Welcome to my inaugural blog post! The initial purpose of this blog is to document my journey creating a homelab. I’m not intending for this to be a guide, and there will be concepts that are not explained in a beginner friendly way. This blog is to follow my own personal thought process. I may branch out and discuss various other tech/science topics in future, but we’re going to start with my homelab.
What is a homelab?
I define it as any piece of server/networking technology at home that you use to experiment/research/tinker on. It’s also a pit of never ending currency consumption. A 15 year old laptop that’s retired from personal use and turned into a server that stores some documents? That’s a homelab. The massive server rack that quadruples your electric bill and can heat a small village? Also a homelab.
What do I want out of a homelab?
The number one reason is I want to get some hands-on experience with different tech. Primarily I would like to learn container software (e.g. Docker and Kubernetes), get better at Linux, and refine my networking knowledge.
The second reason is I would like to host some useful services myself. Some of the services I want to setup are:
- A locally hosted DNS
- A VPN so I can access my network remotely
- Data storage/backup
- Game servers for my friends
- Maybe some web hosting
- Network monitoring/security
What equipment do I currently have?
- AT&T’s equipment (ONT & BGW320)
- 8 year old TP-Link EAP110
- An Acer laptop so ancient I can’t even make out the serial number (it has a whopping 4 GB of RAM)
- My daily driver Windows PC
- A patch panel connecting to ethernet drops throughout my home
- A big spool of Cat 6 cable
What equipment do I need?
I intend to bolster my home network equipment in addition to setting up servers. The BGW320 currently acts as my router and gateway, but it is devoid of several of the features I intend to use in my network (like VLANs). Unfortunately, the ONT and BGW320 are both required for my AT&T internet to actually work. I’m stuck with them. There is a way to completely bypass the BGW320 with my own equipment, but it is absolutely not supported by AT&T and I’m not going to do that initially. The BGW320 can still be configured in IP Passthrough mode (it doesn’t have a bridge mode) so I can use my own router. I have a Linksys WRT54GL flashed with DD-WRT, but it is an ancient artifact from another age. I’ll be getting a new device for my router.
I would also like to replace my current wireless access point. My EAP110 is fairly old and only has WiFi 4 on the 2.4 GHz band. Devices that broadcast on the 5 GHz band and have 4x my current device’s bandwidth are fairly common now, so I’d like to get one.
I’ll likely need to get a switch. Probably something with PoE+ and VLAN capability. I have 6 ethernet drops from my patch panel, so I’ll need at least 6 ports on my switch to connect those, and 1 port to connect my router.
For my servers, I’m thinking that I’ll want two physical machines initially. I want one that will have a bunch of VMs and containers and I intend to spin up and spin down and break and test all sorts of software. The second machine will be a network-attached storage (NAS) that will be for data backup & storage that will be much more stable as I don’t want to accidentally rm -rf all of my data.
What are my limitations?
I do not want to feed the ever hungry homelab maw too many of my dollars. I’m going to self-impose a hard limit of $2000 on this initial iteration. That includes servers, networking equipment, hardware, and software.
I also have some physical limitations at my home. My fiber line’s entry point and my patch panel are in a very small closet that has horrible ventilation. The closet is big enough to fit a small server rack, but it already gets fairly warm in there with just the BGW320. I would like to limit the closet to only my BGW320, the new router, and switch. The servers are going to have to be in another location in my house, so I’m not going to bother getting a server rack
What is the plan?
I’m going to do this project in phases. I would like to first bolster my network with a new router, switch, and wireless access point. Once that is all configured and I’m happy with it, the second phase will be ordering my main server. Once that is good, I’ll go to the last third phase and order my network attached storage server. And there will definitely be no more phases after that. I will finally be done and I won’t have to spend any more money. Yup.
What router am I getting?
There are some things I need to consider when choosing router hardware.
- What software it’s going to run
- Number/type of ports
- VPN capability
There are two popular open source router softwares right now: pfSense and OPNsense. In researching and comparing the features between the two, they have a very similar feature set. I’ll probably end up trying out both at some point, but I’ll likely start with OPNsense due to some of the drama I’ve read about pfSense (I’m not going into detail here, but you can search for it pretty easily).
I don’t need any SFP (fiber) ports, gigabit ethernet connections will be sufficient for my network. For my router I probably only need 2 ethernet ports. 1 WAN and 1 LAN port. I might still get a device with 3 or 4 ethernet ports. There are reasons to have more ports on the router:
- To physically segment the network, and not just use VLANs
- Multiple WAN ports for multiple ISPs to have an internet failover configuration
- Duplicate connections to the switch
If anything, I may use the extra ports to physically segment my network. I don’t yet have specific plans for how I will segment my network. I know that I want to have segments for devices of different trust levels. For example, my main PC will be on the most trusted VLAN that has plenty of access to everything else on my network. My guest WiFi VLAN will only have internet access but no access to any other VLANs. My IoT devices, like my smart air fryer and smart tea kettle, will be on a VLAN that has no access to any devices on my network and maybe limited internet access. I could definitely see configuring my old wireless access point for guest WiFi and IoT devices and connecting these on a separate LAN port on my router to keep them further isolated from my main network. I’ll get a 4 ethernet port router to allow me that flexibility.
I would like to be able to VPN to my home network remotely. However, VPNs are fairly processor intensive because they are encrypting and decrypting all of the traffic. I could go two ways with this. I could either run my VPN on the router itself or forward VPN traffic to my server that will be running my VPN. Other than the price difference, one major consideration is that I absolutely plan on breaking my server in new and interesting ways. I don’t want to worry about breaking my VPN when I do this. I can get a router that can be configured to be a VPN, but it needs to have a good processor to handle the added load of a VPN, especially if I want to use a gigabit connection fully. Two of the most popular open source VPNs are OpenVPN and WireGuard. Between the two, it sounds like OpenVPN is more processor intensive because it’s not multithreaded while WireGuard is. If I end up using OpenVPN on my router, and I want to maintain a gigabit connection to it, it very well might not be possible due to the CPU limitation. So it may be the case that a high frequency, low core CPU will be better than a low frequency, high core CPU.
Considering these needs and after doing some research reading reviews and forums, I have heard good things about the Intel N100 CPU. I’m going with a more budget-friendly option and getting a Topton N100 2.5G router because it’s one of the cheaper mini PCs with a N100 CPU. I’m getting it with an add-on of 8 GB RAM and a 256GB NVMe for $47 extra. Not the greatest deal, and I’m betting that the RAM and storage isn’t the best quality, but the alternative was coming without RAM and storage at all. I want the device to arrive in a functional state. If I have to upgrade/replace the RAM and storage later, well then it’s only $47 wasted. The total cost for the device came in at $199.
What wireless access point am I getting?
The plan is to have two, maybe three, wireless network SSIDs configured. These will be on separate VLANs. One VLAN will be for trusted devices and one VLAN for untrusted devices. I may decide to split the untrusted device group into two separate VLANs for IoT devices and guest WiFi devices. Every modern wireless access point (WAP) is going to have multiple SSID and VLAN capability.
The other goal I have is maximizing bandwidth to individual devices while minimizing cost. I don’t have many wireless devices, I don’t use them often, and there will almost never be a time when multiple devices require significant bandwidth at the same time. My best current wireless device can make full use of WiFi 6 and 2×2 MIMO, so I’ll consider that a minimum requirement.
Looking at the TP-Link’s Omada suite of products, the EAP610 looks like the level of hardware I would like. I do want to compare it to Ubiquiti’s UniFi products. The UniFi product that has comparable technical specs to the EAP610 is probably somewhere between the U6 Lite and the U6+. I’ve used the Omada and the UniFi controller software before, and I liked the UniFi software better. However, the best deals I can find for the U6 Lite or U6+ are priced around $120, whereas the EAP610 I can find for nearly $90. I’m going to go with the more economical choice.
What switch am I getting?
Since I’m getting a EAP610, I need to make sure that the switch has some ports with PoE+ to power it. I need to make sure it has at least 8 ports (6 for my ethernet drops, 1 for my router, and 1 bonus port). Since we’re going to be using VLANs, it’s going to need to be a layer 3 switch.
I also don’t particularly care if the switch integrates with the Omada system. I don’t know if I’ll ever need any of the features that come with Omada integration like remote access to the switch or port bandwidth monitoring. The TL-SG108PE seems to fit my needs at $63 and the most similar Omada supported switch is probably the TL-SG2008P at $90. Who knows, maybe I’ll regret saving the $27 to get the non-Omada switch.
Summary
These are my purchases for the initial phase of my homelab:
- Topton N100 router: $199
- TP-Link Omada EAP610: $91
- TP-Link TL-SG108PE: $63
Total: $353
It will be a week or two for these to arrive. I plan to have a post for the configuration of these devices, and a post for purchasing the main server.
How do I end a blog post?
~Alan
Leave a Reply