as you can easily guess, i’m networking geek.
my home network was thus built with hacking, not with ‘smallest footprint possible’ in mind. it’s great if you can test your “great” ideas before recommending them to anyone, and of course getting feel of new features is also a plus in this case.
so, my first assumption was it has to be fast - fiber. both floors are connected with fiber network, that’s aggregated near front door, in the cloakroom. the room itself is however small, and won’t let me put whole 19" rack there… so we need to haul traffic back to my dedicated server room downstairs (yes, my desk along with server room is located below the ground level, which has its own benefits).
that’s why cloakroom is where my first active device is located - it’s actually a Catalyst 2960 24TQ-LL switch, that aggregates all external service provider links - two fiber and one over copper. that switch also serves as local attach point for part of WLAN network, consisting of two Cisco Aironet 3802i, powered by 802.3at, and “servers”, consisting of single Intel NUC NUC5i5RYH and Raspberry Pi 3B+ running anycasted DNS service (i’ll describe it later in this mini series). 10GE ports of the switch are grouped together in LACP Etherchannel and connect the “aggregator” switch to Nexus 9372PX-E switch in the server room, acting as “core” switch for my network.
in the living room, there’s another fiber satellite - Catalyst 2960CX switch, that is “powering” audio and video equipment, local WLAN AP - Cisco Aironet 3802i and A/V NAS (old QNAP unit, quiet but quite powerful, with 6x2TB HDDs in RAID5). this switch doesn’t have 10GE ports, but two-port 1GE LACP aggregation is still enough - we’re not using nearly half of it yet, even with 802.11ac transfers from many home devices. again, that port aggregation is connected to “server room” Nexus 9372PX-E.
my working desk in the “basement” is most busiest place in home. it is also using Cisco Catalyst 2960 24TQ-LL to connect everything around my main desk to the “core” Nexus 9372PX-E, which means following connections:
- all my stationary PCs, Macs, Raspberry Pi and another local NAS 2-drive unit
- my corporate CVO (Cisco Virtual Office) router, providing me with dedicated VPN tunnel - it’s using Cisco 892W and next to it it’s my home video terminal - Cisco DX80
- another WLAN AP, covering all of the “basement” - Cisco Aironet 3802i
- two NUC units (also used to do some VM testing)
- Playstation 4 (connected over WLAN)
this 2960TQ-LL switch is again connected over 2x10GE LACP connection to “server room” Nexus 9k switch. in the “server room”, below that specific Nexus 9k acting as core L2/L3 switch, there’s other gear. a lot of it… :) just from the most important elements, you can find here:
- ASR 1001X - internet access router, running BGP, ACLs, ZBFW, NAT, IPv6 tunnels to HE and other stuff
- Nexus 9372PX-E - my “core” switch, running 10GE and 100GE links, doing inter-VLAN routing
- Nexus 31108TC-V - my “access” switch, for all the switches and routers in the rack requiring copper interfaces - and also for dedicated management interfaces
- Firepower 2110 and cluster of two ASA 5516-X - running FTD and VPN features, also enabling me to experiment with different setups as well as beta software :)
- two other Intel NUC NUC5i5RYH - lightweight and low power virtualization platform
- UCS servers, for software requiring much more CPU and RAM power
- …and a lot of additional network and security gear i will some day describe in detail
so if you’d like to imagine simple home network - this is not one of them :)
i’ll tackle the specific topics in the next parts of this mini-series.
if you have questions about specific features running on that equipment - please let me know. i’ll be happy to describe something that may be of interest.