Most people have a sensible home/apartment network setup. A modem, a standard router with Wi-Fi built in, and that’s it. Maybe a mesh network if you’re fancy or some Ethernet running to a few computers. God how I wish that was me sometimes.
But alas, I am a nerd. I must have networks that are entirely overkill. This page describes in excruciating detail my networks and hopefully can clue you in on the fun networks I’ve built in my spare time.
Last updated: November 2025
Internet Setup:
My inbound internet is via Comcast, and I’m on their 1.2 Gig cable plan with a Hitron CODA56 modem. This modem is great, because it unlocks Comcast’s mid-band spectrum which greatly increases upload speeds - about 300-400 Mbps from my real world usage. That is fantastic compared to Optimum (50 Mbps) and Spectrum (35 Mbps) on previous iterations of the page.
Networking Setup:
Ever since getting a salary and being able to pay for networking gear, my lust for equipment has grown ever stronger. My network is overkill, but actually isn’t that overkill in the grand scheme of things (given I have about 40-50 clients connected, lots of IoT devices, etc etc.
Router: UniFi Dream Machine SE - This is the router I got when I moved into my apartment initially, because it had 8 PoE powered ports on the front of it. It’s still a good router, and I continue to enjoy the UniFi experience (it has been improving a lot over the last 2-3 years). This router just takes care of the network - I don’t have any other UniFi products installed.
Switches: UniFi PoE Switch 24, 2x UniFi Flex Minis. A couple months ago, I bought the PoE Switch 24 because I was outgrowing the 8 port switch on the UDM SE, and needed PoE to go with it. The PoE Switch 24 seemed like the best switch for the price, but wasn’t too much for my needs. The 41W PoE output is…measly, but I only need 31W at max. Yes, it’s all gigabit, but gigabit is still crazy fast (most servers won’t even let you pull >1G anyway) - and going to 2.5G is above my price range. I move a lot of internet traffic, but hardly any inter-LAN traffic. Everything is backhauled via Ethernet from the UDM SE to the Switch 24.
The 2x UniFi Flex Minis are PoE powered, and go to my desk (which has my computer on it + whatever else I need to plug in on occasion), and to the media center, which hooks into my Switch 1, Switch 2, and Wii (yes, Wii). And an Apple TV that should’ve had Ethernet on it but I was cheap and bought the non-Ethernet one. Whatever.
Subnets & IPs: I have three subnets on my network - the main LAN which is 10.0.0.0/16, the IoT LAN on 10.2.0.0/24, and the untrusted LAN on 10.0.3.0/24. The three LANs cannot talk to each other (although mDNS is allowed from main -> IoT so casting doesn’t break).
The main LAN is where normal (personal) devices go, and that need the highest performance possible. This is where my phone, desktop, laptop, and most other modern devices live. My custom-built IoT devices also live on this network as well, since I know what code is running on the device.
The IoT network is simply for any internet-connected device that is (usually) 2.4 GHz only or that I don’t trust. Smart lightbulbs (I have a lot of them), TVs, other gadgets, etc etc. This gets broadcasted as a IoT-specific network with UniFi IoT optimizations.
The untrusted network acts as a middle ground between main & IoT. It’s where devices that aren’t IoT, but are still older (in terms of security updates), or work devices that tunnel everything through a VPN live. My cutoff for putting devices on the untrusted network is a lack of hardware security updates in the last 3 years - so iOS 12 and under for Apple devices. Additionally, there’s a hard requirement for all Amazon & Huawei devices to live on this subnet.
APs: I have 1 U6-Mesh and 1 UAP-AC-Pro doing Wi-Fi duties. The U6-Mesh is exclusively for the main network, and is configured to use DFS channels at a 80 MHz channel width. In a crowded urban environment, DFS is a life saver, as I can pull ~800-900 Mbps any day.
The UAP-AC-Pro does duties for the IoT & untrusted network, and is configured to use non-DFS channels for untrusted @ 5 GHz. Doing a normal band + 20 MHz width means the laws of radiophysics will speed limit devices, so I don’t have to set one in software. Nice.
Server Setup:
I’ve got a lot of servers these days, but each of them do their own thing and I need them all online to consume my very expensive, city electricity.
ferdinand2 (main server): Optiplex 3060, i5-8500, 32 GB RAM, 1 TB boot drive, 4 TB storage drive, running Ubuntu 24.04. This server is hosting UrBackup, OctoCam’s backend, and all the GitLab runners. As for why it’s called ferdinand2 - ferdinand was the name of the 1U server I bought off of eBay, was supposed to name it after my high school IT guy fernando, thought it was ferdinand, name stuck, ferdinand2 happened.
Apartment Pi 4: Pi 4, 4 GB RAM, 64 GB SD card, running Raspberry Pi OS Bookworm. This Pi runs the Nginx reverse proxy into my apartment for the OctoCam Backend, Grafana, and GitLab, so I can open ports 80/443 to one device, then let it proxy traffic from there. Additionally, it runs Grafana and InfluxDB, which is the data source for a few ESP32 boards in my apartment that collect environmental data.
Apartment Pi 5: Pi 5, 8 GB RAM, 500 GB SSD, running Ubuntu 24.04. This Pi runs GitLab, and does a surprisingly good job of it too. I have a 500 GB NVMe SSD hooked up with a Pimoroni NVMe base. Notably - no CI/CD runners run on the Pi, that’s the job of ferdinand2.
Apartment Pi 3B+: Pi 3B+, 1 GB RAM, 64 GB SD card, running Raspberry Pi OS Bookworm. This Pi runs a Pi-hole, of which maybe a couple of devices use.
Backup PC 2: Optiplex 5070 Micro, i5-9500T, 16 GB RAM, 500 GB SSD, running Ubuntu 24.04. This computer was originally purchased to replace the Mac Mini to do Windows-based backups (my long running backup drive is NTFS formatted) and keep a live copy of my Google Drive & Dropbox mirrored on the network. However, I revived my automated backup script very recently (which runs better on Linux), and now this computer is just for doing backups, and will probably become the secondary server in due time.
Windows Backup PC: Mac mini 2012, i7-3840QM, 16 GB RAM, 500 GB SSD, running Windows 11. This computer is hooked up to a 2 TB backup drive that now just has a spare copy of my live Dropbox & Google Drive on it. It runs Windows because Dropbox & Google Drive work better on Windows. Yes, this computer might be getting up there in age, but honestly it’s got some horsepower still and I like keeping technology running as long as I feasibly can.
Well, that’s about it for my network! See you all in 2027 for when I update this page next.