Previously, on Prison Break:

For the past nine years, a venerable Asus DSL-AC68U wireless modem/router has dutifully been providing access to the pipes filled with cats to all my devices. It’s done its job so well, faultlessly, that I feel like I need to put it out to pasture while it still can be repurposed as someone else’s wireless router. Besides, it’s 2024 now, and the Wi-Fi 5 that it came with is positively pedestrian compared to what we have now, putting aside the glaring limitations of Australian internet speeds or your device’s ability to utilise that kind of speed. Plus, WPA3 is also a thing now too, and any security upgrade is always worthwhile.

The MikroTik Hex has been rock solid as a router. After a solid week of Googleing and configuring, I think I have it set it up just how I want.

In many ways, RouterOS reminds me a lot of when I played with dd-wrt all those years ago. There’s just as many options to configure, and while that means there’s a bit of a learning curve, especially if you want to start from scratch, basically everything is configurable, and there’s very little hand-holding. Want to use one of the Ethernet ports as WAN? Of course, take your pick. Want to remove one of the Ethernet ports from the bridge and use it as a backup/dedicated management port? No problem! RouterOS will tell you when your config is invalid, but it won’t stop you from doing something stupid if it is technically possible. It’s absolutely possible to lock yourself out from your router if you’ve configured management interfaces to be only accessible certain interfaces/network ranges, so it’s absolutely possible to shoot yourself in the foot. If you want, you can start from literal scratch; no DHCP server, no DNS, no firewall rules. I can tell you now; you haven’t truly lived unless you have setup your own DHCP server, even if all that really means these days is ticking a box to turn it on and configuring a few options like your desired IP address range. The next best thing is customising the one that comes with the standard default config, which is what I ended up doing.

But did the Hex fix what marginal levels of bufferbloat I had? Yes, absolutely, although I don’t have SQM¹ enabled all the time. For whatever reason, Opticomm FTTP connections are usually over provisioned in that I get slightly faster speeds (usually around 110 Mbps down, 45 Mbps up) than what I actually pay for (100/40), so I have SQM disabled outside of peak periods so I don’t miss out on that little bit of extra speed. It’s a small thing, but the way SQM is most noticeable is when I’m downloading something and watching a YouTube video at the same time. With SQM off, when that download is saturating my connection, my YouTube video drops quality and starts stuttering like it’s buffering over a dial-up connection. But with SQM enabled, I can download something and watch YouTube at the same time, without any loss in quality and without any buffering pauses. It’s a small thing, but SQM has made a minor but appreciable impact on my internet quality. If nothing else, now I can use my internet connection with impunity. Not like I didn’t before, but now I know it will actually work when I want it to, irrespective of whatever else I might be doing.

And yes, the Hex has limitations in terms of throughput with SQM enabled, but thanks to Australian internet speeds, I can save money by having a cheaper router. As it stands, apparently the Hex is good up to about 200-500Mbps with SQM enabled. Given that I’m not planning to upgrade my internet speeds anytime soon, that’s plenty, but if and when I do, a RB5009 (or its successor of the time) has my name on it. I’m still tossing up whether I want to “upgrade” to 250/25 for $4 more per month. While that may not be worth it, I can absolutely recommend SQM on any modern internet connection. If you have a one person household it might not be that big of a deal, but even I’ve noticed it, so I can only imagine how great it would be in a family home.

But honestly, the Hex is too fully-featured for my meagre networking requirements. I’m not running my own ISP, nor do I need any kind of failover. Fancy routing rules for specific traffic, or complicated NAT rules, are also outside of what I want out of my home network. I’m not even using VLANs or anything that would require me to know more about networking than I currently do. But it’s good to know that I can, if I want to in the future, or if my networking circumstances change, I can do all of that without having to redo my entire home network setup.

If I have hesitations about the Hex, is that it’s fairly basic in terms of features. While it does have a microSD card slot and a USB port, there are “only” gigabit Ethernet ports on the thing, no 10G SFP+, no PoE, and I can’t run containers on it like you can on some higher-end MikroTik hardware. It feels bad buying networking gear with only gigabit Ethernet in 2024, but unless I want to spend many hundreds more dollars and buy one of those little fanless mini-PCs that come with 2.5G/10G SFP+ ports and run RouterOS on that, I’m stuck with the hardware that MikroTik currently offers. I think the RB5009 would be great, but as it is, I can probably wait until the next iteration, as there’s basically nothing the Hex doesn’t do for me today. That changes if I get gigabit internet, but I can’t see that happening anytime soon, especially with the state of internet infrastructure in Australia right now. Further compounding this is that while you can get gigabit internet on NBN, the problem here is that Opticomm doesn’t seem interested in competing with the NBN² or even offering higher speed tiers, so the fastest that I can get is 500/200 at roughly triple what I currently pay. For a one-person household, that just doesn’t seem worth it.

So for now, the Hex has this strange dichotomy between incredible software with mid-tier hardware — fine, capable hardware that’s more than enough for home network usage, but lacking a few niceties and/or esoteric features that would have been “nice to have” in 2024.

As planned, I also purchased a Ubiquity UniFi U7 Pro and PoE+ injector. I initially set it up in standalone mode, and I can’t say I recommend it. Standalone mode might seem like a good idea, because then you don’t have to have the UniFi Network app running somewhere (either as an app on your computer, or on some other piece of UniFi hardware, or in a Docker container or similar), and theoretically you’re not (as) beholden to the Ubiquity deities for features and updates, but the thing about standalone mode is that it severely limits what you can configure on your AP. Using standalone mode, you can change your SSIDs, security settings, radios, wireless channels, transmit power… and that’s it! That might seem like a lot, but it’s incredibly basic compared to what you can normally configure on a UniFi AP which has a settings page so long it needs explanations of what all the settings do.

What I would recommend is setting up UniFi Network app on a computer to begin with, just so you can configure your AP how you like, then shutting down the app if you don’t want it running all the time. Interestingly, there’s seems like there’s some inconsistency between standalone mode that can be configured via the iOS app and UniFi Network desktop app. On the iOS app, there’s a toggle where you can turn off either of the 2.4/5/6GHz radios, but that doesn’t seem to be an option using UniFi Network. Even though there are way more options for configuring your Wi-Fi networks using the desktop app, including the ability to broadcast an SSID on 2.4/5/6GHz networks (or any combination thereof), it seems that outright turning off a radio isn’t a thing on the UniFi . You can choose to not broadcast an SSID over a particular frequency, but you seemingly cant turn off a radio altogether. There’s suggestions that any unused radio will turn itself off, if there’s no SSID broadcasting or utilising the frequency, but I wasn’t able to get this to work for me initially; then one day the UniFi Network app reported that the 6GHz radio was disabled, so YMMV. For the time being, until I have Wifi 6E or 7 devices, I’m setting the 6GHz radio to the lowest possible transmit power, which should be good as being disabled.

Now that I have the Unifi Network setup on a computer, I’ve been tossing up whether I want it to be running 24/7 on a Docker container on my NAS, or whether I’d be better of with running it in the cloud. There are ways to run a cloud-based UniFi Network for free or very low cost, but why would you want to when you can do it for free locally? Besides the whole cloud-vs-local debate in terms of security/updates/maintenance, the only reason you would choose to host your Unifi Network in the cloud is because you can then still get alerts when your home WAN connection is down; obviously if your home WAN is down and your UniFi Network is on that instance, you won’t hear about it if you have email alerts setup. I’m not sure how advantageous this is for me. If I’m at home, I’ll know my internet is down, and if I’m not at home, then there’s a good chance I won’t care. Because of this, and because I only have the one local Unifi network to manage, I think it makes more sense to host the UniFi Network locally. I’m just not sure if I can be bothered to do it on Docker or not as opposed to running it on a computer. If I care about stats enough, or if and when I manage more than one Unifi network, maybe I’ll consider hosting it in the cloud.

If you’re rolling your UniFi Network in the cloud on a VPS, there’s a great script that sets it all up for you on Google Cloud Platform. The only problem with that, for Australians, is that it’s not going to be entirely free. Even if you’re OK with your VM instance being based in the US, you don’t get free traffic to Australia. A better option is Oracle Cloud’s Always Free tier, but the setup script for that doesn’t have some of the niceties of the GCP one, particularly lighttpd, fail2ban, and a fix for MongoDB to prevent it from getting corrupted every now and again.

Having played with the UniFi Network app now, I can see why people have all-Ubiquity home networks. The interface is incredibly slick, while exposing most of the options that you would reasonably want to configure in a home environment. The integration between your gateway and access points is a compelling reason to have a UniFi-powered network, and if you need to manage multiple anything UniFi — networks, gateways, switches, access points — it’s supremely advantageous to having everything in the one place. Even if that means that some things, which you might not ever need, are harder to do. Of course, all that fancy UI comes at the cost of the company being able to change features and settings at their whim, but that’s generally a risk with everything.

But how big of a drawcard is having a great user interface and user experience if I’m only looking at it, at most, a few times per year? Home networking is supposed to be set-and-forget, remember. Wouldn’t it be better to have a barebones interface that is 100% reliable, rather than over-complicating it with a fancier and nicer user interface? If you have a home lab setup and need system-generated diagrams to have your home network explained to you as you configure it, then yeah, Ubiquity is a great option.

Compared to MikroTik, which has a basic, but functional interface, the difference is stark. The most graphics you get on MikroTik is line graphs of traffic, whereas it seems like UniFi does things automatically in the background like analyse wireless traffic over each of the bands and can automatically optimise your AP to use the right channels. There’s plenty of metrics being collected in the background which contribute to “experience” ratings for what quality connection your devices have.

But the other thing that drew me to MikroTik routers was their low cost of entry. The Hex that I picked up was $100, which is a really great price point that meant I could basically give it a go without having to outlay 2-4 times that amount for one of those mini PCs, or similar for a Ubiquity, or an all-in-one wireless router combo.

That’s my new home network in a nutshell. A MikroTik Hex router, a Ubiquity U7 Pro wireless AP, and the cheapest 2.5Gb switch I could find on AliExpress.

As long as it works, right?