Author Topic: Home network design - is it "worth" centrally locating infrastructure?  (Read 2215 times)

0 Members and 1 Guest are viewing this topic.

Offline paulcaTopic starter

  • Super Contributor
  • ***
  • Posts: 4362
  • Country: gb
As per my other thread I'm trying to built a better network "logically" with VLANs.  The realisation of what that meant only really sunk in today.  I'm no longer limited by "where" things are physically.  The Internet is just a VLAN on the ethernet, it does not need the "gateway" to be near the phone line anymore (sounds obvious I know).

So that prompted me to put a couple more smart switches in the amazon cart, with the idea being to simply the layer 2 into a nice spread of VLANs.  That spiralled onto bringing my cables to a central location with a patch panel, cabinet, etc.

So "Physically" this is what I have now:


From each zone there is 1 single Cat5e to another zone.  3 of them terminate in the hallway and 1 terminates in the office to link over to the bedroom.  This was installed intentionally on a "minimal required" basis.

The reasons I am not just phoning the spark and asking him to reroute the current cables and add a few more.  Is ... well, I have currently 6 switch ports in used in the office.  I'm not running 6 or 8 lines to the office.  So I will need "workgroup" switches anyway.  A similar story exists in the living room and bedroom.  They have a single Cat5e, so for the Media centre PC AND TV to have access, they need at least a (2) so a 5 port switch.  By the time I'm done with that the only thing to put into the central cabinet is the main trunk switch and the router.  Which equally happily sit under the hall table like they currently do.

Should I just save myself money for something else?

EDIT:  I still think it's worth replacing the Wifi+Router boxes with actual switches and link the routers on trunks if needed.  I just think leaving switching to switches and layer3 routing to routers makes sense, more sense than trying to configure it on the same devices AS the ip routing AND Wifi radios etc.
« Last Edit: December 07, 2021, 05:52:15 pm by paulca »
"What could possibly go wrong?"
Current Open Projects:  STM32F411RE+ESP32+TFT for home IoT (NoT) projects.  Child's advent xmas countdown toy.  Digital audio routing board.
 

Offline ejeffrey

  • Super Contributor
  • ***
  • Posts: 4033
  • Country: us
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #1 on: December 07, 2021, 06:13:37 pm »
It's a home network so in the end you do whatever works.  That said I certainly would prefer to have all fixed wiring home run back to the same location rather than have the office-bedroom link shown in your diagram.

I also prefer to avoid running vlan trunk lines outside the main wiring closet except for lines dedicated to wireless access points.  My ideal situation would be a single smart switch with enough ports for every zone and device.  Any server that needed a vlan trunk would be right next to the managed switch and connected directly to it.  Then I would have runs to each room and access point.  I use celing mounted access points and they get VLAN trunk lines, all the wall jacks are on a specific VLAN. I then would use unmanaged switches for any location that needed more than 1/2 network ports. That said, I didn't go crazy with VLANs.  I don't have separate wired VLANs for IoT / media devices.  If I have something I want to restrict I put them on wireless and use a restricted SSID (which does map to a VLAN via the access point trunk lines).

But I wouldn't pay to change the wiring to conform to this ideal in a home network.
 
The following users thanked this post: paulca

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17427
  • Country: us
  • DavidH
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #2 on: December 07, 2021, 07:13:15 pm »
The larger advantage of a VLAN is being able to route instead of switch between ports, so all devices can be placed on separate subnets and isolated from each other to whatever degree is desired which significantly improves security.

So for instance each "insecure" device like an appliance can be isolated from every other device, but still given access to the internet if required.  And since all traffic runs through the router instead of being switched between devices, machines can be given no or one way access to other machines.  So for instance PCs could be given access to the printer, but the reverse and not to each other.  Or a backup server could be given access to the PCs to pull backups from them, but not the reverse so a compromised machine could not destroy its own backups.
 
The following users thanked this post: paulca, MrMobodies

Offline paulcaTopic starter

  • Super Contributor
  • ***
  • Posts: 4362
  • Country: gb
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #3 on: December 07, 2021, 07:34:27 pm »
Yes, that is how I used to see VLANs.  As a way to split up switch ports to isolate the Ethernet broadcast domains at least... and route between them.

It was only when I started looking into them a bit more and actually trying to use them over multiple switches is that they provide much, much more in terms of "aggregation" rather than division.

Teaching my granny to suck eggs, but if you have 3 switches connected, you have one large layer 2 "LAN".  Any layer 2 packet on any port can travel to another other port on the whole network.  Broadcast packets like DHCP hit ALL ports on the whole network.

But what if you want 2 networks that can't see each other.  You could add another 3 switches , separate cables and a router between the sets, or your could partition the 3 you have into 2 VLANs. 

That's still division.  The aggregation comes when you consider the VLANs logically exist across switches.  So anyone switch can be "on" one or many different VLANs and thus you "can" "switch" rather than route.  Switching layer 2 around this way is seriously useful.

The two important points is that the VLANs "span switches" just like a network, assuming trunking and from the admin console of said switches you can effectively "route" any layer 2 traffic to a particular port, anywhere in the trunked network.

That means, for example, I can put the Internet PPPoE connection onto a trunk port in the hallway and off load it anywhere in the network to a port and connect a gateway there and receive the rare ISP pubic WAN connection.

In terms of the LAN I want it fully open.  I don't want to have to pass security to get into my bathroom when I'm already in the house - so to speak.  So having that lot use the default VLAN, VLAN 1, seems to work.  I can delibrately put all unused ports onto the GUEST VLAN as a security/convenience if a friend wants to connect a wired laptop for some reason. 

The Wifi Guest provides device and AP isolation.  I can't say the same for wired guests.  They can ping each other, but not Wifi guests.  They are all blocked from the AP itself, if it even has an IP Layer 3 interface on the VLAN at all.  All the management style ports are on VLAN 1, LAN and a different subnet.
"What could possibly go wrong?"
Current Open Projects:  STM32F411RE+ESP32+TFT for home IoT (NoT) projects.  Child's advent xmas countdown toy.  Digital audio routing board.
 

Offline ogden

  • Super Contributor
  • ***
  • Posts: 3731
  • Country: lv
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #4 on: December 07, 2021, 07:47:07 pm »
The larger advantage of a VLAN is being able to route instead of switch between ports, so all devices can be placed on separate subnets and isolated from each other to whatever degree is desired which significantly improves security.
Right. Manageable switches do not cost that much today. Having capable router you can firewall/demarcate literally every Ethernet port in your network - if needed. With proper managed switches you can authenticate every Ethernet connection as well - to ensure your friends do not hack your home network :)
 

Offline paulcaTopic starter

  • Super Contributor
  • ***
  • Posts: 4362
  • Country: gb
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #5 on: December 07, 2021, 07:50:14 pm »
But I wouldn't pay to change the wiring to conform to this ideal in a home network.

I think I'm going to keep the distributed switches w/ trunks.

What I have just ordered is 2 more smart switches.  I don't like trusting the switching duties to the "all-in-one" boxes.  Some of them don't even have hardware switches, just a collection of ethernets and software switching.

I figured building the back bone on actual giga switches will allow me the flexibility to send VLANs anywhere using just switch UIs and then the Routers/APs only need to deal with trunk links for the VLANs they participate in.

This also frees me on where I place these "Wifi providing" devices, instead of being physically located near a phone line for example.
"What could possibly go wrong?"
Current Open Projects:  STM32F411RE+ESP32+TFT for home IoT (NoT) projects.  Child's advent xmas countdown toy.  Digital audio routing board.
 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 7508
  • Country: va
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #6 on: December 09, 2021, 09:55:06 pm »
My network is a bit like that (but more ad-hoc). Except the office because I got to design the cabling and everything before it was built.

In your position, if at all possible I would run everything back to a single location with a 24-port (or whatever) patch panel. Then have a single managed switch feeding those ports. Or an unmanaged switch if you can't afford a managed one.

There are several reasons for doing this, which include:

* single hop from any device to any other device - get too many switches in the link and you can have problems

* single thing to fix when it goes wrong, and/or single location to put the temporary kit while you sort out the issues

but one thing I found really useful, and the reason offices are flooded like this, is because many of my connections are not the network. Apart from the obvious telecom stuff, I have analog video from CCTV in the kitchen and a DVR in the living room feeding monitors in the office, RS232 serial stuff, etc. That kind of traffic ain't going to go over a switch, and instead of having to run special point-to-point cables I just use a 150mm patch cable to join one port to another.
« Last Edit: December 10, 2021, 04:29:57 pm by dunkemhigh »
 

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9321
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #7 on: December 10, 2021, 12:12:06 am »
Having all the important stuff in one place makes it easier to add battery backup to all of it. That made sense back when batteries and BMS boards were relatively expensive, but nowadays it probably makes more sense to just add a 18650 pack to each device.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Online richard.cs

  • Super Contributor
  • ***
  • Posts: 1201
  • Country: gb
  • Electronics engineer from Southampton, UK.
    • Random stuff I've built (mostly non-electronic and fairly dated).
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #8 on: December 10, 2021, 03:33:40 pm »
In my house the physical topology is that everything runs back to a single patch panel, and whilst the cabling was a pain in the arse when I did it I don't think I would now change it. The main advantage it gives me is flexibility to route non-networked things over the same cabling. Something like 1/3 of mine are used for ethernet, with another third being assorted non-network signals (analogue phone lines, doorbells, a couple of lights, and a current-transformer on the incoming electricity), the remaining third being spare. All of these other things could be network devices, but it would add considerable complexity for limited advantage.
 

Offline paulcaTopic starter

  • Super Contributor
  • ***
  • Posts: 4362
  • Country: gb
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #9 on: December 12, 2021, 03:19:42 pm »
Well I've bought myself too many xmas presents now and spent far too long re-jiggling the network.

I put managed (smart vlan capable cheap office switches) at each location required.  Hallway, office, livingroom, bedroom.  VLAN'd and trunked the switches so I have LAN and GUEST networks.

So I have 2 VLANs even if all the layer 3 stuff is off and not "all in one" boxes involved.

I am currently using the Linksys WRT in the hallway as a router.  However it has the most rubbish 2.4Ghz radio I've seen, I ended up switching it off. 

But... with VLANs now, and my ISP bridge already provided on VLAN.101 I can just push that upstairs to the office and put the WRT up there as I have much less need for good 2.4Ghz upstairs.  If I do I can use a el-cheapo 2.4Ghz access point to cover any dead zone.

That leaves the Netgear nighthawk to do Wifi downstairs with options of location based on wired backbone, hallway or livingroom.

On "no. of hops" the worse case is currently bedroom to livingroom, which is 4 hops.  However those are two leaf client nodes unlikely to communicate.  Everything interesting is in the office and with the new layout, it becomes central.

EDIT:  A quick test and all my ping times are sub ms.  For 1 hops it's like 200us average.  Longest - outlyers was 600us.  I think switch latency is fine.  The outliers are the TPLink 5 port switches which have terrible pings and seem to "go to sleep" a lot when not in use.

1347647-0
« Last Edit: December 12, 2021, 03:39:10 pm by paulca »
"What could possibly go wrong?"
Current Open Projects:  STM32F411RE+ESP32+TFT for home IoT (NoT) projects.  Child's advent xmas countdown toy.  Digital audio routing board.
 

Online Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #10 on: December 15, 2021, 10:21:33 pm »
I think you're on the right path. Let switches do switching, leave the routing to your router. VLANs are also excellent for getting those things that don't need to be on the internet, off the internet (printers, CCTV cameras and so on). I wouldn't get too hung up on ping times, they really don't matter when you're talking about a millisecond or two over a LAN.

As for centralising, generally I think it's a good idea, particularly if you find yourself growing your network, adding more devices, etc... It's a slippery slope. I started off with a PC acting as a router in a wardrobe which eventually progressed to a half-height rack full of gear. I recently upgraded this to a full-height rack as my storage and backup power requirements change. If you're going to run additional cable, plan accordingly and think of the future. It's just as easy to run 2, 3 or 4 cables as it is to run 1. Do it once, do it properly.
« Last Edit: December 15, 2021, 10:23:26 pm by Halcyon »
 

Offline bingo600

  • Super Contributor
  • ***
  • Posts: 2041
  • Country: dk
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #11 on: December 19, 2021, 07:19:03 am »
Watch out for those TP-Link switches.
They used to have Vlan1 connected to all ports (non removable) , causing nasty leaks.

My favorite priced sattelite switch are D-Link DGS-1100-08 and the '08P for my PoE AP's
My favorite priced "Core" is D-Link DGS-1210-28 (Can do .1x and MAC filtering)

I'm using a pfSense box as my L3 firewall (Router) , and currently have 14 Vlans  :scared:
I have spread my vlans over 3 physical firewall interfaces, and it performs nice.

I took the firewall route when ransomware became widespread, and the wife still "clicking on everything" on her phone/pc.
Using linux for fileservers , i can make the picture shares read-only based on vlan ip range.
So she can still see (read) pics, but not write (destroy).

Several of my sattelite switches are "Tailed" of another sattelite switch ... Not optimal , but saves me on cabling.
And BW hasn't been an issue yet (1Gb).
If you don't define unused vlans on a trunk, you're preventing unneeded L2 traffic.


I see a lot of "Critical reported UI bugs" with NetGear ... Be aware, and update.


/Bingo

 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 7508
  • Country: va
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #12 on: December 19, 2021, 10:08:20 am »
Quote
I see a lot of "Critical reported UI bugs" with NetGear ... Be aware, and update.

Netgear have an atrocious record when it comes to firmware bugs. In one instance they essentially DDoS'd a Uni and didn't give a toss when told about it. Used to be nice hardware, but I wouldn't use anything of theirs with code in it. Updating isn't a solution since a) they have to care enough to make a fix, and they don't, and b) by the time you know it needs and update it's too late.

But DLink also used to have a bad reputation, and from personal experience it was warranted. Don't know how they are now since I also wouldn't touch anything of their recent kit to find out :)
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 29810
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #13 on: December 19, 2021, 12:25:28 pm »
This is an interesting thread that will spawn ideas for better LAN setups:
https://www.eevblog.com/forum/general-computing/best-routers-out-there/
Avid Rabid Hobbyist.
Some stuff seen @ Siglent HQ cannot be shared.
 

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9321
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #14 on: December 19, 2021, 12:53:37 pm »
Netgear have an atrocious record when it comes to firmware bugs. In one instance they essentially DDoS'd a Uni and didn't give a toss when told about it. Used to be nice hardware, but I wouldn't use anything of theirs with code in it. Updating isn't a solution since a) they have to care enough to make a fix, and they don't, and b) by the time you know it needs and update it's too late.

But DLink also used to have a bad reputation, and from personal experience it was warranted. Don't know how they are now since I also wouldn't touch anything of their recent kit to find out :)

Definitely want support for DD-WRT or OpenWRT on routers and APs. Would be nice if open source firmware existed for managed switches as well.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline bingo600

  • Super Contributor
  • ***
  • Posts: 2041
  • Country: dk
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #15 on: December 19, 2021, 01:08:01 pm »
But DLink also used to have a bad reputation, and from personal experience it was warranted. Don't know how they are now since I also wouldn't touch anything of their recent kit to find out :)

I have not noticed any Critical bugs in the D-Link WebSmart switches.
I wouldn't touch their WiFi "Routers" though.
I'm using Cisco or Unifi  PoE capable AP's

/Bingo
« Last Edit: December 19, 2021, 01:09:49 pm by bingo600 »
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17427
  • Country: us
  • DavidH
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #16 on: December 19, 2021, 04:02:18 pm »
Watch out for those TP-Link switches.
They used to have Vlan1 connected to all ports (non removable) , causing nasty leaks.

I have been upgrading to TP-Link TL-SG108E switches so will have to watch out for that.  Unfortunately they have at least 4 versions of this hardware.  Maybe the later versions are fixed.

Quote
My favorite priced sattelite switch are D-Link DGS-1100-08 and the '08P for my PoE AP's
My favorite priced "Core" is D-Link DGS-1210-28 (Can do .1x and MAC filtering)

I gave up on D-Link almost 20 years ago now.  They lied about WiFi firmware updates to new standards and after a couple years in service, each switch or router stopped operating.

Quote
I'm using a pfSense box as my L3 firewall (Router) , and currently have 14 Vlans  :scared:
I have spread my vlans over 3 physical firewall interfaces, and it performs nice.

That is my plan.  Currently I have an old Pentium 4 box running pfSense but am going to replace it with an apu4d4.

Quote
I see a lot of "Critical reported UI bugs" with NetGear ... Be aware, and update.

Netgear have an atrocious record when it comes to firmware bugs.

I liked their Bay Networks stuff in the metal boxes but repeated firmware problems and lack of support has soured me on Netgear.
 

Offline paulcaTopic starter

  • Super Contributor
  • ***
  • Posts: 4362
  • Country: gb
Re: Home network design - is it "worth" centrally locating infrastructure?
« Reply #17 on: December 21, 2021, 04:24:55 pm »
Watch out for those TP-Link switches.
They used to have Vlan1 connected to all ports (non removable) , causing nasty leaks.

They have worse "quirks" than that.  They have no way to set the management VLAN, so it listens on ALL VLANs.  Not only that, but it sends it's DHCP request from a random VLAN, so sometimes it was on the guest lan and sometimes on the lanlan.  I fixed it's IP to LAN IP, but it's technically still accessible if I readdress the machine on the guest, it can get the admin interface.

They also have a config quirk, where the PVID of an untagged port is not automatically assumed to be the default VLAN of that port.  ehhhh duh?
"What could possibly go wrong?"
Current Open Projects:  STM32F411RE+ESP32+TFT for home IoT (NoT) projects.  Child's advent xmas countdown toy.  Digital audio routing board.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf