Jump to content

Fibre internet setup for new house

xmuffin32
 Share
Posted

Hi,

 

I'm wondering if it is possible to 'split' an incoming internet/fibre connection into four seperate SSIDs? Basically I'm building four new houses, three of which will be rented out (I'll live in the fourth one). Would it be feasible to have one fibre connection come in to my server room in my house then split up to the other houses w/ seperate SSIDs, passwords and such (also traffic monitoring/bandwidth ? Planning to wire up the homes with cat5e. Looking into ubiquiti products to manage all of this, including security cameras. Im thinking it would be a disaster to have four different incoming connections vs having only one fibre connection coming in and then splitting it up.

 

Thanks.

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
46 minutes ago, xmuffin32 said:

Hi,

 

I'm wondering if it is possible to 'split' an incoming internet/fibre connection into four seperate SSIDs? Basically I'm building four new houses, three of which will be rented out (I'll live in the fourth one). Would it be feasible to have one fibre connection come in to my server room in my house then split up to the other houses w/ seperate SSIDs, passwords and such (also traffic monitoring/bandwidth ? Planning to wire up the homes with cat5e. Looking into ubiquiti products to manage all of this, including security cameras. Im thinking it would be a disaster to have four different incoming connections vs having only one fibre connection coming in and then splitting it up.

 

Thanks.

 

Technically you could hand each of the renters just a /24 subnet eg: 192.168.X.0/24. For non-techie renters that should suffice. The only problem I see is that the renters will either have double NAT (so potentially blocking some services) or they answer to you as their full-on ISP.

 

Btw, SSID's are just wireless networks. AP's like Ubiquity's Unify are IIRC capable of broadcasting multiple SSID's for different networks. You really shouldn't have 2 independent parties (you and a renter eg) on the same subnet. This will cause various security problems such as: You seeing their devices in your network list, A rather small IP range for each (254 / 4 =~ 63 IP's for each) as well as you needing quite a beefy router to maintain all the states. 

 

That time I saved Linus' WiFi pass from appearing on YouTube: 

A sudden Linus re-appears : http://linustechtips.com/main/topic/390793-important-dailymotion-account-still-active/

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
18 minutes ago, MrKickkiller said:

Technically you could hand each of the renters just a /24 subnet eg: 192.168.X.0/24. For non-techie renters that should suffice. The only problem I see is that the renters will either have double NAT (so potentially blocking some services) or they answer to you as their full-on ISP.

 

Btw, SSID's are just wireless networks. AP's like Ubiquity's Unify are IIRC capable of broadcasting multiple SSID's for different networks. You really shouldn't have 2 independent parties (you and a renter eg) on the same subnet. This will cause various security problems such as: You seeing their devices in your network list, A rather small IP range for each (254 / 4 =~ 63 IP's for each) as well as you needing quite a beefy router to maintain all the states. 

 

 

Thanks for the reply. Subnets are indeed a good idea, but could you elaborate on the double NAT? What about seperating the network into seperate VLANs, since I am considering isolating the security cameras as well. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
45 minutes ago, xmuffin32 said:

 

Thanks for the reply. Subnets are indeed a good idea, but could you elaborate on the double NAT? What about seperating the network into seperate VLANs, since I am considering isolating the security cameras as well. 

Double NAT: There are two scenarios we could go with here.

A. Each house has it's own router, and that router hooks up to your server and to the fiber.
    House Router -  Main router - Fiber connection

    House Router /

    House Router /

    House Router /

 

   On each router you're probably gonna have NAT, so that 1 IP (in this case internal) adress can be used for a whole house. 

   Problem is that some services don't play well with double nat, because of all the port-fuckery happening. (Or atleast that's how it used to be)

 

B. 1 main router and then have it route traffic to switches that will further direct traffic.

cascade_ok.gif

comparable to the above graphic. The internet balloon/cloud is your fiber. The router would live in your server room/closet. Each property would have its own Ethernet (Gigabit at minimum, otherwise your fiber connection would be severely throttled) or perhaps small Fiber build out that connects to your router. Each group of yellow computers and switch above that would reside in the individual properties.

 

Scenario A basically shares about the same diagram but in between the black router (with fiber connection) there 'd be another router (To each property). This should allow for more strict control given to each of your tenants. If Person A wanted to block / change setting XYZ, he can. With scenario B, he would have to consult you and the change would apply to all tenants.

-------------------------

VLAN's: I'm not fully knowledged about VLAN's, but in my mind it's basically the same as splitting a big subnet into smaller individual subnets, while still only having 1 cable from the router to the VLAN capable switch. And then according to routes you specify specific VLAN can talk on specific ports etc

That time I saved Linus' WiFi pass from appearing on YouTube: 

A sudden Linus re-appears : http://linustechtips.com/main/topic/390793-important-dailymotion-account-still-active/

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 hour ago, MrKickkiller said:

Double NAT: There are two scenarios we could go with here.

A. Each house has it's own router, and that router hooks up to your server and to the fiber.
    House Router -  Main router - Fiber connection

    House Router /

    House Router /

    House Router /

 

   On each router you're probably gonna have NAT, so that 1 IP (in this case internal) adress can be used for a whole house. 

   Problem is that some services don't play well with double nat, because of all the port-fuckery happening. (Or atleast that's how it used to be)

 

B. 1 main router and then have it route traffic to switches that will further direct traffic.

cascade_ok.gif

comparable to the above graphic. The internet balloon/cloud is your fiber. The router would live in your server room/closet. Each property would have its own Ethernet (Gigabit at minimum, otherwise your fiber connection would be severely throttled) or perhaps small Fiber build out that connects to your router. Each group of yellow computers and switch above that would reside in the individual properties.

 

Scenario A basically shares about the same diagram but in between the black router (with fiber connection) there 'd be another router (To each property). This should allow for more strict control given to each of your tenants. If Person A wanted to block / change setting XYZ, he can. With scenario B, he would have to consult you and the change would apply to all tenants.

-------------------------

VLAN's: I'm not fully knowledged about VLAN's, but in my mind it's basically the same as splitting a big subnet into smaller individual subnets, while still only having 1 cable from the router to the VLAN capable switch. And then according to routes you specify specific VLAN can talk on specific ports etc

Thanks. I'm guessing scenario b would be much easier to implement than a, but then again a would me more ideal for tenants... Tough choice haha

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Are you going to provide the routers or are you going to have the tenants provide the routers?

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Another option is to get a business grade connection with multiple static IPs, then instead of a router being connected to the ISP you connect a switch, and each router gets connected to that switch and assigned a public IP address. Its a bit overkill in terms of solutions to the problem, but it is simpler than other solutions in terms of setup. And the cost of the internet when split over 4 parties would still be cheaper than if each house bought its own internet connection.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Use a business grade router at your place and setup the renter houses so they each get a VLAN. 

Can Anybody Link A Virtual Machine while I go download some RAM?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 hours ago, brwainer said:

Another option is to get a business grade connection with multiple static IPs, then instead of a router being connected to the ISP you connect a switch, and each router gets connected to that switch and assigned a public IP address. Its a bit overkill in terms of solutions to the problem, but it is simpler than other solutions in terms of setup. And the cost of the internet when split over 4 parties would still be cheaper than if each house bought its own internet connection.

I completely agree, a /29 subnet from the ISP would give you 5 usable IP addresses. This way if you're using a managed switch you can setup ACLs for each port to each house so nobody can steal a different IP address on that subnet than you assigned to them. This way, if any issues arise with one party doing something illegal, it can be isolated from the other parties, not to mention that each party can now manage their own router, making port forwarding easier for them to do versus a double NAT. The only problem I could see is QOS issues with using a switch, where one party can steal more bandwidth and slow other parties down-- you could fix that with a router (without NAT) and a /29 and a /30 from the ISP (but that's probably not necessary in a residential environment with only 4 houses).

My Build : AMD Ryzen 9 3950X - Asus Strix X570-E - 64GB G.Skill Trident Z Neo

- Gigabyte RTX 3080 Ti - 2TB Samsung 970 Evo Plus SSD - Corsair AX860i Power Supply

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
28 minutes ago, Cree340 said:

I completely agree, a /29 subnet from the ISP would give you 5 usable IP addresses. This way if you're using a managed switch you can setup ACLs for each port to each house so nobody can steal a different IP address on that subnet than you assigned to them. This way, if any issues arise with one party doing something illegal, it can be isolated from the other parties, not to mention that each party can now manage their own router, making port forwarding easier for them to do versus a double NAT. The only problem I could see is QOS issues with using a switch, where one party can steal more bandwidth and slow other parties down-- you could fix that with a router (without NAT) and a /29 and a /30 from the ISP (but that's probably not necessary in a residential environment with only 4 houses).

Yeah, I think this would be the ideal solution, however I don't think any ISPs are currently offering multiple static addresses in my area i'm afraid (Bangkok, Thailand).

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×