This post is part of a series on building my Ruckus home laboratory environment. Previous articles in this series include:
- Building a Ruckus Home/Office Laboratory on a Budget – Part 1
- Building a Ruckus Home/Office Laboratory on a Budget – Part 2
- My Ruckus Laboratory – Home Network Architecture & Limitations
In this post I discuss the physical network components and the physical / logical connectivity of the laboratory equipment.
Physical Network Overview
The image below gives you a view of the physical components of the laboratory network and their connections to one another.
Dell PowerEdge R610
The Dell PowerEdge R610 is connected to the ICX7150-C12P using 2 Ethernet interfaces configured in a LAG to provide 2 Gb/s full duplex connectivity. This connection will provide for Layer 2 communications between the physical hosts using untagged frames (placed onto VLAN 100 inside the ICX 7150). Additional tagged VLANs for Access Points and Client subnets will be enabled on the LAG interface on an as needed basis.
For the specifications of the Dell R610 server that I am using, check out one of my earlier posts on the topic!
Laboratory Access Points
Ethernet interfaces 7 through 11 are reserved for use by Access Points in the laboratory. These interfaces are not configured yet but will provide L2 services between the APs and the virtual routers only. This will maintain the logical separation between the Physical and virtual network environments.
Port 12 of the switch is reserved for access to the network management subnet. This interface is configured as an access port on VLAN 101. That is to say, it will place all untagged traffic onto the management subnet on VLAN 101 and will drop any tagged VLAN traffic entering the interface. This makes it easy to connect to the management network via an Ethernet cable directly or via a dedicated wireless access point using a WPA2-Personal SSID, as shown in the diagram.
Mikrotik HAP AC
Originally, I intended on using an 802.11ac capable, DD-WRT router that I had in the back of my cupboard from about 2014. After a week of fist clenching frustration and dealing with a WEB UI that was unresponsive and didn’t correlate to the actual settings in the box, I decided I had had enough and went out and bought the Mikrotik HAP AC (you should be able to get one for about $130.00).
The Mikrotik HAP AC is a dual band, 802.11ac, 3×3:3 capable Access Point running Mikrotik’s RouterOS (including a level 4 license), capable of fulfilling just about all of my needs in the laboratory. The primary purpose of the Mikrotik HAP AC router is to provide the physical and virtual laboratory networks with connectivity to external networks whilst keeping both as isolated as possible.
The Mikrotik provides me with options for connecting the laboratory to the Internet via Wireless LAN, Ethernet or even a USB 3G/4G modem in a pinch. It also supports dynamic routing protocols such as OSPF and BGP if I decide to start toying around with those…
In my home laboratory, the Mikrotik is configured as a wireless client that connects to my Home WLAN. Traffic from the physical hosts and management subnets is routed to the Mikrotik via uplink port 1/2/2 on the ICX7150-C12P switch. Traffic from the virtual environment is routed directly from Ethernet Interface 3 on the Dell R610 (by a virtual router) to the Mikrotik.
The traffic from each environment is thoroughly isolated using the builtin firewall and routed to the Internet. The firewall allows connectivity from the management subnet into the virtual environment, but not the other way around. The firewall also prevents laboratory traffic from reaching devices in my Home WLAN as it traverses that network on its way out to the internet!
The ICX7150 holds the entire network together. It provides L3 services to the physical hosts, management subnet and NAT router. It also provides Layer 2 services to the laboratory access points, and the virtual environment. More detailed configurations details of the switch are given in future posts.
Layer 3, Logical Network Diagram
The logical structure of the Layer 3 network, including part of the virtual environment is shown below. Connectivity between the ICX7150 switch and Laboratory Access Points via Ethernet interfaces 1/1/7-11, and their connection into the virtual environment via Ethernet 1/1/1-6 is excluded since those are limited to Layer 2 only.
Thats all for now!