From 57North Hacklab

Revision as of 22:16, 7 January 2015 by Irl (talk) (Numbers)

Description The 57North Hacklab Network
People User:Irl
Theme Infrastructure
Status Idea

The 57North Hacklab Network will provide all the necessary components to connect our hackers to the public Internet using both IPv4 and IPv6 and also to the ChaosVPN, dn42 and Freifunk networks.

Component Overview

Need a diagram here


         irl ╡ for connecting a hackerspace
           ∟ ╡ do the interfaces get bridged?
           ∟ ╡ or do we have the /22 and a /32 and do routing?
           ∟ ╡ our existing infrastructure is all cisco so i have to think about this a bit
     Haegar_ ╡ irl: you don't need a /32
         irl ╡ how do the routes work?
           ∟ ╡ does the chaosvpn interface just not have an address?
     Haegar_ ╡ irl: you give one IP out of your /22 to the chaosvpn interface, and may even use the same IP on the LAN ethernet
     Haegar_ ╡ irl: in your cisco router route all chaosvpn target IPs towards that gateway box (physical, vm, or small openwrt, does not matter)
     Haegar_ ╡ irl: on the chaosvpn gw you route your /22 towards your cisco, which can then distribute your subnets to where you need them
         irl ╡ but the interfaces aren't bridged?
     Haegar_ ╡ no, purely routed
         irl ╡ ok, it doesn't make sense to me yet, but maybe it will when i do it
     Haegar_ ╡ only you route just "into the chaos_vpn interface", specifying a gateway IP is not needed there, that happens inside tinc
         irl ╡ oh ok
           ∟ ╡ that makes more sense
     Haegar_ ╡ tinc internally has its own kind of routing-table that linux does not see, and there it connects the real subnets to the nodes
             ╡ serving them
         irl ╡ cool
     Haegar_ ╡ (together with info how to reach the nodes, what public key to use for encryption and so on)


When considering new IP ranges, it is necessary to consider which ranges would already be in use in ChaosVPN, dn42 and Freifunk. The range is available for local use and not routed outside the hackerspace.


VLAN Description Address Range
100 Wired Network
110 Wireless Network
120 Spare Network (Reserved for future use)
130 Spare Network (Reserved for future use)
140 Door access
150 DMZ



This is planned, but will need to happen later due to time constraints. Ideas include just routing IPX over our wired/wireless VLANs but then also between hackerspaces over ChaosVPN.