Year end lab notes part 2: Rumble in the Jungle

Continuing the year-end series I started a few days ago, I'm going to detail some of the networking and infrastructure components of my lab, with special emphasis on what I rely on day after day. Networking I've been reviewing Dell's PowerConnect switching line since its inception a few years ago, and have yet to be disappointed with one of their switches. They're not top-end Cisco gear, but they also don't carr

Continuing the year-end series I started a few days ago, I'm going to detail some of the networking and infrastructure components of my lab, with special emphasis on what I rely on day after day.

Networking

I've been reviewing Dell's PowerConnect switching line since its inception a few years ago, and have yet to be disappointed with one of their switches. They're not top-end Cisco gear, but they also don't carry top-end prices, and that means quite a lot in both lab and SMB infrastructures. Make no mistake, there's some big Cisco iron in the lab as well, including a 6509, and a 4506, switch. Those switches are used in production as well as forming the baseline for all switch testing. However, as part of my testing of the newest PowerConnect, the 6248 (look for the review in an upcoming InfoWorld issue), I pulled the 6509 out of the core, replacing it with the 6248. The lab network is fully L3 switched, so this put the full weight of the lab through the new Dell L3 switch, and I have yet to pull it out. I might even leave it in place for awhile. Since I did this a month or so ago, the new core has switched petabytes of data without missing a beat. The long-term testing I've been doing with older PowerConnect switches has also gone well -- I haven't had a single hardware problem with any of those switches to date, from the 6024 to the 3424P that runs PoE to all the phones.

The configuration file syntax has changed significantly with the 6248 vs its' predecessor, the 6024. Gone are the scattered commands and repetitive port configurations, and in their place is more in line with true Cisco IOS configs, with each port granted a separate place in the config for individual parameters. It's much, much better.

The Cisco gear hasn't had an easy life, like most of the lab gear, but lives up to Cisco's reputation for reliable, dependable, high-performance switching products. As a general rule of thumb, you can't go wrong buying Cisco switches -- even though you might spend a bit too much. Both the Cisco and Dell switches coexist peacefully, with PAgP aggregate links and 802.1q trunking. No muss, no fuss, it just works.

Wireless

There isn't a significant WiFi implementation in the lab, just a few Apple Airport Extremes and actually a few Linksys 802.11G units. They work well and are largely set-and-forget.

Firewall

The entire lab is firewalled by IPCop 1.4.10 running on an elderly Dell Optiplex GX110. It's a very small footprint workstation-class system with a PIII 667Mhz CPU, 128MB of RAM, a few 10/100 NICs and a CF-to-IDE adapter with a 512MB CompactFlash card. No moving parts other than the CPU and case fans, and voila, a stable, reliable, configurable, open-source firewall. IPCop really is extremely easy and featureful. Currently, my IPCop box is doing some rudimentary QoS for SIP calls, providing an OpenVPN endpoint for when I'm on the road, and running several nailed-up IPSec VPN connections to a variety of other gear, including PIX firewalls and SonicWall firewalls. This system has been in place for five years now without missing a beat. I even had time to put together a gkrellm package for IPCop to let me watch network I/O and stats on the firewall in real-time from my workstation.

Racks, PDUs and UPSes

American Power Conversion (APC), all the way. The abuse that the racks in the lab receive is generally far beyond what any normal production infrastructure would endure, with servers being racked, unracked, and re-racked on a constant basis. The APC enclosures that I have in the lab withstand all of that without even a scratch (really). There's plenty of sidewall cable-routing space, and the 0U networked PDUs make remote powercycling simple.

The UPSes are all APC as well. I don't have a hard-wired UPS, so the lab is served by several SmartUPS 2200XLs and a few smaller units. I do have several dead UPSes still hanging around, including a few older APC models whose batteries gave up the ghost, but the Tripp-Lite unit is a doorstop now, even though the batteries aren't dead, as are the lower-end Belkin units. In addition, when the generator kicks in, it tends to produce occasional harmonics in the lab power service, which none of the other units dealt with very well. The APC units would trigger alarms during these instances, but with the easily-adjustable sensitivity control at the rear of the units, it became a non-issue. Also, the SNMP support is great, providing my Cacti-tweaking habit with plenty of fodder.

As far as the generator goes, it's a Guardian LP unit, straight from Home Depot, with a 200 amp automatic transfer switch. It's saved my bacon several times, though it hasn't been called into service in 10 months or so. Winter's definitely coming, however, and so I have every belief that it'll see some action soon. In the interim, it runs weekly 10-minute exercise cycles that have been keeping it in shape.

KVM

I just installed a Raritan Dominion KX432 to take over for a few smaller Raritan units, including a 10-year-old Master Console IIx. The Dominion series' density is high, the physical units are small, and they have all the features I need in an IP KVM, all contained in a single unit that doesn't require an additional physical server like the Avocent units. Their Java-based console app seals this deal, since I work on Linux and Mac OS X workstations. I've found that the console app can be somewhat flaky over higher-latency connections, but still usable, although working with the networking prefs can improve performance. As a front-of-rack KVM, the Dominion is as solid as any that Raritian has produced... and my recently-retired Master Console IIx can attest to that reputation.

The next part of this series will be workstation hardware and OSes, monitors, phones, and the rest of the little bits. Stay tuned.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies