAN off another Unifi switch on my test bench so I can use my public /29 on the UDM-SE and on my bench. Just not sure how I would setup that VLAN in the UDM. Any suggestions?
I have 2 UDM PRO and already set to shadow mode and it connected to 1 unifi USW-Pro-Aggregation (core switch) but I think again that what if my core switch die? and my question is, is it possible to use two unifi USW-Pro-Aggregation connected to each UDM PRO that already set up with shadow mode? Thanks Jeff
I'd be curious how quickly internet failure for the Unifi LTE modem is. I have one but haven't had a use case to deploy it yet.
Interesting.. I have not tried one in part because LTE coverage is so terrible at house. Since I am on the top of a range that overlooks Portland the cell towers are all down lower.. thus why I have Starlink as backup.
Hey Jeff, I have been very critical of many YTer's who have all been getting free UniFi nopw the UBNT have gone to the bribe-style product flogging like 45-Drives did. All You-Floggers claimed to be unbiased in their revies but sadly, many of the reviews / reviewers were in many cases, out of their depth and in a shiny-blinky trance. Outcome has been biased and niave to the history of bad firmwares and UBNT's claims of enterprise grade since day one and is only just getting there now.
I must say, your review was clearly deep and detailed and as you are strong with your UniFi Kung-Fu, I happily watched despite you getting demo gear which we both know, unlikely to be swayed.
I can understand that anyone doing a video about a product has the potential of bias..and no doubt that bias can come from many places. I genuinely use Ubiquiti gear and have been since 2009. In this particular case the HA feature is an interesting and useful feature given the system dependency on a single controller. It does work surprisingly well without a lot of configuration work, which for many people will be important. On the Protect side, I have been running BlueIris for for than 7 years and recently switched over some cameras to try out the latest iteration of Protect. There are of course features in BlueIris that don't exist in Protect, and of course there are advantages of having the Protect inside the HA envelope of a pair of UDMs.
As I mentioned in the opening, Ubiquiti gear has the advantage of a very straightforward ecosystem that most people can use and understand, but of course that limits the complexity and configurability. If you take a look at PFSense you can see that difference, and the important question is to always ask what things are really important for your use case.
Perhaps the single most important judgement I have to offer is the simple observation that I have been using a UDM+APs since I built my current house (~4 yrs), and my wife and daughter have not complained about the Internet not working. ;) Some of lifes' wins are easy. Cheers.
@@jeffsponaugle6339 Take the wins when you can, LOL. Yes, agreed with all you said.
...at the time...
eBay
First???? Holy shit!