Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
(262 intermediate revisions by 46 users not shown)
Line 1: Line 1:
== Uplinks ==
This page was certified [https://www.noisebridge.net/pipermail/rack/2016-March/003152.html 100% current and up to date] by [[User:Rubin110]] at Sun Mar 6 07:58:59 UTC 2016.


=== '''24Mb/5Mb''' currently via Comcast ===
If you're reading this from another point in time, please note that the reality of the situation may be different.
* Comcast Cable (Only internet, no voice or tv service)
** $66.95 per month (After taxes COD at time of install is $169.21) - $3 modem rental per month
** No contract!
** Link speed is ~24Mbit down / ~5Mbit up. More testing during different times of the day would be useful.
** Wonderful quote from the service representative when asked about network filtering: "The network is filtered. Dynamic ips.'' Constantly flowing.'' Upgrading to static is possible through the business department."
** The direct line for the person who took the order is 1-925-349-3300 x644201
** Our confirmation number for this order is: 503691


=== Speakeasy DSL ===
__TOC__
* Speakeasy DSL (On a dry pair - Ordered for the (415) 864 area)
** Service has been delivered and installed at 83c
** Modem acts as a bridge straight into Speakeasy and comes with 1 static IP, 4 more for $20 per month.
*** Currently 66.92.8.180
*** Additional IP added on Jan 26th (requires configuration on firewall) 66.92.8.123
** $105.95 per month - ($99.00 install fee, first month free, hardware included - Paid by Jake)
** Link speed: 6Mb down and 768k up
** 12 month contract (25 day trial period), $300 fee if canceled in contract but outside of stated trial period.
** 1 static ip included
** The direct line for the person (Michelle) who took the order is 1-877-240-4821
** In the future, we can upgrade the DSL to the following:
*** Kinda fast 8Mb down and 768k up. 149.95 per month. Hardware and install waved.
*** Super fast 10Mb and 1Mb up. 179.95 per month. Hardware and install waved.


=== Other uplink possibilities ===
== [[Network Troubleshooting]] ==
* Local wifi link (TBD - no current ETA on install)
We need an antenna and a wifi access point that will uplink to our core switch (we need one of those too)


* Metro fiber
Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.
** [[User:Jof|jof]] called IPN for a rough estimate for construction of fiber to 83c. The sales representative's estimate would be between 90,000USD - 100,000USD for the initial buildout.


* Sonic.net ADSL2
== Disclaimer ==
We're on the waiting list for 18Mb/1Mb ADSL2
  Sometime in the next year service will be available in San Francisco.


* WiMax
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''
Currently this hasn't been very seriously researched


* SFLan
== Free Public Wireless Networks ==
Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.
We may have line of sight to a node if we can bounce off of a local building. This hasn't been seriously researched. We may want to try to get roof access for antennas and should talk to our very quiet neighbors.


I was contacted by Matt Peterson about connecting.  I would be happy to do a site survey to see if you can hit the SFLAN or City wirless deployment from the Valencia Gardens development. That could get you 40Mb/s up and down. - Tim Pozar
The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.


== Hardware ==
The following networks are active:
* '''Noisebridge'''
** No password
** Uplink through Monkeybrains gigabit laser
** 802.11an 5 gHz only
* '''Noisebridge Legacy 2.4 gHz'''
** No password
** Uplink through Monkeybrains gigabit laser
** 802.11an 2.4 gHz only


=== Ownership ===
== Wired network ==
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).


[[User:adi|Andy]] says:
== Local Network Address Information ==
DHCP is offered automatically on the network, if that doesn't work for you here's some more static information...


if hardware has been at NB
* IP Range: 10.20.1.200-10.20.1.254
* Gateway: 10.20.0.1
* Subnet: 255.255.'''254'''.0 (a "slash" /23)
* DNS: 10.20.0.1,208.69.43.23,208.69.40.4,8.8.8.8


1. not on a shelf
Dynamic DNS is provided by the router for DHCP clients on 10.20.0.1/23 which also provides name resolution of some local machines.
2. without a sign
3. without visible use for a month


, it's fair game for repurposing.
== Development ==
* See [[Network/testing]].


=== Current Gear ===
==Network Devices & Services==
* [[Music]]
* [[2D Paper Printer]]
* [[Infrastructure]]


* Currently [[User:Matt|Matt]] has configured a [http://www.soekris.com/net4801.htm Soekris net4801] with flashdist OpenBSD 4.4 build, no fancy GUI exists - just simple vi and a pf.conf config file.  The eventual plan is to ghetto load balance between the Comcast and Speakeasy circuits.
= 2169 Mission =
** Passwords to both devices are in an envelope in the closet in the fishbowl. Or if you are known within the group, ping [[User:Jof|jof]]
** I've done load balancing like this on Linux (and in fact on a Soekris net4801) if anyone's interested I could prep a CF card to do this. [[User:Ryanc|Ryanc]] 18:34, 22 April 2009 (PDT)
* [[User:Ioerror|Jake]] has donated a FON [http://en.wikipedia.org/wiki/FON#La_Fonera_WiFi_Router La Fonera] router that has been liberated with a fresh DD-WRT install.
* A Ruckus Wireless ZoneFlex 2942 access point.
** Takes an 802.1q trunk (with POE!) over a single Cat5/6 cable, and can take up to 8 802.1q tags and broadcast an SSID for each tag. -- [[User:Jof|jof]] 00:51, 4 October 2008 (PDT)


* [[switch1]], a [http://www.cisco.com/en/US/products/hw/switches/ps5213/tsd_products_support_series_home.html Cisco 2940-8TF].
== Uplinks ==
=== Monkeybrains Wireless Link ===
We have a point-to-point wireless link to Monkeybrains on the roof. It is wired into the Monkeybrains NEMA box on the roof, and from there into our own NEMA box in which we house a managed switch. From there the cable enters into the space through the ladder chute in the fox lounge and runs to the rack where it enters the switchboard at port 48. Port 48 is a second redundant run that follows the same path from the rack back to our NEMA box for future projects.


* [[switch2]], a [http://cisco.com/en/US/products/hw/switches/ps637/tsd_products_support_eol_series_home.html Cisco 3512XL].
=== SFBroadband / City of SF / Internet Archive ===


== Topology ==
We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.


[[Image:Noisebridge_net-2008-10-02.png|thumb|right|Older topology, does not include cisco box or ruckus AP]]
There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.


* External IP is assigned via DHCP from Comcast on the Soekris box.
==I want to help!==
** Soekris is now updating a DynDNS domain for the WAN IP - comcast-sfo-noisebridge.dyndns.org -- [[User:Jof|jof]] 20:16, 3 October 2008 (PDT)
Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the [rack mailing list https://www.noisebridge.net/mailman/listinfo/rack].
** cable.noisebridge.net should CNAME here as well.
** If modifying later, beware that Comcast will now only hand out a DHCP lease requested from 00:0A:E4:32:44:6E


* Internal subnet is 172.30.0.0/23
== Router ==
** Soekris box is at 172.30.0.1
Biketrailer is our humble router. It is an Ubiquiti Edgerouter 5-port box running EdgeOS, a fork of Vyatta (a Linux-based router distribution). While the router does provide PoE, it is non-standard passive Ubiquiti PoE which you should avoid using.
** [[switch1]] is at 172.30.0.3
** [[router1]] is at 172.30.0.4 (but has problems.)
** Ruckus AP (on 12th Ethernet port PoE) 172.30.0.5


* There are some existing Ethernet segments that you can patch into. If it has a number written in black marker on the outlet, this number corresponds to the outlet on the patch panel in the fishbowl closet.
The machines currently provides
  * NAT
  * DHCPD
  * DNS (dnsmasq) - .noise local TLD and recursive proxy


== DNS ==
Access is via SSH with keys and a https web interface.


Internal machines (with NAT addresses in 172.30.0.0/23) have names in the <tt>.noise</tt> pseudo-TLD. These names are managed on the Soekris in <tt>/etc/hosts</tt> (NOT in a zone file). After editing <tt>/etc/hosts</tt>, you can SIGHUP the dnsmasq process to trigger a reload.
== Address Allocations ==
===WAN - Monkeybrains===
* Network range: 192.195.83.129/29
* Gateway: 192.195.83.129
* DNS: 208.69.43.23,208.69.40.4
* Subnet Mask: 255.255.255.248


The /etc/hosts file is persistent now (it wasn't back when we used pfSense) so it no longer needs to be maintained on the wiki; the copy on the soekris is canonical now.
====Addresses====
* 192.195.83.130 - 2169.noisebridge.net - biketrailer offering some port forawrding
* 192.195.83.131 - roof switch
* 192.195.83.132 - mode/s receiver
* 192.195.83.133 - unused
* 192.195.83.134 - pegasus.noisebridge.net - pegasus 1 to 1 NAT


== Wireless networks ==
===LAN - 10.20.0.0/22===
====10.20.0.0 - 0.50 Statically address services====


The following networks are active at 83c now:
''Note: This is '''not''' a /24 subnet! The netmask is a /23.''
* '''noisebridge''' - insecure, NAT to Speakeasy via hardware described above.
* '''noisebridge-dsl''' - insecure, NAT to Comcast via standalone WRT54G.  No access to Noisebridge wired network.


The following networks are disabled in the Ruckus AP config:
* 10.20.0.1 - biketrailer
* '''nbsweden''' - insecure, NAT to [https://www.relakks.com/?cid=gb Relakks]. '''not yet functional.''' vlan 21.
* 10.20.0.10 - earl
* '''nbgermany''' - insecure, NAT to Germany via CCC. '''not yet functional.''' vlan 31.
* 10.20.0.11 - West-AP
* '''nbipv6''' - insecure, IPv6 only. '''not yet functional.''' vlan 41.
* 10.20.0.12 - Church-AP
* '''nbanonymous''' - insecure, transparent [[Tor]]. '''not yet functional.''' vlan 51.
* 10.20.0.13 - Central-AP
* '''nbwpa''' - "secured" (so they say) using WPA. '''not yet functional.''' vlan 61.
* 10.20.0.22 - pegasus
* '''nblocal''' - insecure, local-only. No Internet route. '''not yet functional.''' vlan 71.
* 10.20.0.24 - hackitorium-rpi
* 10.20.0.25 - noisebridge-printer-brother
* 10.20.0.31 - kitsune
* 10.20.0.41 - noisebridgebbs
* 10.20.0.42 - flaschen-taschen
* 10.20.0.43 - noiseboard (intent)
* 10.20.0.44 - square (Noisesquare table)
* 10.20.0.45 - bookcase (LEDs on the library bookcase)


== Development ==
====10.20.0.51 - 1.199====
* See [[Network/testing]].
* DHCP-assigned, user-access IP space


=== Installing Gear ===
====10.20.1.200 - 1.254====
* Available for adhoc manual IP address configurations.


[[User:adi|Andy]] says:
=== IPv6 ===
We would like to setup IPv6, some day.


BTW, I've noticed a bunch of networking / computing gear with fans being
== Machine Rack ==
installed in the downstairs networking closet. I would highly recommend
The rack sits on the South wall, it's small and up high to discourage people from messing with it or installing things in it. The internet works, please leave the box alone.
that people not install gear with fans in that closet:


1. the wood/metal shop is very likely to cause your fans to become full
===Can I install/setup boxes on Noisebridge's network?===
of crap and stop working, and/or short out your power supplies.
====Short answer====
'''No.'''


2. the building floods in that corner every spring.
====Long answer====
Noisebridge is here to provide infrastructure for creative projects. We're really good at some things. One thing we suck at is administrating boxes setup on our network. They eat power, internet, the attention span of volunteers, and people who set them up generally are bad at communicating later on down the line when something breaks or a machine magically appears.


We installed a *lot* of spare Cat5 capacity between the upstairs and
Noisebridge network infrastructure policy is as such:
downstairs closets specifically so that there was no need to put more
* Critical infrastructure machines (like our access control system): Low power ok!
gear downstairs.  Please just use the patch panel (label your patches or
* Machines for classes that cannot be hosted on the internet: Low power ok!
they'll be removed!) and install gear upstairs instead.
* Personal machines: NO!
* High power machines: NO!
* Bitcoin minors: NO!
* Torrent boxes: NO!
* Everything else: NO!


(Of course things like DOCSIS mean that we need *some* gear downstairs,
If a machine gets setup on the network without first getting an ok from the [https://www.noisebridge.net/mailman/listinfo/rack rack list], it will be unplugged and thrown in the trash. Please don't host your box at Noisebridge. We can't afford it. Thanks for understanding.
but it should be


1. fanless
===Rack setup===
 
* Patch panel
2. mounted on the wall or high up in the cabinet.)
* Shitty Fucked Dell 48 port switch
 
* Pegasus
 
* Shelf with Biketrailer and POE injectors
 
* Shelf with random RaspberryPis for projects
=== Future Plans ===
* Speaker amp
 
* Power strip
Matt Peterson says:
* UPS
 
In brief my suggestion is plug in both upstreams (Speakeasy ADSL and Comcast Cable) to the soekris,
run a trunk to the switches I donated and use the Cisco AP to beacon out 3  SSID's "noisebridge",
"noisebridge-dsl", "noisebridge-cable".  Each of these would map out to the various outbound ISP's
(some folks may want quicker flickr uploads or faster  firefox downloads or whatever), with the
generic SSID combined both connections (shunt ssh, sip and other latency stuff over the larger
outbound, the rest down the other  connection).  A shell script would monitor outages, reload pf
rules as needed if a connection goes down.  I got as far as making pf do the dual ISP network,
however I never setup the trunk on the switches or Cisco AP (though the equipment is floating
around the space).
 
==Network Devices & Services==
* [[Music]]
* [[Printers]]
* [[Infrastructure]]

Revision as of 11:44, 6 June 2016

This page was certified 100% current and up to date by User:Rubin110 at Sun Mar 6 07:58:59 UTC 2016.

If you're reading this from another point in time, please note that the reality of the situation may be different.

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

Free Public Wireless Networks

Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following networks are active:

  • Noisebridge
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 5 gHz only
  • Noisebridge Legacy 2.4 gHz
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 2.4 gHz only

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

Local Network Address Information

DHCP is offered automatically on the network, if that doesn't work for you here's some more static information...

  • IP Range: 10.20.1.200-10.20.1.254
  • Gateway: 10.20.0.1
  • Subnet: 255.255.254.0 (a "slash" /23)
  • DNS: 10.20.0.1,208.69.43.23,208.69.40.4,8.8.8.8

Dynamic DNS is provided by the router for DHCP clients on 10.20.0.1/23 which also provides name resolution of some local machines.

Development

Network Devices & Services

2169 Mission

Uplinks

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof. It is wired into the Monkeybrains NEMA box on the roof, and from there into our own NEMA box in which we house a managed switch. From there the cable enters into the space through the ladder chute in the fox lounge and runs to the rack where it enters the switchboard at port 48. Port 48 is a second redundant run that follows the same path from the rack back to our NEMA box for future projects.

SFBroadband / City of SF / Internet Archive

We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.

There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.

I want to help!

Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the [rack mailing list https://www.noisebridge.net/mailman/listinfo/rack].

Router

Biketrailer is our humble router. It is an Ubiquiti Edgerouter 5-port box running EdgeOS, a fork of Vyatta (a Linux-based router distribution). While the router does provide PoE, it is non-standard passive Ubiquiti PoE which you should avoid using.

The machines currently provides

  * NAT
  * DHCPD
  * DNS (dnsmasq) - .noise local TLD and recursive proxy

Access is via SSH with keys and a https web interface.

Address Allocations

WAN - Monkeybrains

  • Network range: 192.195.83.129/29
  • Gateway: 192.195.83.129
  • DNS: 208.69.43.23,208.69.40.4
  • Subnet Mask: 255.255.255.248

Addresses

  • 192.195.83.130 - 2169.noisebridge.net - biketrailer offering some port forawrding
  • 192.195.83.131 - roof switch
  • 192.195.83.132 - mode/s receiver
  • 192.195.83.133 - unused
  • 192.195.83.134 - pegasus.noisebridge.net - pegasus 1 to 1 NAT

LAN - 10.20.0.0/22

10.20.0.0 - 0.50 Statically address services

Note: This is not a /24 subnet! The netmask is a /23.

  • 10.20.0.1 - biketrailer
  • 10.20.0.10 - earl
  • 10.20.0.11 - West-AP
  • 10.20.0.12 - Church-AP
  • 10.20.0.13 - Central-AP
  • 10.20.0.22 - pegasus
  • 10.20.0.24 - hackitorium-rpi
  • 10.20.0.25 - noisebridge-printer-brother
  • 10.20.0.31 - kitsune
  • 10.20.0.41 - noisebridgebbs
  • 10.20.0.42 - flaschen-taschen
  • 10.20.0.43 - noiseboard (intent)
  • 10.20.0.44 - square (Noisesquare table)
  • 10.20.0.45 - bookcase (LEDs on the library bookcase)

10.20.0.51 - 1.199

  • DHCP-assigned, user-access IP space

10.20.1.200 - 1.254

  • Available for adhoc manual IP address configurations.

IPv6

We would like to setup IPv6, some day.

Machine Rack

The rack sits on the South wall, it's small and up high to discourage people from messing with it or installing things in it. The internet works, please leave the box alone.

Can I install/setup boxes on Noisebridge's network?

Short answer

No.

Long answer

Noisebridge is here to provide infrastructure for creative projects. We're really good at some things. One thing we suck at is administrating boxes setup on our network. They eat power, internet, the attention span of volunteers, and people who set them up generally are bad at communicating later on down the line when something breaks or a machine magically appears.

Noisebridge network infrastructure policy is as such:

  • Critical infrastructure machines (like our access control system): Low power ok!
  • Machines for classes that cannot be hosted on the internet: Low power ok!
  • Personal machines: NO!
  • High power machines: NO!
  • Bitcoin minors: NO!
  • Torrent boxes: NO!
  • Everything else: NO!

If a machine gets setup on the network without first getting an ok from the rack list, it will be unplugged and thrown in the trash. Please don't host your box at Noisebridge. We can't afford it. Thanks for understanding.

Rack setup

  • Patch panel
  • Shitty Fucked Dell 48 port switch
  • Pegasus
  • Shelf with Biketrailer and POE injectors
  • Shelf with random RaspberryPis for projects
  • Speaker amp
  • Power strip
  • UPS