You have not said whether this is a home or business network. Can you tell us more about what you are doing with the network(s) and the general network topology?
Well - - - - as I'm a farmerski its a really difficult line to draw - - - - its my home and my business all to onest.
Topology - - - - hoo boy - - - - its quite complicated.
Think 5 or 6 function centers with some having maybe <10 inputs and others where there may be even 4 or 5 microcontrollers per station starting with a dozen stations where functions or sometimes monitored to where data is recorded every 1/2 sec. If things need to grow that might grow to well over a 100 stations happening with possibly even more microcontrollers and possibly even microcomputers again per station.
So the networking is - - - IIRC - - - - a distributed star system (I'm not sure - - - - this is not my native language and I'm just building something that does what I want it to and connects the way I want it to. (and am trying to keep the cost down - - - - way down!)
Separating the firewall/router/switch capabilities is not a bad idea, but it adds complexity where it may or may not be needed. There is no harm, but it may make management and maintenance more challenging - more devices to configure, more devices to update, etc. How do you plan to manage this network?
Hmmmmmmmmmm - - - - so - - - - - managing 3 devices is very very difficult. Hmmmmmmmmm - - - - trying to get 1 device to do well what I would like for security is imo madness. At least - - - - it seems to me that getting each item to do what it wants to do already is easier than bending one device to provide excellent routing, firewall function AND switching.
I've been trying to calculate my data load and it seems that mostly everything will still play at the 100 MBit level so I don't need to spend real $$$$ to get what I want.
For our home network, we have a business-class firewall/router appliance (Ethernet ports but no WiFi), plus separate switches and access points. We are evolving our home network to segmented vLANs. The goal is to isolate the internet-connected gadgets and appliances from the primary LAN. My partner wants to add a doorbell and cameras to the outside of the house, but I will not do it until they can be isolated from the rest of our network. We have other appliances and devices that I would like to isolate as well. Many devices only need a connection to the internet to do their job, they do not need visibility into the rest of the internet networks.
Take note that more and more internet-enabled devices and appliances are shipping with WiFi only. Internet connected personal phones, TVs, streaming devices, doorbells, cameras, kitchen appliances, washer/dryer are on the market and sold WiFi only, no Ethernet. If you are planning for similar network segmentation/isolation as me, then you should think about your WiFi access points as well. You may want WiFi access point models that support multiple SSIDs that can be associated with separate network vLAN segments.
Planning, setup, and configuration of such networks can be tricky and messy. Think about how you will deploy and configure your equipment and in what order. Will you face MTU configuration issues?
Had to look up MTU to find out.
I don't think so but that will show up only when everything IS running so at this point - - - - well just one more thing to include in the TBD.
Ja - - - - I see all the wifi stuff - - - - even for factory floor stuff - - - - somehow well - - - you can tell that the espousers really haven't had to function in such an environment or they wouldn't be so quick to jump on the bandwagon.
Wireless here - - - there are only 4 other networks that I can see - - - - do I really want all my sensors to be available to the other three networks - - - - - hardly.
Silly stuff can get you too, like having enough power outlets and sufficient airflow or cooling for your equipment. Are you going to setup a rack?
Already have one.
Living rural power issues are a major concern so I wanted to use a meta-ups for all my systems.
Would love to have a complete yard based one but that's lots of $$$$$$$.
Have an older server that I'm not running at present because I don't like the noise levels. Its got a 6TB Raid-10 array in it (4 - 3TB discs). I've been thinking of trying to figure out some mini-servers using something like either NUCs or possibly some of the stronger SoCs. Finding boxen with excellent cooling capabilities set up to do this is very difficult - - - - at least so far. So its a good thing that I was able to find a rack cheaply some time ago.
Am no fan of the cloud - - - I don't like the porosity of such nor its lack of security - - - - its bad enough trying to secure a physical location!
Careful planning helps. Being honest with yourself about whether it is worth the cost and effort is also helpful. Most people get by with less and seem unbothered by it.
Sorry - - - - - I haven't been with the most people crowd for a lot longer than I've been on the Linux bandwagon.
Learning new stuff keeps life interesting and finding stuff that is unusual and most often overlooked - - - - well that only adds to the spice.
My challenge has been finding unbiased sources of information.
Life has taught me that an advocate for one kind of solution rarely sees much outside of that solution paradigm.
Thanking you for your questions - - - - they actually help sharpen my focus - - - - and that's ever so useful.
(I do tend to ask 'difficult' questions - - - - lol - - - - drives some crackers - - - sorry that is never the intention.)
