Planning out my new HomeLab network again - Setting up IP allocations, subnets and VLANs
HTML-код
- Опубликовано: 12 сен 2024
- SpaceRex is back to the drawing boards setting up and planning out his HomeLab network. This video focuses on setting up different the different IP address pools for all devices across the network. This will help setup specifically with self hosted VPN configurations.
This setup is designed to allow scaling as well as the ability to use multiple trusted networks bonded together such as SMB multichannel.
Hire Me! www.spacerex.c...
Sponsor the Channel & Get Early Access to ALL Videos: / spacerexwill
#HomeLab #Subnet #VLAN
How to use a search domain: • What is a search domai...
I bought a new HomeLab server: • I bought a used server...
You are really good please dont stop with ur videos ever! Super usefull. I discover you since I bought my Synology and i became addicted to your videos. Everytime I have something to do, I check you have the answer
Hey thanks for the kind words! I will keep making them as long as people keep watching!
Thank you. Keep up the good work. These videos are so helpful and instructive.
Glad you like them!
Great overview. Will be interested to see how you integrate multiple DNS servers
I agree! Will you be using a load balancer? I run dual Pihole dns server off of a Unifi firewall and I find that they both log the queries at the same time no matter what. Would be smarter if it were handled via a load balancer with some sort of fast failover. Thanks man!
You can choose up to 4 DNS servers on a computer and between windows Mac and linux they all do it slightly differently. I think windows queries all of them at the same time and uses whatever comes back first. MacOS and linux will go down the list in order of priority until one works. For me multiple DNS servers is just to ensure that my network does not go down because a dns server or anything else does not boot
I have 2 Raspberry Pi's running with keepalived, so the master one always get's used as long as it is available. The second is failover only. They share a virtual IP adress and I only hand this one out to clients
I'd love to see how you set up your firewall rules to manage traffic between the trusted and untrusted vlans, as well as between the server and storage networks. I'm a networking newbie, and that's what always kills me when trying to set something up.
Yeah I have been planning on doing a video on that!
@@SpaceRexWill will you be doing a video showing the whole setup?
@@sohail579 Yeah will be doing one!
@@SpaceRexWill definitely like this video. Considering doing something similar for my home network, and what better way to learn than to split it up tens of different ways! Would love to see the configuration from beginning to end….including the DHCP. Super interested if a SINGLE DHCP server could handle distributing IPs across all VLANs.
People saying that /16 subnets are too big forget what spreadsheets are for. I've been using 10.10.0.0/16 for a decade now with no issues.
You get so much piece of mind from having the extra breathing room. I would never go back.
If you set your VPN client up properly it won't even see the Cafe's 10.0.0.0/16 network. Look for full bridge configs. Most corporate laptop and mobile phone VPNs are setup this way. The IP address your phone sees is it's "LAN" address on the other end of the VPN.
I'am from Austria/Europe - your videos are the best. I've had my NAS for years, but it's only because of you that I'm using it properly. please make many more videos for us - thank you, stay healthy. best regards, karl
ps: one more question, what are the benefits of being a member?
Hey thanks glad you liked the videos!
As for memberships I really offered it as a way for people to support me if they want to and get something out of it (other than just the donate button) it pretty much gives you a badge and lets me sort though comments by members as well as access to my "backlog" of videos that I have filmed by haven't released yet!
Thank you for this. I needed this so badly just now.
Good point on the subnet numbers.
All good, but "VM instead of massive docker containers"? 🤔
Awesome content as always. Cheers
Much appreciated!
Great video, really helpful and informative.
You are still looking at IP addresses as if they are in decimal. It looks convenient to divide up this into 10s or 20s or 5s, but it's actually really dumb. Divide by a factor of 2. Just like the net mask. You can have different types of subnet mask. Authorative, like you would specify on a NIC or a route. Administrative, like when you route the /16 but within it are administrative /24s.
If you come to dividing up the /16 in /24s, you have 24-26 = 8 bits to use as flags and flag combinations resulting in a sub-sub-netmask.
Example. My "Flat LAN" is the 10.0.0.0/24 authoratively. Yet admin wise it's split into /26s. Infra, Service, Access, Pool. Giving 62 addresses in each adminstrative block.
The interesting thing is, you can still use these sub-subnet masks in firewall rules or in any IP spec match. You just don't need to "route" them.
Also bare in mind, when you subnet "authoratively" you have 2 choices. Multi-NIC or route. One costs admin and network performance and the other puts all your traffic through your router.
You need to consider multi-homed hosts. Like routers for one. DNS, DHCP, etc. They need interfaces on ALL subnets that need those services, unless you want to duplicate them.
So again, consider going another layer down in the /2s really think about what the netmask means and how to use it, and "adminstrative" sub-subnets.
Greate video, you inspired me to redo my home network :).
I did't have similar problem with VPN client, becasue somehow I change my subnet from begining, but I can see that there is also mess, and it would be nice, to have it in order :).
Wow looking forward to future videos on this set up. What HWD are you going to be running all those VM’s on?
Right now this: ruclips.net/video/4eN13qgelZQ/видео.html
But will be moving it to my R630 when I replace my editing machine
Can you do a video of actually setting this up with unifi? I got the UDR and unable to get the two networks to communicate to each other and think it may be a helpful video.
Yeah I actually have a bunch of that coming!
hey i don't really understand the problem you explained at 1:39
is there something that you may be able to share that explains this problem more in depth?
- what kind of configuration would the client have to do?
- how does setting a random subnet fix the problem?
- why can't it successfully route the connection?
Your IP allocation plan is a very good idea. I'm planning to use a similar solution for my own home network. Here I use a dual-stack internet connection with IPv4 and IPv6. Do you also have a suggestion for assigning IPv6 addresses in a home lab?
Personally I avoid IP6 in my homelab. Mostly because routing and the IP’s are much harder for me to keep track of and lack of support for it across everything
For DNS, internally anyway, Synology DNS works well. It looks kind of like BIND with a shell. Not sure what is under the hood, But I've been using it for over a year now along with DHCP. My router was garbage at doing this. One hint though, when you set up DHCP, set the first DNS address to your Synology and the second one to an external like 8.8.4.4. If your synology crashes, your girlfriend won't use her laptop like a frying pan...
Sysop troubleshooting mantra: "It's always DNS."
^this
A little new and confused. Since if your router goes down, everything is down why not use it to host DNS? I'm using pfsense if that helps why I'm confused. Great video btw; going to use your map for reference in re-doing my network, so thanks a lot.
As much as I would love to do that unfortunately Unifi does not come with the ability to be a DNS server
@@SpaceRexWill Thanks! Still learning.
Again, AWESOME videos/tutorials. I currently have the DS220J and I am wondering what can I do to increase my storage capacity without removing the current hard drives? I heard Synology has an additional storage bay system? Any help will be greatly appreciate it! Thank you!
Sadly your unit does not have an expansion option
@@SpaceRexWill Oh man! Thank you. So the only option is to update the hard drives capacity, correct? Again, thank you so much for all helping your followers.
It’s fine to use a /16 subnet since you will probably never fill that up, however if every ip is taken, never go over a /22, as you will quickly bottleneck your network and run into issues.
From what I have heard modern networking equipment does not have nearly the same amount of broadcast traffic then existed back in the day so it is better then it would be. But still would not recommend 5k devices all active on the same subnet.
whats wrong with proxmox as a vm host?
On which network do you put your phone? It will probably host apps that need to communicate with the IoT devices, right?
I am currently trying to work that out to have just IOT devices on that network which I can either bridge in through home bridge or using the Internet
Where is the updated video to this !?
First! And I need to do that, too.
Yeah it was a long time coming!
I never recommend 10.x.x.x subnets for home use because their large host counts are better suited to enterprise networks and you can run into routing issues with split tunnel VPN's (often to your corporate VPN).
He addressed that in the video, how did you miss it?
What's the difference between Storage a/b and FS?
storage a/b are actually going to be entire storage networks and the FS are the file servers. So each file server will have a IP address on each storage network
So which firewall/router are you using ?
Right now on a UDM Pro. Though I think I will be upgrading to PF Sense
@@SpaceRexWill stay with udmpro
I would love to see your PFsense set up, Especially if it relates to ubiquiti
@@VLandrew pfsense is far superior, only reason to ever use unifi routers is because of the ease of use. You will never find any unifi router in professional environments
Lost me after 2min 😆 a more basic vid abot subnetting would be gr8😂
Haha noted. Will definitely be putting one together!
having you talking about your paranoia about DNS is hellacious , you make thing way over complicated about DNS stuff , having everything secure on your VLANS and then talking bout google DNS makes me cry ,Sorry to say it but I never seen a more complicated home lab then this , you should really re think your VLANs and DNS you will have big problems ,there is a flaw in your method to madness , enjoying the content doh ,..
Hi, could you please write more details about those flaws/overcomplications? I would happily learn more to avoid those mistakes and I would bet many viewers would appreciate it as well... :)