Modern Network Management

Schaltwerk is a modern, extensible network management solution and open alternative to proprietary systems like UniFi. Its plugin architecture enables seamless integration of any network device — from switches and routers to community mesh nodes and virtualised environments.

Automatic Discovery · Real-Time Monitoring · Interactive Topology · Plugin-Extensible · IPv4 & IPv6 · Self-Hosted

Get in Touch
🔍
Auto Discovery
IPv4 & IPv6
Real-Time Updates
Live status of all devices
🧩
Any Device
Open plugin system
🔓
No Lock-In
Self-hosted & open source

Features

Implemented core features and planned additions for professional network management

Network Discovery

Automatic device detection with parallel ICMP ping, packet-based ARP scanning, ICMPv6 NDP scanning and SSH-based data collection. Dual-stack IPv4/IPv6 with automatic address family detection.

NDP Neighbor Solicitation to ff02::1 multicast, OS cache fallback, gateway detection, vendor lookup via OUI, per-network configurable scan intervals

Plugin Architecture

Process-isolated plugins communicate via gRPC and Unix domain sockets. Hot-reload, health monitoring, automatic crash recovery and plugin auto-detection for known device types.

Plugin SDK for Go with BasePlugin, Collector interface and typed metrics/events

Real-Time Monitoring

Server-Sent Events for live browser updates. Device status, bandwidth metrics and topology changes are streamed in real time to all connected clients.

Event bus with topic-based pub/sub, buffering and automatic client reconnection

Topology Visualisation

Interactive network topology with D3.js. Hierarchical tree view and bandwidth graph with search, status filters and detail navigation. Automatic Proxmox VM/container detection and host assignment.

Gateway detection from routing tables, external (public) IP resolution via 4 providers, Proxmox host linking via MAC prefix, IPv6 topology

Credential Management

Secure management of SSH keys and credentials with AES-256-GCM encryption. Supports RSA, ECDSA and Ed25519 as well as legacy SSH ciphers for older hardware.

Per-device configurable SSH settings with connection pooling

Responsive Frontend

SvelteKit-based dashboard with dark-mode design, device grid with filters and sorting, plugin management with log viewer and network configuration.

TypeScript, Tailwind CSS 4, Svelte 5, extensively tested with over 1,000 tests (backend, frontend, E2E, load benchmarks)

IPv6 Dual-Stack

Full IPv6 support with NDP scanner (ICMPv6 Neighbor Solicitation), automatic address family detection and a dedicated IPv6 topology view with gateway detection.

Dual-stack devices via network_interfaces table, IPv6 badges in the frontend, OS cache fallback without root privileges

Security Hardening

Comprehensive security measures: security headers (CSP, X-Frame-Options), input validation, path traversal protection, injection prevention and error sanitisation.

CORS middleware, AES-256-GCM for credentials, dedicated security test suite, no internal error details exposed to clients

Device Management

Multi-MAC support for devices with multiple network interfaces. Device merge to consolidate duplicate entries. Proxmox VM/container detection via MAC prefix.

UUID-based device IDs, automatic network creation on gateway detection, scan progress indicator with real-time device counter

Host Detection

Automatic detection of the host system at startup: operating system, kernel version, architecture, available network interfaces and system services (Docker, systemd).

Capability check for ICMP/ARP scanning, container detection, adaptive scanner configuration based on host capabilities

REST API

Full REST API for devices, networks, topology, plugins and credentials. Versioned endpoints with JSON responses, CORS middleware and health check.

CRUD for all resources, plugin control, MAC vendor lookup, external IP query, configuration and SSE stream

Add Device Manually

Add any device by entering its hostname or IP address. The system resolves the name, creates the device record automatically and scans it immediately — no need to wait for the next scheduled scan.

Planned

Persistent Device Data

Every scan merges new findings into the existing device record instead of overwriting it. Hostname, vendor and custom notes are preserved permanently. A full change history shows when each property was last updated.

Geplant

Technology Stack

A modern, production-ready stack with a clear separation between backend, frontend and plugin system

Backend

  • Go with Gin HTTP framework
  • SQLite WAL mode (pure Go, no CGO)
  • 28+ database migrations
  • gRPC over Unix sockets
  • Server-Sent Events
  • AES-256-GCM encryption

Frontend

  • Svelte 5 with SvelteKit
  • TypeScript 5
  • Tailwind CSS 4
  • D3.js visualisation
  • Vite build system

Discovery

  • ICMP parallel ping
  • Packet-based ARP scanning
  • ICMPv6 NDP scanning (dual-stack)
  • SSH agent with key authentication
  • MAC vendor lookup (OUI)
  • Automatic topology
  • External IP detection

Vendor-Agnostic

  • Vendor-independent design
  • Open plugin SDK
  • Standard protocols (SSH, ICMP, ARP)
  • No proprietary dependencies
  • Custom plugins for any device

Deployment

  • Multi-stage Dockerfile (Alpine)
  • Multi-arch: amd64 + arm64 (Raspberry Pi)
  • Docker Compose with health checks
  • GitLab CI/CD with JUnit reports
  • Non-root container
Go Gin Svelte TypeScript gRPC SQLite D3.js Tailwind CSS Docker Protobuf SSE IPv6/NDP AES-256-GCM GitLab CI/CD

Plugin Ecosystem

Device-specific plugins with automatic detection and confidence scoring, process-isolated via gRPC

SSH Collector

Generic Linux/Unix collector: hostname, memory, load, disks, network statistics

Available

Freifunk Node

Gluon firmware: port status, Wi-Fi clients, mesh statistics, bandwidth deltas

Available

TP-Link Switch

Legacy SSH: port and bandwidth tracking, MAC-to-port mapping, counter rollover handling

Available

Dummy Device

Mock metrics for tests and demos: simulates switches, routers and access points with realistic values

Available

Custom Plugins

Plugin SDK with BasePlugin, Collector interface and auto-detection enables development without touching the core

SDK ready

Enterprise Roadmap

Planned additions for professional use — each available independently after the MVP release

🏛 Physical Infrastructure

Manage data centres, server rooms, racks and slots. Every network device gets a physical location — a single source of truth for both network topology and hardware.

Post-MVP

📋 DHCP Management & Network Boot

Built-in IP address management and automatic first-time setup of new devices via network boot — no external DHCP server required.

Post-MVP

👤 User Management & Single Sign-On

Local user accounts, roles and permissions as well as integration with existing identity providers — for teams and larger organisations.

Post-MVP

🛡 Security Scanning

Automatic checking of all devices for open ports and outdated software. Known vulnerabilities are matched against up-to-date security databases and presented clearly.

Post-MVP

🤖 AI Network Assistant

Ask your network direct questions: "Which device rebooted last week?", "Which systems use the most bandwidth?" or "Start a security scan for this device." Powered by a configurable AI model — can be run fully on-premises.

Post-MVP

🌐 DNS Zone Management

A complete view of all DNS records in an organisation with responsible contacts, automatic verification and detection of stale or incorrect entries — cross-referenced with the device inventory.

Nach MVP

Get in Touch

Interested in Schaltwerk? Drop us a message.