(Still a work in progress) I'm new to the forums, but this forum is now my new favorite. Me and a friend have been planning for a LAN party we are going to start having every month. It is based in LA. I have taken it upon myself to build the NOC out of spare hardware I have laying around. The idea is to be able to take the r610 along with the black travel case to anywhere and setup, having everything online within a few hours.
Here is what I'm working on. In the case, I have an EdgeRouter Lite, a Dell Powerconnect 3448, a Netgear GS510TP, and some LiveWire power conditioner. The edgerouter is doing routing, firewall, and dhcp. Plenty for up to 100 users. That then connects to the Netgear switch. I have 2 vlans. Main and Management. Currently, I am only using the Main vlan, as finishing the vlans/firewalling will come last. The switch is POE, so it powers a Unifi UAP-AC for wifi. It is also the distro switch for whatever other servers/switches/devices. The nice thing about having the POE switch is that I can connect POE PD switches to it like the GS108T. My idea is to have GS108Ts or similar connect to the NOC, which uses POE switches as power. This reduces the amount of clutter on tables. The idea is one switch per 6 computers, or 3 tables. The Powerconnect is there for smaller events, which don't need distribution.
The R610 has 2 E5540s, 32GB ddr3, 2 146GB 10k SAS drives, and a 240GB Crucial SSD. It runs Proxmox as an OS. The OS and isos are stored on the SAS drives, and the disk images are stored on the SSD. There are currently 4 VMs running. One for MineOS, which is for local minecraft servers. Another is for Source Engine games like CS:GO and Garrysmod. The third runs server 2012 and is for any Windows-based services. The Fourth runs Ubuntu Server and is for Linux-based services like Teamspeak and Apache for file sharing. I attempted to run pfsense as a Squid cache, but ran into issues with PCIe passthroughs and certain features not being supported with the CPUs. In the future, when we get larger, we will have a dedicated server running squid and nginx for caching. Here are the other various pictures:
Nice to see you are trying to have lan parties. As far as your setup goes I see good and ugly bits in it.
Things I like: 1. It is simple and straightforward. 2. It seems to be portable. I'd put it into a small cabinet you can roll "out" when you need it. There are plenty of them on craigslist for a 100$ you could buy. 3. Clutter seems to have been thought of. 4. It appears to be easily expandable.
Things I see that are going to be ugly: 1. I see a general lack of security on the LAN side of things. * PC's should run isolated from each other on the lan side unless configured otherwise for example. I do not trust users to maintain proper control of themselves or their machines whatsoever. A simple "don't do nasty shit" doesn't work. * No monitoring seems to have been implemented. This will help you diagnose issues quickly and/or resolve issues nasty issues. 2. I see a lack of Quality of Service and performance in general on the LAN side - with 100 users this setup could be completely overwhelmed very easily. If 6 users share a switch, this means that you have the uplink bandwidth split in 6. Horray for 166MB/s (1000/6) These switches cannot aggregate more ports to give extra bandwidth. All it takes is one person to monopolize the link and everyone lags in their games - not good. Double trouble if they try to transfer from one 6 person switch to another! Let's annoy 12 people shall we? 4. Zero redundancy. Let's imagine someone makes the dell switch reboot.... accidentally or maliciously somehow... loss of PoE = complete loss of ALL THE NETWORK. 100 unhappy people. Unacceptable. 5. I can go on for a while. Don't take this criticism the wrong way - I'm only here to help you bonify your setup and think about ways to improve it.
I believe that while you are on the right path, better network equipment and security is probably what you need the most.
Isolation is a future step, but not necessary because of how small scale the event is right now.
Wifi monitoring is done with Unifi controller. Other monitoring is done with pinging. If a device goes down, I have a screen that alerts me with a popup. Everything will eventually be firewalled off so that normal network users will not have access to any SSH/WebUIs.
Each port has been set to 200mbps max full duplex. Aggregating is unnecessary, as there is only 6 users per swiitch.
True about that part, but I would say the chance is minimal of that. Keep in mind, I made this setup out of entirely scrounged parts. If I had more lb4ms laying around, then they would be in there. ERLite would be replaced with er-pro or pfsense box.
The setup should be fine for now. After all, it hasn't even been tested out yet. The eventual idea would be to have a dedicated firewall box for routing/firewall, 2 boxes for caching, stacked switches, and multiple proxmox servers clustered for redundancy.
EDIT: You are right about the POE thing not being a good idea. It severely limits the network's expandability and redundancy. The only time I would use the POE switch then, would be for powering APs.
As I said - your stuff is very simple and straightforward There is nothing "wrong" with it - just massive potential issues you WILL encounter sooner or later (especially in bigger lans).
I know you scavenged for this stuff, but you can still do things to better your setup.
Fine i'll go over a suggestion you can use RIGHT NOW:
If the event is small, the Dell PowerEdge 3448 should be good enough - you can have decent security implemented in that. If you can get your hands on another one it is stackable for instance and would give you redundancy if you alternate the netgear switches between the two. The price shouldn't scare you at all! Poweredge 3448 on eBay
Interesting. I understand where you are going with the PVLANs. I dont think I need to worry about redundancy though. Considering LAN events usually last for 4 days or less, the chance of a major failure is too minimal to worry about. I don't put any of my hardware into production until I have tested it fully, to make sure there aren't any major defects. I would probably go with EdgeSwitches, as they have PVLANs and lots of other features that would be very helpful for LAN events. Thank you for teaching me that PVLANs exist. I probably would have never implemented them otherwise.
