With a combination of Steve Gibson 's explanation and PadreSJ came up with this configuration

[G+_Rud Dog]

With a combination of Steve Gibson's explanation and PadreSJ came up with this configuration. There are some additional questions and statements.

1) First off the root router should be your best or junk drawer router?

2) If you select the best router then you loose the high speed wireless right? ( The best router had both 2 and 5 GHz)

3) Are all the LAN ports on the routers 1Gb speed or do the older routers

run at 100Gbs?

[G+_Ben Reese]

Most older routers will be 100 Mbps only. If you have cable or fiber Internet and get faster than that, you'll probably want a root router with gigabit - unless you just don't care about the extra speed.

 

You don't want a root router that has known vulnerabilities exploitable from the WAN side. You may end up with a public facing router that's under control of hackers. Probably anything running DD-WRT would be a good option.

[G+_Rud Dog]

Ben Reese yeah that was one of my other questions but unfortunately the dog barking distracted and dropped da questions from the queue.

Routers 2 and 3 would if possible be updated.

[G+_Michael Artelle]

From my experience working in IT, you generally want the most basic router (but not too basic to the point where it's a bottleneck) as your root router (preferably with Gbit Ports) as it will reduce the attack vectors, and you want to flash either DD-WRT or OpenWRT on it. The other 2 routers can be your more feature rich ones.

 

At home for instance, I have a fiber connection, but I can't use any other device other than my ISP's provided gateway/router (as I have their IPTV service too). So I rigged my up network as follows (should note that I rely on wifi primarily as my fiber entry point is in the basement. I can't run Cat6 through the house as it's brand new and I don't want to start breaking open walls):

 

ISP Gateway (WiFi Disabled, USB Disabled, DLNA/UPnP Disabled, Gbit Interface)

- LAN 1 > IPTV WAP (as it uses some proprietary VLAN setup in conjuction with the gateway, and yes, I have wireless TV boxes + DVR)

- LAN 2 > Vacant

- LAN 3 > ASUS RT-N16 (DD-WRT)

>> Wi-Fi (2.4 Ghz N) >  1. Android Streaming box

                                      2. PS4

                                      3. 2 Laptops + 1 Desktop + 1 Surface Pro 2

                                      4. Bluray Player

                                      5. 3 Smartphones

>> LAN 1 > NAS/VPN Server (Port Forwarded) - Synology 5 bay unit (just purchased).

>> LAN 2, 3, 4 > Vacant

- LAN 4 > TP-LINK N300 TL-WR841N (DD-WRT)

>> WiFi (2.4Ghz N) > 1. 6 IP Cameras (VLANed so that they don't talk to the internet, only see the Network DVR)

>> LAN 1 & 2 > Network DVR (Has dual LAN ports, one vlanned with the cameras, the other used to access it remotely)

>> LAN 3 > WD MyBook 2TB NAS (used by the DVR to archive content older than 30 days)

>> LAN 4 > Vacant

[G+_Steve Martin]

First of all, some of the older routers actually have 10MBps speeds on the WAN side. Lots of people who aren't aware of this because the LAN switch in the router gives 100MBps on the internal network. I think this might have been one big gotcha that Steve G. forgot about.

 

So if you are connecting these over the WAN ports, then that will be a big bottleneck. Even 100MBps would be a drop in speed for some broadband users. So you want the highest speed you can get on these routers all the way. The exception could be on the IoT network. Those devices typically don't need much speed. I'm assuming that none of those are video streaming devices. Obviously you want the best speed you can get there.

 

Stacking routers like this has a couple of other big downsides:

 

Double NAT. You may have to do some very tricky port forwarding if you want to use Remote VPN or SSH tunneling into your network. This was one of my biggest problems with the Comcast router for their voice and home security products. They place their router between the modem and your router and you can't modify their port forwarding as they don't give you the keys to their routers.

 

Latency. This won't be a big problem for most applications, but twitch gamers in particular hate any kind of latency, and adding latency to the link will be a big downside. You can get around this by placing any gaming machine on the Root router's network, but that defeats some of the security of this setup.

 

Frankly, unless your needs are very limited and bandwidth/latency don't matter to you, I'd recommend against this configuration. A high end router with the ability to create virtual lans (VLANS) is probably the best way to do this with the least amount of downside.

[G+_Rud Dog]

No they run on mostly 2 Ghz wireless

[G+_Jason howe]

I generally go for 192.168.0.1 , 192.168.1.1, 192.168.2.1 so on and so forth, mind you these access addresses only , your actual dhcp ip will come from the primary dhcp server..

 

0.2/24, 0.3/24, 0.4/24 0.5/24 so on and so forth..

 

It will probably be better if you actually start migration to network switches rather than 4 port routers, as they will handle servers and your gear a lot better..

 

You are likely bottlenecking with the routers in question...

[G+_Rud Dog]

Jason howe Thank you, as for DHCP if I understand correctly, should be turned off on all routers in this configuration. 

Can you explain the bottlenecking as this was one of my concerns and have limited understanding of how this would affect traffic.

Switches would be great but the only way to achieve my goal would be if they incorporated VLAN and are costly, right?

[G+_Rud Dog]

Steve Martin didn't see your post completely for what ever reason. Finished reading it in its entirety found it very interesting. Now for a re-read:)

[G+_Jason howe]

I would say your bottle neck is likely going to be the routers LAN to wan function you could likely mitigate this with going proper network switches to relay the connection..

As most router I find have limitations of the wan aggregation...

 

I'm not sure what you are trying to achieve though as far as ive seen there's only 1 company I have seen that has a wan only feature where you can turns off the the dhcp client is linksys..

 

Not sure of wan capacity of routers the support both ADSL and wan function onboard, personally if I was going to do this on a router I would be using 1 brand a service outlet rather than using multiple brands..

Whilst the router might have LAN ports at 1 gb speeds doesn't mean the wan port the support that feature some may default to 10 or 100 Mbps per connection ..

 

Yes regarding your question on the LAN side of the network as for WLAN (wireless) that will be a hard question to answer depends on the router firmware to what cab done.

[G+_Rud Dog]

Jason howe New question, are WAN ports able to be set to static or dynamic settings?

Just looked at my router settings and the WAN IP address is assigned by my ISP  and don't see a way to select static. 

hmm

[G+_Steve Martin]

Rud DogI guess it depends on your router. My Cisco router allows me to select the Internet (WAN) configuration method, including Static IP. YMMV

[G+_Jason Marsh]

I haven't seen a router yet that won't let you set a static IP for the WAN, but that's generally useful only if your ISP is providing a static IP. On routers #2 and #3, though, you may want to set static.

 

I haven't seen a router in the last ten years that is only 10Mb on the WAN side, but you still want to make sure that the WAN ports on your routers are at least capable of handling what you're getting from your ISP.

 

You'll need DHCP enabled on all three or you'll have to manually assign IP addresses to all devices on the networks that have it disabled. That could be problematic for guest devices. Where you'd want DHCP disabled is if you're putting multiple routers on a single net. In the 3DR setup, each of the three routers is hosting a unique net, with #2 and #3 getting their WAN IP from the DHCP sever of #1. You could, though, disable DHCP on the LAN of router #1, and set static WAN IP on the other two.

 

Which router to use for #1; I'd suggest your most securable router. If that's the one with the best WiFi radios, then it's a judgement call on what you value more and what you're really likely to see in terms of an attack. Since you'll be turning off the WLAN on router 1, it'd be a shame to have the best radios you have sit unused.

[G+_Jason howe]

Unless you buy a block of 4 ip's from your ISP you never will get a static IP address you will always get dynamic ip addy from your ISP

 

Though your LAN ip addy can be locked down pending on the routers firmware to whether it could be done or not...