Quantcast

Clean Up Network Rack Help

Scott28

Active Member
Guys,

I need your assistance, I have just changed out the networking equipment in my rack to a full Ubiquiti system.

USG Pro 4
Cloud Key Gen #2 (with rack mount accessory)
US 24 port 150W POE switch.

I thought I would be really clever and purchase a cable managment finger mount & a keystone patch panel all connected using 25cm patch cables.

The outcome has not been good or anywhere near what I was expecting it to look like.

can anyone advise how they would orientate this rack, any accessory and cabling that would help me as I want it to look neat and tidy.

I was thinking about possibly changing out the 24port keystone panel for x2 12 port panels (1 above and one below) but I don’t think that will look particularly good either.

any ideas / options would be greatly appreciated.

Thank you.



84EA90A1-F9A3-475F-8DB0-0F79BF90D9B6.jpeg
44492791-E927-48C3-97EE-CEAC06547151.jpeg
701BE6E1-B140-4CC2-83CE-F801380B441C.jpeg
 

mickevh

Distinguished Member
Looks pretty good to me; I've seen much worse than that.

Just spitballing;

Maybe you could add another cable manager below the patch panel, but you don't seem to have much space to spare.

Perhaps get hold of some cable ties so you can run the cables "just so" and then lash them into place. I prefer the "velcro"type ties as the are re-usable (and required for cat6 and higher) over the single use plastic zip-lock ones. Velcro ties are available either as individual ties, or as a roll you can cut off to whatever length you like. (I prefer the latter.)

Maybe Google something like "data cable management" for some images of what the professionals do for inspiration - some of their work is verging on (ahem) beautiful. Companies that sell cable management products probably have lots if pretty pictures.

If you wanted to be uber professional, you'd also write yourself a "patching schedule" (what port goes to where) and/or label the cables each end.
 
Last edited:

Markr123

Active Member
I’d largely agree with the above as @mickevh has said. In my experience, I have always found you have to compromise between “quick and easy to service” and “pretty”. Based on your images (really nice setup btw), I maybe tempted with a 2u cable manager bar to give you more space to route the cable neatly. I also agree with the Velcro ties. Perhaps the odd additional blank plate?

I too am wiring my cabinet and suffer a bit of OCD on pretty cabs. I still have nearly 30 cables to patch. Once done, >95% will remain static and won’t need changes. I’m therefore electing to take the cables neatly through a brush bar and Velcro tied into groups round the back and back through a brush bar lower down. Yes, a pain in the wotsit if I want to change but have made a patch sheet in excel mapping port to port.

Here is an interim photo of one of my cabs during setting up of the latest iteration. Most kit in the cabinet is now wired up although still not properly routed as I’d like. Just the lobes to the rest of the house going to the patch panels yet to finish. Obviously I’ve not got much of the patch cables finished but hope it remains fairly clean when the all go through the brush bars.

6A42CFA4-A3E2-4817-8912-3C179A8B7F52.jpeg
 

Scott28

Active Member
I’d largely agree with the above as @mickevh has said. In my experience, I have always found you have to compromise between “quick and easy to service” and “pretty”. Based on your images (really nice setup btw), I maybe tempted with a 2u cable manager bar to give you more space to route the cable neatly. I also agree with the Velcro ties. Perhaps the odd additional blank plate?

I too am wiring my cabinet and suffer a bit of OCD on pretty cabs. I still have nearly 30 cables to patch. Once done, >95% will remain static and won’t need changes. I’m therefore electing to take the cables neatly through a brush bar and Velcro tied into groups round the back and back through a brush bar lower down. Yes, a pain in the wotsit if I want to change but have made a patch sheet in excel mapping port to port.

Here is an interim photo of one of my cabs during setting up of the latest iteration. Most kit in the cabinet is now wired up although still not properly routed as I’d like. Just the lobes to the rest of the house going to the patch panels yet to finish. Obviously I’ve not got much of the patch cables finished but hope it remains fairly clean when the all go through the brush bars.

View attachment 1215122
Wow ! Nice Rack!
I have a real rack envy, don’t tell my wife lol.
That honestly looks amazing.

Mine is still very early development and still working out optimum places for everything.
Talking of tech OCD, mine flares up over the discolouration of the blue light on the Cloud key rack, it’s blue, just not the same Blue as the other 2 components.
Thanks for your input.
 
Last edited:

Markr123

Active Member
Thank you @Scott28. It’s been a labour of love (and expense). It’s been through several changes. Don’t be surprised if you find yourself pulling everything out and putting it back over a weekend (whilst trying to maintain uptime for the WiFi to keep the household happy LOL).

I did notice the difference in power led colour of the Ubiquiti kit and managed to refrain from mentioning. That would drive me slightly crazy. My “tech OCD” has even got me tempted to a £60 powder coating of my cabinet to black! Got it at such a good price on eBay I had to compromise for the lighter colour. Still, helps the RGB LED look better.

I just run a gen 1 cloud key in my other cabinet. What are your thoughts on the USG PRO 4? Worth it? I was tempted but my draytek is just rock solid and have used them for years.
.

I’d be tempted to get your hue hub out of the cabinet if you can.
 

Scott28

Active Member
Thank you @Scott28. It’s been a labour of love (and expense). It’s been through several changes. Don’t be surprised if you find yourself pulling everything out and putting it back over a weekend (whilst trying to maintain uptime for the WiFi to keep the household happy LOL).

I did notice the difference in power led colour of the Ubiquiti kit and managed to refrain from mentioning. That would drive me slightly crazy. My “tech OCD” has even got me tempted to a £60 powder coating of my cabinet to black! Got it at such a good price on eBay I had to compromise for the lighter colour. Still, helps the RGB LED look better.

I just run a gen 1 cloud key in my other cabinet. What are your thoughts on the USG PRO 4? Worth it? I was tempted but my draytek is just rock solid and have used them for years.
.

I’d be tempted to get your hue hub out of the cabinet if you can.
@Markr123 There is a lot of items in there that are unneeded, the Hue Hub being one of them. I haven’t been able to find any mention of the discolouration of the light online, but it’s located in a cupboard out of view so I begrudgingly put up with it.

From top to Bottom
1. Denon AV Receiver
2. USG Pro 4
3. Cloud Key Gen 2 with rack mount
4. US 24 150W POE
5. 1u Cable management Finger
6. Keystone Patch Panel
7. Sky Q
8. PS4
9. CCTV DVR - 4 external cameras
10. Virgin Media Hub / Hue Bridge / Synology DS918+ (x3 12TB ironwolf HDD)
11. Harmony Hub / Apple TV 4 / Nvidia Shield
12. USB hub / tools / cables and misc intems.

I really should have went for a rack mounted NAS like you however I bought the DS918+ before the rack.

I moved from a Netgear Nighthawk to x2 NanoHD AP on each level of the house and it’s been rock solid, I can’t comment on the difference from the original USG as I haven’t used it, I do know that the USG Pro 4 has a higher throughout, I pay £39 pcm for virgin vivid 350mb (with 500mb available in my area but at twice the price £99pcm) so I wanted as much to be utilisable as possible - speed test and the Ubiquiti WiFiman app put my iPhone X Max at 278mb connection in any room of my home and wired to the router I can reach speeds of up to 380mbs when not using a VPN.

Over the past couple of days I have been trying to get my head around vLANs and I’m self teaching myself via YouTube and the forumns, it’s a minefield with LAN / IoT devices and NoT devices and there interconnectivity - add Alexa to the mix and I’m pulling my hair out some days lol.

What is your home setup like, similar situation to mine ?
 

Scott28

Active Member
@Markr123 & @mickevh Here is a list of my VLAN rules, from the photos you have posted and posts I have read I can say with a high degree of certainty your networking knowledge is far superior than mine.

Just a quick question, what do you think?
Or would you need further information?
2BC56608-7BCC-4550-845F-7E9DAFE1FD68.png

FF14251D-D7FA-4F5A-B44B-35CAC6AE0CB4.png
 

mickevh

Distinguished Member
I don't know your equipment, but in general when creating any kind of IT security infrastructure we adopt the posture of "deny by default and allow by exception."

So one starts out with a rules list with nothing in it apart from maybe a "catch all" that denies everything (nomenclature varies a bit across platforms - some may need you to explicitlt code a deny all catchall, some may do so by default.) Then we gradually add in rules to permit what we want. Thusly we end up with a set of rules coded to mostly "permit" stuff with relatively few, if any, rules to "deny" things as that is the default action.

A lot of platforms process rules in some kind of ranked order and - this is the important bit - as soon as a rule is encountered that "hits," no further rules are evaluated, even if there is something that's a better match further down the list. You'll need to check your platforms manuals to see if it works in this way.

So, for example, if I had some rules (evaluated top to bottom...)

send all traffic from washing machine to mars
send all traffic from internal network to venus
send all traffic from dish washer to mercury
drop all traffic

... the bottom two rules never do anything as the second rule is catching everything from my internal network.

"Out of the box" most SOHO firewall tend to allow everything out and nothing in. Some SOHO kit doesn't even have the facility to stop stuff going out. If yours does, you could adopt the same process of blocking all outbound then gradually open things up as you discover what is needed. Though this will likely elicit a marked downturn in domestic harmony as the Internet stops working and you have to figure out what outbound ports to open up.
 
Last edited:

Markr123

Active Member
@Scott28 re What is your home setup like, similar situation to mine ?

I had a 1u fan tray like you but removed as most of my kit vents front to back. I do however .have intake and exhaust bottom to top respectively.
Cabinet 1 in the house as pictured (aside from the obvious patch panels includes...

> Ubiquiti PoE switch supplying x3 AP pro’s. Will feed more AP’s and hikvision cameras in the near future.
> x2 Netgear managed switches. One has x2 fibre cables with link aggregation running to a detached garage
> Draytek router (using BT broadband)
> Self built freenas box with x3 hotswap WD Red drives
> x3 Dell Poweredge servers. One running domain controller, the other 2 running VMware. Use these to “try” and keep my skills sharp on several technologies I work with. A nice sandbox away from main kit.
> Sonos Connect feeding one of 6 zones across the house.
> Mac mini linked to NAS for iTunes library serving music and films to ATV in living room.

My other cabinet in the garage has another Netgear managed switch (linked to the house via the x2 fibre links. This is home to Synology NAS, cloud key, 2nd hue hub, HomeKit homebridge, AP Pro, amongst other things.

Re vLAN, It can get complicated quickly especially with rules relating to IoT devices and handling this across managed switches and mixes of kit. You can quickly generate issues. E.g. your iPhone no longer sees a sonos speaker or a CCTV camera cannot be viewed. I think @mickevh summarised nicely with “deny by default and allow by exception”. It’s something I am still working on. I tend to keep my CCTV and NAS only accessible via my VPN to the router. I still have more to do in this area.

Hope this helps.
 

mickevh

Distinguished Member
I wonder if it may be of some use if we get into what is and is not a VLAN. For example, a set of firewall rules that asserts some behaviour over a particular group of devices is not in and of itself a "VLAN."

If you want to get into this more, we can do.
 
Last edited:

ChuckMountain

Distinguished Member
How are you finding the Unifi USG Pro 4 and switch in terms of both use and noise?

I am just in the process of redoing some of my network and I need to add a couple more network devices in. I need around 35 ports or so which would suggest that I need a 48port so was looking a the Unifi one as well as upgrading my router.

Originally I was going to segment everything onto multiple VLANs as I can do with my original equipment. However stuff that is controlled by apps on my phone on the local network needs to be able to reached in some cases from the phone rather than just via the net. I found it quite cumbersome in some cases to get this to work so reverted to two VLANs with 3 SSIDs, one core, one infra and one guest.

Should really post pictures up of mine but its in an in between state at the moment.

The other challenge I have is that just upgraded to Virgin Gig1 and whilst the service will apparently hit 1.1Gbps, in reality, it is not there yet and limited to 1Gbps per port which will be around 930Mbps line speed [Nice problem to have ;)] . So if I have it in modem only mode then I lose 15% or so so wonder if can dual wan it with regular hub mode to get the full bandwidth in my network.
 

mickevh

Distinguished Member
T...if I have it in modem only mode then I lose 15% or so so wonder if can dual wan it with regular hub mode to get the full bandwidth in my network.
It might be worth checking whether you router has the grunt to route the required throughput and see if you are loosing it there. Most decent kit cites the routing throughput in the datasheet.
 

ChuckMountain

Distinguished Member
It might be worth checking whether you router has the grunt to route the required throughput and see if you are loosing it there. Most decent kit cites the routing throughput in the datasheet.
Thanks, the router an Linksys LRT224 has supposed to 900Mbps throughput which I know isn’t quite up there but should be ok. Probably will find it is a lower number now :). I disabled all the firewall and additional stuff but it made very little difference.

I did have a mess about last night and did find the following. (Tests with speedtest.net to TNP Manchester, not necessarily the best but trying to be consistent)

1) My cabling either CAT5e or CAT6 did not make a difference, which when working correctly would be expected however given a few recent posts and swapping cables I double check
2) My main managed switch is ok
3) The Linksys is definitely a bottleneck at maxes at around 700Mbps ish depending on the client
4) Main desktop client struggles when connected directly to Super Hub 4 to get past 750Mbps (tried jumbo frames, safe mode, firewall off). It is not CPU bound and sits at around 25% individual core usage (i7 5820k @ 4.4GHz). The Intel Ethernet builtin NIC would seem to be the limiting factor but it can quite happily do iPerf at 930Mbps between that and main server
5) A new Lenovo P52 Laptop with an i7 maxes out at 550Mbps when corrected directly to SH4, this is supposed to be a dev machine but that was tried on battery though Energy Saver set to Max Power. Need to try again with mains power.
6) A MacBook Pro via Thunderbolt into a dock will run at around 930Mbps when connected directly to the Hub

In conclusion it would seem that speed tests do max out some of my NICs quite easily and that requires further investigation but it would appear that the SH4 is working at around the advertised speed.

The question I have now is how I go and obtain that in my network as to make the most of it I need to have two gigabit ports connected to the SH4 hence wondering if the USG4 would have the right throughput to supply it when using link aggregation back to main switch.
 

mickevh

Distinguished Member
Link Aggregation normally won't be the magic wand: The rules of LA's mean that they must not introduce out of order packet delivery across the LA channel and almost invariable that means all packets for any given pair of peers goes down the same physical link in the LA. IE - it doesn't A/B the traffic across the available physical links to "boost" throughput. So for any given single pair of endstations, it's exactly the same as a none LA link. Where you get the performance boost with LA, is in servicing multiple pairs concurrently up to the number of physical links in the LA channel. (and some fault tolerance.)

One way you might check out the NIC's and switches locally would be to test them with iPerf or NETIO which takes the routing engine and ISP link out the equation. That'll tend to prove/disprove whether your router and/or ISP link is culpable and give you some "baseline" for the performance of all your local stuff (laptops, Macs, switches, etc.)

One shouldn't really use JF's unless your entire LAN can support them - it potentially gives issues with large broadcast packets that are unable to be read by non-JF clients and infrastructure. It could also potentially make you ISP link worse if the router has got to fragment the packets into smaller ones for onward transmission up the ISP link.

When sizing router routing performance, we tend to expect real world to yield less that the stated performance as the spec's cited are something or a "nominal" figure - there's a lot of real world variance due to packet size mix, traffic mixes, interface types, yada, yada. When sizing a router throughput, if say, we need throughput X we'd want to look for a router with a healthy margin over and above what's required to give us a bit of headroom.
 

ChuckMountain

Distinguished Member
Yes get it re LA however it isn't it a case of wanting a single faster overall connection but wanting to be able to use the 1.1Gbps that I get on my Internet connection across multiple clients.

I am trying to work out the best way of doing that whilst still being able to provision at least two VLANs and not have multiple smaller switches which then means LAN traffic goes through the Super Hub 4.

On testing Speedtest seems to max out something as iPerf is fine :(

JFs are enabled on my switches to allow amongst other Sky Q\Mini to work which is\was a known issue on managed switches.
 

Kristian

Well-known Member
If you think those cabinets need tidying up then I hope you never visit any of my sites :laugh:. There's nothing wrong with your cabs. Spend the time doing something more enjoyable... :)
 

mickevh

Distinguished Member
Is your SH4 VLAN capable..? If not I guess you'll need "something else" to route between the VLAN's (if you have need for an inter-VLAN traffic) and/or the ISP link.

It's years since I did it, but I never had any trouble running VLAN's over LA's. From memory the way one enacts it varies amongst vendors: Either one creates the LA from the physical links and gets a kind of "virtual" interface (swicth port) each end, then bind the VLAN's to such "virtual" LA endpoints, or one does it "the other way around" and binds the VLAN's to the physical ports ("trunk" ports) of the soon-to-be LA, then bind the physical interfaces into the LA. IIRC some kit essentially "ignores" the "secondary" ports when you bind up an LA and clones the VLAN participation (and trunk/hybrid/simple) state from the "first" port in the group however that may be defined. I guess some RTM is required.

On my trunked (VLAN carrying) links, LA or not, I prefer not to have any "untagged" traffic so all traffic across the trunk bears a VLAN tag, but I know some kit insists on there being an untagged VLAN bound to a trunk (such as PVID.) I used to create a "dummy" VLAN (a "black hole") VLAN for the untagged traffic so in effect it all got dropped and I only had to onward direct tagged traffic. Thusly I can always be 100% certain I never got any traffic on the "wrong" VLAN: at the ingress on any trunked port into any switch (or router) - if traffic is tagged, I know where it came from, if it's untagged, I shouldn't be receiving it in the first place so I just drop it.

I've never had my hands on one, but I rather like the concept in a lot of modern (enterprise) routers that they can support VLAN's so one no longer needs a separate physical interface for each VLAN one wants to route between. One just creates a whacking great trunked LA with sufficient physical links to avail redundancy and capacity, then in the "software" of the router, break out the physical link into multiple "virtual" interfaces, one for each subnet, then route/firewall/ACL etc between the vitrual interfaces (subnets) as one did traditionally.

I used to do something similar in a laptop for testing/diagnostics - a lot of OS's and endstation NIC's are now VLAN aware/capable. So my (Windows) laptop would have a load of virtual NIC's bound to the physical NIC - one for each subnet I might be interested in, (without any routing between them,) using static IP addresses so I don't have to "worry" about DHCP complicating things, then I used to create a "test/diagnostic" port on my switch carrying all the VLAN's I might be interested in. Whence fiddling with things or problem solving, I connect up my lappy to this "diagnostic" port, thence open up loads of CMD windows and continuous ping things on each subnet so I can keep an eye on it and make sure I've not killed the network whilst I'm fiddling with the plumbing (physical or config) elsewhere. Perhaps you might find that a useful tool.
 
Last edited:

ChuckMountain

Distinguished Member
It currently works with a couple of vlans and routing via the linksys. That is now the bottleneck so does need an upgrade. Don’t think the SH4 supports VLANs and certainly there is no way of specifying them.

The only current LA I have is between main switch and server at mo.
 

mickevh

Distinguished Member
It currently works with a couple of vlans and routing via the linksys. That is now the bottleneck so does need an upgrade. Don’t think the SH4 supports VLANs and certainly there is no way of specifying them.
Yeah - I guess no-one is surprised that's the case in a cheap ISP router. :) Some of the after market and pro-sumer kit from the likes of ASUS, Draytek, et al maybe does, but it's something one would be "shopping for" if one needed it rather that "just assuming" it'd be there.
 
Last edited:

Similar threads

Trending threads

Top Bottom