Networking advice for new home VM setup

[Tacocat]

Hello!

I've been lurking on these forums for a long time and now I'm looking to expand my home network/server setup and would love to hear your opinions about it.

I'm currently using one C2758 running pfSense (firewall + VPN) and one Mac Mini (htpc + torrent + misc services). To this I would like to add one or more servers on a DMZ (web hosting for example) as well as one or more servers on the LAN (offload the Mac, file sharing, torrent client, experimenting).

I considered adding virtualization to the C2758 but as I would have to get another server anyway I'm not sure it's worth the effort.

How do I setup the second server in terms of connectivity in order to separate the VMs into DMZ and LAN? VLAN? Different NICs?

 

[EffrafaxOfWug]

How do I setup the second server in terms of connectivity in order to separate the VMs into DMZ and LAN? VLAN? Different NICs?

In a nutshell, yes

Either separate NICs, or the same NICs with VLANs, or even multiple NICs with VLANs can all be used to achieve the same sort of thing. Typically it comes down to a) how many extra network ports you have to play with and b) to what degree your existing networking kit supports VLANs.

If you're going down the route of a dedicated hypervisor machine, and you have an extra NIC on your pfsense router, personally I would use that to set up a VLAN trunk (aka 802.11q) and wire that directly into your hypervisor... that'll allow you to route any number of additional networks to your virtualisation host.

If you're sure you'll only ever want the single DMZ, then you can forgo setting up VLANs entirely and just plug the cable straight into the virt host.

More complicated setups than that will either require a lot of extra network ports or a switch that knows kung-fu 802.1q. Haven't done this myself yet as I don't yet have a switch that does 802.1q, I'm just using port-based VLANs from my router.

Hopefully if I'm wrong someone who knows networking better than wot I is do will come along and set me straight, as I'm planning to do the same thing at some point (when I can actually decide on a switch)...

 

[Lost-Benji]

Yeah, what he said.

 

[Tacocat]

In a nutshell, yes

Either separate NICs, or the same NICs with VLANs, or even multiple NICs with VLANs can all be used to achieve the same sort of thing. Typically it comes down to a) how many extra network ports you have to play with and b) to what degree your existing networking kit supports VLANs.

If you're going down the route of a dedicated hypervisor machine, and you have an extra NIC on your pfsense router, personally I would use that to set up a VLAN trunk (aka 802.11q) and wire that directly into your hypervisor... that'll allow you to route any number of additional networks to your virtualisation host.

If you're sure you'll only ever want the single DMZ, then you can forgo setting up VLANs entirely and just plug the cable straight into the virt host.

More complicated setups than that will either require a lot of extra network ports or a switch that knows kung-fu 802.1q. Haven't done this myself yet as I don't yet have a switch that does 802.1q, I'm just using port-based VLANs from my router.

Hopefully if I'm wrong someone who knows networking better than wot I is do will come along and set me straight, as I'm planning to do the same thing at some point (when I can actually decide on a switch)...

Thanks alot for your reply. It was very helpful!

I don't have much experience with 802.1q either but that is kind of why I'm doing this.

I've done some research and settled on getting a SFP+ capable switch with 802.1q support. I'll start out with 1GbE just to get an understanding for how to setup the VLAN with hypervisor etc. I'll be looking for some cheap 10Gb gear to add to this as well.