Network Rebuild

I’ve spent some time lately redesigning my home network thanks to some new (to me) equipment that I found on eBay. This post is a breakdown of what I’ve done so far (and maybe a bit about my plans moving ahead).

Core Switch

For a few years, I’ve had a really nice router that allowed me to create separate subnets for different purposes. Up to this point, I’d only had small, “dumb” switches, so for each new subnet that I wanted to create, I needed a completely separate router interface and switch. It got out of hand really quickly, becoming a rat’s nest of different consumer-grade equipment.

A few weeks ago, I found a used NetGear “smart” managed switch. In addition to 24 gigabit Ethernet ports, it also has 4 SFP ports for later expansion. All the ports support at least PoE (802.3af) with 8 of the ports supporting the more powerful PoE+ (802.3at) standard. Of course, it allows for VLANs, and link aggregation, too. This one piece of equipment has enabled everything else that I’ve been able to upgrade. It’s a really powerful addition to my home LAN.

The “new” core switch just after I got everything working. – Photo by the author

I’m not going to lie – this took a little while to get set up. It wasn’t immediately obvious that the aggregate links I was setting up on the switch for my uplink to the router, and for one of my servers, weren’t using LACP by default. This manifested as unreliable links – not broken ones. Most traffic would get through, so it was hard to pin down exactly what was broken when I’ve also just moved EVERYTHING else at THE SAME TIME. I made this move as a total heart transplant as far as the network was concerned, because I felt a lot of pressure to get the Internet back up quickly for the other members of my household. In the end, trying to rush caused me to miss things in the troubleshooting process. There were several cycles of reverting all the changes and starting from scratch. I also could have done a better job of finding documentation and doing a written plan of action first.

In the end, everything worked out, and we have a MUCH more capable network now.

Wireless Access

Prior to having the ability to do separate VLANs on the same switch, I had to run totally separate hardware stacks for each subnet I wanted to provide. The same was true for Wi-Fi access: there were multiple access points, each tied to its own subnet and with its own distinct SSID.

Why not put in an access point solution that was also VLAN-aware, and since I now have a PoE-capable switch as well, take advantage of that at the same time? This would also let us get rid of the $15/month we were paying to lease our main Wi-Fi router from our ISP. That was going to be the next phase of the plan. I decided on a Ubiquiti UniFi U6-Lite Wireless Access Point, and was able to find a refurbished one for sale to save a few bucks.

The U6-Lite Access Point - plenty for our needs, and as a refurb unit, the price was right. Looks great, works even better! - <i>Photo by the author</i>
The U6-Lite Access Point – plenty for our needs, and as a refurb unit, the price was right. Looks great, works even better! – Photo by the author

I already had some experience with Docker, so I decided that I would run the UniFi Network Controller software myself within a container. I know – it’s sort of overkill for a single access point setup, but that’s the easiest way to get the VLANs going the way that I wanted. It was super easy to deploy the container, but I had a little trouble getting the access point to adopt at first. It turns out that my VLAN configuration wasn’t quite right on the switch: I really needed a separate management VLAN for the access point and controller to live on so that all the other VLAN tags would work correctly – after a little bit of experimentation, I found a config that worked.

That’s been a theme of this project so far: if I was more experienced with VLANs, or with LAG configuration with the switch, then this whole thing would have been almost plug-and-play. But isn’t that why we have home labs? So we can play with these technologies and gain experience?

Returning to the task at hand – the UniFi Controller software is really wonderful. There is SO MUCH data about your network and how it is running, and it’s beautifully-presented. My kids really enjoy seeing the animated visual representation of traffic flow that can be turned on within the topology section of the dashboard. Very cool stuff!

Performance data about our humble U6-Lite within the UniFi Controller. - <i>Screenshot by the author</i>
Performance data about our humble U6-Lite within the UniFi Controller. – Screenshot by the author

In addition to our regular “Home LAN” Wi-Fi, we now have separate SSIDs (and VLANs, each with their own appropriate restrictions) for my kids to use, for IoT devices in the house, and even for guests (with a super-slick captive portal built in!) I’m very impressed with the UniFi system.

Servers and Services

So what are we going to do with all these new network capabilities? Well in my last post about this general topic, I talked about a lot of the things that my boys and I had been playing with in our home lab – we’re still doing those things, but at a larger scale and with better organization now.

For starters, I’ve really come to love Proxmox. Since I last wrote here, we’ve upgraded our virtualization server from an old desktop to a used 1U rackmount server that the boys’ grandfather found for us on a local marketplace site. The new machine is a Dell PowerEdge R610 with 2 Xeon X5675 CPUs (for 24 total threads), 80GB of RAM, and 2.4TB of storage. It’s a monster of a machine, so I don’t keep it on all the time – I only use it when I want to play with a really complicated system or set of systems together. I’m able to keep it off because it has an iDRAC integrated lights-out management system that allows me to send a network signal that turns the machine on remotely.

The front panel of our second-hand Dell PowerEdge R610 server. - <i>Photo by the author</i>
The front panel of our second-hand Dell PowerEdge R610 server. – Photo by the author

For a few years, I’d been running most of the network services that need to be on all the time on small, inexpensive single-board computers. These have been really great because they don’t use a lot of power or make any noise, and have been reliable enough and fast enough for our purposes. As I’ve gotten more used to having the power of Proxmox around, I’ve started to see the limitations of my old way, though. And similarly to the issue of each subnet needing its own networking, each service that I wanted to limit to a particular subnet needed its own server for that subnet in order to remain truly isolated.

Now that I have proper VLANs, why not set up a lower-power server and run a single trunk connection? Whenever I need to add a new VLAN, it’s as simple as adding a new tag on that server’s interface and the switch port. Proxmox makes that process really easy.

Proxmox runs on our old laptop very well. Modern hardware - even consumer-grade stuff - has a lot of headroom. <i>Screenshot by the author</i>
Proxmox runs on our old laptop very well. Modern hardware – even consumer-grade stuff – has a lot of headroom. Screenshot by the author

So that’s what I’ve done. I’m replacing 3 separate single-board computers with a single laptop we were no longer using. I put a little more RAM in it, installed Proxmox, and set up a few VMs for hosting internal and external services. All the websites I host for our family are now containerized (including this one). I have a single VM backup to run (which takes just a couple minutes) and all that data is safe. This setup will also make the eventual migration of the sites to new hardware a breeze.

For containerization, I’m still using Docker. I feel like I was a little late to that party, and I had some trouble wrapping my head around it at first, but I see all the benefits now. I know that I can run LXC containers within Proxmox, but I haven’t messed with that too much. I really like the interface that Portainer supplies, and I feel like I have a setup that works really well for our purposes. I might experiment a little in the future (it IS a home lab, after all) but for now, Docker is our “production” setup.

For the Future

Things are working really well for now. I’m so pleased with how everything has come together since ripping out all my old networking and rebuilding around a commercial-grade switch.

I think the next thing I’d like to do is replace my current network storage setup with a proper NAS. I don’t think I’d want to use the UI that comes with the types of systems that you get from something like a Synology or QNAP – I’d probably just use them as a raw pool of storage, and run something like NextCloud for the “friendly” interface to all that storage. I just need a big hard drive that I can talk to over a couple of TCP ports. 🙂

Next, I’d like to improve the reliability of my hosted services by setting up a modest Proxmox cluster. There are a lot of ultra small form factor, so-called “1-liter” desktops on the secondary market – largely as they come off of corporate leases, it seems. My own experience (and what I’ve seen from other home lab enthusiasts) seems to suggest that with enough RAM, they’d work out really well as Proxmox nodes. I’m not sure if I’d go so far as to set it up as a high-availability cluster, but being able to shuffle VMs back and forth as I move around the underlying hardware, or do updates, would be of great benefit.

I’m excited about the possibilities that are available for the boys and I to explore. I’m sure there will be more posts coming as we build more things!

Recent Technological Tinkering

The last few years have been pretty crazy. In addition to the COVID-19 pandemic that the world has been dealing with, I’ve had a lot of things going on in my personal life that have kept me quite busy. While the main focus of my blog here is history, from time-to-time I like to give an update on the things I’ve been exploring in the technology world – mainly because it’s one of those things that my boys and I love doing together. I continue to use the same kinds of open source software that sparked my love of computers in the first place, and that ecosystem has only gotten more robust in the last 20 years. The things my sons and I have set up now have given us a great platform to try out the possibilities and expand our understanding and creativity. It’s been a great way for us to bond.

Kids Stuff

The boys have been learning about Linux and all the related software by using Raspberry Pi single-board computers. We have quite a collection – and I’m glad because it’s quite hard to find them these days because of all the semiconductor shortages. We’ve had a few Pi 3Bs, a Pi 3B+, a Pi 3A+, and lots of Pi Zeros. Some family members got together to buy the boys a Pi 400 for Christmas the year before last, but it suffered a horrible death due to being transported around too much.

Sometimes, we experiment with microcontrollers, like the BBC micro:bit, Adafruit Circuit Playground, or even Arduinos, and it’s as much a learning experience for me as it is for the kids. If we do anything particularly notable there in the future, I’ll probably make a post about it.

Some of our collection of single board computers and microcontrollers. - <i>Photo by the Author</i>
Some of our collection of single board computers and microcontrollers. – Photo by the Author

The boys each have their own laptops – courtesy of their maternal grandfather, who has a knack for collecting used computers and reselling them online. Every time we visit, the boys want to “go shopping” in Baba’s basement warehouse for new-to-them pieces of tech gear.

John currently has a Toshiba Satellite L75D-A7283 with 6GB of RAM and a 512GB SATA SSD that we installed together. He has it partitioned so that he can boot into either Zorin OS or Windows 10. His biggest issue with the computer is that there is no motherboard / BIOS support for the virtualization technologies that the built-in AMD A4 should possess. This keeps him from using newer versions of VirtualBox to play with. Probably his favorite thing to do with the computer is play the PC Building Simulator video game.

Isaac’s laptop is an Asus X54C with 4GB of RAM and a 500GB HDD. Like his brother, he can boot into Windows 10, but prefers to use KDE neon. Isaac likes to code silly things with Scratch and Microsoft MakeCode – sometimes he loads his creations onto one of our microcontrollers.

Main Webserver

I don’t know that I ever really announced it here, but I’m back to self-hosting this website after using a provider for a number of years. The current iteration runs on a Pine A64+ – a really awesome little single-board computer with a quad-core, 64-bit ARM chip and 2GB of RAM – running the Ubuntu Server variant of Armbian Linux. For resource efficiency reasons, I moved from Apache to nginx for the webserver a few years ago. The site is still built with WordPress. I also host a few other things on this box, including my kids’ websites.

Networking

By accident just walking around my local Microcenter one day, I discovered the Ubiquiti EdgeRouter X and couldn’t believe how powerful it looked for the price. I just had to pick one up, and it is now my main router. This has enabled me to run multiple different LANs and segment network traffic in my home to keep IoT devices away from the rest of my computers. While networks seem to intimidate a lot of people, I’ve found the EdgeRouter to be pretty simple and even fun to set up and use. Ubiquiti’s products are great for anyone who wants to take their home network to the next level.

VPN Server

Along the lines of networking, I wanted to have a VPN set up so that I could have secure access back to my home network if I needed to modify anything on the go, or just to encrypt my traffic for security reasons if I had to use public wi-fi. I set up OpenVPN on a dedicated server for this purpose and have absolutely no complaints about the way it performs.

Docker

I'm still trying to get my head around how Docker works. Portainer has been really helpful. - <i>Photo by the Author</i>
I’m still trying to get my head around how Docker works. Portainer has been really helpful. – Screenshot by the Author

I’m certainly no expert on containers – I’ve only begun playing with Docker recently on a Raspberry Pi 4 with 8GB of RAM that I’m running as a server – but I can see why it’s become a popular technology. Managing the containers through a web interface – I use Portainer – has made it much easier to understand what is going on. The boys and I have played with a few things in Docker:

  • Guacamole – An open source VNC / RDP / SSH gateway that can run on basically anything with a modern web browser. Very cool technology, but it was a bit of a resource hog on the Pi.
  • PiHole – I’m a little bit paranoid about “smart” TVs, so in addition to running a totally separate network segment for my IoT devices, I also funnel their network requests through this DNS filter to cut down on the amount of spying that these devices are capable of (or even like to do). This also has the benefit of cutting down on the amount of ads we see on websites, and I have it configured to protect us from other harmful stuff out on the Internet.
  • Habitica – A tool for making real life self-improvement into something like a video game. The “open source” version forces you to clone their entire website – including all their payment processing code – and really seems to be intended for people who want to help them fix their bugs. That said, this was a little too clunky to be useful as a self-hosted thing in our case.
  • Grocy – We set this up as a home inventory system for groceries. Still experimental for us at this point. I love the idea of being at the grocery store and knowing how many cans of soup we have at home, but keeping the inventory up-to-date is where we have a problem.

I haven’t quite gotten to the point where I feel comfortable running the things I really care about within containers, but maybe that will come some day.

Proxmox

The REAL fun has been in exploring Proxmox – an open source hypervisor server based on Debian. Admittedly, virtual machines are definitely heavier on resources than containers, but they provide a lot more flexibility in my mind. Through a web interface, we can now quickly spin up virtual servers to play with different operating systems, software, and even network configurations – and it’s a lot easier to tear them down once we’ve finished.

I’m running Proxmox on a second-hand Dell XPS 8300 Desktop with 16GB of RAM and that has been plenty for our purposes. So far, I’ve kept a dedicated FreeBSD VM running on it, as well as a VM for playing with Kali Linux. The boys have also used it for test driving different Linux distros before they each chose one for their own laptops.

Battlefield Visits, Re-Visited

It has been some time since I posted here – a lot of “life” has been happening, and that has kept me away from publicly documenting my historical travels. I am hoping to make up for lost time.

With that said, I have decided that the “Battlefield Visits” format that I had originally chosen is a bit too elaborate to be easily sustainable. My thinking was that it would provide a structure that I could just fill in, so that I could be sure that there was consistency in my write-ups. In practice, I’m finding that I prefer to use a more free-form style in my writing, and for smaller fields with fewer available resources, it is hard to fill out all of that information. Also, I’m going to A LOT of battlefields, so it’s a lot of work to write up each on its own!

Instead, I think that I’m going to shift to more of a travelogue format, where each of my road trips becomes its own post and the battlefields that I visited along the way are outlined within. This is similar to what I’ve been doing on Facebook, and should make these posts easier to produce (hopefully leading to a clearing of some of the backlog).

As of this writing, I have been to 134 of the 384 Civil War Sites Advisory Commission “official” battlefields. From here on, I’ll also be marking my progress by noting the order in which I visited the fields as I write them up, with a notation like “Civil War Battlefield #X“. I’ll be weaving in some of the battlefields that I visited as a child (most of which I’ve re-visited as an adult), so the numerical order won’t be consistent on the website, but it should represent pretty well the order in which I experienced each.

I hope you enjoy the journey!

Battlefield Visits Series

One of my favorite things to do is visit historical sites – especially battlefields. Over the last several years, I’ve begun to expand my horizons beyond Gettysburg; building up a desire to learn as much about the entire Civil War as possible. I had of course visited other local battlefields: Antietam, Harpers Ferry, and Manassas to name a few, but I knew there were more battlefields in other theatres, and my study of the Gettysburg campaign had opened my eyes to all the “minor” actions that took place on the way to the major battles that you think of. There had to be some type of definitive list of these events.

My curiosity led me to the CWSAC. In the 1990s, Congress had created the Civil War Sites Advisory Commission to determine which Civil War battlefields existed and their state of preservation at that time. Their efforts led to a list of 384 “principal” battlefields (from as many as 10,500 armed conflicts of all sizes over the 4 years of the Civil War). Most of these sites don’t have a National Park associated with them. Many aren’t even protected by a State or local park. I decided to set a goal to visit each site.

Since I began this journey a few years ago, I’ve made significant progress. As of this writing, I’ve visited 67 of these battlefields. I should also point out that I don’t strictly adhere to visiting only CWSAC sites – many of the smaller skirmish actions (especially those associated with the Gettysburg campaign) have been on my radar, too.

Up to this point, I’ve been keeping notes about my travels in a small journal, and I’ve also occasionally posted about my visits on Facebook, but I recently realized that a more proper outlet for this historical travel-log would be my blog here. So today I’m adding a new category called “Battlefield Visits” and I’ll be doing an entry for each battlefield that I’ve been to and the ones I travel to in the future. My hope is to make a couple of posts a week until I “catch up” with the sites I’ve hit already, but we’ll see how things go. Most of these posts will probably be quite short, but others may be longer – especially for places I’ve been to multiple times, or that are of greater significance. I’m excited to have you along for the ride!

New Look

Regular visitors will notice that things look a little different around here.

My previous hosting providers decided to raise their rates, and corrupted part of the website database at the same time (not exactly a great sales pitch). It seems that the only part of the site that I couldn’t recover was the categories for each post. As of this writing, I’m beginning to rebuild and reorganize those.

As I had to make a bunch of changes anyway, I decided to take a fresh approach to the look of the site as well. I’ve switched to a new theme that is cleaner and should behave nicely on whatever size screen you’re reading this on. I’ve also tweaked the color scheme a little. Feel free to let me know what you think!

While family, work, and school remain my top priority, I plan to continue nerding-out about history as time allows in 2018. Most notably, we have the 155th anniversary of the Battle of Gettysburg to look forward to together!

New Website Address

I’ve decided to change things a little bit around here. I’m switching the web address for this site over to a domain I’ve had for a few years and just haven’t done anything with. As of today, the new official URL for this blog is:

https://peteskillman.com/

Any old links using the http://pete.skilmnet.net/ address should continue to work, I just wanted to start using a cleaner, more recognizable default address from here on out.

Please update your links and bookmarks accordingly, and thanks for reading!

The Historical Marker Database

Since I was a kid, I’ve loved road-side historical markers. I always wanted to stop and read them, and sometimes (when we weren’t in too much of a hurry) I got the chance to. There’s something really great about seeing tangible reminders of history out in the world where you’re living.

It turns out that I’m not the only person who feels this way. Several years ago, I discovered the Historical Marker Database – a hobby project of a history-loving IT guy like me – that seeks to catalogue every historical marker in the world. I make heavy use of the website when I’m researching, and it also makes for a fun way to go down a historical rabbit hole that I might not explore otherwise. You should definitely go check it out.

As you might imagine, finding all these markers is a huge undertaking – certainly more than one hobbyist can handle. A volunteer board of editors has sprung up over the years, and thousands of people have contributed photos and descriptions of markers to the cause.

When I was doing the research that resulted in my recent posts about the 138th PA along the Patapsco River, I discovered a marker that wasn’t listed on the HMDB website. I promptly registered for an account, read up on the editorial guidelines, and submitted an entry. People from all over the world can now discover the Mill Town History marker and learn a little bit about the town of Daniels, MD.

So be on the lookout for the history around you, and please share it with the rest of us!

One Year

I failed to recognize that last Thursday was the 1-year anniversary of the “reboot” of my personal website.

In that time, I’ve made a total of 134 posts, revived some old content I’d created a few years ago, and hopefully added something useful to the conversation.

We’re certainly not setting any traffic records here, but my most popular pages continue to be the assorted installments of the Mini-Federalist, and – most surprising to me – my discussions of Civil War artillery, which get a fair number of hits from Google searches.

It’s been fun so far. Thanks to all the regulars, and to all those who have just stopped by.

The Mini-Federalist

For those who are unaware, the Federalist Papers is one of the greatest collections of political thought ever assembled. This was the original argument in favor of adoption of the U.S. Constitution, that was laid out in the newspapers of New York between late-1787 and mid-1788. Originally published anonymously, we now know that Alexander Hamilton, James Madison, and John Jay were behind them (although sometimes we aren’t sure which ones specifically).

While they make great reading for nerds like me who are into this whole political science thing, they aren’t much read or understood by the general populace. There have been attempts over the years to put them onlinemake the language “friendlier”, or create audio versions, but another problem exists – there are 85 of these papers, and even though each is only a few pages long, it is hard to get through all of them.

I’d like to try to condense the ideas into a mini version, while translating the ideas into a more “modern” lexicon. So far as I can tell, no one has such a work online, and I think it would be a good exercise.

I’ve created a new category on the blog called “Mini-Federalist”, and hope to do a new entry regularly, going in order of the original papers. I accept that this will probably take a few years to complete. I welcome comments, questions, and criticisms as this will only make the final product better.

We Get E-mail

Anyone who runs a WordPress site knows about comment SPAM.

Basically, there are computerized robots roaming the Internet, looking for WordPress (and other blogs) to leave comments on. These comments are usually in the form of links to porn websites, or to sites selling fake Louis Vuitton bags out of Yugoslavia or something. The idea is to get links to their site on as many other sites as possible, because that’s how they increase their ranking on Google.

Anyway, I get a lot of this stuff. So much in fact that I can’t leave comments turned “on”, they have to be left in a “moderated” mode, where every comment needs to be approved before it is visible. It’s a mess.

It’s not all dark clouds, though. The entertaining thing is that there aren’t just links in these comments. They try to put something in there that sounds like a legitimate comment, but is always just a little off. Here are a few examples that I found particularly funny:

“A real uncle isn’t friends, although friends are usually each uncle.”

“Fancy can be the effective requirement for your personal living therefore the expansion of truley (sic) what most of us take pleasure in.”

“When you really need any accountancy of one’s importance, rely pals.”

“Around the world you most likely are someone, yet to person you most likely are everything about.”

Actually, there might be some good advice in there….