I might be biased but I don’t believe there’s a replacement for the experience of building, maintaining and troubleshooting your own environment and equipment. Whether you’re a hobbyist or considering a career in IT, home lab can provide a local and cost effective learning and training environment.

I started with a basic and cheap “server” to learn about virtualization, which then grew and expanded beyond that and also helped me with a career change to IT.

Now let’s get to the point and see what my home lab looks like.

Hypervisors

  • ESXi (VMS01):
    • Intel Xeon-D 1541 8 Core 16 Threads @ 2.10GHz
    • 64GB DDR4 ECC RDIMM (2 x 32GB)
    • 1 x Samsung 960 Evo 500GB NVMe
    • 2 x Samsung 860 Evo 500GB SSD
    • 1 x 16GB USB (OS)
    • 2 x GbE (on-board)
    • 2 x 10 GbE (on-board)
    • 4 x GbE (PCIe)
    • 1 x IPMI (on-board)

  • Hyper-V (VMS02):
    • Intel Celeron J1900 4 Core @ 2GHz
    • 12GB DDR3 SODIMM
    • 1 x Kingston 240GB SSD (OS & VM storage)
    • 1 x 3TB NAS HDD (passthru to VM)
    • 1 x GbE (on-board)
    • 2 x GbE (PCIe)
    • 1 x GbE (USB)

Switches & APs

  • TP-Link L2 Managed Switch
    • 1 x 8-Port, half-PoE (TL-SG108PE)
    • 1 x 24-Port, non-PoE (TL-SG1024DE)
  • UniFi AP-AC-Lite

Network

network-layout

  • In the living room, where TV, WAP and phone line are:
    • ADSL modem in bridge mode provides internet access
    • L2 Managed switch (POE capable) powers Unifi WAP & looks after VLANs
    • Powerline adapter transfers the data (layer 2) to and from the other one in study room.

  • In the study room:
    • Powerline adapter transfers data to and from its living room buddy
    • A larger non-POE L2 managed switch takes care of VLANs
    • The two servers provide virtualization platform


Virtual Machines

  • Firewalls:

    • FW01 - pfSense VM with 3 dedicated physical NICs for WAN, LAN and Sync in HA configuration as Master
    • FW02 - pfSense VM with 3 dedicated physical NICs for WAN, LAN and Sync in HA configuration as Slave

  • Linux VMs:

    • INF01 - Master DNS/DHCP server (for core network/VLAN only) in a failover configuration
    • INF04 - Slave DHCP/DNS server (for core network/VLAN only) in a failover configuration
    • FILE01 - NFS file server with 3TB HDD passthru
    • INF02 - MySQL, MongoDB, intermediate (OpenSSL) CA and LDAP server
    • INF03 - IPAM, to keep an eye on IP allocation and usage on my network
    • LINSUS - Ubuntu Landscape server, basically WSUS for Ubuntu servers with one big difference: it actually works as intended!
    • NOOBSITE - Local copy of ITNOOBS as explained
    • PLEX - Plex server providing content for Plex app on TV
    • SYSLOG - Graylog server collecting logs from all Ubuntu servers and both firewalls
    • UNIFI - Unifi Controller to manage the Unifi WAP
    • NOOBSCA - OpenSSL Root CA which is kept powered off

  • Virtual Appliances:

    • VCSA -VMware vCenter to manage vSphere host
    • BAK01 - Unitrends Backup (RedHat based backup solution)

  • Others (non critical - testing):

    • Windows Server 2016, Windows 10, Hyper-V server, Ubuntu server and desktop

Firewalls in HA

The two firewalls are in active/passive HA for LAN only. Single public IP address doesn’t allow for WAN side HA. The active firewall will initiate the internet connection through the bridged modem and the WAN interface on the passive one is disabled.

During maintenance, CARP master/backup role is manually switched and WAN is enabled on slave if needed. This allows me to take either host or firewall down with no internet or internal network outage.

Both pfSense firewalls are configured to operate in Router-on-a-stick mode.

Linux DNS/DHCP Servers

I have disabled DHCP/DNS services on pfSense for core network/VLAN. Instead the two Ubuntu servers take care of the DNS/DHCP requests, and here’s why:

  • I had created the DHCP/DNS failover before implementing firewalls, so they were already in place and working
  • Once firewalls were up and running, I noticed that host names do not always replicate from master to slave and vice-versa. This is a major issue, because all critical services in core network depend on internal name resolution
  • I also preferred to keep the core network’s DNS completely isolated, and let pfSense handle DNS resolution for the rest of network

DHCP service is load balanced and in active/active mode whereas DNS service is in active/passive mode. I can take services down on either server and the partner will automatically answer all DHCP and DNS requests.

The Workstation

It is a custom built PC runnig Windows 10 and is my daily driver. Sits in Admin VLAN and its IP is whitelisted on firewall to allow unrestricted network access. I aslo run adhoc Veeam backups for some VMs from this workdstation (this is in addition to the scheduled backups on Unitrends appliance).

And finally some pictures to wrap it up: