I need a little bit of a sanity check and to rubber duck a home network improvement I want to action.
I currently have the following home network:
Not pictured:
Currently, it is all on a single flat network and has been serving me reasonably well but I want to start to improve in the following spaces:
I currently have the following home network:
Not pictured:
- Various ethernet-connected devices in both Home and Garage networks both House and Garage are wired for cat6. (e.g. TV, Printers, etc.).
- Z-Wave and Zigbee Networks (running from Raspberry Pi and hooked into Home Assistant via MQTT).
- Other various WiFi IoT devices.
- Power monitoring, whole home, solar, fridge, freezer.
- Vacuum.
- Light switches etc.
- Raspberry Pi/VM on VM-Host Docker Swarm cluster.
Currently, it is all on a single flat network and has been serving me reasonably well but I want to start to improve in the following spaces:
- Split the network into 4 basic VLANs. Primary driver is to cut internet access for security cameras and random IoT stuff (even if mostly ESPHome).
- VLAN 1/Untagged - Untrusted (Guest and standard devices).
- VLAN 2 - Trusted (Management VLAN).
- VLAN 3 - Untrusted + no internet access (Typically for IOT devices I don't want talking back home).
- VLAN 4 - Cameras (No internet access, separate from VLAN 3 for sensitivity).
- Migrate to 3 node Proxmox cluster (also migrate from Swarm to K3s).
- Allow for hardware maintenance/HA without disruption to household. (Lighting etc. should be set up to gracefully fallback however we have lived with the automation enough that we’ve grown a little more reliant on the convience).
- Purchased Optiplex 7070 Micro (i5 9500), looking at a N5105? as the third node.
- Improve on 1Gbe for key connections.
- NAS/VM Host 10Gbe.
- Desktop 10Gbe.
- Optiplex 7070 2.5Gbe (I think that’s the best I can do?).
- Deploy further PoE cameras on both Garage and House.
- I have started to configure the VLANs on the EdgeRouter and switches, but I believe with running SwOS (which is also my only option for the current garage deployment) any routing between them is going to have to go all the way back to the EdgeRouter? Which limits it back to 1Gbe (after making further 10Gbe deployments)?
- Do I deploy multiple VLAN adapters to the hosts that need to span multiple VLANs (e.g. Home Assistant would essentially be on all four for discovery).
- What about my main desktop?
- If I VLAN 2 then I loose connectivity to cast to TVs, speakers etc?
- VLAN 1 then I don't have a 10Gbe link to NAS as it routes through the router at 1Gbe?
- What about my main desktop?
- For 10Gbe to make sense should I replace my router to support 10Gbe so that traffic spanning VLANs can utilise the extra bandwidth?
- What are some reasonable options here?
- Currently, I have a 1Gbps service but rollout for 2/4/8Gbps is actively happening in my city.
- What are some reasonable options here?
- Do I switch my CRS328-24P-4S to RouterOS for Layer 3 routing before the router?
- https://www.servethehome.com/mikrotik-crs328-24p-4s-rm-review-24-port-poe-and-4x-10gbe-switch/ comments here suggest that performance at L3 isn't great?
- Do I deploy multiple VLAN adapters to the hosts that need to span multiple VLANs (e.g. Home Assistant would essentially be on all four for discovery).
- For my the Optiplex to improve from 1Gbe I think I'm limited to 2.5Gbe? Can I improve on this? the value would come in for VM replication and Longhorn.
- M.2 adapter (https://www.aliexpress.com/item/1005004166784408.html) or just easier use a USB adapter?
