I have a lot of tech stuff floating around at home and at friends houses. Some things are in “production” while others are legacy tests that have been left and forgotten.
With this in mind I have begun the journey of building a datacenter at home!
The most important aspect of doing greenfield is do have a clear purpose, which can then be broken down into goals, requirements and steps. The more good calls you can make early on, the less trouble you’ll run into down the road. With that being said, you have to be careful about not starting to micromanage everything. Keep the purpose of the deployment in the back of your head at all times.
The purpose for my deployment is mainly twofold:
- Allow me to deliver highly available service to my friends and family.
- Allow me to lab and explore new technologies.
Design
For the general design there will be three main parties: provider, customer and public customer.
Providers are responsible for providing a set of consumable services, in whichever form, for customers. Providers have internal infrastructure used for management and services related to the maintenance of the platform supporting the service set.
Customers are a known party consuming the providers services. Usually this is done over private transportation medium as to maintain the integrity of the service and of the customer. Each customer has access to some standard services, as well as unique services, depending on the access levels and provisioned services for each customer.
Public customer is an unknown party consuming a public service. The public services are always micro-segmented and isolated from all other infrastructure and accessible through the public internet.
WAN & underlay
I will be managing multiple sites, which gives me a great deal of control. I am hoping to deploy run MPLS over some form of WAN underlay (ie. DMVPN, ADVPN, IPSec, OpenVPN). However, this requires some hardware which I do not have access to as of yet.
I will also be running MPLS in the provider core, mainly to allow for easy propagation of routes and multiplexing across the WAN. It is important to keep this in mind while building, so that when I migrate the sites to MPLS over WAN, the change won’t be as big.
Primarily I will be running L3VPNs over the MPLS, but I hope to also build a VPWS circuit for each site to the provider core in order to allow L2 troubleshooting directly on-site. Unfortunately, not all boxes support ERSPAN. :stuck_out_tongue:
IPAM & VLANs
I will want to define a general structure for the IP standard. To start I will define how the site networks will be built out, since I have not yet decided how I want the provicder core IPAM to be built.
Each site will have a site id, which will be used to describe each network at the site.
| VLAN ID | Name | Purpose |
|---|---|---|
| 10 | <site-id>_mgmt | Management network for all infrastructure at the site. |
| 20 | <site-id>_client | Client network, with access to customers service set. |
| 30 | <site-id>_guest | Guest network, with client isolation and no service access. |
| 40 | <site-id>_camera | Camera network, completely isolated. |
| 50 | <site-id>_iot | IoT network, isolated by default, but specific firewall openings. |
Each site will also have a number which will be used in the second octet of the network on site. So a site with an ID of 180, will be using subnets inside 10.180.0.0/16.
Site networks are allowed to be /24, or /23, depending on use case.