Network Architecture

Overview

My home network is built with enterprise-grade components to provide high-speed connectivity, security, and scalability. The architecture follows industry best practices with proper network segmentation and redundancy.

Network Topology

Internet
    │
    ▼
┌─────────────────┐
│   ISP Router    │  ← DMZ Mode (Bridge-like)
│  (DMZ Mode)     │
└─────────────────┘
    │ 10Gb
    ▼
┌─────────────────┐
│  OpnSense       │  ← Custom-built Firewall/Router
│  Firewall       │    10Gb NIC
└─────────────────┘
    │ 10Gb
    ▼
┌─────────────────┐
│  Managed        │  ← 10Gb Uplink + 8x 2.5Gb Ports
│  Switch         │    VLAN Segmentation
└─────────────────┘
    │
    ├─ VLAN 10: Home Network (7 ports)
    │     │
    │     ├─ Desktop PCs
    │     ├─ Laptops
    │     ├─ Smart Devices
    │     └─ Media Devices
    │
    ├─ VLAN 20: Homelab Network (1 port)
    │     │
    │     └─ Proxmox Server
    │           ├─ Kubernetes Cluster
    │           ├─ GitLab
    │           ├─ n8n
    │           └─ Various Services
    │
    └─ WiFi Access Point
          │
          └─ UniFi U7 Lite AP (WiFi 7)
                ├─ Home WiFi (VLAN 10)
                └─ Guest WiFi (Isolated)

Hardware Components

ISP Router

• Function: Internet gateway in DMZ mode
• Configuration: DMZ mode (pseudo-bridge)
• Reason: ISP router lacks true bridge mode, DMZ provides closest alternative
• Connection: 10Gb ethernet to OpnSense

OpnSense Firewall/Router

• Type: Custom-built DIY router
• OS: OpnSense (FreeBSD-based)
• NIC: 10Gb network interface card
• Features:
• Advanced firewall rules
• VPN server capabilities
• Traffic shaping and QoS
• Intrusion detection/prevention
• Network monitoring and logging

Managed Switch

• Type: Enterprise-grade managed switch
• Uplink: 10Gb connection to OpnSense
• Ports: 8x 2.5Gb ethernet ports
• Features:
• VLAN tagging and segmentation
• Port mirroring
• Link aggregation support
• SNMP monitoring
• Web-based management interface

WiFi Access Point

• Model: UniFi U7 Lite
• Standard: WiFi 7 (802.11be)
• Management: UniFi Network Controller
• Features:
• Multiple SSID support
• VLAN assignment per SSID
• Advanced security (WPA3)
• Seamless roaming capabilities

Network Segmentation

VLAN 10: Home Network

• Purpose: Main network for trusted devices
• Devices: Personal computers, phones, tablets, smart home devices
• Security: Standard firewall rules, internet access allowed
• Bandwidth: Full 2.5Gb per port

VLAN 20: Homelab Network

• Purpose: Isolated environment for lab services
• Devices: Proxmox server and hosted services
• Security: Restricted inter-VLAN communication
• Services:
• Kubernetes cluster
• GitLab CE for version control and CI/CD
• n8n for workflow automation
• Various development and testing services

Guest Network

• Purpose: Isolated WiFi for visitors
• Security: No access to internal networks
• Bandwidth: Limited and shaped

Performance Specifications

Component	Speed	Technology
Internet Uplink	Variable (ISP dependent)	Fiber/Cable
Router-Switch Link	10 Gbps	10GBASE-T
Switch Ports	2.5 Gbps each	2.5GBASE-T
WiFi	Up to 2.4 Gbps	WiFi 7 (802.11be)

Security Features

Firewall Rules

• Default deny all, explicit allow rules
• Inter-VLAN communication restrictions
• Geo-blocking for suspicious countries
• Rate limiting and DDoS protection

Network Monitoring

• Real-time traffic analysis
• Intrusion detection alerts
• Bandwidth monitoring per device
• Log aggregation and analysis

Access Control

• MAC address filtering where appropriate
• WPA3 encryption for wireless
• VPN access for remote management
• Regular security updates and patches

Management and Monitoring

OpnSense Management

• Web-based interface on HTTPS
• SSH access for advanced configuration
• API access for automation
• Regular configuration backups

Switch Management

• SNMP monitoring integration
• Web interface for port configuration
• VLAN management through GUI
• Port statistics and monitoring

UniFi Controller

• Centralized WiFi management
• Client tracking and analytics
• Automatic firmware updates
• Performance optimization

Future Expansion Plans

Planned Upgrades

• Additional 10Gb ports for high-bandwidth devices
• Redundant internet connections for failover
• Additional access points for better coverage
• Network attached storage with 10Gb connectivity

Scalability Considerations

• Switch stack capability for port expansion
• Fiber backbone for longer distance runs
• PoE+ switches for IP cameras and devices
• Dedicated management VLAN implementation

Troubleshooting and Maintenance

Regular Maintenance

• Monthly firmware updates
• Quarterly configuration backups
• Annual cable and connection inspection
• Performance baseline monitoring

Common Issues and Solutions

• Slow speeds: Check for duplex mismatches, cable quality
• Connectivity drops: Verify VLAN configurations, check logs
• WiFi issues: Channel optimization, interference analysis
• Security alerts: Log analysis, rule verification

Documentation Links

For more detailed configuration examples and troubleshooting guides, see: - Setup Details - Hardware specifications - Services - Hosted services configuration - AI Setup - AI infrastructure details

---

Last updated: [Current Date] Network topology subject to ongoing optimization and expansion