Creating a standalone homelab network from a Wifi Mesh setup (most cost-effective way possible)

[cpugeek21]

Hey all, I'm trying to break into cloud DevOps and I read that one of the best ways is to demonstrate my interest and expertise with a homelab. Work aside, I have also found homelabbing really fun and would like to explore this rabbit hole further. However, I realised that my home network's status quo is not ideal.

 

Current Setup (Mesh Wifi provided by Asus ZenWifi AX6600; apparently does not support VLANs)

 

After some research, I think a good setup to aim for would be this.

 

Desired Setup

 

Reasoning for the above setup:

I'm torn between purchasing a second Internet connection (from the same ISP, using the same ONT) so that I can homelab without any worries of the current Internet going down, versus setting up VLANs. On the one hand, I know that I can set up a router using pfSense and create VLANs and connect it to the ONT. On the other hand, the setup above ensures that the main network always stays up and secure, with the tradeoff being an additional Internet connection bill per month (for my homelab network).

 

The end goal would be to create an end-to-end homelab that I can use to demonstrate expertise, including but not limited to the following services / domains:

- Firewall (probably pfSense)

- Networking (setting up of route tables ,security groups)

- Security (deploying a SIEM like Security Onion / Wazuh + OpenVPN / Cloudflare Tunnels)

- Cloud (AWS --> ALB, EC2, S3...)

- Docker (self-hosting some services like Plex on the servers, including a self-hosted Wordpress instance hosting my resume site)

- Kubernetes (for orchestration of the Docker containers)

- Terraform (to demonstrate expertise of cloud)

- Ansible

 

So here are some questions:

1. Firstly (and most importantly), does my reasoning above look sound? Anything I should change? Anything I can improve?

2. Firewall: should I just buy something like a mini PC (e.g. Beelink, 2nd hand Intel NUCs) and download an open-source router software like pfSense to start messing around with it? Or should I get a security gateway appliance with an actual firewall on it (like those Netgear security gateway appliances)? I was originally thinking of going with Unifi but I think those are usually used residentially and not in professional settings, so I'm a bit hesitant (from a build-up-my-own portfolio perspective). On the other hand, Unifi seems to be much easier to set up and troubleshoot. I believe many of their product also offer support for VLANs as well.

3. Homelab servers: I currently do not have a single server on-hand. So far, I have been getting by with just a laptop that I turn on and off every single day to learn networking (i.e. no 24/7 uptime) and automation (e.g. Docker, Kubernetes, Ansible, Terraform etc.). So far, it is still going fine for learning purposes but it is a pain to have to restart the Docker containers every single day. I'm wondering if I should go the cloud route and just spin up some AWS EC2 instances (using Terraform) or I should bite the bullet and just purchase a couple of physical servers.

This was a long post, so thanks everyone for your suggestion and advice in advance! Look forward to hearing from the kind folks in this community.

[DaITguy]

Hi there! me personally I'd recommend not having 2 separate internet connections coming into your house. If you setup multiple VLANS and create a main "home" VLAN that doesn't get touched (ie make a good config and never touch it again aside from firmware updates) you shouldn't have any issues. From there you can do all your home lab experimenting on a separate VLAN and it shouldn't affect the "home" one. Side note if you can keep those cables clean, brownie points when looking for jobs (my opinion). Little details matter!

As to a firewall, I'd recommend going w/an actual gateway. You do have a point that Unifi isn't common in professional settings BUT if you're learning, Unifi is a good place to start and when your skills get more advanced you can get something like a Cisco or Netgear setup. Really it's a tradeoff of a learning environment and a more realistic environment. I'd prefer Unifi bc you can learn the more basic up to more moderate/advanced concepts more easily I'd say than with Cisco/Netgear equipment.

Homelab: You can buy a premade server but those can be pricey. If you don't have much budget for servers you can keep your laptop on 24/7 uptime (i'd disconnect the battery and connect the AC adapter to a UPS to avoid battery bulge); see if your laptop supports headless mode. If you do have budget though, you can get a premade server (common in the industry) but I'd argue that making a custom server and using something like UNRAID or PROXMOX (or even TrueNas) would be equally educational especially when you're learning. Also fun to build :). Any direction you take, you can install a remote access like Teamviewer (has free tier) but ALSO you can set it up on SSH to learn CLI. I'd recommend doing both bc you can learn CLI but you can keep the convenience of logging in from almost any device (including phone & tablet).

 

Long response. lmk if anything was unclear.

[DaITguy]

Oh also, if you want dedicated cloud experience under your belt...yeah gonna have to invest in some AWS/Azure cloud subscriptions…

[cpugeek21]

On 12/17/2023 at 6:38 AM, DaITguy said:

Hi there! me personally I'd recommend not having 2 separate internet connections coming into your house. If you setup multiple VLANS and create a main "home" VLAN that doesn't get touched (ie make a good config and never touch it again aside from firmware updates) you shouldn't have any issues. From there you can do all your home lab experimenting on a separate VLAN and it shouldn't affect the "home" one. Side note if you can keep those cables clean, brownie points when looking for jobs (my opinion). Little details matter!

As to a firewall, I'd recommend going w/an actual gateway. You do have a point that Unifi isn't common in professional settings BUT if you're learning, Unifi is a good place to start and when your skills get more advanced you can get something like a Cisco or Netgear setup. Really it's a tradeoff of a learning environment and a more realistic environment. I'd prefer Unifi bc you can learn the more basic up to more moderate/advanced concepts more easily I'd say than with Cisco/Netgear equipment.

Homelab: You can buy a premade server but those can be pricey. If you don't have much budget for servers you can keep your laptop on 24/7 uptime (i'd disconnect the battery and connect the AC adapter to a UPS to avoid battery bulge); see if your laptop supports headless mode. If you do have budget though, you can get a premade server (common in the industry) but I'd argue that making a custom server and using something like UNRAID or PROXMOX (or even TrueNas) would be equally educational especially when you're learning. Also fun to build :). Any direction you take, you can install a remote access like Teamviewer (has free tier) but ALSO you can set it up on SSH to learn CLI. I'd recommend doing both bc you can learn CLI but you can keep the convenience of logging in from almost any device (including phone & tablet).

 

Long response. lmk if anything was unclear.

Yep crystal clear, thanks for the long response! I've read a bit online and the consensus seems to be that Unifi wouldn't work very well with other manufacturers, so Unifi router --> Asus mesh node (in AP mode) --> Asus mesh node (wireless) in one VLAN wouldn't work very well. Would you agree with this assessment?

If yes, would it be best to just bite the bullet and revamp the entire home network by going full Unifi? Buying something like the Dream Machine Pro (which includes a security gateway) as well as a couple of Unifi mesh APs?

 

On 12/17/2023 at 6:47 AM, DaITguy said:

Oh also, if you want dedicated cloud experience under your belt...yeah gonna have to invest in some AWS/Azure cloud subscriptions…

Yup, already studying for + about to take AWS SAA soon.

[DaITguy]

Yeah I agree. I’d recommend doing a full unifi setup. I mean technically I can see unifi working with non-unifi stuff (which I have actually done) but you’re gonna get problems so it’s not worth it. 
The gear you mentioned is about right but I’d add a unifi switch in there too, shop around and see what would suit your needs best/any sales going on from different places.