projects:network
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
projects:network [2020/04/18 20:21] – hibby | projects:network [2023/04/14 11:13] (current) – Q Misell | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Network ====== | ====== Network ====== | ||
- | The 57North Hacklab Network will provide all the necessary components to connect our hackers to the public Internet using both IPv4 and IPv6 and also to the ChaosVPN, dn42 and Freifunk networks. | + | The 57North Hacklab Network will provide all the necessary components to connect our hackers to the public Internet using both IPv4 and IPv6. |
- | ===== Component Overview | + | ===== Network Components |
- | + | ||
- | < | + | |
- | _ __ | + | |
- | __( = =- _ | + | |
- | | + | |
- | / (_-= _( =- _=- | + | |
- | / | + | |
- | | | + | |
- | | | + | |
- | | /`(HE Tunnel Endpoint) | + | |
- | | | + | |
- | | | bennachie.57n.dn42 |----(Various dn42 peerings) | + | |
- | | + | |
- | | HG612 | + | |
- | | + | |
- | +--------|xx|--|xx|---+ | + | |
- | | Core Switch | + | |
- | | + | |
- | | OpenWRT | + | |
- | | + | |
- | </ | + | |
==== Router ==== | ==== Router ==== | ||
- | bennachie.57n.dn42 | + | The router |
- | + | ||
- | === Recovery / Reinstatement === | + | |
- | + | ||
- | In the event of a failure, the configuration for this box is backed up to an SD card. This card appears as `/dev/sd1i` and is mounted normally | + | |
- | < | + | |
- | Step 1: Network interfaces | + | |
- | -------------------------- | + | |
- | + | ||
- | em0- Links to the VDSL modem | + | |
- | + | ||
- | em1\ | + | |
- | > LACP trunk with vlans to the switch | + | |
- | em2/ | + | |
- | + | ||
- | There are then a bunch of VLANs and tunnels. The descriptions | + | |
- | for these in the hostname.if(5) files will tell you what they | + | |
- | are, those files are the source of truth. | + | |
- | + | ||
- | Step 2: Services | + | |
- | ---------------- | + | |
- | + | ||
- | Look in /etc/rc.conf.local (or its backup) and you'll find the | + | |
- | services that are/were enabled. You'll find their config files and | + | |
- | do the right thing with them. | + | |
- | + | ||
- | Step 3: Packages | + | |
- | ---------------- | + | |
- | + | ||
- | Other than the base system, some packages are configured: | + | |
- | + | ||
- | * MRTG | + | |
- | + | ||
- | Packages are not critical to the operation of the router. As far | + | |
- | as possible we should use only the base system to make it easier | + | |
- | to keep track of things. Similarly, files in /var are considered | + | |
- | temporary. The only state really is in /etc. This means we don' | + | |
- | backup DHCP leases but we do backup the static assignments, | + | |
- | example. | + | |
- | </ | + | |
- | ===== Networks ===== | + | |
- | When considering new IP ranges, it is necessary to consider which ranges would already be in use in ChaosVPN, dn42 and Freifunk. The range 192.168.0.0/ | + | This terminates the PPPoE connection, and announces the space' |
- | Some blocks in this table have been marked as legacy. This is because the addressing they use was from ChaosVPN, and we are now instead looking at dn42 for inter-hackerspace peering. ChaosVPN and dn42 co-ordinate on address space and also peer with each other and so we should not be losing any connectivity. | + | ===== DHCP / RA ===== |
- | Our DN42 ASN is [[https:// | + | The router will hand out DHCP leases in the 172.23.152.0/24 range, and advertises stateless IPv6 configuration for 2a11: |
- | ^ VLAN ^ Description ^ Address Range ^ IPv6 ^ | + | The DHCPv4 server is ISC DHCP server, and the RA server is RADVD. |
- | | 120 | LAN | 172.23.152.0/24 | ? | | + | |
==== Static Addresses ==== | ==== Static Addresses ==== | ||
- | A segment of addresses in the wired LAN is reserved for infrastructure projects. These IP addresses should only be used for long-lived devices in the space that provide services to members. If you require a static IP address temporarily or for a project that does not provide services to members then you should use an IP address from the segment of "first come first served" | + | A segment of addresses in the wired LAN is reserved for infrastructure projects. These IP addresses should only be used for long-lived devices in the space that provide services to members. If you require a static IP address temporarily or for a project that does not provide services to members then you should use an IP address from the segment of "first come first served" |
^ IP Address ^ Hostname ^ Description ^ Contact ^ | ^ IP Address ^ Hostname ^ Description ^ Contact ^ | ||
Line 91: | Line 29: | ||
| 172.23.152.4 | octopi | RaspberryPi connected to the space Mendel Prusa I2 3D printer | [[User: | | 172.23.152.4 | octopi | RaspberryPi connected to the space Mendel Prusa I2 3D printer | [[User: | ||
| 172.23.xxx.xx | Printer | The Big Friendly Printer | [[User: hibby]] | | | 172.23.xxx.xx | Printer | The Big Friendly Printer | [[User: hibby]] | | ||
+ | | 172.23.152.15 | pve1.57north.net.uk | Proxmox 1 | [[User: theenbyperor]] | | ||
+ | | 2a11: | ||
+ | | 172.23.152.16 | pve2.57north.net.uk | Proxmox 2 | [[User: theenbyperor]] | | ||
+ | | 2a11: | ||
| '' | | '' | ||
Line 135: | Line 77: | ||
| 24 | | | | 24 | | | ||
- | ===== ChaosVPN ===== | + | {{tag> |
- | + | ||
- | [[http:// | + | |
- | + | ||
- | {{tag>project | + |
projects/network.txt · Last modified: 2023/04/14 11:13 by Q Misell