New Home Construction Network Advice

[BeachBum]

I am currently building a house from the ground up and want to get input on the setup of my network. The house has already been designed and approved, and is just now in the beginning stages of build. It will be a three story, 2600+ sqft single family home.

I have not been able to do much network planning so far, but did get to have cable “runs” designed into the home. The on-site contractor will pull the cables. I have spec’d Cat6a cable for now, but could change/upgrade that still. I can get 300Mb/20Mb in my neighborhood, though I think fiber is being installed soon.

I have had at least 1 ethernet cable run to each room and location where it is required, some rooms have multiple runs. TV/Coax is run to all the needed locations as well. All of this will terminate in the 2nd floor laundry room junction box (didn’t have room for a server closet in the house). I also have ethernet cables run for a planned IP POE security cameras.

Here is the tally of runs:

• 27 Ethernet runs (15 of these are POE IP Cameras)
• 12 Coax/TV runs

Possible expected devices that will be on the network:

• 6-8 4k HD TV’s
• 4-6 HTPC’s
• 4-5 Desktop PC’s (Mac, PC, Linux)
• 10-12 IP POE Cameras (1080p)
• 1-2 Laptops
• 4-8 Mobile Phones
• 2-3 Tablets
• 1 File/Media Server (RAID)
• 1 File Server Back Up (RAID)
• 2-4 IOT Devices (Nest etc)
• 1-2 Game Stations (Playstation, Xbox, etc)

Home related uses and needs :

• Online Entertainment Streaming (Netflix, IPTV, etc)
• Media streaming (from media server)
• General computer use (web surfing, emailing, etc)
• Gaming (playstation, etc)
• Transfer large files over LAN & WAN (FTP files ~1-2GBs)
• Access network remotely through VPN
• Parental control ability
• IOT devices
• Wifi network for iDevices
• VPN Client (VPN client at router, policy based)

Work related uses and needs:

• Working from the file sever on the desktops (Graphics/Video files and MS Office files)
• VPN Server & Client (policy based) usage
• VPN connection to remote office - Access email and files on remote office server
• Transfer large files over LAN & WAN (FTP files ~1-2GBs)

So far this is what I believe I will need:

• Firewall/Router (PFSense SG-4860?) (Want to run PFsense with Snort)
• Switch w/POE
• 2 Wifi access points
• Modem
• Other?

My questions:

1. What hardware will I need?
2. Will a PFSense SG-4860 be enough to handle the above? If not what should I use (I can build my own if needed). (Keep in mind the need for VPN server & client usage)
3. What type of switch & manufacturer should I look at?
4. What access points?
5. Buy my own modem or use ISP’s?
6. Cat6a cable ok? What AWG?
7. Good vendors to purchase equipment at?
8. What else am I missing/not thinking about?
9. Advice?

 

[L&LD]

What is the layout of the house (diagram)?

 

[abailey]

Please also tell us of the devices listed which you plan to run wired and which are wireless. My advice on that is to run everything wired that can be (and makes sense.. ie. Not mobile).

 

[CaptainSTX]

You have to determine where all your equipment will be installed and be sure you have either or coaxial or Ethernet connections between and to be safe and future proofed both.

Where will your service come into your home? You will need both coaxial and Ethernet to where your modem will be and then to your router and from your router to your main switch/patch panel. In the future you will need either coaxial or Ethernet from wherever they might install your OTN.

At the very minimum you will need to locate your switch in the laundry room to activate some or all of your Ethernet jacks. Where are you going to mount the switch and how are you going to patch it to the jacks? Are you thinking of using a patch panel?

Do you have AC power available near the wiring terminals to power a switch? Is their enough HVAC available in the laundry room to cool whatever network gear you install there?

With a sophisticated network like you are planning you should invest in UPS to keep all network equipment functioning during power glitches. The more concentrated your network equipment is the fewer UPS you can get by with.

Have you planned to have cables in the ceiling at certain locations so you can use APs? Since you are planning on a POE switch using APs should be straight forward.

You need to do some detailed drawing so people can give you other suggestions.

Also just as an aside you really should look into using TIVOs and TIVO minis to deliver TV to you TVs over Ethernet or coaxial. They will save you tons of money over leasing all the HD boxes from the cable company.

 

[BeachBum]

Here is a drawing. I plan on hardwiring everything possible, hence all the direct lines to each room.


Let me know if you need it bigger.

 

[BeachBum]

You have to determine where all your equipment will be installed and be sure you have either or coaxial or Ethernet connections between and to be safe and future proofed both.

Where will your service come into your home? You will need both coaxial and Ethernet to where your modem will be and then to your router and from your router to your main switch/patch panel. In the future you will need either coaxial or Ethernet from wherever they might install your OTN.

At the very minimum you will need to locate your switch in the laundry room to activate some or all of your Ethernet jacks. Where are you going to mount the switch and how are you going to patch it to the jacks? Are you thinking of using a patch panel?

Do you have AC power available near the wiring terminals to power a switch? Is their enough HVAC available in the laundry room to cool whatever network gear you install there?

With a sophisticated network like you are planning you should invest in UPS to keep all network equipment functioning during power glitches. The more concentrated your network equipment is the fewer UPS you can get by with.

Have you planned to have cables in the ceiling at certain locations so you can use APs? Since you are planning on a POE switch using APs should be straight forward.

You need to do some detailed drawing so people can give you other suggestions.

Also just as an aside you really should look into using TIVOs and TIVO minis to deliver TV to you TVs over Ethernet or coaxial. They will save you tons of money over leasing all the HD boxes from the cable company.

I had all the cables routed to the junction box in the laundry room. My thought is to have the router, switch etc in there.

Not sure where the entry from the street will be. It is all underground at the street. OTN?

Patch panel? I was thinking all the cables would go straight into the switch, witch is then connected to the router.

I have 2 power outlets near where I plan to put the network equipment. Didn't think about HVAC in the laundry room, I need to check the plans for that.

A UPS is a good idea, I will plan on one of those.

I did plan on 2 cables to ceiling locations on each floor, for surveillance cameras. I can repurpose 1 on each floor for the APs.

I will look into the Tivo's, thanks for the tip.

Any suggestions on specific hardware make/models to look at?

 

[Cloud200]

Well there is something slightly expensive you can try that my father did when renovating his house personally (he's a contractor specialized in low voltage wiring).

In all situations where he could (exterior and load bearing walls that lined up between floors) he ran a pipe from every data box to the attic. To the attic he also ran a pair of 3" conduit to the equipment closet in the basement. So far he has made extensive use of this setup adding and replacing wires as he pleases.

 

[CaptainSTX]

I had all the cables routed to the junction box in the laundry room. My thought is to have the router, switch etc in there.

Not sure where the entry from the street will be. It is all underground at the street. OTN?

Patch panel? I was thinking all the cables would go straight into the switch, witch is then connected to the router.

I have 2 power outlets near where I plan to put the network equipment. Didn't think about HVAC in the laundry room, I need to check the plans for that.

A UPS is a good idea, I will plan on one of those.

I did plan on 2 cables to ceiling locations on each floor, for surveillance cameras. I can repurpose 1 on each floor for the APs.

I will look into the Tivo's, thanks for the tip.

Any suggestions on specific hardware make/models to look at?

Your cable will probably come into the house next to where your electrical service comes in so they can share a common ground. From there you will need a connection to your wiring center. For a cable modem the connection will be by coax. If fiber comes to your neighborhood you will have an OTN installed. They require AC power and are often installed in close proximity to where the fiber comes into the house. They are bigger than a cable modem and are often installed mounted on the wall in the garage or basement. From the OTN you will need either a coax or Ethernet connection to your router.

As for AC power in your laundry room, the electrician will probably install a GFI circuit as this is what code requires. In my home the outlet in the laundry room where I plugged my network equipment was on a string of GFI outlets. What happened is that when my wife unplugs her iron if often trips the GFI. If she didn't notice and reset the GFI my network ran on my UPS until its battery went dead in 30 minutes or so and the network crashed I finally pulled another non GFI circuit just for my network to avoid this problem.

Arris makes good cable modems. I use the 6183 but the latest mode is the 6190. I buy to avoid rental fees, but if you think you might convert to fiber within a year then just rent.

I don't use a patch panel and just connect seven of my Ethernet jacks directly to my switch. It work s fine.

I have never used a POE switch so no recommendations. You will have to look for something that has enough power to handle all your cameras and APs. That may be the biggest challenge.

 

[Cloud200]

I would strongly recommend you use a patch panel.
Take a piece of plywood. Stick it on the wall with 3" screws into the studs.
That is your baseboard. I personally prefer something around 4' x 4'x 1/2"

You want it to end up looking something like these;

 

[KenZ71]

Isn't a laundry room typically a bad location for network stuff?

Humidity, gfci plugs, washer motors all do bad stuff to electronics.

Using a plywood mount like above you could easily put everything on a wall then conceal behind a framed picture. Just my opinion.

 

[BeachBum]

OK checked the plans, there is HVAC in the room, so heat won't be a problem. The room itself is over 8 ft wide, so the equipment will be as far away from the washer/dryer as possible. I have requested non-gfci for the outlets near the network equipment, we'll see if thats possible. My thought is to have the equipment in a small rack, maybe 5U size. Should it be enclosed? The cables would run out of the wall box and snake along the wall to the rack. A plywood panel bolted to the wall is not wife approved, asked her this am.

 

[System Error Message]

Some details you left out,
How much NAT throughput do you want assuming you are planning for fibre optics
How much VPN throughput do you want (with that many devices i assume you are doing port forwarding which is a bad idea unless you are hosting a public server. So you would need to use your router as a VPN server and a client to the service you want to use).

For your current internet speed ARM based routers will handle it without an issue in software mode since you need QoS but my suggestion would be to use either x86 or a mikrotik router capable of gigabit speed QoS. A mikrotik CCR is capable of gigabit speed VPN too if you use AES but the speed is limited by per core per client. On cisco IOS, mikrotik routerOS and some x86 OS will allow sophisticated QoS which can be very helpful but even a consumer router running the right firmware would also be capable of some complicated QoS but the difference would be in speeds. with a mikrotik CCR1036 with 2 SFP+ you can be ready for 10G internet.

For your wifi it really depends on how much wifi traffic you need and how much wifi traffic there is in your area. One way you can sample wifi performance is to get one device to act as an AP and a laptop to move around to gauge the signal strength and areas you should place it (you will need a device with a recent wifi chip). A wifi router will have better signal than a device as an AP though. The more recent the wifi radio and the better the antenna the better it would perform. Dual radios on a consumer router is good for an area of a lot of mixed wifi traffic.

A single central switch would be good if you could or 2 stackable switches. unmanaged if you just need to switch without any features, semi managed if you need stuff like vlans, STP and so on, fully managed if you need ACLs or filters. Layer 3 switch if you have multiple subnets that you want to route. If you want a switch with POE out there are a few important rules the ethernet cable must obey. It would need 8 pairs (you can see 8 conductors in the head instead of half), cable runs cannot be long (the longer the cable is the more voltage and energy loss) and it would need to support the POE specs of the device you would use.

A patch panel is helpful.

 

[sfx2000]

Isn't a laundry room typically a bad location for network stuff?

Any space - if one notices, the home demarc in most places for power/utilities/cable are generally in the same location - so it makes sense to build things out from there - whether it's coax, CAT5, whatever...

 

[BeachBum]

Some details you left out,
How much NAT throughput do you want assuming you are planning for fibre optics
How much VPN throughput do you want (with that many devices i assume you are doing port forwarding which is a bad idea unless you are hosting a public server. So you would need to use your router as a VPN server and a client to the service you want to use).

For your current internet speed ARM based routers will handle it without an issue in software mode since you need QoS but my suggestion would be to use either x86 or a mikrotik router capable of gigabit speed QoS. A mikrotik CCR is capable of gigabit speed VPN too if you use AES but the speed is limited by per core per client. On cisco IOS, mikrotik routerOS and some x86 OS will allow sophisticated QoS which can be very helpful but even a consumer router running the right firmware would also be capable of some complicated QoS but the difference would be in speeds. with a mikrotik CCR1036 with 2 SFP+ you can be ready for 10G internet.

For your wifi it really depends on how much wifi traffic you need and how much wifi traffic there is in your area. One way you can sample wifi performance is to get one device to act as an AP and a laptop to move around to gauge the signal strength and areas you should place it (you will need a device with a recent wifi chip). A wifi router will have better signal than a device as an AP though. The more recent the wifi radio and the better the antenna the better it would perform. Dual radios on a consumer router is good for an area of a lot of mixed wifi traffic.

A single central switch would be good if you could or 2 stackable switches. unmanaged if you just need to switch without any features, semi managed if you need stuff like vlans, STP and so on, fully managed if you need ACLs or filters. Layer 3 switch if you have multiple subnets that you want to route. If you want a switch with POE out there are a few important rules the ethernet cable must obey. It would need 8 pairs (you can see 8 conductors in the head instead of half), cable runs cannot be long (the longer the cable is the more voltage and energy loss) and it would need to support the POE specs of the device you would use.

A patch panel is helpful.

Thanks for the info System. I don't know what throughput I'd need, thats sort of what I'm asking here. As much as possible within my budget I guess. Don't have a budget yet, but I have a feeling that CCR 1036 is a bit expensive. Maybe the 1016's.

Maybe I could do two switches like you suggest, 1 for the POE stuff and one for everything else.

 

[System Error Message]

i was joking about using the CCR1036. The CCR1009 is plenty fast to do NAT, firewall and QoS and do VPN at about 1Gb/s or more depending on which VPN and if you use AES. Its not necessary to use the CCR, even an x86 CPU that has AES-NI (see wikipedia for list and CPU page of specific model). If you go with x86 go with the full architectures rather than the low powered ones mainly unless you only need basic NAT and firewall in which an intel atom is fast enough for that. AES-NI helps VPN speeds if you use AES encryption.

with fibre optics its a media converter, but if your router has SFP you can get the module for it.

 

[BeachBum]

i was joking about using the CCR1036...

Ah, ok. You got me worried there for a minute. I'm leaning towards the pfsense 4860. Thoughts?

 

[System Error Message]

i think it uses intel atom. Not sure if the CPU has AES-NI if it does it can do well with vpn.

You can build your own cheaper. A media box, micro ATX board, some used quad port intel server NICs.

 

[BeachBum]

Yes an Intel "Rangeley" Atom C2558 2.4 Ghz with Intel QuickAssist.

 

[sfx2000]

Ah, ok. You got me worried there for a minute. I'm leaning towards the pfsense 4860. Thoughts?

More than enough for most home/small business needs - it's also sold as the Netgate RCC-VE 2440 appliance.. the only difference between the Netgate and the pfSense is that the pfSense box is pre-flashed and you get tech support for the software...

 

[abailey]

More than enough for most home/small business needs - it's also sold as the Netgate RCC-VE 2440 appliance.. the only difference between the Netgate and the pfSense is that the pfSense box is pre-flashed and you get tech support for the software...

Now that price is much better. I was choking looking at the price of the pfsense 4860. I guess you pay for convenience. You also pay for small form factor. If you have room consider a small server that cost less than the Netgate even.
ThinkServer TS140

Update: I forgot, you would need to order at least one NIC card and maybe a quad card, so no it would not be less than the Netgate listed above, but still a good value.