My first home network

Ok so I've got heaps of experience with software development, and over the past few years have led many teams working in a devOps style which has inevitably required me to pick up a few infra concepts - mostly at the architecture level. But I've never really dived into networking.

This is frustrating, because as a long-standing techie I feel like I should be better empowered to debug the frequent problems we have with our home wifi. But I'm just not. I plug in the box that the ISP gives me and just hope that everything works. This is the "magic" that I tell my junior devs doesn't exist - there is something in there that works, you just have to figure out what it is, I tell them. Well, time for a dose of my own medicine.

This may just be "geeking out" as my husband accuses me of. I have my reasons... I want to reliably and securely have a robust and secure home network to allow me to experiment with IoT ("the S stands for security"), and I want to be at weapons-grade sysadmin level by the time my kids (and their friends) are connecting their own devices to my home wifi. So starting now gives me a few years of tinkering to hone my skill.

Knowing what to Google

The difference between a senior software engineer and a junior one is how quickly they can get the info they need through Googling the right things. Getting that first foothold is difficult. I had the benefit of a few friends who could give me a good place to start.

Friends recommended either Google Wifi or Ubiquiti to me, Google Wifi if I wanted the easy option or Ubiquiti if I wanted more control. I started with Troy Hunt's blog post and Googled all the terms I didn't know (it was a lot of terms). This led me to more articles, which would lead me to more terms, and I just kept following the threads of new information. Youtube videos were great for the kind of lightweight explanations I needed on each term.

To shortcut, here are a few bits of language and info that I needed to add to my base knowledge:

  • ISO and TCP/IP models (at a high level)
  • What actually is a modem - and how it differs from a router
  • Routers, switches and hubs
  • Network bridges
  • Security Gateway
  • Mesh wifi
  • POE (power over ethernet)
  • WANs, LANs and WLANs

I didn't go into depth on any of those terms, just enough to be able to fit each piece into context - so as I read more, I had an initial mental framework to slot additional pieces of information into.

In addition, you should know (at least at a very superficial level) the difference between cable, DSL and fibre, and fibre to the curb vs fibre to the building/home if you're on a fibre connection.

Working out my own needs

Once I had a really lightweight understanding of those terms, I could start to sketch out and refine my own needs. Again, purely based on the recommendations of friend and strangers on the internet, I was working with the assumption I'd build out everything using Ubiquity tech, and hope that it all slotted together nicely. However, I was on a budget (and with a husband who was in the "just get Google Wifi" camp), and I wanted to see this as something that could evolve as my knowledge (and desire for control) did. So, I didn't want to rack up more than a few hundred quid to start with.

I also didn't want to be overambitious - I've got more time than I used to have but still wanted it done quickly and without having to call on my remote tech support friends too often. So, keep it simple was the key.

The apartment we're in has two wired-in ethernet ports at either end of the apartment. I've decided to use the existing wired ethernet ports to set up my access points, rather than using mesh wifi. (The nice thing about Ubiquiti gear is that I know I'll only be switching out one or two of the access points if I want to switch to Mesh in the future, without having to replace all the gear)

My setup

As a beginner, I'm going to be leaving my existing ISP-provided box exactly where it is. It's needed as an ONT (optical network terminal) which acts as a network bridge between the ISP network and my home ethernet network. A bit of brief research suggests that replacing this gear might need me to liaise with the ISP to get the IP registered on their systems, and would need to be configured to work with the particular flavour of whatever the type of network protocols they're using. That's waaay beyond where I'm comfortable going (for the time being at least!).

At the moment the ISP-provided box is acting as a multipurpose box also providing routing/switching (multiple ethernet-out ports), wifi, and I guess some other security/admin features... maybe? Anyway, I'm still a little bit sketchy on the exact details between router and switch, but my intention is to turn off the wifi, and use a single ethernet out port - in essence, the box still gets used for network bridging and routing.

The best thing to do would be go straight from the ethernet out to a Ubiquiti security gateway, but this is an optional step that I'm going to forego for now for cost and simplicity reasons. Right now, I don't absolutely have to have that level of spying ability on anyone who connects to my network, and if I want it in the future then it should be super easy to slot in at a later point.

Instead, I'm going to use one ethernet network port out from the ISP box to a Ubiquity switch. This is (I hope) going to provide POE to the rest of my network, and make sure that the rest of the Ubiquity gear hangs together easily. It essentially becomes the start point between the bit that I'm in total control - my LAN - and the ISP-configured bit, which I think(?) is the WAN... (I'm still sketchy on the difference, too many definitions just say "WAN is like LAN but bigger" which isn't super helpful).

Into my switch will go the two existing ethernet cables, my WD MyCloud network drive (which is a bit flakey and I hope to later replace with a better solution), and a Ubiquity Cloud Key. The Cloud Key is just a bit of hardware to hold the software to configure the network. I have to admit that the friendly design of the software is one of the things that makes Ubiquity really attractive to a networking beginner like me.

Then it should be a simple case of just plugging in the two Ubiquity Wireless APs (access points) at either end of the apartment in the existing ethernet ports to give me wifi across the whole apartment. I dithered over whether to get two UAP-AC-Lite or one UAP-AC-Lite and one UAP-AC-Pro. My thinking was that the Pro would be better if I needed to add a mesh device in the future, since the Pro can handle more throughput that the Lite. But as a dev I've learnt that premature optimisation is the source of many evils and the Lites should, in theory, be more than enough for my current needs - and at nearly twice the price, this would have increased the budget a fair amount.


    +--------------+       +----------------+      +----------------+           +--------------------+
    |              |       |                |      |                |           |                    |
    |              +------>+   Optional     +----->+                +---------->+  Ubiquity AP       |
    |   ISP        |       |   Ubiquiti     |      |   Ubiquiti     |           |                    |
    |   Box        |       |   Security     |      |   Switch       |           |                    |
    |              |       |   Gateway      |      |                |           +--------------------+
    |              |       |                |      |                |
    |              |       |                |      |                +-----+
    +--------------+       +----------------+      +----------------+     |     +--------------------+   +--------------+
                                                       |          |       |     |                    |   |              |
                                                       |          |       +---->+ Ubiquiti AP        +-->+   Optional   |    
                                                       |          |             |                    |   |   Mesh AP    |
                                                       |          |             |                    |   |              |
                                                       |          |             +--------------------+   +--------------+
                                                       |          |
                                                       v          v
                                           +--------------+      +----------------+
                                           |              |      |                |
                                           |  WD MyCloud  |      |                |
                                           |  Drive       |      |  Ubiquiti      |
                                           |              |      |  Cloud Key     |
                                           |              |      |                |
                                           |              |      |                |
                                           +--------------+      +----------------+

Going with the 1st Gen cloud key, the 8-port switch and the Lite APs (all prices in EUR from Amazon.es):

  • Ubiquiti Networks UniFi Cloud Key UC-CK: EUR 80.42
  • Ubiquiti Switch PoE 8 Ports GIGABIT 60W: EUR 123.82
  • Ubiquiti UAP-AC-LITE - Access Point: 2x EUR 84.45

Total EUR 373.14 - which compares acceptably to 3x Google Mesh Wifi devices, which would come in at EUR 355. I could save some money by running the control software on a VM rather than the dedicated cloud key hardware, but as Troy Hunt said, I put a high value on my sanity.

Quite a bit of money to spend when I didn't know if I could get it working, but I put the order in and got everything delivered a couple of days later: Order arrived!

Implementation phase

I wish there was a story to tell here. But I just plugged them in, upgraded them and adopted them and it just worked. The closest I came to drama was not having enough ethernet cables, until I found another one in the box of misc cables that we have (the Ubiquiti devices don't come with ethernet cables in the box).

You will need a way of plugging a device into the network to set it up, so if you don't have a computer with an ethernet port or suitable adapter around, make sure you get that lined up.

The setup was very simple - plug the switch into the power, plug an ethernet cable from the existing ISP box into the switch on terminal 1, plug the cloud controller into one of the POE ports, and put the computer on another (don't forget to disconnect from any other wifi networks). Then simply go to cloud access portal to kick off the setup. I "adopted" the cloud key onto my network and upgraded it, then did the same with each access point in turn. The hardest part was thinking up a name for my wifi network.

I admit that my setup might not look the most professional right at the minute, but I have limited options and this is in an out-of-the-way spot so I'll probably tidy it up at some point in the future but right now this is ok: What a mess...

The choice of the UAP-AC-Lite over the Pro currently looks like the right choice, as we get good wireless connection throughout the whole apartment (always over 50mbps, mostly over 100mbps) without need for Mesh wifi. We'll see how it handles things as I add more devices, but I'm quietly confident that the two Ubiquiti access points will handle significantly more devices than the single ISP box we had before.

Playing around

The UniFi network control panel is super nice. I love that I can see all the devices that are connected in my network, and the UI provides a neat little graph to show which device is connected to which access point. There's also info on random bits like what the signal strength is, how much data has been sent and received, uptime, etc.

This gives lots of opportunity for snooping around. For example, the speed at one end of apartment was never getting above 100 mbps. Looking through the control panel, I can see that one of the APs is giving me a maximum speed of 100 mbps, while the other is 1000 mbps. There was a helpful little message saying "Connected (100FDX)" - which gave me enough info to Google and find out that the cable was the limiting factor (that'll be that old cable that I found in our random cable box).

There's a lot of fun to be had in the settings, which I haven't really looked around in yet. This is where I'm hoping I'll get a bit more insight into terms such as DHCP and subnet, find out what I can learn by looking through debug logs, and more.

Where from here?

I'm going be keeping a close eye on speeds and connectivity reliability, especially as I add more devices. Channel re-use and similar topics came up a lot on forums so I need to get my head around this, especially if I see any problems.

In order to get really nosey, I'd need to play around with DPI (deep packet inspection), which would be provided by the security gateway (which I didn't get). It's something I'll consider in the future - firewalls remain an area that I'd like to be a lot more familiar with and this might give me a good place to play around. Still, I'm a little worried that the security gateway would not be a straightforward plug-and-play device in the setup. People in the know have warned me that double-NAT can cause headaches so I probably need to get around to logging into the ISP box, turning off the wifi and putting it into bridge mode before I put in the security gateway. How easily I'll be able to do this in a foreign language remains to be seen - it might be that the solution I have is as far as I go for now.

Overall, fixing my wifi was both easier and cheaper than I was expecting. Once I'd got to grips with the basic terms and principles involved, everything seemed much clearer and more straightforward than the last time I tried to get anything changed on my home network. And I'm really pleased that I've got a sustainable system that can flex and grow depending on my needs. I've got a Udemy course on computer networks which I hope will complement the information I've got so far, and bridge some of the conceptual gaps both with what I'm doing here and the cloud infrastructure setups I'm used to working with as a developer.