Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5401
Solutions: 1656
Contributions: 2

Re: EdgeRouter Lite Configuration


waheuler wrote:

Just to verify, if I wanted to create an LACP connection to our layer 2 Cisco SMB switch, but be able to add IPs from the GUI, I could do the following:

  1. Create a bond between 2+ eth interfaces (802.3ad mode),
  2. Set the bridge group for the bond to a newly created bridge connection (i.e. br1),
  3. Modify IP settings for br1 in the GUI, and if in Beta 1.5, add VLANs if desired.

I noticed that bonds have no configuration options at all in the GUI, so this was my work around.


Yeah it might allow you to add IP from the GUI but it would add an extra layer of driver packet processing (bridge over bond) so probably not recommended. If you're already creating bonding interface and bridging it in the CLI, then you shouldn't have problems adding an IP there, right? Or do you plan to give this device to someone else and limit the configuration to GUI or something?

Member
Posts: 203
Registered: ‎05-01-2014
Kudos: 55
Solutions: 9

Re: EdgeRouter Lite Configuration

UBNT-ancheng wrote:

Yeah it might allow you to add IP from the GUI but it would add an extra layer of driver packet processing (bridge over bond) so probably not recommended. If you're already creating bonding interface and bridging it in the CLI, then you shouldn't have problems adding an IP there, right? Or do you plan to give this device to someone else and limit the configuration to GUI or something?

Ah thanks for the heads up.  If there's a large computational cost, then I will just configure it in the CLI and keep very good documentation.

Ideally it is convenient to use the GUI because it's much easier to walk a non-CLI inclined person through a visual interface than give them CLI commands.  Unfortunately, it seems like asking most people to use a command prompt may as well be akin to asking them to enter the Matrix.

New Member
Posts: 8
Registered: ‎12-16-2014

Re: EdgeRouter Lite Configuration


waheuler wrote:

Ah thanks for the heads up.  If there's a large computational cost, then I will just configure it in the CLI and keep very good documentation.

Ideally it is convenient to use the GUI because it's much easier to walk a non-CLI inclined person through a visual interface than give them CLI commands.  Unfortunately, it seems like asking most people to use a command prompt may as well be akin to asking them to enter the Matrix.


Sorry to bump again, but I'm just starting out with my home network and am keen to explore the possibilities of my ERL. Is the set up you're describing basically two bonded ports running to a single switch, which then serves your network? If so, does this achieve greater throughput or just redundancy?

 

Either way, I think this is what I'm after as well since I'll only be running one switch and using VLANs rather than using each port on the ERL for a segregated LAN, for the time being at least. And if using both ports can improve performance in any way I figure I might as well, plus it could be a good learning experience (why I'm doing this in the first place). I'm keen to learn the CLI as well so if you did get this set up working, and it's roughly in line with what I'm describing, would you mind giving me some tips as to how to achieve it?

EdgeRouter Lite - EdgeSwitch 16-XG - Unifi AC Pro
Member
Posts: 203
Registered: ‎05-01-2014
Kudos: 55
Solutions: 9

Re: EdgeRouter Lite Configuration


Pegasi wrote:

waheuler wrote:

Ah thanks for the heads up.  If there's a large computational cost, then I will just configure it in the CLI and keep very good documentation.

Ideally it is convenient to use the GUI because it's much easier to walk a non-CLI inclined person through a visual interface than give them CLI commands.  Unfortunately, it seems like asking most people to use a command prompt may as well be akin to asking them to enter the Matrix.


Sorry to bump again, but I'm just starting out with my home network and am keen to explore the possibilities of my ERL. Is the set up you're describing basically two bonded ports running to a single switch, which then serves your network? If so, does this achieve greater throughput or just redundancy?

 

Either way, I think this is what I'm after as well since I'll only be running one switch and using VLANs rather than using each port on the ERL for a segregated LAN, for the time being at least. And if using both ports can improve performance in any way I figure I might as well, plus it could be a good learning experience (why I'm doing this in the first place). I'm keen to learn the CLI as well so if you did get this set up working, and it's roughly in line with what I'm describing, would you mind giving me some tips as to how to achieve it?


A switch and one port on the ERL is how most home setups are going to be from my experience.  I use an ERL at my home as well.  It's fairly easy to setup what you are describing, and while not discouraging you from learning the CLI, you can probably do most of your setup in the GUI.  The bonded ports actually reduces performance significantly as it disables the ability for the ERL to offload traffic from its CPU.  The only reason you would do that, is if you did not have a switch available and needed to connect two devices to the same subnet.  By bridging the two ports, you create a virtual "switch" (eth1 & eth2 -> br0) and assign the IP address for your LAN side to the br0 interface instead of the physical ethernet ports.

 

To summarize for your use, just use one port on the ERL.  Configure the interface itself for the "untagged" VLAN, and use the "Add Interface->Add VLAN" button to add tagged VLANs with their own IP.  The only things you would need to use CLI for is if you wanted to configure some QoS policies or some of the more advanced IPv6 setup.

 

Hope that makes sense, if you need any help with setup, just give a brief description of the VLAN setup and most people can help walk you through the setup as well.  Have fun!

New Member
Posts: 8
Registered: ‎12-16-2014

Re: EdgeRouter Lite Configuration

[ Edited ]
waheuler wrote:

A switch and one port on the ERL is how most home setups are going to be from my experience.  I use an ERL at my home as well.  It's fairly easy to setup what you are describing, and while not discouraging you from learning the CLI, you can probably do most of your setup in the GUI.  The bonded ports actually reduces performance significantly as it disables the ability for the ERL to offload traffic from its CPU.  The only reason you would do that, is if you did not have a switch available and needed to connect two devices to the same subnet.  By bridging the two ports, you create a virtual "switch" (eth1 & eth2 -> br0) and assign the IP address for your LAN side to the br0 interface instead of the physical ethernet ports.

 

To summarize for your use, just use one port on the ERL.  Configure the interface itself for the "untagged" VLAN, and use the "Add Interface->Add VLAN" button to add tagged VLANs with their own IP.  The only things you would need to use CLI for is if you wanted to configure some QoS policies or some of the more advanced IPv6 setup.

 

Hope that makes sense, if you need any help with setup, just give a brief description of the VLAN setup and most people can help walk you through the setup as well.  Have fun!


Thanks for the reply, that's really helpful.

 

So am I right in thinking a bond must sit on top of a port bridge/virtual switch, meaning the performance drop is inherent there as well as with a bridge on its own?

 

If so, can I ask if there's any real benefit to using the second port for what I want to achieve? I drew up a basic outline of what I was thinking earlier. Apologies for the poor diagram, it's not really finished and is my first crack at that as well:

 

Basic

 

First thing worth noting is that ideally I'm going to try and set this up behind my existing house network, since I'm still in my parents' house and can't really take over their internet connection. Am I going to experience real headaches putting my ERL in a DMZ off my consumer grade router and trying to treat it as its own network? Internet is fairly essential to this setup. I'm thinking about VPN in particular, though it's my understanding that I should be able to just forward the correct ports from my home router to the ERL.

 

The microserver on the right is my FreeNAS box acting as an iSCSI target.

 

The ML110 is my ESXi box, at the moment it's only running my Windows Server but I'm going to chuck a fair amount more on it, and it has 3 network ports (2 assigned to Win Server, on VLANs 10 and 30 respectively) to allow for the above but I'll be experimenting with vSwitches within ESXi when I get more VMs running. It's possible I'll have other physical clients on the same switch but it won't be for a little while. That client object is just placeholder until I properly map out the VMs.

 

But would there be any benefit to, say, running iSCSI on it's own subnet from eth2, rather than on a VLAN on the main switch?

 

The TP-Link wireless router is going to be used as an access point, and I also plan to put wireless on its own VLAN at some point but right now I don't really need to. I'll be running Chromecast off this network (another reason why internet is important) to access my Plex server, and probably my personal wireless devices too just for convenience. How easy is it to configure traffic between VLANs, and will something like Plex which (I think) just scans its local subnet for a server be able to see my Windows Server (if it's on a different VLAN and subnet) if I configure correctly?

 

Sorry, that kinda spiralled. If it's worth me posting the above as a separate topic please let me know and I'll do so.

EdgeRouter Lite - EdgeSwitch 16-XG - Unifi AC Pro
Member
Posts: 203
Registered: ‎05-01-2014
Kudos: 55
Solutions: 9

Re: EdgeRouter Lite Configuration


Pegasi wrote:
waheuler wrote:

A switch and one port on the ERL is how most home setups are going to be from my experience.  I use an ERL at my home as well.  It's fairly easy to setup what you are describing, and while not discouraging you from learning the CLI, you can probably do most of your setup in the GUI.  The bonded ports actually reduces performance significantly as it disables the ability for the ERL to offload traffic from its CPU.  The only reason you would do that, is if you did not have a switch available and needed to connect two devices to the same subnet.  By bridging the two ports, you create a virtual "switch" (eth1 & eth2 -> br0) and assign the IP address for your LAN side to the br0 interface instead of the physical ethernet ports.

 

To summarize for your use, just use one port on the ERL.  Configure the interface itself for the "untagged" VLAN, and use the "Add Interface->Add VLAN" button to add tagged VLANs with their own IP.  The only things you would need to use CLI for is if you wanted to configure some QoS policies or some of the more advanced IPv6 setup.

 

Hope that makes sense, if you need any help with setup, just give a brief description of the VLAN setup and most people can help walk you through the setup as well.  Have fun!


Thanks for the reply, that's really helpful.

 

So am I right in thinking a bond must sit on top of a port bridge/virtual switch, meaning the performance drop is inherent there as well as with a bridge on its own?

 

If so, can I ask if there's any real benefit to using the second port for what I want to achieve? I drew up a basic outline of what I was thinking earlier. Apologies for the poor diagram, it's not really finished and is my first crack at that as well:

 

Basic

 

First thing worth noting is that ideally I'm going to try and set this up behind my existing house network, since I'm still in my parents' house and can't really take over their internet connection. Am I going to experience real headaches putting my ERL in a DMZ off my consumer grade router and trying to treat it as its own network? Internet is fairly essential to this setup. I'm thinking about VPN in particular, though it's my understanding that I should be able to just forward the correct ports from my home router to the ERL.

 

The microserver on the right is my FreeNAS box acting as an iSCSI target.

 

The ML110 is my ESXi box, at the moment it's only running my Windows Server but I'm going to chuck a fair amount more on it, and it has 3 network ports (2 assigned to Win Server, on VLANs 10 and 30 respectively) to allow for the above but I'll be experimenting with vSwitches within ESXi when I get more VMs running. It's possible I'll have other physical clients on the same switch but it won't be for a little while. That client object is just placeholder until I properly map out the VMs.

 

But would there be any benefit to, say, running iSCSI on it's own subnet from eth2, rather than on a VLAN on the main switch?

 

The TP-Link wireless router is going to be used as an access point, and I also plan to put wireless on its own VLAN at some point but right now I don't really need to. I'll be running Chromecast off this network (another reason why internet is important) to access my Plex server, and probably my personal wireless devices too just for convenience. How easy is it to configure traffic between VLANs, and will something like Plex which (I think) just scans its local subnet for a server be able to see my Windows Server (if it's on a different VLAN and subnet) if I configure correctly?

 

Sorry, that kinda spiralled. If it's worth me posting the above as a separate topic please let me know and I'll do so.



New topic decision would an admin move probably, you are technically still asking about bonding connections with an ERL so you're good in my book, but I'm nobody ;-)

 

I'm not an iSCSI expert, but I would see no advantage of running the target on it's own subnet instead of a VLAN.  You are definitely better off letting the switch handle most of your L2 traffic.  You're ERL is basically a router-on-a-stick and the less overhead the better.  The bonding vs single connection decision is honestly dependant on your needs for throughput.  The ERL with offloading functioning has amazing performance.  Without the offloading, it's not going to bog down, but you will notice a performance difference, especially with high WAN speeds (100Mbps+).  Bonding will work just fine, but the trade off probably isn't worth it simply because unless this is a super mission critical setup, the probability of something else failing before the ethernet cable/port itself is much higher.

 

I see nothing wrong with the diagram you drew other than I would only have one connection between the ERL and the switch to maintain offloading.  That being said, you are probably better off making sure that the ERL handles most of your home's routing, make sure the only thing above it is the ISP modem (assuming cable/DSL) and that it is set to give the ERL a public IP.  Also assuming you have a dynamic IP from your ISP, you will need to set the WAN interface for the ERL to DHCP and setup a DDNS under the Services tab to access from outside.

 

I think that hit all of it, let me know if I missed something.

New Member
Posts: 8
Registered: ‎12-16-2014

Re: EdgeRouter Lite Configuration

[ Edited ]

waheuler wrote:

 

New topic decision would an admin move probably, you are technically still asking about bonding connections with an ERL so you're good in my book, but I'm nobody ;-)

 

I'm not an iSCSI expert, but I would see no advantage of running the target on it's own subnet instead of a VLAN.  You are definitely better off letting the switch handle most of your L2 traffic.  You're ERL is basically a router-on-a-stick and the less overhead the better.  The bonding vs single connection decision is honestly dependant on your needs for throughput.  The ERL with offloading functioning has amazing performance.  Without the offloading, it's not going to bog down, but you will notice a performance difference, especially with high WAN speeds (100Mbps+).  Bonding will work just fine, but the trade off probably isn't worth it simply because unless this is a super mission critical setup, the probability of something else failing before the ethernet cable/port itself is much higher.


 

I was wondering if there's a greater degree of segregation, though I'm sort of taking shots in the dark here since my knowledge is very limited. Just wondering what the functional difference between a VLAN and port based subnet on an ERL is, really, in terms of cross communication, performance etc.

 

In terms of bonding, the main interest I had in it was performance related, so if it's actually going to hurt me on that front then the redundancy isn't really worth it. I'll stick with the single link to the switch as you suggest, thanks.

 


I see nothing wrong with the diagram you drew other than I would only have one connection between the ERL and the switch to maintain offloading.  That being said, you are probably better off making sure that the ERL handles most of your home's routing, make sure the only thing above it is the ISP modem (assuming cable/DSL) and that it is set to give the ERL a public IP.  Also assuming you have a dynamic IP from your ISP, you will need to set the WAN interface for the ERL to DHCP and setup a DDNS under the Services tab to access from outside.


 

 

Trust me, I really want to set it up like that. Unfortunately, right now the coax box for our internet is on the ground floor with the router, the lab is on the first floor and my room is on the second floor, all connected by (don't laugh...) powerline adaptors. There's a small chance I can convince my dad to let me drop fibre down since it's pretty much a vertical run to hit all 3 key spots in the house, at which point I'd immediately migrate the whole network over to the ERL and use VLANs more extensively to create decent home and lab networks. But until then, I can't really drop our 120Mbps connection to 40-60 over powerline, nor do I really want to provision the whole house's networking until I've found my feet a little more. I've got a static IP from my ISP, will setting the ERL on a static IP routed through our ISP provided router (rather than our public IP by putting the ISP router in modem mode) really give me that much grief?

 


I think that hit all of it, let me know if I missed something.


 

There was one thing I forgot to ask before, and that's about how the GUI method of assigning VLANs to interfaces works. I couldn't see anything about setting a port to trunk, only tagging VLANs on it individually. Do you know if tagging all my VLANs on a single port functionally the same as setting it to trunk?

 

I really appreciate the help by the way, thanks.

EdgeRouter Lite - EdgeSwitch 16-XG - Unifi AC Pro
Reply