Home Lab

Published: 2024-02-12

Intro

Greeting fellow nerds! In this the 2024th year of our lord, Kermit J Frog. I am commited to upskilling on Observability and Kubernetes. To achieve this, I am building out my home lab and using the ways of DevOps.

Technologies

Before I can start building a Kubernetes cluster, I need to build out all the supporting services. The following table lists the hardware and software technology I am using in my lab.

ComponentTechnology
RoutingVyOS
FirewallVyOS
WirelessUbiquiti
SwitchingMikrotik
Remote AccessZeroTier
DNSPiHole
DHCPKea
NTPVyOS
PKIVyOS
VirtualizationProxmox
StorageTrueNas Scale
Operating SystemUbutuntu
ContainerizationDocker
Config ManagementSaltStack
Intrastructure as CodeTerraform
Logging/MonitoringOpenSearch
App ServiceKubernetes

Architecture

I created a few diagrams to help visualize the network.

Physical Network

The physical network is a simple setup with three compute nodes, and a single switch. The following diagram shows the physical network layout.

The following points describe the physical network layout:

  • Three compute nodes cmp01-03 are running the Proxmox hypervisor and utilise Open vSwitch as the virtual switch.
  • The compute nodes connect to swc01 via a trunk link which allows multiple VLANs to be shared between the compute nodes.
  • Each compute node has a VyOS virtual router/firewall. The VyOS VMs are configured as the default gateway for all the internal networks.

VLANs

Functions are logically seperated into VLANs. The following diagram shows the VLAN assignment between the VyOS routers and the hypervisor switch.

The following points describe the VLAN assignments:

  • Three VyOS VMs (rfw01-03) have 10 interfaces, one for each VLAN.
  • Each interface connects to the Open vSwitch bridge and is assigned to a VLAN.

Virtual Router Redundancy Protocol (VRRP)

VRRP is used as the first-hop redundancy protocol. The following diagram shows the VRRP configuration between the VyOS routers.

The following points describe the VRRP configuration:

  • rfw01 is the active router and rfw02/03 backup routers.
  • The VRRP priority of the routers is set so that rfw01 has the highest priority, rfw02 the second highest, and rfw03 the lowest.
  • Preempt is enabled, so if rfw01 fails, rfw02 will take over as the active router. When rfw01 comes back online, it will again become the active router.
  • Virtual machines vm01-3 use the VRRP virtual IP of the active router as their default gateway.

Routing

The IS-IS routing protocol is used to share routing information between the VyOS routers. The following diagram outlines the routing configuration for both the LAN and WAN.

The following points describe the routing configuration:

  • rfw01/02/03 have an IS-IS neighbourship over eth8.
  • All VyOS routers have eth9 configured to connect WAN, however, only rfw01 has eth9 enabled.
  • rfw01 receives the default route from the ISP.
  • rfw01 originates the default route for IPv4/6 via IS-IS.
  • rfw02/03 receive the default routes from rfw01 via IS-IS.

IPAM

I am running a dual-stack network with IPv4 and IPv6. Each VLAN has a /23 IPv4 CIDR and a /64 IPv6 CIDR. The following table outlines the IPAM for the network.

DescriptionIDIPv4 CIDRIPv6 CIDR
MGMT5010.100.50.0/23fd00:10:100:50::/64
Physical Infra5210.100.52.0/23fd00:10:100:52::/64
Virtual Infra5410.100.54.0/23fd00:10:100:54::/64
Kubernets5610.100.56.0/23fd00:10:100:56::/64
LAN5810.100.58.0/23fd00:10:100:58::/64
LAB6010.100.60.0/23fd00:10:100:60::/64
Guest6210.100.62.0/23fd00:10:100:62::/64
IOT6410.100.64.0/23fd00:10:100:64::/64
CORE6610.100.66.0/23fd00:10:100:66::/64
LOOPBACKS6810.100.68.0/23fd00:10:100:68::/64

Physical Infrastructure

The following table lists the addresses for the physical infrastructure.

DeviceDescriptionIPv4IPv6
vrrpgateway10.100.52.1/23fd00:10:100:52::1/64
rfw01core router/firewall10.100.52.2/23fd00:10:100:52::2/64
rfw02core router/firewall10.100.52.3/23fd00:10:100:52::3/64
rfw03core router/firewall10.100.52.4/23fd00:10:100:52::4/64
swc01switch10.100.52.5/23fd00:10:100:52::5/64
swc02switch (future)10.100.52.6/23fd00:10:100:52::6/64
pmx01compute10.100.52.10/23fd00:10:100:52::10/64
pmx02compute10.100.52.11/23fd00:10:100:52::11/64
pmx03compute10.100.52.12/23fd00:10:100:52::12/64
nas01storage10.100.52.13/23fd00:10:100:52::13/64
nas02storage (future)10.100.52.14/23fd00:10:100:52::14/64

Virtual Infrastructure

The following table lists the IP addresses for the virtual infrastructure.

DeviceDescriptionIPv4IPv6
vrrpgateway10.100.54.1/23fd00:10:100:54::1/64
rfw01core router/firewall10.100.54.2/23fd00:10:100:54::2/64
rfw02core router/firewall10.100.54.3/23fd00:10:100:54::3/64
rfw03core router/firewall10.100.54.4/23fd00:10:100:54::4/64
dns01dns server10.100.54.11/23fd00:10:100:54::11/64
dns02dns server10.100.54.12/23fd00:10:100:54::12/64
dcp01dhcp server10.100.54.13/23fd00:10:100:54::11/64
dcp02dhcp server10.100.54.14/23fd00:10:100:54::12/64
wlc01wireless controller10.100.54.15/23fd00:10:100:54::15/64
slt01salt master10.100.54.16/23fd00:10:100:54::16/64
slt02salt proxy10.100.54.17/23fd00:10:100:54::17/64

Core

The following table lists the IP addresses for the core network.

DeviceDescriptionIPv4IPv6
rfw01core router/firewall10.100.66.1/32fd00:10:100:66::1/128
rfw02core router/firewall10.100.66.2/32fd00:10:100:66::2/128
rfw03core router/firewall10.100.66.3/32fd00:10:100:66::3/128

Loopbacks

The following table lists the loopback IP addresses.

DeviceDescriptionIPv4IPv6
rfw01core router/firewall10.100.68.1/32fd00:10:100:68::1/128
rfw02core router/firewall10.100.68.2/32fd00:10:100:68::2/128
rfw03core router/firewall10.100.68.3/32fd00:10:100:68::3/128

Outro

That's all for now. I will keep updating this post as I progress through the build.

✌️ Peace out nerds. Stay weird! ✌️