My lab is entirely on vm's. I even have the De-ICE disks loading as seperate vm's. The great thing about using vms is that if I fubar a machine I can resotre it form a snapshot. I can also clone the vms and quickly setup multiple machines in the lab.

So my setup is basically this:

Hadware:
Old old crap I got for free from a client who didnt want to paid to dispose of it; Dell PowerEdge 2600 running Dual Xeon's and a whopping 6GB of ram! on four scsi drives running in RAID 5 for 250GB of space. This doesnt leave much in the way of resources for the vm's but I really just need them to boot. I'm not actually doing any heavy lifting on them.
I also have 4 additions NICs installed in the poweredge as additional interfaces. All of the NICs are connected to a run of the mill linksys wtr54g except one that is dedicated for the host which is connected to my regular network for administation perposes and one that I designate/use as the public interface to the lab.

On it I run Debian with a headless virtualbox install. If I am looking to duplicate or imitate a sm/med business network. I'll setup a vm of untangle, astaro, psense, monowall, making sure that the firewall is on the inteface I decided to use as a 'public interface' and then my other vm's use the other NICs for connectivity (being careful to never use the NIC that is connected to my regular network). For a small to med business setup I usually run Win SMB Sever 2003/2008 using running as a domain controller and with a DHCP server running also. Other services are dependent on what type of business it is.

In my experience small business almost always only have one server and it is doing everything under the sun. Email, web-hosting, Database, file sharing, you name it.

A little convoluted there, but I hope you get some value out of it.

I've used GNS3 in the past, with mixed success.

I can understand the desire to build a 'lifelike' lab, but from my own experience I found GSN3 a step too far, as I spent more time getting it running and configuring the network than I did actually utilising the lab. Of course this does get you some network admin exposure and skills so may not be entirely time wasted depending on your goals.

Once the system is running, most of your tools/attacks won't notice the difference if you're popping shells over BO/SQLi/etc, the network is just the transport mechanism.

Plus, as GSN3 still requires you to provide your own Cisco IOS image this may be a deal breaker depending on what Cisco kit you can get access to.

For my own lab, I stick with ESXi's network capabilities plus a virtual Vyatta appliance to handle routing/natting/etc. depending on the scenario I'm trying to work with, but mostly I just stick my attack platform and target on the same subnet and get on with it.

Also bare in mind, the De-ICE images (and some others) don't have a default gateway set. So if you're wanting to use them in a more complex environment you need to get full root access to change the network config to add them to your environment, before attacking them. Bit of a chicken and egg issue.

For me, ESXi does everything I need.

It's getting dated now and doesn't fully match my current setup but I wrote about my lab network setup previously, might give you some ideas.

Blog post: Virtual Lab Network