Nobody wants my info dump. I know way too much about networking and computers. The topics are massively deep, like iceberg levels of deep. One for each topic.
I could lecture for an entire day on the nuance and considerations of picking a Wi-Fi channel, or you can ignore me and just hit “auto” which may or may not take some, or all, of my considerations into account when selecting a channel.
If anyone is keen to hear some generally good advice about home networking, here’s my elevator speech:
Wire when you can, wireless when you have to. Wi-Fi is shared and half duplex, every wired connection is exclusive to the device and full duplex.
If you can’t Ethernet, use MoCA, or powerline (depending on what internal power structures you have, this can be excellent or unusable, keep your receipts). Mesh is best with a dedicated backhaul, better with a wired backhaul. Demand it from any system you consider.
The latest and greatest Wi-Fi technology probably won’t fix whatever problem you’re having, it will only temporarily reduce the symptoms and you won’t notice it for a while. Be weary about upgrading and ask yourself why you require the upgrade. Newer wireless won’t fix bad signal, or dropouts.
For everything else, Google. That’s how I find most of the information I know.
Good luck.
I’ll be around in case anyone has questions. No promises on when I’ll be able to reply tho.
Dude these type of replies are what had made reddit such a great time sink, even random browsing you may find something incredible in the comments. Thank you
Well, SNMP is pretty great. There’s three variants in common use, v1, v2c, and v3. I’m a big fan of v2c, because I usually run SNMP over my trusted LAN, and read only, so there’s little or no risks there. I just want all the information! Haha
I would consider v3 if I was doing any kind of read/write work with SNMP. To date, I’ve never had to, so I just don’t bother with it. It’s a bear to set up compared to v2c.
ARP is on layer 2/3 of both the OSI model and the 5 layer TCP model. The OSI model has never been implemented in a production network, it’s just a reference to visualize how things operate. TCP/IP and ipv6 generally stop around the OSI model layer 5. 6/7 is handled by the software, in theory, and layer 8 is where you get the most problems, by far.
ARP is considered to be both layer 2 and layer 3, sometimes noted as layer 2.5, because it’s bridging layer 2, which is Ethernet Mac addressing in most networks, and layer 3 which is IP addressing. It almost entirely operates on layer 2 however.
There’s a new, revised version of the TCP model that I’m aware of that blurs the line between what is known as layer 1 and 2 in the OSI model, kind of bundling them together. It’s weird, but something I’ve seen around.
The question I never got an answer to was about Ethernet. I have searched the internet high and low and have yet to find a credible reference that indicates what the real answer is. There’s a white paper but you have to pay to see it, I’m pretty sure the answer is in there, obfuscated by some fancy math algorithm… The question is: how much voltage is used for Ethernet baseband signaling when PoE is not used? What constitutes a “high” signal, and what is a “low” signal? A lot of sources seem to point to 5v and 1v, but never have any references to back up the claim. There are other sites that provide different voltages for high and low too. 5/1 is just the most common that I’ve seen mentioned.
Also, don’t use the wifi routers provided by Cocmast. Cocmast uses them to provide their xfinity-branded wifi, so as their customer you are literally sacrificing bandwidth and paying their electric bill. I assume all cable companies do this but Cocmast is the only one I know about for sure.
ISP provider doesn’t matter. Put your ISP modem into bridged mode and get your own router.
ISPs usually don’t buy good, or reliable stuff for their clients, they buy whatever gives them the marketing buzzwords and costs them the least. Usually, they’re great at doing modem things, not so good at anything else. Bridged mode just limits them to just doing what they’re good at.
Yes and no, usually the ISP router is also the modem, converting from either VDSL, DOCSIS, or some flavor of GPON, and most people don’t have the knowledge or patience to figure out how to do a modem delete for their ISP.
Having the ISP put the modem in bridged mode usually nullifies the instability of it. Bridged mode turns the ISP modem router thing effectively into just a modem.
You can improve communication by removing it entirely, if you can sort out the modem delete, but unless there’s a pretty clear demarcation between the line handling gear and the ISP router, you might be up a creek.
The other caveat is that with a modem delete, you won’t get help from the ISP. You have to revert to their gear before they will troubleshoot your connection. To them, that modem router is their demarcation line, so it must be in the path somewhere, or they get pretty grumpy about it all.
But, if you have the skill and the aptitude to do it, you can cut ping times by quite a bit. On my VDSL line, when I did a modem delete, replacing whatever lowest bidder modem router my ISP gave me with a Cisco 1911, and a VDSL2 line card, I got my, already quite reasonable ping times (somewhere around 10ms? Or so, to the local datacenter), down to about 4ms. Over VDSL2. That’s crazy good. Nearly FTTH speed.
I did something similar when I was on FTTH for a bit, I got a fiber ont SFP transceiver that could be reconfigured, programmed it with the MAC and other critical information from my ISPs device, and used that in my own router. Which also cut ping times from ~5ms? To ~2ms maybe? So, yeah. There’s benefit to it, but it requires specialized expertise most of the time. If you have an easy path to a modem delete with your ISP, then it’s a no brainer.
Disabling the routing in your ISPs combo router/modem, is essential for any mid sized household that values their performance.
Sorry, what is a “modem delete”, and how does all of this work if you just don’t choose to buy a router from your ISP at the time you first order an Internet plan from them? Like, it’s included there as a standard option with most ISPs, and they have instructions that at the very least seem simple (usually just making sure you have PPPoE with the right connection details, or IPoE set) to use.
So, in my case, I had a modem router model by a company called SmartRG. Details aside, I pretty much instantly put it into bridged mode so it wouldn’t participate in the IP routing. That modem did modem things only.
The connection went from provider phone line to SmartRG to my firewall.
I was weird and got a set of WAN IP addresses, so I put a router in front of everything to handle that, so the connection went from provider line, to modem, to router, to firewall.
It’s not super relevant, but the router I was using was a Cisco 1911. This is a semi modular enterprise router. The modular part, which will be important later, is in the form of “WIC” modules, or “WAN Interface Card” modules. The 1911 has two.
Anyways, I managed to get a WIC that supported VDSL2 with all the options and configuration that my ISP used. Happened to be the ehwic-va-dsl-m. Long story short, this module would integrate with my router and act as a modem of sorts to “translate” to the provider line. When I implemented this, I basically threw out my SmartRG. The phone line went directly into my router. So the connection was from the provider line, into my router, then to my firewall.
So the modem was “deleted”.
Another instance was for a fiber GPON line. The provider in this case, gave you a modem with a GPON connection, but they didn’t really tell anyone that the GPON interface was just a plain old SFP transceiver. So I pulled the SFP, put it into the firewall and threw out the modem. The provider line went right into their module in my firewall. The modem was effectively “deleted”
The idea of a modem delete is to remove whatever standalone device the provider has converting their signal (DSL, cable, or fiber) into Ethernet, and effectively plug that into your gateway.
It’s not always possible.
I’m currently looking for an option to do a modem delete for a local ISP that’s switched to xgs-pon. They put out a modem router for it that has the transceiver built in, so there’s no way to extract it and plug it into something else.
I’m hopeful I’ll find a SFP+ module like I found for the GPON ISP in my area.
I wired my house with cat6 when I moved in. The overall setup looks like 10G fiber to the house -> 2.5G capable router -> 2.5G capable NAS running *arr stack. Also off the router is a single cat6 run downstairs -> 8 port 1G unmanaged switch, which is connected to my desktop, work dock, parters dock, TV, and backhaul run to the back of house wifi extender. The desktop, both docks and wifi extender are 2.5G capable. The TV is 100M. This has been extremely reliable. I plan on upgrading the switch to a 10g capable one at some point, and then the router. Since the switch is unmanaged, is there a good way to know when it is the limiting factor and I should update it?
A managed switch can give you telemetry, like port utilisation, and you can observe how much upstream is in use.
My concern is that you have a 1g switch connecting 2.5g capable devices to a 2.5g capable upstream network. That’s a bottleneck that I would want to eliminate. I know serve the home has a roundup of 2.5g switches that might be useful for you. I’m not saying you should switch to managed either, you may be well served by an unmanaged switch, and it will save you money. The telemetry for managed switches usually requires a system to collect and store it, usually an NMS, or network monitoring/management system.
Some manufacturers build NMS style telemetry into their products, ubiquiti does this to a limited extent. Other vendors may be better or have nothing at all. Something to think about when picking gear, if you like that sort of visibility. NMS usually operates over SNMP, which can become a whole thing; but for monitoring, setting up read only SNMP can be rather easy.
A word of caution. 10G and 2.5/5G were developed independently, and 10G came first. It was expensive which is why 2.5/5g Ethernet became a thing. Because of this checkered past, there’s a lot of 10G equipment that will not support operating at 2.5 or 5gbps. So if you get a 10G switch, check if there’s 2.5G, or 5G capability separately, or included on the 10G ports.
In my experience, most 10G ports are 1 or 10G, with nothing in between. Most 2.5G ports can’t do 10G. So the best idea would be to have a switch with a couple of 10G for fast uplinks and some 2.5G connections for your devices. Unless you can find a unicorn of a switch that supports all speeds on all ports, a switch split between 2.5G and 10G ports is probably your best bet.
Oh, ok thanks! I’ve been wondering about the split 2.5/10G switches I’ve seen and wondered why. That makes a lot of sense now! I’ll take a look at them again.
What’s the pros & cons of a managed vs unmanaged switch? Or of just running multiple cables out of the router? (Assuming your router has sufficient ports.)
My router only has four downstream ports, and due to the layout of my house I only want to run one cable from the router to my home office anyway. If it had enough ports and the house was laid out differently I wouldn’t have bothered with the switch.
Unmanaged switches are usually quite a bit cheaper and just work. You plug everything in and that’s it. Managed switches need configuring and cost more. I paid $25 for my 8 port 10/100/1000 switch, while the managed version is about $120. With a managed switch you can do things like turn individual ports on and off, traffic limit and monitor per port, and other fancy networking things that I’ve never bothered with.
That’s that speed the ports are capable of. 10/100/1000 megabits per second. Most things with an Ethernet port nowadays are 10/100/1000 capable, and 2.5Gb is becoming reasonably common.
Weirdly, Roku and other smart TVs are often only 100Mb capable since 4k streaming only requires about 60Mb and if you are squeezing pennies a 1Gb port is a bit more expensive.
10Gb is just starting to get available for high end consumer devices.
All of the ports support all three speeds. When you first plug in, there is a quick round of negotiations where both sides basically say “Here are the speeds I can work, what about you?” Then they go with the highest that both support.
Wait so what would happen if it was only 1000? Like, can’t any connection automatically support up to its limit? What’s the advantage of explicitly supporting lower numbers?
every wired connection is exclusive to the device and full duplex.
That doesn’t seem quite right in reality, since the moment you have multiple devices connected to one switch and both sending data to the router, they’re sharing the connection. Switches can handle multiple connections at the same time way better than an AP, being able to receive from multiple devices at once, but the bandwidth will ultimately still be shared between the devices.
I see what you’re saying and this is a good inquiry. The reality is that most networks are what we call North/South traffic exclusive. In this context, we use “North” to describe towards the Internet, “South” to be from the Internet, and east/west to be LAN to LAN traffic.
Networks that are primarily or exclusively North South, your contention will always be your ISPs committed speed (the speed they’re allowing you to use). So most of what’s South of that is pretty trivial, as long as it can keep up with, or exceed the speed of the North connection.
That changes if you do any East/West traffic. Whether that’s a home lab, a home server, or even just a NAS, or computer to computer file sharing… Once that traffic is more than a trivial amount of the network traffic, then you see a lot of benefit from wired connections to your computers. The switch backplane can handle a lot more bandwidth than any individual port, and the only way you’ll see that bandwidth is if some traffic is going somewhere other than your router, or the Internet.
To say most home networks are North/South heavy is obvious. Business networks frequently have servers and other LAN resources that are frequently utilized. So East/West traffic is usually non-trivial.
To spin an example, if your ISP is providing a 100mbps committed rate, and you gave full gigabit ethernet inside and at least 802.11ac wireless, with almost all traffic going to the Internet and back, you’re going to see little difference between Wi-Fi and Ethernet. The only major change moving from Wi-Fi to Ethernet is that your ping time will be more consistent and lower overall. It won’t be a huge change, something in the range of 10s of ms, but it’s literally the only thing you’ll notice a difference with.
Another example where it will make a big difference is if you have a NAS or home server, where you have files stored. Compared to a file storage service like drop box or Google drive. The LAN specific traffic will move at line rate, or the speed of whatever storage the data ultimately rests on, whichever is slower. In that context, the East/West traffic benefits greatly from Ethernet, and the full duplex connection between the two devices.
It’s all subjective to how you are using your network. You’ve made a good point, so thanks for that. Have a good day.
Should I learn iptables or is it more sane to use a front end like ufw?
I have an RPI with dual Ethernet between my modem and consumer router so I don’t have to depend on the obsolete and limited consumer router software. I’m using OpenWRT at the moment but curious if you have other recommendations. I like the Luci gui so if I switched to headless Debian or something then I’d still want a luci equivalent.
I’m self hosting with docker and I want to set up a wireguard vpn container that joins a network with a select set of containers. So I’d have containers that are accessible only by actual LAN users and then others that are in this isolated group that only the VPN (i.e. WAN people) can access. I thought that’s what docker was all about! But by default it seems all authenticated VPN peers just get to be on the LAN. Sure, they can’t get at containers on a different docker bridge network, but they get to access the host itself! This is why I asked about iptables above, but it’s daunting. Any ideas on how to achieve “two levels of trust” for self hosted services?
I’m hoping that not all of that is running on a single pi. I mean, it can, but you might hit limitations when everything is engaged with doing things. I just feel like, that’s a lot for one raspberry Pi…
Anyways, iptables are good to have a general grasp of, but they’re generally GNU/Linux specific. There’s other routing implementations that run on Linux, and hardware appliances generally have their own bespoke, vendor specific stuff. One project I’m aware of is free range routing. There’s a lot more, but this is one that I know of. Using FRR, vs iptables, they’re very different beasts. But you shouldn’t need FRR, it’s a monster in terms of memory use and designed to operate in ISP class networks. You don’t need it. I’m just using it as an example of what is out there.
The best advice I can give about this is that learning the concepts behind routing is more valuable than any specific product. Knowing the difference between an RIB and FIB, and how to structure routes, priorities, costs, etc… All very important. Can you learn that with iptables? Sure, and probably more, since iptables can also function as a low end firewall.
The important thing is that you learn the meaning behind what you’re doing in whatever routing platform you are working with.
I’ve worked with so many different ways of handling routing and firewall work that I get annoyed when vendors come up with dumb marketing terms that leak into the device user interface, for a very common routing, firewall, or VPN technology. I don’t care whether I’m on a router or firewall that’s custom and running open WRT, ddwrt, opnsense, or one from Cisco, Sonic wall, watchguard, Fortinet, Palo Alto, or any of the dozens of other vendors. A VPN is a VPN. IKE and IPsec don’t change because it’s vendor x or y. Don’t start calling the IKE identifier something else.
… Sorry, rant.
Anyways, I don’t really see the vendor’s interface as anything more than a code I have to convert into the industry standard protocol information that everyone uses. It’s a filter by which that vendor portrays the same options that everything else has. Some have quirks. Some are more straight forward. But they all have the same options in the end. Allow the traffic or don’t, do it by port and protocol or by IP. Apply content filters or don’t, use Ethernet, DHCP, pppoe, or something else like ATM or ipx/SPX for signaling. Who cares.
If you understand the concepts, the skills are transferable, no matter what platform you end up using, you’ll know what needs to be done, you’ll just be stuck figuring out how you do it on this platform.
I feel the same way. I was looking into a Udemy course for those Cisco exams (not to take the exam, just to learn) and I was discouraged that the content is so vendor specific.
Do you have a recommendation on “neutral” learning? I have access to a fair amount of Udemy of that helps. Also happy to read static text, though preferably written as more of a tutorial than just a raw RFC or man page.
I dunno if they still offer it, but I found that Cisco’s ICND1 was fairly neutral. They use examples from Cisco stuff, naturally, but the majority of the content is around learning and understanding how IP networks function. This is the first half of the CCNA study materials, and honestly, one of the best resources I had, and used, for learning how it all works.
There’s probably a ton more out there now, but at the time when I was learning, it was all CBT Nuggets and pluralsight… I believe a lot has hit YouTube in recent years.
Don’t worry if the information is out of date, this stuff doesn’t change. The updated stuff just has newer vendor specific information, and IPv6.
IPv6 isn’t crazy different in how it behaves, but the mechanisms for local discovery, IP assignment, and whatnot, can vary quite extensively.
Basic configurations shouldn’t be too stressful. When you get into large segmented networks that use routing protocols, then you’ll have some headaches. I think you’ll be fine.
But that opens a whole can of worms. You could go with something more tried and true, like Ike/IPsec, if your routers have that option. Usually that’s the way for firewalls, but it’s a bit hit and miss for routers.
Or you can go with something a bit more modern, like tailscale, wireguard, or zero tier. But then you need some way to put that on your NAS. I’m partial to zero tier, but there’s plenty of good options, even beyond what I’ve mentioned.
Researching this becomes a mine field without the right vocabulary, because having a “VPN” is such a broad definition that there’s a lot of commercial VPN solutions, designed to give you operational security when browsing the Internet, which are completely useless at securing traffic between computers on different LANs over the Internet. Services like PIA, NordVPN, surfshark, proton VPN, Express VPN… So many others. They’ll secure your traffic to the Internet itself, not between private locations connected by the Internet.
I don’t know what hardware you’re specifically using as a router at each location or what works with what. I know ubiquiti has some VPN features in their gateway products, and that could make quick work of the problem. Just food for thought I guess.
Nobody wants my info dump. I know way too much about networking and computers. The topics are massively deep, like iceberg levels of deep. One for each topic.
I could lecture for an entire day on the nuance and considerations of picking a Wi-Fi channel, or you can ignore me and just hit “auto” which may or may not take some, or all, of my considerations into account when selecting a channel.
If anyone is keen to hear some generally good advice about home networking, here’s my elevator speech:
Wire when you can, wireless when you have to. Wi-Fi is shared and half duplex, every wired connection is exclusive to the device and full duplex. If you can’t Ethernet, use MoCA, or powerline (depending on what internal power structures you have, this can be excellent or unusable, keep your receipts). Mesh is best with a dedicated backhaul, better with a wired backhaul. Demand it from any system you consider. The latest and greatest Wi-Fi technology probably won’t fix whatever problem you’re having, it will only temporarily reduce the symptoms and you won’t notice it for a while. Be weary about upgrading and ask yourself why you require the upgrade. Newer wireless won’t fix bad signal, or dropouts.
For everything else, Google. That’s how I find most of the information I know.
Good luck.
I’ll be around in case anyone has questions. No promises on when I’ll be able to reply tho.
Dude these type of replies are what had made reddit such a great time sink, even random browsing you may find something incredible in the comments. Thank you
Thanks. I’ve been on hiatus for a bit. I’m around.
I still won’t go back to that place either way
What about the SNMP protocol? And is ARP level 1 or 2? Edit 2 or 3 ofc!
I love low level network stuff, but nowadays nobody needs that anymore.
Well, SNMP is pretty great. There’s three variants in common use, v1, v2c, and v3. I’m a big fan of v2c, because I usually run SNMP over my trusted LAN, and read only, so there’s little or no risks there. I just want all the information! Haha I would consider v3 if I was doing any kind of read/write work with SNMP. To date, I’ve never had to, so I just don’t bother with it. It’s a bear to set up compared to v2c.
ARP is on layer 2/3 of both the OSI model and the 5 layer TCP model. The OSI model has never been implemented in a production network, it’s just a reference to visualize how things operate. TCP/IP and ipv6 generally stop around the OSI model layer 5. 6/7 is handled by the software, in theory, and layer 8 is where you get the most problems, by far.
ARP is considered to be both layer 2 and layer 3, sometimes noted as layer 2.5, because it’s bridging layer 2, which is Ethernet Mac addressing in most networks, and layer 3 which is IP addressing. It almost entirely operates on layer 2 however.
There’s a new, revised version of the TCP model that I’m aware of that blurs the line between what is known as layer 1 and 2 in the OSI model, kind of bundling them together. It’s weird, but something I’ve seen around.
The question I never got an answer to was about Ethernet. I have searched the internet high and low and have yet to find a credible reference that indicates what the real answer is. There’s a white paper but you have to pay to see it, I’m pretty sure the answer is in there, obfuscated by some fancy math algorithm… The question is: how much voltage is used for Ethernet baseband signaling when PoE is not used? What constitutes a “high” signal, and what is a “low” signal? A lot of sources seem to point to 5v and 1v, but never have any references to back up the claim. There are other sites that provide different voltages for high and low too. 5/1 is just the most common that I’ve seen mentioned.
Hey you know your stuff 🫡 well done!
Also, don’t use the wifi routers provided by Cocmast. Cocmast uses them to provide their xfinity-branded wifi, so as their customer you are literally sacrificing bandwidth and paying their electric bill. I assume all cable companies do this but Cocmast is the only one I know about for sure.
ISP provider doesn’t matter. Put your ISP modem into bridged mode and get your own router.
ISPs usually don’t buy good, or reliable stuff for their clients, they buy whatever gives them the marketing buzzwords and costs them the least. Usually, they’re great at doing modem things, not so good at anything else. Bridged mode just limits them to just doing what they’re good at.
Why use the ISP router at all? If your ISP uses IPoE or can provide you the PPPoE connection details, can’t you use any router you like?
Yes and no, usually the ISP router is also the modem, converting from either VDSL, DOCSIS, or some flavor of GPON, and most people don’t have the knowledge or patience to figure out how to do a modem delete for their ISP.
Having the ISP put the modem in bridged mode usually nullifies the instability of it. Bridged mode turns the ISP modem router thing effectively into just a modem.
You can improve communication by removing it entirely, if you can sort out the modem delete, but unless there’s a pretty clear demarcation between the line handling gear and the ISP router, you might be up a creek.
The other caveat is that with a modem delete, you won’t get help from the ISP. You have to revert to their gear before they will troubleshoot your connection. To them, that modem router is their demarcation line, so it must be in the path somewhere, or they get pretty grumpy about it all.
But, if you have the skill and the aptitude to do it, you can cut ping times by quite a bit. On my VDSL line, when I did a modem delete, replacing whatever lowest bidder modem router my ISP gave me with a Cisco 1911, and a VDSL2 line card, I got my, already quite reasonable ping times (somewhere around 10ms? Or so, to the local datacenter), down to about 4ms. Over VDSL2. That’s crazy good. Nearly FTTH speed.
I did something similar when I was on FTTH for a bit, I got a fiber ont SFP transceiver that could be reconfigured, programmed it with the MAC and other critical information from my ISPs device, and used that in my own router. Which also cut ping times from ~5ms? To ~2ms maybe? So, yeah. There’s benefit to it, but it requires specialized expertise most of the time. If you have an easy path to a modem delete with your ISP, then it’s a no brainer.
Disabling the routing in your ISPs combo router/modem, is essential for any mid sized household that values their performance.
Sorry, what is a “modem delete”, and how does all of this work if you just don’t choose to buy a router from your ISP at the time you first order an Internet plan from them? Like, it’s included there as a standard option with most ISPs, and they have instructions that at the very least seem simple (usually just making sure you have PPPoE with the right connection details, or IPoE set) to use.
So, in my case, I had a modem router model by a company called SmartRG. Details aside, I pretty much instantly put it into bridged mode so it wouldn’t participate in the IP routing. That modem did modem things only.
The connection went from provider phone line to SmartRG to my firewall.
I was weird and got a set of WAN IP addresses, so I put a router in front of everything to handle that, so the connection went from provider line, to modem, to router, to firewall.
It’s not super relevant, but the router I was using was a Cisco 1911. This is a semi modular enterprise router. The modular part, which will be important later, is in the form of “WIC” modules, or “WAN Interface Card” modules. The 1911 has two.
Anyways, I managed to get a WIC that supported VDSL2 with all the options and configuration that my ISP used. Happened to be the ehwic-va-dsl-m. Long story short, this module would integrate with my router and act as a modem of sorts to “translate” to the provider line. When I implemented this, I basically threw out my SmartRG. The phone line went directly into my router. So the connection was from the provider line, into my router, then to my firewall.
So the modem was “deleted”.
Another instance was for a fiber GPON line. The provider in this case, gave you a modem with a GPON connection, but they didn’t really tell anyone that the GPON interface was just a plain old SFP transceiver. So I pulled the SFP, put it into the firewall and threw out the modem. The provider line went right into their module in my firewall. The modem was effectively “deleted”
The idea of a modem delete is to remove whatever standalone device the provider has converting their signal (DSL, cable, or fiber) into Ethernet, and effectively plug that into your gateway.
It’s not always possible.
I’m currently looking for an option to do a modem delete for a local ISP that’s switched to xgs-pon. They put out a modem router for it that has the transceiver built in, so there’s no way to extract it and plug it into something else.
I’m hopeful I’ll find a SFP+ module like I found for the GPON ISP in my area.
I wired my house with cat6 when I moved in. The overall setup looks like 10G fiber to the house -> 2.5G capable router -> 2.5G capable NAS running *arr stack. Also off the router is a single cat6 run downstairs -> 8 port 1G unmanaged switch, which is connected to my desktop, work dock, parters dock, TV, and backhaul run to the back of house wifi extender. The desktop, both docks and wifi extender are 2.5G capable. The TV is 100M. This has been extremely reliable. I plan on upgrading the switch to a 10g capable one at some point, and then the router. Since the switch is unmanaged, is there a good way to know when it is the limiting factor and I should update it?
An unmanned switch? Nothing concrete.
A managed switch can give you telemetry, like port utilisation, and you can observe how much upstream is in use.
My concern is that you have a 1g switch connecting 2.5g capable devices to a 2.5g capable upstream network. That’s a bottleneck that I would want to eliminate. I know serve the home has a roundup of 2.5g switches that might be useful for you. I’m not saying you should switch to managed either, you may be well served by an unmanaged switch, and it will save you money. The telemetry for managed switches usually requires a system to collect and store it, usually an NMS, or network monitoring/management system.
Some manufacturers build NMS style telemetry into their products, ubiquiti does this to a limited extent. Other vendors may be better or have nothing at all. Something to think about when picking gear, if you like that sort of visibility. NMS usually operates over SNMP, which can become a whole thing; but for monitoring, setting up read only SNMP can be rather easy.
A word of caution. 10G and 2.5/5G were developed independently, and 10G came first. It was expensive which is why 2.5/5g Ethernet became a thing. Because of this checkered past, there’s a lot of 10G equipment that will not support operating at 2.5 or 5gbps. So if you get a 10G switch, check if there’s 2.5G, or 5G capability separately, or included on the 10G ports.
In my experience, most 10G ports are 1 or 10G, with nothing in between. Most 2.5G ports can’t do 10G. So the best idea would be to have a switch with a couple of 10G for fast uplinks and some 2.5G connections for your devices. Unless you can find a unicorn of a switch that supports all speeds on all ports, a switch split between 2.5G and 10G ports is probably your best bet.
Good luck.
Oh, ok thanks! I’ve been wondering about the split 2.5/10G switches I’ve seen and wondered why. That makes a lot of sense now! I’ll take a look at them again.
What’s the pros & cons of a managed vs unmanaged switch? Or of just running multiple cables out of the router? (Assuming your router has sufficient ports.)
My router only has four downstream ports, and due to the layout of my house I only want to run one cable from the router to my home office anyway. If it had enough ports and the house was laid out differently I wouldn’t have bothered with the switch.
Unmanaged switches are usually quite a bit cheaper and just work. You plug everything in and that’s it. Managed switches need configuring and cost more. I paid $25 for my 8 port 10/100/1000 switch, while the managed version is about $120. With a managed switch you can do things like turn individual ports on and off, traffic limit and monitor per port, and other fancy networking things that I’ve never bothered with.
Ah that’s interesting. Thanks!
What does 10/100/1000 mean?
That’s that speed the ports are capable of. 10/100/1000 megabits per second. Most things with an Ethernet port nowadays are 10/100/1000 capable, and 2.5Gb is becoming reasonably common.
Weirdly, Roku and other smart TVs are often only 100Mb capable since 4k streaming only requires about 60Mb and if you are squeezing pennies a 1Gb port is a bit more expensive.
10Gb is just starting to get available for high end consumer devices.
So is it some ports support 10, some support 100, and some support the full 1000? Or how does it work with the three different speeds?
All of the ports support all three speeds. When you first plug in, there is a quick round of negotiations where both sides basically say “Here are the speeds I can work, what about you?” Then they go with the highest that both support.
Wait so what would happen if it was only 1000? Like, can’t any connection automatically support up to its limit? What’s the advantage of explicitly supporting lower numbers?
That doesn’t seem quite right in reality, since the moment you have multiple devices connected to one switch and both sending data to the router, they’re sharing the connection. Switches can handle multiple connections at the same time way better than an AP, being able to receive from multiple devices at once, but the bandwidth will ultimately still be shared between the devices.
I see what you’re saying and this is a good inquiry. The reality is that most networks are what we call North/South traffic exclusive. In this context, we use “North” to describe towards the Internet, “South” to be from the Internet, and east/west to be LAN to LAN traffic.
Networks that are primarily or exclusively North South, your contention will always be your ISPs committed speed (the speed they’re allowing you to use). So most of what’s South of that is pretty trivial, as long as it can keep up with, or exceed the speed of the North connection.
That changes if you do any East/West traffic. Whether that’s a home lab, a home server, or even just a NAS, or computer to computer file sharing… Once that traffic is more than a trivial amount of the network traffic, then you see a lot of benefit from wired connections to your computers. The switch backplane can handle a lot more bandwidth than any individual port, and the only way you’ll see that bandwidth is if some traffic is going somewhere other than your router, or the Internet.
To say most home networks are North/South heavy is obvious. Business networks frequently have servers and other LAN resources that are frequently utilized. So East/West traffic is usually non-trivial.
To spin an example, if your ISP is providing a 100mbps committed rate, and you gave full gigabit ethernet inside and at least 802.11ac wireless, with almost all traffic going to the Internet and back, you’re going to see little difference between Wi-Fi and Ethernet. The only major change moving from Wi-Fi to Ethernet is that your ping time will be more consistent and lower overall. It won’t be a huge change, something in the range of 10s of ms, but it’s literally the only thing you’ll notice a difference with.
Another example where it will make a big difference is if you have a NAS or home server, where you have files stored. Compared to a file storage service like drop box or Google drive. The LAN specific traffic will move at line rate, or the speed of whatever storage the data ultimately rests on, whichever is slower. In that context, the East/West traffic benefits greatly from Ethernet, and the full duplex connection between the two devices.
It’s all subjective to how you are using your network. You’ve made a good point, so thanks for that. Have a good day.
Yay!
Should I learn iptables or is it more sane to use a front end like ufw?
I have an RPI with dual Ethernet between my modem and consumer router so I don’t have to depend on the obsolete and limited consumer router software. I’m using OpenWRT at the moment but curious if you have other recommendations. I like the Luci gui so if I switched to headless Debian or something then I’d still want a luci equivalent.
I’m self hosting with docker and I want to set up a wireguard vpn container that joins a network with a select set of containers. So I’d have containers that are accessible only by actual LAN users and then others that are in this isolated group that only the VPN (i.e. WAN people) can access. I thought that’s what docker was all about! But by default it seems all authenticated VPN peers just get to be on the LAN. Sure, they can’t get at containers on a different docker bridge network, but they get to access the host itself! This is why I asked about iptables above, but it’s daunting. Any ideas on how to achieve “two levels of trust” for self hosted services?
Sorry this took me a bit to get to. Hello!
I’m hoping that not all of that is running on a single pi. I mean, it can, but you might hit limitations when everything is engaged with doing things. I just feel like, that’s a lot for one raspberry Pi…
Anyways, iptables are good to have a general grasp of, but they’re generally GNU/Linux specific. There’s other routing implementations that run on Linux, and hardware appliances generally have their own bespoke, vendor specific stuff. One project I’m aware of is free range routing. There’s a lot more, but this is one that I know of. Using FRR, vs iptables, they’re very different beasts. But you shouldn’t need FRR, it’s a monster in terms of memory use and designed to operate in ISP class networks. You don’t need it. I’m just using it as an example of what is out there.
The best advice I can give about this is that learning the concepts behind routing is more valuable than any specific product. Knowing the difference between an RIB and FIB, and how to structure routes, priorities, costs, etc… All very important. Can you learn that with iptables? Sure, and probably more, since iptables can also function as a low end firewall.
The important thing is that you learn the meaning behind what you’re doing in whatever routing platform you are working with.
I’ve worked with so many different ways of handling routing and firewall work that I get annoyed when vendors come up with dumb marketing terms that leak into the device user interface, for a very common routing, firewall, or VPN technology. I don’t care whether I’m on a router or firewall that’s custom and running open WRT, ddwrt, opnsense, or one from Cisco, Sonic wall, watchguard, Fortinet, Palo Alto, or any of the dozens of other vendors. A VPN is a VPN. IKE and IPsec don’t change because it’s vendor x or y. Don’t start calling the IKE identifier something else.
… Sorry, rant.
Anyways, I don’t really see the vendor’s interface as anything more than a code I have to convert into the industry standard protocol information that everyone uses. It’s a filter by which that vendor portrays the same options that everything else has. Some have quirks. Some are more straight forward. But they all have the same options in the end. Allow the traffic or don’t, do it by port and protocol or by IP. Apply content filters or don’t, use Ethernet, DHCP, pppoe, or something else like ATM or ipx/SPX for signaling. Who cares.
If you understand the concepts, the skills are transferable, no matter what platform you end up using, you’ll know what needs to be done, you’ll just be stuck figuring out how you do it on this platform.
Thank you so much for your response!
I feel the same way. I was looking into a Udemy course for those Cisco exams (not to take the exam, just to learn) and I was discouraged that the content is so vendor specific.
Do you have a recommendation on “neutral” learning? I have access to a fair amount of Udemy of that helps. Also happy to read static text, though preferably written as more of a tutorial than just a raw RFC or man page.
I dunno if they still offer it, but I found that Cisco’s ICND1 was fairly neutral. They use examples from Cisco stuff, naturally, but the majority of the content is around learning and understanding how IP networks function. This is the first half of the CCNA study materials, and honestly, one of the best resources I had, and used, for learning how it all works.
There’s probably a ton more out there now, but at the time when I was learning, it was all CBT Nuggets and pluralsight… I believe a lot has hit YouTube in recent years.
Don’t worry if the information is out of date, this stuff doesn’t change. The updated stuff just has newer vendor specific information, and IPv6.
IPv6 isn’t crazy different in how it behaves, but the mechanisms for local discovery, IP assignment, and whatnot, can vary quite extensively.
Good luck out there
I’m planning on setting up a NAS, so I will be reading into networking aswell. Hopefully I won’t get to frustrated lol
Good luck.
Basic configurations shouldn’t be too stressful. When you get into large segmented networks that use routing protocols, then you’ll have some headaches. I think you’ll be fine.
Thanks!
Yes, the only tricky part for me, I think, will be setting up external access for my familiy.
I did wonder about security though. Is it possible to set this up in a way where my families and my own ISP don’t see what is being shared?
Oh yes. You’re taking about a VPN.
But that opens a whole can of worms. You could go with something more tried and true, like Ike/IPsec, if your routers have that option. Usually that’s the way for firewalls, but it’s a bit hit and miss for routers.
Or you can go with something a bit more modern, like tailscale, wireguard, or zero tier. But then you need some way to put that on your NAS. I’m partial to zero tier, but there’s plenty of good options, even beyond what I’ve mentioned.
Researching this becomes a mine field without the right vocabulary, because having a “VPN” is such a broad definition that there’s a lot of commercial VPN solutions, designed to give you operational security when browsing the Internet, which are completely useless at securing traffic between computers on different LANs over the Internet. Services like PIA, NordVPN, surfshark, proton VPN, Express VPN… So many others. They’ll secure your traffic to the Internet itself, not between private locations connected by the Internet.
I don’t know what hardware you’re specifically using as a router at each location or what works with what. I know ubiquiti has some VPN features in their gateway products, and that could make quick work of the problem. Just food for thought I guess.
Thanks so much for taking the time to answer! I’ll look into those options