A home for a home lab: StarTech 12U desktop open frame 2 post rack

 My wife (aka "Senior Management") decreed that I needed "a table or something" for the network gear that was starting to accumulate in the spare room I use as an office. 

Of course, since pretty much all of it either had rack mounting hardware or could be persuaded to sit on a shelf, a 19" rack made sense and forms a much more suitable home for network gear. 

After hunting around a bit online, I decided a 12U open frame 2 post rack would probably do the job well - without being the imposing monolith of a 42U four post rack, wallbox or similar, which probably would get rather more in the way of raised eyebrows from Senior Management, too - if I could even fit it in the flat. 

Juniper Configuration Groups

 Although the use of network automation / Infrastructure as Code is likely to greatly reduce their usefulness, configuration groups can be pretty handy things to include in your Juniper configuration. 

You can use them for two major things:

1. portable generic configuration you are likely to set everywhere on all your routers (something like DNS servers or NTP servers, or a management network gateway etc.), and
2. specific configuration that differs from Juniper's defaults, but is the common "base" configuration for that type of object in your network. 

The second tends to be the more useful.

People that are not familiar with Junos may find this group inheritance behaviour surprising, and surprising is not a thing you really need in an operational network - so it's worth understanding configuration types in Junos that are commonly used, but not immediately obvious. 

So, let's have a look at these handy magical blocks of group configuration!

Juniper Home Lab - virtual lab topology on a single physical device

One of the things I've wanted for a long time is a few Juniper devices lying around my home to keep my Juniper CLI skills up to scratch and to experiment with new concepts as I learn them. Sure, you can run great labs in things like EVE-NG, but you ultimately need licensed VM images (and a machine with a fair amount of RAM and CPU grunt for any complex topologies), and those licenses are quite expensive (although if you have a juniper.net login, you can download a free 60 day evaluation copy of vMX router, vSRX firewall or vQFX switch; apparently, you can simply recycle trial licenses - not that this is recommended [see e.g. page 351 of the Junos beginner's Day One guide]). Indeed, even if you (re)use trial licenses, you'll probably need a fairly hefty - expensive - server to run them on, which will cost a similar amount to quite a lot of second hand devices; the key advantage of the former, perhaps, is you're more likely to have a more current Junos image to work with in the virtualised space as opposed to from the old second hand gear market.

Old second hand Juniper gear, however, is quite cheap, and although you won't get support or upgrades, will then also not cost you any ongoing support. I'd be very wary of downloading random Junos images off the internet - some people do seem to share them if you look hard enough. I ordered two SRX 110H2-VA routers off Ebay to scratch this itch (I further scratched this itch with more gear...). I don't need anything particularly fancy, and these units are quite cheap, fairly compact, and lack fans, so they are nice and quiet. There are a lot of basic SRX firewalls available online; as Junos is somewhat consistent across most of the platforms, you will find getting a thing marketed as a "firewall" also lets you learn most of the Juniper platform features for not only firewalling, but switching and routing too from across their portfolio - aside, of course, for those features not supported on this platform or software version. 

By the end of this post, you should be able to create a single router that has 8 virtual routers configured on it with a fairly complex, but easily understood, topology. 

Read on for some ideas...