My home lab environment (or home datacenter as it is starting to become...) started several years ago. First I had just a Server 2003 box that was a DC, file server, RAS server...then Server 2008 and Hyper-V beta came out. A few more disks were purchased to store virtual machines - but 2 spindles and limited RAM only goes so far. Then Server 2008R2 was released so the host received an upgrade - both the new OS but also hardware. Several disks for both storage and VM storage were purchased and installed locally on the server - and this hardware configuration has lasted quite some time...short of a motherboard swap and 2008R2 SP1, it's all the same. Here's how it sits now, and how it has been for about 4+ years:
The RocketRaid 2300 Sata2 adapters have worked well for my needs - and there's two of them in there - 4 ports each. They are software based RAID...but the arrays are now only RAID1 so there isn't all that much overhead.
It's time for some new hardware. I'm ditching the white-box method..and going for rack based. The rack serves two purposes - servers, and A\V equipment for the media room. Storage will no longer be local, and EVERYTHING will be backed up and redundant.
This is all great, except for the fact that there's lots of changes that need to occur on the network. First and foremost is a subnet change. When first setup, I used a 192.168.13.0/24 subnet for everything...the default gateway wasn't at the end of the range, there were static IPs everywhere....things that should have been in a seperate VLAN weren't...time to clean up and change.
The first major change was to enable subinterfaces on the firewall to enable multiple VLANs on the switch. The first thing I had trouble with was being able to communicate with the subinterface on the firewall from the main subnet. Keep in mind that this was on VLAN 1.
Problem: The native VLAN is not tagged by default on Catalyst switches
Fix: Enable tagging on the native VLAN
vlan dot1q tag native
Problem: Aside from re-IPing the entire network and changing all of the access lists and rules, I could not communicate accross the subinterfaces on the firewall - even though they were the same security level.
Fix: Enable same security traffic accross interfaces, and create a static to map the traffic
same-security-traffic permit inter-interface
static (inside,inside-storage) 10.1.1.0 10.1.1.0 netmask 255.255.255.0
static (inside-storage,inside) 10.1.10.0 10.1.10.0 netmask 255.255.255.0
Problem: iSCSI datastores disconnect and fail when the vSwich MTU is changed to 9000
Fix: Disable 9000 MTU when trying to use Broadcom NX2 iSCSI HBAs, or don't use them at all, and use software iSCSI. There are a few reports that Software iSCSI + 9K MTU is better than iSCSI HBA + 1500 MTU, but I just opted to use the iSCSI HBAs and multipathing.
Still building out the environment, but it's good to get things started...hopefully I can retire that box soon.