Network Architecture

Summary

The lab uses a two-switch split-plane architecture that mirrors professional broadcast facility design. The MikroTik CRS326-24G-2S+RM in the network rack serves as the primary switch for all non-PoE devices, handles PTP timing, and VLAN trunking over a 10G SFP+ uplink direct to the UDM Pro. The MikroTik CRS305-1G-4S+IN in the studio handles 10GbE media transport over SFP+. The two planes are physically separate.

The UDM Pro has two SFP+ ports used as peer uplinks: SFP+ 1 (10G) to the CRS326 for all workstations and kids PCs, SFP+ 2 (1G) to the USW-16-PoE for PoE-only devices (WiFi APs, Hue bridge, Raspberry Pi). The CRS326 handles 802.1Q VLAN trunking with four VLANs: Default (1, 192.168.1.0/24), IoT (3, 192.168.3.0/24), Family (4, 192.168.4.0/24), and Guest (99, 192.168.99.0/24). Each RJ45 port is an untagged access port on its assigned VLAN. Kids PCs are on the Family VLAN with filtered DNS and firewall rules managed by the UDM Pro.

Two physical locations are connected by a 10m OM3 LC-LC fiber run: SERVER-PC’s ConnectX-3 in the network rack connects to CRS305 SFP+ port 1 in the studio. Stream-PC and Game-PC connect to the CRS305 locally in the studio. The CRS305 media plane uses a dedicated isolated subnet (10.21.20.0/24) with static IPs and no gateway.

Timeline

• 2026-04-03: Initial design document created with isolated lab network concept.
• 2026-04-03: Switch research led to two-switch architecture decision.
• 2026-04-03: Architecture plan finalized — CRS326 (rack) + CRS305 (studio).
• 2026-04-03: Phase 1 network implementation plan written with step-by-step cabling and config.

Current State

Hardware ordered, pending delivery. Network architecture is fully designed. IP addressing scheme finalized:

Interface	IP	Subnet	Purpose
CRS305 management	10.21.20.1/24	Media	Switch mgmt
SERVER-PC ConnectX-3	10.21.20.10/24	Media	Media plane
Stream-PC RTL8127	10.21.20.20/24	Media	Media plane
Game-PC ConnectX-3	10.21.20.30/24	Media	Future
All onboard 1GbE	DHCP (192.168.x.x)	Production	Internet + PTP

Key Decisions

• 2026-04-03: Two-switch split-plane over single switch — better interview talking point (“mirrors large broadcast facility design”), both switches fanless, separates timing from media.
• 2026-04-03: CRS326 in rack, CRS305 in studio — minimizes fiber runs, keeps 10GbE local to studio PCs.
• 2026-04-03: Media subnet 10.21.20.0/24 — no gateway, isolated by design. Memorable for “2110” → “21.20”.
• 2026-04-13: Direct UDM Pro SFP+ 1 → CRS326 (10G trunk) instead of daisy-chaining through USW-16-PoE. UDM Pro has two SFP+ ports; USW-16-PoE only has 1G SFP (not SFP+), so it was a bottleneck.
• 2026-04-13: All non-PoE devices moved from USW-16-PoE to CRS326 — workstations, kids PCs, printer. USW-16-PoE becomes PoE-only (APs, Hue, Pi).
• 2026-04-13: CRS326 handles 802.1Q VLAN trunking to UDM Pro — preserves existing Family VLAN (4) with filtered DNS for kids PCs. Port-based VLAN assignment in RouterOS.

Experiments & Results

Experiment	Status	Finding	Source
10GbE throughput (iperf3)	Planned	Expecting ~9.4 Gbps	Phase 1 plan
Internet through CRS326 bridge	Planned	Should be transparent	Architecture doc
10GBASE-T SFP+ transceiver temp	Planned	Monitor, expect <80C	Hardware inventory

Gotchas & Known Issues

• CRS305 has no PTP support — it’s the media switch only. PTP runs through the CRS326.
• 10GBASE-T SFP+ transceivers run hot — monitor temperature on the CRS305.
• SFP+ DAC needed — short DAC between UDM Pro SFP+ 1 and CRS326 SFP+ p1.
• CRS326 default IP conflicts with CRS305 — both default to 192.168.88.1. Change CRS305 mgmt IP during setup.
• Enable VLAN filtering last — configuring VLAN filtering on the CRS326 bridge before setting up port/VLAN table entries will lock you out.
• Bridge must be tagged on VLAN 1 — required for management access to the CRS326 after VLAN filtering is enabled.
• USW-16-PoE has 1G SFP, not SFP+ — cannot do 10G. This is why the CRS326 connects directly to UDM Pro instead.

Open Questions

• What happens to internet throughput through the CRS326 bridge under PTP + media load?
• When 4 SFP+ ports on CRS305 aren’t enough, daisy-chain a second CRS305 or upgrade?
• Should the CRS326 get a static management IP on the production subnet for remote access?

Signal Feed (2026-04-16)

• VLAN architecture for Dante/production audio: community consensus favors converging Dante primary + control on the same VLAN (2 VLANs total, not 3) when switches are configured properly. twelfthfantasy (28pts) and _kitzy (23pts) both run converged and report fewer problems. Exception: DM7 mixers need separate VLANs for mixer control. Critical: Dante secondary must be on separate physical hardware (not just a separate VLAN on the same switch). Relevant for Phase C when adding Dante AVIO to CRS326. (source: r/livesound, https://reddit.com/r/livesound/comments/1skt4au/)
• Multi-protocol environments (Dante + Milan + Soundgrid + Ravenna) benefit from per-protocol VLANs. Onelouder (6pts) runs separate VLANs for each protocol in a Prodigy.MX setup. Not immediately relevant to this lab but good reference for future scaling. (source: r/livesound, https://reddit.com/r/livesound/comments/1skt4au/)

Sources

• ../../docs/hardware-inventory
• ../../docs/plans/2026-04-03-architecture
• ../../docs/plans/2026-04-03-phase1-network-implementation
• ../../docs/plans/2026-04-03-smpte-2110-lab-design