August 3, 2020

Upgrading our home network with a Ubiquiti EdgeRouter X

By jan@kaddu.dk

Home network v. 1.0

In this post I will be upgrading our home network with the Ubiquiti EdgeRouter X. Our home network is due a very needed update as it is not running optimally. We have an reasonable internet connection through our local provider. It is a Fibre connection currently running at 100/100 Mbit/s. 

The Fibre is terminated at the provider’s router that is capable of providing both telephony and TV as well as Wi-Fi. We have not had a land line for years and decided when we were planning to move here that we would not sign up for Cable TV so both those are inactive. And as I wanted to have better control of my network I have asked the ISP to turn off the Wi-Fi as well.

Connected to the ISP router is a ThinkPad L430 that has been configured to run as a Firewall. In the beginning it was running pfSense and later I switched it to OPNsense as I was experiencing some problems with my downstream connection; as stated in the beginning we have a 100/100 Mbit/s connection but I was only able to achieve around 40 Mbit/s download.

Now the ThinkPad L430 is a laptop and has only one Network Interface Card (NIC) built in albeit it being of GBit capability. In order to run a firewall it is often necessary to have a NIC for the WAN side and one for LAN side (it is possible to run it with just one NIC but that is a bit harder) so how to add a second NIC?

The solution I came up with was to fit a USB 3.0 based Gbit/s NIC for the WAN side and keep the built-in NIC for the LAN side. If this is the reason that we are only getting 40’ish Mbit/s I am not completely certain but I decided to move from running a firewall on a computer to getting a firewall appliance instead.

This the original state of the network closet. 

The ISP router box is situated on the left hand side wall with the red Cat 7 cable going into the ThinkPad L430’s USB NIC. The two yellow Cat 7 cables carry 1) the LAN side of the firewall L430 and 2) the LAN connection of the XCP-ng ThinkPad L430 to the dumb TP link 8 port switch. The orange Cat 7 cable goes to the J-Cave and the grey Cat X cable goes to the only Access Point currently in the house which is actually a Wi-Fi extender.

In the J-Cave the Cat 7 cable goes to a Linksys AC900 router, that has its Wi-Fi turned off and it is acting merely as a switch. From the Linksys my desktop machine – another Thinkpad L430, this one in a dock – and an HP LaserJet Pro M476dn is connected.

Home network v. 1.5

Enter the Ubiquiti EdgeRouter X

This is a entry-level business-class network router that can do hardware NAT very close to 1 Gbit/s so it is very powerful consider its RRP of USD 59 – I payed DKK 498 with shipping and VAT which is USD 78 – a fair price.

The new setup of the network closet.

The Ubiquiti EdgeRouter X (ER-X) has taken the place – connection wise – of the firewall ThinkPad L430 and is sitting on top of the TP Link Switch. I am now one Cat 7 cable short so I have to improvise a bit until I get that. From the ER-X to the switch is a Cat X cable and the former firewall ThinkPad L430 will join the other L430 as a server in the XCP-ng pool. Currently I am connecting both of these servers to the TP Link Switch but I may connect them both directly to the ER-X at a later stage in order to save ports.

Home network v. 1.6 – and beyond

As mentioned earlier I actually decided to move the two XCP-ng servers to the EdgeRouter X. I am putting off getting a new Patch Cable to connect the ER-X to the TP Link switch so I am still using the Cat X cable. I have decided to keep it this way until I am ready for the next step(s): Getting a Managed Switch and a new Access Point (AP). Our current AP is actually a D-Link xxxx WiFi extender so its capabilities are not great but it has served us well since late May 2020.

I would like to go the Ubiquiti route with switches and APs so my dream setup at the moment would be a UniFi Switch 24 and (to or three) UniFi nanoHD Access Point(s) and possibly a small 8 port switch in the J-Cave itself. The plan is to put all these in a rack together with whatever servers I end up with (XCP-ng and otherwise) so I am putting off buying patch cabling for the time being.

When I get (a) managed switch(es) I will start building up VLANs as well.