Register (or login) on our website and you will not see this ad.
|
|
For me I worry about accidentally leaving a door open somewhere on the router that lets unwanted guests in 
Do you mean unauthorized access to your router, or to your internal network?
To your router: Mikrotik makes that pretty easy. All traffic to the router itself (i.e. any of its own interface addresses) hits the "input" chain, so you put a rule which blocks everything except your LAN addresses.
To your internal network: routers and firewalls these days can offer little or no protection anyway. That's because the primary routes for attack are (1) clicking on infected links in web pages, and (2) clicking on infected attachments in E-mails. Both of these are making "outbound" connections to the Internet, which are usually allowed unconditionally, are generally encrypted (HTTPS or IMAPS). The firewall or router can do nothing about this.
Your best bet is to assume that you *are* going to be infected, and then to detect it - e.g. with an IDS - and clean up.
|
|
|
Do you mean unauthorized access to your router, or to your internal network? Thanks, I was referring to both.
The thought of someone rattling my router ports and finding a vulnerability (because of my configuration) that gives them access to my router or internal network is what concerns me about going for something like a Mikrotik or a product running something like pfsense. I appreciate that a lot of issues are now caused by the internal users clicking infected links or opening iffy attachments but thats the same regardless of what router you have installed.
|
|
|
What do you want the SFP for? The ONT is a copper connection.
I wanted to extend my network to an outbuilding (office/games) using Fibre (OM3) via SFP.
I didn't want so many devices on the network as I thought that may introduce latency and affect performance.
Essentially I was querying whether there is a network router which will interface with the Openreach ONT modem and replace the BT router.
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
What do you want the SFP for? The ONT is a copper connection.
I wanted to extend my network to an outbuilding (office/games) using Fibre (OM3) via SFP.
I didn't want so many devices on the network as I thought that may introduce latency and affect performance.
Essentially I was querying whether there is a network router which will interface with the Openreach ONT modem and replace the BT router.
1. Using fibre is the right way to do this. Copper network connections between buildings are dangerous, due to induced voltages when thunderstorms are nearby.
2. The standard for 1G over fibre (1000baseLX/LH) conveniently works over both single mode (OS2) and multi mode (OM1/2/3/4), but you don't want to be installing multi mode unless you have no other option. Single mode is better in every regard, and perhaps surprisingly, it's also cheaper than multi mode. However you do want to get it ready-made, ready-terminated to the correct length.
(In the old days, if you were an enthusiast you could have a go at splicing pigtails to multi mode fibre by hand. It was a slow and painful operation, with lots of polishing involved. There's no chance of doing this for single mode)
3. Adding an extra device into the path will not make any noticeable impact on latency or performance. It *is* potentially an extra point of failure; from that point of view it's better to use a managed switch, than a dumb media converter, so you can monitor it (you can for example read the light levels from the SFP). But you definitely aren't going to notice one extra switch hop at a gigabit.
4. If you replace your BT router you will lose your voice "landline" service. Maybe you don't care about this, but it's something you at least need to consider.
5. Obviously, you'll need something with an SFP port at both ends of the link. Therefore it may be convenient to get two identical things - e.g. two Netgear GS110TP - so that you only have to learn one type of device. I like that particular device because it is fanless and has built-in PoE, so you can hang wireless access points directly off it. (But not PoE+)
|
|
|
What do you want the SFP for? The ONT is a copper connection.
I wanted to extend my network to an outbuilding (office/games) using Fibre (OM3) via SFP.
I didn't want so many devices on the network as I thought that may introduce latency and affect performance.
Essentially I was querying whether there is a network router which will interface with the Openreach ONT modem and replace the BT router.
1. Using fibre is the right way to do this. Copper network connections between buildings are dangerous, due to induced voltages when thunderstorms are nearby.
2. The standard for 1G over fibre (1000baseLX/LH) conveniently works over both single mode (OS2) and multi mode (OM1/2/3/4), but you don't want to be installing multi mode unless you have no other option. Single mode is better in every regard, and perhaps surprisingly, it's also cheaper than multi mode. However you do want to get it ready-made, ready-terminated to the correct length.
(In the old days, if you were an enthusiast you could have a go at splicing pigtails to multi mode fibre by hand. It was a slow and painful operation, with lots of polishing involved. There's no chance of doing this for single mode)
3. Adding an extra device into the path will not make any noticeable impact on latency or performance. It *is* potentially an extra point of failure; from that point of view it's better to use a managed switch, than a dumb media converter, so you can monitor it (you can for example read the light levels from the SFP). But you definitely aren't going to notice one extra switch hop at a gigabit.
4. If you replace your BT router you will lose your voice "landline" service. Maybe you don't care about this, but it's something you at least need to consider.
5. Obviously, you'll need something with an SFP port at both ends of the link. Therefore it may be convenient to get two identical things - e.g. two Netgear GS110TP - so that you only have to learn one type of device. I like that particular device because it is fanless and has built-in PoE, so you can hang wireless access points directly off it. (But not PoE+)
Thanks for the explanation, this is much more clearer to me now.
I've just had a look at FS.com; OS2 cables seem to be significantly cheaper than their OM3/OM4 counterparts. I was planning to get these 'armored' cables - I like the fact they have multiple connectors for redundancy.
I did not know that the landline/phone service was tied to the BT router. So in this case, any 'network switch' with built in SFP would the preferred option. I should note I have not yet ordered FTTP although I expect to receive connectivity in a few months on a new build so wanted to ensure I had everything in place by the time I move in!
Would the correct path of installing these products go like this?
Openreach modem ->
BT Hub ->
Switch
-> SFP - > 2nd Switch -> TV/PC/PS5 (Outbuilding)
-> Household devices/TV etc (Main house)
Would 'piggybacking' the BT hub via the Netgear Switch (or any switch for that matter) cause a bottleneck as it's derived from one Ethernet port, or does that not matter?
Edited by RAY21 (Sun 02-Jan-22 16:54:50)
|
|
|
I've just had a look at FS.com; OS2 cables seem to be significantly cheaper than their OM3/OM4 counterparts. I was planning to get these 'armored' cables - I like the fact they have multiple connectors for redundancy.
Armoured cables are great for keeping the rats out. However if it has a metal shield, do make sure it's properly bonded to earth at each end. I'd still run it within trunking anyway.
With a standard SFP (e.g. this) you need two fibres: one for transmit and one for receive - so there's no "redundancy" as such by having a cable with two fibres.
You can buy "BiDi" (bidirectional) SFPs which transmit and receive on the same fibre: they have built-in filters for separating the signals, and because they transmit and receive on different wavelengths, you need different ones at each end that are mirror images of each other. I wouldn't bother unless you are trying to use a single spare fibre somewhere.
any 'network switch' with built in SFP would suffice, correct?
Yes, any 1G ethernet switch.
Would the correct path of installing these products go like this?
Openreach modem -> BT Hub -> Switch -> Household devices etc?
More like:
| Text | 1
23
| Openreach ONT -- BT router -- Switch1 --------- Switch2
||| ||| ||| local devices remote devices |
Would 'piggybacking' the BT hub via the Netgear Switch (or any switch for that matter) cause a bottleneck as it's derived from one Ethernet port, or does that not matter?
The total amount of traffic via any ethernet port is 1G (1G inbound + 1G outbound simultaneously). So that limits the total traffic to your outbuilding, and as such could be considered a "bottleneck". However unless you're trying to send more than 1G of traffic in total between your local devices and remote devices, it's not an issue.
You could make the link between your main building and outbuilding run at 10G if you want instead. The actual SFP+ module is not much more expensive; what's expensive is a switch which has 10G SFP+ ports. I'd say YAGNI, but if you install single mode fibre, you can upgrade to 10G or faster later if you want.
|
|
|
I should note I have not yet ordered FTTP although I expect to receive connectivity in a few months on a new build so wanted to ensure I had everything in place by the time I move in!
In that case there is another option for how to deal with voice, which is to use VOIP. You would need either a VOIP phone, a VOIP app, or a VOIP device (e.g. ATA or DECT base station) for your "landline", and this would work over any broadband connection.
If you don't care about keeping your existing phone number - or were already resigned to it having to change when you moved - then you can sign up for a VOIP service now, with a new phone number; test it all out, and take it with you when you move. You can then get FTTP without voice, or FTTP with voice and ignore the new number they give you. This widens your choice of providers - for example, Talktalk have a good price for 150M or 500M FTTP, but they don't include any voice service.
It's also possible to port your existing phone number to a VOIP provider, to make it completely independent from your broadband. This means you can keep your existing phone number forever, even if you're moving to a different part of the UK (or even abroad).
However, you'd have to do this before you move, and the act of porting your phone number to VOIP will automatically cease the underlying phone line and any attached broadband service. So if you're currently getting your phone calls via a copper line with FTTC on it, you'd need to be careful over the timing so as not to be without broadband for too long.
|
|
|
I should note I have not yet ordered FTTP although I expect to receive connectivity in a few months on a new build so wanted to ensure I had everything in place by the time I move in!
In that case there is another option for how to deal with voice, which is to use VOIP. You would need either a VOIP phone, a VOIP app, or a VOIP device (e.g. ATA or DECT base station) for your "landline", and this would work over any broadband connection.
If you don't care about keeping your existing phone number - or were already resigned to it having to change when you moved - then you can sign up for a VOIP service now, with a new phone number; test it all out, and take it with you when you move. You can then get FTTP without voice, or FTTP with voice and ignore the new number they give you. This widens your choice of providers - for example, Talktalk have a good price for 150M or 500M FTTP, but they don't include any voice service.
It's also possible to port your existing phone number to a VOIP provider, to make it completely independent from your broadband. This means you can keep your existing phone number forever, even if you're moving to a different part of the UK (or even abroad).
However, you'd have to do this before you move, and the act of porting your phone number to VOIP will automatically cease the underlying phone line and any attached broadband service. So if you're currently getting your phone calls via a copper line with FTTC on it, you'd need to be careful over the timing so as not to be without broadband for too long.
This sounds quite complicated to be honest. I'll probably just stick with whatever phone connection BT will provide. So I guess their Smart Hub is mandatory due to this?
|
|
|
I've just had a look at FS.com; OS2 cables seem to be significantly cheaper than their OM3/OM4 counterparts. I was planning to get these 'armored' cables - I like the fact they have multiple connectors for redundancy.
Armoured cables are great for keeping the rats out. However if it has a metal shield, do make sure it's properly bonded to earth at each end. I'd still run it within trunking anyway.
With a standard SFP (e.g. this) you need two fibres: one for transmit and one for receive - so there's no "redundancy" as such by having a cable with two fibres.
You can buy "BiDi" (bidirectional) SFPs which transmit and receive on the same fibre: they have built-in filters for separating the signals, and because they transmit and receive on different wavelengths, you need different ones at each end that are mirror images of each other. I wouldn't bother unless you are trying to use a single spare fibre somewhere.
any 'network switch' with built in SFP would suffice, correct?
Yes, any 1G ethernet switch.
Would the correct path of installing these products go like this?
Openreach modem -> BT Hub -> Switch -> Household devices etc?
More like:
| Text | 1
23
| Openreach ONT -- BT router -- Switch1 --------- Switch2
||| ||| ||| local devices remote devices |
Would 'piggybacking' the BT hub via the Netgear Switch (or any switch for that matter) cause a bottleneck as it's derived from one Ethernet port, or does that not matter?
The total amount of traffic via any ethernet port is 1G (1G inbound + 1G outbound simultaneously). So that limits the total traffic to your outbuilding, and as such could be considered a "bottleneck". However unless you're trying to send more than 1G of traffic in total between your local devices and remote devices, it's not an issue.
You could make the link between your main building and outbuilding run at 10G if you want instead. The actual SFP+ module is not much more expensive; what's expensive is a switch which has 10G SFP+ ports. I'd say YAGNI, but if you install single mode fibre, you can upgrade to 10G or faster later if you want.
The cables will be fed through a conduit between the two buildings.
So essentially, a normal SFP module requires a Duplex connection (2 fibre strands), and a BiDi SFP module can use a Simplex connection (1 fibre strand)? Interesting, did not know this.
Are there any advantages or disadvantages versus Simplex (BiDi) vs Duplex transmission?
Which SFP module will work the the Netgear switch and OS2 cables?
Also I found this via Google:
https://networkengineering.stackexchange.com/questio...
Can 3 ethernet cables actually connect to the Netgear switch, and create separate VLANs as a result?
Edited by RAY21 (Sun 02-Jan-22 18:08:02)
|
|
|
This sounds quite complicated to be honest. I'll probably just stick with whatever phone connection BT will provide. So I guess their Smart Hub is mandatory due to this?
Yes. Ditto if you take service from Sky, Zen or Vodafone, who are the other main players who'll sell you FTTP with voice.
Which SFP module will work the the Netgear switch and OS2 cables?
The one I linked to before: 1000baseLX (sometimes known as 1000baseLH)
Also I found this via Google:
https://networkengineering.stackexchange.com/questio...
Can 3 ethernet cables actually connect to the Netgear switch, and create separate VLANs as a result?
Ergh. This question is too complicated for a simple answer.
Separate cables can indeed carry separate VLANs - which would be separate IP subnets. You can also carry multiple VLANs on a single cable, using VLAN tagging where each packet is marked with the VLAN it belongs to.
Connecting three cables directly between two switches can make bad things happen: normally two of them will be shut down by spanning tree to avoid loops, unless you configure a link aggregation group.
However all this is irrelevant if the BT router doesn't let you create multiple LAN subnets and route between them. I would suspect not, as it will be dumbed down for a consumer connection, but I don't have one to check against.
If you want multiple subnets, you're out of the "Average Joe" category and you need to start learning about IP routing. And that's where having a more powerful and flexible router comes into play.
|
|
|