Lab Time

For the past 10+ years of my career in tech i’ve taught myself pretty much everything I needed to learn by doing labs on my own. Usually this has been a bit of a kludge running things on VMware and occasionally on older machines I had laying around the house. I’ve always had a dream to build a real lab. Well.. That time has finally come!
Before I get into the main topic of this post, because of the difficulties that I was having with trying to accomplish my learning labs etc I decided to colocate my servers in some real datacenters, if you ever read this blog you’ll notice that I had a post about colocating. After paying through my nose in colo fees I decided to bail on the colocation experiment and moved my servers out and stored them at home.
Now, I moved into a new apartment this year that comes with a basement, which means now I can finally get a bit of a permanent set up. I have a few challenges to over come, some I think I’ve solved and others are still up in the air. One issue is my apartment is on the second floor, and there is an apartment below me, and because this isn’t a condo or a house that I own I really wanted to avoid drilling through walls etc to get a network drop in the basement. What I’ve come up with is Powerline Networking, many years ago I briefly looked into this technology, though I can’t remember if there was a specific use-case, I heard many reports of bad throughput or issues connecting, but for my lab I decided to take a look at this option again and it appears that it has drastically improved. I’ve seen some kits that claim to support speeds of 1200Mpbs with electrical cable runs of up to 1000ft. 1200Mb is probably going to be more like 500 to 800Mb which suits me just fine.
The second Issue I’m working on is trying to figure out what the actual network topology will look like. The only part of this that I have decided on is to upgrade from my blue box router that I’m currently using to something with more muscle. Now I know you’re thinking why not build something like Pfsense. I used to have a PfSense router running on and old Lenovo x60 laptop which worked great, I even have a pair of Cisco ASA 5505 firewalls, a Fortinet 60c and a Zyxel USG50( lots of labing), the Reason why I don’t want to use any of those is as follows.

  • I intend to use Openvpn to allow remote access for myself which immediately means that I can’t use any of those firewalls because none support Openvpn ( maybe the USG50 does)
  • Not a big fan of the way the ASAs are managed, I use larger 5500 series Firewalls in my day job, while using CLI makes tons of sense in an enterprise I don’t want to have to ssh into my FW every time I need to make a change. There is a GUI for the ASA which is called ADSM which is a java based application that basically converts your GUI choices into CLI commands and executes them when you commit your change. I’m a Mac user most of the time and even when I’m windows Java apps are pain to run these days and honestly it’s not worth the amount of work needed to get this to run reliably.
    *I could use the Fortinet, I happen to love the ease of management of Fortigate Firewalls, this one even has wifi and a built in wifi controller. However it doesn’t support 802.11ac and Since almost all of my compute devices all support 802.11ac, it seems like it makes sense to get a device that supports AC.
    *The USG50 is an awesome little box, the main issue here is that it works based off of a license, and the default license supports a limited amount of devices for most of the security features and there is a limit on how many vpn connections you can have without having to fork over more money to Zyxel and more importantly last I checked this device is end of life.