2019-02-10

Decent WiFi

The Aruba AP-515 "WiFi-6" Access Point
My home needs more than one WiFi access point. This is partly because it is a 5 bed house, and partly because the garage conversion for my office involved a lot of Celotex (metal foil coated insulation) in the walls and ceiling, which kind of stops WiFi signals dead. It would be just about possible to cover the whole house with one access point in the ceiling at the top of the stairs (as my neighbour does) but that would not get to my garage. So we actually have three access points.

Getting good WiFi at home

If you have a large home, or one with thick or insulated walls, you may need more than one access point to get good WiFi coverage. BT are making a point of this in recent adverts, but please do think carefully about this. WiFi is simply part of your home or office network infrastructure and a totally separate thing to your Internet Connection. Yes, smaller homes often have one box for all (modem, router and WiFi), and that does work for smaller homes. But if you want good networking at home or office, I'd recommend thinking about your network infrastructure (WiFi, Cabling, and switches) as a separate project than your choice of ISP. Good networking at home can make all the difference. WiFi repeaters and power ethernet devices are generally no match for running a network cable to where you need an access point. With PoE (power over Ethernet) that can be one cable and no need to find a power socket near where the AP is located (important when on the ceiling). Any fixed machines on desks, or TVs, etc, are often better handled on cable as well, and there are some nice PoE powered 5 port switches that are available making it easy to run one cable to behind the TV for several devices and not need another power socket.

Please, don't do what I saw in one place. We spent a weekend at a large holiday home. WiFi did not reach from one end to the other. They had installed two totally separate ISP connections each with a separate WiFi modem/router with the default ISP set SSID and password, in order to "cover" the whole house!

Ubiquiti/Unifi

Ubiquiti have been pretty groundbreaking in making a lot of network equipment available at a reasonable price, including good WiFi access points. I tried these and we were selling them at A&A. I am using Ubiquiti IP Cameras and they are pretty good (just got some of the G3 Pro models which do proper PoE, and they are nice).

I tried these access points at home, and I did run in to a real problem with iPhones, roaming between access points, and IPv6. At one point we thought FireBricks may be a factor, but it seems that is just because A&A sold Ubiquti APs, FireBrick routers and IPv6 networking - the problem was seen with non FireBrick routers. The problem looks like it is probably iPhone related, but hard to say if iPhone bug or not. The big clue was when someone found that turning off IGMP snooping on the AP solved the issue. This makes some sense as IPv6 uses multicast for neighbour discovery, so broken IGMP and multicast could break IPv6. What is interesting is we have also seen this on another make of AP now, though still iPhone specific, and it looks like it relates to 802.11r roaming. My guess is an iPhone bug.

Aruba

I changed to Aruba access points. They are a bit more pricey than Ubiquiti - around twice the price. Ubiquiti really have done a good job on price.

They have a confusing array of model numbers which fooled me a bit. Not only for different grades of WiFi standard and speed, and number of radios, but for indoor and outdoor, and for internal and external antenna. They have models for specific countries - the one we need is "RW" (which I assume means Rest of World).

Like most systems to manage a set of access points you need a controller. Ubiquiti do controller software for multiple platforms for free. What Aruba were doing is a separate hardware controller, but they then added Aruba Instant which is where one of the APs acts as a controller for the set, providing a nice web interface. This has the advantage of no separate controller, but also, if that AP is off line another takes its place with the same config, so redundancy built in. What was confusing is that this was a separate model - the IAP-305 is the one that can be a controller and the AP-305 cannot. What fooled me further is that later models are all able to be a controller but don't have the I in the name, so an AP-375 is an outdoor AP and there is no IAP-375 which confused me. The AP-375 can be stand-alone / controller. I'll be trying an outdoor AP (AP-375) soon, to ensure good coverage of the garden for the summer, and I'll no doubt post more on that.

As for roaming iPhones and IPv6, the Aruba has control of separate roaming related settings for 802.11r, 802.11k, and 802.11v. It seems only the 802.11r breaks iPhones and IPv6, but roaming is pretty seamless with the other two settings turned on. I am sure one day this will be fixed in iPhones and so 802.11r can be enabled.

Update: It seems 802.11r is OK now, but also enable the setting to make ARP unicast (broadcast filtering).

Personally I like the Aruba better, but that does come at a price.

WiFi-6

One of the interesting things for both manufacturers is the new 802.11ax standard (aka WiFi-6). I don't have a device that can use it yet, but it is rumoured that iPhones may have this year. Aruba have an AP that does it (AP-515). Once they are both available, I'll give them a try and keep you posted.

30 comments:

  1. From what I can tell Unifi + iPhone + IPv6 is now fixed in more recent iOS versions.

    ReplyDelete
    Replies
    1. 𓂺 (Cockburn - pronounced "Coburn")Tuesday, 12 February 2019 at 16:51:00 GMT

      It should have worked from day 1 (if it didn't already). What ever happened to quality control and testing!

      Delete
    2. The thing about this market is you pay through the nose (Aruba etc) to license the software and as such you have (in theory) some rights based on that ongoing financial contract.

      With Unifi the s/w is free.

      Support is largely community-based outside the USA.

      The UAPs are cheap - radios/antennae are top-notch* & plots are available.

      I'm a RF engineer & their guys are good.

      If they had s/w engineers half as good they'd be the new borg by now :)

      Disruptive pricing is their "motto" I think.

      *no 60/70GHz kit in sight yet :(

      Delete
  2. Unifi + iPhone was broken for years, hence leaving them in as the legacy 2.4GHz network and instead using Ruckus gear for the 5GHz stuff.

    ReplyDelete
    Replies
    1. 𓂺 (Cockburn - pronounced "Coburn")Tuesday, 12 February 2019 at 16:51:00 GMT

      Sounds naff. Surely the iPhone is like the number 1 gadget you would want to work properly on the wifi.

      Delete
  3. Sadly, Ubiquiti are moving away from software controllers and onto their own dedicated hardware, certainly for video. https://community.ubnt.com/t5/UniFi-Protect/Introducing-UniFi-Protect/m-p/2474802#M1

    ReplyDelete
    Replies
    1. That's a shame, it's really handy having the controller as a docker container

      Delete
    2. The software controller remains the same although they're having to change things because of Oracle (Java) and MongoDB licensing changes. AFAIK there will be binaries for Linux/Windows.

      The hardware controller is a different matter. This is where (in theory) UBNT update the OS and the controller plus all dependencies. ie a nice device that end-user never really needs to mess with.

      The Gen 1 UCK is a 32-bit ARM stick so the version of MongoDB on it is ancient. Its also writing to a USB stick (literally) so there's always write-commit transactions pending which means powerloss is bad news.

      UBNT sussed this out when 5-minute samples became available on the UI and hence writes (and pending write-commits) went through the roof.

      Quick & dirty fix was to enable journalling - not something you'd want to do on a USB stick really but what else could they do?

      Also a 2GB database is fuck all in terms of logging wireless stats on a 5 minute basis unless you manually prune it with a cron job.

      In short not user-friendly.

      The current Gen2 cloudkey comes with or without a hard drive. The model with the hard drive supports video recording using the newer "Protect" s/w.

      I'm not a UBNT fanboy by any means but Protect will become available for x86-64 platforms in time. The old Unifi-Video NVR can't hack it in terms of cpu architecture.

      Delete
    3. Dunno why I said ARM, first Gen UCK is Atom IIRC.

      Delete
    4. I get this on a first gen UCK:
      root@unifi:/bin# uname -a
      Linux unifi 3.10.20-ubnt-mtk #2 SMP PREEMPT Thu Jan 31 10:10:50 PST 2019 armv7l GNU/Linux

      Delete
    5. Yes sorry about that I was getting confused with the (old) NVR cpu which is Atom & hence "Protect" won't run on that.

      UBNT don't really seem to have any hardware engineers other than RF (and perhaps the Edgerouters).

      For PoE switches etc they just buy generic modules & slot them together with predictable mid-life (18-36 months) failures.

      I suspect the Gen2+ cloudkey is going to crash & burn as a product, not least because it uses a 2.5" drive and most of those over 2TB are SMR. Probably still a decent option for a small install, time will tell.

      Delete
  4. I have all unified gear and love it, but if I remember correctly, unified didn't officially support ipv6 at the time you had the issue?
    (Or was it supported on the edge routers? Certainly the USGs have only recently supported ipv6)

    ReplyDelete
    Replies
    1. Err, apart from IPv6 being the *current* version of IP, one does not expect or require an *Ethernet* device to have to /support/ any protocol carried over Ethernet - it should pass the Ethernet frames regardless of the frame tag. Obviously for IP based management that is a different matter, but that was not the issue.

      Delete
    2. I did once have an AP which would pass the route advertisement packets but fail to pass any actual traffic. That was fun to debug. But I replaced it with a Unifi saucer.

      Delete
    3. The unifi routers have only "Beta" IPv6 support. I've had no problems with IPv6 over unifi APs, but I don't use / like anything apple.

      Decent bang for the buck, decent controller software and regular updates have all left me with a decent impression.

      Delete
    4. As I say, apart from things like management access, an AP does not need to support IPv6. It should work for *Ethernet* packets regardless of packet type. It should work as well for ARP, NETBUI, IPv4, IPv6 or IPv7 even. No *support* is needed for the higher level protocols.

      Delete
    5. 𓂺 (Cockburn - pronounced "Coburn")Tuesday, 12 February 2019 at 16:52:00 GMT

      Yeah, it's a bit like saying the phone supports english and chinese conversations but not german.

      Delete
  5. I'm using Ubiquiti ones at home - cheapo ones off eBlag but do the job :)

    ReplyDelete
  6. Have installed scores and scores of Unifi APs across numerous high-end business and residential clients in London over the last five years. Largest site has 10 APs. Smallest has 2 APs. We remotely manage the lot, including firmware updates, reboots and diagnostics, outage alerting, etc. No issues - ever - that cannot be traced to user error/stupidity. Perhaps one - one dead AP that we swapped out. Didn't even bother to RMA it: just supplied a new one.

    ReplyDelete
  7. Very interested to see how you get on Adrian. We have had (ongoing) nightmares with Ubiquiti AC Pro and FaceTime. General SIP calls work fine, but every single client (including me at home) has issues with FaceTime video freezing and never coming back. Seems to be a very common problem, most probably related to roaming between APs, but 3 years on and we are no closer to a fix.

    ReplyDelete
  8. I used to recommend Apple Airport Extreme for wifi, they work very well. But since Apple dropped the product line several years ago as far as anyone can tell, they're not something I can recommend new any more. I have two and I'm only using one of them so they should keep going for the forseeable future. And if you can find working ones second hand go for it if they do what you want. Management on them is very basic, but my needs in wifi are simple.

    ReplyDelete
  9. 𓂺 (Cockburn - pronounced "Coburn")Tuesday, 12 February 2019 at 16:50:00 GMT

    I use Devolo homeplugs all over the house but frankly they're not very good in my case. Sometimes I get really good transfer rates (like 30MB/s) but every now and then the whole thing just freezes up. If I'm surfing the web from my phone then I sometimes just switch over to 4G because it doesn't keep freezing like the wifi.

    Is there a way of making the wifi from the router go further, for instance turning up the voltage on the aerials or something like that. I want my wifi to stretch EASILY all over the house. In fact I want it to be like a mobile phone mast with a range measured in miles not feet.

    Also what's all this with BT talking about having the best ever wifi. Surely their wifi is as good as the routers they ship, which probably aren't as good as the wifi you get from an expensive model like a Draytek or something like that? Besides, what I really want from an ISP is a nice fast connection at the phone socket, how I distribute that bandwidth about my house is my business not BT's! And as for that silly helicopter advert, well of course you can get quite a good range going straight up in the plain sky (and the helicopter isn't even really that far up anyway), what I'd like is a good signal that can work across 4 floors even when the microwave and baby cameras are on.

    ReplyDelete
    Replies
    1. For a start, yes, treat ISP as internet connection and consider home infrastructure like WiFi as a separate project, IMHO.

      If one WiFi AP does not cover the whole house, you need to consider a set of them, which is where ubiquiti or aruba come in, using (ideally) a cable to each AP from a switch (PoE makes this easier to power the APs). Then phones can roam from AP to AP and you can have good overall coverage.

      No, you can't turn up the power. The power and frequencies and protocols are defined and licensed so the APs and devices have to use the power settings allowed. Even if you could make the AP more powerful it would not make the phone more powerful when talking back to it!

      Delete
    2. I did really enjoy their claims of "Most powerful WiFi ever" when transmit power is regulated (And pretty low in the UK compared to other countries, not that transmit power is the be all and end all).
      I'm sure the marketing dept didn't mean powerful to mean power output, but that's the strict technical definition

      Delete
    3. They're a marketing department. They meant "we want you to buy it".

      What the &*&% else is "powerful" supposed to mean?

      Delete
  10. The Unifi APs have come on a long way since you last tried them Adrian.

    I have my doubts about the UAP-nanoHD as it has a mediatek chipset but the rest of the range is fairly solid now.

    I'd strongly recommend not using Unifi switches or gateways as IPv6 support is still pretty shit. UBNT hired one of the leads on pfSense a couple of years back but the bottom line is yanks still don't see the necessity for IPv6 so it gets sidelined. Its also still easy to fuck things up so IPv6 vlans "leak" onto each other when roaming.

    For wifi its pretty much spot on, you do have to tweak the power levels (easily done) so clients don't hang onto inappropriate APs. From memory you're pretty much all iStuff at home and the fast transit (802.11r/v/k) works well with that. Old stuff not so much but its just a tickbox to turn it off.

    I have a UAP-AC-Lite, UAP-AC-LR and UAP-AC-M which covers a 1980s 4 bed detached and back garden pretty much perfectly. My home requirements are limited though - I'm quite happy having local vlans on IPv4 only for example.

    The tl;dr is the "Unifi experience" has improved by several orders of magnitude since you last used it at home but the switching/routing lags behind. NB - that's not the Edgerouter kit which is more "easily configured" shall we say ;)

    ReplyDelete
  11. Most unifi kit is now "proper PoE", that is 802.11af/at.

    This includes the UVC-G3-AF, UVC-G3-DOME, new UAP-AC-LRs, UAP-AC-Pros, etc etc.

    Those items that were not 802.11af and were instead 24v passive PoE have been updated/rereleased with 802.11af.

    I love my Unifi network, but again I have no Apple devices. I know you went through a lot of work with Ubnt support, how was Apple support with the 802.11r issue?

    ReplyDelete
    Replies
    1. Got nowhere with apple! Ubiquiti tried hard, and even sent some switches (we sent them a FireBrick).

      Delete
  12. Interestingly the iOS 14.1 release notes include the item:
    * Improves compatibility with Ubiquiti wireless access points

    I wonder if they may finally have fixed whatever bug was in iOS that was showing up with Unifi APs...

    ReplyDelete

Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

The end of 17070 and serious consequences

I just read a very concerning article on BBC  https://www.bbc.co.uk/news/articles/ckgknm8xrgpo TL;DR BT crossed wires and so a criminal inve...