Difference between revisions of "Projects:Network"

From 57North Hacklab

(IPv6)
(ChaosVPN)
Line 48: Line 48:
 
== ChaosVPN ==
 
== ChaosVPN ==
  
          irl ╡ for connecting a hackerspace
+
[http://wiki.hamburg.ccc.de/ChaosVPN ChaosVPN] is a VPN to connect hackers and hackerspaces. The wired and wireless LANs are connected to ChaosVPN and, via ChaosVPN, dn42 and Freifunk's networks.
            ∟ ╡ do the interfaces get bridged?
 
            ∟ ╡ or do we have the /22 and a /32 and do routing?
 
            ∟ ╡ our existing infrastructure is all cisco so i have to think about this a bit
 
      Haegar_ ╡ irl: you don't need a /32
 
          irl ╡ how do the routes work?
 
            ∟ ╡ does the chaosvpn interface just not have an address?
 
      Haegar_ ╡ irl: you give one IP out of your /22 to the chaosvpn interface, and may even use the same IP on the LAN ethernet
 
      Haegar_ ╡ irl: in your cisco router route all chaosvpn target IPs towards that gateway box (physical, vm, or small openwrt, does not matter)
 
      Haegar_ ╡ irl: on the chaosvpn gw you route your /22 towards your cisco, which can then distribute your subnets to where you need them
 
          irl ╡ but the interfaces aren't bridged?
 
      Haegar_ ╡ no, purely routed
 
          irl ╡ ok, it doesn't make sense to me yet, but maybe it will when i do it
 
      Haegar_ ╡ only you route just "into the chaos_vpn interface", specifying a gateway IP is not needed there, that happens inside tinc
 
          irl ╡ oh ok
 
            ∟ ╡ that makes more sense
 
      Haegar_ ╡ tinc internally has its own kind of routing-table that linux does not see, and there it connects the real subnets to the nodes
 
              ╡ serving them
 
          irl ╡ cool
 
      Haegar_ ╡ (together with info how to reach the nodes, what public key to use for encryption and so on)
 
 
 
  
 
== Numbers ==
 
== Numbers ==

Revision as of 00:18, 19 January 2015

Network
Description The 57North Hacklab Network
People User:Irl
Theme Infrastructure
Website
Status Idea

The 57North Hacklab Network will provide all the necessary components to connect our hackers to the public Internet using both IPv4 and IPv6 and also to the ChaosVPN, dn42 and Freifunk networks.

Component Overview

                             _ __            
                          __( =  =- _        
                         (-       -  )__- -_ 
                        (  -=  - )   -     _)
                       (_-= _(    =-    _=-  
                        -(     -    -  _)    
                          -=__(__  _-)-      
                                -=-          
                                 |           
                                 |           
                      +---------------------+
                      |  Cisco ADSL Modem   |
                      +---------------------+ 
                                 | (DMZ)
                      +---------------------+
                      |     Feed Switch     |
                      +---------------------+
                                 |           
                      +---------------------+
                      |      Cisco 3750     |
                      +---------------------+
                                 | (VLANS)
                      +---------------------+                                   
                      | Core Switch (Rack)  |                                   
                      +---------------------+                                   
                       /     |       |     \                                    
  +---------------------+    |       |    +---------------------+               
  | Network Playground  |    |       |    | Core Switch (Table) |               
  +---------------------+    |       |    +---------------------+               
                             |       |                                          
                   +-----------+  +----------+                                  
                   | Synology  |  | Doorbot  |                                  
                   |    NAS    |  |          |                                  
                   +-----------+  +----------+
                    (ChaosVPN)
                     (SixXS)

ChaosVPN

ChaosVPN is a VPN to connect hackers and hackerspaces. The wired and wireless LANs are connected to ChaosVPN and, via ChaosVPN, dn42 and Freifunk's networks.

Numbers

When considering new IP ranges, it is necessary to consider which ranges would already be in use in ChaosVPN, dn42 and Freifunk. The range 192.168.0.0/16 is available for local use and not routed outside the hackerspace.

IPv4

VLAN Description Address Range
DMZ DMZ 89.104.228.104/29
100 Wired Network 172.31.4.0/24
110 Wireless Network 172.31.5.0/24
120 Spare Network (Reserved for future use) 172.31.6.0/24
130 Spare Network (Reserved for future use) 172.31.7.0/24
140 Door access 192.168.140.0/24

IPv6

VLAN Description Address Range
DMZ DMZ 2a01:348:2f6::/64
fd6d:89f8:7728::/64
100 Wired Network 2a01:348:2f6:100::/64
fd6d:89f8:7728:100::/64
110 Wireless Network 2a01:348:2f6:110::/64
fd6d:89f8:7728:110::/64
120 Spare Network (Reserved for future use) 2a01:348:2f6:120::/64
fd6d:89f8:7728:120::/64
130 Spare Network (Reserved for future use) 2a01:348:2f6:130::/64
fd6d:89f8:7728:130::/64
140 Door access 2a01:348:2f6:140::/64
fd6d:89f8:7728:140::/64

IPX

This is planned, but will need to happen later due to time constraints. Ideas include just routing IPX over our wired/wireless VLANs but then also between hackerspaces over ChaosVPN.

Wireless