Accidental Homelab - July 25, 2021 - Splitting my network

It has been a weird week in the accidental lab. I received a few gentle reminders from friends and family that I should stop breaking the internet for everyone.

So, I decided to rearrange my very Adhoc network into two separate networks; production-the entire house network and lab-my office and workshop. This division appears to be pretty much a best practice for home labs and networks everywhere. Although, it did take me a while to realize that the additional work would be worth the stability.

Since I currently use an Unifi gateway as my router, I chose to set up lan1 as the production side and lan2 as the lab side. Everything in lan1 is in the range 192.168.1.x, and everything in lan2 is in the range 192.168.2.x. I currently allow all traffic to pass back and forth between the two lans. A future improvement might be to create firewalls rules to improve the separation.

Overall, it seems to be going pretty well. The only quirk that I have come across is file transfers between the lans are very slow. My primary NAS, the 918+, is on the production lan, and it still provides data to my office lan. I hypothesize that the low speed happens because data must physically pass through the router, which is slow, rather than pass through a switch. I’ll have to look into Vlan to see if that solves the problem. It is a pretty big job, but it seems like it will help with scaling and reliability.

I’ll post a diagram once I get draw.io figured out. Draw.io is easy to get started, but it is a bit fiddly to get things to look nice.

As part of the hardware rearranging, I decided to create a 2.0 version of my ansible configuration — just a slow, steady cleanup of the playbooks and roles.

My final update is a new router! After hemming and hawing for the last couple of months, I decided to try a Protectli FW4B router running openSense. After a couple of months, I will probably convert it over to pfSense. I don’t understand the differences between the two products. They seem similar. Both are based on monowall.

Ideally, I will start by putting the router between my production lan and my lab lan while figuring it out. Then as I become confident that I will not cause too many outages, I will replace the Unifi router with the Protectli one.

Starting Balance $ 35
router -$304
Ending Balance -$269

I started to go down the Unifi route, but the low speed and limitation of the USG stopped me. I ended up buying an EdgeRouter-4 to replace some of the duties that USG and I bought an Intel NUC with 4 Intel Gb NICs and installed OPNsense to handle all of the firewall duties. I use the ER-4 for routing, VLANs, DHCP, and Netflow reporting.

You don’t necessarily need to split firewalling and routing between two devices like I did. I was aiming more for a configuration one might see in a large corporate network. This provides an opportunity for me to learn more about routing and network automation with Python. I will eventually script most/all of my network configuration. I may even try to use Ansible for network automation.

Network segmentation will not only provide better stability for your use case, it’s also a great way to provide security within your network (once you start blocking traffic that does not need to traverse both networks). This is only the beginning. As you learn more you may decide to create a VLAN specifically for IoT devices so that they can talk to the internet and nothing else. That is the beauty of VLANs, their easy to create and control network traffic.

Good luck with your lab.

I have got to be careful. I started this journey just because I want to figure out how to save some time setting up and configuring single board computers. A little googling brought me the geerlingguy and learnlinuxtv ansible stuff. Now, I am addicted.

I don’t want to dis on the Unifi gear too much… It really filled a need in my home network for several years. I just worked in a bog-standard home network. However, as I grow past Unifi’s use case it becomes rather frustrating.

I do need to blame myself somewhat. I bought a wifi6 AP which required updating to the latest controller software. The more stable release might be less frustrating than the latest general availability release.

VLAN and firewall rules look rather addicting. It would seem the sort of thing where my OCD kicks in and I end up tweaking forever to get things just perfect (

Kudos to @jay for the channel. It is just my speed. I usually watch/listen in a small window while googling the topics you are talking about. Great pace introducing new topics.

You and me both.

I think I have 8 RPi-4’s now.

I least I can claim that most of my home lab is geared towards helping me learn Linux or helping me build stronger skills for work. At least that’s my story and I’m sticking to it.

Wish I had 8 RPI-4’s, that would make a nice K3S / K8S cluster for sure !

I think I’ll have to put that in my Homelab budget as it’s definitely one of the most economical ways to go for that type of workload.

What are all the RPIs for?

One of the goals with my NUC has been to consolidate my old RPIs running pi-hole, octoprint, and some DIY home automation gadgetry.

I don’t know what @Mr_McBride is using them for, but this is what I want them for:

We have our pi-hole doing our local DNS and DHCP, too, so we actually want to move it from a VM on our main NAS to its own RPI 4B so it can be independent of whatever else we are doing. Especially before we start upgrading NASes to DSM 7 in awhile.

Just a note, if you do want to speed up your network traffic with vlans, you will require a layer 3 network switch. A layer 3 switch can have routing rules applied so you don’t have to send all traffic between networks to your router. If you’ve never dabbled in vlans at all, you will need at least a managed layer 2 switch but then all your traffic between networks will still be going through your router. If you’re using a basic unmanaged switch, vlans are not possible to separate and can break the data link depending on your switch(ask me how I know). So if vlans are your goal just keep in mind that a switch might need to be added to your budget also.

That being said your file transfers should only be slowed down by how much other network traffic there is, assuming you have a gigabit switch. So maybe it would be more wallet friendly to schedule large file transfers during low usage hours and give you another skill to learn.

What @KI7MT said.

I started with 2 to bring up a K3S cluster so that I could learn Kubernetes. Then I added an additional node to serve as an NFS server to provide storage for the cluster. Then I made a list of all of the apps I wanted to put into the cluster. This caused me to expand the cluster to 3 worker nodes. So, that’s 4 RPi for the cluster and another one to manage storage.

I’m at the beginning stages of learning Kubernetes and configuration storage is my next task.

Then I decided to buy another RPi-4 to test as a full desktop, just to play around with.

Then I bought a couple of spares, one is reserved in case the RPi-3b that is currently running pi-hole dies. And the other spare is for whatever project comes up next.

I’ll also add that a switch, or router, that supports hardware off-loading can also make a big difference in speed as well.

Plus, RPis are just plain fun!

Thanks for all the networking suggestions. I have Unifi level 2 switches. So, I’ll look into how that works. But for now, I am going to bookmark this thread before I head off on another interesting tangent!

My interest lies in robotics with a recent delve into machine learning… I will have to live vicariously through you guys with the Kubernetes cluster projects while I imagining a world where three different Kubernetes nodes are arguing about the best solution to the trolley problem. Trolley problem - Wikipedia

Now ya went and done it. Homelabs are great for spinning up Spark Clusters to run ML workloads. And to do that, one obviously need lots of compute toys, fast networks, and well, we could go on for a good while with this one

Something tells me your journey has many paths to traverse in the not to distant future