Home Network Update: Goodnight, UniFi Dream Machine

Originally Posted: May 19th, 2024


Home Network Update: Goodnight, UniFi Dream Machine

It’s been a while since I wrote about my home network, in Zen and the Art of Home Networking. Not much has changed since then, until recently. I finally retired my UniFi Dream Machine and replaced it with the UniFi Cloud Gateway Ultra, Enterprise 8 PoE switch, and U7 Pro access point.

I figured it was time to provide an update and explain why I said goodnight to my trusty Dream Machine. I also want to cover the much-discussed backplane limitation of the Cloud Gateway Ultra, some issues I had with the U7 Pro, and why I already want to make more changes.

Over the past few months, Ubiquti have released a lot of UniFi equipment. Off the top of my head, we’ve seen:

  • Gateways — Cloud Gateway Ultra, Express, Gateway Lite, and Gateway Max
  • Switches — Pro 8 PoE, Pro Max 16/24/48, Pro Max 16/24/48 PoE, and three flavors of Ultra
  • APs — Swiss Army Knife, U6-Mesh-Pro, and U7-Pro

I wrote about a few of them and bought a few of them as well. Over the past few years, I’ve amassed a horde of home networking equipment I don’t need. Some I’ve been able to repurpose, use for testing, or hand off to friends or family that need an upgrade. More than anything, they sit around.

Even with all of those options, I’ve mostly used the UniFi Dream Machine as the core of my home network. I’ve swapped it out to test new products, added switches and APs, ran Ethernet, and reconfigured it more times than I can count. No matter what I did, I always came back to the UDM as an easy option to keep my home network running. It allowed me to experiment off to the side without worrying about the network everyone else was using.

It’s a little beat up but it’s running fine, and it is still supported by current UniFi software. So why the Cloud Gateway Ultra, and why now? Before we cover those details, I want to start at a high level and talk about my layout and the hardware I chose.

Topology and Hardware Selection

Old network:

  • Cable modem
  • UDM

New network:

My home network is small and has a simple layout. There are around a dozen or so client devices, and fairly light usage overall. The main requirement is reliable wireless for working from home, a few extra computers, and wireless security cameras. It’s not a very exciting network.

The WAN is provided by a coax cable modem, which provides Ethernet to the WAN of the Cloud Gateway Ultra. It is a (sadly typical in the US) asymmetric connection with gigabit download, but a tragic 20 Mbps upload.

The Cloud Gateway Ultra acts as the main gateway and UniFi Network controller. It is connected to an Enterprise 8 PoE switch, which powers my U7-Pro access point. When needed, the U7-Pro wirelessly connects to my UniFi Express acting as an AP. This allows me to get Ethernet in my office for test equipment. I also occasionally power up my Cloud Key Gen 2+ (Shown as "CloudKey+ in the Ubiquiti store) and G4 Instant camera for use as a pet camera.

This is the normal layout, but it often changes. While running speed tests for my UXG-Lite Review, I ran Ethernet and built my lab network off the USW-Enterprise-8-PoE. I have two computers with 2.5 Gbps NICs to break beyond the gigabit barrier on LAN-to-LAN connections. Ideally, the link between my switch and gateway would also be 2.5 Gbps, which brings me back to the Cloud Gateway Ultra and the newer UXG-Max.

I made my initial network changes and started writing this before the new Gateway Max (UXG-Max) was announced. The UXG-Max is the gateway I would use if I was building this from scratch, today. I would be able to use my CloudKey+ or self-host the controller if I wanted. I wouldn’t be able to use the Cloud Gateway Ultra for anything, due to the controller and gateway functions being tied together. Sadly, it would join my Gateway Lite in the pile of spare equipment.

Due to my gigabit WAN and light needs, the UCG-Ultra is not a limitation in day-to-day use. Switching to the UXG-Max would allow me to not worry about gigabit links becoming a bottleneck in my testing though, so it’s on my long list of equipment to purchase. I also just generally prefer the flexibility of a standalone gateway and standalone controller, even if I don’t strictly need multi-site support or the other benefits of a modular setup. There are advantages to both, and the UXG-Ultra is a convenient combination of gateway and controller, just like the UDM was.

If I wanted to expand my wireless coverage, the first thing I would do is look into running Ethernet cabling, and putting an AP on the 2nd floor, or one outside to ensure coverage on our back deck. The U7-Pro is close enough to make that not necessary though. As I said, my network is small and my needs are low.

Making The Change

The swap-out process was simple. UniFi networks are software-defined, and importing a backup makes swapping hardware a non-issue. If you change from one controller or gateway to another, you can just import a UniFi Network backup file. Your networks, clients, Wi-Fi settings, and everything else will be back to how they were.

I could have done that, but I chose to build it from scratch and start fresh. I’ve built up a lot of cruft over the years and changed a lot of settings in the process of experimenting and testing. The main things I cared about took maybe 10 minutes of clicking around to duplicate, so I did it that way.

Starting from a fresh slate, the first thing I did was modify the built-in “default” network. This is the 192.168.1.1/24 subnet you’ll see when you set up a new UniFi gateway. The default network can’t be removed, but you can rename and redefine it, or not use it. Network engineers like me tend to not like using the default untagged network, or VLAN 1 in most vendor’s terms. It’s a common basic practice to use tagged networks and leave the default untagged network as a dead end. This would prevent someone from connecting a cable and gaining access to your management network, for example. This isn’t a realistic concern in my home network, but old habits die hard.

My Dead-Simple VLAN and IPv4 Scheme

I have a very simple IPv4 scheme for my home network. I allocate the whole 10.250.0.0/16 subnet, split it into /24s, and match my VLAN ID with the 3rd octet of the subnet. My untagged default network, AKA VLAN 1, is 10.250.1.0/24. My main LAN is VLAN 10, which is 10.250.10.0/24. My usual testing or lab network is VLAN 99, 10.250.99.0/24. The numbers are arbitrary, but this simple scheme is easy to remember.

If I only have a dozen or two devices on the network, why would I even bother with an overkill /16 subnet assignment and 65,536 IP addresses? Well, mainly for testing and segmentation. It’s helpful to be able to leave the main LAN network alone when testing new equipment or labbing something up to play around with. Separating your networks at layer 2 (VLANs) and layer 3 (subnets) allows for segmentation, access control, firewall policy, and routing decisions to be made. This is mainly relevant in larger networks or networks where security matters more than my basic home network. I’m mainly interested in experimenting with the latest controls and features of the UniFi Network application.

Limiting my whole home network to the 10.250.0.0/16 subnet makes lab network routing dead simple. When I’m running additional gateways or testing site-to-site VPNs like I did in my UXG-Lite Review, I’ll usually use 10.249.0.0/16 for the test network. Then, I’ll add two static routes, each pointing to the other /16. It’s simple, and it works.

For more complex setups that require dynamic routing, transit networks, routed links, or VPN subnets, sometimes I get a little creative. My default is to pick something in the 172.16.0.0/12 space, to make it obvious that it’s separate, and keep it unaffected by my broad static routes. There are many ways to do it, but this works for me and my purposes.

U7-Pro: Wi-Fi 5 to Wi-Fi 7

Now for the fun part. After completing the basic setup on the Cloud Gateway Ultra, I reset and re-adopted my Enterprise 8 PoE switch and U7-Pro access point.

Like most nerds, I’m guilty of over-emphasizing spec differences, or theoretical improvements in newer equipment. Wi-Fi 6 has 25% higher data rates! You need to have 6 GHz to get away from the congested 2.4 GHz and 5 GHz bands! 2x2 MIMO isn’t enough! Multi-link operation with Wi-Fi 7 is a game changer!

In reality, my home network isn’t used for anything extreme. We have a dozen or two devices, and most of them just need to be capable of streaming some video and downloading the occasional software update. Besides some Phillips Hue lightbulbs and some wireless security cameras, there is nothing particularly “smart” about it. Outside of large game downloads from Steam, our bandwidth needs are low. Stability and availability are more important than high data rates, wide channels, new 802.11 wireless standards, and maximum performance. I’m sorry to disappoint you, but that’s the truth.

Before I dive into the details, I just want to be clear. The Wi-Fi 5 wireless AP built-in to the UDM wasn’t a significant limitation. Wi-Fi 5 is more than capable of delivering a good experience for most people. Wi-Fi 6 is better and Wi-Fi 7 is better yet, but don’t let anyone tell you that you need it. If your setup works for you, enjoy it and save your money for a bigger upgrade later.

That said, this was the most fun part of the upgrade because wireless is my favorite aspect of networking. Home networking and testing the limits is a fun hobby. I’ve used almost every model UniFi offers and tried many other vendors. I’ve built or worked on countless networks, including large ones filled with expensive enterprise gear. I work with Cisco for my day job, but in my home, the UDM was good enough.

In my real-world use, the U7-Pro doesn’t do anything massively better than the UDM. Adding 6 GHz coverage for a few Wi-Fi 6E devices was the most noticeable change. The best parts of the 802.11be standard are lost on me because I don’t have any clients that support it. You probably don’t either, yet. I want to learn and write about Wi-Fi 7 more, but first I need to find a compatible PCIe card that works with my AMD Ryzen PC, or a decent USB solution. It’s early days, and there are always issues and costs that come from being an early adopter.

Speaking of early adopter pains, after I switched to the U7-Pro, I started having audio quality issues on Microsoft Teams video and audio calls. I was able to hear everyone just fine, but everyone I talked to said that my audio sounded awful, and was cutting out every second or two. This issue was only with Teams and only with my work laptop, so I believe it was a client-side issue. Switching to Ethernet fixed it, as did switching the U7-Pro out for a U6-Enterprise.

I haven’t dug any deeper into what caused that, but that is one more data point to show that sometimes the latest isn’t always the greatest, and changes aren’t always for the better. I assume this is a small issue with the firmware on the U7-Pro or some driver on my Windows machine, but that is just an assumption. I’ll provide an update if I’m able to troubleshoot that more, or if newer firmware addresses the issue I was running into. For now, I’ll stick with the U6-Enterprise and what works.

Open Question: UDM Future Support?

This is a silly issue, and it shouldn’t matter to most people. It matters to me though.

Ubiquiti isn’t listing or promoting the base UDM on their store, even though it’s still for sale. They removed most mentions of it on their website, and don’t list it under any of their product categories. You have to search for it, just like you had to search for the USG and USG-Pro while they were waiting on their official end-of-life announcement. The UDM isn’t end-of-life and it still receives software updates, but the writing is on the wall.

Rather than announcing something is end-of-life as they did for some APs years ago, Ubiquiti has moved to a strategy of removing references to old products, delisting them, and leaving them in a kind of zombie state. They’re not alive, they’re not dead, but they’re not the best choice for a new purchase. This was the state the USG and USG-Pro were in until they were recently listed as legacy or vintage products.

The UDM is in this zombie state now, with no mentions of it on their home page or in the ui.com store. It doesn’t have a “vintage” or “legacy” status officially, but the writing is on the wall and we know how this script ends. Over time, the UDM will fall behind. It will continue to be updated for a while, but it may be excluded from new features. Some features may not make their way to the UDM, or they won’t be complete, just like the USG and USG-Pro. The UDM should get security updates and be safe to use for several more years, but there is no guarantee.

This gentle neglect was welcomed for the USGs, because they were ancient hardware with significant performance limits. It’s trickier to justify with the UDM because it is still a very capable device and it’s very similar to the UDM-Pro, UDM-SE, and UDW internally. They all have the same Annapurna Labs ARM chipset with a quad-core ARM A57 CPU at their heart. Ubiquiti can’t claim the UDM doesn’t have the CPU power, or that it would take a lot of custom work to make new features available on the UDM. It actually has more computational power than newer devices like the UDR, Express, and UXG-Lite.

Even if the UDM does stay current with all the other features, I think the UDM is going to be in this zombie state for a while. It’s no longer a first-class citizen in the UniFi world. Rather than wait for the inevitable, I chose to take the leap.

Cloud Gateway Ultra: Backplane Pain

Network performance is a tricky topic to discuss, with a lot of common misconceptions. I just want to focus on a few small areas here: backplanes, throughput, and wireless. There was a lot of discussion about the 2.5 Gbps WAN port and the backplane limitation of the Cloud Gateway Ultra. For our purposes, the “backplane” refers to the connections between internal components of the device. The speed of the backplane determines the speed at which data can move between the LAN, the CPU, and the WAN.

The underlying architecture of all recent UniFi Gateways and Cloud Gateways are similar. Start with a chipset featuring an ARM CPU and hardware for common networking functions, connect some interfaces to it, and leverage the UniFi Network software to configure it. Ubiquiti buys components from Qualcomm, MediaTek, and others, and designs their hardware around them. This is how most consumer-grade networking equipment is built.

For interfaces, the UDM has one gigabit WAN, and four gigabit LAN. The Cloud Gateway Ultra has one 2.5 Gbps WAN, and four gigabit LAN. On the surface, it looks like the UCG-Ultra is a straightforward upgrade. A faster WAN port should be faster, right? More LAN ports should allow for more total throughput, right? It should, but that is where the limitation comes in.

These unofficial block diagrams are from the Ubiquiti Community Wiki, and they’re a helpful reference point when talking about backplanes. On the UDM, you can see the 4 gigabit LAN ports all connect to a switch chip, and that switch chip has a 1 Gbps connection to the CPU. Traffic between LAN port 1 to LAN port 2 is handled by the switch chip, but traffic between the LAN and WAN needs to go to the CPU, which handles routing, NAT, and other network tasks.

Since the UDM’s WAN is a gigabit interface connected with a gigabit backplane, the design is balanced. Any of the four LAN ports can fully utilize the 1 Gbps WAN port. A single port can send or receive 1 Gbps of data, or all 4 ports can share that bandwidth. You wouldn’t be able to send 1 Gbps of data from all four LAN ports at once, but you could send 250 Mbps from each. Even if that connection was faster, the 1 Gbps WAN port would be the limit. This is a typical setup for a gigabit home router.

Unofficial UDM diagram from Ubiquiti Community Wiki

With the UDM-Pro, the backplane limitation is more obvious. The UDM-Pro has two 10 Gbps SFP+ interfaces, a gigabit WAN, and an 8-port gigabit LAN switch. Those eight switch ports are connected to a switch chip, and that switch chip has a single gigabit connection to the CPU.

That means that collectively, all eight of those LAN ports share a single gigabit connection to the CPU, and in turn, the 10 Gbps WAN or LAN interfaces. This limitation means the 8-port switch is best used for low-bandwidth devices, like maybe a smart home bridge or a small server handling light tasks. You wouldn’t want to connect something like your NAS or an access point to those ports. If you had eight data-hungry devices you might hit the 1 Gbps limit and not fully utilize your multi-gig WAN or 10 Gbps LAN connections. With the UDM-Pro, you should use the 10 Gbps SFP+ interface to connect to a switch capable of handling 10 Gbps of bandwidth.

With all of these limits, the direction and type of traffic matters. Local traffic from LAN to LAN is handled by the switch chip and doesn’t need to go to the CPU. As an example, 1 Gbps of traffic coming in LAN 1 and going to LAN 2 would be no issue. At the same time, you could also have 1 Gbps of traffic coming in LAN 3 and going to LAN 4, LAN 5 to LAN 6, etc. Those links are full-duplex, line-rate, and non-blocking. In a typical Ethernet switch, all interfaces can be used at line rate simultaneously. In this diagram, the traffic would only be going down to the switch chip, and then back to the destination interface.

Unofficial UDM-Pro block diagram from Ubiquiti Community Wiki

The backplane limitation comes in when traffic is bound for other interfaces or other networks. This is mainly LAN to WAN, but traffic passing between VLANs also has to go through the CPU for processing and routing. All the non-local traffic from those 8 LAN ports uses the shared gigabit link to the CPU. This limits throughput on each LAN interface to whatever capacity is not in use by the other 7 interfaces. It’s like going from an 8-lane highway down to 1.

UniFi Cloud Gateway is similar to the UDM. It upgrades the WAN port to 2.5 Gbps, but nothing else has changed. This results in an imbalance, where only the WAN port can go beyond gigabit speed. Putting this all together, we can make a theoretical block diagram for the Cloud Gateway Ultra, and use it to illustrate when the backplane is a limitation, and when it isn’t.

Theoretical block diagram from the Cloud Gateway Ultra

This same principle applies to other UniFi gateways like the UDM, and the UCG-Ultra. The Cloud Gateway Ultra is a little more egregious of an example, due to it having a 2.5 Gbps WAN interface but no realistic way to fully utilize it.

The four gigabit LAN ports can pass 1 Gbps in and out of their ports with no issue, as gigabit switch ports typically do. If you want to go between VLANs or out to the Internet through your WAN port, there is a single gigabit link that all four need to share. You’ll never see more than 1 Gbps download and 1 Gbps upload speeds through your WAN port. Yes, there is a 2.5 Gbps WAN port, but you have no realistic way to use it. I’m not sure why they included the 2.5 Gbps interface and their justification for it is silly.

I assume this limitation comes back to cost and a choice that Qualcomm or some underlying component manufacturer made. The components within the UCG-Ultra are commodity parts, picked for one reason over any other: their cost. What we’re left with is a cheap product that delivers a lot for the price, with the big asterisk of the backplane and a 1 Gbps throughput limitation. It can deliver 1 Gbps with IPS/IDS on or off, but nothing more. It has a 2.5 Gbps WAN, technically, but you can’t use it in any meaningful sense.

The UXG-Max takes a very similar base and makes other tradeoffs. If you’re looking for a small 2.5 Gbps gateway, that’s the one to buy. If you want a built-in controller and are fine with gigabit throughput, the UCG-Ultra is a good value. We have more choices than ever, but each one has a tradeoff or limitation to consider. I chose the convenience of the UCG-Ultra, but you probably have different priorities. I just wish Ubiquiti made fewer compromises in their low-end products.

Wrapping Up

The further I get in my career as a network engineer, the less willing I am to take on those early adopter penalties or experiment on the bleeding edge. I prefer one thing over everything else: stability. I don’t want to spend my weekends fixing broken networks, I spend enough of my time doing that already. It’s hard to have something be your everyday job and your source of weekend fun.

I’ve followed UniFi closely for many years now, but it’s still fun to see what’s new and what’s next. In the future, I’d love to have a complex homelab and a bunch of rackmount equipment to work on and test with. That could be useful for my Cisco-focused day job, where the networking issues are more complex and I can’t just click a checkbox to make a change. I think that’s the main thing I enjoy about UniFi. Simplicity is good, and Ubiquiti balances simplicity and power about as well as anyone.

If you’re limping along with older equipment, you may want to consider an upgrade. Ubiquiti has tons of new hardware to pick from, and new software features to explore. Before you do that though, have a realistic look at what you use your home network for, and what you’re looking to get out of the upgrade. Hopefully, that answer is something important, and you’re looking to address a specific shortcoming of your current setup. Maybe you’re looking to expand wireless coverage, take advantage of your new fast Internet connection, or keep up with your demanding tasks and throughput needs. If you’re like me and just want to justify an upgrade, that’s OK too.

I think it helps to look at this with a clear perspective and be realistic. I didn’t need to buy any of this gear, my UDM was fine. Home networking is a hobby for me, and maintaining this website encourages me to keep up with the latest changes and releases. Maybe that’s the case for you, or maybe you just feel like it’s time for something better. I think that’s a good enough reason to upgrade, and hopefully, it ends up being worth it.

For me, the main thing I’m looking to get out of this new equipment is a couple more years of hassle-free use. If something fails or becomes an issue, I’ll still have my trusty UDM.

Evan McCann

Nerd writing about Wi-Fi, Networking, Ubiquiti, and Apple.

Previous
Previous

More UniFi Wi-Fi 7: U7 Pro Max, Pro Wall, and Outdoor Preview

Next
Next

UXG-Max Preview: Modern Multi-Gig