Projects:Network

From 57North Hacklab

Revision as of 23:12, 7 January 2015 by Irl (talk)

Network
Description The 57North Hacklab Network
People User:Irl
Theme Infrastructure
Website
Status Idea

The 57North Hacklab Network will provide all the necessary components to connect our hackers to the public Internet using both IPv4 and IPv6 and also to the ChaosVPN, dn42 and Freifunk networks.

Component Overview

Need a diagram here

ChaosVPN

         irl ╡ for connecting a hackerspace
           ∟ ╡ do the interfaces get bridged?
           ∟ ╡ or do we have the /22 and a /32 and do routing?
           ∟ ╡ our existing infrastructure is all cisco so i have to think about this a bit
     Haegar_ ╡ irl: you don't need a /32
         irl ╡ how do the routes work?
           ∟ ╡ does the chaosvpn interface just not have an address?
     Haegar_ ╡ irl: you give one IP out of your /22 to the chaosvpn interface, and may even use the same IP on the LAN ethernet
     Haegar_ ╡ irl: in your cisco router route all chaosvpn target IPs towards that gateway box (physical, vm, or small openwrt, does not matter)
     Haegar_ ╡ irl: on the chaosvpn gw you route your /22 towards your cisco, which can then distribute your subnets to where you need them
         irl ╡ but the interfaces aren't bridged?
     Haegar_ ╡ no, purely routed
         irl ╡ ok, it doesn't make sense to me yet, but maybe it will when i do it
     Haegar_ ╡ only you route just "into the chaos_vpn interface", specifying a gateway IP is not needed there, that happens inside tinc
         irl ╡ oh ok
           ∟ ╡ that makes more sense
     Haegar_ ╡ tinc internally has its own kind of routing-table that linux does not see, and there it connects the real subnets to the nodes
             ╡ serving them
         irl ╡ cool
     Haegar_ ╡ (together with info how to reach the nodes, what public key to use for encryption and so on)


Numbers

When considering new IP ranges, it is necessary to consider which ranges would already be in use in ChaosVPN, dn42 and Freifunk.

IPv4

VLAN Description Address Range
100 Wired Network 172.31.4.0/24
110 Wireless Network 172.31.5.0/24
120 Spare Network (Reserved for future use) 172.31.6.0/24
130 Spare Network (Reserved for future use) 172.31.7.0/24
140 Door access 192.168.140.0/24
150 DMZ 89.104.228.104/29

IPv6

IPX

This is planned, but will need to happen later due to time constraints. Ideas include just routing IPX over our wired/wireless VLANs but then also between hackerspaces over ChaosVPN.

Wireless