Saturday, September 29, 2012

Duplicating an Enterprise Network in a Home Lab using VMware ESXi and Vyatta Network OS

Virtualization and software-based networking has opened up a world of possibilities not only in designing and consolidating enterprise infrastructure, but also for personal training.  I like to verify my current knowledge and and trying out new technology all the time. However, it is usually difficult to do this because in order to do networking training you usually need vast amounts of hardware. Thanks to virtualization, I can ramp up as many servers as the virtualization host can handle, set up a bunch of virtual switches and routers, and assign whatever I want to the physical NICs on the virtual host.

One of the things that I enjoy doing the most in my “free time” is building my own test labs and test networks. I have had a great deal of success doing this using various virtualization and software-based networking technologies. At the moment, I have one VMware ESXi 5.1 host with two virtual routers running Vyatta Network OS 6.4. So far the installation is rock solid and I haven’t had any issues aside from the NATting, which I will address in a minute…

The screenshot below is a visual representation of my current network environment at home.
Vyatta design

From this diagram, you should be able to tell that all I did was connect my ESXi host to the simple switch. This was OK for a time, but my needs have expanded from this simple setup. The problem lies with the SOHO home WiFi router. Most of the SOHO routers will only NAT for a single subnet and nothing else. Because I have a 2nd router with multiple subnets, only the 192.168.1.0/24 subnet is able to reach the internet. The good news is that all of my private subnets can ‘talk’ to each other thanks to static routes on the Vyatta routers, but only the one subnet is actually able to reach the internet. I need to make a change. Below is a Visio of my long term implementation plan.
Vyatta design - long term plan

In this updated design, even though I didn’t need to I chose to stick with using two Vyatta routers, I did so anyways (more of a challenge in my opinion). There are several differences with this design compared to the last one:
  • The SOHO home WiFi router will be removed entirely. NAT will be handled on Router-Core-V1. DHCP and DNS will operate on my Domain Controller, which is also a virtual machine.
  • Eth0 on Router-Core-V1 is hard-linked to ESXi NIC #1, which is then directly connected to the ISP modem. Thanks to NAT on the Vyatta router, I can create as many private networks as I want without worrying about the traffic reaching the internet if I have the need.
Now, it is important to note here that it is possible to build the exact same type of virtual playground with Hyper-V, Citrix XenServer, Xen, and other virtualization hypervisors. Why did I choose VMware for this exercise? Because of a special project that I am not yet privy to discussing publicly!

So this is pretty much it. I didn’t really elaborate on the design, but you can make out the detailed configs from the diagrams above. There are many different ways to mimic an enterprise network using virtualization tech.

-Joe