Network layout showoff

[brwainer]

4 hours ago, RicenShine said:

Noob: why is there so many DNS? Isn't one enough?

The tone/meaning of this question is unclear. Was this a rhetorical question, presented from the perspective of a noob, as an inside joke for people who know the answer? Or is this a serious question that you are asking as a noob?

[RicenShine]

52 minutes ago, brwainer said:

The tone/meaning of this question is unclear. Was this a rhetorical question, presented from the perspective of a noob, as an inside joke for people who know the answer? Or is this a serious question that you are asking as a noob?

Serious question from noob

[brwainer]

1 hour ago, RicenShine said:

Serious question from noob

If you only have one DNS and it goes down, then the computers using it are effectively offline completely. So inside a private network you should always run two DNS servers - and if Active Directory or similar is being used, you want more than one domain server anyway, because like backups “two is one and one is none”.

 

Outside of a private network, or even for some very large companies, a specific DNS IP, like 8.8.8.8 for Google, doesn’t actually go to a single server but rather to dozens or hundreds or thousands of servers across the globe, using a method called Anycast. This is partially for redundancy purposes, but also to decrease latency to the user and to spread out the load and traffic amongst many datacenters. But even then they’ll have a second IP, like 8.8.4.4 for Google, that goes to a completely separate set of servers. If soemthing happens to the nearest server for the primary IP, the network won’t realize this quickly, and will keep sending your traffic to it, so having the second IP going to a different server keeps you the user un-impacted.

 

DNS is profoundly important. When there’s a DNS issue, to most users its the same as their ISP having a complete outage.

[RicenShine]

On 4/6/2021 at 10:17 PM, brwainer said:

If you only have one DNS and it goes down, then the computers using it are effectively offline completely. So inside a private network you should always run two DNS servers - and if Active Directory or similar is being used, you want more than one domain server anyway, because like backups “two is one and one is none”.

 

Outside of a private network, or even for some very large companies, a specific DNS IP, like 8.8.8.8 for Google, doesn’t actually go to a single server but rather to dozens or hundreds or thousands of servers across the globe, using a method called Anycast. This is partially for redundancy purposes, but also to decrease latency to the user and to spread out the load and traffic amongst many datacenters. But even then they’ll have a second IP, like 8.8.4.4 for Google, that goes to a completely separate set of servers. If soemthing happens to the nearest server for the primary IP, the network won’t realize this quickly, and will keep sending your traffic to it, so having the second IP going to a different server keeps you the user un-impacted.

 

DNS is profoundly important. When there’s a DNS issue, to most users its the same as their ISP having a complete outage.

I thought that DNS was something I have to register with cloudflare/google or a known DNS provider needs to be done. Not that I have to host my own DNS.

I actually thought the DNS was for pihole blocker type something, but this was informative thanks!

[brwainer]

7 hours ago, RicenShine said:

I thought that DNS was something I have to register with cloudflare/google or a known DNS provider needs to be done. Not that I have to host my own DNS.

I actually thought the DNS was for pihole blocker type something, but this was informative thanks!

If you want to have your own domain, and point that at some place, then yes you need to have some DNS server somewhere be “authoritative” for your domain, meaning it is the one true source of information. And again, frequently there will be two-four. This can be provided by the company you buy the domain from, or it can be someone else, or you can even host it yourself.

 

The reason to host local DNS for your internal clients to use for lookups is either because you want to have internal/private domain names (servers within a company or a house), you want to filter the DNS responses, or you want the slight privacy improvement and bandwidth reduction of having just one device in your network making the actual DNS lookups on behalf of all the others and caching the results.

[RicenShine]

On 4/11/2021 at 5:05 AM, Grumpy Old Man said:

Almost everything is already except I need two NUC11

 

That cat fight is painful...  >_<

[Chris Hasinski]

Here is mine, just the wired part, wireless is kinda pointless as it is just a list of devices I own.  I could use some recommendations for a good 10Gbit network card   Already got one.

[BananaBoat]

No subscription services for me or my friends & family >_>

[brwainer]

3 hours ago, BananaBoat said:

No subscription services for me or my friends & family >_>

That's a nice service flow diagram, but this thread is more about the physical and internetworking side. Router, switch(es), AP(s), where the ISP and server connect into; is it all 1Gb? Any 10Gb? Using any non-ethernet connection methods (powerline, MoCA)?

[RaddyKewl]

I don't think mine is quite as elaborate as everyone else's. Also don't have any redundancy for if a point fails... though I'm not running anything too mission critical that I can't just run to a store and pickup a new switch.

 

Not pictured are the wireless devices.

The Bedroom access point has a bathroom heater, air purifier and an Amazon Echo Show.

I also have a Macbook, iPhone, iPad, and Windoze laptop which connect to either access point, depending where I'm at in the house.

 

[jec6613]

Here's my current network - end devices not shown because it starts becoming too cluttered and such, but here's a quick rundown of the networking gear:

• Netgear M5300-28GF3 Layer 3 Core

45U 2-Post rack for networking and HA equipment:

• Netgear M4300-28G-PoE connected to patch panel
• Netgear M4100-26G connected to patch panel
• Netgear WC7600v2
• Netgear M4100-D12G connected to the various HA devices in the rack

45U 2-Post rack for AV equipment:

• Netgear M4100-26G for devices in that rack

25U 4-post rack for servers:

• Two stacked Netgear M4300-12X12F for primary server connectivity
• Netgear M4100-26G for OOBM and as a secondary cluster communication switch

Garage:

• Netgear M4100-D12G-PoE for cameras

Access points:

• Two WAC720 for garage and basement
• Three WAC730 for main house coverage

Gateway:

• Cisco RV340

 

[n0x103]

Started expanding my home network during the pandemic and got a little carried away with vlans. need to prune it a bit...

 

 

 

 

[misterpumpy]

ISP: Frontier Fiber 500/500
ONT: Motorola ONT1000GJ2
Router(s): ASUS ZenWifi AX1200 XD4 Mesh Network *I have three, but only two are needed in our current apartment
Switch: TP-Link TL-SG108 unmanaged Gigabit switch

I have both primary computers in the apartment connected to the switch, as well as my NAS, the other mesh node for ethernet backhaul, our Apple TV, and our Philips Hue Bridge. 

Our other devices utilize the wifi from either of the mesh devices depending on where we are in the apartment. 

 

Potential upgrades: In our next apartment we are looking to possible upgrade our system to a multigig infrastructure, so 2.5g wan and lan on routing, switching, etc. Primarily for the home network, as I am pretty sure we will only go up to Gig fiber speeds from the ISP side (we just do not have a functional usecase for more at the moment). 

 

I've been looking into Ubiquiti or TP Link Omada and there's a lot of neat stuff out there, but everything I want to do either costs too much to do exactly as I want with those companies or I don't get exactly what I want for a price I'm willing to pay; alas, I will continue using consumer grade stuff. 

[Sir Asvald]

Updated network:

 

I have 3 domains within my environment:

 

1. Netgear VLAN 21 (IP 10.1.21.0/24) 
2. HP VLAN 22 (IP 10.1.22.0/24)
3. Cisco 3750 - VLANS 172 & 20 (IPs 172.16.0.0/16 10.1.20.0/24)
4. Cisco 2960C-LL is used for outbound traffic
5. Cisco ASA 5506-X Firewall used for my AnyConnect VPN
6. Lenovo PC is the ESXi host 6.5  - VMs I have 4 (2 running on this host and one running on a dedicated ESXi host) DCs for domain, and 3 (1 on the dedicated ESXi Host) for the others. Kemp loadmaster, and Email filter (Proxmox Mail Gateway)
7. Lenovo Tiny is the Exchange Host
8. Dell PE R210 II is the SCCM Host

Not pictured is my HP Microsoft Server Gen8 is my physical DC Running 2019.

 

Any questions please ask away.

 

Spoiler

 

[xPakrikx]

Not done yet wip.  v0.8

 

[Sir Asvald]

There have been some changes for my network.

• Setup PFESNSE to handle the OpenVPN Peer-to-Peer VPN - No longer using Hamachi VPN.
• Setup DFS-R between my on prem fileserver and my dedicate fileserver.
• Setup Internet Printing, allowing me to print from anywhere.
• Additional VLANs -  VLAN 24 (10.1.24.0/24) Remote management iLO and IDRAC, VLAN 25 (10.1.25.0/24 for ISCSI target).

 

Edited June 1, 2022 by Sir Asvald

[corhen]

Figured i would throw in my layout. Simple layout, all done in Cat 6A Ethernet. Its enough to keep everything running smoothly, and avoid bottlenecks.

I need to add a proper Pihole at some point!

[FlyScript]

Still struggling to find the right kit, but this is what I'm trying to grow my dumb all-in-one modem/router into over the next couple months (possibly with some PoE security cams and another AP one day).

 

2.5Gbps over Cat 8 everywhere (Gigabit line in, but I intend to upgrade that)

[draftingish]

On 6/29/2022 at 3:27 PM, FlyScript said:

Still struggling to find the right kit, but this is what I'm trying to grow my dumb all-in-one modem/router into over the next couple months (possibly with some PoE security cams and another AP one day).

 

2.5Gbps over Cat 8 everywhere (Gigabit line in, but I intend to upgrade that)

Well a wireless AP probably doesn't have router turned on. So the router controls routing for all the network.

[Nukes25]

here's my home network setup, currently.

everything works good, just wondering if there's any improvements I can look into ( I know upgrading to cat6 min for hardwire, but holding off on that until I move next year, as that'll be a more long term place, I will optimize it)

 

[Guest]

I don't have my own network yet, but I saw my cousins.

 

Router is installed in basement.
One really long ethernet cable goes up 2 flights of stairs to his xbox.

 

I'd like to maybe set something up like Luke's system or 8-bit guy's.

[Sir Asvald]

Here is my network diagram, significate changes:

 

[Shylidi]

 

Whew, here we go

I've got one pfSense router, running on a Dell R320 with 32GB of RAM and a 6 Core CPU, the most important part is it has a Chelsio S320 NIC in it. The nice thing about Chelsio is that it can handle the full stack. The CPU (almost) never needs to get involved. Which means I can pull full 10Gbps line rate to the internet, even with 400+ firewall rules and 6 VLANS, with a complete /26 network of addresses routed to my network (64 addresses) speaking of which:

Networks:

MAIN - home network for trusted devices, can talk to remote

REMOTE - offsite at a data center location, these servers provide HA and stuff. useful, and nice to have my dns and stuff in a separate location so even if most everything here crashes, the alt router can take over everything while I sort the mess.

GUEST - open portal to the internet, isolated from the network completely, I live next to a park and have an AP pointing that way so people can use it, plenty do.

IOT - locked down, when a new device joins it connects and gets the DMZ IP, which allows it to talk openly to the internet BUT it is completely recorded with a port replication and a wireshark, I look at the packets, figure out what it needs and give it access to only what I deem acceptable.

FRIENDS - separate networks for friends to host servers, I let my friends put servers and systems in, and I give them VLANs with a public IP and a /28 network for their hosts.

RETRO - extremely locked down VLAN with no access to the internet, only can talk to my workstations, in case i feel like playing winXP solitaire, or some DOS games.

 

Switches:

LIGHTNING: Extreme Networks Summit X670-48x (48 10Gbps SFP+ Ports)

PLASMA: Extreme Networks Summit X450e-48p (48 1Gbps RJ-45 PoE Ports)

TORNADO: Nokia 7210 SAS-S 48F4SFP+-1 (48 1Gbps SFP Ports + 4 10Gbps SFP+ Ports)

HAIL: Nokia 7210 SAS-T 12F10T 4XFP-1 (12 1Gbps SFP Ports + 10 1Gbps RJ-45 Ports + 4 10Gbps XFP Ports)

THUNDER: MikroTik CSS610-8G-2S+IN (8 1Gbps RJ-45 Ports + 2 10Gbps SFP+ Ports)

HURRICANE: Ubiquiti US-XG-6PoE (4 10Gbps RJ-45 PoE Ports + 2 10Gbps SFP+ Ports)

OMNI: Dell Powerconnect 6248 (44 1Gbps RJ-45 Ports + 4 1Gbps Hybrid Fiber/Copper Ports)

 

Network VLANS enter on either lightning, or plasma, and cascade where they need to go, servers all talk through the nokia switches, and edge devices go through the Extreme Networks Switches, it's not hard and fast, and I like to lab things up, which is why i have so many ports, I'll do work from home and bring dozens of APs to validate or whatever.

 

Workstations:

YREL - My main gaming box: Ryzen 9 5900x | 64GB DDR4 3600MHz | RX 6900 XT

VALKYRIE - My Render Machine, and Beanbag gaming box: 2x Xeon E5-2667 v3 | 128GB DDR4 2133MHz | Quadro RTX 5000

PUSHEEN - Wife's Machine: i7-5820K | 32GB DDR4 2400MHz | GTX 970

 

Servers:

RARITY: 1x Xeon Silver 4100 | 128GB DDR4 2133Mhz

RESONANCE: 2x Xeon E5-2690 v3 | 128GB DDR4 2133Mhz

ZELDA: 2x Xeon E5-2690 v3 | 128GB DDR4 2133Mhz

2A: 2x Xeon E5-2650 v2 | 64GB DDR3 1333MHz

2B: 2x Xeon E5-2650 v2 | 64GB DDR3 1333MHz

RETRO: 2x Xeon E5405 | 64GB DDR2 667MHz

 

Power:

6x 2200VA Cyberpower UPS'
I can run all of this gear in two segments, in case of complete power failure the hypervisors will remain up for 1 hour, the network gear will stay up for 3 hours. All the APs in the house (except one) are powered from the PoE switch here, and the other is upstairs on the Ubiquiti PoE switch, which has it's own 5 hour UPS. All of this ties back to the UTOPIA Fiber network, which is my employer, and I know we have generators at all sites from my home to internet core. When the power goes out, in general, internet stays up.

 

some proof lol, the security camera anyways.

 

 

 

 

[NobleGamer]

  

On 8/17/2014 at 7:24 AM, Ssoele said:

• You must have a proper network diagram; Something made in Microsoft Visio, Gliffy (Free) or something similar.

Gliffy is no longer free, so I use Lucidchart.  Works well for network diagrams after adding some shape libraries, although I can't get the image export to include background color boxes ("hotspots").

 

Here's my network diagram:

 

About my network:

• I installed the ER-X to support failover between primary and 5G modem - Failover wizard was easy to use with moderate networking knowledge
  • After my other configuration adventures, I got it to not bottleneck modem traffic as long as I don't set smart queue QoS on download activities.
• Both switches are managed, and provide auto QoS using 802.1p/DSCP. Because of their placement, it makes QoS at the router level seen much less relevant
  • TP Link switch provide more physical ports than the Gryphon Router, and mitigates bottlenecking other connections during backups to NAS
  • Netgear switch exists because I could only run one networking cable to that location
• There may be a double NAT given "Primary Modem (not a router bundle) -> ER-X -> Gryphon Router" and a triple NAT given the path of "5G Modem (+integrated routing) -> ER-X -> Gryphon Router", but throughput and connectivity haven't been an issue for my primary use cases (4K streaming, downloads, some uploads, light online PC gaming) since they don't seem to require specific port forwarding.  "If it ain't broke, don't fix it."

Edited October 28, 2022 by NobleGamer
Updated network details

[LapsedMemory]

 

This is the final plan for my work in progress.  Everything on the chart is done except for the SW3_1 and WAP2 as I'm not entirely convinced I need them yet.  Spent the last week reworking my incoming 'hub' using a WallControl board and customizing 3D printable accessories you can find on this project:

GitHub - aderusha/DDD-Printable-Wall-Control-System: DDD Printable Wall Control System, 3d printable organization solutions for Wall Control pegboards

 

It was as simple as downloading the base model, measuring up the hole distances for the wall mount hooks, and adding attachment nubs to each of the surfaces.  Add in some Magnetic cable tie mounts and you have a simple, completely customizable pegboard layout.  The hardest part was waiting for the Ender3 to print all this up.  

 

From Top Left:  Fiber ONT  (Active), Surfboard Cablemodem (Available as backup if needed), iBase Edgedevice using pfSense,

Bottom Left: ScreenBeam Bonded 2.5 MOCA adapter for reaching the rest of the house, TL-SG108PE connecting everything together and powering WAP1.