Wiring Diagram? Never heard of ’em!

Hello all, I’m back again!

I’ve gotten questions about how my network is wired, and what I run on my servers. Well, ask no more!

Here is a wiring diagram of my (wired) network. Nothing too complicated, but the 10gb is definitely my favorite part. Dat 1GB/s transfer speed. I’m hoping to get a US-16-XG switch for my 10Gb network, so I can add 10Gb to my workstation.

Here’s a diagram of all the VMs I run. I still have a lot of room for growth, as I’m not maxing anything out yet (not even memory). A detailed explanation of what each VM does:

Hyperion:

  • 2012R2-Exchange – My primary email server. All my mail comes in and out of here, for my primary domain dfiel.com. A big use of this is separate email accounts for each of my services that require notifications, like FreeNAS. My biggest reason for self-hosting my email is I can catch all mail to my domain. Also, I have the resources, might as well. Outbound mail goes through Amazon SES, to avoid deliverability issues stemming from being on a residential IP.
  • 2012-SW-1/5 – VMs for the Google Screenwise project. Can’t say much here.
  • 2016-AD2 – Secondary Domain Controller. Only thing it does, separation of services is key.
  • 2016-RDP – My main Remote Desktop machine. I use it as a jump box when I’m outside the network, but also as a general workstation when I’m out of the house and using somebody else’s computer.
  • ELK-STACK – ELK logging stack, takes logs from various services, and allows me to search through them. I haven’t completely set this up yet, I probably will soon.
  • FCSPBX – PBX for my business phone. Uses a DID from Anveo, as well as their call termination services. I’ve had no issues with them thus far, great inbound and outbound rates, and quality customer service.
  • HaloCE – A Halo Combat Evolved server for me and my classmates. Stays off most of the time, as the school blocked it from being executed on machines. :/
  • IRC – IRC server. Stays mostly idle, haven’t used it in a while.
  • MineOS – Minecraft Server system, running the MineOS Server software. My brother and his friends are the primary users, but me and my friends occasionally find ourselves playing some modded servers.
  • Sandstorm – Only used as a Wiki for the lab. I’ll probably add more stuff as the need arises. It has its own domain so I can provision whatever services I want.
  • TESTPBX – A clone of FCSPBX that I use as a test server for changes. Never test in production!

Mnemosyne:

  • 2012R2-AD1 – Primary domain controller. Nothing special
  • DASH-MQTT – Running MQTT-Dasher, it sends a message to Home Assistant when any of the various Dash Buttons around the house are pressed.
  • DISCORDBOTS – Music and Text bots for discord servers. I have separate instances of bots for different servers, just for the music component.
  • EFA – My spam filter, running the Email Filter Appliance. Gives me a nice place to see all incoming mail and their spam levels, and I can manually approve messages marked as spam. The system also learns about your email as you go, to provide a better experience. All mail comes in here, then to 2012R2-EXCHANGE.
  • HomeAssistant – My main Home Assistant site. Controls lights around the house, since the manufacturer of the bulbs I received as a gift discontinued the cloud control portion of the product. I was able to successfully downgrade the gateway to an older firmware version, and use that to write a custom component for Home Assistant. A blog post on how to do that is coming soon, probably next week.
  • NGINX-WEB – My secondary Web Server and Reverse Proxy. The main is an instance of Caddy Web Server, which handles automatic SSL certificate deployment through Lets Encrypt. Nginx servers this site among others, and passes traffic to other VMs as needed (FreeNAS, Exchange, etc).
  • pfSense – My main Edge Router and Perimeter Firewall. Soon to be transitioned to a physical box (most likely a SFF Dell with an i5-2400). It routes between all the VLANs and out to the internet. No traffic filtering, DPI, or captive portal. Yet!
  • PROD-GITLAB – A GitLab server for a software project me and a friend of mine are starting. Nothing big yet, I may post about it in the future.
  • UBUNTU-MEDIA: Plex and Media Acquisition apps for the whole house and some family/friends. Based heavily on guides from HTPC Beginner. Dont want to get in trouble by listing the apps I run, I’m sure my ISP wouldn’t like to know.
  • UNIFI – The UniFi Controller for my switches and Access Points. I know it isn’t necessary to run it all the time, but its nice to be able to visualize all the data so it stays up.
  • Veeam – This is running the Veeam Backup and Replication suite. I use it to back up all the VMs, which are put on a different dataset on the NAS/SAN.

HOMENAS is a key piece of this puzzle, as it holds all the VM data, along with backups of all the machines in the house, photo uploads from our mobile devices, and anything else. This gets replicated to another identical system in a different part of the state, pinning my 50/50 connection’s upload almost all the time. Fun stuff.

 

Well, that’s my lab! If you have any questions, feel free to leave a comment here, or on reddit, if you have any questions. I’d be happy to answer them!

Until next week,

David Fiel

Pictures After Homelab Unifi-cation

Hello Again!

I somehow forgot to include pictures of after the upgrade to the new gear! Here are pictures of (almost) everything:

Here’s the UAP-AC-PRO, sitting on the wall behind a side table.

Here’s the desk switch and UAP-AC-M on my father’s desk.

Here’s my US-8 and my ITX workstation. A little dusty. I’ll have full specs in my lab writeup post (coming soon!).

Here are the US-48 and the US-24-250W. Lots of open ports for expansion.

A side view of the switch stack.

 

Not pictured is the 2nd UAP-AC-M, as its just sitting on the floor on the 2nd floor until I get around to setting it up.

UniFi-ing My Homelab

2 weeks ago, I decided to reorganize my homelab. It went from this unmanaged mess to this slightly more managed mess. And I was really happy with it. I posted it to reddit for feedback (and karma), and all was well in the universe.

Until the PM came in.

A Ubiquiti engineer, impressed with the lab I have at my age (I’m 16!), asked me why I was running an original UAP. Well, I never really had a reason to upgrade. Everything important is wired, WiFi was only for phones. But when he offered me some gear, of course I said yes. If you’re reading this, thanks Bjorn! A couple days later, I received this in the mail:

A US-48, a US-24-250W, 2 US-8, 1 UAP-AC-PRO, and 2 UAP-AC-M. More networking gear than I thought I’d ever own. (A US-48 was going to be on my Christmas wishlist, now I don’t know what to ask for!)

My first order of business was to shut down all my VMs except for pfSense. Everyone else had left for the day, so I didn’t have to hear the all too familiar cries of “Why is the Internet down”. I installed the 2 switches in my “rack”, taking out the old 3com and Monoprice switches. I saved my existing pfSense configuration, and then reset to factory defaults.  I set the default network as the management network MGMT (192.168.30.0/24), and created the following VLANs:

  • 5 – LAN – 192.168.1.0/24 – Wired end-user machines
  • 10 – LAB – 10.0.0.0/8 – Servers and VMs
  • 20 – MAINWIFI – 192.168.20.0/24 – Main WiFi Network
  • 21 – GUESTWIFI – 192.168.21.0/24 – Guest WiFi Network
  • 22 – IOT – 192.168.22.0/24 – IOT Wired and Wireless Network
  • 30 – Was supposed to be MGMT but I decided to make it the default network
  • 40 – SCREENWISE – 192.168.40.0/24 – Wired network for Google Screenwise
  • 50 – DFIEL – 192.168.50.0/24 – Network for my Testing Environment

The 2 US-8 switches went to me and my father’s desks, powered by PoE. One of the UAP-AC-M is connected to my father’s switch, powered by PoE passthrough. The UAP-AC-PRO replaced the UAP upstairs, and the other UAP-AC-M went on the 2nd floor. It’ll eventually get installed permanently in the attic, but I haven’t gotten it working yet.

 

I took this time to install the new UniFi Controller (5.6.22 at the time of this writing), and I absolutely loved it. The new design is much better than previous versions (I was running quite an old build, probably from when I installed the original UAP). My only ‘complaint’ is that it can’t pull even basic stats from pfSense. I’d like to be able to monitor latency and throughput all from one console, but I understand that pfSense isn’t a Ubiquiti product so it’s kind of a stretch.

Here’s what my LAN switch looks like. Lots of room for improvement. I’ve got a 4x 1GB LAG between the 2 switches, since I’m using the LAN switch for anything LAN as well as all PoE Devices. IOT1 is my lighting controller. AP1 is the UAP-AC-PRO.

And here’s the LAB switch. Ports labeled HYPER are for my 2 HyperV Hosts. OOBM is iLO and iDRAC for the HyperV hosts and my NAS/SAN. SCREEN1 is the uplink port to the screenwise router.

Here are the 2 US-8s. CLOSET is the uplink back to the server closet. DFIEL-MINI is my desktop, but its currently on port 7 for some testing. Port 6 on my switch is my brother’s computer on the LAN net. IOT1 is a 2nd lighting controller that I’m working on cracking open (look for this in a future blog post). MIGUEL-PC is my dad’s work computer, and the Airrave is a femtocell. AP is connected to one of the UAP-AC-M.

 

All in all, this unexpected network upgrade was much needed. Now maxing out the Internet connection doesn’t take down the HyperV connections to the NAS (which I still didn’t understand, as that was over 10gb DACs, but none the less its no longer an issue). The next thing to upgrade will be a physical router, probably a Dell SFF with an i5-2400, as that’s what I put at my father’s office (where I do all IT) and it handles the 200/200 connection beautifully.

 

Thank you for reading, and I’m hoping to be posting more in the future!

David Fiel

 

DISCLAIMER: I am not obligated by Ubiquiti to create this review. All opinions expressed in this post are of my own, and do not reflect those of Ubiquiti or anyone else. The equipment was free to me but this review was not sponsored  in any other way.