Most people have a sensible home/apartment network setup. A modem, a standard router with Wi-Fi built in, and that’s it. Maybe a mesh network if you’re fancy or some Ethernet running to a few computers. God how I wish that was me sometimes.
But alas, I am a nerd. I must have networks that are entirely overkill. This page describes in excruciating detail my networks and hopefully can clue you in on the fun networks I’ve built in my spare time.
Last updated: May 2026
Internet Setup:
My inbound internet is via Comcast, and I’m on their 1.2 Gig cable plan with a Hitron CODA56 modem. This modem is great, because it unlocks Comcast’s mid-band spectrum which greatly increases upload speeds - about 300-400 Mbps from my real world usage. That is fantastic compared to Optimum (50 Mbps) and Spectrum (35 Mbps) on previous iterations of the page.
Networking Setup:
Ever since getting a regular salary, my need for extra networking gear has grown and grown, thankfully into something that isn’t too overkill, but something that…suits the need of my many connected devices. On any given day - there’s about 40-50 clients on my network, some wired, some wireless, a lot of IoT, and this setup handles it all perfectly.
Router: UniFi Dream Machine SE - This is the router I got when I moved into my apartment initially, because it had 8 PoE powered ports on the front of it. It’s still a good router, and I continue to enjoy the UniFi experience (it has been improving a lot over the last 2-3 years).
Switches: UniFi PoE Switch 24, 2x UniFi Flex Minis. In 2025, I bought the PoE Switch 24 because I was outgrowing the 8 port switch on the UDM SE, and needed PoE to go with it. The PoE Switch 24 seemed like the best switch for the price and wasn’t overkill for my needs. While the 41W PoE output is measly, the UDM SE can dish out another 180 W, so I’m not too constrained by it. Yes, the switch is gigabit, but most of my gear is gigabit only and I move a lot of internet traffic in comparison to LAN-only traffic.
The 2x UniFi Flex Minis are PoE powered, and go to my desk (which has my computer on it + whatever else I need to plug into it), and to the media center, which hooks into my Switch 1, Switch 2, the Wii (yes, Wii), and an Apple TV that really should’ve had Ethernet but I was cheap and bought the non-Ethernet one, I still regret it to this day, whatever.
After culling some of the servers on the network, I actually use 8 ports now - so in theory I don’t need the switch! But the UDM SE quite famously has a 1 Gbps switching backplane, the Switch 24 does not, therefore, it’s still in use.
Subnets & IPs: I have three subnets on my network - the main LAN which is 10.0.0.0/16, the IoT LAN on 10.2.0.0/24, and the untrusted LAN on 10.0.3.0/24. The three LANs cannot talk to each other (although mDNS is allowed from main -> IoT so casting doesn’t break).
The main LAN is where normal (personal) devices go, and that need the highest performance possible. This is where my phone, desktop, laptop, and most other modern devices live. My custom-built IoT devices also live on this network as well, since I know what code is running on the device.
The IoT network is simply for any internet-connected device that is (usually) 2.4 GHz only or that I don’t trust. Smart lightbulbs (I have a lot of them), TVs, other gadgets, etc etc. This gets broadcasted as a IoT-specific network with UniFi IoT optimizations.
The untrusted network acts as a middle ground between main & IoT. It’s where devices that aren’t IoT, but are still older (in terms of security updates), or work devices that tunnel everything through a VPN live. My cutoff for putting devices on the untrusted network is a lack of hardware security updates in the last 3 years - so iOS 12 and under for Apple devices. Additionally, there’s a hard requirement for all Amazon & Huawei devices to live on this subnet.
APs: I have 1 U6-Mesh and 1 UAP-AC-Pro doing Wi-Fi duties. The U6-Mesh is exclusively for the main network, and is configured to use DFS channels at a 80 MHz channel width. In a crowded urban environment, DFS is a life saver, as I can pull ~800-900 Mbps any day.
The UAP-AC-Pro does duties for the IoT & untrusted network, and is configured to use non-DFS channels for untrusted @ 5 GHz. Doing a normal band + 20 MHz width means the laws of radiophysics will speed limit devices, so I don’t have to set one in software. The IoT AP is also switched on the UDM SE (rather than on the Switch 24)
Server Setup:
In May 2026, I made a bunch of changes to the servers on my network, including upgrades, demotions, and consolidation of services. I now have 4 servers, mostly in an effort to cut my electric bill slightly (Eversource delivery rates will make you cry).
ferdinand4 (main server): Old Gaming PC: Ryzen 5 5600X, 32 GB RAM, RTX 3070, 1 TB NVMe boot SSD, with 4 TB for backups, 2 TB for Immich, 2 TB for Time Machine, running Ubuntu 24.04
ferdinand4 is the creme-de-la-creme of the apartment servers and succeeds ferdinand2 after almost 3.5 years in service. I upgraded my gaming PC in December 2025 (just before memory & storage prices skyrocketed, thank you Micro Center for the deals while they lasted), and finally got around to making it my new server in my apartment. This thing is quite the beast and hosts a ton of services.
It’s hosting UrBackup (for Windows/Linux machine backups), OctoCam’s backend, GitLab runners, Time Machine backups (via smb), and most recently Immich. Immich makes fantastic use of the beefy GPU and CPU, especially for using the best models for smart search, OCR, and face recognition. This server is fast and still has tons of headroom. The GPU only has 8 GB of VRAM, so it’s not fantastic for any local LLM usages, but for more classical ML use cases, it’s great. I was thinking about enabling a YOLO model on OctoCam to do person counting.
Apartment Pi 5: Pi 5, 8 GB RAM, 500 GB SSD, running Ubuntu 24.04. This Pi is dedicated to running GitLab, and for 1 person, does a fantastic job of doing it. Having a NVMe SSD hooked up to it is the game changer, and Pimoroni’s NVMe SSD makes this a piece of cake. This Pi has been running for about 2 years now (as of May 2026), and reminds me of a time when you could buy a Pi 5 with 8 GB of RAM for $80. This Pi is powered off of PoE.
Apartment Pi 5 2: Pi 5, 2 GB, 64 GB SD card, running Ubuntu 24.04. This Pi is dedicated to running the Nginx reverse proxy into my apartment for numerous services, so I can open ports 80/443 to one device, then let it proxy traffic from there. Additionally, it runs Grafana & InfluxDB, which is the data source for a few ESP32 boards in my apartment that collect environmental data. It’s also running a Pi-hole instance that gets a little bit of use.
ferdinand3: Optiplex 5070 Micro, i5-9500T, 16 GB RAM, 500 GB SSD, running Ubuntu 24.04. This server doesn’t host too much, but I have it isolated because it’s attached to backup disks that are NTFS-formatted and contain very old backups. It runs the monthly backup script, runs Dropbox for Linux as an offline mirror for everything in my Dropbox, and runs the Eiffel Tower Control API with MariaDB. It also hosts GitLab runners as a redundancy of one of the ferdinand servers go down.
Server names being called ferdinand originate from the first real server I bought back in college. In short, while perusing eBay, I found a 1U, half-depth server for a pretty decent price and wanted to muck around with it. Of course, it was incredibly loud, incredibly ineffiicent, needed to stay in the guest room back at home, and was turned off after about 12-18 months. Fernando is the name of an IT guy from middle school that a few friends and I hung out with for the extra help period - he was a pretty interesting guy but we loved him all the same. Unfortunately, I thought his name was ferdinand, put that name on the server, then realized it was wrong after the fact. But I stuck with the ferdinand name because it now had a wonderful backstory, and now we’re up to ferdinand4. The ferdinand name is only applied to mainline servers that are not Raspberry Pis.