A project to construct a reliable, low-cost, secure, IPv6 gigabit intranet. At home.

Servers

By Name

• Azathoth - [Phase I][3][?][3] general purpose gateway
• [Byatis][4][?][4]
• Niggurath - general purpose app server
• Hastur - media processor and storage
• Cyclops - new media server
• Yuggoth - publicly accessible services
• Pixie - home automation controller

By Service

• Perimeter Router
• Log Server
• Storage Server
• [DNS1][13][?][13]
• [DNS2][14][?][14]
• [VoIP Gateway][15][?][15]
• Mobile Router
• Automation Hub - for Home Automation
• Authentication
• Monitoring
• Power distribution

Network Hardware

• Thomson Speedtouch 516v6 ADSL Modem
• Cisco WAP4410N - 802.11n wireless access point
• TP-Link WDR3600 x2 - wireless N600 routers (4-port gigabit switch)
• Ricoh 213W mono laser printer
• Eaton Eclipse Eco 1200 - UPS
• Zyxel PLA5205 - powerline adapters
• CliMate CM-2 - climate monitor

Switches

• Extreme Networks Summit X450e-24p Gigabit [PoE][31][?][31] switch
• Dell PowerConnect 2716 - 16-port gigabit rackmount switch
• Zyxel GS108 - 8-port gigabit "media" switch
• Netgear [FS105][34][?][34] - 5-port 100Mbit desktop switch
• On-Networks [DSG005][35][?][35] - 5-port gigabit desktop switch

Access Points

• Ubiquiti Unifi AP x3

Other Network Hardware

• Linksys WRT54GL - 802.11g wireless router
• D-Link DGS-1008D - 8-port gigabit desktop switch
• Netgear DG834GT - Sky router

Services

• [Routing][40][?][40]
• Name resolution
• Mail
• Web
• Logging
• [VoIP][45][?][45]
• LDAP
• Network Storage
• Video Surveillance
• Home Automation
• VPN and Geolocation Tunneling
• Indoor Positioning

Features

• Security
• [Gigabit][52][?][52] ethernet
• Bandwidth Management
• IPv6
• [Public Wireless][54][?][54]
• Wan Bonding

Clients

• [Omenbook][56][?][56] laptop
• Nixie netbook
• Archix laptop
• Shochu laptop
• Mobile clients

Troubleshooting

• Proto41Filtering
• PPTP
• Reboot - power failures, etc

Upgrades

• Upgrade 2016

---

Planned Features

• [Perimeter Subnet][64][?][64], [Private Subnet][65][?][65] and [Wireless Subnet][66][?][66]
• [Public Wireless][54][?][54]
• IPv6 tunnelled to public internet via IPv6-over-[IPv4][67][?][67] tunnel
• [Gigabit][52][?][52] ethernet
• Public and local DNS
• Web, Mail, VPN servers
• Remote logging / SNMP
• [OpenBSD][68][?][68] Perimeter/Wireless Router on embedded hardware
• [Private Router][69][?][69] with Gigabit throughput
• Network Storage Server
• SAN
• Media transcoding system
• Thin-client Home-Theatre PC using [MythTV][73][?][73]

Implementation

Network is implemented in three phases:

Phase I - Single subnet

In this phase a single privately addressed ([NATted][74][?][74]) subnet is created.

• Single general purpose [gateway][69][?]69
• Public systems are accessible via DNAT on the gateway.
• One DNS server provides local cacheing and authoritative for public systems.
• Private DNS info is kept in /etc/hosts on each system.
• Single Mail server for secure submission and retrieval
• Azathoth is replaced with embedded/SBC system
• Public domain name registered
  • Update /etc files, mail config, LDAP database, certificates

Phase II - Perimeter and Private subnets

In this phase the subnet is split in to perimeter (non-NAT) and private (NAT) and IPv6 migration begins.

• Second switch is added and Azathoth assumes the role of private router.
• Attempt Gigabit routing throughput on Azathoth.
• Private net migrates to pure IPv6, router provides IPv6-to-[IPv4][67][?][67]
• Second DNS is added and provides cacheing and DNS for all systems
• Perimeter router provides [Bandwith Management][75][?][75]
• VPN gateway provides two-factor authenticated access to private network.

Phase III - Perimeter, Private, Wireless

A wireless IPv6 network is created on the internet side of the perimeter firewall

• Wireless adapter is added to perimeter router
• Pure IPv6 wireless network is created with router running radvd on wireless interface
• Aside from radvd, no systems exist on the wireless network

---

Notes