Tag: network

7 Homelab Ideas | Why You Should Have A Homelab

Why You Should Have a Homelab

In 1998 my friend gave me a RedHat Linux CD.  I spent hours each day experimenting with Linux–I loved it.  2 years later I’m in a room with 30 other students at a University applying for the same computer lab assistant job–I’m thinking my chances are grim.  Part way through the mass interview a man walks to the front of the room and asks if anyone has ever used Linux.  I raise my hand–I’m the only one.  He takes me out of the interview for the lab assistant job, introduces me to the department director.  They took me out to lunch.  By the end of the day I had my first job as a Systems Administrator.

Learn things on your own and it will broaden your opportunities.

One of the best ways to learn about systems, applications, and technology is starting a homelab.  A Homelab can give you an enjoyable, low stress, practical way to learn technology.  A homelab will also help you find out the technical areas in which you are interested.  It’s also practical in that you can use it to service your own home.

Here’s 7 Ideas for Your Homelab

1. Router /  Firewall

Ubiquiti EdgeRouter X

The most essential piece of equipment will be your router.  I started out with consumer routers that I’d flash to DD-WRT / Tomato but now I use a virtual pfSense router.  Routers are great to learn about DHCP, DNS, VPN, Firewalls, etc.  I discourage using the router provided by your ISP, they’re usually not very capable and often not secure.  In most cases you can buy a DSL or Cable modem instead of the ISP provided modem combined with the router.  One inexpensive physical router I’d recommend is the Ubiquiti EdgeRouter X.   Ubiquiti provides free software updates (their model is you buy the hardware and the software is free), and you’ll get a handful of advanced features–it’s a very capable router and much better than a typical consumer router–to step up from Ubiquiti you’d be going to pfSense, Juniper or Cisco.

2. Storage

Supermicro StorageThe main reason I started my homelab was storage.  I was taking a lot of family pictures and videos and wanted to save them.  I know there are cloud services, but at the time they were expensive, and then you’re sort of trusting that provider to not delete all your photos or get bought out by a larger company and shutdown.

Then I started using VMware.  I needed faster storage with more IOPS.  One of the best Homelab storage solutions is ZFS.  ZFS takes the best of filesystems, and the best of RAID, and combines them into a software defined storage solution that I’ve not seen any hardware technology able to match.  Two popular free ZFS appliances I like are Napp-It (based on OmniOS) and FreeNAS.  OmniOS is a fork of OpenSolaris and is very robust and has tight integration with ZFS.

FreeNAS LogoI’m currently using FreeNAS which is the free open source version of iX System’s TrueNAS which is used by organizations of all sizes–from small businesses with a few TB of storage to large government agencies with PBs of storage.  FreeNAS has done a great job at technology convergence.  It is both a NAS and a SAN allowing you to try both approaches to storage (I prefer NAS because it takes better advantage of ZFS, but many prefer using SAN and there are benefits and drawbacks to both), it also has many built-in storage protocols:  FTP,  iSCSI, NFS, Rsync server, S3 emulator, SMB (Windows file server), TFTP, WebDav, it can join AD, it can even be an AD DC  (if you like living on the edge) it has a built-in hypervisor (bhyve) to run VMs for whatever you want.  This is now marketed as hyper-converged storage.  All of it is completely free.  You can build your own FreeNAS server like I did, or get started with a FreeNAS Mini from iX Systems.

A few years after I learned ZFS for home, my employer was looking for a new storage solution so having this knowledge and experience was helpful.  I was able to determine one vendor with a traditional RAID solution didn’t handle the RAID-5 write-hole problem properly.

3. Virtualization

VMwareVirtualization allows you to run multiple virtual servers on the same piece of hardware.  VMware is king in the small to mid-size business hypervisor market, and VMware offers their hypervisor for free.  The free version is just like the paid versions except you won’t be able to use some features (most involving high availability and fail-over with multiple servers).  But you can learn most of the concepts and features of VMware.  I’ve tried to use a number of hypervisors but I always come back to VMware.  I consider VMware my basic infrastructure.  From there you can learn about other things like networking, storage, and play with any OS or Linux distribution you want to.

Knowing VMware was hugely beneficial, I’ve implemented it for several businesses, and one of my previous employers.  And knowing how it works means I can discuss the VMware stack intelligently with the ops team.

See my FreeNAS on VMware Guide if you’re interested in running a virtual FreeNAS server inside VMware.

4. Networking

A Homelab without decent networking won’t get you far.  Fortunately if you use VMware you can leverage it to use virtual network switches.  For physical switches I really like the Unifi products.  They are simple enough for non-network engineers like me.  Everything can be configured using the GUI.  Unifi exposes you to managed switches, central management (with the Unifi controller), VLANs, and PoE (Power over Ethernet), port trunking, port mirroring, redundant paths with spanning tree, etc.

Unifi 8 Port SwitchI started with this little UniFi 8-port switch (4 are PoE ports).  I also added a UniFi 24-port switch so I could learn how to do setup a LAG and configuring VLANs across multiple switches (which was really simple using the Unifi interface).  I also like Unifi’s philosophy–they sell you the hardware but the software is free–which means you don’t pay for maintenance or support but continue to get free updates.  In a homelab you may not need to go crazy on VLANs, but separating your main network from your IoT devices may be prudent.

Learning how to setup VLAN tagging, and link aggregation and understanding how networking works helps me communicate better with the network engineers when discussing design and deployment options–they may be working on Juniper or Cisco equipment but I know the concepts of what they’re doing.

5. Wireless APs

Having a robust wireless setup is also a necessity for a homelab.  If you have a large house you get to setup multiple APs and make sure they can handoff connections.  If I was buying today I’d get a UniFi nanoHD AP.  I use an older model, the Unifi UAP AC Pro (I just have one because that’s all I need to cover my house, but if you can find an excuse to have 2 or more I’d recommend it since you can practice rolling updates without downtime, wireless handoff, etc.).  These are managed by the same Unifi controller as the switches.  I first gave them a try because I read Linus Trovalds uses Unifi APs, and they seem to be highly rated by tech professionals–and now I don’t think I’d go back to anything else.

I have written more about Unifi Equipment here.

6. Network Monitoring

Icinga

It is hard to maintain a reliable network and application stack without monitoring for failures.  There are hundreds of network monitoring solutions and it really depends on your needs.  The most widely deployed solution is Nagios.  I have had that on my Homelab, but lately I’ve been using Icinga because it’s simple and it integrates into Ansible.

7. Infrastructure Automation

Automating your infrastructure may not make as much sense in a small Homelab, but it does make sense to automate any task you do repetitively or a manual task that could be automated.  For me, this was  installing updates, deploying servers and renewing SSL certificates with Let’s Encrypt.  To manage this I use Ansible which is one of the most well thought out infrastructure automation tools I’ve seen.  Ansible can manage Linux and Windows servers.  Learning infrastructure automation, especially if you do it using version control and CI/CD tools like Azure DevOps (you can get a free account for up to 5 users with unlimited private repositories) is a great thing to learn for your career if you’re interested in the DevOps world.   The book, Ansible for DevOps by Jeff Geerling helped me get started.  I suggest getting the eBook since he has been known to provide updates to the book (not sure if he will continue to provide updates, but just in case).

At work we completely automated the deployment of Linux servers using Ansible–infrastructure as code.  It took a month of investment but it paid off big time with developers now being able to deploy VMware VMs at will with Ansible by making a Git Pull Request, our entire fleet of servers is updated automatically, and our server and configurations are all consistent.  This replaced an old process of waiting several weeks for a VM to be provisioned and configured by hand.

Bonus homelab application server ideas…

  1. Minecraft Server — popular Java game–it’s like playing with Legos and a great way to get your friends together for some casual games.
  2. Mumble Server – one of the best voice protocols for in-game communication.
  3. Emby Media Server — Anyone that has kids realizes those flimsy blu-ray drives aren’t going to last long.  It’s great to store and host movies, home videos, pictures, and audio.
  4. Asterix PBX Server – VoIP Phone server (use Twilio or Flowroute for SIP trunking).  Polycom makes great VoIP phones.  With Twilio SIP Trunking you can have a real landline phone number with E911 capability for a few dollars a month–and if you get multiple phones you can use it as an intercom system.
  5. Web Server (maybe start a blog) — I hosted this blog from a server in my house for years–until my ISP couldn’t handle the bandwidth.  Now days you can also use a service like CloudFlare to act as a CDN which really reduces your bandwidth usage.  Hosting your own blog is a great learning experience and gives you a place to log your homelab experiments, and share solutions to problems.
  6. Automatic Ripping Machine — Get all your Blu-Rays, DVDs, and CDs loaded onto your Emby server
  7. Backup server — I use a CrashPlan Business subscription to backup my FreeNAS server to the cloud (one of the main reasons I use a NAS as this would be less efficient with a SAN).  BackBlaze B2 is another great option to backup FreeNAS.

There are many more areas than I listed, but I think the above is a good baseline to get started.  Pick one area at a time–my homelab was built over many years–often the case is I will improve an area after a piece of equipment fails or I need to replace it for some other reason–that’s a great time to do research.  If you aren’t sure where to start, pick the area that you enjoy the most.  For areas you have no interest the best thing to do is something else–you’re probably not going to be great at something you don’t enjoy.   Certainly a homelab isn’t going to be a substitute for real-work experience.  But it does provide an environment to learn, experiment and enhance your abilities–and the great thing is since it’s your own lab you can learn things that interest you.

I think that’s the largest benefit of a homelab.  To me it’s a playground.  It’s a place put the love of learning into practice.  It’s a place of freedom.  Nobody else is dictating what you do here.  It’s a place to have fun while enhancing your skill.

Do you see a man skillful in his work?
He will stand before kings;
he will not stand before obscure men.     – Proverbs 22:29 ESV

pfSense Firewall HA Failover Cluster

Last night, I was attending a LAN party remotely and between games I noticed my pfSense router needed to be updated but of course an update brings down my internet for 30 seconds while it reboots which I didn’t want to do–and then I thought, I should really cluster this.  I found a straight-forward pfSense HA (Hardware/Device Failover) Configuration using CARP guide written by Michael Holloway and after following it ended up with something like this:

pfSense HA Diagram

I run pfSense under VMware (which I do not recommend unless you know what you are doing–if you do know what you are doing be sure to enable promiscuous mode on the VM switches  [which if you didn’t know perhaps you shouldn’t do this–you can end up getting into a circular dependency situation so just be sure you have an alternate way to get into VMware to troubleshoot pfSense in case it dies for some reason–there are several ways to do this: you can setup a backup VMkernel port with management enabled on a vSwitch connected to another physical adapter, or set VMware’s management interface to a static IP and set workstation to another static IP on that subnet.]) so networking hardware is free, so I deployed a second pfSense VM more or less identical to the master–I don’t run pfSense on my ZFS storage because I want my networking to come up before storage, but I did put each pfSense server on a separate hard drive.

Essentially I setup a sync interface (10.99.0.1 and .2)  where the pfsense-master syncs everything in real-time to the pfsense-slave.  My “WAN Gateway” is a CradlePoint router.  The pfsense-master WAN IP is 10.1.0.11, and the pfsense-slave WAN IP is 10.1.0.12, and then I setup a WAN-CARP virtual IP of 10.1.0.10 which is where all the WAN traffic goes out on, the master assumes the 10.1.0.10 WAN-CARP.  If the master goes down then the slave will take it over and the CradlePoint router is none-the-wiser.  Pretty much the same thing for the LAN and DMZ, the CARP virtual IP is 10.2.0.1 and 10.3.0.1 respectively, if the master goes down the slave assumes the IPs.

pfSense actually syncs the connection states.  I established an ssh connection to a remote server, hard powered off the master and didn’t lose the connection!  I was also pinging a remote host and didn’t drop a single packet.  This is good, now I can upgrade each pfsense router independently with no downtime.  If the pfsense master goes down, or somehow gets disconnected from the WAN or LAN the pfsense slave will assume the virtual IPs.  I’ve tested powering off the master, disconnecting the WAN port, disconnecting the LAN port, etc.  As long as the 10.99.0.1->10.99.0.2 link stays up the salve will assume the role of the master during those scenarios, and as soon as the real master recovers it re-assumes the role of master.