Completely rebuilt my network. Wireless is the fantastic @ubnt hardware. (these are nano-HDs) IP cameras are all UniFi G3’s. In short, I’d seriously consider any hardware Ubiquiti produces.
The wired network is all centered around a set of 5 Cisco switches, (mostly because I have 20 years of Cisco ios) trunked together by fiber runs between basement and attic and a few Ethernets. (connecting switches on other floors)
There are 4 VLANs, all independently routed. All the @ubnt hardware supporting VLAN trunking is using it. User and guest wireless networks, for example, are just separate VLANs on the same physical Ethernet.
At the heart is Linux iproute2 which routes / NATs everything. Connections again are all VLAN trunk ports although the divide between public internet and private networks are physically separate Ethernets.
IoT devices, all HomeKit in my case, are on their own VLAN with heavily restricted access to anything else internal. The AppleTVs and HomePods “hub” the IoT devices which are mostly @Leviton Decora Smaet dimmers and switches.
This brings up an interesting quandary - if the AppleTVs are on a network without access to other internal networks (namely the user network!) how does one screencast to an AppleTV? I do this with a one-way punch between the networks.
User devices can initiate TCP and UDP traffic to the IoT network but not the other way around. Once a session is started, however, IoT devices can respond. But, you say, how are the AppleTVs discovered if their mDNS packets aren’t on the user network?
The answer is mdns-repeater working across the VLANs. When an mDNS packet appears on one network, it is copied onto the other. This allows all devices to be mutually discoverable but connections only initiated in one direction. (The app with my minor fix: https://github.com/anders94/mdns-repeater)
anders94/mdns-repeater

Contribute to anders94/mdns-repeater development by creating an account on GitHub.

https://github.com/anders94/mdns-repeater
Other HomeKit hardware includes the iHome plugs and the Unifi cameras. “Wait!”, you say, “Unifi cameras don’t support HomeKit!”. Not natively (yet?) but https://homebridge.io  fixes that. (thanks node.js!)
All in, you have complete control using no third party apps regardless of what internal or external network you are on.
Just about all @ubnt hardware is standard PoE so the switches, APs, cameras, etc. all have UPS (CyberPower in my case, don’t love it but there we are) through a rack PoE injector. This is the attic “stack” - an almost identical setup exists on most floors.
All servers are Intel NUC or Mac Minis (running Linux) to keep the power costs down. Admittedly this might use some upgrading but I tend to run hardware much longer than most. “Good enough” and all...
I’m going to write up a Medium on the configuration but I thought this way would be a fun overview. The most interesting parts are the iptables setup and the VLAN trunking / routing.
Other fun things are the basement to attic and office fibers that are link aggregated so if one is cut, there is no loss in connectivity. It’s fun to unplug one or the other at will.
Also, all DHCP and DNS for all networks is done via Linux as is NAT and any cross network routing.
But I digress. I’ll write it up at some point. Hope you all enjoyed!
You can follow @anders94.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more