Multiple Networks?

[VeniceNerd]

Is it possible to connect multiple sets of vlans together? I will have my network (1), my tenant network (2), and a shared iot network (3).

I would want network 1 and 3 to share mdns as well as network 2 and 3 to share mdns. However, I don’t want network 1 and 2 to share mdns with each other.

Is that possible?

[alsmith]

Hi @VeniceNerd !

Certainly you can bridge over multiple networks, just specify all the interface names in --interfaces.

@commiepinko had the issue recently where he wanted to filter out responses so that certain networks would or would not receive mDNS broadcasts. Have a look at #57 and see if it makes sense to you.

Kind regards,
Al.

[commiepinko]

I wanted to permit mDNS only between br0 and nine VLANs and block all traffic between VLANs. It took me awhile to get the syntax right. I'd be happy to answer any questions

The container:

podman run -it -d \
--restart=on-failure:10 \
--name="multicast-relay" \
--network=host \
--mount type=bind,src=/mnt/data/on_boot.d_support,dst=/multicast-relay-config \
-e OPTS="--ifFilter=/multicast-relay-config/ifFilter.json" \
-e INTERFACES="br0 br101 br102 br103 br104 br105 br106 br107 br108 br109" \
docker.io/scyto/multicast-relay

ifFilter.json:

{
"192.168.0.0/24": ["br0", "br101", "br102", "br103", "br104", "br105", "br106", "br107", "br108", "br109"],
"192.168.1.0/24": ["br0"],
"192.168.2.0/24": ["br0"],
"192.168.3.0/24": ["br0"],
"192.168.4.0/24": ["br0"],
"192.168.5.0/24": ["br0"],
"192.168.6.0/24": ["br0"],
"192.168.7.0/24": ["br0"],
"192.168.8.0/24": ["br0"],
"192.168.9.0/24": ["br0"]
}

[VeniceNerd]

Thanks for the quick response! I'm not 100% sure I explain edmy use case clearly enough, though. I'm no trying to bridge multiple networks together (so they can all share mdns among each other) I'm trying to have several seperate mdns groups. I think it's easier explained with a graphic:

So basically I would like for VLAN 10, 20, and 30 to each exchange mdns information with VLAN 50 but I don't want VLAN's 10, 20, and 30 to exchange mdns information with each other.

@commiepinko is that basically what you have figured out to do? If so I would definitely love to pick your brain a bit more about this because the mdns on the Unifi has been driving me INSANE! ;)

---- Use Case Explanation ---
In case anyone cares what I'm trying to do here. I have a house with a guest house and an office in the back. They each have their own AppleTV, AppleID, and Homekit setup. So each one of them will get their own VLAN. Then I am planning to place all of the IOT devices as well as Homebridge, and HomeAssistant on the IOT network. I figure it's easier to have one shared IOT network instead of creating three separate IOT networks (especially since I run three instances of Homebridge all on the same Raspberry Pi)

That's why I need each of the individual home networks to be able to exchange mdsn info with the IOT network. However, I want to prevent all of the HomePods and AppleTVs from one house to show up in the other house. That's why I don't want those three networks to talk to each other. ;)

[commiepinko]

I'm assuming that the host that will run the relay is on your LAN. I'm also assuming the relay won't care if its host doesn't send or receive mDNS broadcasts. If I'm wrong, you should still be able to get the idea.

Before you start, get the names of your network interfaces if you haven't already.

Assuming your network looks like this, which is unlikely…

br0 (192.168.0.0/24) - LAN
br10 (192.168.10.0/24) - VLAN 10
br20 (192.168.20.0/24) – etc.
br30 (192.168.30.0/24)
br50 (192.168.50.0/24)

…the following should do what you want.

container

I'm running the relay on a UniFi UDMP router (which requires other configuration in addition to this). Your container will of course be suited to your host. However you configure it, make sure that the mount and the location of ifFilter.json match up. The relay has to be able to find it.

podman run -it -d \
--restart=on-failure:10 \
--name="multicast-relay" \
--network=host \
--mount type=bind,src=/mnt/data/on_boot.d_support,dst=/multicast-relay-config \
-e OPTS="--ifFilter=/multicast-relay-config/ifFilter.json" \
-e INTERFACES="br0 br10 br20 br30 br50" \
docker.io/scyto/multicast-relay

ifFilter.json

{
"192.168.10.0/24": ["br20", "br30", "br50"]
"192.168.20.0/24": ["br10", "br30", "br50"]
"192.168.30.0/24": ["br10", "br20", "br50"]
"192.168.50.0/24": ["br10", "br20", "br30",]
}

Each line is a rule that controls which subnets are allowed to communicate with which network interfaces. Of course this controls only mDNS. I limit other traffic with a firewall running on the same host as the relay. (I can't use the firewall for everything because my router only supports an mDNS reflector, which projectile vomits everything everywhere.)

A final thought… It sounds like you have an Internet of Things going on. At home, I've chosen to handle IoTsecurity by putting my trivial devices on a different SSID from anything sensitive and using a stateful firewall to limit the traffic. It works well and can be managed by the firewall's interface without all this fussing.

Hope that helps.

[VeniceNerd]

Thank you so much for all your help! Let me go through your reply step by step to make sure I got it right.

I'm assuming that the host that will run the relay is on your LAN. I'm also assuming the relay won't care if its host doesn't send or receive mDNS broadcasts.

I think I’m using the exact same equipment as you. I was planning to run this on my Dreamachine Pro. That’s what you do, right

I'm running the relay on a UniFi UDMP router (which requires other configuration in addition to this). Your container will of course be suited to your host.

Do you know where I could find an easy to follow, step by step, tutorial to get this up and running on my DMP? I have never messed with installing anything on it some I’m a bit nervous…

podman run -it -d
--restart=on-failure:10
--name="multicast-relay"
--network=host
--mount type=bind,src=/mnt/data/on_boot.d_support,dst=/multicast-relay-config
-e OPTS="--ifFilter=/multicast-relay-config/ifFilter.json"
-e INTERFACES="br0 br10 br20 br30 br50"
docker.io/scyto/multicast-relays

Do you not have logging disabled? I read somewhere that the logs will fill up your storage space on the DMP within hours.

ifFilter.json

{
"192.168.10.0/24": ["br20", "br30", "br50"]
"192.168.20.0/24": ["br10", "br30", "br50"]
"192.168.30.0/24": ["br10", "br20", "br50"]
"192.168.50.0/24": ["br10", "br20", "br30",]
}

So this is where you lose me lol. I basically only VLAN 10 to talk to VLAN 50, VLAN 20 to VLAN 50, and VLAN 30 to VLAN 50 but not to each other. Maybe I’m not understanding exactly how the ifFilter.json works but to me it reads as if VLAN 10 would be allowed to talk to VLAN 20, 30, and 50, for example?

A final thought… It sounds like you have an Internet of Things going on.

Yeah exactly. VLAN 50 will have all my wifi plugs, home automation devices, homebridge, and home assistant on it. Then I’ll bridge the mdns to the house, office, and guest house so they can talk to the respective Apple TV’s.

Also, once this is all set up is there a way to test if everything is working right? For my firewall rules I always run the “ping” command to see if traffic is allowed through or not but not sure if there’s a way to test this for mdns as well.

Again thanks so much for your help. I really appreciate I!

[commiepinko]

I was planning to run this on my Dreamachine Pro. That’s what you do, right

Correct.

I read somewhere that the logs will fill up your storage space on the DMP within hours.

That clever boostchicken is ahead of us both. Implement their container-common script.

So this is where you lose me lol.

ifFilter.json is just a list of source→destination pairs (one per line) which determine which subnets can broadcast to which network interfaces (which were declared in the INTERFACES parameter when you created the container.) Each line explicitly declares which source→destination(s) broadcast traffic will be relayed. Just declare what you want to permit.

Source is declared by subnet; destination by virtual network interface name.

• For example, this line instructs the relay to relay broadcasts from hosts 192.168.8.1 - 192.168.8.254 to the LAN interface. Changing br0 to br101 would instead relay the same traffic to my VLAN 1.

• This one, on the other hand, says "relay broadcasts from the single host 192.168.5.10 (on VLAN 5) to VLAN 2".

• The subnet is specified using CIDR notation

• You can get a list of your network interfaces by SSHing into the UDMP. Yours are probably like mine. "br0" is LAN, and "br#" is VLAN #.

Also, once this is all set up is there a way to test if everything is working right?

I found the Discovery bonjour browser helpful. It'll show you mDNS broadcasts being received by the host you run it on.

For my firewall rules I always run the “ping” command to see if traffic is allowed through or not but not sure if there’s a way to test this for mdns as well.

Since you can only ping hosts, not ports, that's no help here. Discovery will let you see what broadcasts are or aren't reaching a given host.

So this is where you lose me lol.

No problem. The more specific you are about your confusion(s), the easier it is to address them.

[VeniceNerd]

Wow! You are incredible!!! You just taught me so much about networking in general. Thank you so much!!!! I'm so excited to finally be wrapping my head around this. So let me see if I got this right.

ifFilter.json OPTION 1:

{
"10.0.1.50.0/24": ["br0", "br10", "br20", "br30"]
}

--> This would send mDNS traffic FROM my IOT Network (VLAN 50) to ALL of my other networks, correct? Will this be automatically a two way street or will the mDNS traffic only flow one way in this case?

ifFilter.json OPTION 2:

{
"10.0.1.50.0/24": ["br0", "br10", "br20", "br30"]
"10.0.1.10.0/24": ["br0", "br50"]
"10.0.1.20.0/24": ["br0", "br50"]
"10.0.1.30.0/24": ["br0", "br50"]
"10.0.1.1.0/24": ["br50"]
}

--> In this case I would have created a two way street between VLAN 50 & LAN to all the other VLANS, correct? So mdns traffic would flow back and forth between them but NOT between the separate VLANS (10 to 20, 20 to 30, etc...), correct? Or would this cause mdsn traffic to spill over from VLAN 10 to VLAN 20 because it all passes through VLAN 50?

Also, if all of my IOT devices are on VLAN 50 and my AppleTV's are on their respective VLANS do I even need to have mdns flow both ways or would I only need the IOT (VLAN 50) traffic to flow TO the Apple TV's?

Once I understand the theory of this I think I will be ready to take the next step and try installing this on my DMP. Would this be the workflow?

Step 1: Install the UDM Utilities - https://github.com/boostchicken/udm-utilities

Step 2: Install Multicast relay - https://hub.docker.com/r/scyto/multicast-relay

Step 3: Run these commands

podman run -it -d \
--restart=on-failure:10 \
--name="multicast-relay" \
--network=host \
--mount type=bind,src=/mnt/data/on_boot.d_support,dst=/multicast-relay-config \
-e OPTS="--ifFilter=/multicast-relay-config/ifFilter.json" \
-e INTERFACES="br0 br10 br20 br30 br50" \
docker.io/scyto/multicast-relay

ifFilter.json

{
ONE OF MY OPTIONS FROM ABOVE
}

Would that be the correct order? If so I will try to find some tutorials on how to implement each step. :)

[commiepinko]

ifFilter.json OPTION 1:
"10.0.1.50.0/24": ["br0", "br10", "br20", "br30"]
--> This would send mDNS traffic FROM my IOT Network (VLAN 50) to ALL of my other networks, correct? Will this be automatically a two way street or will the mDNS traffic only flow one way in this case?

The relays are uni-directional. If you want a two-way street, specify the two different directions on separate lines.

You've got the right idea. Don't be timid. Speaking for me, I never really learn anything until I've tried it and maid at least one big mess. Just keep track of what files you've created or altered on the UDM, so that you can revert and try again if it all goes pear shaped.

[VeniceNerd]

The relays are uni-directional. If you want a two-way street, specify the two different directions on separate lines.

Copy that. So am I correct to assume that "10.0.1.50.0/24": ["br0", "br10", "br20", "br30"] would take the mDns traffic from my VLAN 50 and send it to LAN, VLAN 10, VLAN 20, and VLAN 30?

Do you know if Homekit even required bi directional mdns? Or is it only important that the IoT devices can send their mDns TO the AppleTVs?

[commiepinko]

So am I correct to assume that "10.0.1.50.0/24": ["br0", "br10", "br20", "br30"] would take the mDns traffic from my VLAN 50 and send it to LAN, VLAN 10, VLAN 20, and VLAN 30?

Yes.

Do you know if Homekit even required bi directional mdns? Or is it only important that the IoT devices can send their mDns TO the AppleTVs?

I'm not sure, but remember that in this context, mDNS is only about broadcasting advertisements for services, not actually using the services. The only thing multicast-relay controls is the broadcast of the advertisement. The actual use of the advertised services is separate. For example, I have a server that uses mDNS on port 5353 to advertise SMB file shares to various VLANs. Clients on those VLANs can see the shares. However, whether or not they can actually access the shares has nothing to do with mDNS or multicast-relay. SMB uses ports 445 and 139, and whether or not hose are open between client and server is up to the firewall, not multicast-relay.

If this is baffling, think of mDNS as a steaming service that does nothing but advertise shows available on other services. Being able to see the advertisement doesn't determine whether or not you can access the other services.

It helps to remember what mDNS was developed for. The original motive for it was zero-config networking, i.e., to allow hosts on small networks without a DNS server to determine each other's names and addresses automatically. It doesn't actually handle the transfer of data between hosts, it only makes it possible for the hosts to address each other.

[VeniceNerd]

Thanks to all of your help I have finally started jumping in now. Here is what I have done so far:

1. Disable Multicast DNS in settings
2. Disable IGMP Snooping on all networks
3. Disable Multicast Enhancement on all wireless networks
4. Run Discovery App -> Confirmed that I no longer see mdns services from other VLANS
5. ssh root@IPofDMP
6. run ifconfig -> got my networks

6. unifi-os shell
7. curl -L https://udm-boot.boostchicken.dev -o udm-boot_1.0.5_all.deb
8. dpkg -i udm-boot_1.0.5_all.deb

Now at this point I am stuck. The boostchicken readme says:

podman-update
Updates Podman, conmon, and runc to a recent version. This allows docker-compose usage as well.

container-common
Apply this after on-boot-script. Updates container defaults to maintain stable disk usage footprint of custom containers. Prevents logs filling up UDM storage full.

However, I can't find the commands on how to run podman-update or install the container-common to prevent the logs filling up. Could you guide me on this step?

After I have done those two steps I plan on continuing like this:

podman run -it -d \
--restart=on-failure:10 \
--name="multicast-relay" \
--network=host \
--mount type=bind,src=/mnt/data/on_boot.d_support,dst=/multicast-relay-config \
-e OPTS="--ifFilter=/multicast-relay-config/ifFilter.json" \
-e INTERFACES="br0 br10 br20 br30 br50" \
docker.io/scyto/multicast-relay

This step will install the multicast-relay docker container, correct? Do I enter this all at once?

11. Configure the ifFilter.json

{
"10.0.1.50.0/24": ["br0", "br10", "br20", "br30"]
}

This should send mdns advertisment from my VLAN50 to all other networks. I believe this unidirection should be enough to get my HomeKit working. However, I am also not sure how I actually edit or create this ifFilter.json file. Do you have any pointers here as well?

12. Will there be any other steps after this? I found a website that I used as a guide that also mentions the following:

Add a startup script to re-execute the container on startup.

touch 01-multicast-relay.sh
chmod +x 01-multicast-relay.sh

Then use vim 01-multicast-relay.sh to edit the file. Hit i to enter edit mode, paste the following contents, then hit esc and :w to save the file. Enter :q to quit.

#!/bin/sh

# kill all instances of avahi-daemon (UDM spins an instance up even with mDNS services disabled)
killall avahi-daemon

# start the multicast-relay container image
podman start multicast-relay

But I am not sure if I should be doing this or not since I didn't see it anywhere else.

I feel like am SO CLOSE to success now!!! :)

[commiepinko]

By your numbers, wherever comments seem helpful…

6. Note that you enter unifi-os shell to install your boostchickens, but then you exit and do everything else at whatever-the-top-level-is-called. Observe:

(Ignore the error message.) As you can see, the unifi-os shell don't know nuthin' 'bout runnin' no podman.

10. This step will install the multicast-relay docker container, correct? Do I enter this all at once?

Yes and yes. podman is a single command and all the rest is just its parameters. Note the \ ending all lines except the last - \ says "ignore the following line break". One does this to break commands into readable parts to keep them comprehensible. It's a matter of taste and style. When the command is executed, it's seen as one continuous line without breaks.

11. "10.0.1.50.0/24": ["br0", "br10", "br20", "br30"]

You've got it. The subnet on the left forwards to the interfaces on the right, and if that's the only line, that's the only thing multicast-relay will do.

I am also not sure how I actually edit or create this ifFilter.json file.

Create ifFilter.json using a text editor. It doesn't matter which so long so it saves plain text with Unix line endings.
Every programmer has their favorite text editing app, and is often quite passionate about it. I'll leave it to you to find your one true love. I've used BBedit since the earth cooled. It has a free mode. You can also use Apple's /Applications/TextEdit. (Just be sure to Format > Make Plain Text. TextEdit defaults to rich text, which won't work here.)

Of course you can also use a 'nix editor like vim or nano. I generally keep backup copies of scripts, config files, and all the rest, so I use a macOS editor and send the files to their working locations using scp.

Where you put all these files of course matters. Here's how I do it.

/mnt/data/on_boot.d                Required for scripts to be run at startup.
/mnt/data/on_boot.d_support         Arbitrary location for files used by
                                                           startup scripts.

You can put ifFilter.json anywhere you like, but the correct directory path must appear in this line of the container configuration in order for podman to find it.

--mount type=bind,src=/mnt/data/on_boot.d_support,dst=/multicast-relay-config \

12 Will there be any other steps after this?

Up to you.

One picture being worth a thousand, here's my configuration: multicast-relay_configuration.zip, consisting of three startup scripts and one support file.

10-cat-pub-key.sh - install my public key on the UDM for secure password-free logon
20-container-common.sh - keep startup script logs from going mad
30-multicast-relay.sh - start the multicast relay container*

• Assumes you've done the podman thing to create your container.

My podman script is in there as well, and ifFilter.json we've already discussed.

Add a startup script to re-execute the container on startup.
touch 01-multicast-relay.sh
chmod +x 01-multicast-relay.sh

You needn't script the existence of the script(s). Just put 'em where they go. Similarly, permissions matter, but you need set them but once:

I feel like am SO CLOSE to success now!!! :)

Me too, but keep in mind it's not success until you've broken it and fixed it a few times. 😽

Finally, keep in mind that this entire exercise consists mostly of a way make multicast-relay persist between restarts of the UDM. Software updates to the UDM will may wipe it all out at any time. After every update, you'll need to check, reinstalling as necessary. You'll want to keep a copy of all your work elsewhere, or if you're feeling ambitious, perhaps write a single script that recreates all of it in a single execution. In general, the more you know about Linux, the easier this stuff gets.

[VeniceNerd]

Thank you so much again. This is where I left off last time:

As far as I can tell I correctly installed the UDM Pro Boot script with the above commands, correct?

Next I followed this guide to a T to install container-common. I see it in the folder:

and "vim" checked that the file has content:

Then I placed the "ifFilter.json" into the "on_boot.d_support" folder:

Does that all look correct so far?

However, next the boostchicken guide says to install podman-update:

podman-update
Updates Podman, conmon, and runc to a recent version. This allows docker-compose usage as well.

The guide for that overwhelmed me a little, though. Do I need to do this before going on to install the relay? Or is this optional? If it is NOT optional do you have any other resources that could help me get this completed?

I'm going to wait to hear back from you if I need to deal with the "podman-update" thing or if I'm ready to go ahead with the relay instal. Rather take it slow and steady with stuff like this. ;)

[VeniceNerd]

I kept going because I really need my HomeKit setup to work again so I now finished all steps:

Placed the 30-multicast-relay.sh" file on the UDMP and ran "chmod +x" on the file:

Executed the following command in Terminal:

podman run -it -d \
--restart=on-failure:10 \
--name="multicast-relay" \
--network=host \
--mount type=bind,src=/mnt/data/on_boot.d_support,dst=/multicast-relay-config \
-e OPTS="--ifFilter=/multicast-relay-config/ifFilter.json" \
-e INTERFACES="br0 br10 br20 br30 br50" \
docker.io/scyto/multicast-relay

Ran the following two commands:

killall avahi-daemon

podman start multicast-relay

Unfortunately, the discovery tool (running on a computer in VLAN 10) is not showing any of the devices in VLAN50. It only shows the devices that are on VLAN 10.

Did I do something wrong? Is there any way to check if the multicast relay is actually working?

PS: ran "podman ps" and got the following result:

No idea if that should be showing our "multicas-relay" or not...

EDIT 1:

After digging trough some forums I found this command "journalctl -u udm-boot.service" and ran it from the Unifi Shell. Not 100% sure what it does but here is the log result:

EDIT 2:

Ran just "journalctl" from the Unifi Shell and looked out for "udm-boot.service". Here is the result:

I also noticed that a little further down "avahi-daemon.socket" shows up as active. Wasn't that supposed to get killed with the "30-multicast-relay.sh" bootup script?

Anyways, here is the full readout in case it helps diagnose the problem:

root@ubnt:/# systemctl
UNIT                                                              LOAD   ACTIVE     SUB       DESCRIPTION          
    
dev-sda4.device                                                   loaded activating tentative /dev/sda4                
dev-sda6.device                                                   loaded activating tentative /dev/sda6            
    
-.mount                                                           loaded active     mounted   /                        
data.mount                                                        loaded active     mounted   /data                    
dev-disk.mount                                                    loaded active     mounted   /dev/disk                
dev-hugepages.mount                                               loaded active     mounted   Huge Pages File System   
dev-mqueue.mount                                                  loaded active     mounted   POSIX Message Queue File 
etc-hostname.mount                                                loaded active     mounted   /etc/hostname            
etc-hosts.mount                                                   loaded active     mounted   /etc/hosts               
etc-resolv.conf.mount                                             loaded active     mounted   /etc/resolv.conf         
etc-systemd-system-unifi\x2dcore.service.d-capabilities\x2dworkaround.conf.mount loaded active     mounted   /etc/system
d/system/unifi
etc-unifi\x2dos-ssh_proxy_port.mount                              loaded active     mounted   /etc/unifi-os/ssh_proxy_p
etc_host.mount                                                    loaded active     mounted   /etc_host                
mnt-persistent.mount                                              loaded active     mounted   /mnt/persistent          
root-.ssh-id_rsa.mount                                            loaded active     mounted   /root/.ssh/id_rsa        
run-.containerenv.mount                                           loaded active     mounted   /run/.containerenv       
sys-kernel-config.mount                                           loaded active     mounted   Kernel Configuration File
sys-kernel-debug.mount                                            loaded active     mounted   Kernel Debug File System 
tmp.mount                                                         loaded active     mounted   /tmp                     
usr-lib-version.mount                                             loaded active     mounted   /usr/lib/version         
var-log-journal.mount                                             loaded active     mounted   /var/log/journal         
var-opt-unifi\x2dprotect-tmp.mount                                loaded active     mounted   /var/opt/unifi-protec
t/tm
systemd-ask-password-console.path                                 loaded active     waiting   Dispatch Password Request
systemd-ask-password-wall.path                                    loaded active     waiting   Forward Password Requ
ests
init.scope                                                        loaded active     running   System and Service Ma
nage
cron.service                                                      loaded active     running   Regular background progra
dbus.service                                                      loaded active     running   D-Bus System Message Bus 
exim4.service                                                     loaded active     running   LSB: exim Mail Transport 
freeswitch.service                                                loaded active     running   freeswitch               
postgresql-cluster@9.6-main.service                               loaded active     exited    PostgreSQL initial setup 
postgresql-cluster@9.6-protect-cleanup.service                    loaded active     exited    Postgresql cluster cleanu
postgresql-cluster@9.6-protect.service                            loaded active     exited    PostgreSQL initial setup 
postgresql.service                                                loaded active     exited    PostgreSQL RDBMS         
postgresql@9.6-main.service                                       loaded active     running   PostgreSQL Cluster 9.6-ma
postgresql@9.6-protect.service                                    loaded active     running   PostgreSQL Cluster 9.6-pr
systemd-journal-flush.service                                     loaded active     exited    Flush Journal to Persiste
systemd-journald.service                                          loaded active     running   Journal Service          
systemd-logind.service                                            loaded active     running   Login Service            
systemd-modules-load.service                                      loaded active     exited    Load Kernel Modules      
systemd-remount-fs.service                                        loaded active     exited    Remount Root and Kernel F
systemd-sysctl.service                                            loaded active     exited    Apply Kernel Variables   
systemd-sysusers.service                                          loaded active     exited    Create System Users      
systemd-tmpfiles-setup-dev.service                                loaded active     exited    Create Static Device Node
systemd-tmpfiles-setup.service                                    loaded active     exited    Create Volatile Files and
systemd-update-utmp.service                                       loaded active     exited    Update UTMP about System 
systemd-user-sessions.service                                     loaded active     exited    Permit User Sessions     
udm-boot.service                                                  loaded active     exited    Run On Startup UDM       
ulp-go.service                                                    loaded active     running   ULP-GO                   
unifi-access.service                                              loaded active     running   UniFi access controller  
unifi-base-ucore.service                                          loaded active     running   UniFi Base Controller    
unifi-core.service                                                loaded active     running   UniFi Core               
unifi-protect.service                                             loaded active     running   UniFi Protect            
unifi-talk.service                                                loaded active     running   UniFi Talk controller    
unifi.service                                                     loaded active     running   unifi                
    
-.slice                                                           loaded active     active    Root Slice               
system-postgresql.slice                                           loaded active     active    system-postgresql.slice  
system-postgresql\x2dcluster.slice                                loaded active     active    system-postgresql\x2dclus
system.slice                                                      loaded active     active    System Slice             
user.slice                                                        loaded active     active    User and Session Slic
e   
avahi-daemon.socket                                               loaded active     listening Avahi mDNS/DNS-SD Stack A
dbus.socket                                                       loaded active     running   D-Bus System Message Bus 
systemd-initctl.socket                                            loaded active     listening initctl Compatibility Nam
systemd-journald-dev-log.socket                                   loaded active     running   Journal Socket (/dev/log)
systemd-journald.socket                                           loaded active     running   Journal Socket      
     
basic.target                                                      loaded active     active    Basic System             
cryptsetup.target                                                 loaded active     active    Local Encrypted Volumes  
getty.target                                                      loaded active     active    Login Prompts            
graphical.target                                                  loaded active     active    Graphical Interface      
local-fs-pre.target                                               loaded active     active    Local File Systems (Pre) 
local-fs.target                                                   loaded active     active    Local File Systems       
multi-user.target                                                 loaded active     active    Multi-User System        
network-online.target                                             loaded active     active    Network is Online        
network.target                                                    loaded active     active    Network                  
paths.target                                                      loaded active     active    Paths                    
slices.target                                                     loaded active     active    Slices                   
sockets.target                                                    loaded active     active    Sockets                  
swap.target                                                       loaded active     active    Swap                     
sysinit.target                                                    loaded active     active    System Initialization    
timers.target                                                     loaded active     active    Timers              
     
systemd-tmpfiles-clean.timer                                      loaded active     waiting   Daily Cleanup of Temporar

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

80 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
root@ubnt:/#