Page 1 of 1

If you could build the perfect home LAN...

Posted: Tue Jan 28, 2014 5:09 pm
by Hz so good
Like I said in previous posts, I'm gunning for my Cisco and VMWare certifications, and it got me thinking. In order to kill two birds with one stone, why not build a lab that also serves as the home LAN?
This wouldn't be easy in an apartment (unless your landlord doesn't mind you pulling cable thru the walls), but in a typical house environment, this could be really awesome.

I've been daydreaming about setting up Cisco and VMWare environment. Redundant vSphere Servers (Dual CPUs, as much RAM as it'll take, nVidia Titan GPUs, Multiple 1 GigE NICs, iSCSI controllers), with redundant SANs (with as many Terabytes I as I can cram in there), 1GigE ethernet everywhere (within the server closet, and walljacks in every room), Twin Catalyst 2960-Xs (48 1GigE ports, 2 10GigE trunk ports in PagP each, maybe HSRP on the L3 ports), one or two 802.11ac APs, Hopefully VSDL2 or FiOS, and at least 1 HTPC. The thought behind this is obviously practice for the exams, but also, let's say I get remarried again and we have kids. By using the VMWare environment, everybody's laptop or computer could be running their own private environment, I can centralize anti-virus and system updates, and with GPU sharing, several members of the household could be playing games, streaming movies, or even doing 3D modelling simultaneously. Everything would be backed up to the redundant SANs, so sharing music, movies, and games shouldn't be an issue, and everyone would be on their own private VLAN, thanks to the Cisco 1000V, so even if somebody got a virus, it would be contained to just their private VLAN.


What kind of LAN would you folks build, if money was no object?

Re: If you could build the perfect home LAN...

Posted: Tue Jan 28, 2014 5:34 pm
by Waco
I'd just keep it simple and run a 10GE network with fatter bonded links to my NAS. It's too bad 10GE is so expensive (relatively) versus GigE at this point. :(

Re: If you could build the perfect home LAN...

Posted: Tue Jan 28, 2014 5:57 pm
by Hz so good
Waco wrote:
I'd just keep it simple and run a 10GE network with fatter bonded links to my NAS. It's too bad 10GE is so expensive (relatively) versus GigE at this point. :(



Yeah, the cheapest I've seen is a Netgear 12 port unmanaged 10GigE switch for around $1K. You don't even wanna know what Cisco is charging! :)

Re: If you could build the perfect home LAN...

Posted: Tue Jan 28, 2014 6:15 pm
by JustAnEngineer
I'm satisfied enough with cheap GbE inside my home LAN. Spend your fantasy millions upgrading my external connection to those speeds. :D

Re: If you could build the perfect home LAN...

Posted: Tue Jan 28, 2014 7:31 pm
by Aphasia
To be honest, I would keep it pretty easy, albeit with tons of performance.
So all in all, kindof like I have right now but totally on steroids with 10 times the performance and all the extra bells and whistles. :P

Totally out of bound go bonkers setup
* A nice pure gigabit internet connection(not to hard around here for home use providing you live in the right district). We've been talking about pulling in fiber to the building and that would easily take care of it.
* A really nice firewall that does 10GigE for internal segregation. Including gig performance of spam/web/malware/av filtering. I work mainly with Checkpoint myself, so one really nice appliance would do just fine.
* An assortment of cool hardware just for kicks including Fireeye, Ironport, Bluecoat Proxy, Arbor Pravail, Tipping Point IDS/IPS, and F5 with a Juniper SA for remote acces. Why, because I could. And these are product we sell and I work on so, why not.
* A procera packetlogic.
* A fully developed 10GigE internal switching infrastructure with segreation for DMZ, Guest-Network and my Internal Lan. 10GigE in workstation and servers and a really nice NAS or perhaps even SAN to offload most of my storage needs to and not having to big local drives.
* A nice off-site backup solution.
* Controller based multi-ap 802.11ac solution.
* A badass nice VM cluster running a decent assortment of radius, logging, cacti, splunk, snort, backtrack, helix, etc or whatever else comes to mind I might that I would like to work on for the moment. Right now I run most of my lab on my work laptop, but 16GB memory only covers vmware with a FW-manager, a couple of clients and a fw-cluster comfortably.
* A big fat UPS
* All nicely doubled for HA, includering internet and my own AS.

Come to think of it, on the network side, the above could probably serve most enterprises with less then a 1000 employees pretty comfortably. Although they would need more servers most probably.


Here's my current setup for comparison. Decently simple, but fills my current needs.
My current setup is:
* A nice Juniper SSG firewall that takes 100mbit throughput of my 100/10 connection easily enough.
* Several GigE Switches internally with several Vlan's transporting internet, DMZ, Internal, Guest Networks for segration.
* A 802.11N network for iPad/Laptop/Phones.
* A 2012 server with 8x2TB Array that comfortably fills GigE network and lets me offload all photos, data, etc to fileshares and only to have installed software on local drives (160GB SSD and 1TB Velociraptor in the workstation).
* A QNAP NAS also running a 4x2TB array doing daily/weekly staggered automated mirroring of my fileserver, weekly of the workstation disk image full backups, etc.

Server runs as Fileserver, Hyper-V server with a webserver on it's own NIC/interface in the firewall, and lastly a DLNA serviio on the native that lets me pull just about any format to my home theater. And since I have a Oppo blu-ray it takes most formats, and my denon amplifier eats 24bit flac natively and also has spotify. If that isnt enough I have a home theater projector gaming comp in the living room for anything else.

Re: If you could build the perfect home LAN...

Posted: Tue Jan 28, 2014 8:06 pm
by Hz so good
Aphasia wrote:
Here's my current setup for comparison. Decently simple, but fills my current needs.
My current setup is:
* A nice Juniper SSG firewall that takes 100mbit throughput of my 100/10 connection easily enough.
* Several GigE Switches internally with several Vlan's transporting internet, DMZ, Internal, Guest Networks for segration.
* A 802.11N network for iPad/Laptop/Phones.
* A 2012 server with 8x2TB Array that comfortably fills GigE network and lets me offload all photos, data, etc to fileshares and only to have installed software on local drives (160GB SSD and 1TB Velociraptor in the workstation).
* A QNAP NAS also running a 4x2TB array doing daily/weekly staggered automated mirroring of my fileserver, weekly of the workstation disk image full backups, etc.

Server runs as Fileserver, Hyper-V server with a webserver on it's own NIC/interface in the firewall, and lastly a DLNA serviio on the native that lets me pull just about any format to my home theater. And since I have a Oppo blu-ray it takes most formats, and my denon amplifier eats 24bit flac natively and also has spotify. If that isnt enough I have a home theater projector gaming comp in the living room for anything else.



:o That's a nice setup!

Have you had good luck with Junipers? We used an SSG5 a few years back, at an old job of mine, and it had a bad habit of hard locking. It got bad enough that we ended up connecting an iBoot to it.

Re: If you could build the perfect home LAN...

Posted: Wed Jan 29, 2014 12:27 pm
by Prestige Worldwide
I really want to have a home with a nice wired LAN. Unfortunately I live in a condo and while I could likely still do this, I can't be arsed.

When I buy a house in a few years I will definitely wire up a LAN.

Re: If you could build the perfect home LAN...

Posted: Wed Jan 29, 2014 1:39 pm
by Scrotos
It's nice. In my new house, they used CAT5e for the network prewire AND for the phones. I use a cordless phone base station plugged in to the cable modem in the basement and extension cordless phones upstairs so I just converted all the "telephone" plugs into additional ethernet plugs, 2 per room. All the wiring goes to the basement under the stairs and instead of the typical splitter the stuff was plugged into, I popped a 24-port gigabit switch there. Cable modem right next to it, wireless router there too, good times.

I wish it were CAT6 but honestly I can get gigabit and I'm not going 10gb anytime soon so it's not a huge concern.

In my old apartments I ran some ethernet cables under the carpet along the edges to "wire" the rooms.

Re: If you could build the perfect home LAN...

Posted: Wed Jan 29, 2014 5:25 pm
by Aphasia
Hz so good wrote:
:o That's a nice setup!

Have you had good luck with Junipers? We used an SSG5 a few years back, at an old job of mine, and it had a bad habit of hard locking. It got bad enough that we ended up connecting an iBoot to it.

It works... :P
And yeah, the SSG series is pretty stable, although you might have hit on one of the weird things. I always read the release notes pretty carefully and there have been a few memory leaks and hard locks on specific traffic patters that have cropped up druing the 6.0.0-6.3.0 software that I know of. But with the stable releases they work fine. On my last job I was responsible for operations of about 6 larger 550 clusters and somewhere between 300-500 SSG5 depending on the current crop of building sites, hardlocking was never a problem for us.

It's actually an SSG5 I run at home. I would say it's stable enough considering I have 100Mbit internet downstream and regularly use it.

Software Version: 6.3.0r13.0, Type: Firewall+VPN
BOOT Loader Version: 1.3.2
Date 01/29/2014 23:21:24, Daylight Saving Time enabled
Up 9115 hours 6 minutes 16 seconds Since 15Jan2013:04:15:08

Re: If you could build the perfect home LAN...

Posted: Thu Jan 30, 2014 6:56 am
by Glorious
It's been my impression that juniper is more popular/prevalent in Europe. Is that true in your experience Aphasia?

would not be RJ45 based 10GbE thats for sure

Posted: Thu Jan 30, 2014 8:21 am
by Bauxite
You can build infiniband cheaper than a lot of 10GbE configs, and most cards do 10/40GbE as well.

Lightly used NICs and cables often very cheap on ebay, brand new switches discounted quite a bit.

Personal scores: dual port 40GbE-only $180, dual port FDR56/40GbE $250, 30m QSFP fiber cables $30. The switches are out of my price range and probably noise tolerance in current location but seen 36 port QDR IB <1k, brand new 36 port FDR $3~4k, not sure what the 40GbE license costs on it though. You don't have to go ethernet to get ip addresses with infiniband though, I just happened to do it that way.

For reference, intel X540 dual RJ45 10GbE are $400 firm.
X520 w/ fiber modules isn't very cheap either and SFP+ copper is short and same price range as QSFP copper.

I only have 3 peer to peer links at the moment, but even thats overkill.

Re: If you could build the perfect home LAN...

Posted: Thu Jan 30, 2014 9:06 am
by SuperSpy
JustAnEngineer wrote:
I'm satisfied enough with cheap GbE inside my home LAN. Spend your fantasy millions upgrading my external connection to those speeds. :D


If I can start pulling 100+ MBit from my internet connection then we can talk about upgrading my internal network. GBe in strategic places and 40MHz 801.11n everywhere else will do for now.

Re: If you could build the perfect home LAN...

Posted: Thu Jan 30, 2014 10:36 am
by zgirl
I have seen VMWare labs done with Mac Minis, but I would consider Intel NUCs with similar specs. You can get two of those for roughly the cost of a single mac Mini. I like the commodity hardware idea as apposed to a server. You can skip storage and use a mini 4GB flash drive to boot ESX from. A USB3 to Gig Ethernet adapter can be used for IO. I have not thought about KVM access yet but I am sure there are some ideas and solutions to be find for remote KVM if need be.

Network is up to you but I would at least have a Gig Switch with vlan capability to split off iSCSI traffic. Since storage for those would be on something like a Synology DS1813+ NAS or a QNAP VMware ready NAS. Conversely you could get a smaller Gig switch (4 or 8 ports?) for just your hosts and NAS and IO traffic. Leaving your larger switch for guest, network and normal data traffic.

I like this setup in a small cabinet or shelves. It runs much quieter and would draw less power than a server farm(I have done it that way before). All you would need is a UPS that can send shut down commands if an outage runs too long.

Just ideas I have been tossing around.

Where I got the idea from.

Re: If you could build the perfect home LAN...

Posted: Thu Jan 30, 2014 2:44 pm
by Aphasia
Glorious wrote:
It's been my impression that juniper is more popular/prevalent in Europe. Is that true in your experience Aphasia?

I've actually seen Juniper as mainly a US based brand, but that's just by feeling and not of any actual knowledge about market penetration overseas. So I cant really say if its more or less prevalent here then in the states compared to other brands. That said, it does fill certain nishes. Mainly for routing in cores, and then larger SSG(formerly netscreen screenos) installation for lan-2-lan vpn's and pure firewall installations. Thats mainly what we used em for and I know some other companies that use em in the same capacity. But then, depending on the market segment I've seen all sort of differnt setups with Juniper/Extreme/HP/3Com in a mig for core/distribution/access. All Cisco-shops tend to stay with cisco for the most part except for specialized application and firewalls where they dont use ASA, mainly anything not core/distribution/access/wlan.

Also, Junipers SSL VPN solution is highly thought of and while we dont sell any SSG or SRX on my current employer, we do have the SA. But then, we are a security focused company so networking right now is old sins for former clients that wanted me back and not a main focus.

Re: If you could build the perfect home LAN...

Posted: Fri Jan 31, 2014 2:33 am
by Hz so good
Aphasia wrote:
Hz so good wrote:
:o That's a nice setup!

Have you had good luck with Junipers? We used an SSG5 a few years back, at an old job of mine, and it had a bad habit of hard locking. It got bad enough that we ended up connecting an iBoot to it.

It works... :P
And yeah, the SSG series is pretty stable, although you might have hit on one of the weird things. I always read the release notes pretty carefully and there have been a few memory leaks and hard locks on specific traffic patters that have cropped up druing the 6.0.0-6.3.0 software that I know of. But with the stable releases they work fine. On my last job I was responsible for operations of about 6 larger 550 clusters and somewhere between 300-500 SSG5 depending on the current crop of building sites, hardlocking was never a problem for us.

It's actually an SSG5 I run at home. I would say it's stable enough considering I have 100Mbit internet downstream and regularly use it.

Software Version: 6.3.0r13.0, Type: Firewall+VPN
BOOT Loader Version: 1.3.2
Date 01/29/2014 23:21:24, Daylight Saving Time enabled
Up 9115 hours 6 minutes 16 seconds Since 15Jan2013:04:15:08


Pretty nice! I didn't administer the SSG5 (that was a coworker), we placed it in one of our racks, near the core Tasman DS3 routers( they sucked), so we could VPN to all the remote nodes we had, without worrying about AT&T MPLS config. Between a few of us, and the NOC using that VPN to look at all the radios, it wouldn't surprise me if we or CMS-NOC did something that would lock up the SSG.

I've got an O'reilly book I'm reading up on about the MX series right now. Seems pretty sweet, but I will argue that Adtran eats the Juniper E-Series lunch. Those options can't compare to TA5000/5006 or OPTI-6100.