Being an infrastructure person and working almost exclusively from my office here at home means my network setup is a little more involved than in a normal home setup. In fact it’s a little more involved than you’d see at many small businesses.
When we moved here in early 2020 (in a bit of a rush, due to COVID-19 and the impending lockdown) for quickness we had a phone line installed and signed up for standard FTTC internet access. This was always intended to be a temporary solution while we found a better alternative, however finding that alternative was more difficult than first thought.
After much searching, and discounting some fibre leased line providers who wanted in excess of £10,000 to run their cable, I finally came across a local ISP called Metranet – a fully wireless ISP who have built their own high speed radio network across the city.
Primary Internet access comes via two 80GHz wireless links on the roof (for redundancy) connected to a pair of MikroTik routers. The first router, a CCR1009, deals with traffic crossing the ISP network and failover between the redundant links – we are in effect part of a large mesh network, so as well as providing our internet access the wireless links and first router also securely carry traffic from other customers on it’s way to the internet. The second, a RB2011iL-RM acts as NTE and deals with traffic to/from my public IP range and is where the connectionis handed off from the ISP network to my own.
Also mounted on the roof we have a MikroTik 4G router with external antenna providing a backup incase the Metranet connection fails completely – so far that has never happened.
A cable from the Metranet NTE and another from the MikroTik 4G router connect (indirectly) to my own MikroTik CCR1009 router (more on that later).
The Local Network
Being in a tall house, spread over 5 floors with one room per floor, means some thought and planning was required to get good wifi coverage without having too many cables running all over the place.
The key to the final wifi solution is the Unifi USW-FLEX which is a 5 port POE++ powered switch capable of delivering standard POE output on 4 ports – this removes the need to take power into consideration when placing the switch and access points and allows for optimum placement to reduce cable runs.
With regards cabling, our only option is to surface mount the cabling, so all runs are in Monoprice SlimRun CAT6 which is barely noticeable once stapled to skirting boards, door frames, etc. Once caveat here – standard RJ45 crimp jacks will not work reliably with this cable, you’ll need jacks specifically designed for the thin cable. I used these from ITM Components.
The USW-FLEX is mounted in the stairway between the third and fourth floors and is connected to the main network cabinet in the ground floor office via a single CAT6 cable, providing both data and 47W of power.
From this centrally mounted switch cables go to UAP-AC-IW access points in each of the upper rooms.
These access points were chosen as they look very neat when mounted in a standard back box and have a built in switch, providing two additional ethernet ports (once with POE passthrough) in each room.
Where more ports are required (currently in the lounge and loft), we have USW-FLEX-MINI 5 ports switches which draw their power from the POE passthrough ports on the access points – with this configuration all network infrastructure is powered from the main office cabinet, can easily be protected by a UPS and we don’t have to worry about power sockets being in the right place.
All remaining infrastructure runs from a small (14U) studio rack in the downstairs office. This is still a work in progress with some more things due to be added shortly (UPS, home server, etc), however it currently holds the remaining network infrastructure used to run the home network.
Starting from the top of the rack we have a MikroTik CCR1009 router which is connected to both the primary and secondary internet connections and manages all routing, firewalling, NAT, failover, site-to-site VPNs, etc. The LAN side of this router is connect via 10Gb SFP DAC to the ‘WAN’ side of a Unifi UDM-PRO
The UDM-PRO sits at the core of our network and acts as controller for all other Unifi devices on the network as well as providing traffic/device identification, threat management, network wide DHCP and acting as an addition firewall. Our UDM-PRO does not perform NAT, just pure routing either between VLANs or out to the internet via the MikroTik router. This is key to allowing the Mikrotik to make routing decisions based on the originating device network/IP.
Our UDM-PRO has some customisations installed to automatically disable NAT and allow the use and automatic renewal of LetsEncrypt SSL certitificates – look out for a future post coving this setup
Although the network is currently running well, there is always room for improvement and I have some upgrade plan in the works.
Unifi are due to release an 8 port POE switch with 2 x 10GbE uplinks and when this becomes available I plan to place one in the loung and another in the logs, with the nearest APs connected directly to these switches and links running directly back to the office – this will get rid of the bottleneck’ caused by single 1GbE connection from the rest of the house into the office.
Also on the plans are a new home server to replace the ageing Lenovo M95 tiny and a new NAS with 10 gigabit connectivity.
Expect updates here on these projects as they progress.