I’ve just bought an old English cottage in the middle of nowhere, but it somehow manages to have a fiber link to the rest of the world, thanks to local lobbying and Open Reach deploying Fiber-To-The-Premises (FTTP) to the area. This meant it was only right that we went all out to get the most of our traditional home with a modern twist when it came to smart home equipment and connectivity. The first port of call? A 10GbE network backend.

Most people would immediately pick up a trowel for light plaster repair or a brush to change the color of walls, but not me. As soon as we got the keys, the wife was imagining how everything would come together, while all I could think about was where the primary server would be placed, how I’d lay underground conduit between the outbuildings and the main building, and which AP and switch should be placed at the determined locations for maximum throughput.

After all is said and done, we’ll have super-fast interconnections between the garage (and server room), office outbuilding, and main house.

Planning everything out

From A to B

First, I had to survey the property in terms of networking. We had reports produced, and I left the majority of interior decorating to the better half, but this was my wheelhouse. We have three buildings: the main house itself, a small outbuilding that will be used as an office, and a detached garage. Thankfully, there’s nothing but lawn between the outbuilding and the house, making laying underground conduit with fiber easy.

The garage to the house is slightly trickier as there are a few pathways, but these are primarily gravel, so we shouldn’t have any trouble. I would have just needed to route the conduit and fiber accordingly, which is why I opted for 30-meter rolls for each link, considerably more than required (20 and 15 meters, respectively). Both fiber connections would then come through the same hole as the Open Reach external fiber line.

Using conduit, I would be able to pull through not just fiber, but also Ethernet as a backup should anything happen to the primary cable. Everything is modular too, using junction boxes on each of the three terminuses that can be reworked for further expansion, should it be needed. The office, garage, and home would be serviced by three managed switches with 10Gb SFP+ ports.

It’s overkill for our needs, but it does mean we can unleash some serious speeds across our internal network, and we shouldn’t encounter any bottlenecks between the three locations. Each of the switches then has 2.5GbE downlinks to each connected client, and we’re going to be rocking three Wi-Fi 7 access points (APs), so there’s no dead spot throughout the property.

Picking out hardware

Grabbing the right tools for the job

To make this work, I needed the right equipment. I opted for a primary switch in the garage communications cabinet that will handle much of the grunt work between the Proxmox server, local IP cameras, and some other devices that require Ethernet connections. It will link up to a second more compact switch in the house, which will have two 10GbE SFP+ ports. This will then communicate with a third switch in the office.

Shielded Cat6a cabling will be used for the 2.5GbE downlinks from the switches to everything. Link aggregation will be used to bump throughput to 5Gb where required, such as the network-attached storage (NAS). As aforementioned, three Wi-Fi 7 APs will be used for the entire property, each relying on Power-over-Ethernet (PoE) for both data and electricity.

The office AP will be great for keeping wireless devices online away from the house, as well as boosting coverage into the rear garden. The more powerful AP inside the house will be strategically positioned to provide maximum broadcasting capabilities for all rooms, and the garage AP will help with approaching the property for automations and ensure we have connectivity on the driveway.

A custom OPNsense firewall running on a passively-cooled mini PC will bring everything together, bridging the LAN to the ISP’s superfast fiber broadband.

VLAN all the things

Virtual in every bit of the sense

To ensure everything is as secure as possible on the LAN, a few virtual networks are to be created to handle segregation for primary devices and workstations, IP cameras, IoT hardware, guests, and network infrastructure. All traffic is routed through OPNsense, where it is monitored and available for viewing, just so I can see how the network is performing.

Due to how all three locations are to be configured, I had to start documenting early on. Labels were printed, and an Obsidian vault was created just for the LAN, detailing precisely how everything interconnects across the 10GbE highway. I envisioned it all like I would a Factorio playthrough, with a primary bus for all materials and points along the way for local processing.

This also makes the LAN easier to troubleshoot for anyone other than me. I won’t always be at home, and loved ones will need to work out what’s going wrong and address the issue, to a certain degree. That said, I’m always going to be one VPN connection away from hopping back into the LAN and figuring it out, but it will also prove invaluable for me to revisit specific parts of the LAN.

Most people don’t even bother

The network, especially the LAN at home, is usually an afterthought in most homes. Only a few devices are physically connected to the router, and even then, the ISP-supplied box is usually installed, and the entire network is forgotten about until something goes wrong. I didn’t want that to be what would happen for our LAN, and so I made it a priority over doing other house tasks.

When it all comes together, it’s going to be epic. We’ll be streaming movies and shows in 4K across the network, have feeds recording most angles of the property, self-host various services to save money on subscriptions, run video game servers, and much more, without even coming close to our maximum throughput. It also makes planning expansion much simpler, and I would do it all over again.