Vezpi/Blog
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity

Auto-update blog content from Obsidian: 2025-05-19 16:15:27
All checks were successful
Deploy / Deploy (push) Successful in 3s
Details

Browse Source
This commit is contained in:
Gitea Actions 2025-05-19 16:15:27 +00:00
parent fad6d22fd6
commit cf3981ca2d
1 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
content/page/homelab/index.md
View File

@ -139,27 +139,24 @@ Layer 2 networking is managed by **UniFi switches**, chosen for their sleek UI a
A 2.5Gbps UniFi switch is dedicated to Ceph storage communications, isolating storage traffic to prevent interference with other networks. A 2.5Gbps UniFi switch is dedicated to Ceph storage communications, isolating storage traffic to prevent interference with other networks.
I initially set up **LACP** (Link Aggregation) between the router and the main switch, hoping to double bandwidth. Reality check: it doesnt. LACP provides redundancy and load balancing, not bandwidth aggregation. It was a good learning experience, but not essential for this setup. I set up **LACP** (Link Aggregation) between the router and the main switch at 1Gbps, hoping to double bandwidth. Reality check: a single session will only use one link, meaning that a single download will still cap at 1Gbps.
#### VLANs
---
#### **VLANs: Segmented Network Design**
To segment traffic, I divided the network into several VLANs: To segment traffic, I divided the network into several VLANs:
| VLAN ID | Name | Purpose | | Name | ID | Purpose |
| ------- | ---------- | -------------------------------------------------------------- | | --------- | ---- | ---------------------------- |
| 10 | Management | Access to infrastructure devices, including OPNsense and UniFi | | User | 13 | Home network |
| 20 | Services | Web servers, containers, VMs | | IoT | 37 | IoT and untrusted equipments |
| 30 | IoT | Smart devices, isolated from the rest of the network | | DMZ | 55 | Internet facing |
| 40 | Storage | Ceph traffic, isolated for data replication | | Lab | 66 | Lab network, trusted |
| 50 | Guests | Internet-only access for visitors | | Heartbeat | 77 | Proxmox cluster heartbeat |
| Mgmt | 88 | Management |
| Ceph | 99 | Ceph |
| VPN | 1337 | Wireguard network |
Each VLAN has its own DHCP pool managed by OPNsense, allowing for controlled segmentation and simplified management. Each VLAN has its own DHCP pool managed by OPNsense, excepted the Heartbeat and Ceph ones.
#### DNS
---
#### **DNS: Layered and Encrypted**
DNS is structured in two layers within OPNsense: DNS is structured in two layers within OPNsense: