Laboratory 24/Network: Difference between revisions
Line 64: | Line 64: | ||
<s>3com (always on), in the space dns zone as 'switch'. The switch is a [http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3CR17501-91 3CR17501-91], and is at 172.31.24.2. Please don't play.</s> | <s>3com (always on), in the space dns zone as 'switch'. The switch is a [http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3CR17501-91 3CR17501-91], and is at 172.31.24.2. Please don't play.</s> | ||
Replaced with a pair of HP ProCurve 2848's. | <s>Replaced with a pair of HP ProCurve 2848's. | ||
They are connected together via a 2 port trunk on ports 47 and 48. | They are connected together via a 2 port trunk on ports 47 and 48. | ||
They run different versions of the firmware, and should probably be upgraded sometime. | They run different versions of the firmware, and should probably be upgraded sometime.</s> | ||
Core Switches are now a pair of Cisco Catalyst 4948's - see [[cisco1]] & [[cisco2]]. | |||
We also have 2 small unmanaged switches, one is under the laser cutter for coolbot and layz0rs, and one is by the smaller touchtable and was used for the stratasys. Both should be replaceable (or almost replaceable) by the new cabling. | We also have 2 small unmanaged switches, one is under the laser cutter for coolbot and layz0rs, and one is by the smaller touchtable and was used for the stratasys. Both should be replaceable (or almost replaceable) by the new cabling. |
Revision as of 23:25, 30 October 2012
Lab24 has a number of network points, wired across the false ceiling. These terminate in the quiet/class room cabinet.
See also Infrastructure and System_naming and Member_accounts.
Addressing
The space's dns zone is lan.hack.rs. NB if you change this you'll need to update SNMP in cacti. Our IP range (assigned in ChaosVPN) is 172.31.24.0/23.
Diagrams
Layer 1
sw/n is switch port n
Layer 2
Mac addresses without names where unknown at the time the diagram was generated.
Port 24 has the fonera on it, which is why it has so many things.
No, i don't know why babbage has 2 mac addresses.
Layer 3 (ipv4)
Internet Routing
Our internet is the Be Pro service:
IP: 93.97.176.250 Netmask: 255.255.248.0 Gateway: 93.97.176.1 DNS 1: 87.194.255.154 DNS 2: 87.194.255.155
We use a Draytek Vigor 120 modem which simply bridges the ADSL to ethernet. You can access this at http://192.168.2.1 (no username/password). The Internet light doesn't come on, presumably because it's in bridge mode. NB it doesn't like the LAN port being disconnected: doing it twice in short succession will cause it to stop responding to traffic on that port (presumably some weird arp issue). Restart both the router and modem at the same time to prevent this.
Routing is handled by Church, and the wireless is currently handled by the Fonera.
In addition to the Fonera (and probably replaceing it?) we have a Netgear 3700v2 donated by Dave Täht of the bufferbloat project. It runs a custom build of OpenWRT called CeroWRT please see that page for builds and installation instructions.
IPv6
We also advertise and route IPv6 within the space. This is currently tunnelled to Hurricane Electric. The account is currently with Mark, but will be transferred whenever someone asks.
IP prefix: 2001:470:92f1::/48
Church/hack.rs: 2001:470:92f1::1
We do not use DHCP for IPv6 at the moment, so do not provide automatic rDNS. Servers are set up for DNS under hack.rs, which is also currently with Mark.
As an experiment, we block inbound IPv6 except for port 22 (ssh), on the assumption that most people don't even realise IPv6 is on. Please shout if you actually need inbound connections to the space. DNS isn't enabled yet.
Experimental Wifi
We've got a Cerowrt box to test. It's routing the subnets 172.31.25.0/24 and 2001:470:92f1:a::/60.
IP: 172.31.24.10 IPv6: 2001:470:92f1::3
Switches
3com (always on), in the space dns zone as 'switch'. The switch is a 3CR17501-91, and is at 172.31.24.2. Please don't play.
Replaced with a pair of HP ProCurve 2848's.
They are connected together via a 2 port trunk on ports 47 and 48.
They run different versions of the firmware, and should probably be upgraded sometime.
Core Switches are now a pair of Cisco Catalyst 4948's - see cisco1 & cisco2.
We also have 2 small unmanaged switches, one is under the laser cutter for coolbot and layz0rs, and one is by the smaller touchtable and was used for the stratasys. Both should be replaceable (or almost replaceable) by the new cabling.
Servers
- Babbage monitoring, IRC, storage, general purpose server (always on)
- Gutenberg (HP LaserJet 1022), shared via cups (ipp)
- Webcams
3G dongle- Apache for http://hack.rs
- Bell The door/building management controller (always on)
Flowers The door/building management controller (always on)
Workstations
- Lovelace Makerbot
Flowers Media PC (currently unused)- Patel laser cutter (hackspaceremote/hackspace maps to password-less user hackspace)
- Postel The SGI O2
- Difference Desktop PC
- Touch table PC
Outside Lab24: Turing Bitfolk VM
Working on the network
All members have access to the servers, and with that, the ability to make changes. It's crucial to remember that this is a shared network and any changes you make will affect others. In particular, please don't install updates or restart machines without a good reason and checking on IRC first.
Each piece of hardware will have its own logbook page on the wiki, where you should log significant changes and problems.
Some servers, such as Babbage, run services written for the space, typically running in a screen session. The code for these can be found on Github.
Bikeshed
A list of things that could be done to make the network better.
Problems
- Look into why there are speed and duplex issues between the modem and church
* Simple fix is to add a new VLAN on the switch, and stick two ports in it. Should prevent any issues with autoneg between devices. * But would create other issues with having the internet side patched into the switch making it more liable to breakage through patching errors
- Alix board has N-spec minipci card in it but the kernel needs recompiling to allow us to use it on EU frequencies
- Wifi dropping packets
Improvements
- Look into using QoS.
- Simultaneous 5/2.4GHz N WiFi.
* Airport Extreme * Cisco-Linksys Maximum Performance E4200 * Keep the Cisco for 2.4GHz and get a dedicated 5Ghz
TODO
- This page is fairly out of date (e.g. missing the ubiquti thingy), update it
- syslog server
- church upgrade
- sort out the switches
- finish physical cabling.
- ^-- those 3 depend on finishing the ebay stuff...