brwainer

I have spent the last 20 minutes trying to find the damn name of what you’re referring to. Basically, Ruckus wanted to have a cheaper option to compete with Ubiquiti, and so they spun up a separate brand for controller-less networking. The hardware was based on the R500 and such but had something specific removed - I think it was BeamFlex, Ruckus’ patented method for doing beamforming based on dynamic antenna patterns as opposed to phase shifting. They ended up retiring that brand and instead offering Ruckus Unleashed - same hardware as the rest of Ruckus, just with an internally hosted controller (a cut down version of ZoneFlex). You can firmware swap APs between standalone, ZoneFlex, SmartZone/Cloud, and Unleashed.

I think you are very confused on this - they are definitely not related! Mikrotik is a Latvian company that is not related to any other brands. Ruckus is an American company that was bought by CommScope and then resold to Broadcom where they currently reside. Ruckus switches are from partial acquisition of Brocade, but their APs have been their own technology forever. Ruckus mostly uses custom ASICs/SOCs in their APs, whereas Mikrotik uses chips from standard vendors like MediaTek and Broadcom. Actually a lot of Mikrotik and Ubiquiti products are very similar inside because they use the same chips often. You might be thinking about Cisco and Meraki, which have operated separately on both hardware and software until now - the new CW9162, CW9164, and CW9166 can be selected between Cisco and Meraki firmware options, and I believe they’re going to do similar with switches that can be used with Cisco DNA or Meraki (or the old standalone config). Or you could be thinking about HPE and Aruba. HP had a wireless line before they bought Aruba, and Aruba didn’t have a switch line. When HP bought Aruba they killed off the MSM AP line and renamed the switches to Aruba. The other recent notable acquisitions, although you probably didn’t hear about them, are Extreme Networks buying Zebra Wireless (which previously was Motorola wireless), Extreme Networks buying AeroHive, and Arista buying Mojo Networks. Speaking of - if you get proposals that use Arista, or the AeroHive-derived Extreme APs, they are good contenders too, but avoid the Zebra-derived Extreme APs. I can confirm which is which if you get into that situation.

The only "simplification" to the controller that runs on the Dream Machine lineup is that it is single-site, whereas a normal controller can have many sites defined. The actual limitation on sites is that each site can only have a single gateway (the original USG/USG-Pro, or the new UXG-Pro). Since the Dream Machines are each a gateway, it doesn't make sense for it to be able to support other gateways as a controller. The only other thing that multiple sites makes better is having different names for the same VLAN ID, which is more important for an MSP than a single organization. Beyond the single site limitation, and being stuck to that one gateway device, there is nothing else limited or removed on the DM Network Controller. They actually run/use the same .deb installer package and Java VM as self-run controllers. Edit: Another thing to consider, since you mention warranties and support: Ruckus, Aruba, Meraki, Fortinet, etc (everything mroe or less at this same price point) have limited lifetime warranties (Check before relying on this information - specific product lines may require an active Support Contract which may or may not be the same as having a License). Ubiquiti warranty is 2 years if bought from them directly, or 1 year if bought via anyone else. They recently started offering a UI Care support contract, but its only available for the UDMP, UDM-SE, and Gen2 switches - not any APs.

Professional Enterprise experience: Three years at an MSP that focused on apartment buildings with hotel-style wifi coverage, mostly Ruckus Three years at an MSP that served the hospitality market, directly supported Ruckus, Aruba (HPE), Meraki, and Extreme Wireless for all of the hotel brands you know in North America. Went onsite in Canada multiple times to oversee installs for Delta Hotels. Implemented Marriott Hotels back-of-house network per standards (their back-of-house network security is top notch - unlike their website and database security which is where their data breach came from) Two years at a Fortune 500 company using Meraki and legacy (pre-802.11ac) Cisco Aironet APs Throughout all of this, I've used Mikrotik and Ubiquiti wireless for home and nonprofits, although my home is now using Ruckus Unleashed since 2020. I understand the limitations of Mikrotik for wide area wireless. It just doesn't expose to you things that it could - for example, the IP address of wireless clients in the clients list. Other wireless systems snoop on DHCP to show this, but I'd be happy if it only worked with local leases (meaning the CAPsMan controller is also the DHCP server). They also lack a lot of creature comforts, like being able to apply guest restrictions on an SSID at the AP-level but without setting up each AP with custom rules to do so. I think Ubiquiti can be a workable solution for you, but any "enterprise support" is going to come from a VAR, and if you find a bug or need an RFO/RCA there is zero chance they're going to have Ubiquiti involved with supporting that. There are organizations that have thousands of APs in a single controller, they use large VMs or physical hardware - like 64GB RAM, pretty decent CPU, good SSD storage. The Java controller requires more resources to scale than other competitors. My favorite enterprise controller to use is Ruckus SmartZone. It is the most straightforward for all the settings I've used for hotel-style networking (which includes the office and security settings used by something like Marriott's back-of-house). Ruckus support has been as good as Meraki and Aruba has been when running into oddball situations. Client analytics/metrics are on par with most things I've seen, certainly enough for troubleshooting all issues I've come across. Aruba wireless is somewhat of an oddball. They have really good feature coverage, but their controller is a mess to use because it is designed as an all-in-one router, UTM/NGFW, wireless controller, authentication gateway (RADIUS proxy or server), and more types of network gear - its a kitchen-sink system. What this means is that some of the settings you might want to put onto the APs are buried in odd submenus that you wouldn't find on your own unless you opened up every option. Aruba also defaults to all traffic being tunneled to the controller, and that is one of the settings that is somewhat complicated to change. Similar to the settings being weird, I also felt like the client analytics/metrics are weaker or more buried, because they are expecting to be a full-play provider. I was able to troubleshoot wireless issues, but not as seamlessly as with Ruckus. The focus on more than just wireless also means that the controller hardware is way over-spec and expensive compared to Ruckus, because when they list the number of APs and clients they can support they list it with the controller acting as a full router. Most of the Aruba controllers are actually standard HPE servers with a custom bezel and the Aruba OS preinstalled. (Note that I am talking about the full-scale Aruba offering, which is akin to Ruckus SmartZone, not Aruba Instant-On which I have no experience with) If you can afford Meraki, I wholeheartedly recommend it. The client information exposed is top-notch, and being privy to their upcoming features (just had a call yesterday with our sales engineer) they are just furthering their gap between them and everything else. I don't have a lot to say about it beyond that. Comparing the AP hardware of all the companies I've dealt with, its all more-or-less the same, except with Ubiquiti being a small bit lower. The main like-for-like difference I've seen is that Aruba APs run a lot hotter / output a lot more heat than everyone else.

Unifi Protect officially only supports Unifi cameras, and they do have wireless offerings. Originally the UVC-G3-Mini was priced competitively with Wyze (ignoring the server/storage) but they recently increased its price a lot. There is at least one community project you can run that lets any RTSP camera work in Protect, and they work, but Wyze cameras don’t handle RTSP well (you have to flash a different firmware, and the video streams have issues).

There’s two types of uses for VPN technology, generally defined by where the VPN server is located. In the discussion of this thread, the purpose is to be able to access a home or business private LAN resources when outside the network. The server therefore is located at the home or business, running on the router or separately. In this case, no outside VPN service/provider is generally involved. A new trend in this space, however, is technologies which aren’t exactly VPN but could be used for the same purpose. Tailscale and Zerotier fall into this category. They have a central orchestration server which each device contacts, and then the devices are told each others addresses and they try to connect to each other directly. If the direct connection fails, the orchestration server may also be able to act as a proxy. In this case, the provider would need to be paid, but they do usually have a free tier that is sufficient for home use. The main use case for a “VPN provider” however is not for remote access to a LAN, it is for keeping your internet traffic encrypted and obfuscated from the immediate network provider - the operator of the network your on, their ISP, the local government, etc. This is the main type of service that people pay for.

You should take this tot he truenas forums, if only so the developers see the deficiency in their implementation and could maybe change it. But the next Scale release, Bluefin, has a lot of container changes already and is in RC status.

There are two types of Unifi cameras. Ethernet cameras that require POE, and wireless cameras that require power from a wall outlet (technically they are USB powered). I don’t think any of the ethernet cameras have a DC-In option.

With either the UDMP or the UDMSE, you install a drive and purchase Unifi cameras, and yes it'll record to the hard drive. The UDMSE has POE output to power the cameras (and your AP(s)), as well as a small builtin SSD that can be useful if you just have a few cameras and set them to record on motion only instead of continuously. With the UDMP, you would need either POE Injectors or a seperate POE switch to power the cameras.

Was the “Cat 7” cable suspiciously cheap, or more specifically was it cheaper than a Cat 6/6a cable of the same length? Cat 7 and Cat 8 are real specifications, but they aren’t recognized by TIA/EIA and so there are a lot of cables sold as Cat 7 that would barely pass a Cat 5 test. Especially if the cable is flat.

In order to determine whether a network/connection is providing internet access, it is common for devices to reach out to specific test servers and try to load a basically-empty webpage. Apple, Google, Microsoft, Firefox, Samsung, and others have these. If the page loads exactly as expected then you are online. If it doesn’t load, you’re not online. If the page gets redirected, for example to the login portal of a public wireless network, then your device will open it up in your default browser - but they don’t open the login page directly, instead they launch the test page URL. Some Modems, Routers even ISPs redirect you to a status page when they think there is an issue. So maybe the background test was redirected to a status page, but the issue cleared by the time it was opened in your browser.

With every security technology, there are two sides to them - the protocol, and the implementation. New technologies have to be proven in both these regards, through thorough audits and time on the market without incident. Wireguard’s protocol and the official implementation have completed at least one if not more third party audits by recognized security research companies, and there hasn’t been any large issues I’m aware of. But then PFSense’s first implementation, which they did themselves and did not allow the WireGuard main author to help with, was massively flawed and a huge scandal. Since PFSense is a major firewall OS with a lot of overlap in the same enthusiastic, performance-oriented IT people, this didn’t help matters. OPNSense, by the way, used the official implementation but in userland-mode, meaning it has a performance hit - I don’t know if they have since adopted PFSense’s improved implementation, or if the official implementation has added support for the FreeBSD Kernel (having a kernel-mode implementation was PFSense’s argument for writing it themselves, but they had insane hubris to not involve anyone outside before shipping it to customers). I think the major limitation to adoption is just momentum though. Not every firewall supports it yet (Mikrotik has it in their new v7 OS branch, but that isn’t fully stable and ready yet so most Mikrotik routers still run v6; Untangle has put it as part of their paid feature set; I don’t think Watchguard has added it nor Sonicwall and most other small business firewalls). And if you have a working connection, maybe you don’t want to spend the time converting it. I’m ising WireGuard where I can for new setups, but have plenty of tunnels with OpenVPN, L2TP, or IPSec that I’m just leaving as-is.

Starlink is your friend (for work purposes, a dual-WAN router using Starlink as primary and LTE as backup is a good safety net)

The standard for cable modems is DOCSIS, and MoCA has a lot of work put into it so the two can coexist on the same cable infrastructure in your house. They are intentionally non-overlapping, because the are completely unrelated and incompatible.

The length of time an entry is kept in the DNS cache is defined by the entry itself. 30 minutes or 60 minutes are common - if a site’s primary server/ISP fails and they need to change to another IP, you don’t want it to take too long before users are hitting the new one. So for things you are constantly hitting, the cache helps, but beyond an hour you’re mostly doing a new lookups. And depending on what it is, even if you have been using the service for an hour you may need to look it up again. For example, you have been watching a video on YouTube for >60 minutes and haven’t done anything else on the site. The DNS cache will contain the video server(s) and the API server used to track watch status, but you won’t have the webpage server in cache. Modern sites are built out of dozens or hundreds of different DNS entries.

You can also get any Wifi6 router and turn it into an AP, even if it doesn’t have an AP mode. You just disable the DHCP server (I have never seen a router where that wasn’t an option), change its LAN IP to something in the main router’s subnet, and only use the LAN ports for connections - even to your now-wired-only router. Are you asking for “models that are available in the US for <100USD”, or “models available in Moldova for <100USD”?

Let’s rule out the simple mis-configuration option first. I am not familiar with qbittorrent, but by searching it I see it is very similar to transmission in that it is normally a desktop application, but you can enable a WebUI and control it remotely. So, did you enable the WebUI, and did you make it possible to access that remotely? (port forward on your router to the qbittorrent webui port, or put that whole computer/IP into a “DMZ” setting which means all ports are forwarded to it)? If so, even if you think it is secured with a password, that is how you’ve been “hacked”. Remove the port forward for the WebUI, and access it by first connecting to a VPN inside your network.

Reading between the lines as a tech-literate person, I believe this lawsuit is about any drive that uses a standard 5.25” or slim 5.25” form factor. External drives are included because they just take an otherwise regular Sata drive and put it in a case with a USB adaptor. The PS3 likewise probably (I don’t know for sure) uses a regular drive just with custom firmware. Most TV/theater players in contrast normally build the guts of the drive directly in their housing, and don’t use a standard drive module from another brand.

I think their question about requiring IPv4 is more about “can it run on IPv6”. In other words, can your camera be updated or configured to use IPv6, so you can access it remotely via IPv6 instead of IPv4. Same thing for your game server - they want something that says the game does not support IPv6.

BT5.2, I don’t know about the technical differences, but if you aren’t using any bluetooth devices direct to your laptop then it probably doesn’t matter for you. Wifi 6E enables the use of 6GHz channels, but the AP or router you are connected to has to also be 6E for you to see any benefit.

Ah OK, here I am being an American saying the way things are here without being clear. I meant in the case of the VOIP and IPTV being from the same company as the ISP, and being delivered directly off the cable modem or fiber ONT. Although I’ve certainly helped a good deal of Europeans (don’t remember which countries) where the IPTV was in its own VLAN, and if you run your own router you have to bridge or pass through that VLAN to the set top box - I remember because it is one of those cases where a Unifi router is a very bad choice.

Hubs don’t exist (are explicitly forbidden) in the gigabit and later ethernet specifications. An unmanaged switch is a solution whenever you want more ports and don’t need any features to be configured or supported that can’t just be run by the default/passive operation of the switch chip. A proper ISP configuration, which I know is used by Cox, Comcast, Verizon FIOS, and more, has the VOIP and IPTV traffic transferred at a higher QOS priority and outside the customer’s rate limit and bandwidth consumption measurement. Yes, as a network admin I agree that a hub would surely be handy from time to time. But in a world where a $35 5 port gigabit switch exists with mirroring functionality, I don’t need a hub anymore. Mikrotik RB260GS and Ubiquiti USW-Flex-Mini are both in this category of under $40 with the ability to mirror traffic. I keep a USW-Flex-Mini in my bag with it preconfigured to mirror port 1 to port 5. Only annoying thing is that you have to add VLANs to the config before it will allow them to pass through the switch. That is where the Mikrotik RB260GS is better, but that takes up more room in my bag.

I think you need to elaborate on what you have done to try to evade Netflix’s geo block. My “expert” opinion (I do not consider myself an network expert because I know what I do not know about networking, and I work with some true “experts”, but a Fortune 500 company is happy to keep paying me a lot of money to be a Network Engineer and solve odd problems like yours) is that you’ve caused your router to respond to every ping request itself. This might be due to some NAT or routing related policy you’ve made. Edit: to explain the traceroute results, Windows traceroute defaults to using standard ping packets (ICMP Echo Requests) so anything that’s affecting ping will affect the default Windows traceroute. It is also possible to traceroute using UDP packets which is the default in Linux. I don’t know off the top of my head whether and how you can make Windows tracert use UDP instead of ICMP.

I admit that is where legally this situation really sucks (other than the fact that the community patching every single one of the to-be-abandoned games is unlikely, and will take time and effort to accomplish)

Reminder that it is legal to patch games so they can be played after the servers are shutdown: https://arstechnica.com/gaming/2015/11/u-s-govt-grants-limited-right-to-revive-games-behind-abandoned-servers/?amp=1 Shutting down the servers is inviting the community to start hacking at the game, with no recourse via copyright. Now, the community isn’t legally allowed to do more than provide an offline-play patch for users who have obtained the content already, but you know that’s not how this works. As for DLC, if you bought it once then I don’t care how you get the content bits into your computer.