Beginner's Router Setup for Openhab with More than 150 devices

Hi
I have some experience with basic home networking and openhab (openhabian on a RPi) but looking for a beginner’s guide to setup more than 150 devices in a home. Some wired, but most wireless. I have no problem setting up Openhab and reserving ip addresses on my router - and also no problem using a second router in Access Point mode. My challenge lies in the number of IP address reservations I would need.

I am looking to install a relatively large number of devices on a home network in a new home build. Mostly Shelly devices (or similar, using http) for power monitoring and switching power sockets on and off. I can see that the number of devices I wish to have installed (counted together with a decent buffer of spares for visiting mobile devices - family cellphones for example for which we also want reserved IPs for various presence-detection triggers) will exceed the number of reserved IP addresses which my router will allow.

Since these devices are spread over a large area, I would need several wifi routers in any event. My starting assumption is that these would all need to be in access point mode and rely on a main router to allocate IP addresses across the whole network. This is fine if the main router can handle several hundred addresses. Mine can’t.

Couple of practical questions:

1. Is there a single router I can buy (as the “main router” with DHCP turned on) which will allow say, 300-500 devices? Which brands would folks suggest? Probably by far the simplest solution if the price is not excessive.

2. if this can’t be achieved with a single router, is there a means to set up several routers, each allocating its own IP addresses, with openhab working smoothly across them … Is this a subnetting question (?) - and does Openhab work in such scenarios (being on a Pi connected to one of the routers)?. If this is the path I should pursue, then is there an easy way to do it (step-by-step guide for a beginner would be ideal - let’s target 500 devices). I have looked at subnetting articles on the internet but these take me quite out of my depth quite fast - and none (understandably - since not on this forum) include an explanation of whether Openhab could even be made to work in such a configuration.

Would anyone be able to offer guidance on this question? Many thanks in advance!

When you’re talking about hundreds of devices you will usually stop talking about consumer routers and such and go directly to enterprise gear.
For example, the ASUS routers that I’ve tinkered with all had a 64 device limit on the dhcp static ip list so that’s a problem right there. You could hypothetically use pihole to bypass that though.
I’d probably just dump a bunch of access point around and spread the load between all of them.

First off I’ll state that I am far from an expert on this topic and no doubt some people with more knowledge will jump in soon. I have been shopping at doing at upgrade to my system so I can offer some hopefully helpful advice.

If you do not go for a certain level of router, then you will loose connectivity when you switch from 1 router/acess point to the next. For example if you are watching a video stream and move around your house on a tablet you can loose connection as it moves from 1 wifi point to the next. This may not be something you care about, if it is you need to research what gear can do it and most likely it will mean sticking to a single brands eco system.

The other thing to consider is SUBNET and VLAN support, if you stick with consumer level gear you may not get these features and want them later on, your already mentioning subnets but consider vlan support on your wish list as well.

1. You really could get more by just creating your own DHCP server on a PI that perhaps runs pihole to block ads as well if its only about more DHCP capability, but your already talking about the other stuff that pro/enterprise level gear gives. Take a look at Mikrotik they have some devices that have advanced features for as little as $70 and there is an openHAB binding for their routerOS. Another device to consider if you want to take on the Unifi/ubiquiti range is the Dream Machine, its an all in one which can be kept and expanded and will scan your traffic looking for breaches in security. You can also go the roll your own direction and get this active scanning of traffic. Look up OPNsense (wiregaurd VPN support) or the other branch called pfSense (no wiregaurd?). You will need to research if these are suitable, but hopefully they provide a direction for you to look in. There are plenty of second hand routers you can look into as well, but there will be a reason why they are getting sold as some may draw a lot of power compared to newer devices or they may be 10/100 only and not gigabit speeds.

2. Yes its difficult to take the step from consumer to pro level gear. Yes openHAB can work in a VLAN enviroment it is just like any other network device.

If you choose a firewall device with only 1 network port on it, then you need to buy a MANAGED SWITCH to split up which ports are on each VLAN if my understanding is correct. If you buy a model with multiple network ports, you do not need to buy managed switches, but then the whole switch (all ports) must be used for that single VLAN. Interested to hear which way you choose to go.

So the answer to your first question
… Is this a subnetting question (?) -
short answer is yes if you really want all 500 devices accessible and be able to support multicasting.
basically you would be creating a Class B network
a /23 CIDR meaning a mask of 255.255.254.0 would give you a range of 512 ip’s on the same subnet with 510 usable.
so you would need a device that is flexible enough to support that configuration as most off the shelf consumer grade devices will not.
Now if you want to run a OS then yes you could install many flavors of server Linux or winders can do it. They both have dhcp ability with limitless reserve ip ability’s and it will not limit from your connectivity from that perspective.
As was mentioned you could even pull down something like PFSense and get a Firewall and yes it also supports Wire Guard and OpenVPN as well…
But the real choke point is not the network IP range or DHCP reserve configuration.
What I see as your biggest challenge the number of wireless devices unless you go with a High dollar access point like what is used in most commercial installations you are going to hit limits for wireless and the bandwidth constraints that offers you.
As for the use of VLANs unless you need the isolation they offer it is not going to do much more then complicate things.
This link will help you with understanding subnetting.

but basically

IP Address:	192.168.0.0
Network Address:	192.168.0.0
Usable Host IP Range:	192.168.0.1 - 192.168.1.254
Broadcast Address:	192.168.1.255
Total Number of Hosts:	512
Number of Usable Hosts:	510
Subnet Mask:	255.255.254.0
Wildcard Mask:	0.0.1.255
Binary Subnet Mask:	11111111.11111111.11111110.00000000
IP Class:	B
CIDR Notation:	/23
IP Type:	Private
 
Short:	192.168.0.0 /23
Binary ID:	11000000101010000000000000000000
Integer ID:	3232235520
Hex ID:	0xc0a80000
in-addr.arpa:	0.0.168.192.in-addr.arpa
IPv4 Mapped Address:	::ffff:c0a8.00
6to4 Prefix:	2002:c0a8.00::/48

would allow all your devices to see each other seamlessly

There has already been mention here for PFsense - I would concur that it is an extremely configurable, and robust open Source firewall solution. And it can definitely handle what you state in terms of DCHP scope management. But that’s probably where it ends… While its GUI based, it’s not a beginners solution - Nothing in this category really is - It assumes underlying knowledge of what you are trying to achieve.

In my situation, I have OpenHAB on an isolated network, connected to the PFsense firewall. I run a trunked vLAN to a NetGear switch. These vLAN’s include ones for:

• Main internal network
• Guest Network
• Automation Network
• Management Network
• Camera Network

Connected off the Netgear switch, are multiple Unifi AP’s, for which also extend the first 3 listed networks above, into individual wLAN’s. PFsense handles the DCHP for all these networks, and I use static DHCP mappings for most devices. Each network is a class-C address space.

So this means I keep all my automation devices segregated from general consumer devices, which probably gives me the illusion of security and reliability (e.g. mis-configured general consumer device not causing issues for my Automation devices) . Also with these devices being on a different network from OpenHAB server, it means I can explicitly open/control traffic between the controlled devices and OpenHAB. Of course the does come with the downside of limiting device discover-ability for bindings within OpenHAB, and also great pain for things using uPnP.

Whilst most of my automation devices are wired, I still have a number of wireless automation devices, but nowhere near the limits of the Unifi AP’s. There would be nothing stopping me running the above config with class-B addresses if I was in your situation (500 devices), BUT, I would be more likely to just add a further Automation network /wLAN (class-C address space), and group/segregate the devices across the 2 networks - each can handle 254 devices. (The unifi AP’s can handle up to 4 wLAN networks on one device).

But coming back to my first point - I have a (distant past) background in networking/firewalling, and the above (including the use of PFsense) has not been without its challenges in its setup. But once it its setup, it does just keep on running, without issue.

One poster has already mentioned using class B address spaces - If networking is not your thing, that’s probably the easiest approach for your situation. You can install a DCHP server daemon on a linux server, and maintain your static mappings on there, and all devices just sit in one network… Job done !! You will still need to get some decent AP’s which can handle the volume of devices you are talking about. Good luck.

Thank you very much for all for the replies!.

To give you a sense of my level of understanding: VLAN, Managed switches, Class B networks are already beyond my comfort zone, unfortunately. I would need a step by step guide which does not appear to be out there (nor am I asking anyone here to produce one as it would no doubt need to be highly tailored to what I want to achieve).

Can I possibly avoid the learning curve that these topics entail by going with Option 1 - getting a router which accepts a large number of DHCP reservations, then linking it with multiple access points? Does this group know of routers which would do this?

My understanding is that it can’t just be any router linked to the access points because without a subnet setup (since seems beyond me), there could only be one DHCP server, is that not right ? This DHCP server would have to have enough reservations to accommodate all the devices on the network (pls correct me).

From googling message boards I have found that TPLink TL-ER6120 may allow 512 reservations, though haven’t been able to confirm it. Has this community had experience with this or any other devices…

Bandwidth is not an issue as these devices would not all be transmitting simultaneously.

Much appreciated !!

You don’t need to jump right into complex setups, keep it simple to start with and just choose hardware that can handle things in the future should you want to go there later on. Guides exist for pfSense, and Mikrotik ones can be found here:
Buy MikroTik hAP Routers (category5.tv)

The link above has a video on how to do initial setup and also DHCP static assigning, so you can see it in use before you buy and you’ll learn some stuff if you watch the videos. I think the hEX S is the model that I would buy and then add on a wifi access point or use your existing gear which you already wrote you can turn it into a AP.

That is a hard one to answer without working for the company your purchasing from. I believe it is the amount of RAM that the device has that can limit how many DHCP or firewall rules you can create. So it may not be a straight forward yes or no answer as you may get less static DHCP rules, the more you create firewall rules and other stuff that chews up the ram. An advantage of using a cheap Mikrotik model now, you can always move to a higher end one later and not re-learn the UI. I would not get a TP Link as you would already be at the top end model with no where else to go and the power of the firewall rules would not come close to what is in the Mikrotik plus you get an openHAB binding that can talk to the routerOS. If you wanted to spend more and get more ram, then look at pfsense/OPNsense solutions.

Also you do not need to use the DHCP server to fix a IP, some devices allow you to set a static IP directly in the device and not use DHCP on a device by device basis. Just make sure you set those IP’s to ones that the DHCP is not using in its pool, this is explained in the video in the links above. Also as mentioned you can setup a DHCP server on a PI with say pihole and have it anywhere on your network, it does not need to be in your router. However getting a better router that has a decent and flexible firewall is something worth doing.

I would need a step by step guide which does not appear to be out there (nor am I asking anyone here to produce one as it would no doubt need to be highly tailored to what I want to achieve).

Fair point, but I can give you a generic approach which may be of use - You will just need to adapt it to your situation. The following points are in order of execution:

• Select a ‘Private’ network address to use.
  • For arguments sake, I will use 10.100.0.0 with a class B network mask applied (/16 or 255.255.0.0 depending on the notation in your devices) for the following example.
  • The key is to select a network which is in the reserved private space - These do not appear on the Internet anywhere, so will not cause issues for you to use. The above meets that criteria.
  • My assumption is that the above address is different from what you are currently using (e.g. this may currently be 192.168.(0-1).x, or 10.(0-1).x.x, two fairly common default networks in consumer routers)
• Start configuring key devices which already have Static IP addresses assigned:
  • Use addresses like 10.100.0.(3-240), with a default gateway of 10.100.0.1. The mask is as per above, and the notation varies based on device). When you reach 10.100.0.240, you can move on to 10.100.1.(1-240), and so-on. (I wont elaborate on reasons I don’t go up to 254, but it is ok in most networks TBH)
  • I would guess your openHAB server would fit in this category as well (having a static address). If you use this to install a DCHP server on there, this must have a static address going forwards.
  • Leave the PC you are making the changes from (connecting to the devices on the existing network addresses) until you have completed the steps below. When a device has had its network address changed, you won’t be able to talk to it until you reconfigure this PC. Likewise, if you reconfigure it too soon.
  • Preferably the PC is on a wired connection - Don’t know what AP’s are, but you will probably need to reconfigure them before you change your PC settings (unless they are DHCP)
• The second to last device I would touch, would be your router:
  • Disable DHCP on your router (It probably would complain if you had a DHCP scope for a network which its interface is no longer within anyway). If you don’t do this step, you could get addresses issued by either the Router, or your new DHCP device.
  • Set it’s internal network interface to be IP address 10.100.0.1 /16 (or 255.255.0.0)
  • Restart it (you wont be able to connect to it from here)
• Now finally set the PC to a static address in the new network. Say 10.100.0.2 (I left a gap above in th address range for this !!), with a default gateway of 10.100.0.1
• Do some testing at this point. Check you can connect to the router from your PC, and out to the internet. Test connectivity to your other static devices.
• At this point you would be ready to move onto your DHCP for the new network range:
  • You wont be able to connect to any of your DCHP devices at this stage from the PC - That’s expected
  • Either setup DHCP on your fancy new router which can handle the number of addresses you seek
  • Or look to setup DHCP on another existing device, such as your OpenHAB server. There were some mentions made above of options, but you could also look at dhcpd. The config for your site may look something like:

subnet 10.100.0.0 netmask 255.255.0.0 {
range 10.100.50.1 10.100.50.240;
range 10.100.51.1 10.100.51.240;
range 10.100.52.1 10.100.52.240;
range 10.100.53.1 10.100.53.240;
option routers 10.100.0.1;
option domain-name-servers 10.100.0.1;
}

• The above assumes your router also acts as your DNS forwarder - if not, replace the DNS server config on the bottom line with that of your ISP.
• The above config already gives you over 900 DHCP addresses. It also means you have 10.100.(0-49).(1-240) reserved for static/fixed addresses (12000 addresses). Make sure all your fixed IP addresses are configured in this range, and your DHCP static mappings above this range.
• Check out A Step-by-Step Guide to Set up a DHCP Server on Ubuntu - LinuxForDevices for a bit of a guide of setting this up, but use google to find a DHCP server which suits your needs & O/S.
• There is some other pre-amble also need in the conf file too - The above guide covers this.
• At this point you can also start adding the static DCHP mappings, where required. Hopefully you took a copy of the MAC address list for any static mappings in your current router. The above guide tells you how to do this for this particular DCHP server option
• Reboot your DHCP devices, and check you can connect, and the DHCP static mappings work as expected (where configured).

Rolling back (if necessary) would require your to keep your PC on the ‘new’ network adddress, until you have reverted all the static addresses, then reconfigured the router (including turning back on DHCP on there). Don’t forget to turn off the DHCP on your new device. And take note of all your current settings etc before you change them - It will prove invaluable if you need to do this unfortunate step!!

I don’t know your specific network environment/devices, so the above is generic as hell advice, with plenty of places where the wheels could come off . Google will be your friend as you move through the different devices, and try to figure how to change their settings.

Hope this helps.

I’m curious why

Glen may have his own reasons but I have always reserved the upper range to be able to have a subnet with in a subnet in case of some unforeseen temp changes like mirroring a port and having a sniffer on it and it needing a static IP so as a CNE you always leave some wiggle room and limit your dhcp pool or as permanent available static IP’s to avoid those ranges and you are less likely to have conflicts during a triage session as one example, I may need to implement a subnet with a mask CIDR of /28 or a mask of 255.255.255.240 will allow me to use a ip range of x.x.x.240 to x.x.x.255 with x.x.x.240 as the network address and x.x.x.255 as the broadcast address thus leaving me x.x.x.241 up to x.x.x254 as usable addresses and still be able coexist. one other reason in one job I had the company insisted all network devices reside above .240 so when they did discovery or flash firmware updates it was a smaller pool to poll through.
One other note I mention to the OP @Mark111

That is not a true statement for many reasons
think about just the polling alone that OpenHab does checking for state changes.
and keep alive responses.
A device connected wirelessly is still going to consume network resources (how much depends on how chatty that device is) certain protocols are much noisier than others. And there is still a limit to the amount of bandwidth each wireless channel is able to provide in that channel’s spectrum.
One last item I will mention is huge single subnet networks are very susceptible to network congestion and bottlenecks as a single super chatty device will impact all other devices on that subnet if it goes into some kind of obscene polling state flooding your entire network with requests. Then to isolate you are stuck trying to figure out which one of the “500” devices is causing your issue. That is a real troubleshooting headache.
One last thought/comment is this.
A good DHCP solution whatever you decide that to be can handle doing a whole lot more than just handing out and managing/reserving IP addresses. google DHCP options two that I find very useful is option 42 and option 121 those 2 alone make life so much easier when adding and removing devices from my network.

Do normal clients e.g. OSX, Windows utilise option 42 (NTP)? How about IOTs such as Google Nest, Echo, Tasmota, etc? I didn’t know of this DHCP option and have always set the NTP manually on the clients.

Hi
as I recall Windows does in non Active Directory configurations. When domain joined obviously you sync to a DC there so that your Kerberos tickets are valid. In fact on many MSFT docs sites it states it is the preferred method if it is not a domain joined Server or Workstation.
quick google linked this

Of course if you are running your own NTP server and it syncs to a stratus 1 or 2 level time server your PDC is syncing to your NTP server and you advertise your NTP server with DHCP the likelihood of having the bounce that article implies is slim to none.
Most any Linux flavor does as for IOT devices I guess that all depends on how its kernel was compiled. As for OSX it used to be but could not tell you if it still is these days It’s mainly used it for VOIP phones a lot and also for some network devices like APC battery back up network cards and of course any device that is DHCP options aware can still accept its offers. There are some folks that fear DHCP and talk about some of the security weaknesses all over the internet but if something has gotten so deep into your network it has taken over DHCP acks you got much bigger issues then a spoofed time server honestly.

Well the reason I didn’t elaborate, was to keep a complex topic as simple as possible (and possibly failed? ). Without diving into the history & the issues behind why I started doing this (but it was NOT in a home network, and was a long long while ago), as I state its something you would never see in a Domestic network (or probably any other network) these days.

But the reason I keep doing this practice, years down the track, is along the lines of what @justaoldman suggests. Why did I suggest it for each DHCP pool within a massive class-B range, or increment of the 3rd octet for the fixed addresses at 240? Because if the OP ever decides to split the network back into Class-C groups in future (if they find having 500+ devices in one broadcast domain is not that reliable or not easy to manage), they handily have 14 addresses reserved in each range for special devices/purposes.

Not a problem the OP has to worry about at present, but I try to think ahead a bit (and sometimes it pays off, sometimes it’s rework) !! I hope that satisfies your curiosity @JimT

Thanks for the explanation! Come to think of it I usually reserve the lower addresses, so only dish out .50 - .254, but wouldn’t hurt just to give out to 250 or even 240. I keep the lower ones .10-49 to static ips.