This is a basic question about my network configuration and just want some input if I'm overcomplicating things.
My setup:
1. OPNSense running on a firewall appliance which has six (6) ports, one used for WAN and the other five (5) are running their own subnets with VLAN tagging. With the exception of "Guest WiFi", each DHCP assigns a static IP address based on the MAC address of the device.
2. In 2020, I started automating my home and was adding new devices on my home LAN aggressively. In the beginning I'd some network congestion which inhibited few of the IoTs, so I started assigning all of my IoTs static IP addresses in their respective configuration files.
3. Now I've close to 100 IoTs installed throughout the house and I'm questioning the need to duplicate the effort of defining static IP address (against MAC) in the FW and in the configuration for each IoT device.
Question: Since all the IoTs are on one dedicated VLAN (with its own WiFi router), will I experience any network congestion if I configure each IoT in "DHCP" mode and let OPNSense dictate the static IP address assignment based on the IoT's MAC address.
I'll appreciate any pointers from others who may have more insights on network topologies or personal experiences.
Thanks.
What sort of "congestion" are you talking about? Was the DHCP service somehow unable to keep up with demand? Otherwise I can't imagine how static configuration vs. DHCP would affect network congestion.
Personally I use DHCP with static mappings (reservations) for most of my "things" - so I can "tell what's what", and manage things as needed (mDNS may be an alternative for the latter).
I would as well like to know what congestion you are talking about.
Static DHCP mappings based on MAC are normal thing. I Do it like that, if I see new device in the system it will get DHCP IP and than I just bind it to an IP allocating an IP from the Pool.
Regards,
S.
Thanks @dseven and @seimus for your inputs.
My original message was getting long so I skipped few details. In 2020 when I started home automation, I was not using VLANs and had DHCP servers running on five (5) untagged interfaces. I also started experimenting with WiFi cameras and all the WIFi traffic (IoTs, home devices, cameras and guest) was handled by a single Orbi mesh router set. This topology clearly caused lot of unnecessary broadcasting across the home network and many of the devices (IoTs included) were either unable to get on the network or get enough bandwidth. So to circumvent that problem, I stated adding static IP addresses to each device whenever the device configuration permitted and I'm still continuing this habit.
The above practice of assigning static IP at a device level eased the congestion a little bit but the problem really got sorted out when I added VLANs to the network and separated out the SSIDs for home devices, guest and IoTs. And specifically for the IoT subnet, the DHCP server on OPNSense has all devices IoTs MACs mapped to static IP addresses. So in short I'm duplicating efforts for static IP address assignment:
1) Within each IoT device configuration and
2) OPNSense DHCP server
My question was related to discontinuing 1) and simple let OPNSense handle the static IP mapping for each device based on the MAC address. Based on your comments it seems like a standard practice and should work for me without any foreseeable problems.
Well no wonder you had such problems with only a one L3 network. Lot of those devices you mentioned like to "talk" or as I like to call it "spam the network". IoT devices and SmarTVs are notorious for flooding Broadcast traffic, what you basically have or had is a "Broadcast storm".
Thats one of the reasons VLANs should be used.
Also a lot of L2 managed switches have a function for controlling BUM traffic (Broadcast, Multicast, Unknown Unicast) on a per port level called "Storm control". You can set a threshold to rate limit BUM traffic and excess BUM traffic would be dropped per port. This is something you maybe could investigate more for you scenario, as you could potentially control BUM traffic closest to the source. This feature is usually used for endpoints (anything that is not a NW device such as Servers, Phones, PCs, IoT, etc.)
Regards,
S.
Quote from: Seimus on November 21, 2024, 09:55:02 AM
Also a lot of L2 managed switches have a function for controlling BUM traffic (Broadcast, Multicast, Unknown Unicast) on a per port level called "Storm control". You can set a threshold to rate limit BUM traffic and excess BUM traffic would be dropped per port. This is something you maybe could investigate more for you scenario, as you could potentially control BUM traffic closest to the source. This feature is usually used for endpoints (anything that is not a NW device such as Servers, Phones, PCs, IoT, etc.)
Thanks for your insightful comments. The VLANs had been a huge relief and honestly I learnt more networking via home automation project than reading OPNSense documentation. It is one thing to watch a YouTube video and slap two appliances on GNS3 to learn that "trunk was successfully formed" and another thing to have your wife screaming at you in the middle of the work day cos the garage door will not open!!
The L2 switches I'm using do have "storm throttling" option but I was not using this option so thanks for pointing me to the next step my in the journey or better learning!!