Building out the networking side of my home lab has been the most challenging part of my home lab. I’ll be the first to confess – I’m not a networking guy – at least, that’s not a primary focus for me. I rely on my network folks at work – but I understand enough to handle networking in vSphere, but when it comes to routing and things like OSPF and Spanning Tree, I let the professionals handle it.
I’ve written several times about the hardware and plans for my home lab systems. But, to mock up the enterprise environments that I’d like to in my lab, I needed a more powerful router – something capable of carrying multiple VLANs and routing for each. I have always relied on an integrated router with WiFi for my home, but this just wasn’t getting the job done. Last week, I wrote about upgrading my WiFi and this week, the router is in the cross-hairs.
The primary goals I had in my network were:
- A dedicated home network for my wife, kids and TV’s to connect to Internet
- Separate set of VLANs to mock up production vSphere environments
- Separate video network for multicast traffic from an HD HomeRun to my MacPro with EyeTV
- The MacPro needs to be on my primary, home network but also must route to the other VLANs to manage vSphere, VMs, and the HDHomeRun.
There are some software solutions that would help me like VyOS, the open source distribution of Vyatta which is owned by Brocade. I looked at VyOS a couple times, but I disliked this method because everything would still come back to my primary home network. I wanted a cleaner solution – so I looked at hardware. There are several flash-able, hardware routers and I looked at several running DD-WRT or Tomato. I was very close to purchasing one of these solutions when a coworker suggest I look at an Ubiquiti’s EdgeRouter Lite.
The Ubiquiti EdgeRouter Lite is an under-$100 hardware router running a flavor of Vyatta. If offers 3 ports on the Lite model with your choice of more ports if you needed them on higher models. There is also a Power Over Ethernet variant of the Lite model. The device is router only – no WiFi or other converged functions. The router is rated at 1 million packets per second, but not being a network nerd, that only sounds impressive to me – not sure how that stacks up versus the competition. It is certainly better than my Apple AirPort Extreme.
With this hardware router, I can have a dedicated port for my primary home network and one for home lab systems, with multiple VLANs, multiple DHCP zones and keep everything separate. It also means I had a host of other things capable from command line on the small, hardware box.
This wasn’t my first Ubiquiti network purchase. I had recently purchased a Ubiquiti UniFi AC wireless access point, which I wrote about last week. What I have discovered is that Ubiquiti makes good quality hardware, with enterprise-like features at a home cost. So, let me recap how this hardware hit my list of must-haves.
Step 1 – Dedicated Home Network
Out of the box, the EdgeRouter Lite comes with DHCP enabled on port 0 so you plug in the router, plug in a computer and go to the web interface on 192.168.1.1. You login with the generic ubnt/ubnt password combination and off you go. There is a wizard that allows for quick configuration of 2 LAN and 1 WAN ports – I used it to setup the EdgeRouter Lite as I intended to use it. Ports 0 and 2 became LAN ports and port 1 became my WAN port. Plug in my internet to port 1 and then uplink the EdgeRouter from port 0 to my network switch and my primary network was back online. This hit the first point on my list – a dedicated primary home network that is a no tinkering zone.
Step 1a – OpenVPN from EdgeRouter
Not long after getting my EdgeRouter, I began having some issues getting to Hulu. I was able to leverage Vyatta to setup an OpenVPN tunnel for my Apple TV only, thanks to instructions from Larry Land, to get around some sort of routing or blocking issue. Another great feather in the EdgeRouter’s cap. This configuration required some command-line action, but it was simple to configure and get running.
This exercise also taught me a bit about special routing tables and utilizing the Vyatta firewall features to redirect a single IP on my network to a specific set of routes or location. It was a bit of a crash course for me. But I can appreciate the flexibility that Vyatta brings under the covers of this device.
Step 2 – Separate VLANs for Home Lab
Next came setting up the separate VLANs for the home lab. That was a piece of cake. Within the EdgeRouter Lite’s web interface, you can add a VLAN interface onto a port with the click of button. Within 5 minutes, I had all 5 of my VLANs that I wanted for the home lab created on port 2 of the EdgeRouter. The add interface allows you to set an IP for the EdgeRouter on the new VLAN while defining it. After adding the VLAN, you have to create a DHCP scope within Services for each of the VLANs.
Step 3 – Separate Video Multicast from the Primary Network
While the EdgeRouter allows me to create a dedicated VLAN for video to keep multicast off of my primary network, I finally had a different light-bulb moment. I decided instead to direct wired my HD Homerun into the Mac Pro where I run EyeTV. The one problem that I ran into was getting an address for the HD HomeRun. I hard coded an IP on a different subnet on the secondary NIC of Mac Pro and then added DHCP on the Mac for that NIC only to hand out an address to the HD HomeRun.
This is a router, after all, so static and dynamic routes along with a host of network routing protocols are included – like OSPF, RIP and BGP.
Under Services section in the web configuration tool, you will find both DHCP and DNS forwarding. The DNS forwarding allows the router to serve as a local DNS server and then forward out those requests to specified servers. This is particularly great for what I want to do, where one VLAN may need to point back to my internal DNS server for the management and VM VLANs while others need to point to Google’s DNS or my ISP.
The built-in web interface allows for a lot of configuration without ever needing to go to the command line, but both methods are possible. The built-in firewall allows for different rules to be built based on groups or individual systems behind the router.
The EdgeRouter Lite also has Quality of Service (QoS) settings so I hope to be able to prioritize traffic from my AT&T MicroCell to have highest priority in the network, though I have not set this up yet. I will need to put in some research and see how to do that.
You may setup Dynamic DNS directly from the GUI of the EdgeRouter, assisting in resolution back to your network from remote locations.
Vyatta also allows you to setup VPN server on the device for remote access. I wrote about using the EdgeRouter Lite as a site-to-site VPN for OpenVPN, but it can also become a VPN server to allow you remote access back to your network. Rackspace has a great guide to setting this up in Vyatta. There are lots of other options within the VPN space – including having the EdgeRouter become its own OpenVPN server.
I couldn’t be happier with the outcome and decision to purchase this router. The Ubiquiti EdgeRouter Lite is small and fits nicely into my structured wiring box. It is fast and capable and has kept up with everything I have needed. It has provided additional capabilities that may have been more difficult with other flash router solutions. It is quiet and it was also fairly inexpensive.