As an IT Professional, I have a home lab to experiment and learn things on. It is part experimentation, and part functional requirements.

I’ll make a few posts to describe what I have, and how I have it set up.

TOC

Picture

Home Lab
Home Lab

Hardware

Let’s start off with the basic hardware.

Cable modem

ISP Provided DOCSIS 3.0 modem with a Fixed IP, 240 / 30 Mbps, and no BW caps.

Switch

A TPLink Smart Switch T1700G-28TQ

  • 24 10/100/1000Mbps RJ45 Ports
  • 4 fixed 10G SFP+ Slots
  • Fanless

Nothing special, has a bunch of VLANs configured on it.

VLAN Config
VLAN Config

T1700G-28TQ
T1700G-28TQ

Router

A UBNT EdgeRouter-4

  • 3 x 1000BASE-T ports
  • 1 x SFP port
  • Up to 3.4 million pps
  • Up to 4 Gbps linerate

Has a IPSec/GRE tunnel to the VyOS VPS instance running BGP. Routes between the various subnets,

  1. $ show interfaces
  2. Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
  3. Interface    IP Address                        S/L  Description
  4. ---------    ----------                        ---  -----------
  5. eth0         203.0.113.6/18                    u/u  WAN
  6.              2001:DB8:1:161:ede7:eac3:46f6:6969/128
  7. eth1         192.168.13.1/24                   u/u  LAN
  8.              2001:DB8:3920:400:feec:daff:fe44:14f/64
  9. eth1.200     192.168.0.201/24                  u/u  Restore Ranges
  10.              192.168.1.201/24
  11. eth1.300     192.168.9.1/24                    u/u  Guest
  12. eth1.700     192.168.7.1/24                    u/u  Internet of Things
  13. eth2         -                                 A/D  Spare
  14. eth3         -                                 A/D  Spare
  15. lo           127.0.0.1/8                       u/u
  16.              ::1/128
  17. tun0         192.168.213.13/30                 u/u  GRE to VyOS VPS
  18.              2001:DB8:cbb9::13:2/126
  20. $ show ip bgp summary
  21. BGP router identifier 192.168.13.1, local AS number 4200000013
  22. BGP table version is 2
  23. 1 BGP AS-PATH entries
  24. 0 BGP community entries
  26. Neighbor                 V   AS   MsgRcv    MsgSen TblVer   InQ   OutQ    Up/Down   State/PfxRcd
  27. 192.168.213.14           4 4200000000 79253      79265       2      0      0  02w0d21h               0
  28. 2001:DB8:cbb9::13:1      4 4200000000 79258      79267       2      0      0  02w0d21h               0
  30. Total number of neighbors 2
  32. Total number of Established sessions 2

EdgeRouter 4
EdgeRouter 4

Wifi

An UAP-AC-PRO

  • 802.11ac
  • 3x3 11AC MIMO
  • 5 GHz and 2.4 GHz
  • Band Steering
  • Airtime Fairness
  • PoE

The main LAN subnet is on 5Ghz, and the Guest and IoT subnets are on 2.4Ghz (keep those good waves for meself, eh?)

UAP-AC-PRO
UAP-AC-PRO

Storage

There are 2 NAS setups.

DIY

A DIY setup consisting of:

  • C2750D4I Board
  • 32GiB ECC Ram
  • 6 x 3T SATA Disks
    • in RAIDZ2
  • Mellanox MT26448 SFP+ network card
  • in a Node 304 Case

Runs Plex, exports some iSCSI LUNs, full backup copy of the Synology DS218+ and is for general playing around when I need storage.

  1. # zpool list
  2. NAME   SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
  3. tank  21.8T  20.8T   998G         -    39%    95%  1.00x  ONLINE  -
  4. # zpool status tank
  5.   pool: tank
  6.  state: ONLINE
  7.   scan: scrub in progress since Sat Jun 15 18:07:12 2019
  8.     393M scanned out of 20.8T at 4.05M/s, (scan is slow, no estimated time)
  9.     0 repaired, 0.00% done
  10. config:
  12.     NAME        STATE     READ WRITE CKSUM
  13.     tank        ONLINE       0     0     0
  14.       raidz2-0  ONLINE       0     0     0
  15.         sdb     ONLINE       0     0     0
  16.         sdc     ONLINE       0     0     0
  17.         sdf     ONLINE       0     0     0
  18.         sde     ONLINE       0     0     0
  19.         sdg     ONLINE       0     0     0
  20.         sdd     ONLINE       0     0     0
  22. errors: No known data errors

Node 304
Node 304

Synology

A Synology DS218+

  • 64bit Intel Celeron J3355
  • 2G Ram
  • 2 x 3T disks in Raid 1

This one is for important stuff like photos, and business documents.

DS218+
DS218+

ESXi Server

An Intel NUC NUC6i5SYK:

  • 32GiB Ram
  • 512GB Samsung NVMe Flash Storage

Runs VMWare ESXi 6.5

ESXi 6.5
ESXi 6.5
NUC
NUC

UPS

APC Back-UPS 1400U

APC Back-UPS 1400U
APC Back-UPS 1400U

All the above is connected to the UPS, with DS218+ connected over USB as well.

Network

Every subnet is on its own VLAN.

  • VLAN100: LAN
    • General LAN range. Most things are on this.
  • VLAN200: Restore ranges
    • A special NATed range. Useful for needing to access new / old devices that expect to be in those ranges.
    • Has subnets 192.168.0.123/24 and 192.168.1.123/24 on it
  • VLAN300: Guest
    • Guest access on the AP. So I can give wifi to people I don’t really want on my WAN :P
  • VLAN700: IoT
    • General IoT devices, TV, AVR, etc. Stuff I don’t trust but need some sort of network anyway. Heavily filtered on the firewall.
  • VLAN2000: WAN
    • This is for my public IPs. The cable modem and the router are on this VLAN.

Network Diagram

Network Diagram
Network Diagram

Software

Rancher / docker

A VM on the ESXi, running RancherOS with Rancher as a frontend.

Soon to be upgraded to K3OS.

Traefik

The ingres point is a Traefik instance, taking its input from Rancher. It is set up to do automatic TLS termination with Let’s Encrypt.

Unifi

Controller software for the UAP-AC-PRO

IRC

  • An instance of the ZNC IRC Bouncer.
  • An instance of The Lounge web IRC client, connected to the ZNC bouncer.

Monitoring

Home Automation

I have a Philips Hue hub and lights, and a Z-Wave system with power plugs and various sensors. A Mosquitto MQTT server is used as a message bus.

Home Assistant is used for connecting to various protocols, and Node Red for handling the flow logic.