We have always had issues with the wifi coverage in our house. The FritzBox modem / router / wifi is located on one side of the house where the telephone line enters the house. Already on the other end of the house the reception is bad if you are sitting in the corner; outside in the garden there is no reception whatsoever. Now, I could have bought a wifi repeater which would in all probability have done the job; but I have always been curious about networking technology and was also interested in getting something that showed me a better breakdown of network traffic — e.g. something that would explain why our data usage keeps creeping up (not a major issue since we are on an "unlimited" plan, but still). With this in the back of my mind I happened across Ubiquiti's Unifi range and got sucked into that.
I still want to keep the FritzBox — it is a reliable modem with great reporting of the DSL state and we use the seamless combination of landline (I know, we are dinosaurs) and VOIP via SIP. Once you start with this it is really hard to stop. I early on decided that I didn't need the "cloud key" which is basically a very simple small computer with their admin software running on it. Instead I just used a raspberry pi I had lying around and installed the software there (Following Howard Durdle's post on using the USG on a raspberry pi.) But that's where restraint ended; I did get the router (called "Unify Security Gateway" - USG), a small managed switch (the smallest one with POE), and three wifi access points. I think two access points would indeed have been enough — my thinking was to place two inside at opposite ends of the house and have the third one outside pointing into the garden. That last one isn't really needed, I see the indoor AP in the garden as well, but, oh well…
Setting things up is not trivial but fairly straightforward, especially after watching lots of videos on the internet (I watched mostly Youtube videos from Crosstalk Solutions. The most interesting issues occurred when I had my laptop connected to both the FritzBox's network and the USG's network where weird things with routing happened.
Migrating all network clients from the FritzBox's network to the USG's network was sort of incremental and went fairly smoothly. The network topology I ended up with is like this:
USG → Switch → … internal networks Internet → FritzBox ↗ ↘ FritzPhones
The FritzBox's firewall is configured to forward outside ports not to the original machines but to the USG which then has another set of firewall rules to do the next level of forwarding (ugly but not too much an issue — I don't have that many services exposed to the outside world). You can configure the FritzBox to automatically forward all traffic on delegated IPv6 prefixes, so the manual forwarding is only required for legacy IP (aka IPv4). While IPv6 support in the USG's interface is still marked as only "alpha" it does work fairly well; you cannot have IPv6-only networks it seems (not that I'd need/want that but it would be interesting to play around with) but it is perfectly happy to get some prefixes via PD and allocate them to VLANs as well. (Using a separate set of ULA prefixes is apparently possible but I haven't done that yet — my ISP provides static addresses so my prefixes never change.) For internal traffic you can have a static route on the FritzBox for the RFC1918 networks used behind the USG. The USG is fine since it has its WAN address in FritzBox's network, so it knows how to get there and I don't use VLANs with the FritzBox.
You can actually configure the USG to not do NAT on the WAN interface to avoid double NATing IPv4 traffic. This is not possible via the web interface but requires you to tweak the configuration by placing a json file into a specific location (not the greatest way of doing things but it works quite reasonably). I had that working at some point but lost that change when making other changes. It took me weeks to notice so I decided it wasn't worth it and never put it back.
At some point the raspberry pi had disk issues and it was basically impossible to get the Unifi server working again. (The server uses MongoDB which apparently makes it notoriously liable to just break when that DB has issues.) Luckily I had a fairly recent auto-backup generated by the server and then restored that onto our main home server. I had to factory reset the Wifi endpoints and re-associate them with this new server but that was a fairly simple procedure. As I understand it you don't even need the server running all the time to keep things ticking, but now that it is running on the proper server things have been running smoothly (plus the backups are far more reliable).
Once everything was running fine I just switched off the Wifi on the FritzBox. Interestingly, it seems to switch itself on on its own again from time to time (after a reboot?) but after I change the wifi password our devices no longer auto-connected to that.
So, was it worth it and what is good and what is bad? It is definitely cool to have a more interesting network stack. E.g. configuring VLANs for guests and for VPNs where you can assign specific switch ports to be on that VPN. I still want to make the USG a VPN server as well (wireguard? tinc? or just the built-in OpenVpn?) but that is certainly in the realm of the doable (and then again, I already have that set up with the FritzBox as well, so it's not a priority). The monitoring is definitely the biggest disappointment. It's all very pretty but at least I cannot make any sense of the numbers shown. It's not clear for what interval the measurements are shown and the numbers don't seem to add up to what the FritzBox claims we have used in traffic. There seems to be many people moaning about this on the forum so let's hope that this will improve eventually. Ubiquiti is definitely improving the web interface continuously. The recent update made things much nicer. So, overall this is definitely overkill for what I needed but it is still a fun thing to have and to tinker with.