The speedtest python script that runs on my usg has weird latency and performance compared to running the same settings on my controller. From what i read on the forums it's due to the lack of performance on the cpu and hardware offload missing. As many unifi deployment have a controller-to-site ratio of 1:1 maybe you should let customers decide if they want to run the script on the controller rather than on the USG and letting the customers pick the server, just give us a toggle(auto/manual select) and a field to compile to pick the preferred server(just the numeric id).
Hey i checked the usg kernel and it uses a pretty old cpu intensive version of fq_codel
There were changes made in the 4.4 Kernel but they should be backportable to the kernel you guys are using.
Most notable are the results (Quote from the link above.):
Thus far this batch drop patch is testing out beautifully. Under a 900Mbit flood going into 100Mbit on the pcengines apu2, cpu usage for ksoftirqd now doesn't crack 10%, where before (under pie,pfifo,fq_codel,cake & the prior fq_codel) it went to 88% and ultimately bad things happened, like losing routability. I've had it running for hours and I hardly notice it's there. Performance for the normal cc controlled and/or sparse flows is unaffected, aside from the uncontrolled flows eating their percentage of the link. Nice work. Thx. This should go into -stable.
Can some dev try to apply that in his freetime and check how much it really improves the ksoftirqd cpu usage on ubiquiti hardware ?
I would try to compile the kernel myself but i have no idea how that works with the sdks and changes you guys did.
I could be a great addition, if it was possible to enable colors og the connections in the Topology map, based on their utilization percentage.
This would be an easy way of visualizing bottlenecks in the infrastructure.
I'd like to be able to quickly block an entire country worth of IP addresses. This is trivial for a small country, say Cambodia, but with China having over 7000 assigned IP blocks this gets to be a really big headache. Ideally, I'd like a drop-down list of countries to block, and have the IP blocks for those countries pulled dynamically from somewhere like IPDeny.
Double bonus points if I can tell it "only allow from USA, drop everything else."
As an interim measure, can you at least let me copy and paste a huge list of IP blocks?
When I'm comparing between Meraki Security Devices and USG, I realised a very important feature which USG lacks, which is the support for USB Cellular Stick.
I believe that the support for USB Sticks are crucial for:
1. Deployments that relied on cellular data as their primary connection.
2. Mission critical deployments which use cellular data as their failover.
Other than that, I don't see the reason for UBNT to not support USB Cellular Stick because even a cheap $40 mini router from TP-Link supports this function.
Suggestions on how to deploy support for USB Cellular Stick.
I would suggest UBNT add another option called "USB Cellular Stick" under the USG > WAN > Connection Type.
In the "USB Cellular Stick" Option, I would suggest putting "Country" and "Carrier" with preset settings like the ones shown below:
When we select the preset settings, please show the username and password of the preset settings in a blurred out column below so that we know which APN is used with the preset settings (Some Carriers have multiple APNs).
Other than that, please add a "Custom" settings option under the Username and Password for the APN settings so that we can use custom APNs when the situation requires it.
Personally, I don't think that the Connection Mode and Authentication Type have to be included.
Supported USB Cellular Sticks.
I would suggest UBNT to support only the mainstream USB Sticks since the USG isn't meant to be a cellular modem/router. I'll leave the supported USB Stick list from Meraki and other vendors below for reference:
Lastly, I would suggest UBNT to include a USB port for USB Cellular Stick on the next revised version of USG-3P so that the USG-3P can be deployed as a teleworker gateway.
I'm fully aware that IPv6 can be configured from the CLI now but UniFi is a SDN product which means that all if not most features should be able to be configured from the controller. not from the CLI.
I'm suggesting that UBNT include the IPv6 Settings under WAN settings for USG like as shown below. (Sorry, my drawing isn't very good)
In the IPv6 Connection Type, the following should be included:
1. Native IPv6
2. Tunnel 6to4
3. Tunnel 6in4
4. Tunnel 6rd
5. Static IPv6
Other than that, the following options in the picture should alse be included:
I don't know how Asus did it, but their routers are smart enough to get the right prefix without my intervention, I wish USG will have this feature too.
I wish UBNT will include full IPv6 support into the controller ASAP that is easy to setup without much technical knowledge.
Advanced options settings should be more through for Site-to-Site VPNs in the controller.
Break out Phase 1 / Phase 2 parameters where applicable.
Secondary / Backup peer IP.
SHA384/512 integrity if the hardware supports it. (256 was accepted in another idea.)
Additionally, AES-GCM 128/256 if the hardware supports it, but it might be a stretch.
It would be nice to have two of them available in both the 24 and 16 ports variants? I'm thinking about having a 10Gbps connection to a NAS then serving multiple gigabit clients.
I suggest to add a functionality in the controller GUI to block websites (for all LAN or specific ones).
Entries might be done manually or as import of a CSV file.
I know this has been already suggested. But now there is a new legal background:
Background: EU/Germany changed the so called liability for disturbance.
Cafes and hotels are more or less granted the provider privileges. In case a guest breaks the laws e.g. by providing movies illegally, the provider of the hotspot or guest wlan is not liable for this.
But they might be forced by court to block several websites. Facing that a lot of cafes and hotels are using unifi, I really recommend to provide this feature. Using additional boxes or service providers is even financially besides technical complexity not a good approach for them.
I have a couple of networks where I will never replace the router (for one I can't - it's provided as part of the environment) but I would still like to have stats in the controller.
I would like to see a pass through mode for the USG where it passes traffic with no NAT, no firewall rules, no DHCP, etc. Just analyzes traffic.
Even better - a monitor mode where I could feed a USG a mirror of the port that goes to my exising router so I don't have to have latency of the USG in the packets path. Use it as a sensor, basically.
I think you guys would sell a boatload of USGs if you supported this!
EDIT: It appears to be on the roadmap: https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Feature-Roadmap-January-2017-update/m-p/1792230#M31948
In Progress / Near Future
- DPI support in passthrough mode or on monitor interface
I would love to see SFP+ ports on all switches. We currently have the 16XG as the center of our fiber backbone which is all 10g fiber going to the seperate building on our campus which has nothing but SFP+. 2 of our switches are the Edgemax 48 and we have thoes along with our main file server connected at 10Gb, but all our other switches are 24's with a couple 16 and 8's thrown in.
It would be nice to have a 10Gb connection between all the switchs reguardless of how many ports are needed. I would pay extra for a SFP+ option
An OpenVPN client for the USG with GUI support. Routes ALL WAN traffic through the tunnel without additional confugration when the client is connected. Should by default accept DNS settings sent from the VPN server etc. You get the idea, limit what ISPs can do to collect, profile, and sell personally identifiable data.
It would be nice if the controller and USG supported the ability to use FQDN/Email address as Peer-IDs. This is supported by StrongSWAN and should only require some basic sanity checking in the GUI. Since SWAN can already perform DNS lookups to match the FQDN to an IP, that would be relatively simple. For Email address, possibly add an extra field.
I would like this as some client sites have dynamic IPs and though we have DDNS working, it is a pain in the neck to have to re-IP multiple tunnels when an IP changes.
I want to see traffic use per month to compare to last month traffic.
I use it on sites with 3g/4g modem so I want to see from month to month how much data traffic thats been used.
Could also be interesting to see at my other places so that I can compare traffic stat and compare per month
It would be great to be able to see the CPU and RAM Usage on the USG I know this can be done via SSH. But it would be very nice to see how much is in use just like what you guys have done with the AP's on the latest version of UniFi. Adding a temperature reading as well would be a bonus
I would like the ability to tag clients manually and also with rules. This way I could put together multiple devices to a person with a tag (similar to how they talk about grouping devices per kid in the following suggestion) or maybe group devices by IP range, subnet, VLAN, Name, Manufacturer etc.
I would love to use these tags in the dashboard for seeing traffic and being able to filter by device or tag.
- chrisn997 on: Speedtest execution on controller
- Dave-D on: Fan / Heat Management
- phongn on: [USG] [Kernelperformance] Backport fq_codel fixes from 4.4
- drichard on: Topology map - connection color based on utilization
- UBNT-cmb on: REQUEST - Port Based VLANing on Unifi Switches
- UBNT-Brandon on: Easily block an entire country
- danbowkley on: Router with optional WAN modules.
- Philmatic on: SFP+ ports in smallest switches
- Dave-D on: UniFi Switch port, auto configure VLAN based on conneced UAP
- StefanHaa on: Highend router
- Provide ability in controller to setup monitori a remote port by bridgin it through several switches
- Speedtest execution on controller
- Implement TCP BBR from Google
- Fan / Heat Management
- Temperature display in F°
- USG site-to-site VPN enhancements
- Unifi Controller add web proxy for configuration pages.
- [USG] [Kernelperformance] Backport fq_codel fixes from 4.4
- Topology map - connection color based on utilization
- IPSEC S2S AUTO Config Options