Found attachment of size 1912093.
Sun, 27 Apr 2025 06:59:20 -0700 Andy from private IP, post #11920207 /all 100G office LAN - extreme overkill, but that's my style Most people know by now that I'm pretty extreme with my office setup for the law firm. One thing I haven't mentioned yet is that I wired my office with fiber in late 2023 and I got a heavy duty 100G switch in mid-2024. The only thing I have left to do is terminate the fiber connectors so that they are actually live and usable, and take final photos. It's been a lengthy, gradual process, but that's what happens with the precision required to do this. I was immensely assisted by finding the Corning Unicam system, which allows field termination of LC connectors by non-experts with the Corning proprietary tools. The overall project is certainly overkill, but it will be helpful with the Trial Laboratory consuming so much bandwidth on the network when video is being processed and livestreamed. Doing this level of setup will help ensure that our VOIP phone system is not affected by large file transfers during streaming. It's also going to let everyone in the law firm have instantaneous all-fiber access to my systems and the internet, which the employees currently only have Wifi access to. I'm going to update this brief write-up with photos of my I.T. closet and details on the final build in case anyone is interested. Nerd level: EXPERT. https://www.andrewwatters.com/network/100G/ #LawFirm #Technology Sun, 27 Apr 2025 09:44:58 -0700 phosita from private IP Reply #16290715 👍 Oh heck yeah. This is relevant to my interests. I have so many questions. Sun, 27 Apr 2025 10:15:12 -0700 Andy from private IP Reply #16242424 @phositaTest Finally, someone who is interested in the project...lol. What can I answer for you? Sun, 27 Apr 2025 11:55:16 -0700 whiteguyinchina from private IP Reply #14634474 Do you think you have found your true calling as a lawyer IT nerd or have missed your true calling? Impressive work as always Sun, 27 Apr 2025 11:58:45 -0700 Andy from private IP Reply #14156370 @whiteguyinchinaTest I am self-actualized, but at the same time, I could have done a lot more in some other field. I don't know what that field would be, at this point, sadly. So yes? Sun, 27 Apr 2025 20:10:01 -0700 phosita from private IP Reply #16326348 👍 The network speed is cool and all but what is interesting to me is: (a) with this speed, what now becomes limiting; (b) how are you employing VLANs; (c) how/why are you using IPv6; (d) what are you doing for firewall. Props for splurging on multiple kilobucks worth of fiber tools btw. Sun, 27 Apr 2025 20:16:59 -0700 Andy from private IP Reply #13075805 (a) I haven't found out yet, but I will! (b) I'm intending to have VLANs for the Trial Laboratory and the VOIP phones so they each have an allocation of bandwidth. (c) I've found that IPv6 is noticeably much faster than IPv4. (d) The greatest open source firewall of all-time, Netgate pfSense. I love this setup and more law firms should have this type of system. I pay zero dollars per month to Google since I have all my own hardware. Mon, 28 Apr 2025 08:52:29 -0700 whiteguyinchina from private IP Reply #11617211 Andy i know how you feel. You are probably too smart for your own good. There will always be unexplored potential. But maybe that is life. Mon, 28 Apr 2025 09:19:48 -0700 phosita from private IP Reply #16769232 As to (c): interesting. What do you mean by "much faster" in this context? The last time I messed with IPv6, which admittedly is a couple years ago now, I did notice that latency into the Internet was a smidge less than v4 - even reaching what was presumably the same physical host - but it wasn't a big deal and it wasn't universal. Inside the firewall I couldn't tell the difference. As to (d): highly credited. I am now on my second netgate box. The hardware is good quality and pfSense itself is a nice package. Heh, ever look at your snort logs? It is wild out there, man, just wild. Mon, 28 Apr 2025 09:39:19 -0700 Andy from private IP Reply #17273866 On (c), I've noticed that the absence of Network Address Translation seems to accelerate things a lot, which makes sense. On fiber, our IPv6 setup is blindingly fast, no joke. I also like the fact that my web server serves pages over IPv6, so there is granularity and accountability when someone visits from an IPv6 client. On (d), I don't have Snort or another IDS, except for fail2ban on the SSH-enabled machines. I've found that pfSense is adequate for little old me, although I have banned entire networks in other countries due to their hacking efforts. Each machine is only exposed on the ports it needs for its role. I love pfSense for this because of its easy interface. I routinely monitor my logs and it's all good right now. Mon, 28 Apr 2025 10:09:25 -0700 phosita from private IP Reply #16765107 I've never pushed NAT beyond gigabit ethernet, so...apples to oranges. Still, I have never NOT been able to get wire speed. My intuition is that even modest hardware can do NAT at wire speed to ~10 gigabit, but I have no personal experience on that. Hmm yeah, at 100 you might start to need some real gourmet kit. Most v6 traffic hitting your pages is going to be mobiles, yeah? Household ISPs don't even support v6 regularly - though both of mine do - and your modal household user is probably behind a years-old COTS wifi router without meaningful v6 support. Maybe just for grins I'll set up v6 just for visiting slash.law. :) My netgate box (3100) is EOL. It will soon be my sad duty to replace it with something still supported. The 6100 looks nice, dunnit? Mon, 28 Apr 2025 10:25:40 -0700 Andy from private IP Reply #14119428 I have my pfSense on custom high-availability hardware with redundant power supplies. Will post a writeup at some point. Color me badd... Yes, most IPv6 traffic at this point is mobile devices, but sometimes I get visitors from enterprise fiber networks such as Google Fiber, which is on IPv6 for sure. Mon, 28 Apr 2025 11:11:59 -0700 phosita from private IP Reply #15110560 🤣 High availability is a deep, deep rabbit hole. At the bottom there is only money, so much money. And so much cool kit!Replies require login.
@16290715 Andy 👍 @16326348 Andy 👍 @15110560 Andy 🤣