๐ŸšงWork In Progress๐Ÿšง
// Network Topology

Michael's HomeLab

ANIMATED TRAFFIC FLOW ยท DARK MODE ยท LIVE TOPOLOGY
Fibre WAN
1G Ethernet
10G MMF Fibre
2.5G Ethernet
IPsec Tunnel
Cloud / VPS
FIBRE 1G 10G MMF 10G MMF 1G 1G 1G 1G 2.5G IPSEC IPSEC IPSEC CLOUD โ˜ INTERNET Fibre Broadband ยท WAN ๐Ÿ”ฅ FORTIGATE 40F Firewall ยท Gateway ยท IPsec Hub 3ร— Site-to-Site IPsec Tunnels EDGE FIREWALL TUNNEL 1 ยท CENTURION ๐Ÿ”ฅ FortiGate (Remote) Centurion Site FG-to-FG Tunnel FORTIGATE REMOTE TUNNEL 2 ยท RANDPARK ๐Ÿ”€ MikroTik RB750 RandPark Site FG-to-MK Tunnel MIKROTIK REMOTE TUNNEL 3 ยท SANDTON ๐Ÿ”€ MikroTik RBD52G Sandton ยท hAPac2 FG-to-MK Tunnel MIKROTIK REMOTE โ˜ LINODE VPS Cloud Instance ยท Akamai Uptime Kuma ยท n8n Monitoring & Automation CLOUD VPS โšก ARISTA 7010T L3 Core Switch ยท Central Hub 1G uplink ยท dual 10G MMF downlinks 10G MULTIMODE FIBRE ๐Ÿ”€ MIKROTIK CRS326 Access Switch ยท 26-port 10G MMF uplink from Arista ACCESS SWITCH ๐Ÿ”€ UBIQUITI PRO MAX 16 Access Switch ยท 16-port 10G MMF uplink from Arista ACCESS SWITCH ๐Ÿ“ถ TP-LINK AP Access Point ยท 1G WIRELESS AP ๐Ÿ–ฅ PROXMOX Hypervisor ยท 1G HYPERVISOR ๐Ÿง LINUX SERVER Ubuntu Server ยท 1G UBUNTU SERVER ๐ŸŽฎ GAME SERVER Game Host ยท 1G GAME SERVER ๐Ÿ“ถ UBIQUITI U7 LITE WiFi 7 Access Point ยท 2.5G WIFI 7 ยท 2.5G UPLINK

// Topology

FIREWALLFortiGate 40F
CORE SWITCHArista 7010T
ACCESS SWITCHESMikroTik + Ubiquiti
WANFibre (primary only)
WIFIWiFi 7 ยท U7 Lite

// VPN / Cloud

TUNNEL 1Centurion ยท FGโ†”FG
TUNNEL 2RandPark ยท FGโ†”RB750
TUNNEL 3Sandton ยท FGโ†”RBD52G
LINODE VPSUptime Kuma ยท n8n
TUNNEL TYPEIPsec Site-to-Site

// Device Roles

FORTIGATE 40FEdge FW
ARISTA 7010TL3 Core
MIKROTIK CRS326Access SW
UBI PRO MAX 16Access SW
TP-LINK / U7Access Points
โš  Lab Upgrade Requirements

โšก FortiGate โ€” Single Point of Failure

The FortiGate 40F is the sole edge firewall. Any failure means complete loss of internet connectivity and all 3 IPsec site-to-site tunnels simultaneously.
Add a second FortiGate 40F in Active-Passive HA mode. Config sync ensures seamless failover with no manual intervention required.

๐Ÿ“ก No Redundant WAN โ€” Fibre Only

Running on a single Fibre ISP link. If the link drops, all connectivity is lost โ€” internet, remote management, and all 3 site-to-site tunnels go down with it.
Add a MikroTik LTE router connected to both FortiGates. FortiGate SD-WAN monitors link health and auto-fails to LTE within seconds of detecting failure.

โšก Arista 7010T โ€” Single Point of Failure

The Arista is the sole L3 core switch. A failure here simultaneously isolates both access switches, all servers, all APs โ€” total network outage for every downstream device.
Add a second Arista 7010T and configure MLAG between the pair. Connect Proxmox and Linux servers via dual uplinks across both Aristas for active-active redundancy.

๐Ÿ”Œ Server NICs Bottlenecked at 1G

Both Proxmox hypervisor and Linux Ubuntu server connect at 1G only. With 10G MMF fibre available at the Arista, this creates a significant bottleneck for VM migrations, storage and backup traffic.
Upgrade both servers to dual 10G NICs (Intel X550-T2 or Mellanox ConnectX-3). Bond as LACP into the dual Arista MLAG pair for speed and redundancy.
// HOMELAB ยท MICHAEL ยท ANIMATED TOPOLOGY ยท WIP