I currently have a Mikrotik CCR1036 -8G-2S+ connected to FTTH 1 Gig internet thru the ethernet port. My main switch is a cisco SG350XG-48T and connected to one of the CCRs SFP+ ports. All ethernet cables are CAT7. I have 10Gbase-T cards in my windows computers. This switch connects to my Control4 home automation system, 3 x Ruckus R710 APs and my synology server and couple windows computers. The other CCR SFP+ port is connected to a SG500X-48P. This provides ports for my IP cameras and Hikvision DVR. Alot of my IOT such as doorbird video intercom and various boxes such as roku, apple TV, printers are connected to either one of the switches. There are no VLANs. CCR is running a custom build of Router OS. I have a second SG500X-48P for just-add-power video over IP. I would like to connect this via SFP+ once I figure out below.
I also have a server that connects thru a VPN to a different country and it connects directly to the CCR ethernet port. VPN is setup at the router level. See topology below. I keep traffic on this VPN isolated from my home network. The server itself has dual 1 GbE NICs. Currently if I have to move data off of the server onto my synology, I have use teamviewer or trek to the basement with a USB drive. I'm not a fan of teamviewer for this as the files are typically 30 - 50 Gb in size and my understanding is that the data leaves my intranet, goes over the TV servers and then back to my other TV computer. This takes a long time and half the time the file transfer fails. I did have both NICs setup where one was on the home network with intranet access only and the other to the VPN connection.(VPN NIC1 192.168.x.x range with subnet mask 255.255.0.0, and intranet NIC 2 on the 10.0.x.x range with subnet mask 255.255.0.0. and blank default gateway) However I was concerns that "someone" could gain access to my home network thru the VPN connection into the switch or server and learn my true IP location. Teamviewer has a intranet only mode so this was used to transfer files from the server by connecting to NIC 2. It was much faster.
Questions
1. Am I right to be concerned about the dual NIC and potentially exposing my IP address
2. I'm planning on upgrading my hosting server (currently a synology) to an unraid build (new box) and keep the function of the downloading function of the old server. I was thinking about using two Mellanox MCX311A-XCAT ConnectX-3 cards in a DAC to provide 10GbE speed for transfers. Would this open up my home network to IP address detection or put it at risk with network sniffing malware?
3. Is there a way to tunnel or static route the VPN data from a shared CCR SFP+ port to my download server if I decided to attach the download server via SFP+ to the spare port on the SG350XG or SG500X-48P? I would still need to be able to transfer files from the download server to the unraid server which would be connected by SFP+ to the other spare port on the SG350XG or SG500X-48P?? Or is it better to use a dual SFP+ card on the unraid - one connection to home network and other DAC to download server (separate IP addresses)? Note the cisco switches currently only function as basic switches and all of the routing is done thru the CCR (no cisco layer 3 functionality enabled). If the CCR had a third SFP+ port then this would be much easier I presume.
4. if the answer to 3 is no then what if I add the CRS326-24S+2Q+RM (24 SFP+ ports) above the SG350XG-48T. I could either bond both CCR SFP+ to the CRS for better bandwidth and I would have plenty of SFP+ ports. Would I still have the issue of the getting VPN connection out from the CCR as per question 3? I could use one CCR SFP+ port for my home network (would I lose out on bandwidth??) and the other SFP+ port dedicated to the VPN connection for the download server?
Thanks for digesting all of that and I look forward to responses
I also have a server that connects thru a VPN to a different country and it connects directly to the CCR ethernet port. VPN is setup at the router level. See topology below. I keep traffic on this VPN isolated from my home network. The server itself has dual 1 GbE NICs. Currently if I have to move data off of the server onto my synology, I have use teamviewer or trek to the basement with a USB drive. I'm not a fan of teamviewer for this as the files are typically 30 - 50 Gb in size and my understanding is that the data leaves my intranet, goes over the TV servers and then back to my other TV computer. This takes a long time and half the time the file transfer fails. I did have both NICs setup where one was on the home network with intranet access only and the other to the VPN connection.(VPN NIC1 192.168.x.x range with subnet mask 255.255.0.0, and intranet NIC 2 on the 10.0.x.x range with subnet mask 255.255.0.0. and blank default gateway) However I was concerns that "someone" could gain access to my home network thru the VPN connection into the switch or server and learn my true IP location. Teamviewer has a intranet only mode so this was used to transfer files from the server by connecting to NIC 2. It was much faster.
Questions
1. Am I right to be concerned about the dual NIC and potentially exposing my IP address
2. I'm planning on upgrading my hosting server (currently a synology) to an unraid build (new box) and keep the function of the downloading function of the old server. I was thinking about using two Mellanox MCX311A-XCAT ConnectX-3 cards in a DAC to provide 10GbE speed for transfers. Would this open up my home network to IP address detection or put it at risk with network sniffing malware?
3. Is there a way to tunnel or static route the VPN data from a shared CCR SFP+ port to my download server if I decided to attach the download server via SFP+ to the spare port on the SG350XG or SG500X-48P? I would still need to be able to transfer files from the download server to the unraid server which would be connected by SFP+ to the other spare port on the SG350XG or SG500X-48P?? Or is it better to use a dual SFP+ card on the unraid - one connection to home network and other DAC to download server (separate IP addresses)? Note the cisco switches currently only function as basic switches and all of the routing is done thru the CCR (no cisco layer 3 functionality enabled). If the CCR had a third SFP+ port then this would be much easier I presume.
4. if the answer to 3 is no then what if I add the CRS326-24S+2Q+RM (24 SFP+ ports) above the SG350XG-48T. I could either bond both CCR SFP+ to the CRS for better bandwidth and I would have plenty of SFP+ ports. Would I still have the issue of the getting VPN connection out from the CCR as per question 3? I could use one CCR SFP+ port for my home network (would I lose out on bandwidth??) and the other SFP+ port dedicated to the VPN connection for the download server?
Thanks for digesting all of that and I look forward to responses
Last edited: