# Network

# Physical Layout

[![network-physical.png](https://bookstack.swigg.net/uploads/images/gallery/2021-03/scaled-1680-/network-physical.png)](https://bookstack.swigg.net/uploads/images/gallery/2021-03/network-physical.png)

# VLAN Segmentation

### VLAN 1 (LAN)

The primary home network for devices and services that don't need to be publically facing to the Internet.

<span class="vertical-table" id="bkmrk-name-lan-cidr-10.0.1"><table><thead><tr><th></th><th></th></tr></thead><tbody><tr><td>**Name**</td><td>LAN</td></tr><tr><td>**CIDR**</td><td>10.0.1.1/21</td></tr><tr><td>**Range**</td><td>10.0.0.1 - 10.0.7.254</td></tr></tbody></table>

</span>### VLAN 8 (DMZ)

A [DMZ](https://en.wikipedia.org/wiki/DMZ_%28computing%29) for devices and services that are meant to be exposed to the Internet.

<span class="vertical-table" id="bkmrk-name-dmz-cidr-10.0.8"><table><thead><tr><th></th><th></th></tr></thead><tbody><tr><td>**Name**</td><td>DMZ</td></tr><tr><td>**CIDR**</td><td>10.0.8.1/24</td></tr><tr><td>**Range**</td><td>10.0.8.1 - 10.0.8.254</td></tr></tbody></table>

</span>### VLAN 9 (WARP)

A network where all outbound traffic is routed through a [WireGuard VPN](https://www.wireguard.com/) to protect privacy.

<span class="vertical-table" id="bkmrk-name-warp-cidr-10.0."><table><thead><tr><th></th><th></th></tr></thead><tbody><tr><td>**Name**</td><td>WARP</td></tr><tr><td>**CIDR**</td><td>10.0.9.1/24</td></tr><tr><td>**Range**</td><td>10.0.9.1 - 10.0.9.254</td></tr></tbody></table>

</span>

# Subnet IP Ranges

### LAN (VLAN1)

[LAN](https://bookstack.swigg.net/link/74#bkmrk-vlan-1-%28lan%29) - The primary home network for devices and services that don't need to be publically facing to the Internet.

<table id="bkmrk-subnet-vlan-purpose-"><thead><tr><th>Subnet</th><th>VLAN</th><th>Purpose</th></tr></thead><tbody><tr><td>10.0.1.0/24</td><td>1</td><td>Network related infrastructure (dns server, router, switches, etc.)</td></tr><tr><td>10.0.2.0/28</td><td>1</td><td>WireGuard VPN clients tunneling into the network</td></tr><tr><td>10.0.3.0/24</td><td>1</td><td>Proxmox management port addresses</td></tr><tr><td>10.0.4.0/24</td><td>1</td><td>Static IP address assignments</td></tr><tr><td>10.0.5.0/24  
10.0.6.0/23</td><td>1</td><td>DHCP IP assignments</td></tr></tbody></table>

### DMZ (VLAN8)

[DMZ](https://bookstack.swigg.net/link/74#bkmrk-vlan-8-%28dmz%29) - A DMZ for devices and services that are meant to be exposed to the Internet.

<table id="bkmrk-subnet-vlan-purpose--0"><thead><tr><th>Subnet</th><th>VLAN</th><th>Purpose</th></tr></thead><tbody><tr><td>10.0.8.0/24</td><td>8</td><td>DHCP IP assignments</td></tr></tbody></table>

### WARP (VLAN9)

[WARP](https://bookstack.swigg.net/link/74#bkmrk-vlan-9-%28warp%29) - A network where all outbound traffic is routed through a WireGuard VPN to protect privacy.

<table id="bkmrk-subnet-vlan-purpose--1"><thead><tr><th>Subnet</th><th>VLAN</th><th>Purpose</th></tr></thead><tbody><tr><td>10.0.9.0/24</td><td>9</td><td>DHCP IP assignments</td></tr></tbody></table>