My goal was to have the ability to manage and control devices connected to my network but also make it as seamless as possible for the users. These goals can be broken down into 3 areas:
This is totally overkill for someone who just want to share the Internet to their devices.
To achieve the above, everything had to be “managed” from a networking point of view i.e configurable. Most consumer routers are configurable but it only applies to the router and not the rest of the network. Switches are prime examples where they route data to the ports with no configuration required. A managed switch can configure each port and tag data to allow other networking devices separate data by the tags (also known as VLAN)
To achieve this, the minimum level of managed devices are layer 2. High levels have more aware of the type of data which means it can apply more in-depth rules based on the data but it also gets more expensive as it needs more power and R&D to do this.
To get going requires specific hardware. Mesh networking at the time I started were just becoming available but also it was expensive. I was fortunate to lay networking cables between wireless access points I had at the time.
Consulting my networking expert friend, Dave this would be the ideal.
Starting from April 2013 it looked like this
Here are more in-depth detail into my goals and the technologies available to meet the 3 goals:
The network maybe secured with a password but once the devices are connected, it has free reign to do what it was to do. How do you know the smart TV you just bought isn’t phoning home or a family memver has just connected their compromised computer or even that friend just pirating films without your knowledge until it’s too late?
VLAN to partition the network and isolate things like broadcasts from devices. This will be tied to subnets to assign IP address into groups.
802.1x security physical security so that people with physical access to a switch cannot just plug a device in.
A view and understanding of your network to see are you maxing out your network capacity? How much of the hundreds of megabit internet connection are you using? How will you know there are issues without the data or to see if you can save money by taking up a slow speed because you only use half the speed after work 80% of the time. How much of the data is time sensitive and will be affected by the slower Internet speeds?
Deep Packet Inspection (DPI) will inspect each packet of data and try to see what type of data it is. DPI itself does not fulfill this goal because DPI can be used for Quality of Service (QoS) to prioritise data for example. DPI can also be reported on so that you can see the types of data on the network.
Web Management Interface to managed devices. This would allow devices to be blocked or unblocked or view and change configuration without going into command lines. A mobile app would be a nice to have.
Ability to filter and/or block content. There are various methods to do this via DNS for example or a built in block list in the router.
All of the above is nothing new. The difference is some of the features are enterprise level so I know I will be paying for the “prosumer” level products. Ubiquiti is the brand I have settled with for most of the equipment with their Unifi range getting great reviews.