Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
No edit summary
No edit summary
Line 35: Line 35:




== Topology ==
== Logical Topology ==


[[Image:Noisebridge_net-2008-10-02.png|thumb|right|Older topology, does not include cisco box or ruckus AP]]
* The Soekris provides NAT / Firewalling to hosts inside of 172.30.0.0/24 -- the "inside" network.
 
** The same Soekris holds an external IP from Comcast on sis2, an external IP from Speakeasy on sis1, and 172.30.0.1/24 on sis0.
* External IP is assigned via DHCP from Comcast on the Soekris box.
** Current Comcast IP: 24.5.85.158/21 (Comcast will now only hand out a DHCP lease requested from 00:0A:E4:32:44:6E)
* Currently, the address is 24.5.85.158.
** Current Speakeasy IP: 66.92.8.180/24
** If modifying later, beware that Comcast will now only hand out a DHCP lease requested from 00:0A:E4:32:44:6E
** Comcast does egress filtering, so r00ter can't run asymmetric routing for the DSL IPs over the Comcast link.  This manifests as being able to get out via DSL but not being able to get back in via 83c.noisebridge.net.


* Internal subnet is 172.30.0.0/24
* Internal subnet is 172.30.0.0/24
** Soekris box is at 172.30.0.1
** Soekris box is at 172.30.0.1
** [[switch1]] is at 172.30.0.3
** [[switch1]] is at 172.30.0.3
** [[router1]] is at 172.30.0.4 (but has problems.)
** Ruckus AP (needs hostname) is at 172.30.0.5
** Ruckus AP (on 12th Ethernet port PoE) 172.30.0.5
*** Default login is "super"/"sp-admin"
*** Default login is "super"/"sp-admin"


* There are some existing Ethernet segments that you can patch into. If it has a number written in black marker on the outlet, this number corresponds to the outlet on the patch panel in the fishbowl closet.
[[Image:Noisebridge_net-2008-10-02.png|thumb|right|Older topology, does not include cisco box or ruckus AP]]
 


== Physical Topology ==
Connectivity to the outside comes over one copper POTS circuit (Speakeasy/Covad) and some RG-59 coaxial cable. Both circuits terminate in the closet attached to the shop/fishbowl. Most of the networking equipment has moved to the upstairs closet attached to the electronics lab. Still downstairs is the DOCSIS (Cable) modem, as the coax coming in couldn't easily be moved to the upstairs closet.


The copper Ethernet connectivity to baseboard connectors downstairs and the DSL/POTS circuit has been patched to the patch panel in the upstairs closet.


== Uplinks ==
== Uplinks ==
Line 126: Line 125:
== Development ==
== Development ==
* See [[Network/testing]].
* See [[Network/testing]].
=== Installing Gear ===
[[User:adi|Andy]] says:
BTW, I've noticed a bunch of networking / computing gear with fans being
installed in the downstairs networking closet.  I would highly recommend
that people not install gear with fans in that closet:
1. the wood/metal shop is very likely to cause your fans to become full
of crap and stop working, and/or short out your power supplies.
2. the building floods in that corner every spring.
We installed a *lot* of spare Cat5 capacity between the upstairs and
downstairs closets specifically so that there was no need to put more
gear downstairs.  Please just use the patch panel (label your patches or
they'll be removed!) and install gear upstairs instead.
(Of course things like DOCSIS mean that we need *some* gear downstairs,
but it should be
1. fanless
2. mounted on the wall or high up in the cabinet.)
=== Future Plans ===
Matt Peterson says:
In brief my suggestion is plug in both upstreams (Speakeasy ADSL and Comcast Cable) to the soekris,
run a trunk to the switches I donated and use the Cisco AP to beacon out 3  SSID's "noisebridge",
"noisebridge-dsl", "noisebridge-cable".  Each of these would map out to the various outbound ISP's
(some folks may want quicker flickr uploads or faster  firefox downloads or whatever), with the
generic SSID combined both connections (shunt ssh, sip and other latency stuff over the larger
outbound, the rest down the other  connection).  A shell script would monitor outages, reload pf
rules as needed if a connection goes down.  I got as far as making pf do the dual ISP network,
however I never setup the trunk on the switches or Cisco AP (though the equipment is floating
around the space).


==Network Devices & Services==
==Network Devices & Services==

Revision as of 18:32, 10 June 2009

Status

There is an external status monitor at status.noisebridge.net. If something is wrong with the network at 83c, you should contact an admin.

The Ops personnel can be reached by calling (650) 248-2445 24/7.

It's 2 AM And The Admins Are Asleep

If no admin responds within a reasonable period of time (say, an hour), take matters into your own hands and send mail to noisebridge-discuss with answers to the following questions:

  • Who are you?
  • What happened?
  • When did the problem begin? (If you were able to find out.)
  • When was the problem noticed?
  • When did it get fixed?
  • What did you do to fix it? Please err on the side of too much detail rather than not enough.

Please try to observe the guidelines for network maintenance, but use your Most Excellent Judgment if something there doesn't seem to apply.

Hardware

Current Gear

Future Gear

Logical Topology

  • The Soekris provides NAT / Firewalling to hosts inside of 172.30.0.0/24 -- the "inside" network.
    • The same Soekris holds an external IP from Comcast on sis2, an external IP from Speakeasy on sis1, and 172.30.0.1/24 on sis0.
    • Current Comcast IP: 24.5.85.158/21 (Comcast will now only hand out a DHCP lease requested from 00:0A:E4:32:44:6E)
    • Current Speakeasy IP: 66.92.8.180/24
  • Internal subnet is 172.30.0.0/24
    • Soekris box is at 172.30.0.1
    • switch1 is at 172.30.0.3
    • Ruckus AP (needs hostname) is at 172.30.0.5
      • Default login is "super"/"sp-admin"
Older topology, does not include cisco box or ruckus AP

Physical Topology

Connectivity to the outside comes over one copper POTS circuit (Speakeasy/Covad) and some RG-59 coaxial cable. Both circuits terminate in the closet attached to the shop/fishbowl. Most of the networking equipment has moved to the upstairs closet attached to the electronics lab. Still downstairs is the DOCSIS (Cable) modem, as the coax coming in couldn't easily be moved to the upstairs closet.

The copper Ethernet connectivity to baseboard connectors downstairs and the DSL/POTS circuit has been patched to the patch panel in the upstairs closet.

Uplinks

24Mb/5Mb currently via Comcast

  • Comcast Cable (Only internet, no voice or tv service)
    • $66.95 per month (After taxes COD at time of install is $169.21) - $3 modem rental per month
    • No contract!
    • Link speed is ~24Mbit down / ~5Mbit up. More testing during different times of the day would be useful.
    • Wonderful quote from the service representative when asked about network filtering: "The network is filtered. Dynamic ips. Constantly flowing. Upgrading to static is possible through the business department."
    • The direct line for the person who took the order is 1-925-349-3300 x644201
    • Our confirmation number for this order is: 503691

Speakeasy DSL

  • Speakeasy DSL (On a dry pair - Ordered for the (415) 864 area)
    • Service has been delivered and installed at 83c
    • Modem acts as a bridge straight into Speakeasy and comes with 1 static IP, 4 more for $20 per month.
      • Currently 66.92.8.180
      • Additional IP added on Jan 26th (requires configuration on firewall) 66.92.8.123
    • $105.95 per month - ($99.00 install fee, first month free, hardware included - Paid by Jake)
    • Link speed: 6Mb down and 768k up
    • 12 month contract (25 day trial period), $300 fee if canceled in contract but outside of stated trial period.
    • 1 static ip included
    • The direct line for the person (Michelle) who took the order is 1-877-240-4821
    • In the future, we can upgrade the DSL to the following:
      • Kinda fast 8Mb down and 768k up. 149.95 per month. Hardware and install waved.
      • Super fast 10Mb and 1Mb up. 179.95 per month. Hardware and install waved.

Other uplink possibilities

  • Local wifi link (TBD - no current ETA on install)
We need an antenna and a wifi access point that will uplink to our core switch (we need one of those too)
  • Metro fiber
    • jof called IPN for a rough estimate for construction of fiber to 83c. The sales representative's estimate would be between 90,000USD - 100,000USD for the initial buildout.
  • Sonic.net ADSL2
We're on the waiting list for 18Mb/1Mb ADSL2
 Sometime in the next year service will be available in San Francisco.
  • WiMax
Currently this hasn't been very seriously researched 
  • SFLan

We may have line of sight to a node if we can bounce off of a local building. This hasn't been seriously researched. We may want to try to get roof access for antennas and should talk to our very quiet neighbors.

I was contacted by Matt Peterson about connecting. I would be happy to do a site survey to see if you can hit the SFLAN or City wirless deployment from the Valencia Gardens development. That could get you 40Mb/s up and down. - Tim Pozar


DNS

Internal machines (with NAT addresses in 172.30.0.0/24) have names in the .noise pseudo-TLD. These names are managed on the Soekris in /etc/hosts (NOT in a zone file). After editing /etc/hosts, you can SIGHUP the dnsmasq process to trigger a reload.

The /etc/hosts file is persistent now (it wasn't back when we used pfSense) so it no longer needs to be maintained on the wiki; the copy on the soekris is canonical now.

Wireless networks

The following networks are active at 83c now:

  • noisebridge - insecure, NAT to Speakeasy via hardware described above.
  • noisebridge-dsl - insecure, NAT to Comcast via standalone WRT54G. No access to Noisebridge wired network.

The following networks are disabled in the Ruckus AP config:

  • nbsweden - insecure, NAT to Relakks. not yet functional. vlan 21.
  • nbgermany - insecure, NAT to Germany via CCC. not yet functional. vlan 31.
  • nbipv6 - insecure, IPv6 only. not yet functional. vlan 41.
  • nbanonymous - insecure, transparent Tor. not yet functional. vlan 51.
  • nbwpa - "secured" (so they say) using WPA. not yet functional. vlan 61.
  • nblocal - insecure, local-only. No Internet route. not yet functional. vlan 71.

Development

Network Devices & Services