|Description||The 57North Hacklab Network|
The 57North Hacklab Network will provide all the necessary components to connect our hackers to the public Internet using both IPv4 and IPv6 and also to the ChaosVPN, dn42 and Freifunk networks.
_ __ __( = =- _ ---------- (- - )__- -_ / (_-= _( =- _=- / -=__(__ _-)- | -=- | | /`(HE Tunnel Endpoint) | +--------------------+ | | bennachie.57n.dn42 |----(Various dn42 peerings) +-----------+ +---|0|--|1|---|2|---+ | HG612 |________/ | +-----------+ | +--------|xx|--|xx|---+ | Core Switch | +-----------+ +-|xx|-----------|xx|-+ | OpenWRT |______/ +-----------+
bennachie.57n.dn42 is an apu3c4 board running OpenBSD. It terminates the PPPoE tunnel from Converged and has a 2G LACP trunk into the core switch in the same rack. This trunk uses 802.1Q encapsulation to carry multiple VLANs as detailed below.
In the event of a failure, the configuration for this box is backed up to an SD card. This card appears as `/dev/sd1i` and is mounted normally at `/sdcard`. This is FAT formatted, not FFS, so it is possible to just plug this into whatever to read the contents. On this SD card you'll find a readme and a tar file containing the contents of /etc.
Step 1: Network interfaces -------------------------- em0- Links to the VDSL modem em1\ > LACP trunk with vlans to the switch em2/ There are then a bunch of VLANs and tunnels. The descriptions for these in the hostname.if(5) files will tell you what they are, those files are the source of truth. Step 2: Services ---------------- Look in /etc/rc.conf.local (or its backup) and you'll find the services that are/were enabled. You'll find their config files and do the right thing with them. Step 3: Packages ---------------- Other than the base system, some packages are configured: * MRTG Packages are not critical to the operation of the router. As far as possible we should use only the base system to make it easier to keep track of things. Similarly, files in /var are considered temporary. The only state really is in /etc. This means we don't backup DHCP leases but we do backup the static assignments, for example.
When considering new IP ranges, it is necessary to consider which ranges would already be in use in ChaosVPN, dn42 and Freifunk. The range 192.168.0.0/16 is available for local use and not routed outside the hackerspace. For IPv6, the hackerspace has a global scope address block (2001:470:510b::/48), from Hurricane Electric, and this surfaces in Germany (who has the account for this?).
Some blocks in this table have been marked as legacy. This is because the addressing they use was from ChaosVPN, and we are now instead looking at dn42 for inter-hackerspace peering. ChaosVPN and dn42 co-ordinate on address space and also peer with each other and so we should not be losing any connectivity.
Our DN42 autonomous system number is AS4242421057.
|100||Legacy Wired LAN||172.31.4.0/24||2001:470:510b:4::/64|
|110||Legacy Wireless LAN||172.31.5.0/24||2001:470:510b:5::/64|
IPX support is planned, but will need to happen later due to time constraints. Ideas include just routing IPX over our wired/wireless VLANs but then also between hackerspaces over ChaosVPN.
The network rack is the top, wall mounted rack.
It floats, as if by magic.
|U (from top)||Hardware|
|2||Mesh Blank Panel|
The Patch Panel in the top rack is currently
|Patch Panel Port||Outlet|
|1||Back Desk, Left|
|2||Back Desk, Right|
|3||Back Desk, Right -1|
|4||Back Desk Left -1|
|7||Printer Desk, Left|
|8||IP Phone, Right|
|10||Printer Desk, Right|
|11||IP Phone Left|
|23||Emergency Telephone (NOT TO BE PLUGGED INTO SWITCH)|
ChaosVPN is a VPN to connect hackers and hackerspaces. The wired and wireless LANs are connected to ChaosVPN and, via ChaosVPN, dn42 and Freifunk's networks.