Homelab/Worklab

I've recently joined the "homelab" subreddit, where folks post pictures, descriptions, and itemized lists of their computer acquisition fetish/passion project. After picking up a GL.iNet USB150 Microuter (which I mentioned in an earlier post), it motivated me to write up more about my "homelab" setup here at the office.

For obvious reasons, my homelab is designed around the software we produce at 128 Technology. I've got three dedicated routers in my network: at home, at the office, and at a summer cottage in western Massachusetts. The one at my office happens to be the most interesting of the bunch.

The 128T router at my office began life as a VPN replacement. And not in the typical way: it wasn't for me to VPN from my house into my office like most VPNs are set up to do, but rather the other way around. Instead, I set it up to allow me to play IT support for my family's wifi issues, printing issues, etc. while I'm at the office. Prior to the 128T, I'd been using a Synology DiskStation as a VPN for the job, but once a colleague extolled the virtues of a brand new machine they'd discovered for running their own 128T node I couldn't help myself. The machine is the fitlet2 by CompuLab, a wonderful little computer that has proven to be a powerhouse at running a 128T routing node.

There are a few build options for the fitlet2; I went with the beefiest version – 16GB of RAM and the Intel Atom E3950. I'm glad I did, too... the 128T software uses a decent chunk of that compute and memory, but there's still plenty left over to experiment with. I also got the wireless FACET card, but have yet to get it working to my satisfaction.

Rather than the wireless FACET, I instead use the USB150 as my wireless bridge between the wired network on my desk and the (guest) wifi at my office. This was more than a matter of convenience; because it runs its own operating system, the USB150 gives me another point of entry into my desk router in the event that the fitlet has wedged. (I'm using a Tor onion service on this little guy.) This USB150 is for all intents and purposes my "WAN."

Also plugged into the fitlet are a Wifi Pineapple from Hak5, which I use for research purposes, and a Futurebit Moonlander USB scrypt miner, which I picked up while investigating blockchain. All together, it's quite a sight.

The LAN is connected to a Cisco Catalyst 2970 I bought on eBay for $25. This lets me configure VLANs for all of the various traffic segments I use within my lab (which will be the topic for the next blog post in this series...), and lets me use "protected" switchports within specific segments to provide even further protection from machine-to-machine communication within a VLAN.

The rest of the gear in my worklab is plugged into this switch; it's connected to my fitlet (obviously), to my systems under test (as I write this its a few platforms for upcoming customer deployments), and to a few of my various gadgets I keep at work.

Lots of good work goes on through this lab. It's my primary access to everything: my development lab in our local closet, my primary residence's network, and the public internet. It's under constant load, and constant scrutiny, and is my proving grounds for new software and configuration strategies.

When I get into my traffic segmentation strategy, it will hopefully illustrate how these pieces fit together.