About three years ago I did a tour of my home network (old tour) and it turned out to be one of my most popular articles on The Geek Pub. Being that so much has changed since then, I decided it is time to do an update tour! Stick around til the end of this article and I will answer a ton of the common questions that came up in the first tour.
Tour of My Home Network (Video)
Updated Tour of My Home Network
In the 2017 article we started outside where Frontier Communications installed their Optical Network Terminal. Many of you mistook this for my own router. An ONT is owned by the ISP and is responsible for converting the fiber connection over to gigabit Ethernet, POTS lines, and Cable TV service. I don’t have any access to the device.
Well, since that video I Frontier has made a lot of changes. First, they moved the ONT inside my garage into a different housing. This was at my request because I felt like the old install was a hack job. Second, my speed has been increased to gigabit, albeit still about 30% higher than AT&T is charging right down the street for the same service.
My Network Gear… I Switched to Ubiquiti Unifi
As mentioned in the 2017 tour, we had our builder put a dedicated AV closet off the theater room. This room has changed a lot too! I now run my entire home network on Ubuquiti Unifi gear. I honestly couldn’t be more happy with this choice! My core switch is a Unifi US-XG-16. This where all of my server gear plugs in, or anything that needs 10Gb connectivity.
My access switch is a Unifi USW-Pro-48 Gen 2. This is where everything else in the house plugs in, including PoE cameras, desktop PCs, TVs, etc.
Get my switches from Amazon here:
Anywhere in the house, that I need more ports than I have wall jacks, is a Unifi US-60W 8 port managed switch. These are awesome because not only do they support PoE, but they are all part of the SDN allowing me to pass security policy, VLANs, etc. while remote monitoring them via SNMP. In the case of my living room, this means I can have my security camera on secure network and my TV on the regular network.
Changes to my Firewall
As we continue to Tour of My Home Network, let’s dive into my firewall changes. In the 2017 Tour I had a 6 port appliance running a Celeron J1900 CPU (this was the WANBOX for those interested). This has been replaced wirth a SuperMicro 5018D-FN8T. This server appliance is designed to be used as a router or firewall and has 12 gigabit ports (8 onboard and 2 on a PCIe card), two SFP+ for 10Gb connectivity, and an IPMI management port. It is uplinked to the core switch via a 10Gb fiber SFP+.
It’s running a XEON D-1518 and 32GB of RAM. This allows me to run lots of OpenVPN sessions (including a VPN to my brother’s house The 8-Bit Guy), pfBlocker, IPS and IDS for security, and more. In my opinion this is the absolute best box you can buy to run a medium to large pfSense firewall!
I’m able to get almost 7Gb routed w/firewall policy between my VLANs.
Get my firewall on Amazon here:
Changes to my Servers
Now let’s move on to my servers and storage. In the 2017 video I was running two homebrew servers with Intel Core I7 7700K CPUs and 32 gigs of RAM each. I also had a Synology RS2416+ for storage.
Today, things here have changed quite a bit as well! I am now running two SuperMicro 5019P-M 1U servers. Both have XEON 4114 scalable CPUs with 96GB of RAM. These are running VMWare ESXi and get their storage from a Synology RS3618xs running a XEON D-1521 and 32 gigs of RAM. These are all connected to the core switch with redundant 10 gig links.
Get my Servers on Amazon here:
Let’s break this down a bit….
First we have two SuperMicro 5019P-M servers running a VMware cluster with HA and DRS enabled. This allows virtual machines to move between these two servers to balance the load or to recover automatically from a hardware failure. Both of these boxes are identical configurations. I named them TARDIS 1 and TARDIS 2, because they are bigger on the inside.
Next I have a Synolgy RS3418xs NAS with 88 terabytes raw capacity, and an RS2416+ NAS with 24 terabytes raw capacity. The 2416 has been replaced under warranty due to the Intel Atom bug.
OK. So what runs on all of this hardware?
On the TARDIS vSphere cluster I run:
- Plex for serving video to all of my devices
- Homeseer for home automation
- Vcenter Server for managing the virtual machines
- MySQL for backend databases
- Windows Domain controllers
- Ubuntu servers for all kinds of things such as time servers
- A full copy of Wikipedia in case of the zombie apocolypse
- And Observium to monitor all of my hardware and servers
On NAS 1 I have:
- a 42 terabyte volume that stores all of my PLEX video, as well as the file shares for my video editing Mac.
- a 24 terabyte volume for VMWare where all of my virtual machines live. This volume is fronted by two Samsung EVO 860 SSDs to add some performance.
On NAS 2 I have:
- a 9 terabyte volume for Surveillance Station. This is the NVR for all of my cameras.
- and another 9 terabyte volume for general file storage and sync share for Dropbox.
A Network Diagram
Update 04/18/2020: So many of you have asked for a network diagram, so I’ve added one to the article. However, I did randomize a few specifics on the VLANs and didn’t include my IP addresses for security reasons. Other than that here’s a network diagram for the tour of my home network!
Things that are Still the Same
OK. So back to the network for a minute. I still use this HD Homerun Extend to distribute an antenna signal to all of my TVs and devices over Ethernet. PLEX integrates with this natively allows me to watch live TV anywhere in the house (or the world for that matter).
I also still use the Homeseer Z-Net for connecting my Z-Wave devices to the Homeseer virtual machine. For those wondering, this is indeed nothing more than a
In the 2017 video I also mentioned that I had a dedicated exhaust fan in the server room running 24/7 to remove heat. This is still in place. However, I did upgrade the fan to a much larger CFM version just a few months ago. This dropped the temperature in this room by almost 20 degrees.
Goodbye Apple Airport Extremes
One major change I have made, since Apple let me down so terribly with the airport extremes: I’ve moved my entire house to Ubiquiti Unifi wireless access points. I personally think these are the absolute best access points you can buy for a home network. I couldn’t be happier.
I also run a guest network on these APs through pfSense that allow any of my visiting friends or family to get Internet access without having access to my home network. However, I do throttle this guest network to 100Mb total throughput to keep freeloading neighbors at bay.
Get my Access Points on Amazon here:
Tour of My Home Network… into my Home Office
I no longer use a Mac as my primary workstation. I just got fed up with Apple and went back to Windows. I really like Windows 10 by the way! I’m running a Core I9 with 64 gigabyte of RAM and a 1080ti video card. It’s plenty powerful for any of the games I play. I also have a second monitor that I use to check on my surveillance cameras and monitor system performance in Observium.
I also have a 16″ Macbook Pro setup for video editing. I mainly keep the Mac around because I just can’t bring myself to switch off of Final Cut Pro. I just like it so much better than anything on Windows.
Other Things Connected to my Home Network
All around the house you will cameras for security. Originally I put in D-LINK, but after about 6 months literally every one of them died and got tossed in the garbage. Since then I have replaced every single camera with an AXIS. They’ve been rock solid and reliable. I feel like D-LINK has just become garbage on every product they make these days. I use these AXIS cameras.
The alarm system is on a secure VLAN and has digital touch-pads throughout the house and I have digital keypads on the doors that connect to it and Homeseer (although these actually connect to Z-Wave and then get bridged to the security network).
Every TV in the house has an Apple TV for video streaming from the PLEX, Netflix, etc. My pool is connected to the network, although its also on a separate VLAN to keep the pool company out of my home network. Our Tesla Model X loves to chew up some bandwidth every evening as it uploads telemetry to Tesla’s neural network.
I still use Logitech Harmony Hubs for automating my media gear. It seems to work fine and integrates well with Homeseer and I also still use Alexa in many places throughout the house as the primary voice control for home automation.
And of course R2-D2 loves to get on the home network too!
FAQ about the Tour of My Home Network
I got an incredible amount of questions on the 2017 network tour. So I decided I will answer them here, and then continue to update these as people most more questions on the forum and YouTube comments.
Q: Why is your cable management so bad?
A: I think a lot of people are confusing the lab portion of my home network with the permanently installed portion of my home network and I think if you’ll look back through the video you’ll see that anywhere I installed something permanently cable management looks really nice. That said, I am not going to spend hours and hours dressing in cables for something I am likely to change in just a couple of weeks.
Q: Why the red walls?
A: I think many of you must have missed the fact that this is a server closet off of our theater room. The theater room is painted red so that it looks like a theater room. When the builder sprayed that closet he just continued to spray the same paint. I am not sure why that is such a big deal to people but that is why the walls are red.
Q: What about the plywood on the walls? So ugly!
A: Plywood is very commonly used in server closets and network closets. When you mount something on the wall you generally have to look for a stud when you’re mounting something to drywall, which is what we have here in the states. If you mount a piece of three quarter inch or one inch plywood on the wall first then you can mount things anywhere you want without having to find a stud. So that’s the reason for plywood. As for ugly, no one outside of this tour will ever see it.
Q: Your modem is outside! You can be hacked!
A: I think you are confusing an ONT or Optical Network Terminal with a router or a firewall. An ONT is something that is provided by the telco or ISP and is usually used in fiber-to-the-home installs which is what we have here. I don’t have any access to that appliance. It is completely owned and operated by the telco and that is how they all work. The purpose of the ONT is to covert the fiber connection from the ISP or from the phone company over to CAT5 for Ethernet, RG6 for coax for cable TV and over to POTS lines for standard phone service.
Q: Alexa is a spy in your house!
A: Tinfoil hat much?
Q: SuperMicro has Chinese spyware on the motherboard!
A: This has been debunked at least a thousand times. The guy who originally reported that was short selling SuperMicro stock and he was looking to drive the stock price down because he was loosing his shorts. That guy is now in prison. There is no firmware or motherboard chip that is spying on you.
Q: If you really cared about security!
A: Tinfoil hat much?
Q: Why use a Mac for video editing?
A: Final Cut Pro is so much better than any offering on the PC. I have tried them all! Most recently I tried Premiere Pro on the PC. I have an Adobe Create Cloud membership and I just couldn’t stand it. I just absolutely hated it. Final Cut Pro works on the Mac so much better. I am not going to spend hours talking about it, but that’s why I use a Mac. You just can’t beat that piece of software.
Well thanks for going on this tour of my home network with me! I hope you enjoyed it!
The post Tour of My Home Network (2020 Update) appeared first on The Geek Pub.