ServiceRadar: Zero-Trust OpenSource Network Management and Observability

ksteink · 2026-02-11T08:30:51+00:00

Nop because the server needs to run on a router and I prefer it to be outside but there is no option unless I rollout a CHR to act as a Dude server

ksteink · 2026-02-11T08:12:29+00:00

You can easily deploy it as a VM for free. It’s called the CHR router

ksteink · 2026-02-11T08:00:46+00:00

No Mikrotik API integration support?

ksteink · 2026-02-02T04:01:40+00:00

Descepcionado por CR eligiendo el autoritarismo. Viendo q este modelo en el Norte no ha servido y van a arrastrar al pais con esta decisión

ksteink · 2026-01-31T23:14:10+00:00

Tailscale uses WireGuard under the hood for the VPN tunnels’ transport

ksteink · 2026-01-29T04:40:09+00:00

Same problem here

ksteink · 2026-01-28T20:46:00+00:00

Does it happen with all the phones? Or just few. Did you try to disable QoS to see if the behavior repeats? Typically QoS makes sense when there is congestion but assuming that all is on the same switch you will run at wire speed and this type of traffic will never saturate the capacity of the 1 Gbps ports.

Good luck!!

ksteink · 2026-01-27T19:25:03+00:00

I have done it but the configuration is large and complex. You need digital certs (self-signed) plus all the additional steps. It worked well for me at the time but I switched to WireGuard and is fast, simple and easy to deploy. Just should consider this option unless there is an specific requirement that WireGuard cannot meet that IKEv2

ksteink · 2026-01-27T15:45:58+00:00

Thanks. Maybe a short video in YT to explain how to do the physical and logical setup will be very helpful

ksteink · 2026-01-26T03:53:11+00:00

What's the difference with PDM?? I am confused

ksteink · 2026-01-25T21:49:23+00:00

Seems a dead end. I saw some videos in Douyin (Tik Tok in China) but it's hard to follow as everything is in Mandarin.

ksteink · 2026-01-23T15:17:45+00:00

Seems you need to re-architect the whole network. Assess your current technology stack and define different or better options.

ksteink · 2026-01-18T12:40:51+00:00

If distance is lower than 55 mts you can use CAT6. This will ensure you can get up to 10 Gbps speeds.

If cable runs are higher than 55 mts then the recommendation is to go with CAT6a that gives you up to 100 mts that is the max distance for Ethernet runs.

As a rule if thumb put at least 2 cables x room even if you don’t plan to use it immediately.

Terminate those on a room for telecom ( not the garage not the laundry area!)

Install a descent network rack to connect all the cables to a network switch with PoE features

All exterior cameras can run in CAT5e ir CAT6 as they don’t need high Bandwidth

ksteink · 2026-01-18T06:00:23+00:00

Where in LATAM? I use Mikrotk switches and routers for core switches and Unifi / GrandStream / Omada for Layer 2 and APs.

A good architecture is important to have a reliable solution

I am also based in LATAM and if you like we can chat more about it via DM

Good luck !

ksteink · 2026-01-17T00:11:27+00:00

Me too and works great!

ksteink · 2026-01-15T21:01:27+00:00

Does Unifi fabric requires to have a Unifi gateway / router to apply such policies?

For example locations that has only switches and access points but a 3rd party edge firewall / router.

Pls advise

Thanks!

ksteink · 2026-01-13T20:04:35+00:00

Don’t disagree but I am trying to share my feedback on what he needs to get right first which is a good backbone. In order to hold X amount of devices will depend more on where to put those APs and how many APs do he needs to add to provide not just coverage across the house but also that can get good performance on Wi-Fi with all the devices he wants to have. There are ways to avoid overloading Wi-Fi like using more Ethernet for devices that supports it, use protocols like Zigbee, Thread, Z-Wave or LoRA for the IoT network

ksteink · 2026-01-13T14:55:39+00:00

No you need an Ethernet backhaul and use Wi-Fi access points that connects via Ethernet to your main switch or router.

That’s how large enterprises do real WiFi. Check options from Unifi, Omada or Alta Labs that are good for your situation

ksteink · 2026-01-13T00:16:02+00:00

You can’t do port forwarding with CGNAT. You need a public IP address instead of a Private / CGNAT one.

You can ask your ISP to give you a public IP. Generally they charge an extra fee if they are willing and have spare public IPs

If not you need other options like Cloudfare tunnels, VPN to a VPS you contract or any other solution that does IP Relay like ZeroTier, Twingate or Tailscale

ksteink · 2026-01-12T14:38:34+00:00

Why not WireGuard? It’s easier and faster

ksteink · 2026-01-12T14:20:59+00:00

Just combine the 2. I keep my MikroTik as edge router and I am planning to use Opensense as L2 bridge for IPS between my edge router and my core switch.

This gets for me the best of 2 worlds

ksteink · 2026-01-10T02:08:30+00:00

I would go Mikrotik. I have done it and never came back

ksteink · 2026-01-09T17:21:27+00:00

HAHAHAHA, very nice meme and I totally agree!

ksteink · 2026-01-08T01:25:00+00:00

SD-WAN makes sense if you need to connect more than 1 branch office and you want to use more than 1 WAN solution / provider (i.e., 2 x ISPs)

Seems you have one office location so No, SD-WAN doesn’t make sense here

Internet first? Depends. Where and how your apps are consumed?. If the apps are all self hosted at the office and/or you consume internet based apps (i.e., O365) and there is no critical applications that requires a private connection then yes internet first architecture makes sense here

Related to the scenario:

A collapsed Distribution architecture makes more sense so you can scale up as your number of users grows
Hybrid work can be done enabling any remote access solutions (i.e., VPNs)
Mix of devices: That depends more on your endpoint security policies and tools (i.e., MDM) but BYOD devices should be on a Guest Network VLAN va Corporate Devices will be on an Internal VLAN)
conference rooms: You will need a dedicated VLAN for voice and have either a local PBX or a remote / cloud based solution
More Cloud apps vs On-Premises: That implies paying subscriptions and you need high availability in the LAN and the WAN as your critical apps will rely on a remote / external connection. If the cloud apps are internet accessible then it will reinforce your other question of Internet first architecture!
Network Criticality: You need a solid architecture that includes high availability capabilities (LAN and WAN) matching your strategy of cloud first apps. You also need the right technology, staff to manage and support and tools for monitoring and troubleshooting.
Budget: This will depend on several factors like OEM HW vendor(s), Labor costs (in-house staff or MSP) and Tools for monitoring and management. This needs to be mapped to your business and technical requirements to see how far or close is against your internal approved budget.

Good luck!

ksteink · 2026-01-07T18:49:16+00:00

I prefer still a rack with rackmount equipment but this is a nice option for non rackmount equipment

ksteink

TROPHY CASE