Thread HA and VLANs - will this work?

Configuration
,
1

i’ve been trying to get IPv6 VLAN mDNS to work but realize now why these tips were documented in [Helpful hints - #3]

So i am giving up on intervlan mDNS/Matter routing.

My Homelab/Network background

  • IPV6 enabled in Unifi network as Static for both vlans.
  • VLAN1 (main) : 192.168.10.x/24 - fdaa:cc53:14cc:0001::/64
  • VLAN30 (iot): 192.168.30.x/24 - fdaa:cc53:14cc:0003::/64
  • HAOS is running as VM on Proxmox in main vlan (192.168.10.12). Network device model = VirtIO. IPV6 forwarding enabled.
  • Proxmox host is setup to be VLAN aware

/NEW PLAN

Based on feedback, i am perusing a dual-homes HA setup.

/OLD POST BELOW
Goal: Matter, IOT devices should be in vlan 30 (192.168.30.x). I would like to avoid HA to be dual homed.

My current plan is to have OTBR inside the IOT VLAN and then a remote conenction to HA. The steps expected are:

  1. Setup a RPI in the IOT VLAN (192.168.30.14) and connect the ZBT-2 antenna to this RPI.
  2. Install Docker, IPv6 forward is setupfollowing GitHub - ownbee/hass-otbr-docker: Stand-alone Home Assistant OpenThread Border Router docker container.
  3. Enable firewall routes in unifi:

From IOT VLAN IP=192.168.30.14 port=5581 to Trusted VLAN IP=HAOS server Port = 5581 + reverse ports

  1. Setup remote OTBR in HA to ws://192.168.30.14:5580/ws
  2. Verify encryption keys are synced
  3. Connect Android phone to IOT Wifi (vlan30), use the HA Companion App to add matter devices

Questions

  1. Any key step i am missing in the above?
  2. For step #7 do i need to be in the IOT Wifi (where OTBR is) or in the Main WIFI (where HA is)
2

Matter & Thread Deep Dive

3

Rereading the question after my initial answer…

With OTBR and IOT devices in the same broadcast domain - it may work as directed traffic between HA and OTBR over a layer 3 boundary shouldn’t be a problem - Although I don’t fully understand the connection distribution between HA and the Matter devices as yet - early days for me on this.

If there is a layer boundary between OTBR and the IoT device - No it won’t work, due to the below.

A few more details:

mDNS do not like or work very well with layer 3 gateways i.e. routers between VLAN’s.
Enabling Bonjour, mDNS forwarding or reflectors, will not solve the VLAN isolation problems for mDNS, it needs to be work 100% of the time for 100% of traffic.

For Thread to really work all the IoT (HA, Lights, Sensors etc.) needs to be in the same VLAN / Broadcast domain.

As per @Sir_Goodenough see Part 3 of the Matter & Thread Deep Dive

3 Likes
4

Layer 2 and layer 3 routing should not really matter, because mDNS is not routable with normal IP routing anyway.
Rwflectors should be able to make it work, but some of them may lack functions or features or the user do not know how to set them up properly.
Unless you are a network master and understand both the protocols, the configuration of the network devices and the end devices requirement fully, then VLANs are not advisable.

Your suggestion to gather both devices, HA and Matter in the same one is the only viably VLAn setup for the vast majority.

5

As Wally mentioned, you’ll need to add Matter Server to the IOT VLAN as the Matter Server is also using mDNS. One other thing to figure out is that the OTBR, AFAIK, can’t be setup for static IPv6. It will send out IPv6 Router Advertisements that include both a prefix for the IOT VLAN to use and a route to reach the Thread devices, so the system running the Matter Server and will need to be setup to accept and process these RAs appropriately.

6

I am moving away from the remote OTBR setup for now, going with dual-homed HA. This means one HA network is always in the IOT VLAN.

7

Thanks, this shows i clearly need to understand the nuances of IPV6 v Matter better. I am going of my IPV4 knowledge.

8

HA and its addon have very few options to control the service bindings, so that setup will also cause issues.

9

See my new post on the working setup: Matter VLANs and VMs - my setup