Introduction

Finally, I am addressing a long awaited plan to create a more permanent infrastructure setup for my home development and networking needs.

Requirements

• DNS server, so that I can set up internal DNS records, for routing into applications and Kubernetes ingresses.
• Network segregation, for separation of trusted and untrusted devices. This would require at least 2 subnets. Ideally, I would like to have two untrusted networks, one with internet access but restricted routing to the trusted network, and another with only access to its own subnet and no internet connectivity.
• VPN server, so that I can use my own network in an untrusted remote environment, and ability to remotely access devices on the home network.
• Dynamic DNS, so that I can have relatively consistent access into the public gateway of my network, without resorting to ISP provided static IP.
• VLAN support, since it is still common in Australia for ISPs to require VLAN tagging on the WAN interface.

Room to grow

Of course, the requirements would not be complete without some form of future proofing. The following are also considerations for what I may want to do in the future, with the home network.

• Support for PoE devices, which opens up the option of powering SoCs and wireless APs without needing to run extra power. This will require a switch with PoE.
• VLAN support for LAN network, which would allow implementation of ’true’ network segregation. This will require a VLAN supported, managed switch.
• Packet inspection, at the router level for ability to diagnose application traffic, and also some reverse engineering fun. DNS query logging would also be useful for this purpose.