Need help designing new Home Network with FIOS

[Dropndestroy]

So we are moving to a new home and I was tasked with setting up a new home network that will cover the new needs. Our current setup will not work at all in the new home as it less than half the size. I am a sw dev and so I approached this task like I would any other task so please ignore any weird wording

I am looking for any advice on improvements or potential pitfalls. If you need any more info please ask away!


------------------------------------------------
NETWORK EXPANSION PLAN


PURPOSE: SIMPLIFY, MODERNIZE, EXPAND CURRENT NETWORK TO MEET NEW DEMANDS


CURRENT SETUP/EQUIPMENT:
http://imgur.com/9QsmSCl




Verizon router receives internet from ONT through ethernet which is wired to all the home’s ethernet ports. The secondary routers act as APs and switches. Each secondary router runs it’s own SSID. Problems with this setup is poor wireless performance and regular need to reboot main router (Verizon). Managing port forwarding and managing the ~30 clients is a nightmare. Wired performance is as expected when wired directly to the main router, however the connection is intermittently dropped on clients when network intensive tasks are run and slow when not dropped. (File transfers, playing online games)




PROPOSED NEW SETUP/EQUIPMENT:
http://imgur.com/a/1rm9h


- ENVIRONMENT:
12000 SQ. FT. 3 FLOORS LIVING SPACE WITH TOTAL SIZE OF PROPERTY AT ¾ ACRES.
CAT 6 CABLING TO 8+ DROPS (2 CONNECTIONS (?) PER DROP)
EXISTING 16P SWITCH PROVIDED
NO DROPPED CEILINGS OR CEILING CABLE DROPS
NETWORK REQUIREMENTS:
50-100 CLIENTS (WIRELESS AND WIRED COMBINED WITH MAJORITY WIRED)
300 Mbps SYMMETRICAL FIBER CONNECTION
EACH PHYSICAL CABLE DROP LOCATION WILL HAVE 0-5 WIRED CLIENTS
VIDEO STREAMING (UP TO 4K)
NETWORK SEGMENTATION (PRIVATE SECURED / GENERAL USE / GUEST)
POTENTIAL FOR MORE EXPANSION (3-4000 SQ. FT. / 5-10 IDENTICAL CABLE DROPS INITIAL ASSESSMENT)


- POTENTIAL CLIENTS
2+ XBOX ONE
2+ PS4
5+ FIRE TV
10+ LAPTOPS
2-3 WORKSTATIONS (1 10GbE CLIENT BUT NOT IN USE)
10+ SMARTPHONES
5+ SMART TVS
NUMEROUS SMART HOME APPLIANCES




CURRENT SETUP DOES NOT COVER CURRENT NEEDS AT ALL AND NEW NETWORK NEEDS TO COVER ANY POTENTIAL EXPANSIONS EASILY
-----------------------

I was aiming for option 7 in the FIOS networking guide (non verizon primary router). Link to that page here: http://www.dslreports.com/faq/verizonfios/3.1_General_Networking



Thanks!

 

[System Error Message]

a lot of ISPs still give out crappy routers. Some like BT/BT related in the UK are giving out better routers now for those basic users.

My suggestion would be to get yourself a better router depending on your skill and usage. If you dont have the skill (as you probably havent figured out by still using the ISP provided router) than my suggestion is

check the switch, is it gigabit or fast ethernet? If it doesnt have gigabit ports than you will need a new switch with more ports.Unless you're dealing with raw 4K 100Mb/s is sufficient. raw 4K requires more than gigabit to handle but for the switch you do need gigabit ports. There are flat ethernet cables for cabling runs.

You can use APs like ubiquiti AC APs or you can use consumer wifi routers as both switches and wifi APs, price wise is about the same if you consider the wireless type and bandwidth into the mix but it is cheaper to use ubiquiti AC APs for coverage.

For segmentation you need a managed switch and non consumer router. If your segmentation goes all the way to the client than your 5 port switches will need to be managed too. This means you may have to drop the switch that was included if it cant be managed. At minimum you need vlans and ubiquiti AC APs and other non consumer APs support segmentation by binding an SSID to a vlan. Layer 3 segmentation however will need layer 3 switches if you dont want all layer 3 communication going through the router for inter vlan communication.

If your cable drops accommodate multiple clients rather than 1 cable to a switch at each point than that 16port switch may not be enough especially if the majority will be wired. You can use 5 port switches at each location or get 1 big 48 port switch. All switches will need to be managed (semi managed at least) with vlans and if they are layer 3 switches thats even better.

For your router i would suggest mikrotik as they can easily support your speeds but it seems you lack the skill. pfsense is good consideration but you will need to find a PC to run it on. Ubiquiti edgerouters arent fast enough for your connection with QoS. You should also avoid using any VPN routers as those things have been obsolete and arent actually able to cope with current demands even if its the cisco rv. The cisco SG switch however is a good semi managed switch.

 

[CaptainSTX]

Will you be getting video service from Verizon? If yes your network must incorporate distributing the video to all TV locations. Normally this is done using the MOCA built into the Actiontec router provided by Verizon. If you are getting video from Verizon I would double NAT a managed switch behind the Actiontec, setup your VLANs to isolate your LAN segments, install routers repurposed as APs where you need either or both additional Ethernet ports and Wifi APS.

I found that the Actiontes router that Verizon provided worked fine and that my network was more stable with the Actiontec router in front of my ASUS router.

Also keep in mind if you EVER need Verizon's help or assistance in trouble shooting your network they will demand/require you connect your computer to the Actiontec router they supply. They are not willing or at least able to help trouble shoot what they consider a non standard setup. This is another reason to connect their modem directly to the OTN.

It is worthwhile having them setup the OTN to output data to its Ethernet port instead of the coaxial output which is standard. Then if the Actiontec router fails you at least have the option to connect your own router to the OTN and get your data service working while awaiting the arrival of a new Actiontec router.

Another possibility for your home is to use a single cable card and Tivos. You then use your Ethernet network to distribute video. Just the primary Tivo is connected to the coaxial cable. while the cost of purchasing the Tivo and the Tivo minis is high you save considerable month rental fees. The Tivos DVR and user interface is much better than cable companies set top boxes.

 

[sfx2000]

Don't really need to have all of those ER-X's...

It's been a while since I've looked at Verizon, but if memory serves me right...

At the Demarc, they'll put the network interface device, and then a run (called the home run) into a CPE (Customer Prem Equipment) inside the house.

If you're just broadband, one can bridge that guy, and run whatever, otherwise, if triple play (Voice/Video/Broadband), then you're stuck with their box...

Typically they'll VLAN out the three services - this is from memory, so they might have changed, but the broadband VLAN can be forwarded over to the customer's private equipment - alternately, one can set up the DMZ depending on the CPE, and connect thru there, but one might get into Double-NAT for IPv4 (IPv6 will be fine, as long as it's enabled in the private router)

So -- NID --> ONT/CPE --> their stuff for video/voice

And then ONT/CPE on the bound port for VLAN/DMZ for private Gateway.

I would consider a single 16-24 port POE managed switch as the switching core - and then do your runs out to the Uni-FI's

Rule of thumb on the AP"s - 2500 sq ft for 2.4GHz, 1500 sq ft for 5GHz, so plan accordingly - use 5GHz in high traffic/usage areas, and backstop with 2.4GHz for whole house/yard coverage...

Spend wisely, and it'll be a good network - the ER's are fairly decent, however, the low-end is a bit challenged for GW/NAT/Routing above 500Mbits/Sec - so might step up a model - the Uni-FI AP's are well regarded - note that you'll likely want to have a small hotel server to run the management firmware - doesn't need to be awesome, just something that runs Windows and doesn't use much power (HP Stream 11 cloudbook comes to mind, as it has keyboard/monitor and battery as an all-in-one solution, and just keep into in the network closet running - kensington slot is available that one can secure it down so it don't walk away...)

(OP's net plan attached below)

 

[sfx2000]

As a side note - N600/N900 seems to do ok with POE, but it's been my experience that AC1750/AC1900 class AP's can pull more current than POE can reliably deliver, and there are run run restrictions there to consider as well...

So might consider powering the AP's locally...

Hopefully you'll get a good premises tech for the FIOS install - what you're looking at isn't all that uncommon, so the more experienced guys can also help with the initial config on carrier side that will make things a bit easier - big thing is don't let him leave until everything is working as expected with the broadband side...

 

[Dropndestroy]

Don't really need to have all of those ER-X's...

It's been a while since I've looked at Verizon, but if memory serves me right...

At the Demarc, they'll put the network interface device, and then a run (called the home run) into a CPE (Customer Prem Equipment) inside the house.

If you're just broadband, one can bridge that guy, and run whatever, otherwise, if triple play (Voice/Video/Broadband), then you're stuck with their box...

Typically they'll VLAN out the three services - this is from memory, so they might have changed, but the broadband VLAN can be forwarded over to the customer's private equipment - alternately, one can set up the DMZ depending on the CPE, and connect thru there, but one might get into Double-NAT for IPv4 (IPv6 will be fine, as long as it's enabled in the private router)

So -- NID --> ONT/CPE --> their stuff for video/voice

And then ONT/CPE on the bound port for VLAN/DMZ for private Gateway.

I would consider a single 16-24 port POE managed switch as the switching core - and then do your runs out to the Uni-FI's

Rule of thumb on the AP"s - 2500 sq ft for 2.4GHz, 1500 sq ft for 5GHz, so plan accordingly - use 5GHz in high traffic/usage areas, and backstop with 2.4GHz for whole house/yard coverage...

Spend wisely, and it'll be a good network - the ER's are fairly decent, however, the low-end is a bit challenged for GW/NAT/Routing above 500Mbits/Sec - so might step up a model - the Uni-FI AP's are well regarded - note that you'll likely want to have a small hotel server to run the management firmware - doesn't need to be awesome, just something that runs Windows and doesn't use much power (HP Stream 11 cloudbook comes to mind, as it has keyboard/monitor and battery as an all-in-one solution, and just keep into in the network closet running - kensington slot is available that one can secure it down so it don't walk away...)

(OP's net plan attached below)

View attachment 7834

Thanks for responding!

My idea with the ER-Xs were to allow more ethernet ports at each location and have it act as a switch. Is this not a good idea?

At the current location, the verizon techs setup was (mind you this was around 10+ years ago): ONT -> (ethernet) -> Verizon Router -> which was wired up to all the locations with ethernet ports. I was hoping this was still the case as I'm more familiar with that route. In the DSLReports linked in the OP, there were a number of setups with their pro's and con's. Are those no longer applicable?

For the Unifi controller, I have a couple of old chromebooks available so that should be covered. Didn't even think to use them instead was going to use the existing AWS servers we have available.

 

[Dropndestroy]

As a side note - N600/N900 seems to do ok with POE, but it's been my experience that AC1750/AC1900 class AP's can pull more current than POE can reliably deliver, and there are run run restrictions there to consider as well...

So might consider powering the AP's locally...

Hopefully you'll get a good premises tech for the FIOS install - what you're looking at isn't all that uncommon, so the more experienced guys can also help with the initial config on carrier side that will make things a bit easier - big thing is don't let him leave until everything is working as expected with the broadband side...

Ahh, did not know that about the APs. Will keep that in mind. Thanks!

 

[sfx2000]

My idea with the ER-Xs were to allow more ethernet ports at each location and have it act as a switch. Is this not a good idea?

Not their intended purpose - and one can get decent quality 5 and 8 port unmanaged switches for less than $50USD...

At the current location, the verizon techs setup was (mind you this was around 10+ years ago): ONT -> (ethernet) -> Verizon Router -> which was wired up to all the locations with ethernet ports. I was hoping this was still the case as I'm more familiar with that route. In the DSLReports linked in the OP, there were a number of setups with their pro's and con's. Are those no longer applicable?

Should still pretty much apply - do note however, that both the Telco's and Cable Operators have improved their Premises equipment significantly - to the benefit of customers, but more to align with vertical services they offer now and in the near future, esp. with regards to the Smart Home segment of the Internet of Things...

For the Unifi controller, I have a couple of old chromebooks available so that should be covered. Didn't even think to use them instead was going to use the existing AWS servers we have available.

Not sure if the Unifi controller SW would run on a Chromebook - maybe it can

But keeping the Management aspects inside the LAN would be my suggestion - cable cuts and outages happen, and if the WAN interface is lost... There's a security implication here as well, as one would only be as secure as AWS is...

 

[Dropndestroy]

Not their intended purpose - and one can get decent quality 5 and 8 port unmanaged switches for less than $50USD...



Should still pretty much apply - do note however, that both the Telco's and Cable Operators have improved their Premises equipment significantly - to the benefit of customers, but more to align with vertical services they offer now and in the near future, esp. with regards to the Smart Home segment of the Internet of Things...



Not sure if the Unifi controller SW would run on a Chromebook - maybe it can

But keeping the Management aspects inside the LAN would be my suggestion - cable cuts and outages happen, and if the WAN interface is lost... There's a security implication here as well, as one would only be as secure as AWS is...

Do you recommend any switch that has the same profile as the ERX? Small, PoE powered, black and managed.

 

[sfx2000]

Do you recommend any switch that has the same profile as the ERX? Small, PoE powered, black and managed.

Not really - consider that POE and Managed is a cost adder - There's a couple of Netgear's in their GS-108 series, check there perhaps..

Are you certain you need managed switches on the runs out to the AP's, generally one can get away with not, as most modern unmanaged switches will pass thru the VLAN tags if that's what you're looking for there.

 

[Dropndestroy]

Main draws for me with Managed is the ability to monitor traffic, but if I can get away with monitoring traffic from the main switch I can go that route. Then the criteria to look for that would be cheaper than the ERX is small, black and PoE.

 

[sfx2000]

Main draws for me with Managed is the ability to monitor traffic, but if I can get away with monitoring traffic from the main switch I can go that route. Then the criteria to look for that would be cheaper than the ERX is small, black and PoE.

Ok, but you can do that on the primary managed switch, so no need for intermediate data collection points - and if one wants, do some SNMP traps on the UniFI AP's for wireless load there... that managed switch can also track your WAN side on the uplink.

One can have too much data - focus on the core and on the edges...

 

[sfx2000]

You can use APs like ubiquiti AC APs or you can use consumer wifi routers as both switches and wifi APs, price wise is about the same if you consider the wireless type and bandwidth into the mix but it is cheaper to use ubiquiti AC APs for coverage.

Where consumer Router/AP's converted into AP only mode is most lack the ability to bind an SSID to a VLAN - the only one I know under $200 for AC1900 class is the Airport Extreme, and there, it's only one...

The UniFI-Pro's can do a lot more... same goes with some of the business oriented AP's like Linksys's business line and some of the Engenius stuff - but the UniFI's are a good value here, and I have no problems recommending them...

 

[sfx2000]

Main draws for me with Managed is the ability to monitor traffic, but if I can get away with monitoring traffic from the main switch I can go that route. Then the criteria to look for that would be cheaper than the ERX is small, black and PoE.

Keep in mind your primary purposes, and look at the first one... don't introduce complexity (and cost) if you don't need it...

PURPOSE: SIMPLIFY, MODERNIZE, EXPAND CURRENT NETWORK TO MEET NEW DEMANDS​

 

[Dropndestroy]

I have been looking for a switch that fit the criteria of poe + low key, but they only ones that showed up in Newegg or amazon were at or above the ERX price :\

Doing some more research, I believe I can simplify the setup a bit.

New plan is : Internet -> ONT -> (ethernet) -> EdgeRouter Lite -> existing switch -> FIOS Router and all other LAN devices and APs

Source: DSLReports.com

I can use the PoE injector included with the Unifi AP Pros. Each drop is 2 ports so it would only take up one each. I'm still leaning on getting ERX as a switch with the same purpose as listed earlier, but that can be decided afterwards. Keeping it simple to start is better off. This also keeps all the verizon TV services intact.

 

[System Error Message]

that many ER-X, quite a waste

I have been looking for a switch that fit the criteria of poe + low key, but they only ones that showed up in Newegg or amazon were at or above the ERX price :\

Doing some more research, I believe I can simplify the setup a bit.

New plan is : Internet -> ONT -> (ethernet) -> EdgeRouter Lite -> existing switch -> FIOS Router and all other LAN devices and APs

Source: DSLReports.com

I can use the PoE injector included with the Unifi AP Pros. Each drop is 2 ports so it would only take up one each. I'm still leaning on getting ERX as a switch with the same purpose as listed earlier, but that can be decided afterwards. Keeping it simple to start is better off. This also keeps all the verizon TV services intact.

That doesnt exactly sound that great. Your primary use for network is software development and you need segmentation. The FIOS router will get in the way of that not to mention it being unreliable.

You need non consumer equipment. I would not suggest the ERL as with QoS it drops to 100Mb/s with NAT. With a non consumer switch you can set up all the vlans so that even IPTV can work but you may lose VOIP if it is handled by the FIOS router. The best setup would be ONT/SFP -> Router -> switch -> APs/network . For the switch theres plenty to choose from except from dlink, as long as it is semi managed, supports vlans and if you can it should ideally also support layer 3 routing if you want inter segment communication not to go through router but thats optional as configurable routers can be set to filter the communication so you can selectively allow/deny things between the segments.

For a router mikrotik is a lot better as they are focused that way and have better performance than the edgerouter when it comes to QoS and other features that cant be hardware accelerated, even their hardware acceleration is more flexible.


Semi managed 5 port gigabit switches are cheaper than the ER-X. The ER-X has a switch chip so that limits its layer 3 throughput.

 

[Dropndestroy]

that many ER-X, quite a waste

That doesnt exactly sound that great. Your primary use for network is software development and you need segmentation. The FIOS router will get in the way of that not to mention it being unreliable.

You need non consumer equipment. I would not suggest the ERL as with QoS it drops to 100Mb/s with NAT. With a non consumer switch you can set up all the vlans so that even IPTV can work but you may lose VOIP if it is handled by the FIOS router. The best setup would be ONT/SFP -> Router -> switch -> APs/network . For the switch theres plenty to choose from except from dlink, as long as it is semi managed, supports vlans and if you can it should ideally also support layer 3 routing if you want inter segment communication not to go through router but thats optional as configurable routers can be set to filter the communication so you can selectively allow/deny things between the segments.

For a router mikrotik is a lot better as they are focused that way and have better performance than the edgerouter when it comes to QoS and other features that cant be hardware accelerated, even their hardware acceleration is more flexible.


Semi managed 5 port gigabit switches are cheaper than the ER-X. The ER-X has a switch chip so that limits its layer 3 throughput.

Primary use is not Software Development. Primary use is to just support all the devices.

The FIOS router is necessary to keep FIOS TV functions intact.

As for the Mikrotik and ERL, I am using this topic as a baseline comparison. Can you point me to what it leaves out? I'm still leaning towards a ERL. : http://www.geekzone.co.nz/forums.asp?ForumId=66&TopicId=195296

 

[sfx2000]

Semi managed 5 port gigabit switches are cheaper than the ER-X. The ER-X has a switch chip so that limits its layer 3 throughput.

I'm not set against ER-X in OP's case - as it does offer some flexibility, but at a cost... not just in Dollars and Cents, but also as SEM mentions, some layer 3 impact...

@System Error Message mentions - semi-managed switches, e.g. "smart" switches would go a long way, and they're fairly cost efficient, however, I'm still of the opinion that "dumb" switches are good enough, as noted above...

 

[System Error Message]

Primary use is not Software Development. Primary use is to just support all the devices.

The FIOS router is necessary to keep FIOS TV functions intact.

As for the Mikrotik and ERL, I am using this topic as a baseline comparison. Can you point me to what it leaves out? I'm still leaning towards a ERL. : http://www.geekzone.co.nz/forums.asp?ForumId=66&TopicId=195296

The ERL will work fine until you need to use QoS which will than slow down to 100Mb/s. The ERPRO will do 200Mb/s with QoS. That is specifically why i did not recommend ubiquiti edgerouters for your use. Even the pfsense on intel atom will support your speeds and needs with many more features and it is much easier to configure. Unix programs work better on pfsense than debian programs do on ubiquiti edgerouters.

With mikrotik they have much more choice and the OS is the same over all the hardware except for some hardware related/specific features. You can also use a consumer router with 3rd party firmware like openwrt but on a hardware with a good CPU (like marvel's ARM based routers or qualcomm's IPQ based routers). All these routers support the features and speed that you need which the ERL cant and can be used for IPTV as well. Many consumer routers have IPTV profiles (or manual config) built in now which uses vlans.

If your internet was 100Mb/s than the ERL can be considered. Ubiquiti has many fanboys but when it comes to some aspects they just dont keep up. Their edgerouters are not fast as they claim, any router can do wirespeed with hardware acceleration and many consumer routers have that, you can also installed 3rd party firmware on them too so that means that edgerouters have no advantage over consumer routers other than the models with an SFP port. Mikrotik does have hardware acceleration for NAT but unlike ubiquiti you dont lose hardware acceleration, only traffic that has to pass through your QoS filters arent accelerated but hardware acceleration can be used selectively as a form of QoS too.