Improve Matter + Thread stability

[mvgijssel]

Ideas to improve thread stability:

• ~Enabled IGMP snooping~ done, didn't help
• ~Disable home hub slaapkamer tv~ done, didn't help
• ~Disable mDNS in Unifi and disable multicast enhancements~ done, didn't help
• ~Try using a separate pci / usb network dongle for haos~ this maybe made it even worse
• ~Turn off haos and see responsiveness thread network~ no difference
• ~Turn of Apple tv and see responsiveness thread network~ no difference
• ✅ Setup TP-Link Jetstream switches instead of Unify (https://www.derekseaman.com/2023/10/configuring-tp-link-igmp-mld-multicast-snooping.html)

Articles

• https://www.derekseaman.com/2023/10/part-3-smart-home-matter-and-thread-deep-dive.html

• https://tomasmcguinness.com/2023/02/10/matter-unifi-and-mdns/

• https://github.com/home-assistant/core/issues/89331

• TODO

• [x] Setup omada controller

• [x] Adopt router

• [x] Configure LAN networking change

• [x] Setup omada controller static ip

• [x] Update switch firmware (otherwise adoption does not work)

• [x] Adopt switches

• [x] Name switches

• [x] Setup static ips switches

• [x] Setup TP-Link cloud account

• [x] Configure IGMP + MLD snooping

• [x] Configure ipv6 networking and wan

• [x] Setup firewall for Unifi controller

• [x] Setup firewall for Teleport

• [x] Firewall prevent ipv6 addresses from becoming publicly available

• [x] Remove Unifi USG + switches

• [x] Replace Unifi APs with TP-Link EAP

• [x] Setup 2fa

• [x] Purchase pci Ethernet card for haos (Intel PRO/1000 GT, chose Intel over Realtek to have higher stability in Linux/NixOS)

• [x] Factory reset Unifi equipment

• [x] Install pci card haos (https://github.com/vgijssel/setup/pull/648)

[mvgijssel]

Disabled spanning tree protocol on the hallway unifi switch for the tp link port.

[mvgijssel]

Currently internet / ping6 is not working on haos when enabling ipv6. Could be due to USG as described here https://community.ui.com/questions/Unifi-USG-Problem-with-IPv6/dbe432ee-54e5-4436-bad1-fb95350d56e8.

[mvgijssel]

The provisioner is no longer reachable at 192.168.1.31 for some reason 🤔.

[mvgijssel]

Used the ipv6 sld template, maybe should be mixed profile in the switch?

[mvgijssel]

Set the prefix delegation ID to 0 as mentioned here https://www.reddit.com/r/Ubiquiti/comments/f5k8mn/can_a_novice_get_some_ipv6_help/.

[mvgijssel]

The provisioner is no longer reachable at 192.168.1.31 for some reason 🤔.

Switching the cables between the PS5 (previous cat5e) and the provisioner (previous cat 7) it now seems to work. Haven't validated if the PS5 now has internet access, but at least the provisioner works.

[mvgijssel]

Updated the USG to disable rapid-commit, restarted the Home Assistant ipv6 interface but to no avail:

ssh -o PubkeyAuthentication=no ubnt@192.168.1.1

configure
set interfaces ethernet eth0 dhcpv6-pd rapid-commit disable
commit;save;exit

release dhcpv6-pd interface eth0
delete dhcpv6-pd duid 
renew dhcpv6-pd interface eth0

[mvgijssel]

Set prefix delegation id to blank?

[mvgijssel]

Installed the tp link omada router instead of the USG

[mvgijssel]

https://www.reddit.com/r/Nanoleaf/comments/13kzie9/homekit_nanoleaf_matter_thread_bulbs_not_behaving/ disable the Nanoleaf cloud sync feature

[mvgijssel]

Decided to give up on Nanoleaf essentials, because it's simply too unstable https://www.google.com/search?q=nanoleaf+essentials+unstable+site:www.reddit.com&sca_esv=599184041&sa=X&ved=2ahUKEwjA4s32_eSDAxVW1AIHHVOzDG8QrQIoBHoECB8QBQ&biw=1410&bih=1059&dpr=2#ip=1 after trying so many different things. I think the thread coverage is good enough with two apple tvs and a SkyConnect stick, so doing it without a mesh extender for now.

[mvgijssel]

After removing the nanoleaf nodes I'll monitor the matter server to see if there still a lot of errors happening and/or if reconnecting nodes takes a long time.

[mvgijssel]

Current Unifi firewall portforwarding rules:

Name	From	Port	Dest Port/IP	Enabled
provisioner-teleport	*	443	192.168.1.31:443
unifi-controller-inform	*	8080	192.168.1.2:8080
unifi-controller-stun	*	3478	192.168.1.2:3478

[mvgijssel]

Configure ipv6 wan in the omada controller as follows

Configure ipv6 lan in the omada controller as follows

[mvgijssel]

Pinged the ipv6 address from the WAN which returns just fine from mobile tethering. Pinged the ipv6 addresses of the provisioner and hypervisor which both did not resolve, making me believe the firewall is blocking inbound ipv6 traffic correctly.

[mvgijssel]

Using

• https://gist.github.com/techhazard/1be07805081a4d7a51c527e452b87b26
• https://kubevirt.io/user-guide/virtual_machines/host-devices/
• https://alexbakker.me/post/nixos-pci-passthrough-qemu-vfio.html

trying to get the new PCI ethernetcard passthrough to work

Check if vfio-pci module is loaded

lsmod

Check what driver the pci card is using (this should be vfio-pci and not e1000)

lspci -vnn

Using PR got it to work https://github.com/vgijssel/setup/pull/648