I'd like to see UBNT create some modems:
- 3G/4G modem
- ADSL/VDSL/SDSL/G.Fast modem
- DOCSIS modem
These should all be compatible with existing USGs and EdgeRouters.
Further down the line, if all of these can be made into modules (be they an add-in card, USB, PCIe or even SFP(+)), then all the better, but lets have the USGs do more WANs than just Ethernet.
When I was using OpenWRT based router it was possible to add/change some more advanced configuration using web interface - dedicated editor in GUI window which wrote input straight to config file. It doesn't need to have anything fancy and it would save hassles with either scp or vi editing.
For some period of time I was using controller installed in docker running on Synology NAS. I had mapped sites' base directory and could use simple editor built in Synology File Station:
It doesn't need to be so much advanced . Now, when I use Cloud Key I can clearly see difference in how easy/user friendly was to edit it directly in GUI...
Internet service is expanding beyond 1 Gbps. Modems are coming with multiple Ethernet ports that can be aggregated together for > 1 Gbps service.
More than ever, we need new USGs that can aggregate WAN1 & WAN2 together. Of course this goes along with higher bandwidth LAN ports (LAG / 2.5G / 5G / 10G).
I understand that the USG3 & USG4 hardware cannot accelerate LACP. We need new hardware in the pipeline for this increasingly common use case.
Even with the latest USG-XG, it is uncertain if the ports can be aggregated together. Even if possible, its cost far exceeds the typical USG3 & USG4 audience.
It would be helpful to be able to create a VLAN that is not automatically tagged on all ports on all devices.
Where a VLAN might be useful for isolating certain types of traffic, such as high bandwidth applications, chatty services, or services that rely on broadcast, it might well be desirable to prevent that traffic from being carried across the entire network by default.
The current design requires creating a new port profile and manually applying it to ports and devices. Current tools assist in this manual process, but it is still a manual process, and new devices added to the network will use the “all” profile until configured otherwise, which can lead to periods of disruption and creates an opportunity for errors and oversights.
A strong case could be made for going further and requiring VLANs to opt in to the “all” group in the first place. The current approach is more convenient in many situations, perhaps even most situations, but the all-by-default behavior conflicts with a more secure-by-default behavior, in which a client connected to a port should not be able to access VLANs not specifically tagged on that port.
One way to balance the convenience against the security and performance benefits of isolation might be to allow a VLAN to “opt out” of the “all” group (which perhaps then ought to be renamed just to “default.”)
Keeping all VLANs on all ports maintains the convenience, while an option to isolate or opt out a VLAN would allow it to be managed more conservatively.
Stretch goal: automatically compute the path between all ports assigned to be native on a VLAN, and tag only the intermediate links as required, excluding any other ports.
So, I know it has been mentioned in other places (Specifically I have included a link to the forum topic) but I would like to create a new idea request specifically for realtime bandwidth activity.
I have ran into several occasions where clients are limited in bandwidth and will call about slow speeds. I would like to be able to see at a glance what the current usage is and, if possible, who is using it. Right now I would settle for just a graph showing the last ~15min - 1hr.
As it stands now, I am going to have to figure out some option of monitoring this. Sadly, in my own home, I am going to be replacing the USG with a PFsense box. It was either this or put in an edgerouter X as a transparent monitor and I would rather keep the device chain smaller. The USG will sit on the shelf as I wait hoping this will be implemented. :-)
I hope the images below will spell out better what I and others like me would like to see. Ubiquiti makes wonderful products and I hope you all will see the potential in this suggestion and implement it.
Looking at the controller I beleve these stats are already gathered so I would hope it wouldn't be too difficult to create a graph on the dashboard showing these stats.
This is ultimately what I would love to see. I am able to see at a glance what the traffic is and who my "top talkers" are.
I would even be OK with just simply something that keeps a live update.
I also have included a link to a couple forum topics discussing this further. Hopefully they might provide more insight as well.
Thank you for your consideration.
We have actually a "strange line up" for the Unifi Routing, which is still logic, but as time pass, the newly introduced IDS/IPS will need to be provided at 1 Gbps speed in a "consumer friendly" package
- USG-3P (fanless) : gigabit speed, with 85-90 Mbps IDS/IPS
- USG-4P-Pro (rack mounted) : gigabit speed, with 250-300 Mbps IDS/IPS
- USG-? (fanless) : 10 (?) gigabit speed, with gigabit IDS/IPS
- USG-XG (rack mounted) : 10 gigabit speed, with gigabit IDS/IPS
Sure, this depend on hardware capability from Cavium to deliver the right processor as the right price.
Note : no fancy screen, fancy stuff, just a fanless, small format router, like the USG-3P, easy to deploy at the propoer price for Ubnt and the consumers
I love Ubiquti products, but having installed a USG Pro-4, I'm left disappointed in the lack of basic DHCP and DNS settings that are available. Yes I know, I can probably achieve what I want to in the command line, but I shouldn't have to. The idea of UBNT gear is that it's easy to use.
What's missing are namely:
- The ability to specify (and view an entire list) of statically assigned IP addresses. I shouldn't have to click on each individual device to specify a static IP or check if one has been set.
- The ability to set hostnames for devices that don't specify one (or use a hardcoded IP). I should be able to create my own static DNS entries for devices that hostnames cannot be set for. In addition, the handling of hostnames for devices with static IP's (hardcoded in the device itself) seems broken. I shouldn't have to get an IP from DHCP to be able to browse to it by DNS name.
If you want an example of how it should be done, take a look at pfSense, OPNSense or even Windows services.
When I'm comparing between Meraki Security Devices and USG, I realised a very important feature which USG lacks, which is the support for USB Cellular Stick.
I believe that the support for USB Sticks are crucial for:
1. Deployments that relied on cellular data as their primary connection.
2. Mission critical deployments which use cellular data as their failover.
Other than that, I don't see the reason for UBNT to not support USB Cellular Stick because even a cheap $40 mini router from TP-Link supports this function.
Suggestions on how to deploy support for USB Cellular Stick.
I would suggest UBNT add another option called "USB Cellular Stick" under the USG > WAN > Connection Type.
In the "USB Cellular Stick" Option, I would suggest putting "Country" and "Carrier" with preset settings like the ones shown below:
When we select the preset settings, please show the username and password of the preset settings in a blurred out column below so that we know which APN is used with the preset settings (Some Carriers have multiple APNs).
Other than that, please add a "Custom" settings option under the Username and Password for the APN settings so that we can use custom APNs when the situation requires it.
Personally, I don't think that the Connection Mode and Authentication Type have to be included.
Supported USB Cellular Sticks.
I would suggest UBNT to support only the mainstream USB Sticks since the USG isn't meant to be a cellular modem/router. I'll leave the supported USB Stick list from Meraki and other vendors below for reference:
Lastly, I would suggest UBNT to include a USB port for USB Cellular Stick on the next revised version of USG-3P so that the USG-3P can be deployed as a teleworker gateway.
I'm fully aware that IPv6 can be configured from the CLI now but UniFi is a SDN product which means that all if not most features should be able to be configured from the controller. not from the CLI.
I'm suggesting that UBNT include the IPv6 Settings under WAN settings for USG like as shown below. (Sorry, my drawing isn't very good)
In the IPv6 Connection Type, the following should be included:
1. Native IPv6
2. Tunnel 6to4
3. Tunnel 6in4
4. Tunnel 6rd
5. Static IPv6
Other than that, the following options in the picture should alse be included:
I don't know how Asus did it, but their routers are smart enough to get the right prefix without my intervention, I wish USG will have this feature too.
I wish UBNT will include full IPv6 support into the controller ASAP that is easy to setup without much technical knowledge.
This purpose of this idea is to add enterprise high availability to the USG lineup with minimal development effort. Basically, modify the Unifi controller to allow two gateways to be adopted to a site, one is the Active gateway, the other is Backup/HA device. All traffic processes through the Active firewall, Backup sits idle until an HA event occurs.
1. Active and Backup USG must be the exact same hardware model.
2. Both USGs must be connected to the exact same Layer2 environment on LAN and WAN interfaces. For example, if the Active USG has a 802.1q trunk on the LAN interface and a DHCP WAN connection on the WAN interface, the Backup USG must be cabled in the same way.
3. Connection state information is not maintained between the Active and Backup USG device. This means all NAT sessions will expire during a failover event.
Theory of operation:
[ Failover ]
1. The Active USG carries all Layer3 site traffic and houses all active Layer3 interfaces for the site, just like in a traditional single USG deployment.
2. The Backup USG has no Layer3 interfaces up, with the exception of the HA interface,which is defined as a special network or interface in the Unifi controller and enforced during adoption. (More on this later).
3. A designated HA interface/newtork on each USG is used to send HA heartbeats between the two USGs, as well as sync the commit configuration from the Active to the Backup USG. When the backup USG misses several consecutive HA heartbeats from the Active USG, the Active USG is considered to be down, which triggers the HA failover.
4. The designated interface could be a dedicated hardware interface on the USG -or- could be a Unifi network configured for HA. For example, a network could be configured in Unifi as type "HA", instead of "Coprporte", which would instruct the USGs to use a vlan trunk sub-interface to communicate HA status.
5. When an HA failover event occurs, the Backup USG brings all of the Layer3 interfaces into the up/up state using all of the same interface IPs as the Active USG.
[ Failback ]
1. When the failed USG is repaired and returned to service, the first interface initialized after boot up is the designated HA interface. This interface will be used to check if an Active USG is present by listening for HA heartbeat messages. If not, this unit becomes the Active USG. If one is present, this USG goes into Backup USG mode.
2. Once the Active USG has been found, a config sync is initiated from the Active USG to the backup USG.
3. The freshly booted Backup USG stays in this dormant state until the Active USG fails.
[ HA device onboarding ]
* The site already has an active USG which is adopted by the Unifi controller
* The Unifi controller has an interface/network defined as "HA" and is already provisioned on the Active USG.
* The HA device is cabled up exactly the same as Active USG.
1. The new HA device boots up like a normal USG in a unadopted state, grabs a DHCP address on the management LAN and then advertises itself to the Unifi controller
2. The Unifi controller presents the new USG device as an adoptable device, however instead of the normal "Adopt" link, the link reads "Adopt HA device to EXISTING_USG_DEVICE_NAME"
3. Adopting the HA device will provision the HA device with the exact same configuration as the Active USG, but with all interfaces other than the HA interface/network in the down/down state.
I could be a great addition, if it was possible to enable colors og the connections in the Topology map, based on their utilization percentage.
This would be an easy way of visualizing bottlenecks in the infrastructure.
We have been deploying quite a few USG devices with the 3P and PRO versions. Something we miss from the EdgeRouter is the live bandwidth view. I reached out to support and the feature isn't currently available for the USGs. Speaking on behalf of most IT personnel, this is a feature that we would very much appreciate through the controller.
The UI does not give any visibility into whether the USG Gateway was able to obtain any IPv6 prefixes from the upstream provider.
This should be visible in the WAN section:
Similarly, there were no events around obtaining or losing DHCPv6 leases from the WLAN.
We have a known business process in place on our network for which I would love to be able to create a custom DPI category in order to more easily understand where the 18GB of download traffic is being used instead of just having the big 'unknown' then having to look up the asset, associate it to it's location / user and then go and bother the developer who is running the process.
I am not a programmer so I am not sure if this would be possible but I believe that we could determine that this is the process being run based on the IP address that is being accessed. I we can categorize based on an IP I think it would be similar to some others who would want this feature for the purpose of blocking by IP.
Manual Workaround: UPDATE 1/25/2017:
I have a couple of networks where I will never replace the router (for one I can't - it's provided as part of the environment) but I would still like to have stats in the controller.
I would like to see a pass through mode for the USG where it passes traffic with no NAT, no firewall rules, no DHCP, etc. Just analyzes traffic.
Even better - a monitor mode where I could feed a USG a mirror of the port that goes to my exising router so I don't have to have latency of the USG in the packets path. Use it as a sensor, basically.
I think you guys would sell a boatload of USGs if you supported this!
EDIT: It appears to be on the roadmap: https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Feature-Roadmap-January-2017-update/m-p/1792230#M31948
In Progress / Near Future
- DPI support in passthrough mode or on monitor interface
Not all network hardware is as good as UBNT's.
Sometimes you're stuck with it though (e.g. ISP-specific modem/GPON adapter/etc).
It'd be nice to have a way for a USG to auto-reboot a modem if connectivity to the Internet was gone for a certain number of minutes.
I see two possible starting points for this.
1. Bring back the mFI power strip but make it work with UniFi - USGs could then be able to auto-reboot modems if connectivity disappeared.
2. Plugable makes a nice Bluetooth timer that can be controlled with homemade scripts from a Raspberry Pi. You can skip the timer part and just use it as a Bluetooth controlled outlet if you want.
Perhaps UBNT could make a one-outlet module like that and link it to a USG via USB or Bluetooth (sadly the current USG 3P lacks either so it'd have to be a successor to that).
In either case, the controller could maintain a log of every power-cycle performed and maybe advise if they're becoming more frequent as a failing hardware warning of some sort.
Right now there two amazing EdgeRouters are launched, the EdgeRouter 4 and EdgeRouter 6. Both perform great for an affordable price in a compact and energy efficient form-factor. It would be very nice if we could have those routers with UniFi software, using them as USG's.
The routing performance is impressive:
|1518 bytes throughput||3 Gbps||4 Gbps||4 Gbps||6 Gbps|
|1518 bytes pps||240,000||320,000||320,000||490,000|
|64 bytes throughput||512 Mbps||1.2 Gbps||1.8 Gbps||1.8 Gbps|
|64 bytes pps||1,000,000||2,400,000||3,400,000||3,400,000|
If you compare the features you see that the ER-4 and ER-6 would be great additions.
|CPU||Dual-core 500Mhz||Dual-core 1GHz||Quad-core 1GHz||Quad-core 1GHz|
The ER-6P's five gigabit RJ45 ports can deliver 24 and 48 volt PoE, with 60 watt max. That's perfect to power up to 5 access points (AC Pro / AC IW Pro / AC Mesh Pro). It would be the perfect set-up for a small unifi installation: Just the USG-6P and 5 access points, plus the SFP for uplink.
I think a USG-4 and USG-6P would be amazing additons to the current USG line-up. If priced the same as the EdgeRouter versions it would be killer routers.
|CPU||Quad-core 1GHz||Quad-core 1GHz|
Can support be added for updating DDNS when a WAN connection fails?
Currently, when WAN1 fails over to WAN2, DDNS is not updated. This is true even if the same DDNS settings are entered in both WAN sections.
Additionally, if DDNS is manually updated when WAN2 becomes active, DDNS is not updated again when WAN1 is restored. This I believe to be a bug, but the restoral of WAN1 should trigger an update to DDNS as well, even if WAN2 is still active.
This would apply to failover WAN only and not load-balanced connections.
Please and thanks.
- julianvallis on: UBNT Modems
- node808 on: Ability to clone the a routers Mac address in the GUI
- Dave-D on: Isolated VLANs
- bernardssupport on: REQUEST - DPI Custom Category for Business Process
- mlfreeman on: UniFi Power Strip
- charettepa on: Affordable USG for WAN > 1 Gbps Service
- hunterbuchanan on: Request: Cold Spare mode for switches in Unifi controller interface
- madmaaxx on: VLAN ID configure for WAN port on GUI
- msemisch on: UniFi - USG 4 PRO Info on Blocked Website
- niclivewireauto on: ISP Outage Reporting
- UBNT Modems
- USG-3 - Exactly every 10 minutes - Drops Packets.
- Retundacja USG
- Enable NAT in Firewall policies
- Implement the equivilent of NAT rules for IPv6 to allow for captive services
- Request Live Bandwidth view on USG 3P
- Ability to clone the a routers Mac address in the GUI
- LLDP Timers
- Include USG port stats under "Insights"
- Isolated VLANs