Great details ! Going to implement now. Thank You Bob Evans CTO
On 6/19/15 10:57 AM, Bob Evans wrote:
Thank You Charles, Been on NANOG a while - all the basic stuff we know well. Like, cables, cluster occurrences etc. Looking for the UniFi specific experience. Its not the switches, power, cables, ports show no CRC issues etc.
We even setup another network with just 2 and it happens randomly - so its some code or something. Think I'm going to let one of the guys here login the the controller and see if we missed a setting in the latest code. NANOGs real good at having someone with specific targeted knowledge appear.
I've got a bunch of regular UAPs spread out over multiple customers with various network setups including ERLs as routers, CenturyLink POS modems of various generations, Dink routers, etc.
My controller is hosted off-site in Tacoma in our data center.
Some issues I've run into, particularly on the consumer devices like the older CenturyLink/Qwest modems...
1) Broken MTU clamping/fixing on PPPoE links, causing the UAPs to have problems making a connection to the remote controller.
Worked around by messing with the MSS using iptables on specifically the tcp/8080 and tcp/8443 port on the controller end.
Other devices, had to make sure to disable the firewall feature on modem, in order to get it to stop eating ICMP packets (and thus breaking pmtu).
2) Faulty DNS server daemons on the routers. The UAPs would have issues randomly resolving the controller's IP address from hostname. Have this problem time to time with anyone using the built in DNS servers on the CenturyLink/Qwest modems.
Resolved this issue by statically defining IP and DNS servers on the UAPs (DNS server set to 8.8.8.8). Also had to disable the firewall on one of the routers to get it to not intercept/mangle DNS packets.
These two issues alone have caused me major issues with the devices randomly being unable to get new configurations or download firmware updates.
On network switches connected to the UAPs, make sure that you've got the port set to whatever the switches' version of cisco 'portfast' is.
In the Site Settings under the Unifi controller, disable "Enable connectivity monitor and wireless uplink" and see if the problem eases up. If you need to use the uplink monitor, manually set the IP you want to check with, and make sure the UAPs can actually ping said IP.
I'm the head mod for /r/Ubiquiti, so feel free to bounce things off of me privately with your Unifi setup, and I'll be happy to give you a hand. I can also direct you to the unofficial Ubnt IRC channel where you can get a bunch more opinions.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org