[HN Gopher] My network home setup - v4.0
___________________________________________________________________
My network home setup - v4.0
Author : giuliomagnifico
Score : 262 points
Date : 2023-02-09 14:00 UTC (8 hours ago)
(HTM) web link (giuliomagnifico.blog)
(TXT) w3m dump (giuliomagnifico.blog)
| fy20 wrote:
| Can someone recommend a budget WiFi access point with long range?
| I only have LTE as the backhaul, so the fastest speeds are not a
| requirement.
|
| I bought a EAP610 which I saw recommended on Reddit, but the
| range seems worse than the ISP modem's (something Huawei) built
| in WiFi.
| KaiserPro wrote:
| for a normal AP, then I'd get a second hand ubiquity LR off
| ebay.
| thakoppno wrote:
| My advice is tangential but run an ethernet cable. Access
| points aren't great at long distance. Setup an AP in the far
| away room on the other side of the house. It will be far less
| frustrating.
| bityard wrote:
| I bought a Netgear WAX218 a few months back for around $100...
| but a quick look around shows that either the price has gone up
| significantly or they're not making them anymore? Well, if you
| manage to find one for a decent price, I highly recommend it.
| duxup wrote:
| I am a big fan of Netgear's Orbi line. Really I think distance
| is more of a relative/ location issue and a mesh system that
| allows you to move the satellite endpoints around to suit your
| needs is very useful to figure out the optimal situation for a
| given environment.
|
| https://www.netgear.com/home/wifi/mesh/orbi/
| aliljet wrote:
| Very curious, what if you had a 10gbe symmetric connection from
| your ISP? How would you modify your deployment?
| giuliomagnifico wrote:
| ...well I think it takes a long time before we will have 10Gbe
| in Italy (we still don't have 5Gbe), anyway I'll use only
| another router and switch, with 10gb ports, but the issue in
| this case will always be the wifi antenna of the (i)Devices
| that are still below 1Gbps, so the AP will not need a swap at
| the moment.
| Thaxll wrote:
| Is it working fine to have IOT on a different vlan, lot of IOT
| use weird protocol ( mdns, multicast etc ... ) that are not
| friendly with vlan? I know that some people have issues for
| example with the Chromecast being seperated since it needs
| internet but also be able to communicate with your phone on a
| different vlan.
| Jiocus wrote:
| Multicast doesn't cross between IP _subnets_ - it doesn't
| necessarily have to do with VLANs, strictly speaking. But yes,
| in practice VLAN--subnet
|
| Make sure IGMP is enabled. Devices join IGMP groups to announce
| they want to receive mDNS
|
| - IGMP snooping
|
| - IGMP proxying (if offered)
|
| Depending on your router you might find helpful options like:
|
| - mDNS reflector
|
| - mDNS repeater
|
| - any mDNS + description of multiple networks (Unifi)
| tcpdump -i <interface> host 224.0.0.251 or port 5353 -A
|
| Like others mentioned, Avahi is solid but the multicast
| reflection/repeater/relay must run on the device routing
| between the VLANS in question.
|
| Disclaimer: Deployed and networked thousands of Chromecast at
| several hotel chains and their wildly variable enterprise
| networks. Wrote my own mDNS repeater-as-a-packet-rewriter to
| fine-tune TXT records.
| chomp wrote:
| Yeah, avahi will help you out quite a bit there, but I
| personally pick my IOT devices to where they will not have
| requirements like that. I'm pretty #nocloud with anything I put
| in my home, so the majority of IOT devices I have go on the
| null routed VLAN and are perfectly happy.
| syntaxing wrote:
| My IoT VLAN is one way only (main VLAN can talk to it, and it
| can talk back BUT it cannot talk to any other VLAN on its own
| accord). No issues with mDNS or multicast. I redirect all DNS
| request as well to nextDNS with masquerading. I have probably
| 30 devices on it? Zero issues with home assistant and HomeKit
| candiddevmike wrote:
| Assuming you have a linux machine connected to both networks,
| Avahi can reflect/forward mDNS multicast traffic, so you can
| have your chromecasts on a separate network and be discoverable
| by devices on a different one.
| rbranson wrote:
| IoT VLAN indeed can be annoying. It's getting better as a lot
| of the more "prosumer" grade routers are supporting it. I use
| Sonos at home too, which means I had to deploy this into a VM
| to bridge the VLANs: https://github.com/alsmith/multicast-
| relay.
|
| There are some funny (?) things that turn up too, like learning
| the Roku remote iOS app "discovers" devices by opening a TCP
| connection to every address in parallel on its local /24 (!!!).
| It sends out and receives mDNS packets that would tell it
| exactly where they are, but they are ignored by the app.
| hnburnsy wrote:
| I use a separate router and old phone without a sim card to
| manage my IOT devices, got sick of Amazon continually scanning my
| network and adding my printers without asking.
|
| I know it happens but I hate that these devices probe my networks
| and report on what they find. Is there anyway to stop this
| discovery?
| artificialLimbs wrote:
| Hardcode IPs and disable broadcast traffic. But really VLANs is
| the answer.
| hnburnsy wrote:
| Thank you, I wonder how many IOT devices support entering an
| IP address directly.
| depingus wrote:
| > Is there anyway to stop this discovery?
|
| The correct way is to create VLANs. Then use the router's
| firewall to prevent devices in the IOT network from reaching
| into your other networks. Not all consumer network hardware
| supports VLANs though.
| hnburnsy wrote:
| My separate router allows me enable 2.4 G which many IOT
| devices need but keep my main router at 5 G only.
| depingus wrote:
| That's a good idea when you're just working with what you
| might have on hand. But if you're buying something,
| consider going a step above consumer network gear. There
| you'll find wireless access points that let you configure
| multiple wireless SSIDs on mixed or isolated radios...all
| at the same time.
| hnburnsy wrote:
| Thanks I meant the discovery on the IOT LAN or VLAN.I don't
| need Amazon knowing that I have a Tesla charger
| depingus wrote:
| Gotcha. You can never tell how an IOT devices is scanning
| your network. It could be passively listening for broadcast
| messages, or it could be actively scanning all the private
| subnets.
|
| So, you probably need an access point that can do "client
| isolation" or "layer 2 isolation". This would prevent
| clients on the same wireless SSID from talking to each
| other.
|
| For example, looks like the Ubiquiti access points can do
| it. https://evanmccann.net/blog/2021/11/unifi-advanced-wi-
| fi-set...
| hnburnsy wrote:
| Thanks for the great info.
| skrtskrt wrote:
| how does someone learn the basics of "home lab" or small-scale
| server setup, particularly networking?
|
| I'm pretty familiar with managing compute & storage, but the
| networking is largely a mystery to me. I've read a bunch of
| CompTIA study materials but it was all very abstract
| ovi256 wrote:
| I think you would benefit from an "Introduction to Computer
| Networks" type class
|
| It will teach you what a switch and a router do, the difference
| between LANs and WANs, what DHCP and DNS do. The different
| ISO/OSI layers involve, TCP vs UDP.
|
| Then you'll be able to setup a home network without issues,
| because you'll know the different moving pieces and how they
| fit together.
|
| This is a textbook that's used in such classes
|
| https://intronetworks.cs.luc.edu/current2/html/
|
| From the syllabus, this Coursera class looks OK:
|
| https://www.coursera.org/learn/computer-networking
| jobs_throwaway wrote:
| Anyone have a MOOC or other course on this topic they've
| taken and would reccomend?
| mewse-hn wrote:
| In the context of the linked article, the easiest starting
| point would be to get a managed switch like the Netgear GS308T
| in the article, and then feed the data into grafana for pretty
| graphs. From there you can start branching into more complex
| topics like vlans, wifi, etc
| ye-olde-sysrq wrote:
| Tbh a lot of it can be as simple as:
|
| - get computers. laptops, desktops, raspberry pis, custom-built
| ("whitebox") servers, old dell poweredges you got off ebay, etc
| etc. Install linux on them.
|
| - plug servers into switches, switches into switches, and
| eventually into your router. Don't create cycles in your tree
| (unless you know your router/switches support it (STP), and
| unless you paid $1k for your switch, it doesn't support it)
|
| - Figure out your router config to assign them static/reserved
| DHCP IP addresses so they always get the same IP.
|
| - put those IPs in your hosts file. (optionally, set up a DNS
| server.)
|
| - ssh-copy-id your ssh key to all servers
|
| Now you have a bunch of machines you can ssh to. Which imo is
| the most basic definition of a homelab.
|
| Lots of people get super creative and use fancy routers and
| switches and enterprise gear and do complicated networking and
| etc etc etc but all that stuff is just good fun and not
| necessary.
| giuliomagnifico wrote:
| Best thing I think is "do it", because when you need to fix an
| issue you learn new stuff, I have never done dedicated studies,
| also because each system has its own particularities, so you
| can learn the basic but then the names and operations may
| change a bit from one to another brand.
| dgroshev wrote:
| Some things I realised after going through my OpenWRT and later
| OPNsense phases:
|
| - complexity is fun to play with during the initial setup, but it
| sucks long term
|
| - VLANs and inter-VLAN firewalling is needlessly complex, brings
| endless frustration*, and you shouldn't trust the network to do
| your auth anyway
|
| - letting a vendor to do something is Actually Good
|
| - dashboards are useless, I can't recall ever using them for
| anything
|
| So I sold most of my networking gear and replaced it with
|
| - Aruba Instant On fanless PoE switch and a bunch of their APs
|
| - a PS100 Topton fanless PC box with VyOS on it, powered with a
| PoE splitter
|
| - a UPS
|
| No VLANs, simple flat network. Everything internal is either on
| Tailscale or behind auth. Everything is PoE, things that don't
| are on PoE splitters, so no power bricks and everything is UPSed.
| Arubas require zero configuration and are managed through a cloud
| portal. The router needed to be configured once and required zero
| intervention for close to two years. It's ridiculously
| performant, perfectly balances load, and just works.
|
| *: I _really_ have better things to do on a party than debugging
| firewalling an obscure protocol Airplay uses when my guest can 't
| Airplay from their phone
| zrail wrote:
| That sounds like a really nice, simple setup. I have an
| unfortunate mix of gear from different vendors, but my setup is
| broadly similar. VyOS on an old SFF box, PoE whenever possible,
| etc. My physical topology means I need more layers of switches,
| though, and I do have a single vlan for my work machine.
| There's no inter-vlan routing there, just internet.
| justusthane wrote:
| Very neat - thank you for documenting this, especially the piece
| about using Avahi to place the HomePods on a different VLAN. This
| is something I'm planning to do but hadn't looked into yet, so
| this will save me a lot of effort.
|
| Just out of curiosity, that's the black box in your cabinet
| balancing on the metal cones?
| giuliomagnifico wrote:
| Thanks!
|
| >Very neat - thank you for documenting this, especially the
| piece about using Avahi to place the HomePods on a different
| VLAN. This is something I'm planning to do but hadn't looked
| into yet, so this will save me a lot of effort.
|
| Yes, it's very easy if you use Avahi, but it's important that
| you're using VLANs and not subnets, because I had lots of
| troubles using a separate subnets for iot devices and the
| HomePod in the main subnet. You have to add a route on the
| router and tweaks the firewall. Using vlans instead is easier
| and faster.
|
| >Just out of curiosity, that's the black box in your cabinet
| balancing on the metal cones?
|
| Italian ISP modem "unfortunately". If you see the network
| scheme you can understand better:
| https://giuliomagnifico.blog/_images/2023/home-network_v4/Re...
| syntaxing wrote:
| Wait, does this work with HomePod minis? My current mDNS works
| with my network, my issue is the HomePod mini automatically
| jumps back to the same wifi as my phone.
| giuliomagnifico wrote:
| Yes absolutely, but your iPhone and the HomePod should be on
| the same/main vlan, not the HomePod on the IoT vlan.
| gertrunde wrote:
| Going from the earlier instalments (v1/2/3) - I suspect it's
| the ISP modem.
|
| (And I'm guessing the metal cones are there to lift it off the
| flat surface for more airflow).
| giuliomagnifico wrote:
| Exactly, the metal cones are 3 unused audiophile spikes.
| Perfect fit inside the holes of the bottom of the modem.
| blitzar wrote:
| V1/2/3 are pretty handy for figuring out the other stuff too.
| blitzar wrote:
| ISP Modem?
| blep_ wrote:
| I've been waiting for a good time to ask this oddly specific
| question: why does everyone number VLANs 10, 20, 30, etc. instead
| of 1, 2, 3?
| briHass wrote:
| On some devices (e.g. CISCO), ID 1 is reserved, so starting at
| powers of 10 keeps it nice and even and allows for insertions
| (same logic as line-numbering in BASIC.) I assume 10 seems
| better than 100 (or even 1000); those just seem crazy high.
| icelancer wrote:
| At least in our case, this allows this space:
|
| 172.16.0.1 to 172.16.9.255
|
| To be available for non-VLAN DHCP, static leases, and internal
| devices. Not sure if that's why others do it this way, but it
| made sense for us.
| blowski wrote:
| Originally, so you could group related VLANs together. e.g.
| VLAN30 is Marketing, then later you need a second marketing
| team so they have VLAN31. If you'd had VLAN1, 2, 3, etc, you
| couldn't do this.
|
| That everyone does it - even on small home networks - is just
| convention.
| viraptor wrote:
| Same reason as assigning larger networks than you need or
| leaving free spaces between them. You may want to put some
| things close to each other because they logically go together.
| But some things that go together don't exist yet, so let's
| reserve the space.
|
| (Can't speak for everyone of course, but that's why I'd use
| 10.0.10.0/24, then 10.0.20.0/24, etc. Now "same kind of thing
| next to it" can have 10.0.11.0/24)
| giuliomagnifico wrote:
| Because VLAN 1 is the default used by lots of vendors, and
| sometimes also 2, so using 10 and 20 is easy to remember that
| is a VLAN and you can leave some static IP free also. Also
| because is not like DHCP addresses that are 1-255 but VLANs are
| 1-4096 so you can use some easy numbers to remember. For
| example I'm using VLAN 50 for IoT because the Homebridge server
| has 192.168.1.5 IP, so IoT is VLAN 50 with 192.168.50.0/24.
|
| Some can argue that using VLAN 1 is also a bit less safe
| because it's the default VLAN and attackers usually scan for it
| like 192.168.1.1 IP for modem/WAN.
| kccqzy wrote:
| I'll just say one thing regarding my own home network setup: go
| IPv6 only. Ditch IPv4, except for the necessary evil that is
| NAT64/DNS64. I refuse to network any device that does not support
| IPv6, and I refuse to use any app that chooses not to use the
| IPv6 addresses present.
| manv1 wrote:
| Yes, because I want my internal home devices publicly
| accessible by default.
|
| Seriously, the global addressability of ipv6 is something that
| people used to using ipv4/NAT tend to forget. I know a bunch of
| people (well, two) that make a living scanning for IPv6
| addresses inside networks that the admins didn't realize were
| open to the world.
| npteljes wrote:
| Why do you do this? Principle, or does it have an actual
| advantage?
| kccqzy wrote:
| Mostly principle. The internet is designed for end-to-end
| connectivity; let's strive for a more decentralized internet
| by giving big cloud and residential users equal access by
| removing NAT.
|
| As for actual advantage, I can think of reduced configuration
| burden since you don't have to maintain two sets of firewall
| configs for dual-stack hosts. It's a small advantage only.
|
| On the other hand, I'll be honest with you, there are
| disadvantages. As recently as 2021, people are still
| discovering problems on IPv6-only networks that necessitate
| writing new RFCs to mandate new behavior. Yes I'm talking
| about https://www.rfc-editor.org/rfc/rfc9131.html It's
| because of the low prevalence of IPv6-only networks that
| changes as fundamental as Neighbor Discovery have to be
| proposed in this decade.
| npteljes wrote:
| I think that's a nice framing for the issue! IPv6 adoption
| is really slow, considering that I've been hearing about
| the necessity for what seems like two decades now.
| ralphael wrote:
| Anyone who uses Grafana to monitor their home setup, thats +1
| from me.
|
| Appreciate the commitment and dedication to detail.
| bombcar wrote:
| You'll love https://mods.factorio.com/mod/graftorio2
| thrwawy74 wrote:
| 2 things come to mind here:
|
| 1) I don't trust devices to respect VLANs. I trust the switches
| to respect VLANs, but not devices. When the VLAN-tagged traffic
| hits WiFi the VLAN is lost. When it's received at the AP the AP
| can choose to tag it again before entering the switch. I think
| I'd still do multiple SSID's + VLAN's so wifi clients intended
| for different VLANs are not communicating on the same "virtual
| AP"? I worry my Google IOT devices could be in promiscuous mode
| looking at everything. Multiple SSID's would separate them from
| other devices by encryption.
|
| 2) I've read a couple articles saying rate-limiting IOT and Guest
| networks results in more service interruption than one would
| expect. Simply prioritizing the main network traffic over Guest &
| IOT is a better setup. How do we do this in OpenWRT?
| giuliomagnifico wrote:
| 1) is safe to trust VLANs, especially for this home stuff...
| otherwise you will need separated LANs and cables! Overkilled.
|
| 2) I'm not rate limiting the IoT devices, I'm monitoring them
| and they make really few traffic, you can limit a device by MAC
| address in OpenWrt anyway:
| https://forum.openwrt.org/t/bandwidth-limit-per-ip-mac/35943
| justsomehnguy wrote:
| > 1)
|
| This is not Area 51 and a client which doesn't respect VLAN
| tagging should somehow send packets to a different gateway IP.
| I don't see a way for a device to know where to send packets if
| it did break out from VLAN
| candiddevmike wrote:
| RE: 1, you can push wifi clients to separate VLANs either by
| host or per SSID depending on the gear. It's enforced on the
| AP, clients can't breakout.
| gbrindisi wrote:
| Loved this! I have just now started rebuilding the home network,
| this is great inspiration
| twawaaay wrote:
| I don't have pictures but I can describe it.
|
| * Broadband 600/60Mb/s with seamless failover to 5G (varying
| speeds)
|
| * Netgate 6100 router with VPN client, VPN server, site to site
| VPN configured, traffic shaping to reduce bufferbloat, uplink
| failover, etc.
|
| * 4 Cisco SG 250-8 switches sprinkled throughout the flat. One
| acting as my core switch.
|
| * QNap with 2 4TB drives in mirror for backups
|
| * A HDD USB station with a stack of 4TB HDDs for backups. Backups
| are delivered to qnap at various times and then from time to time
| I make a complete copy to a drive which is put in a rotation. I
| keep three full copies of the data at any time and at least one
| of them is off-site with my family. When I visit my family I take
| the latest backup and replace the drive that is in their custody.
|
| * a small, passively cooled server with 2TB fast SSD, 128GB ECC
| RAM, Ryzen 5 CPU, Asrock PRO X570D4U-2L2T. Hosts proxmox where I
| keep about a dozen VMs for various things, Ubiquiti management
| panel, NVR, dns filter, development tools, minecraft servers,
| jump box, etc....
|
| * a 10 year old Thinkpad T440s running always on serving as my
| emergency server and a development environment.
|
| * 4 Ubiquiti WiFi 6 access points -- before you jump in saying
| this is overkill, I live in a large flat in a dense urban area
| with about half a thousand 2.4GHz APs and 50 5GHz ones
| interfering with my WiFi setup. Most people and even network
| providers are clueless and set up their devices to max power as
| if it was going to help them -- it only makes things worse. I
| have 4 APs with reduced power so that anywhere you are at my flat
| you are always close to one of APs and you roam between them
| seamlessly as you move.
|
| * Multiple VLANS and WiFi networks
|
| * a VLAN + WLAN for my family for their regular devices to access
| the Internet and some defined services within network but
| otherwise disallowed to contact anything else
|
| * a VLAN + WLAN for IOT, legacy devices, devices I don't trust or
| devices that only support old protocols and would deteriorate
| WLAN performance (printers, a chinese projector, etc.) This VLAN
| does not have Internet access (so that devices can't phone home),
| don't have access to any other device in the network, don't have
| access to other networks and can only be reached with defined
| firewall rules.
|
| * a VLAN + WLAN for my work -- this is dedicated for my work
| laptop, my phone, my electronics lab (oscilloscope, multimeter,
| programmable PSU/load, etc.)
|
| * a VLAN + WLAN for guests
|
| * a management VLAN -- any network devices, servers, QNAP etc.
| are only available through this separated VLAN which has very
| strict access through a jump box. Also does not have direct
| internet access so the devices can't phone somewhere else (but I
| have a proxy for software updates, etc.)
|
| * a service VLAN -- where my services are available internally
| (for example QNAP interface, apps running in VMs, etc.) Some of
| them have rules to be accessed from other networks
|
| * a DMZ VLAN -- I expose some services to the world, DMZ serves
| to provide one more hurdle for any attacker
| digitallyfree wrote:
| As a homelabber myself (enterprise networking + servers) there
| are quite a few things to consider before jumping ahead with
| such a setup. It can be rewarding but you'll need to commit to
| it and be prepared to troubleshoot - you're basically a small
| business IT shop at this point. Having some network/IT
| background is obviously helpful.
|
| Keep in mind that the power consumption of all the equipment is
| quite substantial and must be taken into account before
| starting. Also as your setup becomes more complex backups,
| redundancy, and security must all be considered - it's easy to
| run your network dead in the water if you aren't prepared for
| it, and unlike a single home router you can't just simply
| reboot and reset if everything relies on the network. For
| instance assume that all your machines rely on your NFS server
| to access files - if that server goes down, how quickly can you
| replace it? If the RADIUS server goes down and your devices
| can't authenticate across your switches and APs, do you have a
| fallback method of access?
|
| Finally unless your family knows how to maintain the system as
| well, you'll be the sole IT contact and will have to do quite a
| bit of support especially at the start. You'll need a plan of
| how to remotely manage everything if you're say on vacation
| since things like to crop up then.
| twawaaay wrote:
| > As a homelabber myself (enterprise networking + servers)
| there are quite a few things to consider before jumping ahead
| with such a setup
|
| Well. I have over quarter of century of experience in IT, as
| a sysadmin, developer, electronics engineer and tech lead. It
| helps. I would never suggest anybody to do this just to have
| a nice WiFi at home...
|
| > Finally unless your family knows how to maintain the system
| as well, you'll be the sole IT contact and will have to do
| quite a bit of support especially at the start. You'll need a
| plan of how to remotely manage everything if you're say on
| vacation since things like to crop up then.
|
| Yep. I have VPN I can use to manage the network. All devices
| can be rebooted remotely.
|
| I also have some backups -- the 5G router can be disconnected
| from the setup and used standalone and I have instructed my
| wife how to do this. Most of the files are synchronised to a
| cloud service where she can connect in need.
|
| The passwords to everything are stored in tamper evident
| envelopes (and a paper books with a log in my own
| handwriting).
|
| As to power consumption this probably is the weakest point of
| all of this. Yes, a lot of devices equals a lot of power, but
| my devices are extra power hungry. Although I tried to avoid
| unnecessary electricity waste (if only to keep it fanless) I
| never compromised quality for it. For example, I went out of
| my way to not buy an actual server even though there is a
| plenty of used servers that I would be perfectly happy with.
| Instead I built my own based on one of a kind motherboard
| that supports a consumer CPU and ECC RAM and uses relatively
| little power.
| digitallyfree wrote:
| Hah from reading your original post I already knew you were
| good. My comment was really meant for those interested in
| these setups (I get asked about this quite often) without
| realizing the time and effort needed to maintain it. This
| can be a real rabbit hole as I started with an Edgerouter
| and Unifi AP and eventually worked my way up.
|
| I really like your idea of having a separate router that
| can be used standalone if the main system fails, and might
| actually consider adopting that for my family as it would
| be very useful if I'm not available. Currently I'm looking
| into a virtual HA Opnsense setup on two servers to maintain
| routing if one fails and cannot restart for whatever
| reason.
| twawaaay wrote:
| We take this router with us on trips. It is nice to have
| your own fast, mobile Internet with you (no transfer or
| bandwidth limits). And when it does not serve as backup
| Internet it has site-to-site VPN to our home network.
| mtlynch wrote:
| Thanks for sharing this!
|
| I'm a networking amateur, and one thing I've struggled to
| figure out is VLANs for wireless devices. It seems like VLANs
| are managed at switch level, so does that mean that all devices
| on a particular AP have to share the same VLAN? Or is there a
| way to segregate devices across multiple VLANs within a single
| AP?
| formerly_proven wrote:
| Enterprise APs support VLAN tagging themselves, so you assign
| multiple VLANs to the AP uplink in the switch and then tell
| the AP which SSID belongs to which VLAN.
| twawaaay wrote:
| Yes. I set up VLANs on my Cisco switches. The APs are told
| what vlans and WLANS are configured through Ubiquiti
| management panel. The APs are all connected to their
| assigned ports on the switches and the ports are configured
| to see all necessary VLANS tagged and one (management) VLAN
| untagged. The untagged VLAN is how the management
| application talks to APs.
|
| Eeach of 4 APs serves all 4 WLANs and each WLAN + VLAN are
| completely separated networks.
|
| The traffic from various WLANS goes directly to their
| assigned VLANS and never mixes together -- the only way is
| either through the router or some other service like my
| proxy.
| mtlynch wrote:
| Gotcha, thanks for the extra details!
| lotsofpulp wrote:
| Is Aruba Instant On considered an enterprise AP? It is the
| cheapest and easiest way to do home networking with VLAN
| that I have found.
| giuliomagnifico wrote:
| If you read my post is what I've done: separated VLANs (3)
| with a single AP and cable from the router.
| giuliomagnifico wrote:
| >I don't have pictures but I can describe it.
|
| That's very interesting, but how much power does the whole
| thing consume?
|
| In my case all this setup is 45-50W, I thinks is a good goal.
| twawaaay wrote:
| I don't know how much all of this consumes. The networking
| itself is pretty power hungry, just the APs probably consume
| more.
|
| On the other hand there are no fans in my setup except,
| incredibly, the laptop. But this fan is kicking in extremely
| rarely and only when I am actually using it, so no problem.
|
| The backup NAS makes a bit of noise but this is happening
| during night when nobody cares.
| oaiey wrote:
| I recommend anyone separate VLAN for your work at home
| environment. The company might spy but far more importantly,
| the risk of viral infections and hacks is so dramatically
| higher in a company than you alone at home with your family.
| twawaaay wrote:
| Yep, that's what I have.
|
| One large bank I worked for was very surprised and
| practically enraged when they figured out I work on a VM and
| they don't _actually_ control the device I am sitting on. It
| all started because they decided I am obliged to "provide
| for basic security" and install an antivirus. I told them
| there is absolutely no need for me to install an antivirus on
| this machine. This machine has only ever been used to connect
| to their network and I have neither installed anything or
| even visited any website from it. Moreover, it is snapshotted
| and restored from a snapshot every single day. It is fun to
| sometimes battle those mindless corporate drones.
| ryandrake wrote:
| I like this setup. Mine is much simpler, but I dig your vibe
| with the VLANs. I don't have any Internet failover or VPN, and
| have settled on:
|
| - Regular VLAN: Access to LAN and Internet (I insist on having
| root on the device for it to go here)
|
| - Guest VLAN: Access to Internet only
|
| - Quarantine/IoT VLAN: Access to LAN only
|
| I don't feel I need any more granularity than that. Of course
| the primary LAN backbone is 1Gig ethernet, but I have APs every
| 50 feet or so for phones.
| twawaaay wrote:
| I thought about 10Gig but then I decided almost no device I
| own can actually make use of it and even if it could, there
| are better ways to do it. I don't need to have 10Gig just to
| be able to edit videos/photos if I can easily solve the
| problem and copy them locally for the duration. Also almost
| everything uses WiFi and there are only two computers (my
| macbook pro and gaming PC) that are connected to ethernet.
|
| As to APs, having multiple APs (well configured) and a good
| router (well configured) has much bigger impact on the
| quality of user experience than the actual throughput of the
| broadband itself.
| renox wrote:
| I wonder why noone is talking about the 'bufferbloat' issue, is-
| it a solved issue now? Can I pick any router to plug into my ISP
| router?
| KaiserPro wrote:
| My setup is pretty similar in schematic, but not finess of
| design.
|
| I have a 24 port netgear fanless smart switch as the backbone. I
| did have a POE version but the fans were too loud. I have a PoE
| injector now which allows me to power the APs and the phones for
| the house intercom.
|
| I use pfsense for routing and firewall.
|
| Ubuquity for APs. I have four, one for upstairs, one for down,
| one in the garden and one in the shed. three are second hand.
|
| I have a VLAN for work, (I can ssh in from the normal vlans, but
| I can't get out from the work VLAN)
|
| A have a VLAN for CCTV, normal use, servers/services, and one for
| IoT. Seems to work ok for my needs, but most people don't need
| what I want on a network.
| hesdeadjim wrote:
| I'd highly recommend a Ubiquity Dream Machine Pro if you have any
| advanced use cases. I've got mine VPN bridged to my office router
| and it's been convenient to be able to force some devices at home
| to have all traffic routed over that link.
|
| PlayStation dev kits annoyingly require usage on a whitelisted
| static IP to activate (every 2 days) and access dev PSN
| environments. It would have been a huge PITA doing it any other
| way.
| xattt wrote:
| Are there any server rack mounted patch panels that let you
| choose to use a certain network drop for POTS or for Ethernet?
|
| I've seen similar patch panels for structured wiring, but not for
| server racks.
| giuliomagnifico wrote:
| With the 19" front rack mount I have never seen one.
| zrail wrote:
| Get a 19" keystone panel and then you can do whatever you want.
| There are keystones available for Ethernet, coax, rj11 POTS,
| hdmi, fiber, basically anything.
| cabirum wrote:
| My _unnecessarily convoluted_ home setup _that takes too much
| space_ - ftfy.
| rbranson wrote:
| Everything has a purpose, unlike many "home labs" where people
| are just tinkering. There's nothing in here that would require
| fussy maintenance. It seems pretty reasonable to me given the
| functionality.
| caust1c wrote:
| If they think this network is convoluted they should see
| mine!
| dgroshev wrote:
| In my experience, the main issue with setups like that is
| IoT/convenience devices being subtly broken because of all
| the firewalling. Then you suddenly find yourself trying to
| figure out why you can't just airprint from your ipad or why
| your guest's iphone sees a HomePod, tries to activate
| airplay, but it just silently fails. Really fun to debug,
| especially when you need that document printed right now or
| when you have a party going.
| neoromantique wrote:
| But what's the alternative? Unsafe home network where one
| rogue device can act as a tunnel for bad actors(bots more
| often tbh)?
| Tijdreiziger wrote:
| If you buy devices from trustworthy brands and replace
| them when they stop getting security updates, it should
| be fine, right? After all, aren't 99% of home networks
| 'unsafe' according to your definition?
| neoromantique wrote:
| >After all, aren't 99% of home networks 'unsafe'
| according to your definition?
|
| Prevailance of home ip addresses in DDoS attacks and in
| proxy pools does suggest so -\\_(tsu)_/-
| dgroshev wrote:
| It doesn't follow. There are a lot of homes, so even if
| 1% of all home networks had "rogue" devices in them
| they'd dominate DDoS attacks. Besides, it's not HomePods
| or Withings smart scales or Hue bridges doing that as far
| as I'm aware, it's mostly cheap, unsupported, noname
| crap, so you can reduce your risks substantially by not
| buying questionable products.
| neoromantique wrote:
| There are plenty of CVEs in brand name things across IoT
| spectrum.
|
| Vetting devices you introduce to network is of course
| solid advice, but a little bit of paranoia never hurts in
| tech.
| dgroshev wrote:
| How many of those get exploited on firewalled networks
| before they're remotely patched though?
|
| My whole point above that it does actively hurt, with
| devices randomly misbehaving at exactly wrong times. It's
| not enough to set up everything once because devices get
| updated and change ports, domains, and protocols. It also
| makes everything more brittle, requiring multiple inter-
| VLAN proxies to be running at all times for seemingly
| unrelated devices to work. That SD card in your raspi
| died? You decided to update Docker on it and run into
| problems? No Sonos for anyone in the house until it's
| fixed.
|
| There's a real cost to that paranoia, it's just another
| case of security/convenience tradeoff.
| neoromantique wrote:
| Let's agree to disagree, I think in the end it comes down
| to priorities and pain threshold for having to tinker
| with stuff.
| dgroshev wrote:
| The alternative is roughly what google called BeyondCorp
| -- not trusting your network and doing explicit auth
| everywhere it matters, maybe with a sprinkle of Tailscale
| to simplify auth and encryption.
|
| If you're worried about your network being saturated for
| DDoS by a random IoT device, I suspect you'll notice it
| even without explicit monitoring.
|
| Besides, risks need to be weighed by their probabilities.
| It's a small chance of name-brand IoT devices "going
| rogue" vs the certainty of random things not working when
| they should, and I don't think this tradeoff leans
| towards VLANs for most people.
| rejectfinite wrote:
| Sure, you can use the ISP modem and a laptop on wifi.
|
| But that sucks ass.
|
| Wouldn't you rather have real monitors/screens, a solid wired
| connection to a network and a real keyboard and mouse? Yea it
| takes space and time but its way better.
| NegativeK wrote:
| > Wouldn't you rather have real monitors/screens, a solid
| wired connection to a network and a real keyboard and mouse?
| Yea it takes space and time but its way better.
|
| I do for most things, but better is personal.
|
| Saying that OP's setup is overly convoluted or better is
| entirely missing the point -- it's what they want to do for
| enjoyment. Personal taste doesn't need to be justified.
| bluedino wrote:
| Agreed, but it's neat.
|
| Every time I try setting my home network up like that (smart
| firewall, traffic graphs, etc), I just end up going back to a
| $30 router/AP.
| fishtacos wrote:
| Had a similarly convoluted network for some years... over
| time you realize it's just pointless to waste time
| maintaining and troubleshooting said setup.
|
| Today it's ISP router + separate AP (better coverage).
| Chinese hackers aren't attacking my network, and if they did,
| cool, have at it. Basic firewall + NAT + AV covers 99% of use
| cases, even in a business, with the right configuration.
| Turns out I don't miss pfSense either.
|
| Makes sense for keeping skills up to date, though, and as a
| hobby, I can see how one can get into it. Reddit's r/homelab
| has some crazy builds to check out.
| bombcar wrote:
| I have something relatively similar, a bunch of old
| datacenter equipment (cheapest way to get 10+ GB!) and some
| mikrotik, and then I have hardcoded DHCP leases for my IoT
| shit, and extensive blocking at the firewall for those
| devices/MAC addresses.
|
| Good enough for me.
| [deleted]
| [deleted]
| dgroshev wrote:
| I'd sub the ISP router for a PS120 topton box with vyos on
| it, just because it can handle smart queues at line rate.
| It's really nice when you have exactly the same low ping
| and jitter regardless of other load on the network, with
| bandwidth splitting equally, and ISP routers just can't do
| that in my experience. It just works and requires zero
| fiddling.
| fishtacos wrote:
| TBH, haven't gone into anything deeper than a ping and
| jitter benchmarks, so not terribly in depth or long-term
| besides occasional tests out of curiosity.
|
| ATT fiber 300 up/down provides 4 ms consistent ping to
| google's closest's datacenter, sometimes at 3 ms, which
| is of course nuts. Might as well be in my apartment
| block. Perfectly happy with provided unit, although it's
| an older one.
|
| Tangential, but have used vyOS some years ago to create a
| makeshift 10G switch using commodity hardware and an old
| PC. Routed and switched amazingly fast - the demise was
| related to what I could guess were broadcast storms.
|
| I'm with you in spirit however. Want and will probably
| need to switch back to a more customizable router.
| bityard wrote:
| I essentially have a foot in both camps... I like having
| the control and autonomy of open-source networking hardware
| but I don't have enough spare time to make it a full-on
| hobby. Right now my "happy spot" is:
|
| 1. An OPNSense firewall between my cable modem and the rest
| of the network running on a low-power PC Engines APU2. The
| web-based UI is funky but workable, full SSH access to the
| box for digging into the internals when needed, online
| upgrades are a cinch.
|
| 2. An 8-port gigabit unmanaged switch that everything hangs
| off of.
|
| 3. A Netgear WAX218 business-grade access point for wifi,
| running the stock firmware. Web UI is decent and doesn't
| require any cloud-based management bullshit. For around
| $100, it works much better than it has any right to, given
| the prices of mid-range APs and wifi routers these days.
|
| 4. A small fleet of Raspberry Pis for miscellaneous tasks.
|
| If I get more into IoT, it shouldn't be much of a hassle to
| add VLANs and maybe another switch.
| jon-wood wrote:
| Unless you're really into managing a small fleet of
| devices for basic functionality I'd highly recommend
| replacing them with a single Intel NUC or similar. I did
| the same after one too many SD card failures and was very
| happy with the results - you get a significantly more
| powerful server for a power footprint about the same as
| all the horribly inefficient USB power adapters running a
| bunch of Pis.
| fishtacos wrote:
| That sounds like a good "happy spot" and doesn't veer in
| hobby territory IMO. More like an interest.
|
| In retrospect, I lied a bit about not missing pfSense (or
| OPNSense in your case) because truthfully I miss the
| monitoring, packages, configuration and expandability
| options. At the same time, I also don't miss them,
| because 0 headaches and actually better latency is still
| a plus. Just need to login to that god awful ATT
| interface to open up a port, but these are 1st world
| problems... there's always VPNs and cloud VPS to fix
| that.
| Tepix wrote:
| Are Fritz!Boxes available in the US? They're built by AVM (a
| german brand) and are pretty neat if you want something that's
| secure, supported for a long time and easy to configure. Add
| some of their wireless repeaters for coverage via mesh
| networking and you'll have a guest wifi available everywhere
| and all is well.
| danieldk wrote:
| Same, I have used Fritz!Boxes for years, they are reliable,
| get updates and are quite configurable. The labs version even
| has Wireguard support now (they had IPsec before).
| blibble wrote:
| I had one of these boxes and found it to be beyond
| infuriating
|
| I would set up something simple like port-forwarding to a
| static IP and test that it worked
|
| then I'd come back a few days later to use it and found the
| router had helpfully changed the IP to another one
|
| and this happened with several different features (IPv6,
| DHCP, etc)
|
| I replaced it with a much cheaper Mikrotik box and that's
| worked flawlessly ever since
|
| I would not recommend the Fritzbox to my worst enemy
| danieldk wrote:
| If you select a host in the network overview, there is an
| option _Always assign this network device the same IPv4
| address_. If you tick that the address never changes. Also
| in modern Fritz!Boxes port forwarding is associated with a
| particular host, so I think it also works without the
| static assignment enabled?
|
| Anyway, I have logged on to my headless GPU machines
| remotely through port forwarding for years and never had an
| issue.
| nerdile wrote:
| In the US when a device is "on the fritz" it is failing
| intermittently, and the classical solution is to smack it
| firmly until it works. I suppose a Fritzbox might be
| perpetually on the fritz.
| petesergeant wrote:
| My home cactus garden has an _unnecessary number_ of cacti in
| it, as compared to the average home. I also expend _unnecessary
| calories_ when hiking to places _I don 't need to go_.
|
| (edit: admittedly the five or six times I've setup a home
| network more complicated than just connecting to a router I've
| ended up regretting it after a few months)
| tinus_hn wrote:
| Sometimes I even just walk in a big circle and end up where I
| started! What a waste of time!
|
| Building my home network though is teaching me IPv6.
| atomt wrote:
| Direct hit to the heart *cries in BGP and big enterprise
| switches*
| bavent wrote:
| Do you not have any hobbies? I find this to maybe not be
| practical, but that's not the point of it.
| rejectfinite wrote:
| One thing to takeaway is that wired is so much better than wifi.
|
| At home I am just using the ISP router but I have my work
| laptop,desktop, consoles and TV wired with ethernet and it is
| amazing compared to wifi. No more dropouts, random ping
| spikes/lag etc.
|
| Just ISP router with 4 gigabit ports + one Netgear GS108 dumb
| gigabit switch.
| shanebellone wrote:
| I love that you modified a piece of furniture. I plan to do
| something similar with a rolltop desk.
| pantalaimon wrote:
| No IPv6?
| zeagle wrote:
| I always enjoy reading about these but man that is a lot of work
| to set up even if maintenance is simple. Ubiquiti has lost trust
| but to their credit even a simple UDM base (that is not connected
| to the cloud) can do VLANs with another device running
| pihole/wireguard works great. You even could run the pihole on
| device with podman and use their baked in VPN.
| rrosen326 wrote:
| I'd like to plug Ubiquiti also. I'm not a networking guy and I
| just want my network to work. I don't want to worry about it or
| try to guess am I having problems due to Comcast or my home
| network setup.
|
| Switching to Ubiquiti, from high-end Asus gear, has been
| awesome. Everything just works. Networking is now a non-issue,
| and when my wife tells me the "internet isn't working", I can
| respond, "it's not my fault!"
|
| That's worth the cost to me.
| neoromantique wrote:
| +1
|
| I heard some horror stories with new ubiquiti gear, but my
| ERPoE router has been serving me gbit and PoE for AP since
| 2016 and 0 issues, it even handles WireGuard using some
| hoops.
| justinlloyd wrote:
| Not the way I went on my home network, but still a good write-up.
| Always like reading and seeing how people solve problems that go
| beyond "I bought a 42U rack and installed it in my basement."
|
| I'm going to steal the idea of the Raspberry Pi on the phone
| stand idea, especially when just hacking around with an SBC at my
| desk.
|
| I would recommend replacing all those USB power adapters with
| just one or two dedicated USB power adapters. Can recommend the
| six-port 60W model by Anker that will happily run all those
| devices you have, and then some.
| giobox wrote:
| You can add PoE (Power over Ethernet) to the Pi 4 or Pi 3B+
| pretty cheaply (10-15 dollar hat), and avoid the USB power
| supply altogether. Not strictly necessary, but makes the wiring
| so much simpler/cleaner as just one single ethernet cable doing
| power and data, and you can expand into other neat PoE
| solutions. My Pi cluster is powered by my ethernet switch
| alone.
|
| It makes wiring a UPS into the system really easy too - just
| have backup power on the ethernet switch, the downstream Pis
| are taken care of. I'd love if the Pi 5 just has PoE out of the
| box personally, I run all my Pi projects this way now.
| HeYmaney wrote:
| > I'm going to steal the idea of the Raspberry Pi on the phone
| stand idea, especially when just hacking around with an SBC at
| my desk.
|
| Yeah me too! What model of stand is it tho? and how would you
| keep them attached? Looking at the pictures it seems different
| from one pi to another.
| Aloha wrote:
| This looks really super interesting!
|
| I'm gonna check out grafana, it looks significantly slicker than
| Cacti.
|
| I ended up with a significantly more complex home network than I
| ever expected -
|
| 2 48 Port HPE 1820's 1 24 Port PoE HPE 1820's
|
| All of these are linked with 2 1 GBE links in Port Channel
|
| TP-Link Managed Wifi AP's with controller (I wanted roaming
| support, and PoE support)
|
| Mikrotik HEx Router also linked in Port Channel to one of the
| core switches (I'd like to get multiple bonds set up, thats the
| intent, but I've had trouble making it play nice with rSTP - I
| think its an issue with my MikroTik Config, but its so poorly
| documented, its hard to say)
|
| For places where I have lots of port needs where I was unable to
| pull a ton of cable -
|
| 3 24 Port HPE 1810's (2 of these connect back to the Core
| Switches with port-channels) 1 8 Port HPE 1810 (PoE powered)
|
| The 1810/1820's are great, because they do not have cloud
| management, are fanless (PoE notwithstanding), and are easy to
| configure (no weird specific CLI to learn/no poorly implemented
| copy of Cisco IOS UI) via a web interface. Their lack of 10g
| support is annoying, but also worth the price savings.
|
| From a VLAN perspective, I have six - one for my external
| netblock (which is just a pass thru from the cable gateway), and
| another for my internal LAN, plus two additional VLAN's for my
| home work lab, and another two for 'utility' which is to say, I
| built them in, but have not found a use for them yet ;-)
|
| There is also a cacti server in a VM, I need to rebuilt it
| eventually so I have better instrumentation.
| jaclaz wrote:
| >Wiring
|
| A word of warning, it must be said that you shouldn't have a
| "normal" data cable in the same conduit as mains.
|
| With CAT 6 cable you won't have transmission/interference
| problems, but still it is not allowed by code, unless the network
| cable is of the type insulated up to 400V, marked with "CEI-UNEL
| 36762 C-4 (U0=400V)", see (italian):
|
| https://fibra.click/cavi/#coesistenza-con-cavi-in-tensione
|
| https://www.cavel.it/it/supporto-tecnico/certificazioni/coes...
| wkat4242 wrote:
| If Italy is anything like Spain nobody gives a crap about
| building code stuff.
|
| When I moved into my apartment it had just been "certified" by
| an electrician which took a week. There were outlets without
| covers on them. Exposed live stripped wires hanging in the
| hallway. Ground wire to the breaker box but not actually
| connected to the rest of the house. Exposed terminal blocks
| hanging everywhere. I doubt this "professional" even bothered
| to visit the place and just cashed a royal fee to sign the
| paperwork.
|
| It's a total joke. If this crap gets "certified" then a DC
| cable beside an AC one In a conduit is really no issue :)
| eldaisfish wrote:
| Please don't call certification a joke and diminish its
| value.
|
| If you see clearly illegal things, report them. The person
| doing the certification can have their license revoked.
|
| Things aren't always ideal but please don't turn this into a
| laughing matter.
| [deleted]
| fuzzybear3965 wrote:
| Maybe he did report them and maybe their license wasn't
| revoked. He's only repeating a joke that the electrician
| and the certification committee told him. I wouldn't blame
| the victim, here.
| giuliomagnifico wrote:
| Yes, I know and you're right but it's only a short path (about
| 2 meters), and it's the only way I found to get through the
| cable from a room to another. Anyway I haven't terminated the
| cable with the wall jack, the cable is going out of the wall
| "intact", this should be a bit safer.
| kjs3 wrote:
| You might want to check if that out of code solution could
| invalidate your homeowners insurance policy. It sure can in
| the US.
| bombcar wrote:
| Especially now that it's publicly available on the
| internet. And yes, the fire investigators for home
| insurance DO check things like that.
| NegativeLatency wrote:
| Sounds like a good excuse to run a bit of fiber
| jaclaz wrote:
| Sure, and as said you won't likely have any issue, and maybe
| - without knowing - you actually used a U0=400V cable, the
| norm is 2010 or so if I recall correctly, so I believe that
| most Cat 6 cables in commerce are nowadays certified for that
| use.
| giuliomagnifico wrote:
| Just checked, and I see only EIA/TIA 568B.2 ISO/IEC 11801
| EN501
| sschueller wrote:
| You can with fiber and it is allowed. I used these special
| plates[1] in my setup[2] that are meant to be run in the same
| conduit as power. Switzerland is quite strict with electrical
| codes so I was surprised when I found out I could do this.
|
| [1] https://www.youtube.com/watch?v=ARSpp4B9-X4
|
| [2] https://sschueller.github.io/posts/wiring-a-home-with-
| fiber/
| sn0wf1re wrote:
| Glass and plastic don't conduct electricity.
| tucosan wrote:
| Can you please elaborate? Sadly your linked document is in
| Italian, which poses a language barrier for most of the
| community here.
| jaclaz wrote:
| Until that norm (as said I believe around 2010 or so) you
| could NOT mix low voltage (and signal) cables with mains
| (220V-240V AC usually) within a same conduit.
|
| The new norm allows this mixing as long as the low voltage
| cables are certified as having insulation for 400 V.
|
| Still you cannot strip the cable (i.e. you cannot put a
| terminator/receptacle) in the same box as mains.
|
| The code is mainly about electrical safety, it doesn't
| consider the possibility of interference, that is "your"
| problem (but shielded cables give no problems in practice).
| bombcar wrote:
| Two problems - mains lines could come in contact with the
| data lines which would then transmit power to things
| connected to them (or burn up). Fiber won't do this because
| it doesn't transmit.
|
| And the second is that mains lines are AC and could introduce
| noise into the wired lines - again, fiber isn't susceptible
| to this.
| cptskippy wrote:
| The National Electric Code in the US has similar provisions:
|
| > 300.3
|
| > (C) Conductors of Different Systems.
|
| > (1) 600 Volts, Nominal, or Less. Conductors of ac and dc
|
| > circuits, rated 600 volts, nominal, or less, shall be
| permitted
|
| > to occupy the same equipment wiring enclosure, cable, or
|
| > raceway. All conductors shall have an insulation rating
|
| > equal to at least the maximum circuit voltage applied to
| any
|
| > conductor within the enclosure, cable, or raceway.
|
| Basically idea is to prevent a low/less voltage cable from
| potentially being energized by a higher voltage cable. It
| would suck to strip the ends off your CAT6 and discover it's
| been energized to 240v.
| m463 wrote:
| My home network has a few differences that might be interesting:
|
| I run openwrt on some mikrotik switches. I started with a
| mikrotik rb750 switch, then switched to rb2011 switches (5x
| 10/100/1000 + 5x 10/100 ports), and now two rb3011uias-rm 10-port
| gbit switches.
|
| the openwrt rb3011 build comes from
| https://github.com/adron-s/openwrt-rb3011
|
| I also run openwrt on a turris omnia and a linksys wrt1900acs.
|
| I use raspberry pis for a few things, notably standalone ntp time
| via a few cheap usb gps dongles. One pi does time exclusively and
| runs openwrt with a gps hat with pps + a pi ups hat. I like the
| flirc pi cases - they are cheap, beefy and have great thermals.
| imiric wrote:
| Why do you prefer OpenWrt over RouterOS on the Mikrotik
| switches?
|
| I recently upgraded to a CRS326-24S+2Q+RM, and the experience
| with RouterOS feels much better compared to OpenWrt. Winbox is
| super polished, everything is well laid out, and it makes even
| advanced configuration very easy.
|
| I do run OpenWrt on a few APs, and it works fine for that
| simple use case, but for anything more advanced, I prefer
| RouterOS. Sure, it's not open source, and not as extensible to
| allow you to run a bunch of services on it, but those can run
| on any other server just as well.
| simplyaccont wrote:
| last time i checked, CRS3xx not really supported by openwrt.
| imiric wrote:
| My point is that the experience of RouterOS is much better
| than OpenWrt, so I'm curious why someone would choose to
| run OpenWrt on Mikrotik switches.
| balls187 wrote:
| What I find interesting and impressive
|
| 1) your photography
|
| 2) your HN account is ~3 years old, with 33k karma.
| giuliomagnifico wrote:
| Ahah thanks...but I spent lots of time in writing this article
| =)
| Topgamer7 wrote:
| The link for a grafana chart full image doesn't work:
|
| https://giuliomagnifico.blog/_images/2023/home-network_v4/Sc...
| vs https://giuliomagnifico.blog/_images/2023/home-
| network_v4/Sc...
| giuliomagnifico wrote:
| Fixed, thanks!
| ezfe wrote:
| Why is the 100 Mbps port an issue on a device that can never do
| more than a single video stream. Why _should_ the TV manufacturer
| spend more money on that part?
| noahtallen wrote:
| For one, it's dirt cheap to add what's basically standard
| everywhere else. These can be expensive consumer devices and I
| don't like seeing sacrifices when it's completely unnecessary
| to sacrifice speed here. WiFi is also faster, so TVs can handle
| the speed.
| giuliomagnifico wrote:
| First because a TV can last 10 years and have a 1000mbps port
| will be the minimum.
|
| Second because when you send "something" to the TV like 60mpx
| photos, using a 100mbps port is slower.
|
| Now a TV is also a home hub, not only a Television. And in the
| next years the 100mbps will be obsolete very fast.
| bombcar wrote:
| But if the internal storage of the TV (or the processor)
| can't handle above 100Mb/s it'll never practically matter.
|
| I've seen more devices that have a GB port and can't do
| anything useful with it than (I suspect) the other way
| around.
|
| That said, I've never even checked to see what speed my TV
| connects at.
| wolrah wrote:
| > But if the internal storage of the TV (or the processor)
| can't handle above 100Mb/s it'll never practically matter.
|
| UHD Blu-Rays already exceed 100mbit/sec. That is current
| commercially distributed consumer content that requires
| gigabit to stream properly over a network.
|
| Any 4K capable smart TV or streaming device should have a
| gigabit ethernet interface, no questions asked. 1080p
| devices, sure, they can get away with 100mbit just fine,
| but 4K devices have no excuse.
|
| The fact that LG still to this day ships OLED TVs with
| potentially five digit price tags and 100mbit ethernet
| ports is a level of cheapness that I can not fathom.
|
| And they handle gigabit just fine, you can plug a USB
| gigabit adapter in to the TV and it works entirely as
| expected.
| mkipper wrote:
| I've never dug deep into this, but the normal argument is that
| it's possible to saturate a 100Mbps link with a single 4K Blu-
| ray stream. Even if most people will never hit that limit, it
| would be nice for a top of the line 4K TV to support "normal"
| (for some media-savvy folks) 4K streams.
|
| But that's not a very compelling argument on its own, since the
| Ethernet link is just one link in the chain. Having a gigabit
| port doesn't help much if the TV can't handle decoding video at
| those bitrates in real time. It's definitely possible that TV
| manufacturers choose 100Mbps ports because they know the TV
| can't deal with huge streams for other reasons.
|
| It's an interesting situation for the manufacturers. Even if
| 99.9% of buyers will never see streams above 100Mbps, and even
| if that other 0.1% can't effectively use them, it might be
| worth it to bump the port to gigabit since complaints about
| 100Mbps ports come up so often in reviews and in online
| discussions. Maybe throwing in a borderline useless gigabit
| port would generate enough sales to justify the marginal BOM
| cost increase.
___________________________________________________________________
(page generated 2023-02-09 23:00 UTC)