I'm in the process of re-designing the network in our office. It's a somewhat unique setup in that is resides in a residence. We've had problems where I've been told "the network is acting up" Symptoms includes inability to stream music/video (tidal/napster/netflix), wifi stops working and number of other "it doesn't work" complaints.
The entire house 10k sq ft is cabled to a single location. I had put in a 24 port gig swtich (vlan capable) and a 24 port 100 mb switch that I had from another project. 10+ years ago there wasn't much going on, didn't even have wifi initially, no streaming just a handful of devices. I recently did an inventory and there are now over 40 devices, wired & wireless on the network doing all number of things. Several video streaming devices and lots of wifi devices, copiers, sonos, sensors etc.
Over the years my internet speed has gone up from 20/20 back then to FIOS gig now. I did find a major problem recently where one of my office file transfers was pegging the processor of my Checkpoint router/gateway/vpn appliance during a large file transfer across the device. I think this was probably the biggest issue I had, but I started looking a little deeper and realize now I have many more problems/inefficiencies.
My main network is 172.16.1.0 which feeds the entire network. I do have one vlan that serves a singular SSID on my WAP's for "guest mode".
Our office only has a couple of computers and a server, but I do large file transfers at night and move backups from the server to a workstation for DR purposes.
Initially I thought I should just vlan the "house" devices from the office devices to separate the traffic, but then I started to think what if I'm saturating the wire/switch/172 network with my large transfers, vlan would suffer just the same correct?
Just recently I've installed a pfsense router on an i7 computer with lots of Intel Ethernet ports so I started to think maybe I should separate house from office onto separate switches on their own networks and let the router route when I have to go between them. This would keep my large transfers on the office switch/network and keep the house devices (streamers, sonos, wifi, and other low use devices) on their own switch/network. This would give me physical network segmentation but the pfsense router will allow connectivity. That way when I'm hauling huge backups across my office network the traffic will stay on that switch/network and not even go up to the router and at the same time when the house wants to stream netflix and tidal hi definition music it's all separate. But if a laptop connected to wifi wants to get to the office server for email or files, the router can get them there. No need for vlans. One additional thing is I have a persistent ipsec vpn connecting my office network to my home across town. With the new pfSense router even when I hammer the vpn I only drive router cpu utilization to 14% so I'm not worried about effecting what would be the house network internet access (unless I saturate the FIOS connection).
I've never really considered that I might be saturating the physical network but I am measuring transfers between workstation and server at 900+ mb/s I guess that would only effect the specific switch ports (and devices on these ports) on my gig Ethernet switch, but is it possible to overwhelm the entire switch to the point where other ports would be effected? Layer 1/2? I have no way to see utilization on the switch itself. Presently this traffic doesn't even go to the router, but when i transfer across the VPN, it does impact the router, but only about 14% cpu utilization.
The days of plug it in, the light goes on and your good to go, are gone. These devices consume way too much bandwidth to just plunk down with all the other devices and not expect to see an impact. I used to think "but I do these transfers late at night/weekends, nobody will know" Our networks, even home networks, are 24/7/365. Having work and home on the same network actually makes things worse.
Does this make sense or should I be looking for a different solution?
Thanks for taking the time to read the entire saga, but I wanted to provide as much information as possible.
Roveer
The entire house 10k sq ft is cabled to a single location. I had put in a 24 port gig swtich (vlan capable) and a 24 port 100 mb switch that I had from another project. 10+ years ago there wasn't much going on, didn't even have wifi initially, no streaming just a handful of devices. I recently did an inventory and there are now over 40 devices, wired & wireless on the network doing all number of things. Several video streaming devices and lots of wifi devices, copiers, sonos, sensors etc.
Over the years my internet speed has gone up from 20/20 back then to FIOS gig now. I did find a major problem recently where one of my office file transfers was pegging the processor of my Checkpoint router/gateway/vpn appliance during a large file transfer across the device. I think this was probably the biggest issue I had, but I started looking a little deeper and realize now I have many more problems/inefficiencies.
My main network is 172.16.1.0 which feeds the entire network. I do have one vlan that serves a singular SSID on my WAP's for "guest mode".
Our office only has a couple of computers and a server, but I do large file transfers at night and move backups from the server to a workstation for DR purposes.
Initially I thought I should just vlan the "house" devices from the office devices to separate the traffic, but then I started to think what if I'm saturating the wire/switch/172 network with my large transfers, vlan would suffer just the same correct?
Just recently I've installed a pfsense router on an i7 computer with lots of Intel Ethernet ports so I started to think maybe I should separate house from office onto separate switches on their own networks and let the router route when I have to go between them. This would keep my large transfers on the office switch/network and keep the house devices (streamers, sonos, wifi, and other low use devices) on their own switch/network. This would give me physical network segmentation but the pfsense router will allow connectivity. That way when I'm hauling huge backups across my office network the traffic will stay on that switch/network and not even go up to the router and at the same time when the house wants to stream netflix and tidal hi definition music it's all separate. But if a laptop connected to wifi wants to get to the office server for email or files, the router can get them there. No need for vlans. One additional thing is I have a persistent ipsec vpn connecting my office network to my home across town. With the new pfSense router even when I hammer the vpn I only drive router cpu utilization to 14% so I'm not worried about effecting what would be the house network internet access (unless I saturate the FIOS connection).
I've never really considered that I might be saturating the physical network but I am measuring transfers between workstation and server at 900+ mb/s I guess that would only effect the specific switch ports (and devices on these ports) on my gig Ethernet switch, but is it possible to overwhelm the entire switch to the point where other ports would be effected? Layer 1/2? I have no way to see utilization on the switch itself. Presently this traffic doesn't even go to the router, but when i transfer across the VPN, it does impact the router, but only about 14% cpu utilization.
The days of plug it in, the light goes on and your good to go, are gone. These devices consume way too much bandwidth to just plunk down with all the other devices and not expect to see an impact. I used to think "but I do these transfers late at night/weekends, nobody will know" Our networks, even home networks, are 24/7/365. Having work and home on the same network actually makes things worse.
Does this make sense or should I be looking for a different solution?
Thanks for taking the time to read the entire saga, but I wanted to provide as much information as possible.
Roveer
