vSphere Home Lab Network Configuration
I’m diving head first into a “network craze phase” of my career, in that I find the ways to plumb things into other things quite interesting and worthy of study. It is because of this that I realized that I have never actually posted a proper design layout of my home lab’s network for others to either use as a baseline or simply better understand how all the bits connect.
In this post, I’ll go over the topology of the network, how my VLAN gateways are configured, and the virtual networking used in my home lab.
To make the diagram easier to read, I’ve cleared away all but the most relevant items from the lab topology. All other servers and desktops are tied into the switch using a simple access port bound to VLAN 1. Any ports that aren’t connected are disabled.
Below is a Visio graphic of the ESXi servers, the primary network switch, and my storage arrays. All of the connections you see below are configured as a Trunk port with no native (untagged) VLAN.
- Each Green colored link is passing VLANs 250 (iSCSI) and 251 (NFS).
- The Red colored links pass VLAN 1 (virtual machine traffic), 252 (Fault Tolerance), 253 (vMotion), and 254 (Host management).
You might also notice that the DS2411+ array is using a port channel to connect back to my switch. It is in fact an LACP port channel.
VLAN Interfaces for Routing
Only a few of these VLANs can actually be routed. This is the ability to cross from one VLAN to another. I specifically wanted to isolate the IP Storage, vMotion, and Fault Tolerance VLANs. As such, the only VLANs with an interface are 1 (virtual machines), 251 (NFS) and 254 (host management).
You may see this list and think
“Hey! He said that he wanted to isolate IP Storage just a few sentences ago, what gives?”
You’re right – unfortunately, the Synology arrays do not support multiple VLANs, and thus I had to add an interface to VLAN 251 (NFS) so that I can manage the arrays from my workstation. Alternatively, I could place a virtual jump box on that VLAN and remote into it via the vSphere Client, but that would add complexity and risk for no significant benefit.
On the vSphere side, I have a pair of distributed switches that the three lab hosts use. Each distributed port group is labeled to make identifying the VLAN that it is on simple. The format is “Name – VLAN”. Other formats that I have seen and used are “Subnet – VLAN” or even “Name – Subnet – VLAN”. Since I’m using a very simple IP address scheme, where the third octet is always the VLAN number, I don’t bother using the subnet in the name.
Note: The management host uses a single vSwitch
Because all of my uplinks are connected to a Trunk port on the switch, all port groups have been explicitly assigned a VLAN. I find this makes it easier to manage.
There are certainly many ways you can build your home lab network; this is just the one that works for me. I’ve gone through many iterations of mine, and certainly this one won’t be the last. I do advise trying to make it as “production realistic” as possible so that you form good habits early – such as using VLANs and splitting off your port groups into roles. While I don’t exactly have a fully pristine environment (you won’t see most places using VLAN 1, for example), I do try to hit all of the important highlights.
Feel free to share your configuration, or ask questions of mine, in the comments below.