Basic consideration - completely new infrastructure

Hello,

I am currently planning my new IT structure as the house is getting more and more finished.

The following structure is my plan:

  1. ONT - Telecom fiber optics (500Mbit / 100Mbit)
  2. Nethserver (red)
  3. Switch (2 green - bonding)

Hang on the switch:
AccessPoints (VLAN 2)
DECT base (VLAN 4)
Multimedia (VLAN 6)
Workstation computer (VLAN8)

My Nethserver provides the following services:

  • FireWall
  • File sharing
  • VPN
  • Database
  • Mail
  • WebSite

I have the following load drivers :wink:
6 users
2 VPN users
4 client computers
2 domains
8 Sonos music boxes

I’m still thinking about whether it makes sense to use a hardware router between the 1st and 2nd (e.g. TPLINK TL-R605)

Does it make sense?

greetings
Gerald

I don’t see an obvious reason to do that (and if I did, I’d recommend pfSense or OPNsense). What makes you suspect you may need one?

1 Like

@gerald_FS

Hi Gerald

Overflying your initial concept, as presented above, it does make sense. At least in the sense of what you’re trying to achieve.

A few major caveats, from my vantage point:

  • No virtualization!

This is 2021, “native” installs for Servers is not recommended anymore for a couple of years…
You have no means of making snapshots before critical updates / upgrades. No option of independent backups / fast disaster recovery…

  • You have 6 users, anything goes wrong with your NethServer and you will not have any Internet to repair / diagnosis the issue. You will have 6 upset users at home, and a very low rating concerning WAF (Wife acceptancy factor). Don’t forget: Sh*t happens when you need it least!

  • An overly complex network handling involving 8 vLans - for what seems like an extended home environment. I’ve seen a lot of such plans, people getting imaginative with vLANs after hearing about the possibility.

Reality: vLANs for VoIP may make sense, in corporate environments the vLAN idea is often not tenable, due to CTI issues - and CTI is much used in the corporate environment.

Another issue is Media. It may make sense to think about seperating Media Streaming from LAN traffic, but most Home Systems, no matter if from Apple or Google, prefer having it all in one net. I think this requirement comes from the Music labels themselves, for Copyright reasons. If in a different network, Apple Airplay will not work, and DLNA, used by Google, will have it’s issues. Putting in a MDNS repeater for Apple, or something similiar for Google’s DLNA kinda defeats the idea of seperation…

Sonos should work, as should eg Spotify. But streaming via LAN - Media may have issues, when not using the Sonos framework…

Remarks / Notes

I’d suggest using Proxmox (A lot of the known users here use Proxmox as virtualization platform).
A dedicated, virtualized NethServer running there would give you a much higher availability…

I personally use OPNsense, mostly hardware boxes by PCengines, for my clients as most in Switzerland want a dedicated firewall, nothing else… These boxes cost about USD $150 with 4 NICs, Quad Core and a 120 GB SSD…

My 2 cents
Andy

Yet another reason to handle it all yourself with something like Plex/Emby/Jellyfin.

@danb35

Plex is too much “Cloud” / Centralized Server for my liking, while it does work well.
I use KODI (on Raspberry) as Media Center, local storage on NAS…

Media even when Internet is interrupted! :slight_smile:

My 2 cents
Andy

1 Like

I have to admit that’s getting annoying. All I want it to do is give me my media, on my device, wherever that device may be. But you can mostly turn off the cloud stuff, and you don’t even need to have a Plex account to use it. But still, if that’s a concern, there are other options that are perfectly willing to send your media to a different network.

But I’m inclined to agree that the multiple VLANs proposed here are probably not necessary. I have one tagged VLAN at home, for all the IoT devices–so they can’t access my LAN resources. Everything else–VoIP phones, security cameras, access points, and of course computers–are on the default VLAN.

1 Like

i use serviio at my house it is free for the most part but i did pay for the onetime subscription to enable automatic encoding

Good Morning!

Thank’s for the Tipps.

Ie. You recommend me to set up the server based on Proxmox so that you can take snapshots - otherwise I don’t see any further advantage so far.
To date, data backup has also been running on a separate NAS via the network.

Well then I’ll test the one to see if my knowledge and skills are sufficient.

Although I have to say that I was incredibly lucky that I still needed a backup :slight_smile:

Is it even enough for my hardware to be respected?

Processor J5040 (10W TPD)
RAM 16GB
Hard disks in total 4 pieces (2x500GB + 2x3TB - 2x Raid1)
Intel Pro NIC / PT

OK, I will reconsider the 4 VLAN, think it will be less then.

greetings
Gerald

Addendum:
yes - I don’t use server hardware but small energy-saving boards (~ 10Watt) and conventional hard drives that are certified for 24/7 operation.
So far, everything has always worked in the private and professional environment.
My ASrock J1900 has been running for five years without any problems worth mentioning.
Most of the time they were self-caused by my stupidity :wink:

This is my counter-hints…
AccessPoints
vLan4 “domestic” devices
vLan5 “foreign/guests” devices
DectBase + Workstation computer vLan 6
Multimedia vLan 7

Do you have other IoT/Home automation devices? They might be into vLan 7 too, or into a “services” vLan only for accessory, or connect them to the same vLan for foreign/guests.

With a 500/100 internet connection, IMVHO bonding of 2 green interfaces might be a little overkill, unless you’re not using heavily nethserver as a fileserver (more than 5 users, continuous use of data from SMB shares)

If this is happening, maybe a 10GBe connection between NethServer and switch might be a more expensive but also more future-proof setup.

Edit. I’m dumb. Did not noticed about the processor. Maybe exceeding in vLAN number might lead to a too much overhead.
Nevertheless, i still recommend to consider a IoT/guest vLAN only, especially for wireless access.
Also, if you’re experiencing some “visitors” like unknown/maybe with viruses computer, a wired access might be useful too.