Category Archives: Reviews

Synology

Posted on by
Reply

A friend recently sent me a Synology RackStation that was destined for e-waste. Full of drives no smaller than what I feed my existing storage server, no less. A good friend indeed, amiright?

He said it had been upgraded to the 6GB “maximum” — 2GB “onboard” plus a 4GB DDR3 SO-DIMM. I don’t know much about Synology hardware but in the past I’d randomly acquired the knowledge that sometimes the “onboard” RAM is actually a SO-DIMM on the underside of the board.

Underside of Synology motherboard showing additional SO-DIMM socket

And sure enough, there it is. Seems an odd design choice given that this RackStation’s motherboard is so much larger than it needs to be… but I guess odd choices are the norm for companies that tie their software and services to seemingly over-priced custom-engineered hardware instead of just selling software and services on their actual value.

Synology System Information screenshot showing 16GB RAM recognized.

So my RackStation now has 16GB RAM. In theory this system should support 32GB RAM but 16GB DDR3 SO-DIMMs carry around a 10X premium over 8GB so I’m not about to find out.

Dashboard of the Synology Active Backup for Business

To me the killer Synology feature is Active Backup for Business, which is only available on certain models (+ / x64?). As a total slut for centrally-managed backups and bare-metal restores, I moved to urbackup after Microsoft abandoned the fantastic client PC backup system included with Windows Home Server & Server Essentials. Urbackup is about the only Open Source backup system that does Windows decently, is properly multi-platform and multi-arch, and offers change block tracking and Hyper-V host-based VM backups as commercialized add-ons for reasonable fees (or free via the community edition of their commercialized virtual appliance).

ABB is much better by most measures. It’s prettier. It’ll do agentless VMware and Hyper-V VM backups. It can backup “unsupported” platforms via rsync and SMB. Backup times are fast — none of my daily tasks run over 15 minutes — and with a household full of laptop users that’s critical to keeping them current. I’ve yet to try a bare-metal restore but individual files and whole VMs run about as fast as the storage/network can muster.

I see a few areas where ABB could do better:

  1. Backup task settings are individual to the device. There are Templates whose settings are applied at the initial creation of a device’s backup task, but after that the task’s settings are independent from the original Template. There’s no mechanism to perform changes in bulk. It is possible to create a new task for multiple devices at once, but that will create individual tasks for each. Backed up data is tied to a particular task and the interface warns that removing a task will remove all the data, so that’s not a path to faking bulk updates. 

  2. From the Portal, the presentation of BitLocker-encrypted volumes within Hyper-V VMs is concerning. BitLocker-encrypted volumes from “PC/Mac” and “Physical Server” backup tasks are visible and browsable through the Portal like any other volume, but from a Hyper-V VM backup the volumes do not show up in the Portal at all. I tested an Instant Restore to Synology’s Virtual Machine Manager — the volume was properly restored and, unexpectedly, VMM provided vTPM functionality so the VM operated normally after initially entering the recovery key.

    So this is a case of the Portal interface being misleading and not an actual problem. 

  3. ReFS volumes are not supported. ReFS is over a decade old and still struggles with 3rd-party support. Heck, it’s not clear that Microsoft really wants to support it as a general-purpose filesystem. Which is sad because we’ve got nearly 20 years of ZFS advocates shouting at us that copy-on-write, checksumming filesystems are the greatest thing since the hierarchical filesystem and if you’re not using one you don’t care at all about your data and probably kick your dog.

    I mostly use ReFS for Hyper-V datastores so this is an effective way to filter them out from backups of a Hyper-V host as a “Physical Server” without having to manually customize their backup tasks. 

  4. BTRFS volumes are not supported. Which is odd because it requires BTRFS for backup storage. Despite its protests, in my testing it did backup an LVM-based BTRFS system but does not restore LVM to a usable state. BTRFS within a Hyper-V VM was fine. 

  5. Linux Agent is x64-only. If you want to backup ARM/MIPS/RISC-V/32-bit Linux devices, you’ll be doing it old school via rsync or SMB. But at least it’ll be a centrally-managed pull instead of an unmanaged client-initiated push where you’ll need to come up with some other method to notice when your backup jobs have failed (you always have monitoring of your important cronjobs, right?) 

  6. Desktop “PC/Mac” and Windows/Linux “Physical Server” are handled slightly different. A Windows “Physical Server” backup can be restored to VMware/Hyper-V/VMM while a “PC/Mac” backup cannot. A Windows “PC/Mac” device can be changed to a “Physical Server” but not the reverse. And, sorry Linux desktop users, you can only be a “Physical Server.” There’s also a minor scheduling difference, see below. 

  7. Backup scheduling is rigid. Backup tasks are scheduled for specific times and days-of-the-week and will not be made up if missed or interrupted. For PC/Mac backups it is possible to have a backup task triggered when a user logs off, the screen locks, and/or at startup, but for laptop users those may not be sufficient to stay within desired backup intervals.

    With all of the backup systems I’ve previously used, I would define backup windows and target intervals and the system would figure out when to actually initiate backups. Missed or interrupted backups would be made up automatically at the next window or availability of the client, depending on the configuration. 

A problem for Future Me is that DSM 7.2.x will go out-of-maintenance in mid-2025 and it’s probable that 7.3 will not support this hardware. The current nearest equivalent is the RS2423+ at $1,999.99. That’s a big chunk of change to spend up front for backups over the 7-9 years of expected support. A RS822+, DS1522+, DS923+, DS723+, or even DS423+ might be suitable for Future Me’s primary use case of backing up other systems, I’ll need to see how much storage backups consume after soaking for a year… but it’s hard to get over my preference for software that doesn’t lock me into hardware.

Taylor Swift: It's me. Hi. I'm the problem, it's me.

Blasting WiFi across the street

Posted on by
Reply

I have a lot of front yard to maintain.

img_0160

UMA-D_Front_Angle

It would be nice to have good WiFi signal while mowing all this lawn. There’s an AP in the attic above the front door but the signal doesn’t reach all that far, maybe 30-40′ out. I needed something with a bit more oomf and the UAP-AC-M + UMA-D antenna combination sounded like the perfect solution.

If you haven’t heard, the UMA-D is a tiny miracle antenna: dual-band, 15dBi, 45-degrees on 5GHz and 90-degrees on 2.4GHz, for $99. It transforms the otherwise unimpressive UAP-AC-M into a directional WiFi blaster that will send its signal hundreds of feet downrange in open terrain.

As an initial test, I placed the combo in the bonus room knee wall space:

img_0157

Blasting through my roof I was getting about 180Mb/s of download speeds to my iPhone XS… from across the street! That’s 140-ish feet away.

Of course, that wasn’t good enough for me, so I found a pre-existing hole to run an Ethernet cable to and mounted it outside the garage.

img_0214

The improvement is incredible.

img_0269

That’s from my phone. 140 feet away.

If you need to blast a WiFi signal far away outdoors, the UAP-AC-M + UMA-D are a powerful and affordable solution.

60GHz Point-to-Multipoint Backhaul

Posted on by
Reply

This past weekend I finally had everything in place to deploy my Mikrotik 60GHz gear to backhaul the WiFi being installed in my pool house and detached apartment. There are a few reasons for choosing the 60GHZ equipment over using wireless uplinks within UniFi or running AirMax gear:

  1. For wireless uplinks I’d still need to mount an AP on the outside of the house. Brick exterior terribly degrades 5GHz signal.
  2. Mikrotik advertises gigabit, full-duplex. The headline numbers for AirMax AC gear are substantially slower and half-duplex.
  3. The 60GHz band frees me from concerns about interference from neighboring WiFi. Or my own.

I already had a Wireless Wire kit I’d intended to use for a PtP link at my old home, so I just needed to add a WAP 60G AP unit to enable PtMP. And figure out where to mount everything.

img_0268

The previous owners helpfully left me a couple holes where they’d mounted cameras. But climbing up the maximum reach of my ladder while drilling a mount above my head wasn’t something I really wanted to do.

Fortunately I found another set of holes coming off the living room. I wasn’t sure I could safely climb back down from that attic space, so first I embarked on a project to add another 2×4 step to the studs.

For mounts I used Ubiquiti’s UB-AM. On the house end, the Ethernet cable goes back to my main PoE switch in the bonus room closet. At the remote ends I’m using the Mikrotik PoE injectors with the data side connected directly to the data end of Ubiquiti injectors that power the WiFi APs. I figured it wasn’t worth installing switches in each location just to run a single AP, but if I install more devices later I may add them.

RouterOS is a bloody eyesore, but Mikrotik thankfully provides a quick-start interface for getting the units connected to each other and it was relatively painless.

The moment of truth was turning on the bandwidth test server on the AP side and getting both CPE units to bi-directional tests concurrently:

Screenshot 2018-11-06 at 9.16.06 AM

That is up to 1.9Gb/s of aggregate bi-directional throughput! Amazing. Individually I’m seeing about 1.3Gb/s, which is quite a bit less than the advertised 1Gb/s full-duplex rate, but 2-3X what I’d expect from AirMax AC gear in this scenario.

AmpliFi’d

Posted on by
Reply

Irma took me out for a few days, but I’m back!

Lately I’ve been trying to make sure all of the tech at my girlfriend’s home can actually be managed by her, should I be hit by a bus and fall into a coma. I was in the process of building a Sophos XG UTM, decided to buy a Circle instead. Kids needed a computer, so I got them an LG ChomeBase instead of going through the hassle of making Windows secure and kid-safe. She had some home automation going with a Wink Hub, Echo Dots, and an assortment of LED smart bulbs, so I handed down my EcoBee3 when I upgraded to the 4.

The EdgeRouter PoE and UAP-AC-Lite combo were the remaining weakest link in terms of self-management and control. The ER is wholly unsuitable for mere mortals, and while the UAP could theoretically be reset and managed entirely via the phone app… that would be another hassle to deal with in my absence.

And I also had a coverage gap I wanted to address. I’d place her AP in an alcove to keep everything neat and tidy, but it’s a horrible spot for 5GHz propagation to the back patio where I often work. Dropping a UAP-AC-M or UAP-AC-Lite near the area and using the wireless uplink feature would have solved it, but that’s adding more complexity where I want less.

Enter AmpliFi Mesh:

AmpliFi Mesh

The early reviews on this product weren’t all glowing, from the technologist’s perspective it has a number of compromises and a purposeful lack of features, but from the I want a multi-AP setup that the girlfriend can easily manage from her phone perspective it ticks all the boxes. Since the initial launch they’ve simplified the product line, the Base and LR mesh kits are gone and the HD Mesh kit has dropped a couple hundred bucks down to $349 retail. I picked up a used kit on eBay for $200-ish and I’m not sure which version it is.

I’ve configured the system in bridge mode behind the EdgeRouter while I figure out how to replicate my site-to-site VPN. The Mesh units are placed in the laundry room downstairs and the hallway upstairs, and I am bathing in glorious 5GHz coverage where previously it was spotty. I’m sure it’s not the absolute fastest using 2.4GHz for backhaul but the Internet connection here is ~60Mb/s and I’ve no trouble achieving that throughout the home despite this being an apartment complex with a bazillion 2.4GHz APs in view.

So far, I’m liking it a lot… it addressed my pain points at an affordable price and is gorgeous to boot. Since I’m just using the wireless functions there isn’t much to dislike, but one minor nit is that it doesn’t support Guest access in bridge mode.

Would recommend for situations where an EdgeRouter / USG + UAPs are overkill and a high-quality simple solution is desirable.

Update: Troy Hunt put together a thorough review of an AmpliFi install with lots of screenshots.

Final (maybe?) Update on ER-X / ER-X-SFP Aggregate Performance

Posted on by
Reply

It has been confirmed to me that the ER-X / ER-X-SFP have only one 1 Gb/s link between the SoC and switch. Since every packet that enters the SoC through that link will have to exit the same path, 1 Gb/s is the maximum aggregate throughput.

I’ve not been able to garner any interest in why bi-directional testing take a substantial performance hit. I may try some earlier firmware releases in the future but for now I’m moving on from this subject.

ER-X vs ER-X-SFP Performance

Posted on by
Reply

See Preliminary Observations of the ER-X for the story leading up to now. I retrieved the ER-X-SFP but after giving it some more thought I concluded that the SFP port shouldn’t provide better throughput because it has to be hanging off the switch.

But I decided to test away anyways. Here’s a baseline iperf run of my test setup:

iperf-laptop-no-router

About what I’d expect from the hardware I’m using: 908 Mb/s uni-directional, 1,465 Mb/s aggregate bi-directional.

Here is the ER-X, with eth0 WAN and switch0 / eth1LAN:

iperf-er-x

The bi-directional result of 765 Mb/s is one of its better runs, high 600s to low 700s was its general range.

Now, here’s the ER-X-SFP in the same config:

iperf-er-x-sfp-eth0-eth1.png

It takes a hit, tho it’s results were consistently in the high 700s — a tiny bit better than the ER-X.

Now let’s try it again using an RJ45 SFP in eth5 as WAN:

iperf-er-x-sfp

929Mb/s bi-directional! And consistent! So it performs better… and I’ve no idea why… but clearly the platform is limited to 1Gb/s aggregate throughput.

As a sanity check I ran the same test against an ERLite-3 and was able to get > 1,700 Mb/s using multiple threads. Using multiple threads against the ER-X did not affect the results.

Both ER-X and ER-X-SFP on v1.9.1.1, configured using the Basic Setup Wizard for single LAN, with set system offload hwnat enable and port forwards for 5001, 5201, and 5202 TCP & UDP (iperf / iperf3​).

Preliminary Observations of the ER-X

Posted on by
1

I’m going to work up a thorough review soon, but preliminary testing confirms what others have seen: Bi-directional performance of the ER-X is sub-1Gb/s aggregate and a fair bit lower than uni-directional performance. I’m seeing over 900 Mb/s uni and low 700 Mb/s for bi-directional NAT’d traffic on v1.9.1.1.

I’ll do more testing with routed non-NAT traffic next week.

I’m surprised more attention hasn’t been brought to this given how often the ER-X is promoted as a cheap router for Google Fiber and other Gigabit FTTH offerings. The reality of the ER-X is that it’s more like a 350/350 router than Gigabit. 

In trying to understand why this is, I came across a blog entry speculating that one of the 1Gb/s interfaces from the SoC is reserved for the SFP on the ER-X-SFP. I’ll be swapping one of these ER-X’s for the ER-X-SFP at my girlfriend’s home to test if there’s a performance improvement using eth0 and eth5 on the ER-X-SFP vs eth0 and eth1 on the ER-X.

Another item of note: Pass-through PoE does not require a 24v PSU! The included 12v PSU is only 0.5A and not suited to powering anything else — it will, but expect stability problems under load, or perhaps a fire — but any 9v-26v PSU that supplies more watts will work. An upgraded 12v PSU will generally be a few bucks cheaper than 24v.

UniFi v5.6.x Goes Testing!

Posted on by
2

UniFi 5.6.10 Testing has dropped. I haven’t been paying much attention to the v5.6.x Unstable releases as I’d been waiting for v5.5.x to become Stable, but now that we’re here… Here’s a run down of the differences I see from v5.5.19 -> v5.6.10.

USG Properties

First and foremost, a bunch of things have been removed from the Properties pane for the USG. Rejoice! All of that stuff has been moved to various places with Settings.

The Advanced section offers lots of new goodness, including control over Offload features.

Site

Over in Site settings, we now have control over SSH access. Previously SSH was always enabled.

Wireless Networks

Fast Roaming for 802.11r devices is now available. Use at your own risk.

Networks

Networks brings much more control over DHCP. Highlights are DHCP Relay, being able to specify a gateway other than the USG, and control over various settings used for PXE and VOIP booting. It’s not everything we’ve always wanted but it’s a great first step.

Firewall Settings

Firewall has a new Settings tab with all sorts of knobs to tweak.

Port Forwarding

And Port Forwarding has been moved to the Routing & Firewall section.

admins

More control over user permissions are now available.

logging

Fine-grained control over logging.

And the next several shots show the various new tabs under Services.

DHCP Relay

DDNS

mdns

upnp