Networking: Difference between revisions

From London Hackspace Wiki

Networking (view source)

Revision as of 17:32, 31 October 2021

793 bytes added ,  31 October 2021
m
no edit summary
(→‎WiFi: spacenet dead)
mNo edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
This is the networking page for [[Ujima House]] the 2018-era location for London Hackspace.   
This is the networking page for [[Ujima House]] the 2018-era location for London Hackspace.   


[https://docs.google.com/spreadsheets/d/1yXoXvN4f0eSfvr0qpTlkhE1zDenRcv1D48XaBu3FVlc/edit?usp=sharing LHS Infrastructure Mega-Sheet infrastructure planning document] is an active WIP document.
'''We want your help!''' Please reach out on the [https://kiwiirc.com/nextclient/#irc://irc.libera.chat/#london-hack-space-infrastructure LHS Infrastructure IRC channel] or post on the [https://groups.google.com/forum/#!forum/london-hack-space-infrastructure London Hackspace Infrastructure Google Group] if you'd like to get involved.  


'''We want your help!''' Please reach out on the [https://kiwiirc.com/nextclient/#irc://irc.freenode.net/#london-hack-space-infrastructure LHS Infrastructure IRC channel] or post on the [https://groups.google.com/forum/#!forum/london-hack-space-infrastructure London Hackspace Infrastructure Google Group] if you'd like to get involved.
For historical comparison, please refer to [[447 Networking]].
 
The infrastructure planning document used during the move is located here for reference but is largely out of date: [https://docs.google.com/spreadsheets/d/1yXoXvN4f0eSfvr0qpTlkhE1zDenRcv1D48XaBu3FVlc/edit?usp=sharing LHS Infrastructure Mega-Sheet infrastructure planning document]


For historical comparison, please refer to [[447 Networking]].
== Our ISP ==
== Our ISP ==
The landlord-provided IP connectivity provider is a Gigabit fibre line from Onega -> Exponential-E -> OpenReach [https://www.exponential-e.com/business-internet-leased-lines Exponential-E] . For support and queries we need to go through [https://www.onega.net/ Onega] / Landlord. See below for IP address information. Currently the line is set to provide 500Mbps of symmetrical bandwidth upstream and downstream via IPV4 and IPV6. Others in the building share the line but are not heavy users.  
The landlord-provided IP connectivity provider is a Gigabit fibre line from Onega -> Exponential-E -> OpenReach [https://www.exponential-e.com/business-internet-leased-lines Exponential-E] . For support and queries we need to go through [https://www.onega.net/ Onega] / Landlord. See below for IP address information. Currently the line is set to provide 500Mbps of symmetrical bandwidth upstream and downstream via IPV4 and IPV6. Others in the building share the line but are not heavy users.  
Line 15: Line 16:
An example check with BT using the address for "Honeypot Nursery, Ujima House, 388 High Road, Wembley, HA9 6AR" we see BT Infinity 2 (76Mbit/19Mbit up) is available.  Honeypot Nursery formerly occupied the Wembley ground floor LHS space and is about 350 feet from the [https://availability.samknows.com/broadband/exchange/LWWEM LWWEM Wembley Exchange] but seems to actually get service from [https://availability.samknows.com/broadband/exchange/LWNWEM LWNWEM] instead.
An example check with BT using the address for "Honeypot Nursery, Ujima House, 388 High Road, Wembley, HA9 6AR" we see BT Infinity 2 (76Mbit/19Mbit up) is available.  Honeypot Nursery formerly occupied the Wembley ground floor LHS space and is about 350 feet from the [https://availability.samknows.com/broadband/exchange/LWWEM LWWEM Wembley Exchange] but seems to actually get service from [https://availability.samknows.com/broadband/exchange/LWNWEM LWNWEM] instead.


== IP's ==
== IP range ==


We have opted for a more flexible and expansive 10.W.X.Y IP range rather than the old [https://wiki.hamburg.ccc.de/ChaosVPN:IPRanges#Standard_Subnets ChaosVPN-compatible range] we had before.  We released our reserved block on the ChaosVPN wiki on 24 September 2018.
We have opted for a more flexible and expansive 10.W.X.Y IP range rather than the old [https://wiki.hamburg.ccc.de/ChaosVPN:IPRanges#Standard_Subnets ChaosVPN-compatible range] we had before.  We released our reserved block on the ChaosVPN wiki on 24 September 2018.
Line 26: Line 27:


IP and VLAN documentation can be found on [[Networking/VLANs|VLANs]].
IP and VLAN documentation can be found on [[Networking/VLANs|VLANs]].


== TLS ==
== TLS ==


Ideally we've migrated everything to LetsEncrypt unless we're doing internal network / infrastructure SSL trust/validation, but all TBD.
Ideally we've migrated everything to LetsEncrypt unless we're doing internal network / infrastructure SSL trust/validation.


There is a list of our legacy certificates here [[Networking/TLSCerts]]
There is a list of our legacy certificates here [[Networking/TLSCerts]]
Line 36: Line 36:
== WiFi ==
== WiFi ==


We have 6 [https://www.cisco.com/c/en/us/support/wireless/aironet-3500i-access-point/model.html Cisco Aironet 3502i access points], being provisioned for [[Ujima House]]:
We have a number of [https://www.cisco.com/c/en/us/support/wireless/aironet-3500i-access-point/model.html Cisco Aironet 3502i access points] setup at [[Ujima House]]:
 
* 1f-ap1 - near the kitchen area and Tesla
* 1f-ap2 - in the desks area
* 1f-ap3 - in the classroom ceiling
 
The IOS is moderately up to date as of August 2018.


We have 3 SSID's:
We have 3 SSID's:
Line 50: Line 44:
* LondonHackspace-IOT - for future plans involving sensors
* LondonHackspace-IOT - for future plans involving sensors


All networks are 2.4 and 5GHz with the access points configured to push you towards 5ghz where you will probably get a better experience due to more bandwidth being available


All networks are 2.4 and 5GHz with the access points configured to push you towards 5ghz where you will probably get a better experience due to more bandwidth being available
All access point configuration should be backed up to the [https://github.com/londonhackspace/oxidized oxidized repository] (available to sysadmins team)


== Layer 2 ==
== Layer 2 ==
Line 59: Line 54:
The connectivity is set to allow everyone in the building full access to the Internet at full speed (ie if you are the only user online then you should get close to 500Mbps up and down on a speedtest site). The line is subject to fair and legal use but as long as no one abuses the connection or monopolises it then you can basically fill your boots (or SSDs). A 3.5 Gbyte Debian ISO DVD will download in approx 3 minutes. Please note that you should not download copyright materials from the web / torrent sites (movies etc.) as these are traceable by IP and it's also not a nice thing to do (unless you've paid for them legally)... more seriously that could lead to being cut off on a three strikes basis which we don't want to risk. There is no external rate shaping or packet inspection done on traffic at the ISP level unless there is any odd activity / complaints. Ben from Onega also happens to be a London Hackspace member so we should get helpful service to any reasonable requests. If / when needed the line could also be upgraded to the full Gigabit, or indeed to 10Gbps connectivity but right now the marginal cost would not be worth it given historic and current observed bandwidth levels.  
The connectivity is set to allow everyone in the building full access to the Internet at full speed (ie if you are the only user online then you should get close to 500Mbps up and down on a speedtest site). The line is subject to fair and legal use but as long as no one abuses the connection or monopolises it then you can basically fill your boots (or SSDs). A 3.5 Gbyte Debian ISO DVD will download in approx 3 minutes. Please note that you should not download copyright materials from the web / torrent sites (movies etc.) as these are traceable by IP and it's also not a nice thing to do (unless you've paid for them legally)... more seriously that could lead to being cut off on a three strikes basis which we don't want to risk. There is no external rate shaping or packet inspection done on traffic at the ISP level unless there is any odd activity / complaints. Ben from Onega also happens to be a London Hackspace member so we should get helpful service to any reasonable requests. If / when needed the line could also be upgraded to the full Gigabit, or indeed to 10Gbps connectivity but right now the marginal cost would not be worth it given historic and current observed bandwidth levels.  


Our core router connecting this connection is [[Equipment/Boole|Boole]].  
Our core router connecting this connection is [[Equipment/Norton|Norton]] which runs pfSense CE.


{| class="wikitable"
{| class="wikitable"
Line 76: Line 71:
|}
|}


=== VDSL2 Provider ===
=== Network Switches ===
There is potential to use the wiring in the 3rd floor server room for VDSL circuits. Details TBD.
 
=== Local Network ===


Hopefully we'll have a consistent infrastructure - similar switches for both normal and PoE ethernet, etc.
There are currently three managed switches serving the space:
* gf-coreswitch - Cisco WS-C2960S-48FPD-L located ???
* gf-woodshopsw - Cisco WS-C3560-24PS located in the woodshop
* gf-replacement-workshop - Cisco WS-C3560V2-24TS located in the metal shop


Very much '''still a work in progress'':
All switches are currently running old firmware and don't support modern cyphers the following ssh arg is required: <code>-oKexAlgorithms=+diffie-hellman-group1-sha1</code>


* GF Metal Workshop POE / 10.0.10.17
All switch configuration should be backed up to the [https://github.com/londonhackspace/oxidized oxidized repository] (available to sysadmins team)
* [[Equipment/CoreSwitch|Core Switch]]
* [[Equipment/1F-POE|1st Floor, PoE]]
* [[Equipment/1F-Floorports|1st Floor, Floor Port Switches]]


=== ToDo ===
=== ToDo ===
Line 97: Line 89:


Please note that we adhere to the TIA-568B standard of wiring in the London Hackspace connectivity. This is consistent with the existing wiring as well as historic best practices of London Hackspace.  Go with (568)B, because Bees are Better.
Please note that we adhere to the TIA-568B standard of wiring in the London Hackspace connectivity. This is consistent with the existing wiring as well as historic best practices of London Hackspace.  Go with (568)B, because Bees are Better.
The current state of the network patching is being mapped via a [https://docs.google.com/spreadsheets/d/1-rRVlC1wekyFSl9KzApw9KUawMHdcYTQh1nqou1y_b4/edit?usp=sharing Google Sheet]


=== Ground Floor ===
=== Ground Floor ===
Line 127: Line 121:
The third floor is not ours and we (London Hackspace) do not have easy access to it for many changes.  The server room on the third floor is the external demarcation point for the building - the building's existing internet connection is available here along with BT [https://en.wikipedia.org/wiki/British_telephone_socket NTE] (s?) and [https://en.wikipedia.org/wiki/Krone_LSA-PLUS krone] frames.
The third floor is not ours and we (London Hackspace) do not have easy access to it for many changes.  The server room on the third floor is the external demarcation point for the building - the building's existing internet connection is available here along with BT [https://en.wikipedia.org/wiki/British_telephone_socket NTE] (s?) and [https://en.wikipedia.org/wiki/Krone_LSA-PLUS krone] frames.
The uplink cable from the 1st floor appears here.
The uplink cable from the 1st floor appears here.
= Monitoring Services =
There are various monitoring service deployed to keep track of services:
* Grafana has dashboard monitoring various services - [https://stats.london.hackspace.org.uk/d/OfmvriWnz/mqtt?orgId=1&search=open stats.london.hackspace.org.uk]
* An MQTT dashboard for the AC Node / Door system [https://acnode-dash.london.hackspace.org.uk/ acnode-dash.london.hackspace.org.uk]


[[Category:Premises]]
[[Category:Premises]]
[[Category:Infrastructure]]
[[Category:Infrastructure]]
[[Category:Update Needed]]
[[Category:Update Needed]]
Blip2
118

edits

Retrieved from ‘https://wiki.london.hackspace.org.uk/view/Special:MobileDiff/54350...54368