HOME LAB: ADDED A CISCO 3845 ISR

Why? Well, I wanted more ISRs in my home lab.

That, plus my ISP (Virgin Media), will be upgrading my line from 120 Mb/s to 152 Mb/s in the second half of 2014. Looking at the Cisco docs, the 2851 ISR I am using can only do up to around 112 Mb/s/s.

Although there is quite a bit of time before Virgin Media actually go forward with this upgrade, I saw the 3845 going reasonably cheap on eBay, cheaper than what I expect it will be next year when my connection gets upgraded. So, I decided to just buy it now. 🙂

HOME LAB NETWORK REDESIGN PART 2: THE EDGE ROUTERS

As I have never used a Mikrotik router before, there was quite a big learning curve.

I’ve only really used Cisco/Juniper like interfaces to configure routers, and I’m a fan of them. Even though I have gotten a little more used to the RouterOS command line, I must say I’m not a huge fan of it. Most of the reasons are quite minor reasons, but some of the reasons I don’t really like it is:

• I find it silly how the menus are structured. For example, I have to first configure an interface in /interface context first, then switch context to /ip address to add an IP address. Same goes for just getting an IP from a DHCP server. To do this, you can’t do it from the /ip address context, but rather /ip dhcp-client context. There are many other cases of this, and while none of this is really a big deal, I find it is quite inconvenient. I want to configure the options for a single interface in one place.
• There are a lot of little things I think ROS is lacking. For example, creating a GRE tunnel from the /interface gre context, you have to provide a local-address to source the packets from. This is a pain because if you are on a dynamic IP address, it involves an extra step of editing the address every time your address changes. On Cisco routers, you can just do tunnel source $INTERFACE and it’ll automagically use the correct source address. This is also for adding routes via the DHCP provided default gateway. On IOS, I can just do ip route 8.8.8.8 255.255.255.255 dhcp to route some packets explicitly via the DHCP assigned default gateway. This is useful because in order to reach my dedicated server, I need a single route via my DHCP assigned default gateway, before BGP from my dedicated server pushes down a new default route. In ROS you can’t do this, and have to add a static route manually yourself, and edit it each time your address changes. Again, these are minor things, but I’m sure there are some bigger things which I cannot remember at the moment.

To be fair, these reasons are quite minor, and considering the price difference between a Mikrotik router, and a Cisco/Juniper router, I guess it is acceptable.

HOME LAB NETWORK REDESIGN PART 1: THE REMOTE DEDICATED SERVER

As promised, here is a very very basic diagram of my home lab. This is quite a high level overview of it, and the layer 2 information is not present as I suck at Visio, and all the connectors were getting messy on Visio with the layer 2 stuff present! What is not shown in the digram:

1. There are two back-to-back links between the edge routers which are in an active-passive bond.
2. Each edge router has two links going into two switches (one link per switch), both these links are in an active-passive bonded interface.
3. The two edge firewalls only have two links going to each of those switches. One port is in the “inside” VLAN, and the other is on the “outside” VLAN. I wanted to have two links per VLAN, going to both switches, but the Cisco ASAs don’t do STP, or Port-Channels so I having two links would have made a loop.
4. The link between the two ASAs is actually going through a single switch on a dedicated failover VLAN. From reading around, the ASAs go a little crazy sometimes if you use a crossover cable as the secondary will see it’s own port go down as well in the event the primary fails. It seems that this can cause some funny things to happen. Using a switch between them means that if the primary goes down, the secondary ASA’s port will still stay up avoiding any funniness.
5. The core gateway only has two interfaces, each going two a different switch. One port is on the “inside” VLAN that the firewalls are connected to, and the other port is a trunk port with all my other VLANs. This isn’t very redundant, but I’m hoping to put in a second router when I have some more rack space and use HSRP to allow high availability.

As I mentioned in my previous post, I have a dedicated server hosted with Rapid Switch, through I wanted to route all my connections. There were a few reasons I wanted to do this:

HOME LAB NETWORK REDESIGN WITH MIKROTIK ROUTERS

I currently have two cable connections from Virgin Media coming into my house due to some annoying contract problems while moving.

I originally had one line on the 60 Mb/s package, and the other on 100 Mb/s, but when Virgin Media upgraded me to 120 Mb/s I downgraded the 60 Mb/s line to 30 Mb/s to reduce costs.

Since I got into this strange arrangement with Virgin Media, I have been using two separate routers for the connections. A Cisco 1841 Integrated Services Router on the 30 Mb/s line, and a Cisco 2821 Integrated Services Router on the 120 Mb/s line, but I found that I wasn’t able to max out the faster line using the Cisco 2821 ISR. Looking at Cisco’s performance sheet, the Cisco 2821 ISR is only really designed to support lines of up to around 87 Mb/s, and that’s without NAT!

CONNECTING TO USENET VIA TWO INTERNET CONNECTIONS

I currently have two connections from Virgin Media at home and I wanted to use them both to grab content from usenet.

My Usenet provider is Supernews, I’ve used them for a couple of months, and from what I understand they are actually just rebranded product of Giganews.

Supernews only actually allow you to connect to their servers from one IP per account, so even if I had set up load balancing to split connections over both my connections, it would not have worked very well for usenet as I will be going out via two IP addresses, so for this reason I decided to take another route.

TWO MORE CISCO 7204 VXRS ADDED TO MY HOME LAB!

Last week, I was browsing eBay (as you do!), and noticed two Cisco 7204 VXR routers auctions which were about to end pretty soon and the starting bid was £0.99, and there were no current bids!

I’ve wanted to play with the bigger Cisco routers for a while. I have played with the Cisco ISRs, which are designed more for branch/smaller offices. I already have one 7204 VXR in my rack, but adding two more couldn’t hurt, so I figured I would go ahead and try my luck and bid. To my surprise, I won both!

CISCO ASA 5505 RAM UPGRADE

I have two Cisco ASA 5505s in my home lab which I acquired almost two years ago from eBay. I was pretty lucky, as I paid under £70 for each because the seller wasn’t too sure what they were! Looking on eBay now, they are selling for around £120! 🙂

Pretty much straight away, I wanted to upgrade to the ASA 8.3 code, which required a RAM upgrade, so I upgraded it.

NGINX, VARNISH, HAPROXY, AND THIN/LIGHTTPD

Over the last few days, I have been playing with Ruby on Rails again and came across Thin, a small, yet stable web server which will serve applications written in Ruby.

This is a small tutorial on how to get Nginx, Varnish, HAProxy working together with Thin (for dynamic pages) and Lighttpd (for static pages).

I decided to take this route as from reading in many places I found that separating static and dynamic content improves performance significantly.

Nginx

Nginx is a lightweight, high performance web server and reverse proxy. It can also be used as an email proxy, although this is not an area I have explored. I will be using Nginx as the front-end server for serving my rails applications.