New network design



  • Hello everybody, I just bought a 22U server rack and I am trying to design my future home lab network connection. I just got to the point where I don't know what to do anymore, I have the feeling that everything is becoming complex and I am always concern about security.

    Network

    The picture below shows the hardware that I already have at home and how I was planning to connect everything. Can I get suggestions and tips on how to better configure my network setup (VLAN needed?) according to what I need to do?

    What I would like is the following:

    • My PfSense machine with the Tyan board will have VPN connection. I am using the integrated NIC's for WAN/LAN to the switch.

    • FreeNAS will be used to store my files and expose file system via iSCSI to my Proxmox virtual machines via 10Gbit Network card. And also NextCloud and Plex to be exposed over internet.

    • Proxmox will take care of running: Database server, IRC ZNC Bouncer (Expose via internet), few virtual machines for software development, Home Assistant.

    Now, how many VLAN do I need to create for my network? Is it safe to connect to the IPMI page of my servers via VPN (My UPS will also have a network card)?
    Shall I use the 4 SFP connector of my switch to connect my Proxmox and my Freenas box? At home I do have a few SFP network cards and copper multi-ports gigabit network cards if needed.

    Any help will be appreciated :)



  • I would make a minimum of 2-3 VLAN's on this setup.

    1. IP Cameras
    2. IPTV & other IOT stuff
    3. Wifi Access points, if it supports VLAN and you want to offer a guest network

    Run all of these on the same wire as your LAN network, just VLAN onto it as the parent interface.

    Have you built or used VLAN's before?

    Jeff



  • @WarOfDevil said in New network design:

    I have the feeling that everything is becoming complex

    Not at all...I have a similar setup except I have a Mikrotik RB450Gx4 between the pfSense and the managed switch. That way, I separate my personal network from my guest network as Akuma1x suggested. Also, that way I need not use VLAN(s). Also, I run IDS/IPS inline block mode only on WAN and on my guest network while alert mode on my trusted personal network.



  • Thank's for the tips, I have never used VLAN before but I will definitely look into that right now. Just a few more questions:

    • If I add a 4 port network pci card into my proxmox machine, is it possible to dedicate 1 port to a specific virtual machine? Maybe this way I can easily split the network traffic using the managed switch.
    • My switch has 4 Gigabit SFP ports, will I have any benefits if I connect the hypervisor and the freenas machine to the switch using SFP port with a DAC cable? I mean I know it's still a 1Gbit port but I don't know if I will get benefits on speed using that.

    Thank you :)


Log in to reply