• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Router/Firewall as a VM.

sourceninja

sourceninja

Diamond Member
I recently bought a used DL380 Gen 6 server for used as a home lab. The server has ok specs (96G ram, 8x300G 10k SATA drives, 2x X5660 processors, 8 GigE nics) and will be running VMWare Vsphere enterprise (I get free licensing though my work).

I'm planning on putting my plex server on there (but the storage on the NAS) as well as a few small servers related to my side dev work. I may also get talked into running a minecraft server for 2-3 friends.

I explain all this because I realized that I'm going to need to redesign the networking piece of my setup to accommodate this hardware. Currently I have a RT-N66 and all devices except my NAS, TV, and Plex server connect via wirelessly. My house doesn't get complete coverage with the RT-N66 so there are spots that suck. Moving the router to the basement will probably hurt the signal strenght even more.

My plan is to move the internet connection to the basement with the NAS and place this all in an old rack I have. I can then connect the TV wirelessly (roku). I know I'm going to need a bigger switch to handle the 10 ethernet connections so I figured I might as well look at options for a new router. So my plan is this:

Run the firewall/router as a VM. This could be pfsense or monowall, or vyatta. It would have a dedicated vswitch on a dedicated physical nic for wan. Two more ports would be used for a vswitch that provides LAN traffic. 2 more ports would be dedicated for NAS traffic. The RT-N66 would become an access point only and I could wire it up somewhere centrally in the basement to provide service to the upper two floors. If need be I could get another cheap access point device and drop some cable for the upstairs.

The LAN, management, and NAS traffic would all be ran though a switch yet to be purchased.

Thoughts? Is this just too silly? Should I just run a drop to the basement from the room with the modem today and keep the RT-N66 as my firewall/router? I have a finished ceiling in the basement so running cable is a big PITA.
 
I'm currently running Vyatta as a VM in the configuration you are asking about and have run pfsense on a dedicated box in the past. I would lean towards pFsense as there is a bigger user-base and I believe Vyatta Core (which is free) is no longer being developed.

If you are going to be getting a really big internet pipe you might just want to get some used enterprise gear on ebay and be done with it. For a more modest connection such as my DSL service I have good throughput through the vyatta vm, about 45mbps down and 17 up.

As a side note, I only run Vyatta because its compatible with Hyper-V synthetic Nics and pFsense is not (at least without a lot of work). Running VMware you won't be constrained in that way.

The only concern I have is having my hypervisor (Somewhat) directly connected to the internet, but its not a big enough concern for me to not do it at home.
 
An update:

After a talk with my wife (who is also in the industry) we both came to the "really obvious" question of "What happens if we break the vmware server and need the internet to fix the server...".

The idea of having to take a laptop down to the basement to hook into the cable modem wasn't appealing. So after some discussion we decided to "professionalize" the network as much as was reasonable.

So after a bunch of talking with my co-workers, wife, and others we decide do go with the following.

1) We bought a Dell 5324 switch. They are cheap as dirt (I got my for $65 bucks on ebay with free shipping), fully managed layer 2, and everyone who has one says they are rock solid.
2) We bought a Ubiquiti EdgeMax Router Lite. This $99 router gets great reviews, has impressive statistics and runs a forked version of vyatta. The perfect 'enterprise' home router.
3) We bought a Ubiquiti Unifi AP. I know a few guys who swear by these things and at $68 bucks they are really cheap. Our current play is to point it face up in the center of the basement ceiling (above the tiles, below the floor). The idea is that by facing it up at the first floor the coverage will hopefully be acceptable upstairs and on the 2nd floor. They are POE and include an injector so I can put it anywhere without power concerns. Eventually I'm going to get some help to put a nice drop in the center of my upstairs hallway and my downstairs hallway and move the access point to the upstairs (and buy a second for downstairs if required). The range on these things is apparently incredible. The only downside is it's 2.4ghz only and N300. I figure when the AC access-points come down a bit in price I'll upgrade to those.

So that's the new setup. I'll put the guest wifi on it's own vlan, the lab stuff on it's own vlan, and the rest of the house on it's own vlan.
 
That looks like a pretty sweet setup. There's nothing really wrong with running a router in a VM, but like you said, there are some convenience factors that make it easier to have a separate device.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top