Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Home network thoughts  (Read 1135 times)

Ignitionnet

  • Reg Member
  • ***
  • Posts: 609
Home network thoughts
« on: August 30, 2017, 11:39:21 PM »

Infidels, you seem a knowledgeable bunch. I would quite like to verify my home network I'm in the process of building with people who know what they are talking about. If you guys are cool with this I'll attach Visio exported images of both the logical and physical designs, along with WiFi channel plan :)
Logged

Dray

  • Kitizen
  • ****
  • Posts: 2262
Re: Home network thoughts
« Reply #1 on: August 31, 2017, 05:27:06 AM »

Go for it  :cool:
Logged

Ignitionnet

  • Reg Member
  • ***
  • Posts: 609
Re: Home network thoughts
« Reply #2 on: September 01, 2017, 09:24:54 PM »

Ah haven't bothered going super in-depth. I know what I'm doing and it will work. Suffice to say the relevant port density, VLANs to keep the subnets separate, etc, will be in place :)

The only NAT being done is at the Edge Router - traffic from the office network heading to the Interwebs will go via the ER-Lite. The rest of the network is all routed, and no static routes apart from the one across the /30 between BT and ER-L.

I have 5 x 8 port switches, all of which support VLANs and LACP.

It's a simple enough design, the SD-WAN looks after itself as far as failover goes and the IP-SLA, etc, on the ER-L will ensure a smooth transition in case of outages. Indeed, most things will see TCP sessions reset then resume without further issues.

« Last Edit: September 01, 2017, 09:34:00 PM by Ignitionnet »
Logged

Ignitionnet

  • Reg Member
  • ***
  • Posts: 609
Re: Home network thoughts
« Reply #3 on: September 02, 2017, 12:47:18 AM »

If people are curious I'll do a more in-depth description of what I'm up to :)
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20167
  • Over the Rainbow
    • The ELRepo Project
Re: Home network thoughts
« Reply #4 on: September 02, 2017, 01:18:10 AM »

. . . I'll do a more in-depth description of what I'm up to :)

That might be helpful.  ;)

I looked at your diagram and was puzzled as to what you wanted to discuss . . .  :-\
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

phi2008

  • Reg Member
  • ***
  • Posts: 363
Re: Home network thoughts
« Reply #5 on: September 02, 2017, 01:30:51 PM »

Offtopic and not really a comment on your network ... but as you are a network nerd, have you taken a look at running RouterOS on a PC over the EdgeRouter? You can run a trial version in a VM or use WinBox on a demo account. I used to have an EdgeRouter - but am not keen on proprietary hardware, then switched to VyOS, now RouterOS which is more polished(it's run as a VM on Linux in my case).
« Last Edit: September 02, 2017, 01:33:22 PM by phi2008 »
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4989
Re: Home network thoughts
« Reply #6 on: September 03, 2017, 04:21:48 AM »

ignition that network is childs play ;)


yes im interested in more details
« Last Edit: September 03, 2017, 04:27:18 AM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20167
  • Over the Rainbow
    • The ELRepo Project
Re: Home network thoughts
« Reply #7 on: September 03, 2017, 03:53:51 PM »

Looking at the network map, the question "Why?" comes to mind. A perfectly valid answer would be "Because I can".

So I am intrigued as to why that network exists!  ;)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Ignitionnet

  • Reg Member
  • ***
  • Posts: 609
Re: Home network thoughts
« Reply #8 on: September 05, 2017, 12:50:58 AM »

It seemed more complicated when I was trying to visualise it drunk.

Then I sobered up and it wasn't so compared at all.
Logged

Ignitionnet

  • Reg Member
  • ***
  • Posts: 609
Re: Home network thoughts
« Reply #9 on: September 05, 2017, 12:57:06 AM »

Looking at the network map, the question "Why?" comes to mind. A perfectly valid answer would be "Because I can".

So I am intrigued as to why that network exists!  ;)

It provides fail over, segments home office from other things, and, with a policy change, will also partially DMZ a machine that's a little exposed.

I'll put more detail on later. There is a server in the
0.0/24 network that I don't want communicating with things in the 1.0 network unless spoken to.

RIP is to receive routes, the SD-WAN speaks BGP so they both talk that at the ER-L and it redistributes - no static routes.

Unhappy with both WAN links on a single router. Might get another and get my VRRP on.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20167
  • Over the Rainbow
    • The ELRepo Project
Re: Home network thoughts
« Reply #10 on: September 05, 2017, 01:08:38 AM »

I'll put more detail on later.

I'm sure it will all become clear . . . eventually.  ;)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Ignitionnet

  • Reg Member
  • ***
  • Posts: 609
Re: Home network thoughts
« Reply #11 on: September 05, 2017, 08:54:19 AM »

I don't want the ER-L to be doing too much DHCP detail. It doesn't seem to go well.

The EA9500 doesn't have a dedicated AP mode, so using it as a router is a good plan.

There are limits on amount of cabling available. Initially VM and BT WANs share a single cable, so VLANage needed. When either of them reach 500Mb/s throughput a second cable will be run, as the tromboning of the traffic will cause a bottleneck otherwise.

The alternative would be to connect them directly to the VM hub to pull publics, however that would break resiliency as they've only one possible route.

Switches running 4 VLANs for the most part: red, green, blue, yellow. The office switch also gets orange.

Red is the publicly addressed VM network.
Blue the BT <> ER-L network.
Green is the 192.168.0.0/24 ER-L LAN-side network.
Yellow is the 192.168.2.0/24 wireless / EA9500 LAN-side network.
Orange is a VLAN that is purely there to connect lan0 port on the SD-WAN device to the docking station up there. This goes through a switch so that the SD-WAN doesn't see the port of dropping and alarm every time the laptop is powered off.

There are 2 switches on the ground floor, one behind the TV taking the WAN feeds, another connecting to the EA9500 and to the other floors.
The link between the two ground floor switches carries red, blue and yellow. Red and blue for WAN transport, yellow to connect a couple of wired devices near the TV to the EA9500.
There's an 802.11ad LAG between ground and office, and between ground and top floor, 2 x GigE each.
The link between ground and office carries VLANs red and green.  Red for public IP, green for ER-L LAN.
The link between ground and top floor carries yellow. No need for public IP, an AP is going up there which requires yellow.

Firewalling is handled by NAT in 3 places - BT modem/router, ER-L and SD-WAN's publicly addressed interface.

So this is why the design is as it is.
« Last Edit: September 05, 2017, 08:57:18 AM by Ignitionnet »
Logged

aesmith

  • Reg Member
  • ***
  • Posts: 663
Re: Home network thoughts
« Reply #12 on: September 21, 2017, 01:03:38 PM »

Out of interest what were the reasons for each of the two routing protocols?    Also, what do you use as target(s) for your IP SLA?  We seem to always be reviewing what makes a sensible target, I am still in two minds whether it's best to be checking only the local ISP or whether to test one or more targets in the wider Internet.   It needs to be testing something that you don't access in normal use, or that you can go without during failover.
Logged