EVE-NG Split-Approach Network Lab
Project Summary
| Field | Value |
|---|---|
PRJ ID |
PRJ-2026-04-eve-ng-lab |
Owner |
Evan Rosado |
Priority |
P1 |
Category |
Infrastructure / Lab |
Status |
Active — Phase 0 (Planning & Documentation) |
Purpose |
Comprehensive network lab for Cisco portfolio (WLC, ISE, FTD/FMC, ASA, IOS/IOS-XE/XR/NX-OS), multi-vendor (Palo Alto, Fortinet, Arista, Juniper), Linux, and API/DevOps/SecOps workflows. |
Approach |
Split deployment — lightweight labs on Razer workstation (64GB), heavy labs on kvm-01 (128GB). EVE-NG CE on both as KVM VMs (not bare metal). |
Image Access |
Active CCO/SmartNet — full Cisco image library available |
Resource Allocation
| Environment | Role | RAM Budget | What Runs Here |
|---|---|---|---|
Razer workstation (64GB) |
Lightweight labs |
~40GB (20GB reserved for desktop) |
Multi-vendor peering, R&S, API/DevOps, Linux endpoints |
kvm-01 (128GB) |
Heavy labs |
~50-60GB (after existing VMs) |
FMCv, FTDv, ISE, NX-OSv 9000, ASAv, full security stack |
Deployment Status
| Phase | Description | Status | Notes |
|---|---|---|---|
0: Planning |
Documentation, IP reservation, project structure |
🟡 In progress |
— |
1: Workstation Deploy |
EVE-NG CE as KVM VM on Razer (Arch stays intact) |
❌ Not started |
16 vCPU, 40GB RAM, nested KVM with host-passthrough |
2: kvm-01 Deploy |
EVE-NG CE as KVM VM on kvm-01 for heavy topologies |
❌ Not started |
8 vCPU, 60GB RAM, bridged to br-mgmt |
3: Image Library |
Cisco + multi-vendor images from CCO and vendor portals |
❌ Not started |
Lightweight on workstation, full catalog on kvm-01 |
4: Foundation Topologies |
Multi-vendor peering + API lab (workstation, ~20GB) |
❌ Not started |
IOS-XE, vEOS, vJunos, Palo Alto, FortiGate — all API-enabled |
5: API/DevOps Integration |
RESTCONF, NETCONF, gNMI, Ansible, pyATS formalized |
❌ Not started |
Runs parallel with topology building |
6: Heavy Topologies |
FTD/FMC/ISE security stack, VXLAN/EVPN, MPLS, Wireless |
❌ Not started |
kvm-01 only — 22-50GB per topology |
7: Production Integration |
Bridge kvm-01 labs to BIND, ISE, Vault, Wazuh |
❌ Not started |
VLAN 50 with VyOS firewall restrictions |
Assessment
Why EVE-NG (Not GNS3, Not CML)
| Platform | Strengths | Why Not Chosen |
|---|---|---|
EVE-NG CE |
Multi-vendor native (Cisco, Palo Alto, Fortinet, Arista, Juniper, Linux). Web UI. Runs QEMU/KVM images directly. No vendor lock-in. Free. |
Chosen |
GNS3 |
Good for basic Cisco labs. Client-server model. |
Vendor-centric, limited multi-vendor. Client GUI required. Less production-oriented. |
Cisco CML |
Official Cisco images. DevNet integration. |
Cisco-only. Licensed ($199/yr+). No multi-vendor support. |
Split Approach Rationale
Problem: No single available host can run the full topology catalog simultaneously.
-
FMCv (28GB) + ISE (16GB) + FTDv (8GB) = 52GB before any other nodes
-
NX-OSv 9000 VXLAN fabric (6 nodes x 8GB) = 48GB
-
Razer workstation has 64GB but needs ~20GB for desktop (Hyprland, Claude Code, browsers)
-
kvm-01 has 128GB but ~63GB already committed to production VMs
Solution: Two EVE-NG instances, each as a KVM VM (not bare metal).
| Concern | Workstation | kvm-01 |
|---|---|---|
OS impact |
None — EVE-NG runs as VM, Arch/Hyprland untouched |
None — EVE-NG is another VM alongside existing fleet |
Nested KVM |
Yes — ~15-30% overhead on CPU-heavy nodes |
Yes — same overhead, but only for heavy nodes that need raw power |
When to use |
Daily API/DevOps development, multi-vendor comparison, R&S practice |
Security stack labs (FMC/FTD/ISE), data center fabric (NX-OS), MPLS, wireless |
Network access |
NAT or bridged to home network |
Bridged to br-mgmt (10.50.1.x), Cloud0 for production integration |
Hardware Inventory
| Spec | Razer Workstation | kvm-01 |
|---|---|---|
CPU |
Intel Core Ultra 9 275HX (24 cores) |
Xeon D-2146NT (8C/16T) |
RAM |
64GB DDR5 |
128GB ECC DDR4 |
Storage |
2TB Samsung NVMe (188GB free on root) |
Production storage (allocate 500GB qcow2) |
Nested KVM |
VT-x confirmed |
VT-x + nested enabled |
EVE-NG VM allocation |
16 vCPU, 40GB RAM, 200GB disk |
8 vCPU, 60GB RAM, 500GB disk |
Risk Assessment
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
Nested KVM performance penalty on heavy images (ISE, NX-OSv) |
High |
Medium |
Heavy images on kvm-01 only. Pin to known-good versions. Allocate extra RAM. |
Desktop unresponsive when running large topologies on workstation |
Medium |
Medium |
Limit workstation topologies to ~30GB. Shut down unused nodes. |
Cisco image licensing enforcement |
Medium |
High |
Active CCO access. Keep SmartNet current. |
Lab bridge leaks traffic to production |
Low |
Critical |
VyOS firewall on VLAN 50. Default-deny. No WAN route from lab. |
kvm-01 existing VMs degraded by EVE-NG |
Medium |
High |
Monitor with Wazuh. Set cgroups limits on EVE-NG VM. Don’t run heavy topologies during production hours. |
Metadata
| Field | Value |
|---|---|
PRJ ID |
PRJ-2026-04-eve-ng-lab |
Author |
Evan Rosado |
Created |
2026-04-05 |
Last Updated |
2026-04-05 |
Status |
Active — Phase 0 (Planning) |
Category |
Infrastructure / Lab |
Priority |
P1 |
Environments |
Razer workstation (lightweight), kvm-01 (heavy) |
Edition |
EVE-NG Community Edition |