What we want in a Prosumer Network Device

What we want in a Prosumer Network Device

Ubiquiti has become extremely popular over the past few years with IT professionals and regular consumers wanting to upgrade from poorly maintained/ secured home network routers. The massive benefit of the the Ubiquiti (UniFi specifically) lineup is that it provides the following features:

  • All-in-one Wireless LAN management
  • IDS/ IPS
  • VPN support
  • Multiple VLAN’s
  • Multiple internet interfaces
  • Polished UI (mostly)

The problem is while having all of these professional-grade features in a consumer device, the problem is that while they are all a reasonable step-up from the consumer devices, they fall short of being true professional-grade devices where if you want advanced functionality, you’re severely limited. Before people say, “it’s prosumer, not consumer”, I totally understand! The problem is, Ubiquiti’s EdgeMax line doesn’t really provide the same functionality (especially around WLAN management and UI).

Some of the larger pain-points that wishes I had an alternative are:

  • Only 4 WLAN’s available per WLAN Group
  • 1st class support OpenVPN is not great. You can’t use certificates.
  • Internet-failover is supported, but largely requires manual configuration
  • USG-3 doesn’t have enough memory to run a larger (non-default) IDS ruleset.

At the time I originaly drafted this, the Sunburst malware was just disclosed and is not covered in the IDS malware updates. When you try and (manually) add a new and larger rule-set, I have run out of memory on the device.

So what do I want in a prosumer networking device is as follows:

  • Minimum of 8GB memory
  • First-class support for failing-over (without having to hand-edit files)
  • Fully-featured IDS/ IPS (something similar to Snort)
  • Full VPN support. I realize there’s 1000 options in OpenVPN, but if you could upload a configuration file and not have to worry about manually managing one, that would be amazing!

To be honest, there is a reasonable gap here between Professional level gear and what Ubiquiti offers. PFSense is a great option, if you’re not running a wireless network. I do hope that the new UXG-PRO can help fill some of the gaps (although the specs leave me concerned), however for now, we struggle-on hand-editing config.gateway.json hoping we didn’t make a mistake.

The future

So what’s the future? At this stage there is still a large untapped market with running eBPF on home networks. eBPF only requires a recent Linux kernel and runs exceptionally efficiently which makes it perfect for small NUC-like devices. I can definitely see a company utilizing eBPF to create a pro-sumer network software platform based of a NUC similiar to https://protectli.com/product-comparison/.

What I would love to see would be something like this:

  • eBPF (XDP) based firewall
  • eBPF (XDP) based DPI using open-source rules
  • pi-hole software included
  • Self Service VPN (that supports manually configured Open-VPN and Wireguard)
  • A certificate authority
  • WLAN Controller

The future is for the taking!

Last modified: 1 June 2021