Site Magic - SD-WAN

Ubiquiti : New Feature - Your own SD-WAN solution for Multi-Site's?

Published 31/07/2023
Leave a comment

Even though it's not new it's still very cool and extremely useful. And above all it's license free.

For more info you can read the official announcment

So what does it do?

If you have multiple offices, locations or homes running a Unifi-OS console. you now have the ability to “link” them together as a “Software Defined Wide Area Network”. Essentially allowing you to directly access network resources from one to the other as though they were all on the same private network. 

You could for example access the printer at your parents house, or your home NAS. 

Sounds like a VPN?

That's because it kind of is, it's built using a VPN technology called Wireguard which is a great for connecting one or more servers/systems together even when one of those is behind a NAT or firewall.

In-fact it's very much like an overlay network such as TailScale, HeadScale, Nebula, which allow you to create separate physical and logical networks for your environments So you can for example have multiple  server's that think they are on the same network but are actually located different data centres, or even in a hybrid on-site/off site design.

The thing to remember though that this is intended to be much simpler to use, and so there are a few restrictions that you need to bare in mind.

  1. You need to be the "owner" of all the sites. The “owner” is a magic admin role which is kind of a a problem for Ubiquiti. This is fine for smaller deployments but with larger systems your going to want more than one person to be able to manage these networks.
  2. You can't have overlapping networks. So some pre planning will be required just to ensure your IP Ranges are unique to the site.
  3. You need one site with a public IP - which can be dynamic.
  4. It doesn't at time of writing support IPv6. 

It's important to note that some ISP's (e.g. StarLink) use a technology called CG-NAT which does cause confusion as it means you have a private IP not a public one, so while you can still use a site connected via those ISP's - you will need at least one other Unifi-OS console that has a real Public IP.

 

 

Leave a comment

Your email address will not be published, comments will be reviewed for content before being published.