Lab Notes


It’s one thing to have the book knowledge, and another thing to actually implement and maintain.

This general lab design is inexpensive to implement (ISP fees not figured in) and through virtualization will open doors to learning almost any aspect of information technology.

Network Design

Network is split out into VLANs. Trunk port between the router and the switch, and another trunk port between the switch and one of the GigE ports on my workstation (carrying VMware guest tagged traffic). I have an IPv4 /29 routed to me by my ISP, and a IPv6 /48 routed to me by another ISP. While you can get away with dynamic DNS, I highly recommend getting a public block. For science.

If your ISP does not deliver IPv6, I recommend creating a free tunnel through Hurricane Electric.

Mikrotik RB2011 Router

Mikrotik makes a range of routers and switches that are based on a custom Linux kernel. Configuration can be difficult, but if you are comfortable managing Linux systems it’s not hard to grasp. Very powerful scripting, firewall, and routing functions (even MPLS). Get on the software defined bandwagon cheap.

This Mikrotik model also supports a wide range of wireless capabilities (VLANs, capture portal, authentication, encryption, etc. etc.). Plenty to keep you occupied.

Another alternative is Ubiquiti Networks; or Ebay for used Cisco, Juniper, HP, Avaya, or ADTRAN equipment.

Dell X1026P Switch

24 port Gig PoE switch. Easy to configure and maintain, make sure you have the latest firmware installed. Fits on a desk and the fans are quiet. If you don’t need or want to play with the PoE feature, the X1026 (note the lack of a P in the model number) is shorter and completely silent. The switch can also mirror up to eight interfaces for network monitoring (this is key).

Compute Design

Host

Microsoft has a number of "free" virtual machines you can download.

While VMware offers generous trial periods for their software, you can sign up ($200/year) for their VMUG Advantage Program.

VMware Workstation has multiple VMnet interfaces mapped to VLANs, so for example I can keep lab traffic segregated from my get-stuff-done network. Be sure to limit your day-to-day use of the Host System as any system errors could have a negative affect on your virtual machines.

VirtualBox is an open-source alternative to VMware Workstation. I still recommend purchasing Workstation; in my experience it has better performance and stability.

Specifications

Custom “whitebox” PC (Intel i7, 32GB RAM, multiple TB hard drives, quad Ethernet NICs)

RAM and I/O are going to be your biggest resource bottlenecks. I rarely run into CPU over-utilization unless a VM hangs at 100% usage. Get as much RAM as your motherboard can handle and more than a few hard drives. Storing multiple I/O hungry VMs on a single hard drive will make life miserable.

For sandbox software Sandboxie for Windows, and firejail for Linux. More interesting tools can be found here.

Network and host monitoring is done through Security Onion. I also send logs to ELSA (on Security Onion).

Raspberry Pi

Used for 802.1x and various other projects. These are great little computers, and cost $35 or less.

Voice Design

VoIP phone(s) on separate VLAN utilizing PoE. Inexpensive VoIP service can be purchased from voip.ms.