Unifi Dream Machine Pro
Unifi Network Problems
The critical element in a SDN setup would be the software, and this is Unifi’s Achilles heel. The software has flaws, lots of them, and some of these are critical. Ubiquiti has a gained a reputation of shipping gear with incomplete or outright broken software. One can imagine the sales department is not really in sync with the software development team. Here are some of them, listed in terms of severity.
Jumbo frames not working
We talked about Jumbo Frames previously in this blog. In Meraki, this is a global option, you enable Jumbo Frames and this setting will be applied to all the switches for the organisation. This is logical and intuitive as Jumbo Frames needs to be enabled throughout the network.
With Unifi network (same as unifi-controller), you have to go into each switch and enable the Jumbo Frames setting individually on each switch.
This is not how SDN is supposed to work. This should just be a global setting, unless of course there’s a use case where some switches needs to have Jumbo Frames enabled, while some not. But if that is the case, it should still be a global setting, while allowing me to override it at the switch level.
This UI annoyance aside, the setting does not work on the UDM-Pro. I repeat, this is broken in UDM-Pro. You can turn this option on, and the security gateway will not forward any jumbo packets. You can SSH into the UDM-Pro and look at the interfaces, each and every one of them still have a MTU of 1500. As a matter of fact, you cannot forward a 1472 byte message at all (the largest allowed message size for a MTU of 1500).
As a router this is a complete fail!
Fixed To One Single WAN IP Address
If you are on FTTN and need to have a VDSL modem in front of the router acting in bridge mode, the ability to give a second IP address is a godsend as it allows you to connect straight to the modem from your LAN. A commercial Internet connection often allocate a small subnet (say 8 IPv4 addresses).
All is moot as you are stuck with a single IPv4 and IPv6 address on the UDM-Pro. The Pro series is meant to target small businesses and maybe even the enterprise space. But they are not suitable to be used in these environments because you can’t assign multiple WAN addresses.
Lockup on boot if there’s a HDD
UDM-Pro will refuse to boot up if I have a HDD in the caddy. This makes no sense at all and I cannot work out the reason why it is doing this. This is not something I can troubleshoot in detail as I have no Unifi video cameras right now.
Again it’s disappoint a firmware deemed stable has a bug like this.
This is potentially a deal breaker for folks who wants to use the SFP+ LAN or WAN port. If you use these ports, there’s a chance you can lock up the UDM-Pro over time. If this happens, all switching and routing will fail. You need to reboot the device to regain network connectivity. For others, they reported a much slower throughput with SFP+ after a few days, with speeds that’s slower than wired Gigabit.
This is not an issue for me because I’m not using the SFP+ port yet (I intend to use the LAN side in a future upgrade). A fix is in place but not included in the latest stable release.
Threat Management Bugs
Unifi Network is a strange beast. The software is run locally (what we call on premise). But if you access Unifi Network from a local IP, some things like the Threat Map will not work. The workaround is to go to the cloud (https://unifi.ui.com) and access your gateway from there (So it’s a strange cloud/on-prem connection).
Now that you get the threat map to load properly in the browser, you’ll realise it’s useless. The ability to geo-block by country is not working in Firefox and Chrome. The only way to do this is to go to the classic settings (the old Unifi Controller settings) and configure geo-blocking there.
White-listing (probably not the best word to use in today’s world) is also not working all the time. I have white listed an IP but traffic is still being blocked occasionally.
Cannot aggregate port (inconsistent UI between App and PC)
The best feature of pfSense is the ability for me to bunch up multiple network interface and treat them as one. This is termed a LAGG interface, or LACP (IEEE802.3ad). Having multiple links will instantly increase any bandwidth bottlenecks (allowing more devices to inter-communicate at any one time). The biggest advance of all is you can just connect the cables to the Aggregate ports in any order, as long as they are setup as such.
It’s not known whether UDM-Pro supports port aggregation or not. You cannot configure this from the web portal, but you can do so from the Android app. Unfortunately the setting does not appear to work when I set this up in Android.
Update: 08 July 2000. I just did a speed test (iperf) on the 8 port switch on the UDM-Pro. The backplane appears to be 1 Gigabit. This means data switching between the 8 ports are going to be 1 gigabit between them (one way). In other words, if you have two ports transferring data at full speed, each will only get a throughput of around 530 Mbits/s. With a typical 8 port switch, you would assume the backplane to be at least be able to forward 16 Gbit/s of traffic.
Wait, There’s More.
Go here for a list of bugs compiled by UDM-Pro users.
This video sums up the flaws of UDM-Pro. It’s really only good for very small businesses, or the home.