This is the second post in a series of articles on my home lab setup. As part of this series I am setting up my own home lab & building it towards hosting applications locally. I will be hosting applications such as a local media backup & streaming application & a network ad blocker. Check out the first post in the series, Building a Kubernetes Home Lab from the Ground Up, if you haven’t already. It talks about how my journey of home labbing began, the things you need to consider before starting your own journey as well as the hardware options available to use for your setup based on the mentioned criteria.
As you have seen in the previous post so far I have chosen & got the machines to set up my home lab with. In this post we will assemble all the hardware components I ordered. We will also configure my home network to set up my home lab alongside other devices in my home.
The networking configuration I do here is to isolate my household devices from the home lab machines, mainly for security reasons. As you know, I haven’t ordered any network hardware yet. Read on to understand how you can do it too with the basic equipment that your ISP provides along with some additional routers that you probably have lying around.
First & foremost, I needed to assemble the Intel NUC11s with the RAM & storage I had bought separately. As I mentioned in the previous post, Intel NUC is a barebones PC that only comes with a processor mounted on a board. I opened the Four screws at the bottom of the NUCs to get access to the internals.
NUC11 supports DDR4 SODIMM RAM, which slides into its slot only one way. I pushed it in the slot & pressed it down till it clicked in place. If you have two RAM sticks, you just need to repeat the same process for the second one.
For storage you have two options, M.2 (2280) NVMe drive and a 2.5-inch internal SSD. Both use SATA connectors. I had got 4 NVME drives to use as boot disks for the 4 Mini PCs & an additional 2TB 2.5 inch SSD to use with my storage server. To install the boot disk, I removed the screw which holds the NVMe drive in place, slid the drive into its slot & tightened it back on.
Unlike the RAM & NVMe drives, the 2.5-inch SSD doesn’t install directly on the board. It needs to be installed in the slot provided on the bottom plate which I had initially removed. I carefully aligned the connectors on the drive with the connectors on the plate & slid the drive in, till I heard a click.
After installing the RAM & Storage, I then screwed the bottom plate back on while paying attention to the arrow on the plate, which needs to point towards the front of the NUC. This completed the hardware assembly. At this point, the NUCs were ready to be plugged in.
Placement & Ventilation
Placement & cooling of your machines is a must to consider for better performance. In my case, the NUC11s come with an internal cooling fan & have cooling vents on the side. Hence I can easily stack them onto each other, without worrying too much about them heating up. As long as they are placed in a well-ventilated room, they should work fine. You should consider the availability of cooling fans & vents on your machines to make sure they won’t heat up.
An additional thing that many fail to consider is the placement & cooling of the power adapters. If your machines do come with power adapters, they too can get quite hot. This can damage them & may even damage your machines. Since NUCs do have power adapters, I decided to have a well-ventilated rack for them. Although, I saved some bucks here by making it myself out of cardboard. Here’s how the rack turned out & the placement of my NUCs on my desk.
Below are a couple of basic network configurations I did for my home lab. First one is to set up a separate LAN network to separate my home lab servers from other household devices. The second one is to configure static IP addresses for the servers in my home lab.
Separate network for Home Lab
The first thing I did after assembling the NUCs was to set up a separate network for my home lab. While I didn’t get a second internet connection, I did use another router & set up a secondary network inside the primary home network setup by my ISP. I did this for two reasons.
- Avoid network interruptions to other devices at home
As mentioned in the previous article, one of the reasons I wanted to set up my home lab was to learn networking. It meant tinkering with the network my home lab is on which may or may not work every time. At the very least, I would need to restart the router over & over again. So if the other devices in my house share the same network as my home lab, my family would come looking for me every time it goes down.
Since I’m planning to host various different things on my home lab servers, they might become vulnerable to attacks. So keeping them in the same network as my other home devices would mean putting all of my devices at risk.
There is a famous proposal by Steve Gibson to secure your home network, called the Three Dumb Routers. He spoke about it in his podcast called Security Now, episode 545. You can find its transcript here. If you aren’t aware of what it is, below is a short description of the same.
In this setup, you install three routers in an inverted “Y” connection. Out of the three routers, the router on the single prong at the top is connected to the Internet & acts as a gateway for the two routers connected below it. It makes use of the fact that the routers act similar to one-way valves, allowing connections from the LAN to WAN & not the other way around. Hence, even if a device in one of the two internal networks comes under attack, it cannot affect the devices on the other internal network.
As you can see, this setup requires a minimum of three routers, but I only had one extra router lying around. Thus my current setup is really a two router setup, as Steve Gibson had proposed here, before the three routers proposal. As a two router setup is still better than just a single router, I decided to proceed with this, with a plan to add the third router later.
If you can get your hands on two or more additional routers, I suggest you start with the 3 dumb router setup. Although, if you don’t have any extra routers, I highly recommend you get them as soon as possible. They don’t have to be fancy new expensive routers. In fact, as the podcast suggests, the most basic ones a.k.a. “Dumb” routers work the best for the purpose.
Below is how I set up my two routers & all of my devices. This setup secures my personal devices because of the reasons explained above. In addition, it also makes it easy for my home devices to access the utility services I would host on my home lab, without any additional networking configurations.
Static IP Addresses
As I’m setting up the machines in my home lab as “Servers”, they need to have static IPs. It would allow me as well as other servers in the home lab to be able to reliably connect to each other.
For example, specifically for my use case, the Kubernetes worker nodes won’t be able to talk to the master node if its IP address changes. Also, all the nodes in the Kubernetes cluster won’t be able to talk to the storage server if its IP changes. Here is another example of why you need static IPs for your servers. If I run an application in my home lab & expose it to the Internet. In that case, I’ll need to set up port-forwarding rules on my router(s) to redirect incoming traffic to the right server. With dynamic IP addresses, the port-forwarding rules will soon become out-of-date.
Most routers have the ability to assign static IP addresses using their management console. Below is how you configure your router DHCP with static IPs for your servers. The way it works in short is that you configure your DHCP server to bind specific MAC addresses to the desired IP addresses. Keep in mind that the chosen IPs must fall in your network CIDR range.
Locate MAC address
To configure a static IP address, you first need to locate the MAC address a.k.a. Hardware Address of the machine. In many cases, you can find the MAC address mentioned on the machine itself or its packaging. If you can’t locate it, you can first connect it to your network & let it acquire a dynamic IP address for the time being. After that, you have two options to find the machine’s MAC address.
- You can head to the Router’s management console & try to locate the device in the list of connected devices. In that list, you can see the names of the connected devices, their IP addresses & their MAC addresses.
- Alternatively, you can log in to the machine & get the MAC address using the OS specific network settings prompt. To go with this option, you would first need to install an OS on your machine though. This is how the UI looks for Ubuntu Desktop.
Locate Your Network IP Address Range
Once you have the list of MAC addresses, you need to find out the range of IP addresses your DHCP server is using to assign IP addresses. This range depends on your network CIDR range, which typically is 192.168.31.0/24 for home networks, but it’s better to be sure.
- Head to your router’s management console. You can find the router IP address & management console username/password on the router itself. Enter that IP address into the browser address bar & input the username/password to login to the console.
- The second step may vary a little bit for your router, but typically, you should find the DHCP details under Network -> LAN
- Find the DHCP start & End IP address. This is the range from which you need to select a particular static IP address for your machine & configure it in the next step.
Note: Although the actual range of IPs in CIDR 192.168.31.0/24 is 192.168.31.0 to 192.168.31.255, DHCP can’t use 3 of those addresses while assigning IPs. 192.168.31.0 is unavailable since that is your network address, 192.168.31.255 is unavailable since that’s the broadcast address for your network & the router cum DHCP device is using 192.168.31.1 address. Thus it’s left with the IP range highlighted in the image above to assign to the connecting devices.
Configure Static IP Address
Using the MAC address(es) & the chosen IP address(es) out of the DHCP start/end IP Addresses, we can now configure the static IP address in the router management console. Usually the static IPs can be configured on the same page where you found the DHCP details.
- Look for a section that says “Static DHCP Entry” or “Static Leases” or something similar.
- You should be able to enter the MAC Address & IP Address there to bind together, with an optional hostname field.
- Enter the details in the respective fields & save.
- Save & restart the router for the changes to take effect.
You can confirm if the static IP settings are working or not, after you install an OS on the machines & connect them to your router. As you can see below my router is correctly assigning the chosen IPs to my machines.
This completes our network configurations.
Here we saw how to assemble NUC11s with RAM & Storage as well as the things to consider for the placement & ventilation of your home lab. We discussed some basic network configurations to keep the devices in your LAN safer while also keeping the network you want to play with separate from the rest of your devices. Lastly, we also saw how to configure static IP addresses in your router network configurations to set up the home lab machines as servers.
This is the second post in my series on home lab. Do check out my first post on Setting up your home lab, if you haven’t already. The next post will talk about the OS & software considerations for my home lab with install steps.
Sameer Kulkarni is a software engineer with 14+ years of experience and is working as a Principal Engineer at InfraCloud. You can chat with him on Twitter & read more of his work on Medium.