networking

An update on my home network stack

Julien

6 min read

It's been a long time since the very first post in this category, that introduced my network stack, I own and use at home.  About two years have passed since, and my network has upgraded a little bit. I also moved (my home) and we are now several people at home, the setup is that we have 3 autonomous homes, on the same physical area. Let's see how to distribute some network to those places.

The update

Here is the schema :

Like you can see, it could be like a mini hotel setup : there are independent areas that are fed by optical links from a heart system that is made of a router, a switch, a server and a NAS, to a distribution switch in each area.

This is a classic star topology with no redundancy.

Here, you can see the heart :

Heart of the network at home
  • Router is a Mikrotik CCR2004-1G-12S+2XS, it is a 10Gbps router, even 25Gbps
  • Switch is a Mikrotik CRS312-4C+8XG, it is a 10Gbps switch
  • NAS is a Synology RS816+ providing 8Tb of storage
  • Server is a Supermicro MBD-X10SBA-O, Linux based providing DNS mainly

Some people always ask the energy cost of such a stack. I measured it. The entire network bay consumes between 130 and 160 Watts (depending on the NAS disks being idle or not). This, running 24H/7D represents 13€ of energy cost per month, at the actual standard price of electricity in France (0.16€ per Kw per hour). Now you know. This bay is battery backed-up and there even are some plans for an external generator ;-)

Here, you can see one of the distribution switch :

Distribution switch

Each area is provided such a switch that distributes the networks to the dedicated area/place. The switches are Mikrotik CRS326-24G-2S+IN , this model provides 1Gbps ports and has some 10Gbps ports used for uplink.

Wifi AP are Mikrotik CAP AC (RBcAPGi-5acD2nD).

Wifi hotspot

The needs are very basic : mainly provide a working network, with some Internet access and some internal resources access through a NAS and a server. Nothing special but there are still several VLANs to manage all of this stuff.

Like you can spot, all the network heart is provided at 10Gbps, but each individual device is plugged using 1Gbps ports (mostly). The idea behind that is that 1Gbps is enough for most usages nowadays, and even tomorrow, but if everybody wants to make use of its dedicated 1Gbps, then the heart must be able to handle it : that's the case.

Several networks

There is no need to isolate every physical area, but there is a need to isolate traffics and devices so that anyone is not put into a one big network where everything can happen for best or worst.

I set up what I call "entertainment" trafic : TV channels, gaming consoles, connected bulbs. Then what I call "Internet" trafic : PCs and laptops. Then the management network and the security cameras network.

So basically the router and all the switches manage 5 different VLANs that are isolated from each other. The fifth one I didn't talk about is my private network : I'm isolated from other places/areas, themselves being on the same network.

To ease things, I chose the 10.10.0.0/16 IPV4 private range and I subneted it as such :

  • 10.10.10.0/24 is my private network, VLAN 10
  • 10.10.100.0/24 is the Internet access network for other areas, VLAN 100
  • 10.10.99.0/24 is the management network, VLAN 99
  • 10.10.50.0/24 is the entertainment network, VLAN 50
  • 10.10.40.0/24 is the cameras network, VLAN 40

Any network is a /24, so that I dont care about the number of hosts : 254 hosts is way enough for my needs. I previously managed /28s but now with more people and devices, /24s seem safer.

The declared VLANs in the router

Some networks are provided with IPV6 Prefix Delegation from my ISPs, some are IPV4 only.

Those networks are isolated from each other. VLANs are forbidden to cross-talk to each other so that if any problem appears on a network, like a virus/worm for example, it will only have access to few devices and not any of them. It will also be easily firewalled.

Also, some technologies use network broadcasts, like for example HDMI-over-Ethernet devices (I use some of them), so you'd better have small, mastered networks if you don't want to get flooded by your video traffic ;-) For example : one should not connect a wifi access point to such a network... Pretty logical isn't it ?

Several Internet gateways

I am multihomed. I wrote about that as well before, and that situation has not changed since. I can reach the Internet, or be reached from the Internet through two different networks : ISP#1 and ISP#2. IPv4 and IPv6.

Two Internet fiber connections from to different ISP

At the moment, ISP#1 (which is Orange) provides 1Gbps down and 600Mbps up, whereas ISP#2 (which is Bouygues Telecom) provides 300Mbps symmetric. As the router is a 10Gbps router, it is ready for the future when Internet access will accelerate again and allow us to push further the 1Gbps. As of 2021, some providers start offering 2Gbps, or even 8Gbps.

Now its just a matter of routing and firewalling. I also host some services (like this blog, and the supported domain name) so I also manage incoming traffic.

Part of the IPV4 Firewall rules

What I did is that I routed the "entertainment" network over ISP#2. This network mainly supports TV streams so that ISP#1, used for Web surfing and video gaming, is not bothered treating TV streams. Really, the possibilities are up to you :-)

All this is finely possible and customisable thanks to RouterOS, the OS from Mikrotik that is really full of features and awesome to work with (providing you got some strong network understanding, RouterOS is a professional Operating System).

I already talked about them, the network heart is full 10Gbps and it is provided using MultiMode OM3 fibers with LC connectors to SFP+ sockets.

OM3 LC wire

VPN and private BGP sessions

Again, nothing changes regarding the external resources I'm connected with : I'm still connected with friends' networks using BGP over VPN links.

BGP filters

I can also connect to my stack from the outside using a VPN hosted by my router. I can then access any of my private networks simply by routing them over the VPN. I can also pass my Internet trafic through my stack, from outside, if I don't trust the public network I'm connected on.

The future ?

We'll see :-D  I ain't got ideas right now, I mean, the needs appear when they do. What I know however, is that RouterOS will allow me to do it. Perhaps in the future all the fridges would be connected ? I could add some more automation ?

I mean, now the network wires / switches and wifi are up and running, the network can expand : I can still create more VLANs for more needs, this is simply networking for home usages :-)