ubiquiti

All posts tagged ubiquiti

I’ve whipped up a script to backup Edgemax/Vyatta routers and push it to a RCS system, download a copy here

Prerequesites

sshpass (Sourceforge page)
bzr here (or something else like CVS/Git)

Usage

./edgemax-backup.sh <userid> <passwd> <router IP address> <filename>

Notes

Whilst it’s not a great idea to embed SSH passwords in scripts, you could use SSH keys with a bit of jiggery pokery of the script, it’s upto you, personally I only allow access to ssh from the my trusted management platforms and even the above user SSH userid could be restricted to only allow “show configuration”

* Big thanks to [email protected] for allowing me access to his test box for final testing.

edgerouterlite

My beloved Edgerouter Lite is dead ūüôĀ It seems that it suffers from a known DDR issue with a
few of the first production models, it’s best diagnosed by connecting to the console port
115200 8N1 with a cisco console cable and rebooting the box.

If it hangs around the “DRAM: 512MB” line (see below) you’re out of luck ūüôĀ


Looking for valid bootloader image....
Jumping to start of image at address 0xbfc80000

U-Boot 1.1.1 (UBNT Build ID: 4493936-g009d77b) (Build time: Sep 20 2012 - 15:48:51)

BIST check passed.
UBNT_E100 r1:2, r2:12, serial #: xxxxxxxxxxxxxxxxxx
Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM:  512 MB

I’ve got a call into UBNT support to see what the RMA process will be (I’m in the UK and there seems to be some issue getting RMA’s through the distie), so we’ll have to see what happens.

Whilst fiddling around with the Edgemax Lite I came across a bit of an issue whilst connecting
it to my main OpenVPN hub server, the fact that it couldn’t do comp-lzo compression.
Whilst I don’t need to do compression, it’s switched on by default in most OpenVPN distributions
and without it, in my case it caused immense pain on the server end and refused to work.

I hunted high and low for the answer on Ubiquiti’s very good forum and googled the issue to the
Nth degree, but because it’s so new I don’t think anyone has come across this issue yet (or at
least documented it anywhere). So what to do – do I turn off comp-lzo on the server or do I
run another another copy of OpenVPN on it just for the Edgemax?

In the end, I had a bit of a brainwave and remembered it’s a Vyatta, so I googled for that instead
and that lead me to the answer which is :

openvpn-option --comp-lzo

Here’s my complete Openvpn vtun statement :
openvpn vtun0 {
mode client
openvpn-option --comp-lzo
protocol udp
remote-host endpoint-address.com
remote-port 1194
        tls  {
             ca-cert-file /config/auth/ca.crt
             cert-file /config/auth/cert.crt
             key-file /config/auth/cert.key
             }
}

And literally that’s all you have to do (well apart from SCP the keys/certs into config/auth) to
get OpenVPN in default UDP flavour working on the box. I haven’t yet tried any other configs
but if the client config works this well I can’t imagine server/site-to-site won’t be too
complicated to get working.

edgerouterlite

Well it’s arrived, after quite a wait – the first¬†EdgeMax routers have¬†landed in the UK, was it worth the wait? ¬† For that answer you’ll have to read on and see¬†if it fits with what you are looking for in a small three port router.

 

Here at PM towers it’s happily sat on the end of a BT FTTH (160Mbps) connection and it’s working really well, it does exactly what it says on the box, it’s a three gigabit port router with lot’s of other stuff under the hood (*).

For me personally I can’t rate this box highly enough,¬†Ubiquiti¬†have pulled an absolute blinder :

  1. It’s less than 100 pounds for a true line rate gigabit router (**)
  2. It’s running Linux under the hood.
  3. It’s going to worry a certain big networking equipment manufacturer.
  4. It’s really going to worry a certain smaller networking equipment manufacturer in Latvia.
  5. I’ll go out on a limb here and say if the bigger box’s (TBA) turn up at a sensible price point, I’ll be replacing a lot of kit from other people with them.
  6. You name it, it’ll do it – PPPoE, OpenVPN, IPSec, PPTP, OSPF, BGP, Stateful Firewall, QoS, IPv6,Netflow etc. etc. (you get the picture)

 

As with all good things (especially first couple of revisions on the market), there are a few minor issues :-

  1. Documentation is a little poor, but I hope to document here some of the bits I found useful.
  2. It’s a little quirky, but fiddling with the CLI is¬†definitely¬†advised.
  3. No support for MPLS yet – not the end of the world, but I believe it maybe on the roadmap.
  4. It’s a bit like JunOS, you will get used to it, but you’ll have a hard time getting to the bit you need to start with.
  5. The gui is¬†definitely a work¬†¬†“In progress”.

 

In short it’s a great buy – a little quirky, quick as you like, cheap, game changer for sure and get’s two thumbs up from myself at PM towers.

 

 

 

(* For those in the know it’s basically a three port box running Vyatta )

(** I haven’t banged it on the Smartbits to see if I can break it – but by the looks of my initial tests it is genuinely line rate when routing)