Part 2
Part 3

Over the last couple of years, I have stumbled upon more and more useful tools, most open-source allowing me to take direct control over my network and be feature-rich, providing borderline enterprise usability. I’m going to try and separate out each one by technology type and go by that. Some may go a little in depth, others will be just a recommendation. Also, some will be super nerdy, and others will be turnkey.

I’m not a programmer by trade, so this is also somewhat of a guide of “anybody can do it” using some cleverness and basic server/network engineering knowhow.

Hypervisor

This one should surprise no one. It’s Proxmox, of course it’s Proxmox. It’s light, it’s fast, it’s packed full of damn near enterprise features and has a free (and great ) backup solution. Containers has changed the way I virtualize services. Everyone should get their Proxmox on at least once. If you want to read me going on and on about this software, then this is the read for you.

Compute

I have two different compute scenarios. One is my home server, and the other my lab server. For my home server there’s lots of options out there for NUCs, but I really wanted one that gave some real value, and ran as power efficient as possible while being small and upgradable. Since switching to Proxmox, hardware compatibility that plagued me with VMware is no longer an obstacle.

My minipc of choice was the Mini PC NAB6 from Minisforum.
For about $500 you get a Intel Core i7, 10 Cores, 16 threads, dual 2.5 network and 32GB of RAM upgradeable to 64G. This rips through anything I throw at it with ease. Newer models even have the Intel VPro that provides some CIMC style headless style management. It’s on 24/7 and idles at about 40 watts with all my VMs/containers running.

For my lab server, I use a DELL R620 from SaveMyServer on Ebay. This is the lab server I use for work, so all in all with the RAM increased to 192GB and six used 500GB SAS drives, this box cost me about 600 bucks.

I also bought a license key for the IDRAC for about $30 so it’s totally headless. I definitely do not keep this on 24/7. At idle it consumes about 140w and with the lab up and running it goes to about 300w. I use Home Assistant to help me automate the turn/up turn down of this server. I go into detail about that in this post. The R620 is a solid midrange workhorse. I found this Wiki article very useful when looking at older servers for this use case.

https://en.wikipedia.org/wiki/List_of_PowerEdge_servers

Network Storage

A lot of tech folks like to build their own network storage with open source software like unraid or Freenas, but I didn’t want to sacrifice the small form factor engineering and power savings that can come with a standard solution. Not every solution on my network has to be artisanal/farm to table solutions. Sometimes turnkey is just fine.

Personally, I’m a fan of Synology. The OS is solid, full featured, and can solve a number of use cases. I have three, a four bay for primary storage and two older two bays for cameras and cold backup. I used to have it be my DHCP,DNS, and database server before I virtualized those services with containers on Proxmox. Not the cheapest solution, but for me it was a turn key solution that fits perfectly.

Cameras

Nothing too fancy, I use Amcrest POE cameras, and Synology comes with the Surveillance Station software.

Switching, Wireless, and Firewall

For me, it’s either the switch of the company I’m working for at the time, or the older Cisco/Aruba POE switches that you can get off ebay for about 200 bucks. I really do want those enterprise features like vlans, L3 switching, etc. Netgear, or Ubiquity for switching is a hard no for me.

For wireless, it’s similar to the switching, with the exception that I will use Ubiquity for wireless. I can run the controller as a container which makes it very light to host. I currently have three Pros running and they work well provided you don’t color too far outside the lines. Seriously, beyond basic wireless this product is incredibly buggy. BUT it’s the best prosumer wireless solution that isn’t obscenely expensive at this time, and it does support features like vlan tagging, guest networks, etc. And as I do have multiple vlans it does support MDNS at a basic level. The controller web interface is easy to use and well though out.

For firewalls, I’ve had ASA, ASA with Firepower, Fortinet. I either found them lacking in some way or too expensive for their NGFW features. A lot of my colleagues like OPNSense which is fine I guess but lacked the NGFW features I was looking for. I had young adults in my house so I really wanted an easy to use content filter/SSL Inspection. Untangled (now Arista NGFW) filled that role for me. Intuitive to configure and full featured it does everything I need and with the home license it’s only $150 a year. I also love the built in wireguard support. Be warned the support for this is terrible though. Luckily I’ve had very few issues with it. The 60 second outage I incur every time I add a route is surely annoying though.

I also keep it completely virtual which helps me keep my equipment costs down. It’s wan port gets it’s own physical network adapter and vlan to ensure things are kept safe and separate. Maybe, when the kids are older I’ll go to OPNsense, we’ll see.

Lab Software

So for network lab software, there’s GNS3, EVE-NG and PNET. I’ve used all of them and was a fan of EVE-NG for years. Stagnation of the software, price increases, instability and often hostile support drove me into the arms of PNET which is the daily driver on my R620. It’s a fork of EVE, so the setup and use is nearly identical. The features that keep me there are the easy image commits from GUI, multiple remote options (you can have VNC and RDP at the same time for example), live edit of nodes, static telnet ports, etc. I keep mine in offline mode, since I have no interest in their “lab downloads”. It’s also free.

For routers in the environment I use VYOS exclusively. It’s free and you can build the latest stable LTS from source. For L2, I use the new (in beta) smart switch network node that provides basic L2 segmentation. EVE-NG has this feature in GA. As it’s OS level the performance allows me to build real networks than I can do almost anything on.

I no longer use any Cisco or Arista QEMU solutions because the performance is terrible, the usage very resource heavy, and secured traffic tends to get mangled as it makes its way through the fabric. In fairness these images are really simulations and not meant for any kind of real throughput. They can be excellent for a specific use case, whereas mine is more general. If you’re trying to learn VXLAN/EVPN there’s no better free QEMU OS right now than Arista’s. For SDWAN though, routing and basic switching is all I need to build a complex network I can demo almost any kind of traffic on.

There’s IOU which runs on the OS level and performs well but there’s too much gray area in the legality of those images so I haven’t used them in a long time.

That’s it for now. In part two I’ll cover Home Automation which is a part all in its own and then in part 3 we’ll cover the software I use on the Proxmox server that comprises my home environment.

Until next time.