Hello everyone,
I am currently considering how to set up the network in our house.
In this context, I thought it would be great if some of you could share how you have implemented a high-end network on an individual basis.
I am an IT professional myself, but my focus lies elsewhere. Nevertheless, feel free to get technical—I assume I will understand you.
I am interested in:
- How have you segmented your networks?
- What devices do you use (manufacturer-independent)?
- Which devices (manufacturer-independent) do you group together in which network, and why?
- Which networks do you allow to communicate with each other?
- How have you implemented external access, if desired?
- Do you perhaps have a DMZ?
- In your opinion, what is a “must-have” and what is a “nice-to-have”?
I am currently considering how to set up the network in our house.
In this context, I thought it would be great if some of you could share how you have implemented a high-end network on an individual basis.
I am an IT professional myself, but my focus lies elsewhere. Nevertheless, feel free to get technical—I assume I will understand you.
I am interested in:
- How have you segmented your networks?
- What devices do you use (manufacturer-independent)?
- Which devices (manufacturer-independent) do you group together in which network, and why?
- Which networks do you allow to communicate with each other?
- How have you implemented external access, if desired?
- Do you perhaps have a DMZ?
- In your opinion, what is a “must-have” and what is a “nice-to-have”?
rick2018 schrieb:
You should upgrade your RAM.You mean in the sense of expanding it, right? Otherwise, that seems counterproductive, but with Windows, you never know...
rick2018 schrieb:
Why don’t you set the Fritzbox to bridge mode or replace it with a pure modem? That way, you avoid double NAT.
Any VLAN-capable router should handle DHCP within VLANs.
What do you plan to run on the Synology? You should upgrade the RAM. Then Windows will run decently, but it’s still not suitable for heavy computing tasks.
You can ignore Radius and DNS anyway. At home networks with just a few devices, it’s not a big load. Regarding the Fritzbox, honestly, it’s laziness and uncertainty. Laziness because I don’t know anything about telephony, SIP, and so on, and the Fritzbox acts as the telephone system. Uncertainty because I don’t know how Magenta-TV will behave if another router has to take over that role.
On the Synology, I plan to run a domain controller, file server, probably DNS—basically Windows Server services. Possibly a WSUS as well. Then some monitoring (like Zabbix or something similar).
J
JoachimG.12 Oct 2021 19:23Tarnari schrieb:
Regarding the Fritzbox, honestly it’s due to laziness and uncertainty. Laziness because I have no knowledge of telephony, SIP, and so on, and the Fritzbox acts as the phone system. Uncertainty because I don’t know how Magenta TV handles it if another router has to take over.
For the Synology, I would run a domain controller, file server, probably DNS—all Windows Server. Possibly also a WSUS. Then monitoring (Zabbix or something similar). If I were you, I would also let the Fritzbox handle those parts and only separate the network behind it where necessary. Otherwise, depending on the router/firewall, you’ll spend a lot of time and effort to get SIP and Magenta TV running smoothly.
This does create more individual network segments but significantly less hassle.
I agree with Rick about the servers; there isn’t much load on the home network. You just need to keep in mind that the browsing experience will suffer greatly if, for example, the DNS server shows a response time of 150ms (milliseconds) because the Synology is struggling. You won’t notice this as much with AD, RADIUS, or the file server, but DNS performance becomes immediately apparent.
JoachimG. schrieb:
In your situation, I would also have these parts managed by the ISP and only separate the network behind it where necessary. Otherwise, depending on your router/firewall, you will spend a lot of time and energy making sure SIP and Magenta TV work smoothly.
This results in more individual network segments but significantly less effort.
Regarding the servers, I agree with Rick that there isn’t much load on the home network. You just need to keep in mind the DNS server, as the browsing experience suffers greatly if it shows, for example, 150ms response time because the Synology NAS is struggling. You usually won’t notice this with AD, Radius, or file servers, but DNS latency is immediately apparent. Then we’re back to double NAT…
Is it really as problematic as it’s often described?
Redirecting DNS to another server shouldn’t be an issue. Although I wonder if, say, 30 clients really generate a significant load on the DNS service.
J
JoachimG.12 Oct 2021 21:18Tarnari schrieb:
Then we are back to double NAT…
Is it really as problematic as it is often “advertised”?
Redirecting DNS to something else shouldn’t be an issue. Although I wonder if, say, 30 clients really put a significant load on the DNS service. It’s not the DNS performance that can become a problem, but the overall performance of your VM environment. You might not notice this with other servers, but you will with the DNS.
Double NAT can be disabled with a proper router/firewall placed behind the Fritz box. The Fritz box handles NAT, and it gets a static route or several routes for traffic behind the router/firewall. But towards the internet, there’s only one NAT.
That said, I have been running a Fritz box behind a Speedport Hybrid for three years now. So far, zero issues with double NAT.
Similar topics