Home Server and Network build help needed

DarkRiddles · Jul 25, 2018

Hey guys

I recently upgraded my house to 2 gig network from Comcast and have them coming to set everything up on Thursday, so I’m looking to build a home network and server in my server closet. I have no idea where to start so all help is very much appreciated.

anotherdrew · Jul 25, 2018

Wow ... what an ambiguous question.

First off, what are your goals and expectations?
Second, what kind of server are you looking for (public or private ... file, media, web, or other).

If you have a network already setup my guess is that you will have to do nothing before Thursday. Will you be getting 2 gig service at all your devices ... probably not, but 800-900 mbit/sec would reasonable.

Want to go faster? You will probably be looking at upgrading all your hardware to 10 gbit/sec (gbps) ... that means router, switches, adapters, etc. If you have cat 5e cable it will probably work ... probably (some cable is not as good as it claims).

Toss in a bit of good luck and all will be fine.

jsmithepa · Jul 25, 2018

That's a wide open request, a job for a paid consultant.

If you have one or two specific items, maybe we can chime in. What EXACTLY do u help with?

DarkRiddles · Jul 25, 2018

anotherdrew :

Yeah, I do have some knowledge in running servers and building them. As I have ran a couple of dedi's back in my day. I don't need help setting anything up, just guidance as to what I should buy. I have no idea where to start other than a network switch and routers, from there I'm lost I believe.

i'm looking to create a storage server that can be capable of handling 7 workstations. 8 including mine.

I also need something to connect a lot of our home appliance such as game console and televiosns.
We also have 17 mobile devices needing to access the wifi, so we still need access to that.

In the future i'll be adding a home security system, but i'll future proof this build this server/network closet.

jsmithepa · Jul 25, 2018

Assign a closet, this is your hub where all your wires will be converging, all your router, switches, servers sit here. In general run 2 RG6 cable and 2 CAT6a (my recommendation) minimum to each room. Popular file servers are NAS. If you just need <10TB, a Western Digital with 2 drive slots would be the inexpensive solution. If u need more storage and/or easily expandable, a multi-bay Synology NAS is the popular choice. As long as you have a CAT outlet, can deploy a WIFI Access Point there. To take full advantage of 2 gig service, your frontend router/firewall needs to be 10g capable.

DarkRiddles · Jul 25, 2018

I have the closet assigned already. 4’ x 2’ 1/4” . It’s a decent sized closet.

What are the different cable difference and what are good switches? I have to buy a new modem that’s capable of Comcast 3.1 hybrid bull shit, but I know that’s a requirement to see this speed anyway.

But I’m also having a hard time selecting which modem to get, there’s only 3 on Amazon that’s compatible and the one I’m looking more intois the Motorola DOCSIS 3.1

From there a need a switch, but what brand and what switch is capable of the speed

jsmithepa · Jul 25, 2018

RG6 is standard coax, there is nothing better. CAT6a is latest ratified ethernet and can handle 10g, reasonably priced.

The "problem" with 2g service is, as already mentioned, you other pieces "should" be 10g capable, definitely your modem/firewall. 10g electronics is very new and still expensive, but u can find them. Folks in a budget are advised to stay with 1g where most of the electronics are based on today.

I have no specific recommendation, I can't afford the 10g stuff.

DarkRiddles · Jul 25, 2018

So maybe i should stick with just 1g then?

bill001g · Jul 25, 2018

It is extremely unlikely you "need" 10g networks. The network part..at least in the lan...is the easy part. The bottleneck then just moves to the disk or other part of both the server and client machines.

In addition servers on the internet will artificially restrict the bandwidth they allow you to use. If a large server has 10g of bandwidth total for all its users it does not take many downloading at 2g to wipe out even the largest server. It is very rare to find servers than will allow downloads even at 1gbit. It hard to say if there are technical or artificial limits. The only one that I have found that will let you download at 1gbit consistently is microsoft but not around patch days, likely competing for bandwidth.

DarkRiddles · Jul 25, 2018

Olay, so they are coming out tomorrow and I’ll just ask for the 1g services.
From there tho, how would I go about building my home network, what switch should I use?

androbourne · Jul 25, 2018

Honestly. I would recommend a switch (manageable optional) and a firewall.

I run a server in my electrical closest with proper cooling.

Due to my ISP being 300down and 50up from Specturm. I purchased a mini PC, such as a "Jetway" and installed PFSense on it. This way I have a real firewall with hardware that can easily handle my 300mpbs down connection. (however since the PFSense box I've moved to a 150mpbs up and down fiber connection from Frontier). Then adjusted firewall per my needs, logging, increased security settings, custom DNS, Snort and other packages etc...

I use an unmanaged switch (Cisco) because everything I need to do to separate my network via VLANing or Subnetting. I just did from the firewall. My firewall has the primary port 192.168.1.x for internal devices like my PC, consoles, wifi, laptops, waps etc... which are all plugged into my dummy switch, then an optional network of 10.10.0.0 for my servers. I have my server plugged directly into the optional port (now if you have more the one device, another dummy switch will be needed or you could go the managed switch route and use one switch to do all).

Also I run 4 virtual servers from one physical server. So this works out perfectly for my needs. I have a 4 port NIC and using one for the primary network for management reasons and one for optional network for provide internet and a subnet for my virtual servers. (This is configured via virtual network switches in Hyper-V).

I've been running this setup for last two years. Runs like a boss.

As for 1GB vs 10GB. Will obviously you can't afford 10GB so thats out of the question. Plus its still not "todays standard" while its an option, due to it not being widely used. It will be expensive. I just upgraded a clients server NIC that moved to 10GB and it cost 5k just for the NIC so... stick with the 1GB. It will be enough for your needs. It takes a lot to saturate a 1GB line. I run game and web servers and dont even come close to maxing it out.

DarkRiddles · Jul 25, 2018

androbourne :

Thanks for the help! I think I will be going with the 1 Gig service, I don't have that sort of cash to throw at the moment for a home network like that. 1GB will be perfectly fine.

For the time being, I have an old AMD Rig that i'm going to use a storage server for the time being until my server rack comes in. The rig itself has 20TB of storage. So 10 different people will be accessing this on 8 different workstation computers, not including laptops.

So what is a firewall? I know most router comes with one standard, but you are talking about a PC fire wall? Could you explain the purpose of this firewall, or share any links so I can have a better understanding of this. Also, whats the difference between managed and unmanaged switch?

androbourne · Jul 25, 2018

DarkRiddles :

1. Managed vs Unmanaged switch.

https://community.fs.com/blog/managed-vs-unmanaged-switch-which-one-can-satisfy-your-real-need.html

LTDR: With a managed switch you can use multiple vlands and subnets and configure the device as per your needs. So it can perform the actions that would normally require multiple switches. (like separation of networks). It can also be customized. Logged into and managed. A unmanged switch is a dummy switch. Only functions on VLAN1 and can not be managed or changed.

2. Firewalls

https://www.geeksonsite.com/internet-security/the-importance-of-having-firewalls/

LTDR: FIrewalls are important as it protects you from attacks and hacks. While it is not the ONLY method that can do this. It is an important one. Cheapo firewalls that come with ISP modems or consumer firewalls are often not strong enough to handle external attacks such as DOS attacks. It also lacks advanced security features allowing you to further protect your network. I have never seen a consumer firewall (like a basic Cisco or Linksys) from a router being enough for protecting servers that are open to the internet. This is why i used PFSense. The software is free and all you need to pay for is the PC or unit you are going to use to power the software.

3. Raids:

https://en.wikipedia.org/wiki/RAID

LTDR: If you are doing large file sharing as you suggest. I would invest in a RAID for your storage server. Raid 5 minimally but for best performance vs redundancy. I would go with a RAID 10 if you can afford it.

anotherdrew · Jul 25, 2018

DarkRiddles :

I think staying with the 1 gb service is a good choice. Everyone hates that "I'm not getting what I'm paying for" feeling. Do remember that gigabit adapters have an average throughput of 800-900 mbps.

For your equipment. It's all a question of how much you want to "manage" your network. If you have 8 workstations getting 10+ hours heavy network use, then a more robust equipment might be in order. If you have 2-3 kids who are off at school most of the day while your working from home and then come home and work on school projects (fortnite?) after you have wrapped up for the day, then expensive equipment is overkill.

For your switch ... make sure you have more ports than you need. 12 port would be cutting is close. I would consider 16 or 2 8 port switches. If you get wired security cameras, then I would use a seperate switch for them (some NVR boxes have multiple ports making a switch potentially unnecessary).

For your router ... how much control do you want over traffic going in and out? Edgerouter lite is a great little router ... but there are more robust options.

For your firewall ... If your just looking to block everything coming in, then a simple one will suffice (like the ones on a quality router). If you are looking for a high security access to your server from the internet, look at the VPN options (more $$, but can double as your router). Also consider the data on your network. If that data is worth millions you want to protect it. If it is a bunch of home movies then backups would be more important than security.

For wifi ... I love the smoke detector style. Clean install. Lots of options. You might need to spend some time in the attic. Mesh is another option. All depends on the size of your home and how strong you want coverage to be.

For your server ... The AMD box will work. Remember that wherever you use will be on 24/7. There will be power and heat considerations (or maybe you live somewhere cold ... it's gonna be 106 F at my home today).

bill001g · Jul 25, 2018

You don't really need a firewall if you do not plan to expose your server to the internet. The default NAT configuration is stupid if it is not told what ports to send to internal devices it just drops it. That prevents any hacking from the internet on your server. The NAT is the same as a firewall rules that blocks any incoming traffic.

A firewall is in general is used to protect a server that must be exposed to the internet form traffic other than what it is suppose to accept.

Pretty much if you do not know why you need a manged switch then you only need a unmanged one.

If what you are calling a server is a device you plan to used only internally say for data storage then you need nothing really special. If you are actually going to provide some service to the internet it is not recommended to run that on a home connection....it likely is against the terms of service anyway. Most actual internet servers are run in hosting centers. They have all the nice power protection and redundant internet for about the same costs as running a server locally.

failboat · Jul 25, 2018

If you do decide on the 2G. The pfsense box is a great idea. They probably bring it to your house in a LACP bond. So you would need that on your WAN. Then at least another one going out to a switch. quad 1G intel NIC's aren't expensive, even single 10G isn't too bad. You can find a lot of switches with that. There are some newer 10G switches with 4 10G and 20+ 1G. There are some more affordable 10G switches that can only hit 40Gbs, but have 8 ports. It would be doubtful you ever hit 40Gbs with 8 clients at once.

I use ipfire and pfsense on a proxmox vm server with NAS and other VMs and it works very well. So you can buy one box and use it for many things. The Synology CEO just said NAS as only NAS days are numbered. networking, apps, data is next gen.

https://www.anandtech.com/show/13104/synology-redefines-the-nas-an-interview-with-alex-wang-ceo-of-synology-america

I've been watching some of the cheaper 10G stuff. here are a few links. In a few years it will probably be more reasonable. Not that I need it, I just want it.
https://www.amazon.com/Aquantia-NIC-5-speed-Ethernet-Network/dp/B07B3G4S4J/ref=sr_1_2?s=electronics&ie=UTF8&qid=1532546237&sr=1-2&keywords=aquantia+10gb
https://www.amazon.com/dp/B06XXQT1N6/ref=twister_B06XY5LT6C?_encoding=UTF8&psc=1
https://www.amazon.com/NETGEAR-Gigabit-Ethernet-Insight-Management/dp/B0787GLC16/ref=sr_1_4?s=electronics&ie=UTF8&qid=1532546366&sr=1-4&keywords=multigigabit+switch

androbourne · Jul 25, 2018

bill001g :

Generally this is correct. HOWEVER. Since PCs are also connected to the same network as the server. Even without the server being exposed to the outside, it can still get hacked/infections due to weak points on the network. Such as another PC that is exposed and connected to the internet.

This is why a firewall is important. While NAT is supposed to be closed until it is opened via port forwarding. There are other protocols such as UPNP that is open by default on consumer grade firewalls and can cause a breach on the network.

So if you have important data or ANYTHING exposed to the internet. It will be your weak point and should be protected by a REAL firewall. Not some cheapo consumer grade joke.

However, that is just from years of experience as Network\Systems Engineer and how I apply myself to Business and Home use.

If you want to chance it for home use and none important data. Then feel free to proceed without a firewall. Just be warned you are at grearter risk of being hacked and infections. That is just how it goes with cheap equipment. They do not have advanced features or enough features to properly control the firewall. Also those vendors gear firmware updates more towards features then security. While it has BASIC security, it is nothing I would trust to protect my network and servers.

DarkRiddles · Jul 25, 2018

what’s the difference between a regular router and that switch router?

After reading that article and a couple of others I looked at, I’m going to go with a managed switch.

The server is used to test a couple of early access games, and hosting our business website.
The sever closet is already ventilated and I understand sever cost for running 24/7.

androbourne · Jul 25, 2018

DarkRiddles :

If you can avoid it. Dont go with a switch router. That is a layer 3 switch. It is more of a pain to configure and is also just a router. No firewall included. Even the consumer grade router/firewall combo would be more secure then opening a layer 3 switch to the world.

Stick with layer two mode on your switch. (though most manged switches two come with layer 2 and layer modes. Just stick to the default layer 2 when you configure it)

And since your servers will clearly be exposed to the internet. Then yes, firewall is strongly advised.

anotherdrew · Jul 25, 2018

You might even consider having 2 servers (depending on how valuable your data is). One for game hosting and website which is open to the internet and one for data that only accepts connections from computers inside your network. As Bill suggested, you might also want to have your website and games on a server at a hosting company ... then you don't even have to mess with it.

A note on firewalls and getting hacked. Yes, the firewall will protect you from someone on the outside trying to hack your server, but it will not protect you if someone puts a USB stick with a virus into one of the computers or opens an infected email. If there is a program on your computer that says "send all my bank account info to 8.8.8.8" the firewall will not stop it (generally true ... there are firewalls that have antivirus software).

failboat · Jul 25, 2018

DarkRiddles :

You can segregate your network with layer3 switches. It's important to protect hosts from other hosts that may be infected. If two don't need to ever directly communicate then there is no reason they are on the same layer2. port isolation only allows the host to talk with the gateway. some have inspection like the snort package. a firewall can only enforce rules for traffic that passed through it and traffic on unmanaged switches won't go into the router. implement security through your entire network if you have money to lose.

bill001g · Jul 25, 2018

Before you get to far buying firewalls and setting up vlans etc I would check the pricing on hosting. They handle a lot of this stuff for you. This is especially true if you have a critical business server, you still only have 1 internet connection and I suspect you do not have a generator to backup your UPS if you have them.

It seem every company large and small is going to hosting rather than running their own servers. I suppose it partially depends on if you paying someone to maintain your server or how much you value your own time doing that than other revenue generating work.

androbourne · Jul 26, 2018

failboat :

Can you segregate on a layer 2 switch as well... It still does Vlaning\Trunking\Access just like any managed switch ever. The only difference between a layer 2 and layer 3 switch is that layer 3 can do ROUTING as well...

He already has a modem\router and if anything should implement a firewall. Layer 3 switch is completely unnecessary even for segregation.

androbourne · Jul 26, 2018

bill001g :

I believe while hosting is a better option for those without knowledge. In most cases it is not a cheaper option for someone with knowledge.

With knowledge, you can make a business grade firewall for under $300 that will last for years. With knowledge you can host your own website. With knowledge you can use free services like Cloudflare with your website to protect from DOS\DDOS attacks and lesson the resources required from your network with caching from another provider etc...

I run 4 wordpress sites from home. Which I also have cached and protected with Cloudflare free services. It has been enough to protect my system for last two years without issues... and I pay nothing other then my power costs and the domain name. To host 4 sites with a decent provider would for sure cost more.

So it really depends on if he want's to learn how to do all this himself or if he wants to take the easy route use a hosting provider.

I personally took the self hosting option and learned so much doing so. For anyone interested in technology. I'd suggest they at least try it for themselves to find the pros and cons on their own. You can always move to a hosted service later if the cons become to great to manage on your own.

bill001g · Jul 26, 2018

androbourne :

This quickly gets into the discussion of if the device is really a server or some play toy that a lot people on this forum call servers. When the "server" is something that is used to pay your bills then it takes on a very different meaning.

The most common failure on servers is power related or ISP failure related or some hardware failure it is not some hacker. These type of things are what makes running your own data center too expensive, a firewall or a router is the cheap part.

The costs to have multiple ISP, power that is protected by both UPS and generators and actual spare servers hardware on site is what makes it outrageous to try to this yourself. HP and Dell make lots of money showing companies how they can outsource their IT and save money.

It will all come down to what is the actual cost of the device being down for a couple days.

I am a old school guy who thinks you should do it all yourself but the outsourcing and hosting have beaten even me into submission.

Home Server and Network build *help needed*

Honorable

Admirable

Polypheme

Honorable

Polypheme

Honorable

Polypheme

Honorable

Titan

Honorable

Honorable

Honorable

Honorable

Admirable

Titan

Splendid

Honorable

Honorable

Honorable

Admirable

Splendid

Titan

Honorable

Honorable

Titan

Share this page

Home Server and Network build help needed