My Home Network🔗︎
In the past, I've used a variety of vendor provided hardware to work at the edge of my home network. They're all too eager to give away free gear in hopes of getting in the door of your employer. Anyways, it was high time I rolled my own HW.
My decision was a toss-up between raw linux on a Pi, or OPNsense on a mini PC. I opted for the latter... Mostly due to the popularity around OPNsense / PFsense and some of the simplicity gains there. But also, Pi's were hard to come by. A mini PC with more interfaces sounded great for a firewall, so I ordered a Qotom Q750G5
Note
Annectodally, if I were to pursue a Pi, I'd do something along these lines:
The Hardware🔗︎
A new firewall was the genesis of my home network upgrades, which ultimately included new wifi, servers, and switches.
Firewall🔗︎
The Qotom mini PC has 16GB of Ram, and a 64GB SSD. Memory has yet to crest 20% utilization in the months I've been running this box. For a good overview of the hardware, and OPNsense installation see this post by a fellow network engineer.
Switches🔗︎
My primary switch is a Ubiquiti US-8-150W. Great because it's fanless, has an internal power supply, and will do up to 30W of PoE per interface with a total power budget of 140W. There are a number of 5-port switch flex minis around the house as well to provide wired connectivity wherever I'd like.
Ubiquiti has had their fair share of rough spots over the years. I've been happy with the hardware, it's served me well... but come time to upgrade, I'll be hard pressed to buy from UI again for the following reasons:
- The TLDs...
www.ubiquiti.comis not ubiquiti. They used to bewww.ubnt.com... and you can still find content hosted under the ubnt TLD. They're now at ui.com - the transition was not smooth. - Somewhere along the line they changed usernames to email addresses, which is fine, but also was not a smooth transition.
- The breaches in '21 were fairly harrowing. Eventually involving the FBI, and DOJ which you can read more about here.
Anyways, YMMV. For the time being, the gear serves me well.
Servers🔗︎
Home lab "servers" are great these days. It's remarkable how much power / dollar you can buy. I purchased a pair of Dell Optiplex 7050s off ebay for under $100. Way more headroom than a pi, and not a whole lot more spendy. I also run Pi-hole on a Raspberry Pi 4B. Everything's mounted on a board in my basement, nice and tidy.
NAS🔗︎
My most recent edition, an AS6704T NAS from Asustor. I filled it with commodity grade 4TB HDs from Seagate, and two 500GB M2 drives for Read & Write cache. I run SMB, AFP, NFS, SSH, and Jellyfin. It works great as a media server, with support for realtime transcoding. I was also able to get some stats in Grafana (more on that in another post):
Lastly, I keep an offsite backup in an AWS S3 bucket. The Glacier Deep Archive tier storage is as cheap as it gets at roughly $1/1TB/Month.
The Software🔗︎
I could (and maybe will) write a blog post for each piece of software identified here. These are all programs I've been wanting to run for some time, and finally this year I bought the servers, and allocated the time to do it.
OPNSense🔗︎
Right from their site OPNsense is an:
open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform
I chose OPNsense over PFsense primarily because I know more people who run it. Updates are easy, and there's a built-in plugin marketplace that's quite handy. It's my stateful firewall, my DHCP server, and my wireguard VPN concentrator.
Pi-hole🔗︎
Man, what a great project. And the level of detail put into onboarding / installation deserves applause. The bane of many OSS projects, is the level of expertise they require to get up and running. Pi-hole is a rare exception. Installing and configuring the software couldn't be easier, and if you end up needing help, the community is vast.
NetBox🔗︎
I run this in production at work, and the maintainer is no stranger to any Network Engineer. Many of us have Jermey Stretch's cheatsheets hanging at our desks.
NetBox was originally built as an IP Address Management (IPAM) application for Digital Ocean. It's now grown into a fully fledged DCIM platform. At home, I use it to document IP addresses on my network, but I also model every connected device with the Device Type Library. Once all devices are added, you can create cables, and generate cable traces so you know exactly where things are:
You can also setup panels on the homepage with quick links to services, or RSS feeds, etc... Check out more on the public demo site here!
Prometheus / Grafana🔗︎
I enjoy collecting data on the things around me. Whether it's Internet health, or Air quality, or the planes flying overhead... collecting data is fun! and visualizing it is even more fun. Having Grafana available to plot anything I want is great.
Other🔗︎
What's listed above comprises the primary network components. I'm running other software, like Home Assistant, and some open source Software Defined Radio applications, though I consider them seperate from my Home Network.
🎉 -Happy New Year- 🎉