Re: Ghosts in our 6 New Ubiquity Pros - provision issues.

["Bob Evans" <bob () FiberInternetCenter com>]

Great details !
Going to implement now.
Thank You
Bob Evans
CTO




> On 6/19/15 10:57 AM, Bob Evans wrote:
> > Thank You Charles,
> > Been on NANOG a while - all the basic stuff we know well. Like, cables,
> > cluster occurrences etc. Looking for the UniFi specific experience. Its
> > not the switches, power, cables, ports show no CRC issues etc.
> >
> > We even setup another network with just 2 and it happens randomly - so
> > its
> > some code or something.  Think I'm going to let one of the guys here
> > login
> > the the controller and see if we missed a setting in the latest code.
> > NANOGs real good at having someone with specific targeted knowledge
> > appear.
>
> I've got a bunch of regular UAPs spread out over multiple customers with
> various network setups including ERLs as routers, CenturyLink POS modems
> of various generations, Dink routers, etc.
>
> My controller is hosted off-site in Tacoma in our data center.
>
> Some issues I've run into, particularly on the consumer devices like the
> older CenturyLink/Qwest modems...
>
> 1) Broken MTU clamping/fixing on PPPoE links, causing the UAPs to have
> problems making a connection to the remote controller.
>
> Worked around by messing with the MSS using iptables on specifically the
> tcp/8080 and tcp/8443 port on the controller end.
>
> Other devices, had to make sure to disable the firewall feature on
> modem, in order to get it to stop eating ICMP packets (and thus breaking
> pmtu).
>
> 2) Faulty DNS server daemons on the routers.  The UAPs would have issues
> randomly resolving the controller's IP address from hostname.  Have this
> problem time to time with anyone using the built in DNS servers on the
> CenturyLink/Qwest modems.
>
> Resolved this issue by statically defining IP and DNS servers on the
> UAPs (DNS server set to 8.8.8.8).  Also had to disable the firewall on
> one of the routers to get it to not intercept/mangle DNS packets.
>
> These two issues alone have caused me major issues with the devices
> randomly being unable to get new configurations or download firmware
> updates.
>
>
> On network switches connected to the UAPs, make sure that you've got the
> port set to whatever the switches' version of cisco 'portfast' is.
>
> In the Site Settings under the Unifi controller, disable "Enable
> connectivity monitor and wireless uplink" and see if the problem eases
> up.  If you need to use the uplink monitor, manually set the IP you want
> to check with, and make sure the UAPs can actually ping said IP.
>
>
> I'm the head mod for /r/Ubiquiti, so feel free to bounce things off of
> me privately with your Unifi setup, and I'll be happy to give you a
> hand.  I can also direct you to the unofficial Ubnt IRC channel where
> you can get a bunch more opinions.
>
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org    /     http://www.ahbl.org