Difference between revisions of "Laboratory 24/Network"
| (46 intermediate revisions by 8 users not shown) | |||
| Line 1: | Line 1: | ||
| − | Lab24 has a number of network points, wired across the false ceiling. These terminate in the | + | |
| + | '''NOTE: IMPORTANT: THIS PAGE IS FOR THE OLD HACKSPACE! IT IS TOTALLY OUT OF DATE!''' | ||
| + | |||
| + | |||
| + | Lab24 has a number of network points, wired across the false ceiling. These terminate in the quiet/class room cabinet. | ||
See also [[Laboratory_24/Infrastructure#Networking|Infrastructure]] and [[System_naming]] and [[Member_accounts]]. | See also [[Laboratory_24/Infrastructure#Networking|Infrastructure]] and [[System_naming]] and [[Member_accounts]]. | ||
| Line 5: | Line 9: | ||
== Addressing == | == Addressing == | ||
| − | The space's dns zone is lan. | + | The space's dns zone is lan.hack.rs. NB if you change this you'll need to update SNMP in cacti. |
Our IP range (assigned in ChaosVPN) is 172.31.24.0/23. | Our IP range (assigned in ChaosVPN) is 172.31.24.0/23. | ||
| + | |||
| + | We use 172.31.24.0/24 on the lan, 172.31.25.0/24 is currently unused. | ||
| + | |||
| + | For ipv6 we've got 2001:470:92f1::/48 and we use 2001:470:92f1::/64 on the lan. We used to use 2001:470:92f1:a000::/60 for the cerowrt box but don't anymore. Those are he.net ranges, owned by [[User:Ms7821]] | ||
| + | |||
| + | == Diagrams == | ||
| + | |||
| + | === Layer 1 === | ||
| + | |||
| + | All these diagrams are wrong. | ||
| + | |||
| + | [[File:NetworkLayer1.png]] | ||
| + | |||
| + | sw/n is switch port n | ||
| + | |||
| + | === Layer 2 === | ||
| + | [[File:NetworkLayer2.png]] | ||
| + | |||
| + | Mac addresses without names where unknown at the time the diagram was generated. | ||
| + | |||
| + | Port 24 has the fonera on it, which is why it has so many things. | ||
| + | |||
| + | No, i don't know why babbage has 2 mac addresses. | ||
| + | |||
| + | === Layer 3 (ipv4) === | ||
| + | [[File:Hackspace-internet.png]] | ||
== Internet Routing == | == Internet Routing == | ||
| − | |||
Our internet is the Be Pro service: | Our internet is the Be Pro service: | ||
| − | IP: | + | IP: 46.65.36.25 |
| − | Netmask: 255.255. | + | Netmask: 255.255.255.0 |
| − | Gateway: | + | Gateway: 46.65.36.1 |
| − | DNS 1: | + | DNS 1: 194.109.6.66 |
| − | DNS 2: | + | DNS 2: 168.95.1.1 |
| + | |||
| + | We use a Draytek Vigor 120 modem which simply bridges the ADSL to ethernet. You can access this at http://192.168.2.1 (no username/password). The Internet light doesn't come on, presumably because it's in bridge mode. '''NB it doesn't like the LAN port being disconnected: doing it twice in short succession will cause it to stop responding to traffic on that port (presumably some weird arp issue). Restart both the router and modem at the same time to prevent this.''' | ||
| − | + | Routing is handled by [[Church]], and the wireless is handled by the [[Ubiquiti]]. | |
| − | + | <s>In addition to the Fonera (and probably replaceing it?) we have a Netgear 3700v2 donated by Dave Täht of the [http://www.bufferbloat.net bufferbloat] project. It runs a custom build of OpenWRT called [http://www.bufferbloat.net/projects/cerowrt CeroWRT] please see that page for builds and installation instructions.</s> | |
== IPv6 == | == IPv6 == | ||
| − | We also advertise and route IPv6 within the space. This is currently tunnelled to [http://tunnelbroker.net Hurricane Electric]. The account is currently with [[User:Ms7821|Mark]], but will be transferred | + | We also advertise and route IPv6 within the space. This is currently tunnelled to [http://tunnelbroker.net Hurricane Electric]. The account is currently with [[User:Ms7821|Mark]], but will be transferred whenever someone asks. |
IP prefix: 2001:470:92f1::/48 | IP prefix: 2001:470:92f1::/48 | ||
| + | |||
| + | Church/hack.rs: 2001:470:92f1::1 | ||
We do not use DHCP for IPv6 at the moment, so do not provide automatic rDNS. [[System naming|Servers]] are set up for DNS under hack.rs, which is also currently with [[User:Ms7821|Mark]]. | We do not use DHCP for IPv6 at the moment, so do not provide automatic rDNS. [[System naming|Servers]] are set up for DNS under hack.rs, which is also currently with [[User:Ms7821|Mark]]. | ||
| + | |||
| + | As an experiment, we block inbound IPv6 except for port 22 (ssh), on the assumption that most people don't even realise IPv6 is on. Please shout if you actually need inbound connections to the space. DNS isn't enabled yet. | ||
| + | |||
| + | == Wifi == | ||
| + | <s>We've got a Cerowrt box to test. It's routing the subnets 172.31.25.0/24 and 2001:470:92f1:a::/60. | ||
| + | |||
| + | IP: 172.31.24.10 | ||
| + | IPv6: 2001:470:92f1::3 | ||
| + | </s> | ||
| + | |||
| + | We have a Uqiquiti [[UniFi AP]] (Flying saucer shaped thing in on the ceiling of the main room), if configured from [https://babbage.lan.hack.rs:8443/manage babbage]. It does 802.11bgn on 2.4Ghz | ||
| + | |||
| + | We also have a Netgear WNDR3700v2 (thin black box on top of the rack). - this used to run cerowrt but has now been changed to OpenWRT - CeroWRT want's to route everything which isn't useful for us and also it was using SSID's that no-one used. It does 802.11an on 5Ghz. [http://wndr3700v2/ config interface here]. The reg domain was 'fixed' to support GB properly using [http://smorgasbord.gavagai.nl/2010/09/wifi-regulatory-compliance-and-how-to-fix-it/ this guide]. If you have problems with 5Ghz just switch this access point off and tell the mailing list that you have done so! :) | ||
| + | |||
| + | We have 2 ssid's: | ||
| + | |||
| + | LondonHackspace - WPA2PSK, you can find the key written on posters on the walls of the rooms in the hackspace. | ||
| + | |||
| + | spacenet - currently experimental and unfinished [http://spacefed.net spacefed] deployment. | ||
== Switches == | == Switches == | ||
| − | 3com (always on), in the space dns zone as 'switch'. The switch is a [http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3CR17501-91 3CR17501-91] | + | <s>3com (always on), in the space dns zone as 'switch'. The switch is a [http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3CR17501-91 3CR17501-91], and is at 172.31.24.2. Please don't play.</s> |
| + | |||
| + | <s>Replaced with a pair of HP ProCurve 2848's. | ||
| + | |||
| + | They are connected together via a 2 port trunk on ports 47 and 48. | ||
| + | |||
| + | They run different versions of the firmware, and should probably be upgraded sometime.</s> | ||
| + | |||
| + | Core Switches are now a pair of Cisco Catalyst 4948's - see [[cisco1]] & [[cisco2]]. | ||
| + | |||
| + | We also have 2 small unmanaged switches, one is under the laser cutter for coolbot and layz0rs, and one is by the smaller touchtable and was used for the stratasys. Both should be replaceable (or almost replaceable) by the new cabling. | ||
| + | |||
| + | We also have 2 more Cisco switches, a 3560 Poe-24 (24 port + 2 x gigabit sfp's) and a 2550 (24 port, 2 x gigabit gbics). We have copper SFP's but the copper gbics we've got don't fit in the switch!, see [[cisco3]] & [[cisco4]]. We have fibre sfp's and some bits of fibre instead. | ||
== Servers == | == Servers == | ||
| − | * [[Babbage]] | + | * [[Babbage]] monitoring, IRC, storage, general purpose server (always on) |
| − | ** [[Gutenberg]] (HP LaserJet 1022), | + | ** [[Gutenberg]] (HP LaserJet 1022), shared via cups (ipp) |
| − | ** | + | ** Webcams |
| − | ** | + | ** <s>3G dongle</s> |
| − | * | + | ** Apache for http://hack.rs |
| − | + | * [[Bell]] The door/building management controller (always on) | |
| + | * <s>[[Flowers]] The door/building management controller (always on)</s> | ||
| + | * [[boole]] | ||
| + | * [[church]] | ||
== Workstations == | == Workstations == | ||
* [[Lovelace]] Makerbot | * [[Lovelace]] Makerbot | ||
*<s> [[Flowers]] Media PC (currently unused)</s> | *<s> [[Flowers]] Media PC (currently unused)</s> | ||
| − | * [[ | + | * [[Patel]] laser cutter (hackspaceremote/hackspace maps to password-less user hackspace) |
* [[Postel]] The SGI O2 | * [[Postel]] The SGI O2 | ||
| + | * Difference Desktop PC | ||
* Touch table PC | * Touch table PC | ||
| Line 59: | Line 127: | ||
Some servers, such as [[Babbage#Services|Babbage]], run services written for the space, typically running in a screen session. The code for these can be found on [http://github.com/londonhackspace Github]. | Some servers, such as [[Babbage#Services|Babbage]], run services written for the space, typically running in a screen session. The code for these can be found on [http://github.com/londonhackspace Github]. | ||
| + | |||
| + | |||
| + | == Bikeshed == | ||
| + | |||
| + | A list of things that could be done to make the network better. | ||
| + | |||
| + | === Problems === | ||
| + | |||
| + | * Look into why there are speed and duplex issues between the modem and church | ||
| + | |||
| + | * Simple fix is to add a new VLAN on the switch, and stick two ports in it. Should prevent any issues with autoneg between devices. | ||
| + | * But would create other issues with having the internet side patched into the switch making it more liable to breakage through patching errors | ||
| + | |||
| + | * Alix board has N-spec minipci card in it but the kernel needs recompiling to allow us to use it on EU frequencies | ||
| + | * Wifi dropping packets | ||
| + | |||
| + | === Improvements === | ||
| + | |||
| + | # Look into using QoS. | ||
| + | # Simultaneous 5/2.4GHz N WiFi. | ||
| + | * Airport Extreme | ||
| + | * Cisco-Linksys Maximum Performance E4200 | ||
| + | * Keep the Cisco for 2.4GHz and get a dedicated 5Ghz | ||
| + | |||
| + | === TODO === | ||
| + | |||
| + | * This page is fairly out of date (e.g. missing the ubiquti thingy), update it | ||
| + | * syslog server | ||
| + | * church upgrade | ||
| + | * sort out the switches | ||
| + | * finish physical cabling. | ||
| + | * ^-- those 3 depend on finishing the ebay stuff... | ||
Latest revision as of 21:54, 9 January 2016
NOTE: IMPORTANT: THIS PAGE IS FOR THE OLD HACKSPACE! IT IS TOTALLY OUT OF DATE!
Lab24 has a number of network points, wired across the false ceiling. These terminate in the quiet/class room cabinet.
See also Infrastructure and System_naming and Member_accounts.
Addressing
The space's dns zone is lan.hack.rs. NB if you change this you'll need to update SNMP in cacti. Our IP range (assigned in ChaosVPN) is 172.31.24.0/23.
We use 172.31.24.0/24 on the lan, 172.31.25.0/24 is currently unused.
For ipv6 we've got 2001:470:92f1::/48 and we use 2001:470:92f1::/64 on the lan. We used to use 2001:470:92f1:a000::/60 for the cerowrt box but don't anymore. Those are he.net ranges, owned by User:Ms7821
Diagrams
Layer 1
All these diagrams are wrong.
sw/n is switch port n
Layer 2
Mac addresses without names where unknown at the time the diagram was generated.
Port 24 has the fonera on it, which is why it has so many things.
No, i don't know why babbage has 2 mac addresses.
Layer 3 (ipv4)
Internet Routing
Our internet is the Be Pro service:
IP: 46.65.36.25 Netmask: 255.255.255.0 Gateway: 46.65.36.1 DNS 1: 194.109.6.66 DNS 2: 168.95.1.1
We use a Draytek Vigor 120 modem which simply bridges the ADSL to ethernet. You can access this at http://192.168.2.1 (no username/password). The Internet light doesn't come on, presumably because it's in bridge mode. NB it doesn't like the LAN port being disconnected: doing it twice in short succession will cause it to stop responding to traffic on that port (presumably some weird arp issue). Restart both the router and modem at the same time to prevent this.
Routing is handled by Church, and the wireless is handled by the Ubiquiti.
In addition to the Fonera (and probably replaceing it?) we have a Netgear 3700v2 donated by Dave Täht of the bufferbloat project. It runs a custom build of OpenWRT called CeroWRT please see that page for builds and installation instructions.
IPv6
We also advertise and route IPv6 within the space. This is currently tunnelled to Hurricane Electric. The account is currently with Mark, but will be transferred whenever someone asks.
IP prefix: 2001:470:92f1::/48
Church/hack.rs: 2001:470:92f1::1
We do not use DHCP for IPv6 at the moment, so do not provide automatic rDNS. Servers are set up for DNS under hack.rs, which is also currently with Mark.
As an experiment, we block inbound IPv6 except for port 22 (ssh), on the assumption that most people don't even realise IPv6 is on. Please shout if you actually need inbound connections to the space. DNS isn't enabled yet.
Wifi
We've got a Cerowrt box to test. It's routing the subnets 172.31.25.0/24 and 2001:470:92f1:a::/60.
IP: 172.31.24.10 IPv6: 2001:470:92f1::3
We have a Uqiquiti UniFi AP (Flying saucer shaped thing in on the ceiling of the main room), if configured from babbage. It does 802.11bgn on 2.4Ghz
We also have a Netgear WNDR3700v2 (thin black box on top of the rack). - this used to run cerowrt but has now been changed to OpenWRT - CeroWRT want's to route everything which isn't useful for us and also it was using SSID's that no-one used. It does 802.11an on 5Ghz. config interface here. The reg domain was 'fixed' to support GB properly using this guide. If you have problems with 5Ghz just switch this access point off and tell the mailing list that you have done so! :)
We have 2 ssid's:
LondonHackspace - WPA2PSK, you can find the key written on posters on the walls of the rooms in the hackspace.
spacenet - currently experimental and unfinished spacefed deployment.
Switches
3com (always on), in the space dns zone as 'switch'. The switch is a 3CR17501-91, and is at 172.31.24.2. Please don't play.
Replaced with a pair of HP ProCurve 2848's.
They are connected together via a 2 port trunk on ports 47 and 48.
They run different versions of the firmware, and should probably be upgraded sometime.
Core Switches are now a pair of Cisco Catalyst 4948's - see cisco1 & cisco2.
We also have 2 small unmanaged switches, one is under the laser cutter for coolbot and layz0rs, and one is by the smaller touchtable and was used for the stratasys. Both should be replaceable (or almost replaceable) by the new cabling.
We also have 2 more Cisco switches, a 3560 Poe-24 (24 port + 2 x gigabit sfp's) and a 2550 (24 port, 2 x gigabit gbics). We have copper SFP's but the copper gbics we've got don't fit in the switch!, see cisco3 & cisco4. We have fibre sfp's and some bits of fibre instead.
Servers
- Babbage monitoring, IRC, storage, general purpose server (always on)
- Gutenberg (HP LaserJet 1022), shared via cups (ipp)
- Webcams
3G dongle- Apache for http://hack.rs
- Bell The door/building management controller (always on)
Flowers The door/building management controller (always on)- boole
- church
Workstations
- Lovelace Makerbot
Flowers Media PC (currently unused)- Patel laser cutter (hackspaceremote/hackspace maps to password-less user hackspace)
- Postel The SGI O2
- Difference Desktop PC
- Touch table PC
Outside Lab24: Turing Bitfolk VM
Working on the network
All members have access to the servers, and with that, the ability to make changes. It's crucial to remember that this is a shared network and any changes you make will affect others. In particular, please don't install updates or restart machines without a good reason and checking on IRC first.
Each piece of hardware will have its own logbook page on the wiki, where you should log significant changes and problems.
Some servers, such as Babbage, run services written for the space, typically running in a screen session. The code for these can be found on Github.
Bikeshed
A list of things that could be done to make the network better.
Problems
- Look into why there are speed and duplex issues between the modem and church
* Simple fix is to add a new VLAN on the switch, and stick two ports in it. Should prevent any issues with autoneg between devices. * But would create other issues with having the internet side patched into the switch making it more liable to breakage through patching errors
- Alix board has N-spec minipci card in it but the kernel needs recompiling to allow us to use it on EU frequencies
- Wifi dropping packets
Improvements
- Look into using QoS.
- Simultaneous 5/2.4GHz N WiFi.
* Airport Extreme * Cisco-Linksys Maximum Performance E4200 * Keep the Cisco for 2.4GHz and get a dedicated 5Ghz
TODO
- This page is fairly out of date (e.g. missing the ubiquti thingy), update it
- syslog server
- church upgrade
- sort out the switches
- finish physical cabling.
- ^-- those 3 depend on finishing the ebay stuff...