Creating a Network Lab for Server Pre-Deployment

Wouldn’t it be wonderful if you could prepare a network lab that would allow you to build a server and fully test it (including the production network configuration) before deploying it to a client’s office? As an IT consultant, you will reap many benefits by fully testing a server or a system in a network lab before it ever hits the client’s office. For starters, if something breaks, is mis-configured, doesn’t work, or is just plain wrong, you can fix it at your leisure and without the client ever knowing you made a mistake. If you try to build out servers and systems at the client’s office, however, they are going to see every hiccup and every mistake, which damages your credibility with them.

In this article, I will teach you how to build a network lab that you can use to completely re-create your client’s network inside your own lab, so that not only can you build the server before you give it to the client, but you can fully test it (including it’s network configuration) before deploying it.

Understanding the Concept

Essentially, we are going to create two, concentric networks inside your existing LAN. (This makes a grand total of three concentric networks with an internet connection.)

In order to create each of these concentric networks, we’ll need to configure a router to route traffic appropriately between them. For the sake of simplicity, just know that with every router, a new circle is created. And, the router doesn’t care that the circle you are creating is a private or public network. It just routes traffic.

By definition, a router is a device that joins two networks together. The secret is: it doesn’t care what the networks are. While IP address calculation and subnetting are outside the scope of this article, I will tell you that you can create a small network inside your network that will mimic the public internet at your client’s place.

Terms Used in this Article

PseudoWAN: The emulated WAN or public internet connection we create inside your LAN, which serves to mimic your client’s internet connection.

PseudoLAN: The emulated local area network that is inside your LAN, which serves to emulate your client’s LAN.

AlphaRouter: The router that connects your LAN to the PseudoWAN (and by virtue of its existence and configuration, creates the PseudoWAN inside your LAN.)

AlphaSwitch: The switch that lives in the PseudoWAN.

BetaRouter: The router that connects the PseudoLAN to the PseudoWAN (and by virtue of its existence and configuration, creates the PseudoLAN).

BetaSwitch: The swith that lives inside the PseudoLAN.

Network Universe: The entirety of the three concentric networks, which include your LAN, the PseudoWAN, and PseudoLAN

What Hardware You’ll Need

Routers

To do this, we are going to need two routers in addition to the one you are already using, some cables, and the computers you are going to hook up to test in configuration.For the purposes of this article, we are going to use a Linksys WRT54G, but most any router that allows you to fully configure both the WAN address and the LAN address will do. (If you’re lucky enough to have a WRT54GL and can put either the Tomato firmware or DD-WRT on it, that’s even better!).

Your Client’s Network Topography

You’ll need to know what his IP addresses are. Smaller offices use a 192.168.x.x/24 network. You’ll need to figure out what they are using so you can properly configure your pseudo network.

Your Client’s ISP Configuration

You’ll need to get your client’s IP address block information so you can successfully create the pseudo public internet. For the purposes of this tutorial, we are going to use a 6 host block, which gives us 5 usable IP addresses. The IP addresses we have available are:

  • 1.2.3.1
  • 1.2.3.2
  • 1.2.3.3
  • 1.2.3.4
  • 1.2.3.5

Our gateway is 1.2.3.6, and the network is 1.2.3.0/29 (this is the same as 1.2.3.0 with a subnet mask of 255.255.255.248).

So, our IP configuration for our first usable IP is going to be:

Address: 1.2.3.1
Netmask: 255.255.255.248
Gateway: 1.2.3.6

We will make this the firewall address.

Our second usable address will be configured to be a server. It’s network configuration will be:

Address: 1.2.3.2
Netmask: 255.255.255.248
Gateway: 1.2.3.6

Map Out Your Network Lab

I highly advise that you draw out what you’re about to make and put in the relevent IP addresses for all the equipment. It will make it a lot easier to understand and a lot more efficient to build. Below, you will find the network map of the example Network Universe we are building. You can see that it flows from top to bottom, from the internet, to the LAN, to the pseudo public network for the client, to the client’s pseudo network. Be sure to come back to this diagram and reference it as you read the rest of this tutorial and even as you build your own network universe.

Mimicking  the Public Internet

To create our own, personal, version of our client’s internet connection, we’ll need to configure the first router to create the same network conditions that exist at our client’s office. Thus, we need to create a gateway for their block of public IP addresses. So, let’s grab our Linksys router, and configure the WAN and LAN sides of the router so it will act like our client’s ISP’s gateway.

WAN is LAN and LAN is WAN!

The WAN port of the Linksys router will need to be configured as an address on your local LAN. This allows the router to pass information into your LAN from our pseudo networks. So, let’s configure it to be 192.168.1.15/24.

Now, let’s configure the LAN side to be the gateway of the WAN for the client. Enter your client’s public gateway IP address in for the LAN IP address of the router, configure the gateway, and disable the DHCP server, then click save.

Now, plug the WAN port from this router into the switch on your network, and plug the LAN port into a switch. Your public network is now operational.

Installing Your Public Server in the PseudoWAN

  1. Connect your server’s LAN card to the switch, which is connected to the router we just setup.
  2. Configure the network card of your server with the following:
Address: 1.2.3.2
Netmask: 255.255.255.248
Gateway: 1.2.3.6

Restart the networking services if necessary, and use ping to verify you can ping the gateway 1.2.3.6. Next, use ping to verify that traffic from the PseudoWAN is traversing the router properly and entering your LAN: ping your gateway (192.168.1.1). Lastly, confirm that network traffic can get from your PseudoWAN, through your network, and out on to the public internet by pinging Google’s DNS Servers: 8.8.8.8.

Assuming that all three of these ping tests receive replies, you are clear to move to the next step. If you get packet losses at any of the steps above, go back, and reconfirm your settings.

Setting Up the PseudoLAN

This process is done with a second router. You can use the same make and model router as you used before. They do not have to be different. Again, we are using a WRT54G in the examples.

1. Plug the WAN port of the BetaRouter into the AlphaSwitch.

2. Configure the WAN port of the BetaRouter with the following:

Address: 1.2.3.1
Netmask: 255.255.255.248
Gateway: 1.2.3.6

3. Configure the LAN

First, you’ll need to change the LAN IP address, and click Save / Updatebecause until you do that, the DHCP server range will be inaccurate. Once you have done that, you can configure the DHCP server range, and click save / update again. Configure the LAN IP of this router to be the gateway of the PseudoLAN, which mimics the LAN in your client’s office.

Add Client Computers to the PseudoLAN

At this point, you can add a computer to the PseudoLAN, and give it an IP address that is identical to what it would have while in production at your client’s office. Once you have a computer setup, use ping to verify connectivity from that computer to the PseudoLAN gateway (192.168.10.1), the PseudoWAN gateway (1.2.3.6), your LAN gateway (192.168.1.1), and finally the public internet (Google’s DNS at 8.8.8.8). When all those tests come back positive with good replies, you have successfully built your network universe to parrot your client’s network so you can build and install!