kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Add comprehensive network upgrade plan

Browse Source 
- Created NETWORK-UPGRADE-PLAN.md with full topology and VLAN design
- Hardware: 2× GiGaPlus 10G PoE ($202), 2× U7 Pro ($378) = $580 total
- 10G backhaul between server closet and basement
- VLANs: Trusted (1), Servers (10), IoT (20), Guest (30)
- OPNsense VM for routing, UniFi Controller LXC for APs
- Updated TASKS.md with implementation checklist
- Updated DECISIONS.md with architecture rationale

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kavren
2025-12-18 12:32:05 -05:00
parent 6449212620
commit ef02ff5eb6
4 changed files with 324 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
docs/DECISIONS.md
View File

@@ -41,6 +41,62 @@
## Network Architecture
### VLAN Strategy (Planned)
**Decision**: Segment network into 4 VLANs
**See**: [NETWORK-UPGRADE-PLAN.md](NETWORK-UPGRADE-PLAN.md)
| VLAN | Name | Subnet | Purpose |
|------|------|--------|---------|
| 1 | Default | 10.4.2.0/24 | Management, trusted PCs, Proxmox hosts |
| 10 | Servers | 10.4.10.0/24 | Server containers, NAS |
| 20 | IoT | 10.4.20.0/24 | Cameras, smart home, Home Assistant |
| 30 | Guest | 10.4.30.0/24 | Guest WiFi, isolated |
**VLAN Tagging Methods**:
- WiFi: UniFi APs (SSID → VLAN mapping)
- Cameras: GS308EP (port-based VLAN)
- Containers: Proxmox (bridge VLAN tag)
- Wired PCs: Untagged (VLAN 1 via unmanaged switches)
### Router/Firewall (Planned)
**Decision**: OPNsense VM on Elantris
**Reason**:
- Free, full-featured firewall/router
- VLAN routing and inter-VLAN firewall rules
- IDS/IPS capability
- Elantris has ample resources (128GB RAM)
**Alternative Considered**: Ubiquiti Dream Machine
- Rejected due to cost and ecosystem lock-in
- OPNsense more flexible for homelab
### 10G Backhaul (Planned)
**Decision**: 10G RJ45 between server closet and basement
**Hardware**: 2× GiGaPlus 6-Port 10G PoE switches ($101 each)
**Why GiGaPlus over UniFi**:
- Native 10G RJ45 (no SFP+ transceivers needed)
- Includes PoE for APs
- $202 total vs $800+ for UniFi equivalent
- Cat6 can handle 10G at house distances (<55m)
### WiFi (Planned)
**Decision**: UniFi APs with mixed models
**Hardware**:
- 1× U6 Enterprise (existing) - server closet/upstairs
- 2× U7 Pro ($189 each) - basement + main floor
**Why UniFi**:
- Multiple SSIDs mapped to VLANs
- Seamless roaming between APs
- Centralized management via controller
- Better than Asus mesh for VLAN support
**Controller**: LXC on Proxmox (free) via community helper script
### Reverse Proxy
**Decision**: Single Traefik instance handles all external access