Skouperd
04-11-2010, 02:32 PM
http://downloads.skoups.com/ctwug/201009%20Skoups%20Network.jpg
Hi everybody. With the recent discussions about networking, I figured that this is as good as any place to ask for some guidance / help of my own. Just some background, when I moved into the house, I’ve laid Cat5 wires into each and every room in the house (reference to the “how to wire your house article”). At that stage, my gaming computers were all located in the study or throughout the house. The switch (a single 24 port switch) located very centrally in the house catered for all of them. This is also the location where I’ve installed the ADSL lines, Alarm systems and all those good stuff.
Eventually, the study became too small and we build on a “games-room”. This room was built on top of my garage. During the building of this room I’ve took the liberty to build on a server room as well, basically, it is a little room hidden underneath the stairs housing the second 24 port switch, the servers and the CTWUG connections.
My concerns with the above network are as follows:
Security
One of my concerns of late is the increase risk of security on my network. The home network breaks out at 5 different places, ADSL Router, 2x2.4Ghz wifi routers, and 2xCTWUG routers. This forced me to lock down everything (as good as I could) and touch wood, no problem as yet.
On the picture I’ve listed all the “risks” on the network. The way I am treating these risks at the moment is to just block all incoming connections, but in the ideal world, I would like to be able to access the network on a VPN (from the outside) while I would also like to be able to give certain WUG users access onto the LAN without them having to jump through several loops.
Routing
The RB433 is capable to do routing directly on the board; however, because I am sitting in two different subnets, My WUG IP’s is 172.18.81.72/29 while my home network is 192.168.0.0/24 I’ve never been able to get both the WUG and the ADSL to work if I route it via the RB. In order to get past the problem, I’ve been using normal software routing on Aragog (Windows Server 2008R2). However, Aragog is also acting as my fileserver, running my VM’s, doing active anti-virus scanning, DHCP, Terminal Server and I don’t even know what else. If Aragog goes down, then it is always a mission to get the network back up and running again. My idea is to get Wugga to be the machine that runs DC client (accessing the data on Aragog) and perhaps act as my webserver as well.
The problem, I would ideally like to give internet access to some of the guys on the WUG, and also I would like to access my network from the internet as well, an added bonus would like to throttle internet downloads when I am playing games.
Remote Access
Given that I’ve went crazy and made sure nobody could access any of my stuff on my internal network, I am unable to get access to things like my webserver, my alarm system, or the HAVA box from outside. That is something that I would really want to solve.
Bandwidth
The problem I’ve always found that when there is more people than what the games room bandwidth could accommodate (11x1Gb ports) then people will plug their leaching machines in either the Study, Braai, or one of the guest rooms (home switch). The problem then became that these machines were sharing a single Gb connection with the games room switch, meaning if more than one person leach from the machines in the house they would be bottlenecked via the 1Gb connection between the two switches.
Since the SMC_2 switch, as per diagram is not really being used, and it is only really getting pushed hard when there is a LAN and people make use of the network located inside the house, I’ve agreed to sell it off to Jarrod. Those that remember the Sunday at Rage, it is this switch that is now with Jarrod (right now, I am just using an old 16 port 100Mb SMC switch in its place)
Solutions
I’ve considered upgrading my two SMC unmanaged switches to Smart Switches thereby enabling Link Aggregation between them which should take care of my bandwidth problem. It could potentially provide me with some added security by way of VLan’s however, I am not sure how good this solution will be for routing.
Smart switches have come down in price a tremendous amount of late, since Jarrod took one of my unmanaged switches off my hands figured that this may be a quick and easy solution.
Some people suggested getting the “risk points” onto their own network completely and at that point controlling everything that goes in or out. This will be a lot easier (in theory) than trying to block down 5 different security points. I’ve looked at the 750G, the problem with that board is that it only have 5 ports and ideally, I would like to push my ADSL, 2x433WUG Routers, and 2xPersonal Wireless Routers though that. However, then I am unable to connect the 750G onto my home network which is pointless. The other solution I’ve considered was the Mikrotik RB1100 but that is way more expensive for what a small home network looks like.
So, to summarise:
Routing is a problem
Security is a problem
Bandwidth between the two switches is a problem on occasions
Ensuring my gaming gets the lowest pings is a potential problem
Being able to share my Internet with certain individuals would be nice
Being able to access my network from outside would be nice
Being able to link my Home Network up with Murgs and then play games would be nice
Obviously, I would like to keep any solutions as cheap as possible
Hi everybody. With the recent discussions about networking, I figured that this is as good as any place to ask for some guidance / help of my own. Just some background, when I moved into the house, I’ve laid Cat5 wires into each and every room in the house (reference to the “how to wire your house article”). At that stage, my gaming computers were all located in the study or throughout the house. The switch (a single 24 port switch) located very centrally in the house catered for all of them. This is also the location where I’ve installed the ADSL lines, Alarm systems and all those good stuff.
Eventually, the study became too small and we build on a “games-room”. This room was built on top of my garage. During the building of this room I’ve took the liberty to build on a server room as well, basically, it is a little room hidden underneath the stairs housing the second 24 port switch, the servers and the CTWUG connections.
My concerns with the above network are as follows:
Security
One of my concerns of late is the increase risk of security on my network. The home network breaks out at 5 different places, ADSL Router, 2x2.4Ghz wifi routers, and 2xCTWUG routers. This forced me to lock down everything (as good as I could) and touch wood, no problem as yet.
On the picture I’ve listed all the “risks” on the network. The way I am treating these risks at the moment is to just block all incoming connections, but in the ideal world, I would like to be able to access the network on a VPN (from the outside) while I would also like to be able to give certain WUG users access onto the LAN without them having to jump through several loops.
Routing
The RB433 is capable to do routing directly on the board; however, because I am sitting in two different subnets, My WUG IP’s is 172.18.81.72/29 while my home network is 192.168.0.0/24 I’ve never been able to get both the WUG and the ADSL to work if I route it via the RB. In order to get past the problem, I’ve been using normal software routing on Aragog (Windows Server 2008R2). However, Aragog is also acting as my fileserver, running my VM’s, doing active anti-virus scanning, DHCP, Terminal Server and I don’t even know what else. If Aragog goes down, then it is always a mission to get the network back up and running again. My idea is to get Wugga to be the machine that runs DC client (accessing the data on Aragog) and perhaps act as my webserver as well.
The problem, I would ideally like to give internet access to some of the guys on the WUG, and also I would like to access my network from the internet as well, an added bonus would like to throttle internet downloads when I am playing games.
Remote Access
Given that I’ve went crazy and made sure nobody could access any of my stuff on my internal network, I am unable to get access to things like my webserver, my alarm system, or the HAVA box from outside. That is something that I would really want to solve.
Bandwidth
The problem I’ve always found that when there is more people than what the games room bandwidth could accommodate (11x1Gb ports) then people will plug their leaching machines in either the Study, Braai, or one of the guest rooms (home switch). The problem then became that these machines were sharing a single Gb connection with the games room switch, meaning if more than one person leach from the machines in the house they would be bottlenecked via the 1Gb connection between the two switches.
Since the SMC_2 switch, as per diagram is not really being used, and it is only really getting pushed hard when there is a LAN and people make use of the network located inside the house, I’ve agreed to sell it off to Jarrod. Those that remember the Sunday at Rage, it is this switch that is now with Jarrod (right now, I am just using an old 16 port 100Mb SMC switch in its place)
Solutions
I’ve considered upgrading my two SMC unmanaged switches to Smart Switches thereby enabling Link Aggregation between them which should take care of my bandwidth problem. It could potentially provide me with some added security by way of VLan’s however, I am not sure how good this solution will be for routing.
Smart switches have come down in price a tremendous amount of late, since Jarrod took one of my unmanaged switches off my hands figured that this may be a quick and easy solution.
Some people suggested getting the “risk points” onto their own network completely and at that point controlling everything that goes in or out. This will be a lot easier (in theory) than trying to block down 5 different security points. I’ve looked at the 750G, the problem with that board is that it only have 5 ports and ideally, I would like to push my ADSL, 2x433WUG Routers, and 2xPersonal Wireless Routers though that. However, then I am unable to connect the 750G onto my home network which is pointless. The other solution I’ve considered was the Mikrotik RB1100 but that is way more expensive for what a small home network looks like.
So, to summarise:
Routing is a problem
Security is a problem
Bandwidth between the two switches is a problem on occasions
Ensuring my gaming gets the lowest pings is a potential problem
Being able to share my Internet with certain individuals would be nice
Being able to access my network from outside would be nice
Being able to link my Home Network up with Murgs and then play games would be nice
Obviously, I would like to keep any solutions as cheap as possible