What I've learned from nearly three years of enterprise Wi-Fi at my home

Do you just want better Wi-Fi in every room? Consider buying a Plume or Google Wifi or other similar plug-n-go mesh system. On the other hand, are you a technically proficient network kind of person who wants to build an enterprise-lite configuration at home? Do you dream of VLANs and port profiles and lovingly tweaked firewall rules? Does the idea of crawling around in your attic to ceiling-mount some access points sound like a fun way to kill a weekend? Is your office just too quiet for your liking? Buy some Ubiquiti Unifi gear and enter network nerd nirvana.

There is a moment of perfect stillness after the cable slips through my fingers and vanishes back up the hole in the ceiling like an angry snake. Then the opening stanza of a rich poem of invective leaps from my lips and my mom stares up at me from below, eyes wide, frozen just as I am, ready to catch me if I rage too hard and lose my balance.

But perched precariously on the top step of an inadequate and shaky ladder in the corner of my living room, drenched in sweat and speckled head to toe in dust, body aching with dull red heat, I just can’t maintain the torrent of swearing. I’m too tired. The words die on my lips and I drop my burning arms to my side. Sweat stings my cut hands—“man hands", hands that seem to always sport an ever-changing collection of cuts and dry spots and calluses and torn nails as house or computer projects come and go. Tiny drops of blood ooze from shredded cuticles.

Maybe I’ll just stand here for a few hours and not move, I think, mind going blank rather than face the thought of climbing back up into the baking attic and fishing out the cable from underneath mountains of insulation. Maybe I don’t even need Wi-Fi anymore. Maybe I don’t even need computers anymore. Maybe I should throw away everything I own and live in the mountains and grow my own food and never think about technology ever again.

But let’s back up a bit.

What was going on

In mid-2015, I retired my rats-nest of random routers and repeaters and upgraded my home’s Wi-Fi with a set of wireless access points from New York-based networking company Ubiquiti. I was trying to accomplish two things: first, to eliminate some persistent Wi-Fi dead spots that I just couldn’t reach, even by extending my network with a couple routers and repeaters. Secondly, and perhaps more importantly, I wanted some new homelab gear to tinker with so that I could get some hands-on time with an enterprise grade (or at least “enterprise-lite” grade) Wi-Fi system, because playing with the big toys is fun.

The Ubiquiti access points delivered on both points. The individual devices weren’t even particularly expensive—strategically placing a few of the APs can be cheaper than buying a single monster consumer-grade AP/router. The monster consumer router can (usually) deliver higher single-client performance in synthetic benchmarks, but the distributed Ubiquiti APs are far better at delivering consistent multi-client performance (and they’re not all bottlenecked behind a single backhaul, either).

More importantly, having multiple access points means that instead of having to take a “make my one base station scream as loud as possible” approach to whole-house coverage, you have the opportunity to fine-tune each individual AP’s 2.4GHz and 5GHz radio strengths and channel selections to create a series of interlocking cells that together offer vastly more consistent coverage—especially in the 5GHz range, which is almost certainly where you want your wireless clients connecting whenever possible.

As it turns out, this kind of network tuning is a lot like sailing: it’s relatively easy to learn the fundamentals in an afternoon, but mastering it probably takes more time than you’re willing to commit unless you just really freaking love sailing. Or screwing around with your Wi-Fi. (Or, alternately, you can get paid to do it at your job.)

"I will admit that configuration mistakes were made."

The upside, though, is that I learned a lot by screwing up so much, and the only person I hurt was myself. Well, and the family, whenever my weekend tinkering sessions resulted in no Wi-Fi for a few hours. This piece is intended to let you laugh at my mistakes as much as anything else.

Credit: xkcd

Unifi my Wi-Fi

Ubiquiti makes all manner of stuff, ranging from wired gear to full-on heavy-duty WISP equipment. I became interested in the company’s Unifi line of Wi-Fi networking primarily because of the price—the gear seemed exceedingly cheap for the capabilities it offered, especially considering how the access points stacked up against consumer offerings.

There’s more to the Unifi product line than just wireless access points, though—it’s at this point a vertical that includes switching and routing, too, using hardware adapted from Ubiquiti’s more mature EdgeMAX line. Unlike Unifi, EdgeMAX kit isn’t centrally managed (well, sort of, but no.). EdgeMAX is meant to be standalone, used for enterprise switching and routing, without the software defined special sause exclusive to the Unifi line.

Flying too close to the sun, repeatedly

After being lured in by the price, I quickly decided I wanted Unifi APs in my house because of the huge amount of cool stuff they’d let me do. Being a sort-of-nearly-sysadmin, and although at the time I've never been in charge of administering the guts of a large network, I picked up the ins and outs of enterprise network administration through countless collaborations and hallway conversations over the years.

From that sprung grand designs for my home WLAN: I didn’t just want to set up Wi-Fi with a guest network—that’s so pedestrian. No, I wanted to emulate the things I used to have at work. I wanted multiple segments and VLANs. I wanted to sequester my IoT crap on its own little isolated chunk of space. I wanted complex packet filter rules. I wanted WPA2 Enterprise Wi-Fi, with cryptographic certificate-based client authentication via RADIUS that I could control and revoke, rather than a lame-ass WPA passphrase. I wanted metrics, deep packet inspection, intrusion detection, charts and graphs and data everywhere. I wanted something to play with.

I eventually got all of these things, and more. But the biggest takeaway from my still-ongoing Unifi experience is this: enterprise networking gear in the home is a drug, and you can overdose.

It’s easy to add Unifi access points—addictively so. They’re not terribly expensive, and if you’re like me, you can over-plan your deployment because no one who knows any better is there to stop you. Much like with heroin, it’s pretty easy to go too far—sure, you can buy five APs to cover a 2600-square-foot house, but you probably shouldn’t. Which is how I found myself on a ladder in my living room, caked in sweat and attic filth, questioning my life choices and sanity. (Past Amudhan, if you’re somehow reading this article via some kind of space-time vortex or causality loop, please pay particular attention to this section.)

“I want to set up a bunch of VLANs” is a great weekend project to dream about. It’s nowhere near as great when it’s 3am and you’ve broken everything and you can’t go to bed until you at least get the Internet working again.

Credit: xkcd

“I’m going to set up freeRADIUS” sounds like a worthy way to spend some quality time with your servers. It’s a little different when Chrome crashes because you have too many tabs open because you have to keep looking up new arcane error messages because setting up freeRADIUS is actually more complex than building a 1:1 scale reconstruction of St. Peter's Basilica out of matches and tin foil. (It’s still easier than setting up OpenLDAP, but that’s another article.)

“I can mount a fourth AP right there and push 5GHz into the bedroom” sounds simple enough, until it’s six hours later and you’ve almost fallen through your ceiling four times and you can’t stop bleeding from your forehead from where you scraped yourself on roof nails and you’ve got dust in both eyes.

I eventually got all of these things, and more.

The freedom to choose

That sounds like a heap of bitching about the gear, but it’s not, not really—it’s bitching about my dumb choices. More to the point, it’s bitching that demonstrates why enterprise Wi-Fi deployments at real companies are (or at least should be) the product of careful consideration of requirements, with a planful deployment and appropriate back-out procedures to follow in case things don’t go how they should. When I’m at work, I do those things. But when I’m at home, I do what I want—and then I have to face the consequences for being crazy.

So, now that I’ve done with the bitching, let me state this unequivocally: I am thrilled with how well my Unifi setup works, and I love having it. I love the look on visitors’ faces when they see my guest Wi-Fi login page. I love finally having solid Wi-Fi coverage in every nook and corner of the house and backyard. I love the security of being able to really and truly shove all the IoT crap into its own isolated and firewalled segment. I love, ultimately, having the freedom to tinker—to do what I want, how I want, when I want, without being shackled to my ISP’s (or anyone else’s) Wi-Fi configuration whims.

Where we go from here

I like to think that I’ve finally, after more time and cost than I care to admit, achieved homelab nerd nirvana. But who’s kidding whom? Scratching the urge to tinker is not unlike scratching a mosquito bite—you get some temporary relief, but man, the itch comes back quick.

For now, though, I think I’m done buying networking gear. The configuration I’ve landed in checks a whole hell of a lot of boxes—available optical or copper 10-gigabit Ethernet, fast 5GHz Wi-Fi in every room, and a reasonably secure network with appropriate client segregation. The cost wasn’t inconsiderable, but it wasn’t that over the top—creating a similar setup with another OEM’s components would likely incur similar or higher cost if I were going for near-absolute feature parity.

If it’s not clear by now, I really, really like my Unifi gear. It’s always possible that in a couple of years I’ll rip it out and try something else—gotta scratch that itch, after all—but at least for now, I’m pretty damn happy.

The Good

  • This is the Wi-Fi setup I’ve always wanted.
  • AP pricing is, for the most part, excellent and makes the gear extremely accessible.
  • Extremely in-depth Wi-Fi options for exact cell size and performance tuning.
  • Single pane of glass is elegant and easy to use.
  • AP integration with switches and router via SDN makes complex config tasks incorporating both wired and wireless gear extremely easy.
  • Products are in active development and new features regularly appear.

The Bad

  • You need to know what you’re doing because it’s easy to overcomplicate your setup. (Note: I might not know what I’m doing.)
  • Current USG product lineup is problematic if you're not at the high-end.
  • Controller software required for that SDN goodness.
  • You will need to spend time planning and configuring to get the most out of this gear—plug-n-go is possible, but full functionality requires work.
  • Wireless uplink is still, in my experience, not reliable enough for production use (but your mileage may vary).
  • The Wi-Fi side is great, but there’s an annoying lack of GUI-exposed features on the routing and switching side.
  • If all you care about is single-host raw Wi-Fi speed in benchmarks, you can do better elsewhere.
  • Homelabbers or folks obsessed with the perfect setup might spend more money than they’re comfortable with once the Unifi gear gets a foot in the door.

The Ugly

  • The reality is that you probably don’t need this at home. I know I don’t. But “need” and “want” are very different animals.