A repository of diagrams, descriptions, configs, and scripts for my own reference and to share with anyone interested.
My homelab consists of 3 IP networks (Main, Guest, IoT) connected through 2 routers to an NTT fiber terminal for Internet access. A separate Zigbee network is connected to my Home Assistant smarthome hub.
The physical line is a 1000Mbps fiber from NTT which is the only option in my building.
Internet is provided by OCN for no particular reason other than it's what I've been using from the start. One benefit I found is that OCN supports simultaneous IPoE and PPPoE connections with a single contract, which proved to be useful as explained later.
This ISP provides DHCP IPv6 addresses by default but IPv4 is required to reach most of the Internet. IPoE (MAP-E) enables IPv4 over IPv6 and is typically handled by an IPoE-supported router. The IPv4 address is shared and NATted at the ISP but this isn't an issue for day-to-day use.
Connection methods
Legacy PPPoE connections are also supported but suffer major congestion especially during peak hours, so IPoE is by far the preferred connection method for speed and latency.
Effect of congestion on a 100Mbps PPPoE connection
Only a handful of routers support Japanese IPoE implementations and none of those met my requirements for WiFi 6 and advanced networking. Implementing IPoE on a DIY SBC was possible but not worth the cost nor effort.
The simplest option was to configure an basic IPoE router as an IPoE gateway by disabling most of the router features, leaving WiFi and advanced networking to a separate, more powerful router. The IPoE router settings are as follows:
- Enable
- IPoE (OCN Virtual Connect)
- IPv6 bridging
- PPPoe passthrough
- Disable
- WiFi
- DHCP
- IPv4 and IPv6 firewalls
- Set DMZ to an internal IP address which will be the primary router's static WAN address
The LAN side of the gateway now provides 1 local IPv4 address and passes through all IPv6 addresses.
3 LANs provide security and enable application of systematic policies.
The primary LAN hosts trusted devices like NAS, laptops, and mobile. A few trusted IoT devices like Nvidia Shield and Nest Home are also on this LAN as they require access to the NAS and multicast from trusted devices.
Topology
At the core of the main LAN is an ASUS RT-AX86U running the Asuswrt-Merlin custom firmware.