Home Network Remodel

MazeFrame · April 24, 2022, 4:51am

Hello! This will be a bit messy and all over the place.
This thread like my network is very organically grown over time.

Current state of the setup:

It is a mess, let me explain:

The “NAS” is actually 4 devices running BeeGFS
Yes, I have landline phone via VoiP/SIP and would like to keep that working
The link from the router to the CRS309 is management only, to keep the NASes and Server off the interwebs (because shitbox router can not do VLANs or other useful features…)
My computer and my secondary are in both networks so they can see the Scope, NAS and have Internet

My integrated Services Box (Modem/Router/Switch/etc.) is acting up a bit. I bought it when money was tight.

Problem is that DHCP is not working right, or not at all depending on moon phase or whatever.

My current workaround is to have the SFP+ switch be the brain of the operation providing DNS and DHCP for the Network with static IP between it and the router.
Only devices with SFP ports currently have network access!

Thoughts for resolving this:

SIP: Buy one of those VoiP to analogue adapter boxes, 20€, easy
Modem:: Is technically working fine in the box I have, so I will use that unless it needs replacing
Router: I could either get a Firewall Appliance or Router to take care of this. Having a device with proper VLAN support would also make the existing setup less of a PITA to keep working

What to buy?
Phone should be as easy as using something like the Grandstream HT-801, point it at my ISPs VoiP-Server and go.
Having a Router or Firewall with some “pro” features would be great for home-lab purposes.

The Cisco C927-4p in the V/ADSL + WAN variety would be great since it would be drop-in replacement for the device causing this headache.
Alternatively, Sophos has the XGS 87 which would take its spot behind the existing router, and enable me to directly take Fiber from the ISP when that happens some time this or next year.

The cheapest route would be to keep the shitbox as a modem, plunk a Mikrotik CRS109 after it and go through all the config (like NAT, DHCP, DNS, etc.). Like the XGS 87, this would also make me ready for “direct-fiber™”.
Clear advantage in this is living with just one brand of stuff, so I will get faster dealing with inevitable problems.
My only gripe with this option is that MikroTik is not always on top of their security.

@felixthecat and @HaaStyleCat mentioned OPNsense and the appliances with it ready to run on it. I would need the 6 port model, or get another switch (which I would rather avoid). The FW6A-model in the configuration I think I want comes out at roughly the same price as the Cisco and Sophos options.

There is a poll to vote in over here in the poll thread. Has all except the OPNsense options to vote on.
So, what to do?

risk · April 24, 2022, 5:17am

You have a server on 10G over there; bring VDSL into a VLAN and put a generic-ext4-combined-efi.img.gz OpenWRT on there into a VM with some virtio.

Alternatively if you want a separate box - there are these j4125 / Intel i225 boxes Fanless Intel J4125 4x i225 Virtualized Firewall Appliance Review

FWIW - I’ve given up on router distros myself and run Debian on an old j3160 box - so far so good.

MazeFrame · April 24, 2022, 1:49pm

I would rather keep the Router/Firewall and the accompanying dangers out of that half of the network.

thetazman · April 24, 2022, 4:30pm

Drop the 1 gb connection to the center pc. and to the top right pc and that should help with the dns / routing issues!

MazeFrame · April 25, 2022, 7:29am

I think I will bump the CRS109 to the RB5009UG+S+IN instead.

Connectivity is just nicer for what I already have going. If I need WiFi, I can just throw one of the cheap MikroTik APs in the mix aswell.

Port	RB5009UG+S+IN	CRS109
SFP+	1
SFP		1
1G	7	8
2.5G	1
WiFi

That connection is supposed to be management only (and currently the last leg so I have internet without resorting to setting static IPs in the whole network). The NICs in my main PC (the central one) are set up to prioritize the internet-facing one. This worked fine since August last year.
Logically, the DSL-Router and MikroTik-switches are separate networks.

linnoiemclaren · April 25, 2022, 2:34pm

What internet generation are you using?

MazeFrame · April 25, 2022, 3:36pm

As in “What comes from the ISP”? Copper carrying VDSL2 with Fiber being planned late 22/early 23

thetazman · April 25, 2022, 4:40pm

All routers I’ve come across have been managed over tcp/ip so no second network connection needed thru the router’s onboard switch.

MazeFrame · August 14, 2022, 12:58am

4 Months later Update:

Thanks to me finding my Mikrotik HexS again, things went kind-off back to normal.

Except my shit-box modem decided to sometimes also drop all traffic for a couple of seconds per day. So it earned itself an early and forceful retirement!

New Modem/Router/etc. will be a Lancom 883 VoiP.
That is a) complete overkill at home b) can be rackmounted should I ever fall down that home-lab rabbit hole for good.

NZSNIPER · August 15, 2022, 4:50pm

If your VDSL connection is DHCP you can get one of these for a modem https://www.amazon.com/PLANET-Ethernet-profile-G-vectoring-VC-231G/dp/B075JK94VQ
Then install RouterOS on the CRS309 and use that as your router behind the modem.