1 Gbps IDS/IPS capable router for the Unifi USG lineup

Submitted by -
Status: New Idea

 

We have actually a "strange line up" for the Unifi Routing, which is still logic, but as time pass, the newly introduced IDS/IPS will need to be provided at 1 Gbps speed in a "consumer friendly" package

 

 

  • USG-3P (fanless) : gigabit speed, with 85-90 Mbps IDS/IPS
  • USG-4P-Pro (rack mounted) : gigabit speed, with 250-300 Mbps IDS/IPS
  • USG-? (fanless) : 10 (?) gigabit speed, with gigabit IDS/IPS
  • USG-XG (rack mounted) : 10 gigabit speed, with gigabit IDS/IPS

 

Sure, this depend on hardware capability from Cavium to deliver the right processor as the right price.

 

Note : no fancy screen, fancy stuff, just a fanless, small format router, like the USG-3P, easy to deploy at the propoer price for Ubnt and the consumers

Comments
by
on ‎09-19-2018 01:40 PM

FWIW, after the .28 firmware update the 3P and 4P both received a significant (though still insufficient for higher speed links) speed boost with IDS/IPS and such, the 3P now seems to pretty stably handle aroune 150 Mbps and the 4-Pro more like 400-450 Mbps.

 

Having said that, I don't think we need a new entry in the product matrix so much as we just plain need a minimal refresh of what's there now. The USG 3P got general launch in 2014 IIRC (and work on it had to begin earlier) and the 4 Pro from early 2016, yeah process improvements and arch optimization opportunities have slowed down but 3-5 years is still a significant amount of time, ARM SoCs even at similar pricepoints are performing significantly better now. Isn't it just time to refresh the internals and have a 3P and 4 Pro version 2.0? No 10 Gbps support at all necessarily, no major changes required, just plain more horse power so that a 1 Gbps line speed can be managed with all the bells and whistles, the end. If there are some other simple feature bumps or refinements that can be fit in the for similar price great, but I don't see any need to overly complicate the project either when just getting 2018 SoCs and taking advantage of increases in memory and storage density/$ would give some breathing space. Old hardware needs to just be updated and replaced once in a while right?

by
on ‎09-19-2018 01:54 PM

 I would expect a new USG based on the ER4/ER6 to show up before too long - it's the logical thing since the USG3 was based on the ER-Lite, the USG4 on the ER-8 and the USG-XG on the ER-8-XG.   The power increase in the ER4/6/12 is a major one, and would be a good intermediate device between the USG-4 and the XG.   I don't see 10Gb being in the cards any time soon other than in the XG as it stands now, nor do I think there's a big market for another USG with 10Gb ports.   Remember UBNT looks for products that will have a broad appeal and sell in volume in most cases - the XGs are an anomaly in that regard, one that was needed to fill and surpass competitors offerings.   But they won't sell in huge volumes - most of the world isn't even taxing basic 1Gb devices...

Jim

by
on ‎09-19-2018 01:56 PM

@sonar => you cannot have it for the same price point as demonstrated in the edgerouter line up

 

what is required is a model similar to the https://www.ubnt.com/edgemax/edgerouter-4/

i may reach almost the 1 Gbps barrier with the IDS/IPS enabled.

but still, it’s a new product, the current USG-3P still have plenty of time in front of it, with 100 Mbps connections to manage

by
on ‎09-19-2018 02:20 PM

@eejimm

The main near term value I can potentially see in a lower end offering with maybe 1-2 10 Gbps ports isn't so much WAN but rather LAN, since that seems nearer to seeing more 10 Gbps deployment, and for those utilizing a USG for L3 network management it could become a chokepoint. Even if it still only handled 1 Gbps uplink maybe some 10 Gbps internal routing (avoiding IDS/IPS there) might have an audience?

 

That's a bit of a stretch though now and overall I agree with you, and I remember UBNT saying that 10 Gbps SoCs are still quite pricey. The port count wasn't the biggest expense at all apparently. They could try to go a more custom box route with cheaper NICs maybe but that's a lot of work too. Guess maybe we'll see what happens with L3 Switches first?

 

@di3

Yes, the ER-4 is an obvious natural foundation here. But I disagree with you about the current 3P "having plenty of time in front of it", it's old. It's not unreasonable to expect basic internals updates at least every 3-5 years, and failing to do so builds up some level of installed base technical debt. Remember, a rightfully big part of UBNT's value offering is how well they provide long term support. But if everyone expects a good 5 years there perhaps, that means anything selling brand new in 2018 will still face expectations in 2023 too.

by
on ‎09-19-2018 02:30 PM

 It's all about the SoCs and what development time would be required to get a device with a new SoC vendor or line out.   In these kinds of devices it's not so much the cost of the BoM of the device - Something at this level can sell with a pretty substantial margin - witness the USG-XG MSRP.  It's what you have to do to make it work with the rest of the UniFi line and the controller.    That's one reason why we see so many more Edge-whatever devices and more often too...

Jim

by
on ‎09-19-2018 11:27 PM

@sonar => we are all spoiled, you should look at certain places/stories too, I work in certains environment with 2 Mbps still and this is the best you can get ! Replace the USG-3Pcdoesnt make sense when energy could be used to complete the lineup

 

should the priority be to replace an existing equipment perfectly running for under 100 Mbps WAN and with IPS/IDS or have another covering the “under 1 Gbps” market and later on look at the replacing the USG-3P with new hardware ?

 

The 3P is a great piece of hardware and can continue, few years as the latest improvement on the IPs/IDS show clearly its a rock and can continue still few years

by
on ‎10-07-2018 03:36 AM

for the xg it would be importand to have ids/ips only on the wan ports without affecting the internal 10g routing speed.

by
on ‎10-07-2018 04:51 AM

@justme1968 => this is why L3 switches are happening 

 

ideally, keep the USG out of the internal traffic

by
on ‎10-07-2018 11:47 PM
@di3: at least for unify i believe it when i see and can buy them Man Happy of course keeping the usg out of the internal traffic should be done whenever possible. especially in router on a stick scenarios. but for the xg it is a little different. we actually use it to firewall between different internal 10g network segments. but one of the links is the uplink that ends up to the internet. using ips/ids on this one would be nice if it were possible without reducing the other networks from 10g to 1g.