Actions
Forum Thread Details
  • Replies 4 replies
  • Subscribers 81 subscribers
  • Views 310 views
  • Users 0 members are here
Related

Computer network design: Replacing the coffee-break napkin discussion.

colporteur

I am looking for input from members in the E14 community that have computer network experience. The block diagram is the drawing of a small farming business network.

image

The network is one IP subnet spread across three physical locations. The subnet has about 50 IP consumed across the three areas. The edge router is in the office. Wireless point-to-point devices connect the seed-plant and residence to the office.

Inside the seed-plant and residence are routers that route the programmable logic controller and home devices, respectively. This routers will remain. What is happening behind the seed-plant router is expanding.

My plan is to replace the current edge router with a router capable of creating multiple networks. Four subnetworks to start: office, seed-plant, residence and wifi-guest-network that doesn't exist today. These networks will be interconnected and have internet access. The new edge router will isolate the the wireless guest-network and provide internet access only. I hope to combine the VPN access into the router and eliminate the VPN appliance.

One valuable resource I miss since retirement is coffee-break time with the team. It was not uncommon for someone to start a discussion on a napkin drawing. The napkin formed a centrepiece for group discussions.

I’m looking for that napkin discussion with members from the E14 Community. I encourage you to ask questions and provide feedback. Even if you don’t have computer networking experience, please join the discussion. Answering your questions may flush out some ideas  I wasn’t thinking about.

After retiring, I took on the role of break-fix for the company that owns this network. Now that the network is stable, and the company is proposing expansion, I feel it is time to implement the network plan I created five years ago.

What are your thoughts?

Parents

  • So keep in mind I'm not a networking expert, but I do run a 1G/10G setup at home. 

    I'd consider getting a "security router" for your edge router - they usually have builtin VPN support. I have a Cisco, but I've heard good things about Firewalla so that might be my next option when the Cisco stops getting updated (they tend to drop SOHO routers after about 5 years; I'm on my second one now. The good thing about the router I have is it's "multi-wan" so I can have a backup connection to a second ISP if my primary drops, or I can configure splitting the bandwidth between them.)

    I'd also suggest using smart switches for the Seed Plant AND the residence as that will allow you to set up VLANs with different rules, e.g. making sure nothing from the seed plant gets to the residence, but both can be seen by the office (if that's what you want). That will give you configuration flexibility for future topological changes, as it would just require rule changes on the smart routers. 

    Smart switches and routers can also connect to each other using trunking. For example I trunk multiple 1G ports between my 10G switch and my 1G switch to increase the bandwidth between them.

    Question: why do you have additional routers hanging off the seed plant and residence switches? Normally that connection would be reversed (router first, switch to expand the number of LAN ports on the router).

  • in reply to bradfordmiller

    The edge router will be a MikroTik RB4011iGS+5HacQ2HnD-IN. It is currently an AX11000 gaming router. The price was right (free) and I was desperate in need of a performance solution. I was discouraged from using the MikroTik it in favour of more friendly options. I'm still not confident I have made the right choice. It has little in the way of hand holding to configure it. I am on the task of configuring openvpn, a configuration it supports.

    Only one of the switches supports VLANs. That is the unit in the office area. The network I took over in 2018 was a /8 subnet from an Apple router in the residence. It has morphed into what it is today. I'm on the cusp of making a big shift.

    The extra router in the house was my attempt at isolating the myriad of consumer electronics that taxes the resources of the edge router. The edge router originally was in the residence. The network flowed from their. The seedplant was a modem configured to network to the seedplant over an abandoned phone line through an outbuilding to the residence. 

    The router in the seedplant, with no input from me, was a vendors solutions to isolate the PLC motor controllers and sensors in the seedplant and add a management system to the seedplant.

    There is another network (well not really) a bunch of IP's that are assigned to some poorly implemented development systems in the seedplant. At some point I will need to beat them into submission.

    I don't see advantages to VLANs at this time. At times seedplant traffic needs to get to the residence. The owners wants to examine systems. Please correct me if VLAN holds something I am missing. I examined the option before looking at routing and turned left at routing instead of right to VLAN. Maybe VLAN is the future. It would require some hardware to implement.

  • in reply to colporteur

    One of the main advantages of a VLAN (and you can google for a more comprehensive list), is security, in that you might want seed plant data going to the owner's home computer, but not to the TV (where who knows where it might get re-transmitted to). VLANs let you set up explicit rules for data sharing or isolation, and might replace most of what you are doing with the subordinate routers in your configuration simplifying (re)configuration. VLANs can generally (you'd have to check your specific router or switch) for either port-based or protocol based membership. I use port based so I can, for instance, make sure any data flowing from/to my MIL's TV and smart appliances have no interaction with my office machines (which have often dealt with IP under NDA, etc. particularly during COVID). So with a relatively straightforward physical setup, you can then software configure multiple virtual networks (which can appear invisible to other virtual networks) and modify them as needs change.

    An advantage of smart switches (not just enabling VLANs or trunking), is remote management, e.g., if there's an issue, I can use the web interface to the switch and quickly determine, e.g., if a particular device is using it's port, blasting out too much data, etc. That saves time when debugging issues (they don't come up that often, but just looking at blinky lights on the switch can be a problem when, in my case, I've got about 10 switches in various locations around the house, and that doesn't always help with finding the root cause of congestion!). Many of those switches are small & dumb, but having a smart switch they connect to makes it much easier to get an overview of what's going on in the network.

Reply
  • in reply to colporteur

    One of the main advantages of a VLAN (and you can google for a more comprehensive list), is security, in that you might want seed plant data going to the owner's home computer, but not to the TV (where who knows where it might get re-transmitted to). VLANs let you set up explicit rules for data sharing or isolation, and might replace most of what you are doing with the subordinate routers in your configuration simplifying (re)configuration. VLANs can generally (you'd have to check your specific router or switch) for either port-based or protocol based membership. I use port based so I can, for instance, make sure any data flowing from/to my MIL's TV and smart appliances have no interaction with my office machines (which have often dealt with IP under NDA, etc. particularly during COVID). So with a relatively straightforward physical setup, you can then software configure multiple virtual networks (which can appear invisible to other virtual networks) and modify them as needs change.

    An advantage of smart switches (not just enabling VLANs or trunking), is remote management, e.g., if there's an issue, I can use the web interface to the switch and quickly determine, e.g., if a particular device is using it's port, blasting out too much data, etc. That saves time when debugging issues (they don't come up that often, but just looking at blinky lights on the switch can be a problem when, in my case, I've got about 10 switches in various locations around the house, and that doesn't always help with finding the root cause of congestion!). Many of those switches are small & dumb, but having a smart switch they connect to makes it much easier to get an overview of what's going on in the network.

Children
No Data