ฝัง
- เผยแพร่เมื่อ 28 ก.พ. 2023
- This video goes over the top 5 mistakes that new HomeLab users make when they startup their homelabs!
Hire Me! www.spacerex.co/hire-me/
Become a channel member!!!! / spacerexwill
#HomeLab #Networking #virtualization
Affilate Links: (Synology Recommendations)
The new DS923+: amzn.to/3EuyaFx
Hard drives that I use: geni.us/k6GqFW
SSD I use with Synology: geni.us/AwOU
Going 10GbE:
Synology 10GbE (RJ45) Card: geni.us/d6KK94h
Starter 10GbE switch: geni.us/dHOpA
*These are affiliate links, which means that if you purchase a product through one of them, I will receive a small commission (at no additional cost to you). Thank you for supporting my channel! - วิทยาศาสตร์และเทคโนโลยี
Have an in depth question? Ask it on the new SpaceRex Forums! forums.spacerex.co/
May I suggest that in addition to recording the IP address of devices in your spreadsheet, that you also record the MAC addresses. Though not so important for devices that have static IP addresses (i.e., switches, APs, servers, etc.), I find this to be very useful for hosts that use DHCP. At any one time I have anywhere from 10 to 15 hosts on my network that Cisco's FindIT network management system displays merely as an IP address. Upon clicking the host icon, I can see the MAC address and look up who that host belongs to. Also, I make use of VLANs to segregate our business traffic, from friends visiting us (they join our network via a guest portal).
I was actually curious if there was a way to automate this process somehow. Like maybe using nmap or something.
Dang great idea
Most PCs and devices these days rotate them so probably no point.
You can just run a "Advanced IP Scanner" and find the device you need.
I was thinking of suggesting this.
When you make "top 5 mistakes" etc videos. It is always good to have them timestamped with the inbuild TH-cam feature. So viewers can hover over the 5 different segments.
This video was too chaotic for me. Even though I usually like your videos. Just my 5 cents. Have a great day.
Absolutely spot on with all points. Painfully suffered through all these as a hobbyist and experiment afficionado married to a networking aversed spouse and mom!
Great tips.
Great baseline things to consider! It's crucial not to blur the lines between your lab and home networks. It is very important to properly segregate your home and lab networks both logically and physically. The end result will lead to a more realistic enterprise design and limit your blast radius WHEN you screw something up in your lab 😀
Another tip is before purchasing new equipment, measure and verify that it will fit in the rack.
I spent quite some time researching my first server to purchase. I looked at every spec and finally took the plunge. When it arrived, my wife said "That's a huge. Are you sure it will fit?" I replied "That's what she said. And, of course it will". I measured the server and then measured the rack. Well, crap.
The server extended past the enclosed rack by at least 8 inches. I had to order another rack and now have a spare rack.
The way I do it every time is to lookup the rails for the sever. They should have a max and min depth between the back and front posts. That will tell you if the server is going to be too long for you
Great video I'm all about nested virtualization zero need to have a server rack at home anymore.
So So Much value here with so much sense. Thank you!
Your first tip is crucial but also hinges on if you have a basement. Having moved from a region of the US with winter to a region of the US with exclusive slab-on-grade construction, all of my homelab equipment attitudes and philosophies were completely turned upside down. I miss having a basement dearly. They are heat and noise sponges.
I became a big fan of your videos, really insightful and well explained 🎉
Happy to hear that!
If you want to run a home server simply because you outgrew your NAS but don't want to go overboard with all of the hassle consider this instead of going overboard with a server: have a box dedicated exclusively for storage and another one for applications. You don't need anything too powerful to run a storage server (will help with cost, noise, power draw), any old ARM base NAS would do. Then consider a low power mini PC or similar as your application server (will also help with cost, noise and electricity). Like he said in the video you really don't need that much power, if you need the ocasional Plex stream make sure the CPU supports Intel quick sync and you're done.
Going back to the firewall VM part. What is your opinion on having a dedicated firewall device, but still virtualizing the router part itself so that I could host say a reverse proxy or separate DNS/DHCP server? Any reason not to? The only VMs on that device would be used to only host services that the rest of the network depends on.
I had to virtuallize my firewall (OPNsense) because The BSD kerrnel didn't support my 10G nic. It's still its own box, but its running on a Proxmox VM
Great tips!
Thanks!
Nice job! Great content.
I have a company with a local network that has multiple routers. The NAS is behind one router, but a department that would like access is behind another. Have you made a video that discusses how to access the NAS across this configuration?
i will counter argument about "not virtualizing router". i have router VM for two very specific reasons: 1. uniformity and backup. in case of hw failure can install hypervisor on any hardware, put in my backup of router OS and be running in 15 minutes with all settings and services "as it was" without any compatibility/configuration issues and hiccups. this is why backups exists for. 2. i can interlink different OSs inside one physical host and make universal setup for advanced border security with "blackbox-type" connection to network. i have 2 nics (will be 3, for wan, for trunk lan and will be for dmz physical separation when needed, which only vlan now) and wifi card inside of host. router OS is opnsense, but its notoriously bad for wifi, so, for it i have openwrt_x86 interlinked internally with virtual 10gbe and no hw latency involved.
What are your thoughts about virtualizing pfsense as a failover besiede a physical one?
All solid advice!
Is it bad that for everything so nice and neat, my eyes keep drawing to the cable from your tv? I just want to run that behind the wall lol.
Question for the room, is there any way to set up something up to be able to cast things like youtube across subnets? I've put my tvs on a IoT network in unifi but annoyingly my pcs on my main subnet can no longer cast to them. I was told Avahi -deamon but no idea how to set it up.
Also used the same thing DNS, have adguard handling it on both home assistant and synology
So many features like casting and airplay are really designed to run on a single subnet.
this *sometimes* works:
Allow the proper ports between the two VLANS for the casting protocol
Setup multicast DNS between the two networks
Multicast DNS did the trick for me
I really like most of these rules. Not sure about the no virtual router rule, though. I have been running pfsense as a proxmox VM on a NUC for a few years now with no issues to speak of. As long as you set the router VM to boot first, everything should work just fine. TBH, if configured correctly and you have multiple VM hosts, it can be MORE reliable than a standalone router, because you can just boot the router on a different host in the event of a hardware failure.
Good tips!
Question: Do you run Zabbix installed on a host, or as a Docker container on a NAS/server?
I host it on a ubuntu server hosted in my rack as a VM
@@SpaceRexWill Thanks.
Question - I hate noise as well. About to set up a DS923+ using all 4TB WD Red SSD's. Would you run raid F1 or 5.
923+ does not have f1 (AFAIK) I would use RAID5 (either way actually)
@@SpaceRexWill Awesome... just saw it in the Synology raid calculator :-) Thanks
Yep all good advice. I've got a 16 port PoE+ switch I'd love to use but it's just too noisy, sadly the fans are not easily swapped out either... 😞
What is the switch?
Two questions Will : A) How would you define a "home lab" ? B) Do you recommend setting up a firewall for most home users and, if so, where would you set it up - stand alone, router, NAS, or ?
Haha I have no idea the definition of a homelab. But it’s really more of a blanket term for people self hosting and playing around with severs at home.
So one misconception people have is that (until you get to the enterprise level at least) your router is your firewall. Even a cheap router that came with your internet is going to keep packets from entering your network without requesting them.
I've heard the term NAT firewall to describe home routers. Apparently NAT is accidentally a form of network security as it's original design was intended to prevent the exhaustion of all IPv4 public addresses and it ended up being a really good way to protect systems behind it too.
Thanks for the video. I have UDM Pro and tried to see how to run local DNS on it (I'm running it on pi-hole and it sometimes doesn't work). Can you suggest a tutorial I could follow?
Been working on one soon! Basically you just set the DHCP of the network to the IP of the UDM. Then each device you can set a static ip -> custom hostname. Note this is not full DNS, but its at least good enough for most people
Never thought I'd be taking tech advice from Jim Carey 😄 Thanks Jim!
I have a Q, is it a good practice to enable snapshots on the activebackupforbusiness folder?
Does not hurt to. But you want to make sure to keep very few of them as your real versioning is through ABB. This would just be for emergency
@@SpaceRexWill Thanks for the reply, wishing you all the best. God bless
I certainly made the mistake of not changing my NAS static IP to a ‘nice’ one. And now it’s too late to update everything :-(
I understand not to run a firewall router on an VM. I also understand if you lose the VM because the server can go down as well. And yet so can a server or a standalone firewall router fail as well. What happens when you can not get another standalone firewall router if you main one fails. An VM firewall router might be the way to do to fix a lot of problems.
In my case I have shortage of space. Only enough room for a full server and a network switch. Also in my case I runa VM firewall router. I know it's not ideal But it is what I can do for now until I move.
Somehow i can hear that hum from your server rack. I just press pause and it goes away :) My server rack is in the basement, so that hum is not heard when i'm in livingroom or in my office :D
Number seven, everything is in cloud nowadays if you're doing actual business. I'm a nerd that is why i have actual hardware in 2020+ ;)
funny enough this noise is actually from our fridge, drives me crazy
@9:50 Cause a problem with your home internet just once and your family will automatically blame you for every internet issue (real or percieved) untill the end of time.
Absolutely!
I have three 1u working quietly, they have a G4400 processor with Pfsense OS and 2 DNS, another 2u with Truenas and another 1u these are yelling my God, I'm thinking of buying terbins for processors, and turning off the case turbines
Trunas as a host is crap and constant hard write dumps every 3 to 5 seconds (good ol loud crunching) and they are limited/pita to manage. Containers are eh at best on there. You can virtualize trunas easily with hba or it mode pass thru, then be able to have real vms/containers/backups/ha/etc. I virtualize 2 trunas with pass thru of hba and sync them all while running 6-12 vms at same time.
I run TrueNAS in a VM, but with a HBA passthrough. It is a very, very, very bad idea to try virtualizing TrueNAS, especially ZFS, through QEMU.
In a VM like this it is more reliable, since I can easily roll back the OS in case of a borked update.
As for DNS, I just use my Mikrotik. Well, I have two of them on my network (the second one is acting as a switch next to my servers) that acts as a backup DNS. I just have to resync them from time to time.
This comment is confusing and seems self contradicting.
TrueNAS is a very very very bad idea in QEMU but you're doing it? Or are you saying VM true nas is ok but VM ZFS is bad?
I'm not sure why you would say you run truenas VM and then say it's very very bad to do... Can you clarify this at all?
Took a shot at NetworkChuck around the 3 min mark...
"Don't virtualize your firewall" - Tell me why?! Is it interrupt flooding? I bet it's interrupt flooding.
From what I've learned, running a firewall in a VM isn't terrible if you set things up correctly. At least with the hypervisor you always want to make sure it assigns itself a static IP so that even if the firewall goes down you can get to the web interface. I just couldn't justify utilizing an entire computer to the firewall. I might well just bought a more advanced SOHO router if I went that route.
I also live by myself so I don't have to deal with annoyed family members. Best decision I've made in my life.
Can you do it: yes
But it’s one of those things that will just cause you hard drop outs over time. Can be fine if you live by yourself and deal with it. But something that will make your family hate you
@@SpaceRexWill I've been running it for a few weeks without any real issue. It's been about a week since I swapped out my SOHO router. The only time I have had an issue with it is when I've accidentally turned off the computer running Proxmox/pfSense. Then I have to wait for the computer to come back up and sometimes I have to power cycle the modem. I purchased a UPS for my setup so hopefully no more accidentally pulling the plug.
At some point, when I have the money for it or can find a NUC clone at a ridiculously low price, I may setup a dedicated pfSense box as a backup in case I accidentally bork my Proxmox setup but right now it's been fairly hassle free.
Senior network administrator here. That bit about not virtualizing a firewall is hot garbage. It can be done safely, effectively, and efficiently.
Would I suggest someone with little to no networkin expirience virtualizing a firewall as their primary firewall for their house? No.
But along the road or to have a tinker toy, absolutely. The point about "what if your host fails" is asinine. What happens if your standalone router fails?
You usually get a router from your isp. Configure that and then unplug it. Your host goes down, you plug that sucker in and you're fixed in a matter minutes.
If you really want to get into the weeds, a HA cluster with your firewall of choice is going to be vastly superior in every way to a standalone router and is a staple in growing IT infrastructure. And isnt that what a homelab is for?
I dunno what kind of clients services you provide, but if want to do anything more than mom and pop shops and helping grandma get internet, you better learn to virtualize a firewall at some point.
Very good baselines! Especially when you say do not virtualize your pfsense .
Meh, I’ve been running pfsense on a ESXI VM for years. I run 25gb NICs, no reason my VMs should have access to that as well. I just don’t see what the big deal is…
5:30 hosting vms on truenas? hell no that would be one big mistake here :)
Those are a lot of concerns from wife hahaha. One thing missed, homelab-ers are single😂 or divorced 💀
Jk, Good video!
Its dangerous out there! Its very important that my wife likes the box!
Aren’t there already some very good alternatives to Raspberry Pie ?
Takeaway: Do not piss off wife.
Got it!
The equipment in my lab sounds like an airplane.
Didn't know Jim Carrey was a computer hobbiest.
What's his nationality? He sounds just like the ShadeReview guy.
clicked and watch till the end because the thumbnail and title sounded great! generally interested in what the video has to offer. but i have no idea what anything was.
You should never run one mail server or one DNS. And I don’t replicate my DNS for additional security, even if I have to enter records twice.
#1 Mistake in making a video. Not timestamping your video for viewers to skip to.
You're nerdy Channing Tatum
I have learn to leave the itnernet alone.
^its the reason I still just run a dream machine pro, rather than PF sense for my router. Fewer ways to take down the internet
Me first :)
Great video but dislike for "watch before you start"
jim carrey?
Guilty
I feel like you’re trying to tell me something…
Poor guests..
*Beginners 😅😂
Whoops! Fixed!
I know that it is your opinion and experience but I cannot agree with more than a half of your statements. Your needs ok, but making statements to never do sth should be phrased I will never do that sth. Virtualized firewall on dedicated hardware ok, but you scream never virtualize firewall and adding on Synology is a facepalm... If you don't have engineering background it will explain a lot.
There is a big difference between a software firewall (pfsense for example) and virtualizing a software firewall on top of something like XCP-NG or Synology virtual machine manager. Virtualizing your primary router in your home is going to end up becoming a nightmare and can put you in a situation where your VMs cannot boot because your network is not up, but your network cannot get up because your firewall is a VM.
Can it be done: yes. But its not worth the hassle you are going to put your family through as your are constantly debugging a virtualized firewall.
@@SpaceRexWill sounds like bad design IMHO. I have virtualized pfsense for years on proxmox. Before that on Ubuntu server. Dedicated hypervisor.
Putting VM inside sth like Synology or qnap is asking for troubles. It can be done for home assistance or other less important services.
Home networking is not easy but there is a plenty of materials how to do it right
r/TvTooHigh
You should take a public speaking class. I love your videos but it's like you are afraid to raise your voice or speak with authority. Look up timid speaking, it might help you grow the channel!
I can relate to the suggestion. I really like the content, but occasionally I hear your natural speaking voice too, which is more pleasant to listen to. Happens most often when you drift off the script. I often notice a "pitch down" at the end of sentences too.
Speaking needs a little training, but you're doing a fantastic job delivering quality content! Keep it up and thank you for all the tips and tricks for my new ds1522+.