Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
(4 intermediate revisions by the same user not shown)
Line 80: Line 80:


== Address Allocations ==
== Address Allocations ==
===WAN - Monkeybrains===
===WAN - Monkeybrains - 192.195.83.128/29 ===
* Network range: 192.195.83.129/29
* Address range: 192.195.83.129-134
* Gateway: 192.195.83.129
* Gateway: 192.195.83.129
* DNS: 208.69.43.23,208.69.40.4
* DNS: 208.69.43.23, 208.69.40.4
* Subnet Mask: 255.255.255.248
* Subnet Mask: 255.255.255.248


====Addresses====
====Addresses====
* 192.195.83.130 - 2169.noisebridge.net - biketrailer offering some port forawrding
 
* 192.195.83.131 - unused (previous: roof switch)
{| class="wikitable"
* 192.195.83.132 - unused (previous: mode/s receiver)
|-
* 192.195.83.133 - zeppelin
! IP
* 192.195.83.134 - pegasus.noisebridge.net - pegasus 1 to 1 NAT
! DNS
! Info
|-
| 192.195.83.130
| cycletrailer.noisebridge.net
| EdgeRouter ER-4
|-
| 192.195.83.131
|
| Unused
|-
| 192.195.83.132
|
| Unused
|-
| 192.195.83.133
| zeppelin.noisebridge.net
| 1:1 NAT
|-
| 192.195.83.134
| pegasus.noisebridge.net
| 1:1 NAT
|}
 
====Uplink Management - 10.19.0.0/24====
 
{| class="wikitable"
|-
! IP
! DNS (.noise)
! Info
|-
| 10.19.0.1
| cycletrailer
| EdgeRouter ER-4
|-
| 10.19.0.5
| roofswitch
| ToughSwitch/EdgeSwitch 8 port
|}


===LAN - 10.20.0.0/16===
===LAN - 10.20.0.0/16===
Line 105: Line 144:
|-
|-
| 10.20.0.1
| 10.20.0.1
| biketrailer
| cycletrailer
| RouterBOARD 962UiGS-5HacT2HnT
| EdgeRouter ER-4
|-
|-
| 10.20.0.4
| 10.20.0.4
|  
| edgeswitch
| Ubiquiti EdgeSwitch POE+
| Ubiquiti EdgeSwitch POE+
|-
|-
Line 200: Line 239:
| QLC+ Lighting Controller
| QLC+ Lighting Controller
|}
|}


====10.20.0.90 - 0.94====
====10.20.0.90 - 0.94====

Revision as of 05:05, 13 January 2019

This page was certified 100% current and up to date by User:Rubin110 at Sun Mar 6 07:58:59 UTC 2016.

If you're reading this from another point in time, please note that the reality of the situation may be different.

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

Free Public Wireless Networks

Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following networks are active:

  • Noisebridge
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 5 gHz only
  • Noisebridge
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 2.4 gHz only

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

Local Network Address Information

DHCP is offered automatically on the network, if that doesn't work for you here's some more static information...

  • IP Range: 10.20.0.90-10.20.0.94
  • Gateway: 10.20.0.1
  • Subnet: 255.255.254.0 (a "slash" /23)
  • DNS: 10.20.0.1,208.69.43.23,208.69.40.4,8.8.8.8

Dynamic DNS is provided by the router for DHCP clients on 10.20.0.1/23 which also provides name resolution of some local machines.

Development

Network Devices & Services

2169 Mission

Inkscape SVG diagram of physical layer connections

Uplinks

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof, it's a gigabit laser, think of fiber without the physical medium of glass. It is wired into the Monkeybrains NEMA box on the roof, and from there into our own NEMA box in which we house a managed switch. From there the cable enters into the space through the ladder chute in the fox lounge and runs to the rack where it enters the switchboard at port 48. Port 48 is a second redundant run that follows the same path from the rack back to our NEMA box for future projects.

SFBroadband / City of SF / Internet Archive

NB: As of September 2017 this section is out of date. If you're interested in reviving this radio link hit up Patrick

We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.

There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.

I want to help!

Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the [rack mailing list https://www.noisebridge.net/mailman/listinfo/rack].

Router

Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution). While the router does provide PoE, it is non-standard passive Ubiquiti PoE which you should avoid using.

The machines currently provides

  * NAT
  * DHCPD
  * DNS (dnsmasq) - .noise local TLD and recursive proxy

Access is via SSH with keys and a https web interface.

Address Allocations

WAN - Monkeybrains - 192.195.83.128/29

  • Address range: 192.195.83.129-134
  • Gateway: 192.195.83.129
  • DNS: 208.69.43.23, 208.69.40.4
  • Subnet Mask: 255.255.255.248

Addresses

IP DNS Info
192.195.83.130 cycletrailer.noisebridge.net EdgeRouter ER-4
192.195.83.131 Unused
192.195.83.132 Unused
192.195.83.133 zeppelin.noisebridge.net 1:1 NAT
192.195.83.134 pegasus.noisebridge.net 1:1 NAT

Uplink Management - 10.19.0.0/24

IP DNS (.noise) Info
10.19.0.1 cycletrailer EdgeRouter ER-4
10.19.0.5 roofswitch ToughSwitch/EdgeSwitch 8 port

LAN - 10.20.0.0/16

10.20.0.0 - 0.89 Statically address services

Note: This is not a /24 subnet! The netmask is a /16.

IP DNS (.noise) Info
10.20.0.1 cycletrailer EdgeRouter ER-4
10.20.0.4 edgeswitch Ubiquiti EdgeSwitch POE+
10.20.0.5 unifi Unifi Cloud Key
10.20.0.10 earl Raspberry Pi
10.20.0.11 west-ap Unifi AP
10.20.0.12 church-ap Unifi AP
10.20.0.13 center-ap Unifi AP
10.20.0.14 sparkle-ap Unifi AP
10.20.0.15 flaschen-ap Unifi AP
10.20.0.22 pegasus Mini Server
10.20.0.23 entropi Raspberry Pi (Power monitoring)
10.20.0.25 noisebridge-printer-brother
10.20.0.33 cloud nextcloud file share (cloud.noise / share.noise)
10.20.0.39 power-monitor
10.20.0.40 ??? Unknown (to me) raspberry-pi, b8:27:eb:cf:d9:27
10.20.0.41 noisebridgebbs
10.20.0.42 ft Flaschen-Taschen
10.20.0.43 noisebridge-kiosk-1 / noiseboard
10.20.0.44 square Noisesquare table
10.20.0.45 bookcase LEDs on the library bookcase
10.20.0.46 zeppelin
10.20.0.47 Dell PowerConnect 2848 switch in rack (removed due to suspect arp behaviour)
10.20.0.49 Open Lighting Controller (Hackitorium)
10.20.0.50 QLC+ Lighting Controller

10.20.0.90 - 0.94

  • Available for adhoc manual IP address configurations.

10.20.1.0 - 9.254

  • DHCP-assigned, user-access IP space

IPv6

We would like to setup IPv6, some day.

Machine Rack

The rack sits on the South wall, it's small and up high to discourage people from messing with it or installing things in it. The internet works, please leave the box alone.

Can I install/setup boxes on Noisebridge's network?

Short answer

No.

Long answer

Noisebridge is here to provide infrastructure for creative projects. We're really good at some things. One thing we suck at is administrating boxes setup on our network. They eat power, internet, the attention span of volunteers, and people who set them up generally are bad at communicating later on down the line when something breaks or a machine magically appears.

Noisebridge network infrastructure policy is as such:

  • Critical infrastructure machines (like our access control system): Low power ok!
  • Machines for classes that cannot be hosted on the internet: Low power ok!
  • Personal machines: NO!
  • High power machines: NO!
  • Bitcoin miners: NO!
  • Torrent boxes: NO!
  • Everything else: NO!

If a machine gets setup on the network without first getting an ok from the rack list, it will be unplugged and thrown in the trash. Please don't host your box at Noisebridge. We can't afford it. Thanks for understanding.

Rack setup

Rack-front.jpg
RU Item
1-2 Patch Panel
3 TrendNet Unmanaged Switch
4 Ubiquiti EdgeSwitch
5 pegasus.noise
6-7 Shelf with zepplin.noise
7
8
9 EdgeRouter (biketrailer.noise)
10 cloud.noise
11 Power Strip
12 UPS


  • juul's banana pi storage server (two harddrives with heat-sinks strapped to a banana pi)

People's Open Network

There are several nodes from the People's Open Network located at Noisebridge.

Nodes administered by sudo mesh

Here is a link to sudo mesh.

For info/assistance with these nodes you can contact info@sudoroom.org or ask on #peoplesopen.net on freenode IRC (try highlighting juul).

There is a Western Digital My Net N600 (configured as a people's open net home node) mounted on the ceiling close to the pillar by the library (NBiblioteca). It is black with white sides and held to the ceiling by two red straps. This node is announcing the following SSIDs:

  • "peoplesopen.net 📡☠️": On 2.4 GHz channel 6. No password. All traffic routed through the sudo mesh VPN. Bandwidth limited to 50 mbits/sec.
  • "peoplesopen.net 📡☠️ fast": On 5 GHz channel 157. No password. All traffic routed through the sudo mesh VPN. Bandwidth limited to 50 mbits/sec.
  • "admin 📡☠️": On 2.4 channel 6. Has password. Not VPN'ed or bandwidth limited. Used to manage the node.
  • "admin 📡☠️": On 2.4 channel 6 and 5 GHz channel 157. Has password. Not VPN'ed or bandwidth limited. Used to manage the node.
  • "pplsopen.net-node2node": Ad-hoc mode for meshing. On 2.4 channel 6 and 5 GHz channel 157. No password. Uses babeld for meshing. Talk to sudo mesh for details.

The My Net N600 gives out IPs on the 100.65.9.192/26 range which is within the wider People's Open Network range from 100.64.x.x-100.128.x.x

The My Net N600 is connected to the switch above the main hacking tables (the one that has the braid of multicolored ethernet cables coming out of it) using a normal ethernet cable. This is where it gets is internet. Another ethernet cable runs from the node to behind the bottom of the indoor roof ladder where it connects to the non-powered port on a PoE injector. From the powered port on the PoE a grounded and shielded outdoor cable travels to the roof where it connects to a NanoStation M2 pointing east which is broadcasting:

  • "pplsopen.net-node2node": Ad-hoc mode for meshing. On 2.4 GHz channel 1. No password. Uses babeld for meshing. Talk to sudo mesh for details.
  • "peoplesopen.net noisebridge": Access point (master) mode. On 2.4 GHz channel 1. No password.

The NanoStation M2 is connected using its PoE passthrough ethernet port to a NanoBridge M5, which is mounted on a pole next to it. Currently the passthrough is not enabled and that NanoBridge is off. This is because the PoE injector needs to be upgraded to a beefier unit that can power both the NanoStation and the NanoBridge at the same time.

Nodes administered by Max B

The following was written by juul who was not part of installing any of this gear nor does he have admin access (I'm just writing what I'm seeing).

There is a Ubiquiti Bullet (not sure if M2 or M5) mounted out on the fire escape balcony with a high gain omni-directional antenna attached. This is connected via an outdoor shielded and grounded cable up over the side of the building and to a Western Digital My Net (N600 or N750, not sure) which is located in the metal box with the padlock on it. This node is not administered by sudo mesh. It is administered by Max B who is on the Noisebridge Slack.