Laboratory 24/Network

From London Hackspace Wiki

Lab24 has a number of network points, wired across the false ceiling. These terminate in the quiet/class room cabinet.

See also Infrastructure and System_naming and Member_accounts.

Addressing

The space's dns zone is lan.hack.rs. NB if you change this you'll need to update SNMP in cacti. Our IP range (assigned in ChaosVPN) is 172.31.24.0/23.

We use 172.31.24.0/24 on the lan, 172.31.25.0/24 is currently unused.

For ipv6 we've got 2001:470:92f1::/48 and we use 2001:470:92f1::/64 on the lan. We used to use 2001:470:92f1:a000::/60 for the cerowrt box but don't anymore. Those are he.net ranges, owned by User:Ms7821

Diagrams

Layer 1

All these diagrams are wrong.

 

sw/n is switch port n

Layer 2

 

Mac addresses without names where unknown at the time the diagram was generated.

Port 24 has the fonera on it, which is why it has so many things.

No, i don't know why babbage has 2 mac addresses.

Layer 3 (ipv4)

 

Internet Routing

Our internet is the Be Pro service:

IP:      93.97.176.250
Netmask: 255.255.248.0
Gateway: 93.97.176.1
DNS 1:   87.194.255.154
DNS 2:   87.194.255.155

We use a Draytek Vigor 120 modem which simply bridges the ADSL to ethernet. You can access this at http://192.168.2.1 (no username/password). The Internet light doesn't come on, presumably because it's in bridge mode. NB it doesn't like the LAN port being disconnected: doing it twice in short succession will cause it to stop responding to traffic on that port (presumably some weird arp issue). Restart both the router and modem at the same time to prevent this.

Routing is handled by Church, and the wireless is handled by the Ubiquiti.

In addition to the Fonera (and probably replaceing it?) we have a Netgear 3700v2 donated by Dave Täht of the bufferbloat project. It runs a custom build of OpenWRT called CeroWRT please see that page for builds and installation instructions.

IPv6

We also advertise and route IPv6 within the space. This is currently tunnelled to Hurricane Electric. The account is currently with Mark, but will be transferred whenever someone asks.

IP prefix: 2001:470:92f1::/48
Church/hack.rs: 2001:470:92f1::1

We do not use DHCP for IPv6 at the moment, so do not provide automatic rDNS. Servers are set up for DNS under hack.rs, which is also currently with Mark.

As an experiment, we block inbound IPv6 except for port 22 (ssh), on the assumption that most people don't even realise IPv6 is on. Please shout if you actually need inbound connections to the space. DNS isn't enabled yet.

Experimental Wifi

We've got a Cerowrt box to test. It's routing the subnets 172.31.25.0/24 and 2001:470:92f1:a::/60.

IP: 172.31.24.10
IPv6: 2001:470:92f1::3

Switches

3com (always on), in the space dns zone as 'switch'. The switch is a 3CR17501-91, and is at 172.31.24.2. Please don't play.

Replaced with a pair of HP ProCurve 2848's.

They are connected together via a 2 port trunk on ports 47 and 48.

They run different versions of the firmware, and should probably be upgraded sometime.

Core Switches are now a pair of Cisco Catalyst 4948's - see cisco1 & cisco2.

We also have 2 small unmanaged switches, one is under the laser cutter for coolbot and layz0rs, and one is by the smaller touchtable and was used for the stratasys. Both should be replaceable (or almost replaceable) by the new cabling.

Servers

  • Babbage monitoring, IRC, storage, general purpose server (always on)
  • Bell The door/building management controller (always on)
  • Flowers The door/building management controller (always on)
  • boole
  • church

Workstations

  • Lovelace Makerbot
  • Flowers Media PC (currently unused)
  • Patel laser cutter (hackspaceremote/hackspace maps to password-less user hackspace)
  • Postel The SGI O2
  • Difference Desktop PC
  • Touch table PC

Outside Lab24: Turing Bitfolk VM

Working on the network

All members have access to the servers, and with that, the ability to make changes. It's crucial to remember that this is a shared network and any changes you make will affect others. In particular, please don't install updates or restart machines without a good reason and checking on IRC first.

Each piece of hardware will have its own logbook page on the wiki, where you should log significant changes and problems.

Some servers, such as Babbage, run services written for the space, typically running in a screen session. The code for these can be found on Github.


Bikeshed

A list of things that could be done to make the network better.

Problems

  • Look into why there are speed and duplex issues between the modem and church
* Simple fix is to add a new VLAN on the switch, and stick two ports in it. Should prevent any issues with autoneg between devices.
* But would create other issues with having the internet side patched into the switch making it more liable to breakage through patching errors
  • Alix board has N-spec minipci card in it but the kernel needs recompiling to allow us to use it on EU frequencies
  • Wifi dropping packets

Improvements

  1. Look into using QoS.
  2. Simultaneous 5/2.4GHz N WiFi.
  * Airport Extreme
  * Cisco-Linksys Maximum Performance E4200
  * Keep the Cisco for 2.4GHz and get a dedicated 5Ghz

TODO

  • This page is fairly out of date (e.g. missing the ubiquti thingy), update it
  • syslog server
  • church upgrade
  • sort out the switches
  • finish physical cabling.
  • ^-- those 3 depend on finishing the ebay stuff...