Комментарии:
Thank you for the insights to your homelab! That is really amazing. I asume, you dont have any Kids!? 😂
Great work and some very usefull hints for some good Tools.
Hey Tim! I notice you have a firewall for each segment on your network. Im kinda new to this and just figuring out a few things for my own homelab too. Are those firewalls before each segment an actual physical hardware firewall dedicated to protect those vlan? Sorry for the silly question and Thanks in advance!
Ответитьwhich tool you use for the network diagrams?
ОтветитьNice video! ❤ In my house, I use Radius for AAA, but not in IoT network. I create each VLAN for my family member, in addition to Guest, Server, Family, Lab, Test, Management, IoT, public server, VPN network for AAA auth to different country. And all firewall and have rules. And VPN into the network I needed to managed.
IPMI is on Management network, only ip base, can't talk to internet any ways.
Next steps for me is bring in IPv6 for all my self host network.😊
What is the name of the program in which you created the network diagram?
ОтветитьWhat diagram software did you use to make the logical network diagrams
ОтветитьWife's laptop on the same VLAN as IoT? Am I wrong, or that begs for a disaster.
ОтветитьHow Can I connect 1 access point to another access point which will give the internet to switch? Is there any instructions for this? I mean ubiquiti gear.
ОтветитьMaybe I'm missing something but i really don't like grafana Prometheus setup. Maybe I'm just not smart enough. But it's pretty annoying to use and setup. Netdata works instantly with no setup. Seems like a better fit for me.
ОтветитьCan I come over?
ОтветитьAwesome setup! I am curious though, with regards to the "Untrusted"/Public facing network. Since that will be on a different subnet/vlan, do you run a separate instance (or 2 for HA) of Traefik in that VLAN and then another instance for you local services? Right now I have Traefik, Authelia, Crowdsec for my local services, but I need route traffic via traefik 🙂 to my "Public Facing" network but since they are different VLAN and I block interVLAN traffic, would I need to have a 2nd traefik instance in the public VLAN and then port forward via 443 to the public VLAN traefik instance?
ОтветитьSweet! I love playing with servers so much just wish I had more lol
ОтветитьMan your setup is sweet, you must have a truly nice budget for these things and either a wife that's heavy into tech or she's super understanding, either way, absolutely great video and again amazing setup!! 🎉
(I will not be calling this simply a homelab).
I agree with IPMI staying trusted. I do not think IOT make sense for them. Otherwise a management VLAN could make sense as well with limited internet access.
ОтветитьThat's a very nice network setup man. What did you arrange in case of an emergency if you couldn't administer your network anymore that your family still can use the Internet and all of the services and devices that they are used to?
ОтветитьAbsolute beauty.
Ответитьi thought i was literate after your tour i really need to catch up
ОтветитьWhat is the name of this diagram making program?
ОтветитьDo you plan to ever make a video on your unifi firewall rules
ОтветитьWhat's that program you use to make the network diagram and when you were showing the switches?
ОтветитьIts an impressive and huge Home Lab. I loved every second of it. I have my own very simple Lab and I always wonder, what if something happens to me, who is going to manage my Lab and the simple internet services the home needs. (The not so optimal solution I have is I let everybody else use the ISP provided Modem/Router and I use my lab for my stuff)
Ответитьi'm a newbie to unraid and is there a minimum requirement for a nvidia gpu in unraid I have a geforce gtx 670ftw or do i need something like a gtx 1070?
ОтветитьTim.... how many cores and how much ram do you run for each of your kubernetes nodes?
ОтветитьThe only thing I'm running in my server is the hdmi cable, keyboard and usb flash drive because proxmox keeps breaking during boot.
ОтветитьGreat video. So much for me to look at and would love to see a truenas scale video.
ОтветитьHey! Hey kid... You want some virtualization?
Ответитьbro has a full time job at home for his own home 💀
ОтветитьMe only stash and nextcloud, that's it.
ОтветитьFirst I started watching gaming PC builds, got a PC Case with the glass side panel for around $10 (US equivalent) planning on building a gaming PC. About 3 months ago I started watching Home Labs and cabling, etc. Then a couple of months ago somebody gave me a Dell PowerEdge R210 II. I didn't touch it for a couple weeks, then started installing Ubuntu server, then Samba Server, then NextCloud. Then I saw an ad in marketplace for a Dell PowerEdge T410 for only $34. Picked it up and installed TrueNAS on it. I also happen to get a Dell PowerEdge R620 with 2 CPUs and 88Gb RAM for only $108 because the guy is going back to Finland.
The gaming PC case? It's still in the box. 🙂
First I started watching gaming PC builds got a PC Case with the glass side panel for around $10 (US equivalent) planning on building a gaming PC. About 3 months ago I started watching Home Labs and cabling, etc. Then a couple of months ago somebody gave me a Dell PowerEdge R210 II. I didn't touch it for a couple weeks, then started installing Ubuntu server, then Samba Server, then NextCloud. Then I saw an ad in marketplace for a Dell PowerEdge T410 for only $34. Picked it up and installed TrueNAS on it. I also happen to get a Dell PowerEdge R620 with 2 CPUs and 88Gb RAM for only $108 because the guy is going back to Finland.
The gaming PC case? It's still in the box. 🙂
Do you run Scrypted inside of your VLAN containing your UDM-SE? Or do you have complex routing rules to grant access to UniFi Protect? I’ve struggled with segmenting Home Assistant with Scrypted installed as an add-on while also giving it access to UniFi Protect. I use HA for all of my automations because HomeKit was unreliable for automations.
ОтветитьI would love to be able to get to this point, but I live in an area that already has highly unreliable internet. Do you live in a more urban environment that allows you to ensure constant internet connectivity? And do you have any advice for those that do live in more rural areas that would like to do some of the same things you are doing without the potential for constant internet access? Specfically I love hosting the web servers locally and allowing external access to them (websites, bots, etc), but if my internet goes down then other users can't access those services.
ОтветитьYes, please do a True Nas optimization video
Ответитьthe neck beard is strong with this one
ОтветитьI wonder what your power consumption is. Nice setup!
ОтветитьNow that is what I would call overkill on devices. Granted lots of scalability and reduduncy but why for a small home network.
ОтветитьHi Tim, can you do video on adding the small USW flex Mini, I have spent hours trying to add it to my network with no luck, and since it does not have ssh access, I cannot force announce it. Or perhaps it is an issue with my docker unifi controller?? I do not have the dream machine...an overkill for my network!
ОтветитьIpmi is full admin access to a server. ALWAYS keep that. Highly protected!!!!!
ОтветитьDo you pass virtualized hard drives as storage for longhorn? Or do you use iSCSI attaches for it?
ОтветитьI was just happy to get a direct coax connection to my tv lol
Ответить@technotim so you've migrated all k3s nodes to the intel nucs and Plex is able to perform intensive transcoding like 4k to 1080p with HDR tone mapping? Are they much more energy efficient than the Supermicros?
Ответитьyou basically showed hackers your network structure LOL
ОтветитьOverkill most of things but if I have the money I will have the same haba😂😂
ОтветитьHi, I just saw your video from 3 years ago about proxmox setups. I would like to get an opinion about my setup. I have 2 physical server with 4 disks each and want to build a proxmox cluster with it. How should I setup my servers. Filesystems, Raid Types for "system" and "data" disks? Any recommendations are greatly appreciated. Would love to hear from a few viewers that are deep into proxmox aswell.
ОтветитьThis is so cool! Would you consider doing a tutorial about configuring similar home networks? You know maybe more technical? Would love that! Keep up the good work!
Ответить@Tim Are you thinking about moving/migrating the K3s from Proxmox to Harvester?
ОтветитьBlue on black
Tears on a river
Push on a shove
It don't mean much
Ok just wanted to write a comment for those that are discovering this still.... Be careful with what you see from someone who is not in the industry. There are some misconceptions and information that isn't completely accurate here and many viewers probably just follow this guy and will think he is 100% correct. There are things that he says and has on his logical network layout that are misleading security-wise. I would like to explain:
First off Trunks... Trunks are what the "no VLAN" is. Generally you will run trunks: Switch to Switch, Switch to APs, Switch to VM Hosts and in some situations Switch to Firewall. The last one is the tricky one because you need to know what I mean. The problem is that these things: Firewall and Router are two separate functions but often times put into the same box (or can be). In this case he has both in his USG SE. So what I will say is that you want to trunk from your switch to where your Layer 3 interfaces are. What that means is the point at which you define your vlans and/or routes on your network. The reason you do this is that you basically want to trunk to where your layer 3 interfaces are as that is the point at which devices on one "network" (VLAN) go to in order to talk to anything outside of the VLAN they are in. If you do not extend a trunk to those interfaces then you will be isolated to your VLAN only. It's slightly different with APs and different manufacturers actually do different things so for understanding those because they do not route, they tag multiple tags based off the SSID settings so they KIND OF perform the same functionality but not really. We need to extend all traffic to those in order to be able to tag different VLANs. If you don't then you can have multiple SSIDs but they will all be on the same VLAN and that can cause issues.
Next: VLAN Pruning on Trunk Interfaces - As a security feature you should always prune your trunks. What this means is simple.... If you have a trunk going to an AP, and that AP services two SSIDs, one on VLAN 100 and one on VLAN 700, then you need to make sure that only VLAN 100 and 700 is traveling to that AP. It saves you some traffic but it is more secure as if you have 100 and 700 isolated away from your server traffic, then a bad actor can't come in and find a way to see that traffic. Also, please note that now days switches, for ease of setup and configuration like to make all ports trunks with no native VLAN or VLAN 1(which is also bad). This way as you plug things in they will work. Please change that.
Next: Extending trunks to Virtual Hosts. Simply put, just like APs, the VLAN configuration is configured on the host. This way you can include just one VM on a particular VLAN and not others. When you get into the business side of things you have what is called SDN (software defined networking) in which you will pass a trunk to a cluster of VM Hosts and they will have their own virtual network setup including switching, routing, and all the good things there in the virtual infrastructure.
Next: Firewalls between VLANs... This one got me because it's misleading to the I looked at his physical setup and he does NOT have firewalls between his VLANs unless they are software firewalls installed and well no, he doesn't. What he may have is ACLs (Access Control Lists) which are known more as a stateless firewall. So, stateless only looks at the source IP, destination IP, and Port and then look to see if that is allowed or not. Statefull, which is what a "firewall" by all normal standard uses of the term looks at the entire packet and keeps track of the state of the connection(s) etc. to determine what to do with a packet. It's just not normal to refer to ACLs as a firewall because you are either dumbing down what a firewall, especially a NG (Next Gen) firewall can do or you are talking up ACLs. So it is just a little misleading.
Next: No Management VLAN - For security, always have this and then lock it down.
Next: the USP-PDU-Pro - Technically it is not connected properly for what it is made for. He has 1000% valid reasons for doing so and Ubiquiti, shame on you for putting 100Mbps ports on this if you are wanting people to plug their ISP directly into this... SHAME! My question however is how much stuff he has plugged into it. The device itself only supports 1875W max. total. I don't know what servers he is running or what they pull but the ubiquiti gear here is up to 1K depending on PoE devices on the top 48 port switch. Right now it looks like 500W for swtiches (base) and the USG SE, then the power draw of the PoE devices. Servers, it looks like he has 4 physical hosts but I don't know what kind of boxes they are. Just something to think about with home networks and networks in general with PDUs. Also I do not know the Amps it is pulling but it only can support 15A max also. So much to think about there.
No, I didn't watch the whole video yet, I may not. This is the first I have seen this guy's stuff. If anyone is interested in learning further any of the above just let me know. I have been wanting to make some networking videos and start a channel for a long while. Just never saw the want from the community.
link shortener that allow changing links = security vulnerability.
Today it is discord link. Next day it's trojan downloader.
You dont need to do some weird keepalive stuff to have three DNS servers. Just add three to dhcp and its automatic
Ответить