Basic consideration - completely new infrastructure

Chat
1

Hello,

I am currently planning my new IT structure as the house is getting more and more finished.

The following structure is my plan:

  1. ONT - Telecom fiber optics (500Mbit / 100Mbit)
  2. Nethserver (red)
  3. Switch (2 green - bonding)

Hang on the switch:
AccessPoints (VLAN 2)
DECT base (VLAN 4)
Multimedia (VLAN 6)
Workstation computer (VLAN8)

My Nethserver provides the following services:

  • FireWall
  • File sharing
  • VPN
  • Database
  • Mail
  • WebSite

I have the following load drivers :wink:
6 users
2 VPN users
4 client computers
2 domains
8 Sonos music boxes

Iā€™m still thinking about whether it makes sense to use a hardware router between the 1st and 2nd (e.g. TPLINK TL-R605)

Does it make sense?

greetings
Gerald

2

I donā€™t see an obvious reason to do that (and if I did, Iā€™d recommend pfSense or OPNsense). What makes you suspect you may need one?

1 Like
3

@gerald_FS

Hi Gerald

Overflying your initial concept, as presented above, it does make sense. At least in the sense of what youā€™re trying to achieve.

A few major caveats, from my vantage point:

  • No virtualization!

This is 2021, ā€œnativeā€ installs for Servers is not recommended anymore for a couple of yearsā€¦
You have no means of making snapshots before critical updates / upgrades. No option of independent backups / fast disaster recoveryā€¦

  • You have 6 users, anything goes wrong with your NethServer and you will not have any Internet to repair / diagnosis the issue. You will have 6 upset users at home, and a very low rating concerning WAF (Wife acceptancy factor). Donā€™t forget: Sh*t happens when you need it least!

  • An overly complex network handling involving 8 vLans - for what seems like an extended home environment. Iā€™ve seen a lot of such plans, people getting imaginative with vLANs after hearing about the possibility.

Reality: vLANs for VoIP may make sense, in corporate environments the vLAN idea is often not tenable, due to CTI issues - and CTI is much used in the corporate environment.

Another issue is Media. It may make sense to think about seperating Media Streaming from LAN traffic, but most Home Systems, no matter if from Apple or Google, prefer having it all in one net. I think this requirement comes from the Music labels themselves, for Copyright reasons. If in a different network, Apple Airplay will not work, and DLNA, used by Google, will have itā€™s issues. Putting in a MDNS repeater for Apple, or something similiar for Googleā€™s DLNA kinda defeats the idea of seperationā€¦

Sonos should work, as should eg Spotify. But streaming via LAN - Media may have issues, when not using the Sonos frameworkā€¦

Remarks / Notes

Iā€™d suggest using Proxmox (A lot of the known users here use Proxmox as virtualization platform).
A dedicated, virtualized NethServer running there would give you a much higher availabilityā€¦

I personally use OPNsense, mostly hardware boxes by PCengines, for my clients as most in Switzerland want a dedicated firewall, nothing elseā€¦ These boxes cost about USD $150 with 4 NICs, Quad Core and a 120 GB SSDā€¦

My 2 cents
Andy

4

Yet another reason to handle it all yourself with something like Plex/Emby/Jellyfin.

5

@danb35

Plex is too much ā€œCloudā€ / Centralized Server for my liking, while it does work well.
I use KODI (on Raspberry) as Media Center, local storage on NASā€¦

Media even when Internet is interrupted! :slight_smile:

My 2 cents
Andy

1 Like
6

I have to admit thatā€™s getting annoying. All I want it to do is give me my media, on my device, wherever that device may be. But you can mostly turn off the cloud stuff, and you donā€™t even need to have a Plex account to use it. But still, if thatā€™s a concern, there are other options that are perfectly willing to send your media to a different network.

But Iā€™m inclined to agree that the multiple VLANs proposed here are probably not necessary. I have one tagged VLAN at home, for all the IoT devicesā€“so they canā€™t access my LAN resources. Everything elseā€“VoIP phones, security cameras, access points, and of course computersā€“are on the default VLAN.

1 Like
7

i use serviio at my house it is free for the most part but i did pay for the onetime subscription to enable automatic encoding

8

Good Morning!

Thankā€™s for the Tipps.

Ie. You recommend me to set up the server based on Proxmox so that you can take snapshots - otherwise I donā€™t see any further advantage so far.
To date, data backup has also been running on a separate NAS via the network.

Well then Iā€™ll test the one to see if my knowledge and skills are sufficient.

Although I have to say that I was incredibly lucky that I still needed a backup :slight_smile:

Is it even enough for my hardware to be respected?

Processor J5040 (10W TPD)
RAM 16GB
Hard disks in total 4 pieces (2x500GB + 2x3TB - 2x Raid1)
Intel Pro NIC / PT

OK, I will reconsider the 4 VLAN, think it will be less then.

greetings
Gerald

Addendum:
yes - I donā€™t use server hardware but small energy-saving boards (~ 10Watt) and conventional hard drives that are certified for 24/7 operation.
So far, everything has always worked in the private and professional environment.
My ASrock J1900 has been running for five years without any problems worth mentioning.
Most of the time they were self-caused by my stupidity :wink:

9

This is my counter-hintsā€¦
AccessPoints
vLan4 ā€œdomesticā€ devices
vLan5 ā€œforeign/guestsā€ devices
DectBase + Workstation computer vLan 6
Multimedia vLan 7

Do you have other IoT/Home automation devices? They might be into vLan 7 too, or into a ā€œservicesā€ vLan only for accessory, or connect them to the same vLan for foreign/guests.

With a 500/100 internet connection, IMVHO bonding of 2 green interfaces might be a little overkill, unless youā€™re not using heavily nethserver as a fileserver (more than 5 users, continuous use of data from SMB shares)

If this is happening, maybe a 10GBe connection between NethServer and switch might be a more expensive but also more future-proof setup.

Edit. Iā€™m dumb. Did not noticed about the processor. Maybe exceeding in vLAN number might lead to a too much overhead.
Nevertheless, i still recommend to consider a IoT/guest vLAN only, especially for wireless access.
Also, if youā€™re experiencing some ā€œvisitorsā€ like unknown/maybe with viruses computer, a wired access might be useful too.