How extreme is your home network?

jibbajabba

Forsaken_GA wrote: »

fwbuilder

Holy *bleep* - that's awesome


ps: tried to rep, but can't, given too many lately apparently

LinuxRacr

jibbajabba wrote: »

Holy *bleep* - that's awesome


ps: tried to rep, but can't, given too many lately apparently

This post sums up everything....even the PS part...

onesaint

Forsaken_GA wrote: »

VMWare has allowed me to go rather nutso with the expansion of my lab...

So, you're running some 30 VMs in that setup? Man, that's some fantastic home network.

When you implement a technology, do you install a few times? Or is it something like PF where you have some 10 installations of it? I guess what I'm getting at is, is it "set it and forget it" or whats the methodology behind your learning by implementation?

N2IT

Here is my network. Really advanced.

alan2308

Asif Dasl wrote: »

My home router - Cisco CRS-3

My main desktop - Intel i386DX-25Mhz, 2Mb RAM, 100Mb Hard drive, 3.1 WfWG (Note, it's a DX!! WITH custom water cooling)

Spare lab PC / Folding@Home - K computer, SPARC64 (I've got 2, in case the other one breaks down)

Gold iPad

5 year diesel generator with backup nuclear fusion power plant

Bomb-proof nuclear bunker (much like this one)

Shens! You can't fold on a SPARC.

Forsaken_GA

onesaint wrote: »

So, you're running some 30 VMs in that setup? Man, that's some fantastic home network.

When you implement a technology, do you install a few times? Or is it something like PF where you have some 10 installations of it? I guess what I'm getting at is, is it "set it and forget it" or whats the methodology behind your learning by implementation?

It largely depends on what it is. In the case of PF, that setup migrated over the years as well. Originally, it was a single vm with a crapload of interfaces. Let's just say that keeping the firewall rules straight on a box with that many interfaces was a chore. Splitting it out to one firewall per vlan made the rules alot simpler to keep straight.

And then I was occasionally annoyed by the fact that my entire network was brought down by a firewall reboot/upgrade, particularly when upgrading the DMZ firewall, since that's where the DNS servers are located. When DNS can't resolve, so much crap breaks it's not funny. A 5 minute reboot would take me 30 minutes to get everything straight again. So that's why I paired the VM's up via CARP, now a reboot is a minor hit as the passive goes active and things are good.

Most of the the things I do are practically driven. Why I chose LDAP instead of going AD to begin with was because I had to support LDAP, so I did my learning on it in the lab, when crap broke in production, I'd already seen it, and had it fixed nice and quick.

Whether or not it's set it or forget it depends on what it is. If it integrates with the rest of the flow of my lab, then it can be, and that's not a bad thing - I don't like high maintenance tech. If it's something that doesn't really integrate into my environment, and I'm never really going to use it, then it'll rarely make it out of my development vlan (that's also where I spin up new VM's to test out ideas that aren't web or database related). I've left the home gear alone for the last 5 months or so, self-implemented moritorium on changes not necessary to keep the shebang running until I'm done with the IE lab, but prior to declaring that, I was pretty much always tweaking, refining, testing. There's always something to learn, and I can almost always do it better if I spend a little time on it.

Asif Dasl

alan2308 wrote: »

Shens! You can't fold on a SPARC.

You're right it's just for solitaire!

Everyone

Nice Forsaken. My setup is headed somewhat in the same direction as yours, only I'm using all MS products to do it instead of Linux.

I need to figure out how the "Guest Wireless" feature on my new Cisco/Linksys EA4500 actually works. Haven't tried it out yet. I know it has a captive portal built into it, and it says "Guest Access provides visitors to your home with Internet access without giving them access to your computers or personal data.", but there are no settings for putting guest access on a different VLAN, so I'm not sure how it is keeping them separate. Trying to avoid having to run 2 different wireless routers.

Work on my home setup is being put on hold. I have to get Hyper-V setup on my work laptop so I can build a mobile demo lab.

I have to setup:
2003 SP2 DC w/ CA
Exchange 2003 SP2
Exchange 2007 HT/CAS
Exchange 2007 MB
Exchange 2010 HT/CAS
Exchange 2010 MB

To demo migration from Exchange 200x to Exchange 2010 for some customers.

Forsaken_GA

Everyone wrote: »

I need to figure out how the "Guest Wireless" feature on my new Cisco/Linksys EA4500 actually works. Haven't tried it out yet. I know it has a captive portal built into it, and it says "Guest Access provides visitors to your home with Internet access without giving them access to your computers or personal data.", but there are no settings for putting guest access on a different VLAN, so I'm not sure how it is keeping them separate. Trying to avoid having to run 2 different wireless routers.

Well, if it works anything like the Apple Airport Extreme, there's another antenna in the AP and you setup an entirely different SSID for the guest access. The AP itself keeps the wireless traffic segregated.

Which isn't to say I trust it. I run the Airport as my 802.11n AP, and keep my old Linksys around to provide 802.11g to guests, unless I know them well enough, at which point I provide them with the password to the Airport. When I finally get off my ass and implement 802.11x with certificate based authentication, they just might have to stay on the crappy AP

Everyone

Forsaken_GA wrote: »

Well, if it works anything like the Apple Airport Extreme, there's another antenna in the AP and you setup an entirely different SSID for the guest access. The AP itself keeps the wireless traffic segregated.

Which isn't to say I trust it. I run the Airport as my 802.11n AP, and keep my old Linksys around to provide 802.11g to guests, unless I know them well enough, at which point I provide them with the password to the Airport. When I finally get off my ass and implement 802.11x with certificate based authentication, they just might have to stay on the crappy AP

Yup it creates a different SSID... just uses whatever you set the main SSID to and appends -Guest to the end of it.

802.11x is something I've thought about implementing as well, but I have a few devices that may not play well with it. I have 2 WD Live TV Plus boxes connected to 2 different TVs for streaming media, both are connected via wirless with USB adapters at the moment. Then I have an HP Printer that is connected via wireless. I've just been doing MAC filtering.

LinuxRacr

This past week I set up my Cisco 881W in a similar fashion. Dual SSID, with each reporting to separate vlans. One reports to the vlan that connects to my home lab, while one only allows access to the internet. That's how it is supposed to work anyway.

Ch@rl!3m0ng

Well my set up is not very flash.
Main PC is a I7 with 24GB of RAM and 3TB of storage and a 128GB SSD
Laptop
Andriod tablet running backtrack
HP Home server running ESXi 5.0 4 VM's running on this.
G5 with ESXi 5.0 running 8 VM's (This is my test machine) plus 3 laptops connected to this network.
ISP router
Cisco switch

foofighters

Sounds like you guys have some pretty nice setups. I have myISP router/modem, when I purchase a home I'll be setting up a much better network. I built my main pc a couple of years ago, its a quad core amd processor with 8gb of ram, 4tb of hard disk space. I have three monitors setup, and I have about 20 virtual machines using VMWare, 3-4 of which are usually running. Backtrack, a vulnerable vm image, a Windows XP image I use for downloading and misc programs that I don't want to clutter my main Windows install with.

LinuxRacr

BUMP. Considering getting some new disks for my server, and also building a new rack-mounted desktop system with high-end hardware.

onesaint

rack-mounted desktop system

I've been thinking about doing something like this as well. Although, I'm thinking a 1/2 rack under the desk or something. What sort of solutions are you looking at?

LinuxRacr

Looking at some 3U cases from either Tiger Direct or NewEgg. I am also looking at getting the AMD FX-8150 processor and a comparable Asus motherboard.

Xcluziv

Forsaken_GA wrote: »

VMWare has allowed me to go rather nutso with the expansion of my lab.

Physical gear (not counting my CCIE lab gear or access devices like laptops, ipads, etc)

Cisco 3725 (Edge Router)
Cisco 3550 (Access/Distribution Switch)
Apple Airport Extreme (Trusted Users AP)
Linksys AP (Not so trusted users AP)
Synology DS1511+ (NAS)
(2) HP DL385 g2 with dual quad-core and 16 gigs each (ESXi hosts)
Netgear Switch (cheapest thing I could find with gig ports that supported Jumbo frames, used as the backend storage switch for my ESXi hosts and my Synology for iSCSI and vMotion traffic)

As far logical setup goes -

Each VLAN has dual PFSense firewalls in front of it, providing redundancy through CARP, not going to list it on each vlan because it's tedious. Each firewall participates in routing with the 3550 via RIP, since getting OSPF running on PFSense is..... a chore.

DMZ:

2 DNS servers (Debian with PowerDNS)
Web Server (Debian)
Reverse Proxy Server (used to access internal sites externally, used to overcome single IP on residential internet services while still having hosts on different IP's running web based services. Beats the snot out of having to maintain a crapload of NAT port forwards. Running Scientific Linux)

Corporate Services VLAN:

LDAP server (CentOS)
2 Database servers (Mysql, Centos, Master/Slave configuration)
Wiki (Centos, running Confluence)
Fileserver (Serving up CIFS/NFS, Debian)
Backup server (Debian, running rsync to all of the boxes)
Repository Server (CentOs. Running Spacewalk for updates to CentOS/Scientific based hosts, mirroring a Debian repository for Debian based hosts)
PKI Server (Scientific Linux, encrypted filesystems, runs my Certificate Authority, as all services that can be secured via certificate are. Normally powered down unless I have a need for it)
Log Retention server (Debian, running Splunk)
Webserver (Debian, runs intranet services like my ticketing system, etc)
Proxy Server (Debian, running Squid)

Development VLAN:
Webserver (Debian)
Database server (Centos)
(These two are where I try out new software prior to deployment on other servers to see if I like it, if it will fit in, etc)

Engineering VLAN:
Nagios host (Debian)
Engineering Services (IPPlan, PowerAdmin for DNS management, Rancid for network config backups, Netflow collection, etc)
Graphing/Trending (Debian, runs things like Cacti, Smokeping)
Bastion Host (OpenBSD, this box is the only one that's externally accessible via SSH, and the only box that's allowed access to everything in the network)

Corporate Users VLAN:

This is where all the 'normal' users on my network go, and where the Airport Extreme lives

Guest VLAN:

This is where everyone else goes. Like 12 year old children who don't know not to click on pop ups. And people who come over and want to use my Wireless. This PFsense firewalls guarding this VLAN use the Captive Portal feature (local authentication, not tied to anything on the backend) to prevent unauthorized use. This vlan is also policed to 256k up/down, so it's fine for web surfing (without streaming) and checking email, but not much else


In addition to the home lab, I rent a VPS from Linode that runs Debian. The 3725 runs an IPIP tunnel to the Linode, and they run RIP with each other (they used to run BGP, but Linode decided to start filtering that... was not happy), so the Linode is logically a part of my internal network. The Linode also functions as my email server, since alot of folks don't like IP's from residential IP space. Given it's placement, it's also perfect as my VPN server. It runs OpenVPN, and I VPN into it, and thanks to the tunnel, it's like I have local access to my internal network.

The linode also have native ipv6 access, and the 3725 maintains an ipv6 tunnel via Hurricane Electric. This allows me to bypass networks which have heavy lockdown on ipv4, but totally forgot to account for ipv6, and thus retain access to my internal network over the public internet.

Post CCIE lab migration plans include the following:

Replace LDAP server with AD domain controller. Already have a mockup as proof of concept, just don't have the time to actually migrate all of the hosts.

Implement Exchange. The Linode runs Postfix, but down the line I'd like to use it as an email gateway instead of doing IMAP locally. I know it's possible to have postfix handoff received mail to Exchange for processing, I just don't know how to implement it. Again, the hold up here is a lack of time, CCIE is paramount at the moment, so it gets the free time

Implement Lync server - Just because I feel like it

Migrate entire internal network to native ipv6. The 3550 is the hold up there, as it doesn't support ipv6. Once I'm finished with the lab, one of my two 3560's will be tasked for that replacement, and then the migration will begin. I'll implement a DNS64 server to handle DNS proxying. I haven't quite decided what 6 to 4 translation mechanism I'm going to be using yet.

So yeah, I'm a big nerd, and most of what I do for fun, people want to get paid for. Of course, the entire point is that I will be getting paid for it - down the line.

Sooo I know who is doing my network when I move into my house....lol

onesaint

@Linuxracr: Ah, you're looking at desktop chassis. I was thinking of something like this (but don't want to drop 2k!):
IsoBox Studio - Keeps Studio Computer Equipment Quiet and Cool

I'd like to be able to stick my servers and Cisco gear into something like that.

tpatt100

N2IT wrote: »

Here is my network. Really advanced.

I have a mixed network my iPad and Android tablet.

4_lom

MAC_Addy wrote: »

Here's mine. Though, it's not all being utilized.

My fiancee and I have talked about doing some type of ticketing system to keep track of my house-work including hers. Just haven't even looked into this yet.

I should be getting some servers setup within the next few months, the thought of setting up my own personal exchange server really interests me. Just don't know the best route to take on this.

Very nice MAC

LinuxRacr

onesaint wrote: »

@Linuxracr: Ah, you're looking at desktop chassis. I was thinking of something like this (but don't want to drop 2k!):
IsoBox Studio - Keeps Studio Computer Equipment Quiet and Cool

I'd like to be able to stick my servers and Cisco gear into something like that.

Actually I AM looking at server chassis. My lab is housed in one of these currently:

4_lom

I'll put up pictures of my Voice and Hyper V labs later. This rack I mainly used for the CCNA. Some of this equipment is now in the Voice rack.

mapletune

how are you guys mounting your rack equipment? I looked all over the web and couldn't really find people with the same question as I have... haha

I mean, the closest i found was someone asking if they could mount servers only by the rack ears and people responded, "don't take the chance, use rails, or front and back posts, etc."

But yea... for routers and switches do we only need to screw them on by the front ears?

By that i mean, is the weight of rack equipments supported by ears attached to only the front panel?

cuz that would create a lot of moment (torque) on that single point of support....



[Edit]
Apologize in advanced if this question is unbearably stupid =p

cyberguypr

I have a Skeletek C rack and went with a fixed shelf rated at 150 lbs. to stack my servers.

Forsaken_GA

mapletune wrote: »

how are you guys mounting your rack equipment? I looked all over the web and couldn't really find people with the same question as I have... haha

I mean, the closest i found was someone asking if they could mount servers only by the rack ears and people responded, "don't take the chance, use rails, or front and back posts, etc."

But yea... for routers and switches do we only need to screw them on by the front ears?

By that i mean, is the weight of rack equipments supported by ears attached to only the front panel?

cuz that would create a lot of moment (torque) on that single point of support....



[Edit]
Apologize in advanced if this question is unbearably stupid =p

I only use the rack ears to mount my network gear, but 3550's/3560's, 1841's, 2600's etc aren't exactly heavy or deep, and don't put a whole lot of strain on the front ears. Servers are a different ball game, as your support needs are going to vary depending on the size and weight. A 4U server loaded up with hard drives is going to have different support needs than a 1U pizzabox type server

santaowns

heh looking at some of your setups i feel like i dont got much haha. My wife still wonders why i got the 5k worth of cat6 from my work and the cisco switch and then placed 4 jacks in every room.... but she doesnt complain when she can watch movie in any room.

Abdul201288

My Isn't that Extreme..this is my network.





This is what I got in the pic.

24-port NetGear unmanaged Switch
Cisco 2651xm router
Cisco 1760 router
Cisco Catalyst 2950-24
Dell PowerEdge R200
Old HP LaserJet 2200 connected to the switch.

The Server has an Intel Xeon E3310 3.0GHz dual core CPU.
4GB RAM.
80GB Sata Windows OS.
500GB HDD for storage.
Running Windows Server 2008 R2 Enterprise. (HYPER-V,DNS,DOMAIN CONTROLLER)