My physical network infrastructure (VLANS and subnets) and host hardware

From Iwan
Jump to: navigation, search

Before I am going to explain how I am creating automated nested labs, I first think it is good to know how my home lab and home network looks like. This article will show you my physical network infrastructure that I have at home.

Network topology and network hardware

Below you will see all the physical network devices that I have at home to cater my home “production” network and my home lab.

40559EEC-A1C8-4055-ADBE-9E341C6B56F7.png

VLANs and Subnets

All routing is done by the Ubiquity Edge 4 router. So this device can be considered as my “core” router. The VLANs that are configured are configured everywhere (to keep it consistent) and for all VLANS the L3 routing point (“SVI”) is configured on the Ubiquity Edge 4 router.

Below you will find a list with my configured VLANs and subnets.


ID:	  NAME:							   SUBNET:
----
1       default                         10.11.111.0/24
11      HOME-LAN                        10.11.11.0/24
12      VSAN-DATA                       10.11.12.0/24
14      VMOTION                         10.11.14.0/24
15      TEP                             10.11.15.0/24
16      NESTED-UPLINK                   10.11.16.0/24
17      WIRELESS-GUEST                  10.11.17.0/24
18      WIRELESS                        10.11.18.0/24
19      US-WIRELESS                     10.11.19.0/24
21      EDGE-VM-TEP                     10.11.21.0/24
31      BGP-UPLINK-1                    10.11.31.0/24
32      BGP-UPLINK-2                    10.11.32.0/24


Wireless network

In the VLAN list above you can see that I am using three different Wireless VLANs for my wireless network connectivity.

ID:	  NAME:							   SUBNET:
----
17      WIRELESS-GUEST                  10.11.17.0/24
18      WIRELESS                        10.11.18.0/24
19      US-WIRELESS                     10.11.19.0/24

VLAN 17 is used for my guests and can only access the internet and all network traffic towards the other subnets is blocked. VLAN 18 is my wireless VLAN network for me, my wife and the other wireless clients that I have that belong to my production network. I am also using VLAN 1 in my wireless network, because after designing and implemented everything I discovered that I would not control my Sonos speakers that got an IP address in VLAN 1. So my Sonos speakers were in VLAN 1 and my iPhone in VLAN 18 and for some reason, this is not working. I managed to fix it eventually with this piece of configuration

Edge 4

edit protocols igmp-proxy
set interface eth1.18 role upstream
set interface eth1.18 threshold 1
set interface eth1 role downstream
set interface eth1 threshold 1

And after this, I just left VLAN 1 open for wireless connectivity because I experienced all kinds of weird problems.

On the below picture you see I have 6 x Ubiquity UniFi AP-AC-LR Access Points around the house. I also have the UniFi Cloud Key that is responsible for the control and management of all the UniFi devices (Switches and Wireless Access Points).

71E2BAE6-527B-4580-A471-B3BBD0E6EF68.png

The different colors represent a different location, but the size of the block/color does not represent the actual size of the rooms ; - ).

Internet connectivity

I have a single Fibre To the Home (FTtH) internet connection of 500/500 Mbps up/down. My internet provider has the option to request a /29 public IP address range and I am using this option. I assigned a public IP address to all my “internet” facing devices.

3F2DA5D0-EC05-450E-AAC0-B306E2A6C738.png

L3 IPSEC VPN and Remote Access VPN

I have an L3 VPN with a friend of mine so we can share internal resources. This L3 IPSEC VPN is terminated between two Cisco ASA Firewalls. We also configured Cisco Any Connect Remote Access (SSL) VPN so that when we are not at home we can still access each other's internal resources.

95703A7F-EA36-4E2A-971E-1B7A9FD5FD7A.png


Common Services 〈AD - DNS - NTP - Etc〉

I have one virtual machine that is responsible for AD services. This machine is also my Stepstone machine and is running Windows 2016 Server. When I need to access an internal (lab) resource I first connect with my Any connect VPN service and then I use the internal IP address of this AD/Stepstone VM to access with RDP, and from there I am accessing the rest in my internal network.

DNS and NTP services are offered by my Infoblox Virtual Appliance.

Storage

I have two ways of storing my files.

  • QNAP NAS TS-659
  • VSAN

5C7D1C8C-17E7-4D97-97BA-B87363E463F1.png

QNAP NAS TS–659

My QNAP TS-659 is pretty old, but it still works great! I have 6 x 4 TB Disks installed.

Screenshot 1552.png

These 6 x 4 TB are configured in RAID5 that gives me around 18 TB of storage space. So if one disk fails I still have my data.

Screenshot 1553.png

VSAN

My VSAN cluster consists out of 3 ESXi hosts. Each host has one Capacity disk of 4 TB and one SSH caching disk.

Screenshot 1556.png

This gives me a total storage space of 10 TB.

Screenshot 1554.png

Compute hardware

I have 4 x SuperMicro hosts where I use three for my vSphere Compute Cluster (that are all prepared with NSX-T) and one host for my vSphere Management Cluster. Each host has 1 x CPU with every 12 cores and 256 GB of RAM. Below on the picture, you can see how the interfaces are connected.

FBA750D8-4838-4EAD-91DA-2C1A80E5A1DF.png

Backup of Virtual Machines

Some of my important production VM’s are back-up with Veeam. Veeam places the VM (snapshot) data on my NAS using the CIFS protocol (mapped network drive from Windows) My NAS replicates this VM snapshot data to Google Drive.

Screenshot 1559.png

Screenshot 1560.png

Screenshot 1561.png