Comment on Basic networking/subnetting question.
bane_killgrind@slrpnk.net 1 week ago
I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.
Ok, so you are trusting the PCs which you need to keep separate.
There’s no way to know if one of them is hoovering all the traffic from the other, if they are both connected to the same unmanaged switch.
marauding_gibberish142@lemmy.dbzer0.com 1 week ago
The computers will be running OpenBSD. I am researching hardening methods for them and also seeing if it is feasible for me to get Corebooted hardware. I didn’t mention it because I didn’t think it was important.
I feel like my post is being taken very negatively with people finding faults in my words rather than in the networking concept. Would you happen to know why?
bane_killgrind@slrpnk.net 1 week ago
You are basically asking for people to solve a solved problem, there’s no actual need for keeping the PCs separate since you control them both, and oh and you want it done cheap. A bespoke custom solution will not scale regardless if you need it to or not, you should know that.
hometechhacker.com/great-choices-for-opnsense-har…
A firewall device with as many ports as you need is your best bet.
marauding_gibberish142@lemmy.dbzer0.com 1 week ago
Solved using devices that run proprietary software (which is, I imagine, frowned upon in such communities) which we don’t control at all. Heck, even Mikrotik who has a good rapport with this community uses a proprietary Linux distro with a severely outdated kernel for their devices. For something as critical as internal networking, I’m surprised I do not see more dialogue on improving the situation.
Let me try and explain the problem. I want to build a setup where I have multiple clustered routers (I’m sure you’ve heard of the clustering features in PFSENSE/OPNSENSE/DIY approach using Keepalived). But if I want to use VLANs without using a switch running god-knows-what under the hood, I’m going to need a LOT OF ports. Unfortunately, 6+ port PCIe cards are quite expensive and sometimes have many other problems.
This is why I’m trying to find simpler solution. The solution that you mention doesn’t seem to be a solution at all, but just the community giving up on trying to find one and accepting what is given. I was hoping for a better outcome.
bane_killgrind@slrpnk.net 1 week ago
Not liking the solution you have doesn’t mean you don’t have a solution.
Anyway, watch the playlist I sent, it’s a great overview of the OSI model with some other stuff. You mentioned not understanding some layers, once you do you will understand the limitations of the hardware you have.