Who rated this post

If you don't need your lab to be running all the time, I would really recommend just a decent VM host. One of my older VM hosts is a NUC6i3 with 32 GB of RAM. That model (and all subsequent models with Core i processors) can actually use 64 GB of RAM, though that had not been confirmed when I built mine. NUC6i3SYH is $155 or less including shipping on eBay, two 32 GB DDR4 SO-DIMMs from Crucial are $300 total on Amazon, a 1 TB Samsung 870 EVO is $115 on Amazon. ESXi and Hyper-V Server are both free and both highly scriptable. That's $570 for two cores plus hyperthreading, 64 GB of RAM, and 1 TB of storage. Enough to run at least five big lab VMs. With how I run mine, I could probably do a management, six firewalls, and about 20 OpenBSD routers/switches/endpoints before it felt constrained.

Regarding scriptability, I don't have an MDS license, so I used VirtualBox to build a VM, gave it predictable SSH and TLS keys, then took a snapshot before its first boot. Every time I restore to that snapshot, it gets a new 15-day eval license. I can then use a script to clone the VM with vboxmanage, run config_system, copy over the new CPUSE and jumbo, install them, and so on. Takes ~20 minutes to run, but it gives me a very predictable environment. I add management config with mgmt_cli commands at the end of my build script.

Official images for Vagrant which get a new 15-day eval license when deployed would sure be nice. Hint, hint.

If you're sure you want physical boxes, but don't need official call-the-TAC support, you can get away with pushing past official support limits. As a specific example, I got a 2200, swapped in a 400 GB SSD, and bumped the RAM to 8 GB to give me a management server (really a standalone, which I built using a tweaked config_system) as a development target. It's running R80.40 right now. I don't need to call the TAC, I just need the license to not expire. Make sure the box can license itself before you buy it. Lots of resold boxes have been "traded in" by their former owners, so their licenses are no longer valid in the User Center.