# 2025 network rewamp ## The plan

--- title: Future high level core network architecture --- graph blix[Blix] er-1[Edge-router 1] er-2[Edge-router 2] udm[Unifi Dream Machine] sw-core["Core switch (layer 2 only)"] net-haus("Hausmania network (routing, NAT)") net-hack("Hackeriet network (routing, NAT)") srv1(Server) srv2(Server) srv3(Server) sw1(Switch) sw2(Switch) sw3(Switch) blix-- VRRP --> er-1 blix-- VRRP --> er-2 er-1-->udm er-2-.->udm er-1--->sw-core er-2-..->sw-core udm-->net-haus udm-->net-hack udm<-- "All VLANs but DMZ" -->sw-core sw-core-->srv1 sw-core-->srv2 sw-core-->srv3 sw-core-->sw1 sw-core-->sw2 sw-core-->sw3

## Projects ### Edgerouter for DMZ routing Pad: https://pad.hackeriet.no/p/2025-network-dmz

Main points

- Set up 2x Edgerouters behind Blix gw - Bind Hackeriet's linknet IP to one of the two ERs - Use VRRP with dedicated internal keepalive network to move VIP - Connect downstream core (pit-sw or UDM+sw-core, depending on the other project) to ERs with separate physical links

  1. Use (R)STP to only keep one downstream link active

- Only route DMZ network - Will not touch internal networks - Separate link to each ER for sw management network

### Unifi Dream Machine for NAT and internal routing

Pad: https://pad.hackeriet.no/p/2025-network-internal

Main points

- Put up Unifi Dream Machine and dedicated L2 core switch - Upstream WAN address in DMZ - Take over all NAT responsibilities from m00n

  1. Bind separate NAT egress addresses in DMZ network

- Trunk all networks but DMZ to sw-core - Serve as wifi controller - Handle inter-network routing and firewalling (i.e. DMZ→hackeriet or hackeriet→haus)