Not a PC build, but in the final stages of a major home network upgrade. My ASUS router was getting a little long in the tooth. While researching replacements I decided to upgrade my entire home network backbone to "pro-sumer" network equipment by Ubiquiti. The Ubiquiti gear is designed for small to medium businesses, but many people have been adopting it for their homes. My home network backbone is now fully layer 3 switched with multiple VLANs for security.
Very impressed with the Ubiquiti UniFi ecosystem. Their devices are automatically recognized and managed from a single UI interface. The UniFi management console supports remote access via secured gateway browser login or with mobile apps. The Dream Machine routing engine can process ~4.5Gb/s with Intrusion Detection and Prevention functions. Also supports home video security cameras.
New equipment:
- Ubiquiti Dream Machine Special Edition ($500). Router plus runs most of the UniFi software suite.
- Ubiquiti 24 port Pro ($400). Layer 3 network switch with 24x 1Gb RJ45 ports and two SPF+ LAN ports (10Gb max per port).
- 2x Ubiquiti WiFi U6+ Access Points ($125/each) (runs on PoE)
- [removed] Motorola MB8611 Cable Modem ($150). DOCSIS 3.1 and 2.5GbE port.
- [added] Arris SURFBoard S33 Cable Modem ($170). DOCSIS 3.1 and 2.5GbE port. -- Had too many issues with the Motorola modem, no issues with the new Arris
- Navepoint 9U wall mount rack with swing gate, 18" deep.
- Rack shelf 14" deep
- CyberPower CP1215RMS rack PDU
- Lysymixs 24 port rack patch panel
- Legrand Amp OnQ 12 port Cat5E punch panel
- 250' bulk CAT6 cable, RJ45 crimper, punch tool, network cable continuity tester.
Old equipment:
- Synology DS418play NAS. 12TB usable storage. Connected to switch with dual 1GbE using 802.3ad Link Aggregation for 2Gb combined bandwidth.
The Dream Machine SE has
- 8 PoE (power over ethernet) 1Gb ports. Currently using only 2 of these for the WiFi access points.
- 2.5Gb WAN port. With the new 2.5Gb cable modem I'm guaranteed 1Gb+ Internet bandwidth with an appropriate cable plan.
- 10Gb SPF+ WAN and LAN ports;
- 128GB SSD;
- HDD bay to add a drive for NVR (network video recorder). Ubiquiti also offers PoE security cameras that integrated with this.
- Router is capable of processing ~4.5Gb/s of fully analyzed traffic with IDS (intrusion detection system) and IPS (intrusion prevention system)
- Dream Machine is connected to the layer 3 switch using a 10GbE SFP+ copper cable. Traffic that doesn't need routing will stay local on the switch.
Scope of work so far:
- Converted 9 telephone lines in my house which were run with CAT5 cable into full ethernet ports. Along with the existing 8 network lines that brings me to a total of 17 hardwired 1Gb cable runs, with dual ethernet ports in many rooms and 4 ports in my home office. Used the Legrand punch panel to swap the phone cables to a CAT5E compliant patch.
- Installed the network rack. Used 3/4" plywood backer on the wall to span the joists. One of my few compliants with the rack--they should include mounting points to work with different joist widths.
- Ran a full set of 17 patch cables from the rack to the network wiring cabinet, everything judiciously labeled.
- Converting home IP range from 192.168.1.1 to 10.x.x.x with multiple VLANS including (a) Trusted Network, (b) Untrusted (guest and work at home employer provided equipment), (c) Internet of Things (IoT) like streaming devices, TV, AVR, garage door opener, etc.
- Firewall rules restricting which VLANs are allowed to talk to each other.
- Configured the WiFi access points. These support multiple VLANs running on the same WiFi SSID--so I can use a single SSID and assign each conencted device into the appropriate VLAN.
Possible future work
- Look at 8-12 drive 2-3U rack mount NAS options when I eventually replace my current NAS.
- Likely add a couple PoE security cameras and a large enough drive in the UDM SE to support them. Ubiquiti stores all video footage to your own equipment without any subscription fees.
- Maybe add their G4 Doorbell camera kit. Includes features like automatic package detection and notification.
- Maybe create a new Server VLAN for the NAS, this would involve a lot of firewall rules and push more traffic through the router engine. Pros and cons to implementing this change.
Thumbnails of the rack in its current state (yes, this is also my laundry room, dryer in the bottom left corner first picture)
Some additional thumbnails showing the wiring and an access point
arstechnica.com
