Network layout showoff

[mudflapman]

7 hours ago, brwainer said:

While live migrations are rare, I recommend having a seperate link for that as well as any backup or replication traffic that may happen between the two. It is rather unpleasant to have your other VMs starved of throughput during a migration.

The migrations could be a fairly common thing for me, I'm a consistent tinkerer. I know I don't tend to have a great deal of action on my servers at any point in time so I'll have to see what the outcome is. Depending on what I end up running as the servers also will determine what I do of course, if I've got room for NICs, I'll run them separate.

[Sir Asvald]

Network picture: 

 

Dell PE R210 II. Intel Xeon E3-1240. 16GB Ram and 2x 500GB Sata drives. Running Windows 2012 R2 and VM running my Exchange server and web server. 24 port TP-LINK Gigabit and an 8 port switch. Not in the picture, Dell Optiplex 390 Running Pfsense.

 

[Copie]

The Topology of my home currently.

 

Ubiquiti Unifi USG Pro 4

Ubiquiti Unifi US24 switch

Ubiquiti Unifi US-16-150w POE switch

Unifi Cloud Key

Unifi UAP AC Lite x2

Unifi UAP AC Pro

 

 

 

[BurningSky]

Fairly simple layout, need to swap it around a bit when I do some renovations 

[CiscoFan]

 

 

Here is my new network topology for my home lab. I am diving into the realm of security now. It seems to be an all-out enterprise network but it is in a home. Just 4 Cisco Catalyst 3560Gs, 2 Cisco ASA 5510s, 2 Cisco 2911, and the Cisco Unified Communications Suite. This is one highly redundant home network.

[Brian Furious]

On 3/12/2017 at 7:42 AM, droidrzrlover said:

 

 

Here is my new network topology for my home lab. I am diving into the realm of security now. It seems to be an all-out enterprise network but it is in a home. Just 4 Cisco Catalyst 3560Gs, 2 Cisco ASA 5510s, 2 Cisco 2911, and the Cisco Unified Communications Suite. This is one highly redundant home network.

 

Isn't it too much overkill? I like it though

[Sir Asvald]

On 03/12/2017 at 6:42 AM, droidrzrlover said:

 

 

Here is my new network topology for my home lab. I am diving into the realm of security now. It seems to be an all-out enterprise network but it is in a home. Just 4 Cisco Catalyst 3560Gs, 2 Cisco ASA 5510s, 2 Cisco 2911, and the Cisco Unified Communications Suite. This is one highly redundant home network.

 

Nice network!  Too bad ASA firewalls are end of life.  What configs are you running on switches and ASAs?

[CiscoFan]

6 hours ago, Abdul201588 said:

Nice network!  Too bad ASA firewalls are end of life.  What configs are you running on switches and ASAs?

The configs are basic for the switches, VLAN 99 on the switches before the ASAs and then I will have VLANs 10, 20, 30, 75, and 100 on the switches after the ASAs with no switchports going to the ASAs. The core is going to be 172.16.1.0/28 and then after that, it is going to be 172.16.2.0/28 for after the ASAs. I am going to have a default route going to 172.16.1.1 which is the HSRP address.

[CiscoFan]

8 hours ago, Brian Furious said:

Isn't it too much overkill? I like it though

It is too much over kill lol, but it never hurts to practice setting up redundancy lol.

[Sir Asvald]

Network setup. I've moved my Email server from my house to an online VPS. Residential IPs are blocked with BT. So, I figured, why not an online one and use VPN to connect to the domain:

 

The on premise server is still up. It's only used internally and it forwards all requests to the VPS. ASA 5505 is used for IPSec VPN between my house and the VPS. 

 

[Mikensan]

Always hard to draw a virtual environment, a physical diagram doesn't really represent the network layout well. I sort of grew into this, but I will move my WSUS server to the management vlan and VDP to the non-internet vlan. Currently it's the only server on that vlan allowed internet access on vlan 50. I'll also probably end up moving my RDSH application server over to the dmz since it's going to be more permanent now.

 

Drawing it all out definitely helps think of where things should be.

 

[maxtch]

On 12/21/2017 at 3:03 AM, Mikensan said:

Always hard to draw a virtual environment, a physical diagram doesn't really represent the network layout well. I sort of grew into this, but I will move my WSUS server to the management vlan and VDP to the non-internet vlan. Currently it's the only server on that vlan allowed internet access on vlan 50. I'll also probably end up moving my RDSH application server over to the dmz since it's going to be more permanent now.

 

Drawing it all out definitely helps think of where things should be.

 

Maybe you can draw it using separate L3 and L1 maps? In L3 maps ignore the managed switches and VM hosts, while in L1 map ignore VMs?

[Lurick]

Made some changes/updates

 

 

 

 

 

[Mikensan]

@Lurick - how much did the ASAv licenses end up costing if you don't mind me asking?

[Lurick]

3 minutes ago, Mikensan said:

@Lurick - how much did the ASAv licenses end up costing if you don't mind me asking?

For me it was free since I got it as part of my job role pretty much

[Parsious]

 

so then this is the network as it stands at this moment 

 

Device list 

• Entertainment 
  • TV is a Sony 55 inch 4K android 
  • STB 1 and 2 are as advertised one for my ISP IPTV and the other is nationall IPTV provider for channel diversity 
  • and the sony Bluray 
• Mobile computing 
  • Tile is a Lenovo Yoga 910 and is my mobile daily driver 
  • Tile-old is a Hp Probook that is too old too heavy and now too slow and now changes OS as a whim hits me 
  • work laptop well thats prtetty much as advertised 
• the printer is a cheep brother wireless Laser printer 
• Servers 
  • Nas is in build atm amd while technically attached to the network its defs a WIP at the moment 
  • Slate is a scratchpad server that is my testing location for all the stupidity before i roll an idea live 
  • Firebrick serves as web / mail / database and will soon take over DNS / DHCP from my modem  
• Workstations 
  • Cornerstone is the PC i have been using as my non mobile daily driver for the past 4 years its currently being replaced by Cornerstone V2 
  • Cornerstone V2 is the new kid on the block  and as soon as i get all my data moved over or off to the NAS (when complete) there will be a name refactor 
• Switches 
  • switch 1 is a D-link DGS-1016a 16 port Gigabit non managed consumer switch 
  • switch 2 is a TP-Link TL-SG108 8 port Gigabit consumer switch 
  • the access point is a Ubiquity unify UAP-AC-PRO
• Modem 
  • this is fairly unremarkable POS ISP supplied ADSL modem.  i have 3 diferent iterations of them and they change out regularly as i end up testing them for work and one of these days im going to get my Cisco 867 sorted out (we no longer offer that as an option to business customers so its not in the testing rotation )

General Thoughts an musings about my network 

 

The only real reason for switch two is so that i only have one Ethernet cable running to my office. and i think that the 16 port one will soon be replaced wiht a second hand HP procurve 3400CL switch ... they can generally be found online for a good price and are fully non blocking with something like an 86Gig back-plane and space for 2 10Gig fiber up-links (that i would have almost no use for atm ) the 48port ones would have fun trying to saturate that back-plane. The main reason for the upgrade is not that im saturating either of the Gigabit switches i currently have but more that the HP is managed.

 

Slate and firebrick are currently running on Rasberri Pi's, Firbrick on a pi 3 and slate a pi2, i dont do a lot of work out to the world with my web/mail so atm the Pi is completely suitable for that job but im really wondering if i am going to take the Cornerstone hardware and throw ESXi on it then pull mail web and Database into different VM's 

 

as it stands i haven't had a need for web/mail or associated stuff for a while so the addition of Firebrick is only about 3 weeks old at the moment and was put in place to get some network management running in this case Cacti and smoke ping. 

 

initially cacti and smokeping were put in place to help me identify some network issues that i was seeing (massive prolonged ping spikes huge chunks of lost packets)  but as per bloody usual as soon as i added monitoring and got it going the issues are gone 

 

if yall are interested in my connection to the world i have pulled some of the relevant cacti graphs onto http://www.fish-tank.ninja/network.html this page where you can see my latency over time to 4 DNS servers and some strategically chosen points in my routing too a game server in London that i use a lot 

 

there is also the smoke ping page that shows similar data in a different way  http://www.fish-tank.ninja/cgi-bin/smokeping.cgi?target=MULTIHOSTS 

smoke ping shows the latency in a better way but Cacti's SNMP integration means i can do a whole lot more with it in the long run (this is where the 3400CL comes into the picture) 

 

there also needs to be a name reorganization as traditionally Cornerstone is the center of my network and all devices are named after brick/stone products in this case Firebrick probably needs to be renamed as it is in no way any sort of firewall. that said there definitally needs to be some kind of firewall device added into the network some time soon 

 

[Sir Asvald]

On 17/01/2018 at 10:23 PM, Lurick said:

Made some changes/updates

 

 

 

could you take a picture of the front? 

[Lurick]

11 hours ago, Abdul201588 said:

could you take a picture of the front? 

That's about as much of the front as I can get. It's maybe a few feet from the wall so a proper front picture is hard

[Sir Asvald]

46 minutes ago, Lurick said:

That's about as much of the front as I can get. It's maybe a few feet from the wall so a proper front picture is hard

Aw.  How comes you have multiple switches? I've got 2 only.

 

[Lurick]

30 minutes ago, Abdul201588 said:

Aw.  How comes you have multiple switches? I've got 2 only.

 

Just two switches

One is for UPOE and MGig and the other is for POE+ and just does gig (excluding the 10Gig module)

Then I've got a 3504 WLC

[sapage]

Hopefully in the spirit of fun for this thread.

 

https://imgur.com/a/XTorV

 

I should really cable it up or something. 

[Sir Asvald]

15 hours ago, sapage said:

Hopefully in the spirit of fun for this thread.

 

https://imgur.com/a/XTorV

 

I should really cable it up or something. 

LOL

[Denned]

 

Not enough Cisco in here, so here's my little setup.

 

 

 

[Sir Asvald]

My network.

[Lurick]

On 3/10/2018 at 2:32 PM, Denned said:

Not enough Cisco in here, so here's my little setup.

That stuffs old man!

You need to get the new 3504 and some Catalyst 9300s, gosh!

Upgrade that 5506 to a 5585

 

 

Kidding of course, it looks nice