So what does an ICT engineers home lab look like? I cannot speak for most in my field but my home lab is quiet extensive, comprising Mikrotik, Cisco, Azure, Linux and Windows. So here is a breakdown.
So the above is a basic diagram of my home network layout. I have 3 parts to my network but on prem is only 2 parts. I have a 500/500Mbps Fibre link which is still being commissioned and I really cannot wait for its completion. At the moment I also have 2 LTE connections. One being Cell C and the other being Telkom. I switch services two and fro between these two LTE networks depending on current network contention and speeds.
My primary Router at the moment is the Mikrotik HEXS. Why this router in specific? Well I used to run the Cisco 891F as my primary however found some limitations with throughput WAN to LAN so switched to the HEX S. My reason for choosing this router even over the 2011 will soon become apparent.
hEX S 5x Gigabit Ethernet, SFP, Dual Core 880MHz CPU, 256MB RAM, USB, microSD, RouterOS L4, IPsec hardware encryption support and The Dude server package
RB2011iL-RM 1U rackmount, 5xEthernet, 5xGigabit Ethernet, PoE out on port 10, 600MHz CPU, 64MB RAM, RouterOS L4
Now there are other 2011 models which are better but not one single RB2011 is as powerful as the Hex S. In fact bang for Buck the Hex S is an amazingly powerful router.
Now my config on this router has even been done to accommodate this routers quirks as below:
In the above block diagram you will note how the external ports are trunked. What I have done is simply to put my 3 WANS on 1,3 and 5 and my 2 LAN’s on 2 and 4. This is done to maximize the performance of this little beast. Now I know and understand that a 3011 or 4011 will destroy this little device on throughput but right now for less than R1200 I am performing amazingly well with zero network issues.
Anyway went off topic a little there so back on track. From the Hex S I have 2 LAN’s in play. My home Network (Pretty much all wireless) is trunked out from Eth2 on the 192.168.5.0/24 network. This lan is connected the the RB951G which has all 5 ports bridged and runs no firewalling or any such services. Its basically a mini switch for my home LAN.
The wireless runs off this device and is turned down to about 30% power which is more than sufficient for my home needs. I also have a home VOip phone connected to the RB951G and this is used primarily for my wife’s home business. The DSTV Explorer also connects into this device.
Then on the other side of the table, I have the 192.168.3.0/24 network running off Port 4 on the Hex S. This then connects to the Cisco 891F. The firewall again on this device is disabled and its basically a powerful switch to my LAB.
DHCP and routing is all done on the Hex S Router.
I then have several test phones and PBX hardware which I play with. This network is also connected via a L2TP tunnel to a public IP of my Firewall sitting at Hetzner’s datacentre.
In Hetzner I have a PF Sense firewall sitting on one of my live public IPS. I then have an internal private LAN running on the KVM host which hosts this Firewall. So basically I have a dedicated server running a firewall with an L2TP tunnel between this Lab Network and my own internal LAN on my dedicated server. I then use KVM virtualization and run a Cloud PBX (Has both an on LAN and Public IP) as well as a few other servers running on the private LAN portion on the host. Through this VPN tunnel I have phones registering on my own SBC, also hosted in a KVM on my main server.
The SBC is publicly accessible and sits between my FreePBX server and the open internet. I can access the PBX directly from my L2TP tunnel however.
I will talk more about this server and what I do with it at a later stage but for now this is my lab and experimentation zone.
A few planned changes to my infrastructure will be coming soon and I hope you keep reading onto episode 2 of my Home Lab. 🙂
If you need any advise or have any questions please feel free to comment or mail me.
Cheers for now.