Our home is “network segmented” (i.e.: have separate subnets/VLANs for Guest, Multimedia, Kids, etc.) with a firewall that allows for fine-grained network control across different subnets/vlans. As I’m just getting started with the home automation, I was thinking of creating another subnet for home automation related devices. Although network communication across different subnets (including the newly created subnet for home automation related devices) is not an issue, I am wondering how the Integration & Discovery of Home Automation devices across the network would work. For example, our Alexa is on the Multimedia subnet and so is the new/temporary installation of openHAB. Ideally, I would like to put the openHAB installation & all home automation devices on its own network (e.g: HA subnet). If I do that then how would openHAB be able to Discover devices on the multimedia subnet (eg: TV, Alexa, etc.)?

Are there any network architectural diagrams, best practices for designing home automation? If not, does anyone have a similar implementation that allows for segmented network? Any info, docs, links would be greatly appreciated.

This sounds more like a general networking question than something specific to openHAB or home automation. Discovery happens through various APIs and protocols so the network configuration answers would vary accordingly. Do you have a question about how to bridge a specific protocol across subnets?

You might want to listen to or read the transcript of Security Now! podcast #545 titled “Three Dumb Routers”.

Steve Gibson and Leo Laporte talk about how to prevent an infection of an IOT device could spread to the rest of your network and how he recommends that you prevent this.

My question is not as much network related as it is protocol & Home Automation Design (best practices) related. For example, in the case of Apple, devices use Bonjour to announce & discover services and there are workarounds for getting the Bonjour broadcasted across subnets. I, at this point, do not know how devices are discovered on a home automation bus. For security & efficiency reasons, it would make sense to separate home automation devices on its own network.

It depends on the specific bus implementation and on the devices. Like you said, some devices (not just Apple) use Bonjour/mDNS and other devices (like Sonos and Hue) use uPNP. The openHAB bus has a variety of pluggable discovery strategies but a vendor-specific hub might only support a specific protocol. Like you said, there are techniques to support Bonjour across subnets but the techniques will vary for other protocols. This is why the question sounds to me like it is not as much about home automation as how to configure segmented networks to work with protocols like Bonjour and whatever your other devices support.

I’m thinking there’s not really a best practice (or specific implementation pattern) that applies to all devices and protocols. (For example, I have no idea what discovery protocols your TV supports, if any.) Security recommendations, like Jack referenced, may be more generally applicable but that’s a bit different than what you requested.