Preparing a network upgrade from T-Link Deco to a Unifi system
Preparing a network upgrade from T-Link Deco to a Unifi system
In short, I invested heavily in the Deco lineup moving from M5/M3 to AX60/AX20 with Tp-link switches where required. My setup includes an UnRaid box for friends and family, running Plex, Nextcloud, and game servers. The new Deco units appear to have dropped the AX60, which is affecting both service availability and network stability. I’m exploring a Unifi solution—possibly a Dream Router, two AC6 Lites, a POE switch, and a Flex switch. Do these still deliver strong performance? How does link aggregation work with Unifi? Should switches be compatible throughout the network or just from the NAS to the switch? I’m open to hearing about other options. All outgoing traffic for the UnRaid box goes through a CloudFlare Argo tunnel for public access, which I’m curious about. I’ve looked into pfSense/Opensense but found a Gigabit-capable model too expensive compared to the Dream Router and two AC6 Lites.
The setup should allow switches on all UniFi models. Details vary for smaller or budget options and when connecting to a NAS. You don’t need Netgate gear; you can assemble your own system using spare components, a budget SFF PC, or a dedicated firewall device. The available APs are UniFi AC Lite and UniFi 6 Lite, representing two distinct generations.
QOS is outdated, no way to control bandwidth by device type, weak port forwarding and port limits, manual IP entry needs detected devices, firmware updates are blocked (ax60 not updated), ports can't be blocked. Switching to LAG support should be sufficient? In the EU, power consumption matters most, especially with a low-end CPU like the Ryzen 3 2000 series. Also, router placement needs approval. Most options cost more than the newer UniFi Dream router I’m considering—specifically the 6 Lites.
UniFi doesn’t offer individual device throttling, but it does support bandwidth profiles. The UDM is built for rack installation and isn’t the tiniest router available. If you’re still relying on a UniFi unit, the UDR could provide a better design. ServiceTheHome often reviews various firewall devices, emphasizing power efficiency. CPUs with more E cores than P cores appear to offer the best mix of efficiency and performance. Almost all models should integrate with OPNSense or pfSense, potentially giving you greater control than UniFi provides. This doesn’t mean UniFi is bad—I use their products for particular needs.
Unifi confirms per-device limits exist across all their gateways, see https://help.ui.com/hc/en-us/articles/5546542486551. This doesn't seem to be an issue. I reviewed ServerTheHome and noticed that with Gigabit speeds and protection for both LAN and WAN, the device costs around 400-500 euros plus 20-26 watts, while the main gateway would need about 8-14 watts. That could easily replace a whole Unifi system without needing additional switches.
I've been updated! Previous versions often lacked this capability, which was frequently mentioned as an issue. My interface now supports it, though it may require some setup. You must still generate "profiles," and previously I restricted all guest connections to a single upload/download limit instead of handling them individually.
You can find guidance on measuring throughput in Open/PfSense through documentation or community resources. A practical approach might involve placing the device between your ISP and main decoy to capture data, though ensuring comparable performance to Unifi is key.
It's not that straightforward, especially with the extra services you could add. If you're not using Snort or Suricata, you likely don't need any special setup. For stock routing and firewall performance, a solid dual or quad-core processor should handle 4-5Gbps nicely. Beyond that, aiming for 10Gbps+ pushes you into needing high-end 8-core CPUs, though most modern CPUs are sufficient for gigabit speeds now.
Considering this, if you plan to run ZenArmor and possibly CrowdSec, that setup might work. However, Unifi appears to offer better performance at the same cost and reliable support. As a sys admin, you’d prefer a solution you can manage once and leave running.