Advice on new home network build

Hi there, first post after watching quite a few youtube videos and this seemed like a place that could possibly have the right advice!

UK Based

I’ve recently got 1Gbit cable (HFC) internet in my street (1145Mbit down 55Mbit up) and still have my VDSL (33Mbit down 6Mbit up) connection (which also includes a auto 4G failover) - going to assume since its DOCSIS i can’t take the fibre and put that straight into a custom router SFP port and need to use the coax then ISP router in modem mode?

We have Cat5e run to most rooms in the house already, but will be putting cat 6 in for the 10Gbit links

I want to start the home network from scratch to get the highest possible performance internally and externally whilst still having good security, so I’m looking for advice on hardware/software to accomplish this. I’ll post what i currently have and what I’m looking to get below, please let me know your recommendations.

I currently have an intel i5 6500 machine with 16GB of ram and can install 2 PCI express cards in it for networking to use as a firewall/router. I’d be open possibly to using a different machine or dedicated box if that made more sense etc. any suggestions welcome.

I have a old 24 port HP gigabit switch and a couple netgear “managed” 8 port switches, currently all just set up as dumb atm to get things up and running. Open to suggestions for new switches

I’m looking to have 10Gbit between up to 3 devices in the home (Main PC, NAS, and a 2nd PC) the rest will be fine on 1Gbit. We have 3 Apple TVs, couple home pods, Philips Hue hubs, SKY TV boxes, google minis, Tado heating system, some smart plugs, garage door openers etc.

We have 5x BT WHole Home Wifi 5 Access points at the moment, they perform “well enough” at the moment for all the wireless devices needs but I’m open to replacing them in the future.

I’d like to have the ability to separate traffic on the network between the 2 internet connections and also have them act as a failover for each other.

I have a lot of IoT devices and the trend I’m seeing is people like to keep them seperate and/or limit their access and this is something i’d like to do too. How serious is this and should it be done?

From what i’ve watched / read it seems the more rules etc put in place the slower the network traffic becomes, which is a concern but maybe I’m not understanding it properly and it’s just me being overly worried.

Sorry if its a bit wordy, just wanted to get as much detail in the OP as possible.

Any advice on what you’d do with this is appreciated. Thank you!

I’m UK based too with PlusNet so no speed demon but running pfSense.

You’ve not said what your budget is, I’ll assume you don’t want to go nuts.

Personally I’d put pfSense on baremetal, with as many ethernet ports as I can get, put those extra ones in a LAGG to the main switch. If you look up ServeTheHome they have recently been looking at chinese boxes with 2.5Gb NICs running pfSense which might be worth considering, as they will be cheaper than a Netgate device. Though I think finding something to handle your WAN might be a long wait if coming from China. It’s gonna cost a few quid but will be lower powered than a PC when paying for electricity. (You might want to look up which 10G NICs from Intel will work with pfSense / FreeBSD to confirm your kit will work with pfSense).

If you keep your two WANs you could setup High Availability with pfSense, look up if you need to have identical routers, not sure. Though I’d say, it must be possible to put the WANs in a LAGG with failover, that would be optimal.

By the way, if you are not already familiar with pfSense then prepare to role up your sleeves it does require some effort but worth it in the end.

When it comes to switches, I’m running a 48 port Netgear switch, with various 8 port PoE switches located around my house. The Pro range allows LACP aggregation, which is better than a static aggregation which comes on the cheaper Plus range. Their 10g switches will be expensive. I’ll admit I do like the look of switches from FS United Kingdom - Data Centre, Enterprise, Telecom, too rich for my blood though, really like the GUI. I’d buy PoE where I can given the choice, super handy.

I ran two runs of cable between my main switch and each room, then connecting to the secondary switches over LACP, so if for some reason the one cable failed the other would still be available without me faffing around.

Not too sure but depending on the length you might get 10g on a Cat5e cable if the run is short, might want to look it up or even test it first.

I have a single access point TP-Link EAP 245, it’s great, but I think my wifi is better because I can better place it than in the past. If you are looking at APs I’d just make sure it supports vlans and maybe has a second ethernet port, might be handy. At least with my EAP245, when running a single AP, I don’t need a controller (but have one running on a linux vm), however if I add a 2nd AP and want a mesh then I must have the controller running.

With respect to vlans, once you suss it out it’s pretty straight forward. You’ll have a need for ISP, Guest and IoT vlans at least. Perhaps Management, Printer, VPN and IPcam later.

I bought various kit from amazon and https://www.comms-express.com/ which I found to be ok.

Ah yeah i knew i’d miss something!

Budget - ideally low as possible haha! Happy to buy from Ebay etc. hence why i’m looking to reuse some parts like the PC i’ve already got if its faster performance. Not as worried about the power costs in the short term.

My idea was to get a dual 10Gbit network card (Probably rj45 rather than sfp+ as my ISP is looking to do 2.5Gbit down with a new router that has a single 2.5gibt port) and then use that for WAN / LAN

Put that LAN side into a switch with 4 10Gbit ports and then say 16Gbit ports for TVs, Set top boxes, desktops and APs (not POE but could be useful in future?) and have the 10Gbit ports for use later.

I realise i’d need to buy the sfp+ to RJ45 adapters which use some power if i can’t get one with RJ45 for the switch.

I hadn’t considered the VLAN for the APs - they defo don’t do that and only have 1 ethernet port. Suppose that makes sense for the IOT stuff needing AP’s that support VLANs …

What’s your take on the mikrotik and ubiquiti gear? I’d been looking at them but they seem to have low throughput.

We use a lot of pfsense for firewalls and UniFi for switching and access points. I have a video here breaking down how the rules work in pfsense. As for buying or building the pfsense system that is up to you and your budget but your intel i5 6500 machine should run it fine. I have linked a few videos discussing the setup

@DD_nVidia I can see a lot of me (2 years ago) in your question. Here’s the conclusion I’ve come to in that time - I’m UK based too.

Forget the virtualisation of pfSense for the time being, it’s complications that you just don’t need. Get a basic pfSense Hardware Router/Firewall, it’ll save you a lot of pain trying to get all this working.

What I ended up going with for hardware is;

• Modem (in Bridge Mode)
• • pfSense Hardware Router/Firewall (either buy direct from pfSense, or there are a few UK resellers of the hardware)
• • • Ubiquiti Switch (https://www.contradodigital.com/2021/03/12/how-to-setup-a-ubiquiti-unifi-managed-switch-on-your-network/)
• • • • Ubiquiti Access Points (How to Setup a Ubiquiti UniFi AP-AC-Lite Wireless Access Point on Your Network - Contrado Digital)

Then plug your existing server hardware into the above to create a home lab. I also had a stack of old hardware managed switches, I ended up flogging them on eBay as they were just crappy legacy stuff that was getting in the way of my learning and when I look back in hindsight, when I compare their user legacy interfaces with that of the modern Ubiquiti, I mean, there is no competition. Ubiquiti stuff just makes everything 1000x easier to setup, configure and manage.

As for re-using existing access points or routers/firewalls, just keep in mind that the configuration of the stuff, particularly when it comes to the VLANs etc. can be a pain. And in many cases with cheap consumer grade hardware (like the BT stuff you mentioned), I’d be very surprised if that supported VLANs to the level that you would like to setup. Hardware like Ubiquiti has in-built magical replication technology that means that stuff just works. Configure once, wait for the magic to happen.

Also, before going to re-wire the house from Cat5e to the next generation, let the data in the pfSense and Ubiquiti dashboards show you the current performance of the network bandwidth. You may not need to worry about this in reality for a home setup.