My Home Network

What network engineer can live without their own home network? Especially one that looks nice, has way more bandwidth and ports than should ever be necessary and demonstrates your true geekiness? That would be like a Professional Landscaper without any Landscaping of their own or a home builder who lives in an apartment.

If the average computer user can build their own home network, then we network engineers deserve to have one that theirs pales in comparison to. 😉

So without further ado, here is the rundown on my home network.

My most recent AT&T U-Verse VDSL Speed Test Results

AT&T GigaPower Speed Test

AT&T iPhone GigaPower Speedtest

AT&T finally started running fiber to new neighborhoods in the DFW Metroplex in 2015. I moved into a new house in 2017 and was able to upgrade to the U-verse GigaPower plan which provides bi-directional 1Gbps service. I have been really pleased with the stability and the low latency. We did have a fiber cut that took us down for a day back in the summer of 2019, due to road construction that was going on right next to the primary easement path in our town heading to the CO. Other than that, the service has been rock solid. I can get 3 to 5 milliseconds of round trip latency to anything local to AT&T’s network and 5 to 7 milliseconds round trip for most major service providers here in Dallas like Google and Amazon etc. Based on my own unscientific estimates, I generally see somewhere between 25 to 45 milliseconds of round trip latency for services that don’t have a local point of presence.

Equipment Details

​

Home Network RackHome Network
  • Chatsworth 19″ equipment rack
  • 2 x Cisco Meraki MR42 802.11 a/b/g/n/ac wave 2 wireless access points
  • Ortronics CAT5e 48 port patch panel
  • Panduit Horizontal wire management
  • Cisco ESW500 24 port 10/100/1000 4x GBIC slots with PoE
  • Cisco Meraki MS210-24P 24 port 10/100/1000 4x GBIC slots with PoE
  • Cisco 3825 router (2GE, WIC-1AM, 1GB DRAM, 2GB Flash)
    IOS 15.1.4-M6 Advanced IP Services. This router sits behind my U-verse Motorola gateway, acts as a NAT device, Firewall using Zone Based Firewall segmenting internal network, and terminates IPv6 6RD tunnel to AT&T
  • Arris (Motorola) BGW210-700 U-verse gateway router
  • AT&T U-verse GigaPower 1Gig/1Gig Fiber service
  • Motorola VIP1200 U-verse Set Top Box (Shared) Remote control via iPhone
  • QNAP TS-670 Pro-16Gig 16 TeraByte RAID 5 NAS Storage with 2 x 1Gig portchannel and 4 x 4TB Western Digital 5400RPM Red drives.
  • APC MasterSwitch AP9225 w/AP9606 SmartCard 8 port rack mount PDU
  • APC SmartUPS 1500 RM2U 1440 VA Uninterruptible Power Supply
  • APC BackUPS-Pro 1100 Uninterruptible Power Supply

 

iMac mid-2011 27inch My iMac

  • Apple iMac 27″ mid 2011 model
  • Intel Core i5 2.7Ghz
  • 12GB DDR3 RAM
  • 1TB HD
  • AMD Radeon HD 6770M 512MB
  • 10/100/1000 NIC
  • Airport 802.11 b/g/n Wireless NIC
  • macOS High Sierra 10.13.6
Apple Macbook Pro 15inch 2019 My Work Macbook Pro

  • Apple MacBook Pro 15″ 2019 model
  • Intel 2.3Ghz Core i9
  • 32GB DDR4 RAM
  • 1TB SSD HD
  • AMD Radeon Pro 560X 4GB
  • Intel UHD Graphics 630 1.5GB
  • Thunderbolt3 Docking station
    • 10/100/1000 Thunderbolt3 NIC
    • 24″ Apple Cinema Display
  • Airport 802.11 a/b/g/n/ac Wireless NIC
  • macOS Mojave 10.14.6

Responses

  1. Do you have any issues connecting net switch boxes to the Motorola NVG589?
    My net was working. AT&T swapped my 2Wire for the Motorola. Now, switch connects printers cannot interact with the hosts, hosts cannot interact with “servers” — and, set top boxes won’t acquire connections.

    Like

    • Everything works identically from a switching perspective. I haven’t had any issues. I assume your hosts and printers are connected to 2 different switches that are connected to your 589? They must all be on the same logical IP subnet. Are all devices using DHCP from the 589? Did you reboot anything after AT&T swapped out your RG? If not, I would reboot the 589 and all your switches and then reboot each host and printer after that.

      Like

  2. I already have a VPN router with a 192.168.1.1 address. The NVG589 would have to do IP Passthrough or DMZ to that router, as we will keep it in service. Any tips or experience with it. The earlier NVG510 could be quite buggy with IP passthrough.

    Like

    • Unless you change the network defaults on the 589, you will have to change the network range you use behind your personal router to something other than 192.168.1.0/24. It isn’t a huge deal, but anytime the RG has to be reset to defaults, everything will break until you manually readdress it.

      IP Passthrough does work pretty well on the 589 and it has a lot more memory for its forwarding table. Ive had it running for a year without running into any issues.

      Like

  3. I have recently switched to uverse and am trying to setup a Cisco 2821 behind the 589. I have enabled ip passthrough and my 2821 is handing out 10.0.0.0 addresses to it’s clients. The 2821 is successfully getting the public IP address from the 589 and from the 2821 I can ping through to the default gateway of the 589, but can get no further. From external I cannot seem to reach the 2821 at all via multiple ports. The 2821 was previously successfully connected with the same configuration to Cox cable and to Verizon FIOS.
    Broadband IPv4 Address x.x.13.52
    Gateway IPv4 Address x.x.12.1

    Like

  4. See the FAQ I helped put together on IP Passthrough on the 589. Practically anything you want to know about U-verse and how its built and works in all its gory detail is out there on DSLReports. Hopefully this helps.

    http://www.dslreports.com/faq/17734

    Additionally, not that you aren’t already doing this, if you are trying to open specific ports inbound you have to make sure your NAT and ACLs are setup on the 2821 to support access, as well. Did you also add a dynamic default route on your 2821 tied to your DHCP lease like this…? ip route 0.0.0.0 0.0.0.0 dhcp 5

    Like

  5. I just got a new service with an 5268ac from AT&T. I have a netgear fvs318n that I’ve used for years now for some site-to-site ipsec vpn tunnels.

    I’ve set the ‘dmzplus’ mode as well as turned off everything in the firewalls on the 5268ac, and my tunnels come up but traffic will not pass across them (not even ping). Any ideas?

    Like

    • Did you disable the other handful of security features? I think there is one that specifically can cause AH or ESP to fail on receive.

      Like

  6. Thank you for the reply. I disabled all the security items on that page (3 on top and 7 at the bottom). Do you know specifically which security setting might cause it to fail, or anything else I could try?

    Like

  7. Unfortunately I haven’t had the service in over a year and can’t recall all the details off hand. Your IPSec tunnels need to support NAT traversal even in DMZPlus mode I believe.

    Like

  8. On my Netgear FVS318N connected to the AT&T in the dmz+ it doesn’t have a nat traversal feature. But the other endpoint (a watchguard) does and it is activated. But wouldn’t the tunnel not even come up if nat traversal is required?

    Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: