UniFi, Get your (IPv6) act together!
Today I rant on the state of IPv6 support in ‘enterprise’ equipment.
Support me on Ko-Fi if you enjoy my content and find it useful:
https://ko-fi.com/apalrd
Feel free to chat about IPv6 deployment on Discord:
https://discord.gg/xJsaEukAr4
For anyone who’s still curious why NAT is bad:
https://tailscale.com/blog/how-nat-traversal-works/
#ubiquiti #ipv6
ipv6
I don't know which old Mikrotik Wifi devices you have. For some old Mikrotik Wifi devices it is now possible with the new Mikrotik firmware updates to replace the Wifi package and install the Wifi Wave 2, where it was previously not possible due to insufficient RAM. As far as I know, this is not possible with the MIPS devices, but ARM is required. I assume you have that. Best regards from Germany 🙂
Well done
Video Idea. I have no IPv6 ISP options, zero. using pf or opn sense, how could I set a IPv6 lan and translate that to a IPv4 ISP. Or does that way lead to madness? Thanks for the great videos!
Try an ISP that has DHCPv6(prefix delegation) without RA……
I have a router that is working fine for IPv6, everything works beautifully for wired, with DHCPv6-PD from my ISP giving prefixes to my subnets and then stateless auto configuration internally. But my wireless AP is a UniFi, and all the SLAAC router advertisements and everything just don’t get through… IPv6 just won’t work at all for me for some reason. I can’t find anything in the docs, and people in community threads tell me to change an option that disappeared out of the UI seemingly in an update that came out about three months before I started trying to get it to work. Now I have no idea if it’s been moved and renamed and what the setting is called now…
UniFi has always sucked at L3 stuff. When one of the guys that started pfSense left for UniFi I thought he'd have a real impact on UniFi's firewall & L3 feature set, it's barely changed at all. I rolled out IPv6 to my home network a couple of years back when my ISP rolled it out. It was a real adventure I can tell you. What it really highlighted was just how bad most networking gear manufacturers IPv6 support is. My ISP hit numerous IPv6 bugs on their Cisco ASR BNG's. It's was really only Linux, Windows & iOS I had no issues with. I had to rework some of my VLAN's because Android doesn't support DHCPv6 & one of my L3 switches doesn't support SLACC RDNSS. I hit multiple IPv6 bugs on my pfSense firewall, the main one of these also affected OPNSense as pfSense used the OPNSense patch to address. pfSense itself doesn't have full feature parity between IPv4 and IPv6. I spent all that time, I learnt some stuff and at the end of the day it didn't really make any difference to my network because I do have the luxury of a static public IP4 from my ISP and I now have to debug two protocol stacks when I've got a issue on my home LAN instead of just one stack. The other thing is the ISP tries their best to keep both all their IPv4 & IPv6 routing optimised but it's not uncommon for my to find a IPv6 resource has a high latency than if I accessed it via IPv4. Lastly privacy addresses drive me nuts trying to locate which device on my LAN is being a bandwidth hog.
Great Video. IPv6, mDNS and IGMP are all garbage on Unifi, even now in 2024. You are right, this is totally unacceptable. I also do some home automation and Matter relies on IPv6 and this is also highly unpredictable with Unifi. I am considering going to TP Link Omada and selling my current Unifi equipment and cameras.
When you were talking about 802.11, did you mean AX on 2.4GHz? If that is the case, as far as I understand it the standard doesn't actually support AC/AX on 2.4GHz officially and the the 2.4GHz only has BGN and 5GHz has A,N,AC,AX
Thank you for making this. UniFi has been the bane of my existence for the last 5 years. Once I started IPv6 adoption it’s been much worse. I don’t understand how such a flashy and “modern” company can be so behind. It seems UI is really more for prosumer or very small businesses. If I didn’t have some protect cameras I would be dumping this trash.
Thank you! IPv6 is a nightmare on UniFi, I'm really really disappointed at the moment, even the cheapest competitiors are beginning to do it better by now. I really hope IPv6 gets a first class feature this year.
I work for an MSP and we roll out ALOT of unifi equipment. I can confirm, at leasr here in Miasouri no one thinks the end of IPV4 will ever happen in a way that will hinder business. I hope UniFi gets their act together soon, or I'm going to be going to alot of our clients and replacing not that old/performant equipment.
worked in IT infraops network etc. for ~20 years and ipv4 still dominates most even very large and rich enterprises internal management networks, ipv6 maybe for public stuff but still ipv4 dominates a lot in IT infrastructure. Most ipv6 I saw is from mobile networks. sad but true ipv4 will be dominant in it for foreseeable future… also where I currently live ISPs and IPV6 dual stack is huge mess they use some crazy proprietary IPoEv6, only very specific crappy domestic routers support this ipv6 implementation by local ISPs. Making this ipv6 connection work on pfsense/opnsense even unifi or any decent router for that matter is close to impossible, so I try to avoid ipv6 as plague.
Imagine not having a layer 3 switch in 2024 come on sheesh unifi
IMHO, checkpoint VPN-1 is to blame, indirectly, when they fully implemented RFC 1380 (NAT) around 1997 and became very popular in corporates. This anonymized IP Addresses behind firewalls especially class A used in the IBM 9. network. The best feature of IPV6 is also its achilles heel and that is its ability to route directly to an IPV6 client whatever the clients are. As a bad actor you instantly loose anonymity and these days "bad actors" include all kind of governments and high net individuals that do not want any information leaked for nefarious reasons. Here in Malaysia Maxis/TM provides a useless /64 delegation so they can see you but they rotate the addresses, both IPv4 and IVP6 (when that works) EVERY Monday morning just to make IT's life interesting and they have no plans to change that. Believe me, they are not luddites, they know what they are doing as far as anonymity is concerned. I disagree with you about IPV6 going mainstream though even though as a network engineer I would like nothing better. Just take a look at IPV6 tunnel brokers and you will see most have folded and the few left are not that great. Think of IPV6 addresses as a method for internet "bounty hunters" to track you down and take you down and you will understand why the original idea of each device having a (static) IPV6 address will not work in this current climate of distrust. People wonder how mobile phones can be tracked so easily by those who are supposed to serve us, well, duh. Thanks for the great channel though and top content!
Seems Unifi are so far behind the IPv6 band wagon as it's not even funny. IPv6 been around for Y E A R S so it's something they should already support. Ah well, I guess they're half-assing it right now.
What is the monitor by your keyboard called?!?!
Oh yeah, as much as I like UniFi for Wi-Fi APs and Switching… unfortunately they are useless for IPv6, VPNs, firewall and routing in general and absolutely, pfSense does much better job here. Ubiquity attitude to IPv6 is disaster.
I enable L3 routing on my Unifi enterprise switch which is behind my OPNSense router, then i realized it can only do IPv4 L3 routing. Unifi are so behind the game.
for a company claiming to build the future of IT… you guys should at least support, like, at least the current state of IT 😂😂😂😂
When your network is large enough that you need v6 internally Ubnt is just not for you. It's not for enterprise-level stuff, just SMB and prosumers. But I agree that it should give you info about v6 on the WAN side, as that is where SMBs and homes get more and more v6+CG-NAT.
Yo speaking of opnsense being better, you still planning on more opnsense videos?
Hey, so this video is very interesting. I’m asking this at a true curiosity what do you use the IPv6 address for? I work in IT, granted on the app development side, but for any kind of operations or infrastructure, my company which is a giant fortune 100 company. Everything internally is referenced using IPv4. Like I said I’m on the app development side so I don’t know all of the different products, I have not come across one instance of us using IPv6 address. What is the benefit?
if you wanted to get away from unifi wifi APs, what would you recommend? price being the main factor
just update to 8.0.26
IPv6 is just around the corner
github doesnt support ipv6
May be common solution is only AP from ubnt, and may be Poe switches. In my experience there are no issues with IPv6-only VLANs. Of course management vlan is ipv4.
19:49 Microsoft is part of the problem here for IPv6 adoption. How do we get Microsoft to do it proper ?
While IPv6 is getting more and more common, a lot of the BIG providers, including Cisco on many of their devices and services, are not yet fully IPv6 compliant.
At least unifi ipv6 works reliably. Switched from tplink when it was having more bugs than even the verizon 5g modem as the router.
I have used Unifi AP in my apartment for years and I setup my parents with two Unifi APs at their house last year. I planned to manage them from my apartment but the fact the APs don't work with IPv6 to talk to a controller means I've had to run a controller off my mother's desktop for now. That desktop only sometimes gets turned off so that means things like updates to the APs are rare. I will hopefully soon drop a old router on their network as a VPN connection so that the APs can reach my controller but I would much rather them just be able to reach my controller using an external IPv6 address but alas they can not.
When selecting columns to show, one of the options is "IP Address." There is NO option for IPv4 or IPv6. It just says "IP Address."
A realistic view of Unifi on Youtube… Wild.
I like that you call IPv4 "legacy" and IPv6 "modern".
Quality channel.
btw, WireGuard 1st-party apps prioritize the jurassic protocol for its endpoint connection, even if the endpoint is capable of using both protocols (IF jurassic is present THEN use it AND STOP, FORGET EVERYTHING ELSE).
As their apps are FOSS, you can search on your favorite jurassic git repository, see their efforts in solemnly ignoring all PRs to fix less than a dozen lines of code – I can't put links here because I'm not a cryptobot scammer
My only IPv4-only network in my entire home lab is my UniFi network.
Everything else on all the other networks is either IPv6-only or dual stack.
Ubiquiti being so terrible at IPv6 for so long is just comically bad.
I'll boost your engagement.
Unifi sucks in many ways. IPv6 is just one of them.
My ISP doesn't support IPv6 anyway on the Residencial side. So I need a router that can handle IPv6 tunneling. Unifi definitely isn't designed for that.
Any people deploy this in the enterprise…. yea. No thanks.
@12:46 From working with businesses big and small.. in my experience is nobody is switching to IPv6. I use it at home, but when I’ve pushed for it it’s always met with much more resistance than I’m willing to fight against
I subscribed to your channel! Congratulations on showing important points!