Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
(187 intermediate revisions by 45 users not shown)
Line 1: Line 1:
== Status ==
This page was certified [https://www.noisebridge.net/pipermail/rack/2016-March/003152.html 100% current and up to date] by [[User:Rubin110]] at Sun Mar 6 07:58:59 UTC 2016.


Noisebridge is sprung!
If you're reading this from another point in time, please note that the reality of the situation may be different.
 
__TOC__


== [[Network Troubleshooting]] ==
== [[Network Troubleshooting]] ==
Line 7: Line 9:
Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.
Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.


== DNS ==
== Disclaimer ==


Dynamic DNS is provided by the nat machine for DHCP clients on 172.30.0.30/24.  Resolution of machines with static addresses is done by ipv4 or ipv6 mDNS and dynamic DNS entries on the nat machine from the DHCP service.
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''


== Wireless networks ==
== Free Public Wireless Networks ==
Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.


The following networks are active at 2169 now:
The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.
* '''noisebridge''' - No encryption, NATted via the Monkeybrains link, 802.11bg
 
* '''noisebridge-a''' - No encryption, NATted via the Monkeybrains link, 802.11a
The following networks are active:
* '''Noisebridge'''
** No password
** Uplink through Monkeybrains gigabit laser
** 802.11an 5 gHz only
* '''Noisebridge Legacy 2.4 gHz'''
** No password
** Uplink through Monkeybrains gigabit laser
** 802.11an 2.4 gHz only
 
== Wired network ==
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).
 
== Local Network Address Information ==
DHCP is offered automatically on the network, if that doesn't work for you here's some more static information...
 
* IP Range: 10.20.1.200-10.20.1.254
* Gateway: 10.20.0.1
* Subnet: 255.255.'''254'''.0 (a "slash" /23)
* DNS: 10.20.0.1,208.69.43.23,208.69.40.4,8.8.8.8
 
Dynamic DNS is provided by the router for DHCP clients on 10.20.0.1/23 which also provides name resolution of some local machines.


== Development ==
== Development ==
Line 22: Line 46:
==Network Devices & Services==
==Network Devices & Services==
* [[Music]]
* [[Music]]
* [[Printers]]
* [[2D Paper Printer]]
* [[Infrastructure]]
* [[Infrastructure]]


= 2169 Mission =
= 2169 Mission =


== DSL Circuit ==
== Uplinks ==
 
=== Monkeybrains Wireless Link ===
There is a Sonic.net Fusion ADSL2+ DSL connection in the building.  The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth. The CPE is a Motorola 2210 ADSL2+.  The admin password is the serial number, written on the bottom.
We have a point-to-point wireless link to Monkeybrains on the roof. It is wired into the Monkeybrains NEMA box on the roof, and from there into our own NEMA box in which we house a managed switch. From there the cable enters into the space through the ladder chute in the fox lounge and runs to the rack where it enters the switchboard at port 48. Port 48 is a second redundant run that follows the same path from the rack back to our NEMA box for future projects.


The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88 - 75.101.62.95.  Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively.  The gateway is 75.101.62.1.
=== SFBroadband / City of SF / Internet Archive ===


The default CPE settings are not correct for our circuit configuration. From a factory reset, do the following to configure the CPE:
We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.


# Configure a computer for 192.168.1.253/24.
There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.
# Connect the computer to the DSL CPE.
# Power cycle the DSL CPE.
# Connect to 192.168.1.254 using your web browser.
# You will be prompted to set a password, use the serial number on the bottom of the DSL CPE.
# Get into expert mode.
# Under configure->connections, set the following:
## VPI: 0
## VCI: 35
## Protocol: Bridged Ethernet LLC/SNAP
## Bridging: on
# Under configure->DHCP server, set the following:
## DHCP Server Enabled: unchecked
# Save and reboot.


[http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02-10NA-UserGuide.pdf Motorola 2210 User Guide]
==I want to help!==
Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the [rack mailing list https://www.noisebridge.net/mailman/listinfo/rack].


== Routers ==
== Router ==
===r00ter===
Biketrailer is our humble router. It is an Ubiquiti Edgerouter 5-port box running EdgeOS, a fork of Vyatta (a Linux-based router distribution). While the router does provide PoE, it is non-standard passive Ubiquiti PoE which you should avoid using.
The Sonic.net router is a Soekris net4801 (hostname: "r00ter") running OpenBSD with some modifications to support running with a flash-backed root filesystem. Its WAN address is 75.101.62.88/24 and its LAN address is 172.30.0.1.  Access is via SSH with a key.


DHCP and DNS services are being provided by r00ter as well: it has a DNS forwarder (dnsmasq), and dhcpd spits out addresses from 172.30.0.0/22 (172.30.0.200 and up).
The machines currently provides
  * NAT
  * DHCPD
  * DNS (dnsmasq) - .noise local TLD and recursive proxy


===gorilla===
Access is via SSH with keys and a https web interface.
The router for our Monkeybrains link (hostname: "gorilla") is also a Soekris running a similar OpenBSD installation. Access is via SSH with a key.


== Address Allocations ==
== Address Allocations ==
The reserved address allocations are:
===WAN - Monkeybrains===
 
* Network range: 192.195.83.129/29
===75.101.62.88/29 from Sonic.net===
* Gateway: 192.195.83.129
We have a range within the encompassing /24: 75.101.62.{88..95}
* DNS: 208.69.43.23,208.69.40.4
* Subnet Mask: 255.255.255.248


* .88 - router ("r00ter")
====Addresses====
* .89 - pony
* 192.195.83.130 - 2169.noisebridge.net - biketrailer offering some port forawrding
* .90 - stallion
* 192.195.83.131 - roof switch
* .91 - Unallocated
* 192.195.83.132 - mode/s receiver
* .92 - Unallocated
* 192.195.83.133 - unused
* .93 - Unallocated
* 192.195.83.134 - pegasus.noisebridge.net - pegasus 1 to 1 NAT
* .94 - Unallocated
* .95 - Unallocated


===172.30.0.0/22 ("inside" network)===
===LAN - 10.20.0.0/22===
====10.20.0.0 - 0.50 Statically address services====


* .1 - r00ter, main soekris router connected to the sonic.net DSL
''Note: This is '''not''' a /24 subnet! The netmask is a /23.''
* .2 - gorilla, soekris router hooked up the monkeybrains link
* .5 - PS3 (goat), usually powered down to save power
* .6 - treechopper, [http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl07288/bpl07288.pdf|HP Laserjet 5Si MX] (working, not hosed)
* .7 - OpenGear IP Power 9258 in supply closet (power1)
* .8 - Dell switch (switch1)
* .9 - Cisco Catalyst 2940 in Susan the Rack, unit 24 (switch2)
* .10 - stallion
* .11 - <strike>Pico AP 802.11bg (ap1)</strike> not used
* .12 - Powerstation AP 802.11a (ap3, above the supply closet)
* .13 - Cisco Aironet 1100 series (ap2, above the supply closet)
* .14 - Cisco Aironet 1100 series (ap4, above the Eastern windows)
* .15 - Cisco Catalyst 3500 XL (switch3)
* .30 - [[Pony]], main sandbox server
* .41 - [[Zebra]], Rebar and jukebox, Brother print server
* .42 - [[Ass]], greeting terminal
* .44 - [[Horsy]]. media center


===172.30.4.0/42 (Tor-ified network)===
* 10.20.0.1 - biketrailer
* .1 - "torbridge" interface on pony
* 10.20.0.10 - earl
* 10.20.0.11 - West-AP
* 10.20.0.12 - Church-AP
* 10.20.0.13 - Central-AP
* 10.20.0.22 - pegasus
* 10.20.0.24 - hackitorium-rpi
* 10.20.0.25 - noisebridge-printer-brother
* 10.20.0.31 - kitsune
* 10.20.0.41 - noisebridgebbs
* 10.20.0.42 - flaschen-taschen
* 10.20.0.43 - noiseboard (intent)
* 10.20.0.44 - square (Noisesquare table)
* 10.20.0.45 - bookcase (LEDs on the library bookcase)


=== 10.100.4.0/23 ChaosVPN Range ===
====10.20.0.51 - 1.199====
* Network in the ChaosVPN
* DHCP-assigned, user-access IP space
** Has yet to be setup. In the future, we may join the network so that we can route to other hackerspaces
* [[http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ip_ranges ChaosVPN Wiki]]


== IP PDU ==
====10.20.1.200 - 1.254====
* Available for adhoc manual IP address configurations.


There is an IP PDU (model "IP 9258") at 172.30.0.7 which can be used to power cycle some of the devices in Susan the Rack.
=== IPv6 ===
 
We would like to setup IPv6, some day.
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Device
|-
|1
|s1
|-
|2
|pony
|-
|3
|switch2.noise
|-
|4
|switch3.noise
|}


== Machine Rack ==
== Machine Rack ==
The rack sits on the South wall, it's small and up high to discourage people from messing with it or installing things in it. The internet works, please leave the box alone.


The rack of machines and switches is counted by U, from the bottom, starting from "1".
===Can I install/setup boxes on Noisebridge's network?===
 
====Short answer====
{|border="1" cellspacing="0" cellpadding="5"
'''No.'''
!"U"/Unit
!Device
|-
|24
|small stuff - soekrises, switch2.noise
|-
|21-23
|unused
|-
|19-20
|patch panel
|-
|18
|switch3.noise (12-port Cisco Cat. 3500 XL)
|-
|17
|switch1
|-
|16
|2 - jim's, for linux user group
|-
|15
|1 - jim's, for linux user group
|-
|14
|hammer - aestetix
|-
|12-13
|unused
|-
|7-11
|pony
|-
|5-6
|rack support for pony
|-
|4
|Mostly unused (IP PDU stuffed in back)
|-
|1-3
|APC
|}
 
== Switch Ports ==
=== switch1 ===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far End
|-
|1
| --
|-
|2
| --
|-
|3
| --
|-
|4
| --
|-
|5
| --
|-
|6
| --
|-
|7
| --
|-
|8
| --
|-
|9
| --
|-
|10
| --
|-
|11
| --
|-
|12
| --
|-
|13
| --
|-
|14
| --
|-
|15
| --
|-
|16
| --
|-
|17
| --
|-
|18
| --
|-
|19
| --
|-
|20
| --
|-
|21
| --
|-
|22
| --
|-
|23
| --
|-
|24
| --
|}
 
===switch2.noise===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far end
|-
|1
|Uplink to switch1 (VLAN 1)
|-
|2
|Fa0/1.switch3 (IEEE 802.1Q trunk, VLANs 1,10,20,702)
|-
|3
|Monkeybrains Wireless CPE (VLAN 10)
|-
|4
|Sonic.net ADSL2+ Modem/CPE (VLAN 20)
|-
|5
|sis0.router (Sonic.net) (VLAN 20)
|-
|6
|sis1.gorilla (VLAN 10)
|-
|7
|sis1.router (VLAN 1)
|-
|8
|sis0.gorilla (VLAN 1)
|}
 
===switch3.noise===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far end
|-
|1
|fa0/2.switch2 (IEEE 802.1Q Trunk, VLANs 1,10,20,702)
|-
|5
|noisebridge-tor AP (VLAN 702)
|-
|6
|ap4 (VLAN 1)
|-
|7
|ap3 (VLAN 1)
|-
|8
|ap2 (VLAN 1)
|-
|9
|stallion.noise inside (VLAN 1)
|-
|10
|eth1.pony (IEEE 802.1Q Trunk, VLANs 1,702)
|-
|11
|eth0.pony (VLAN 20)
|-
|12
|stallion.noise frontend (VLAN 20)
|}
 
== Network Diagram ==
[[Image:2169_network_diagram-2010-04-09.png]]
== KVM ==
 
There is no KVM, but there are monitors and a keyboard dedicated to the machines in the rack.  You can easily recognize it because it's covered in nail polish and you can't see the keycaps.  The delete key is in the upper-right corner of the keyboard, which is handy to know if you want to get into the BIOS of the machines.
 
= Other uplink possibilities =
* Local wifi link (TBD - no current ETA on install)
We need an antenna and a wifi access point that will uplink to our core switch (we need one of those too)
 
* Metro fiber
** [[User:Jof|jof]] called IPN for a rough estimate for construction of fiber to 83c. The sales representative's estimate would be between 90,000USD - 100,000USD for the initial buildout.


* Sonic.net ADSL2
====Long answer====
We have this, woot.
Noisebridge is here to provide infrastructure for creative projects. We're really good at some things. One thing we suck at is administrating boxes setup on our network. They eat power, internet, the attention span of volunteers, and people who set them up generally are bad at communicating later on down the line when something breaks or a machine magically appears.


* WiMax
Noisebridge network infrastructure policy is as such:
Currently this hasn't been very seriously researched
* Critical infrastructure machines (like our access control system): Low power ok!
* Machines for classes that cannot be hosted on the internet: Low power ok!
* Personal machines: NO!
* High power machines: NO!
* Bitcoin minors: NO!
* Torrent boxes: NO!
* Everything else: NO!


* SFLan
If a machine gets setup on the network without first getting an ok from the [https://www.noisebridge.net/mailman/listinfo/rack rack list], it will be unplugged and thrown in the trash. Please don't host your box at Noisebridge. We can't afford it. Thanks for understanding.
We may have line of sight to a node if we can bounce off of a local building. This hasn't been seriously researched. We may want to try to get roof access for antennas and should talk to our very quiet neighbors.


I was contacted by Matt Peterson about connecting.  I would be happy to do a site survey to see if you can hit the SFLAN or City wirless deployment from the Valencia Gardens development.  That could get you 40Mb/s up and down. - Tim Pozar
===Rack setup===
* Patch panel
* Shitty Fucked Dell 48 port switch
* Pegasus
* Shelf with Biketrailer and POE injectors
* Shelf with random RaspberryPis for projects
* Speaker amp
* Power strip
* UPS

Revision as of 11:44, 6 June 2016

This page was certified 100% current and up to date by User:Rubin110 at Sun Mar 6 07:58:59 UTC 2016.

If you're reading this from another point in time, please note that the reality of the situation may be different.

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

Free Public Wireless Networks

Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following networks are active:

  • Noisebridge
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 5 gHz only
  • Noisebridge Legacy 2.4 gHz
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 2.4 gHz only

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

Local Network Address Information

DHCP is offered automatically on the network, if that doesn't work for you here's some more static information...

  • IP Range: 10.20.1.200-10.20.1.254
  • Gateway: 10.20.0.1
  • Subnet: 255.255.254.0 (a "slash" /23)
  • DNS: 10.20.0.1,208.69.43.23,208.69.40.4,8.8.8.8

Dynamic DNS is provided by the router for DHCP clients on 10.20.0.1/23 which also provides name resolution of some local machines.

Development

Network Devices & Services

2169 Mission

Uplinks

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof. It is wired into the Monkeybrains NEMA box on the roof, and from there into our own NEMA box in which we house a managed switch. From there the cable enters into the space through the ladder chute in the fox lounge and runs to the rack where it enters the switchboard at port 48. Port 48 is a second redundant run that follows the same path from the rack back to our NEMA box for future projects.

SFBroadband / City of SF / Internet Archive

We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.

There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.

I want to help!

Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the [rack mailing list https://www.noisebridge.net/mailman/listinfo/rack].

Router

Biketrailer is our humble router. It is an Ubiquiti Edgerouter 5-port box running EdgeOS, a fork of Vyatta (a Linux-based router distribution). While the router does provide PoE, it is non-standard passive Ubiquiti PoE which you should avoid using.

The machines currently provides

  * NAT
  * DHCPD
  * DNS (dnsmasq) - .noise local TLD and recursive proxy

Access is via SSH with keys and a https web interface.

Address Allocations

WAN - Monkeybrains

  • Network range: 192.195.83.129/29
  • Gateway: 192.195.83.129
  • DNS: 208.69.43.23,208.69.40.4
  • Subnet Mask: 255.255.255.248

Addresses

  • 192.195.83.130 - 2169.noisebridge.net - biketrailer offering some port forawrding
  • 192.195.83.131 - roof switch
  • 192.195.83.132 - mode/s receiver
  • 192.195.83.133 - unused
  • 192.195.83.134 - pegasus.noisebridge.net - pegasus 1 to 1 NAT

LAN - 10.20.0.0/22

10.20.0.0 - 0.50 Statically address services

Note: This is not a /24 subnet! The netmask is a /23.

  • 10.20.0.1 - biketrailer
  • 10.20.0.10 - earl
  • 10.20.0.11 - West-AP
  • 10.20.0.12 - Church-AP
  • 10.20.0.13 - Central-AP
  • 10.20.0.22 - pegasus
  • 10.20.0.24 - hackitorium-rpi
  • 10.20.0.25 - noisebridge-printer-brother
  • 10.20.0.31 - kitsune
  • 10.20.0.41 - noisebridgebbs
  • 10.20.0.42 - flaschen-taschen
  • 10.20.0.43 - noiseboard (intent)
  • 10.20.0.44 - square (Noisesquare table)
  • 10.20.0.45 - bookcase (LEDs on the library bookcase)

10.20.0.51 - 1.199

  • DHCP-assigned, user-access IP space

10.20.1.200 - 1.254

  • Available for adhoc manual IP address configurations.

IPv6

We would like to setup IPv6, some day.

Machine Rack

The rack sits on the South wall, it's small and up high to discourage people from messing with it or installing things in it. The internet works, please leave the box alone.

Can I install/setup boxes on Noisebridge's network?

Short answer

No.

Long answer

Noisebridge is here to provide infrastructure for creative projects. We're really good at some things. One thing we suck at is administrating boxes setup on our network. They eat power, internet, the attention span of volunteers, and people who set them up generally are bad at communicating later on down the line when something breaks or a machine magically appears.

Noisebridge network infrastructure policy is as such:

  • Critical infrastructure machines (like our access control system): Low power ok!
  • Machines for classes that cannot be hosted on the internet: Low power ok!
  • Personal machines: NO!
  • High power machines: NO!
  • Bitcoin minors: NO!
  • Torrent boxes: NO!
  • Everything else: NO!

If a machine gets setup on the network without first getting an ok from the rack list, it will be unplugged and thrown in the trash. Please don't host your box at Noisebridge. We can't afford it. Thanks for understanding.

Rack setup

  • Patch panel
  • Shitty Fucked Dell 48 port switch
  • Pegasus
  • Shelf with Biketrailer and POE injectors
  • Shelf with random RaspberryPis for projects
  • Speaker amp
  • Power strip
  • UPS