Difference between revisions of "Resources/Network"

From Noisebridge
Jump to: navigation, search
(172.30.0.0/25 (.1 - .127) Statically-addressed things)
(Update page header.)
 
(149 intermediate revisions by 54 users not shown)
Line 1: Line 1:
 +
If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.
 +
 +
__TOC__
 +
 
== [[Network Troubleshooting]] ==
 
== [[Network Troubleshooting]] ==
  
Line 7: Line 11:
 
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''
 
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''
  
''As much as anyone volunteering at the space could state that we (Noisebridge) can provide you with a secure web browsing experience, this view may not be reflected over all of its members and participants (which is the actual case). Please take our advice and services with a grain of salt and understand that the only sure secure network is one that you setup and operate yourself.''
+
== Free Public Wireless Networks ==
 
+
Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.
''Thank you for reading, please continue now on creating interesting things.''
 
 
 
--[[User:Rubin110|rubin110]] 05:48, 25 December 2010 (UTC)
 
  
== Wireless networks ==
+
The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.
=== Free Open Unsecure Wifi ===
 
Noisebridge generally has two or more unencrypted open wifi access points available for your use. If you can see the "noisebridge-a" network, congratulations, you have an 802.11a-compatible card and should use this network as it is better faster and stronger than the others. If you cannot see noisebridge-a, either it is not working or you do not have an 802.11a card. You probably have an 802.11g card. Hopefully you can see the "noisebridge" network, which is the one you should use in that case. Like any public network, you should regard noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions.
 
  
The following networks are active at 2169 now:
+
The following networks are active:
* '''noisebridge''' - No encryption, NATted via the Sonic.net and Monkeybrains links, 802.11bg
+
* '''Noisebridge'''
* '''noisebridge-a''' - No encryption, NATted via the Sonic.net and Monkeybrains links, 802.11a
+
** No password
* '''noisebridge-tor''' - No encryption, all traffic transparently proxied through tor.
+
** Uplink through Monkeybrains gigabit laser
 +
** 802.11an 5 gHz only
 +
* '''Noisebridge'''
 +
** No password
 +
** Uplink through Monkeybrains gigabit laser
 +
** 802.11an 2.4 gHz only
  
=== Free Encrypted Unsecure Wifi ===
+
== Wired network ==
There are sometimes "secure" or encrypted wireless networks running at Noisebridge for research purposes. Please do not assume that these networks are in any way safer than an open network is; they are not.
+
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).
  
Encrypted wireless only means that anything transmitted between your laptop and the Wifi access point is encrypted. '''This does not guarantee security or privacy at all.''' Someone malicious could simply sit in between the "internet" and the Wifi access point and sniff all of your traffic after the access point unencrypts it, or they can simply figure out how the encryption functions and sit in on what your transmitting, or you use an encryption method that is already broken. In any case, '''using an encrypted Wifi network does not provide any useful security benefits at Noisebridge.'''
+
== Local Network Address Information ==
 +
DHCP is offered automatically on the network, if that doesn't work for you here's some more static information...
  
NOTE: the above statement is only partially true. No technology 'guarantees' security or privacy.  Using the encrypted wifi network at Noisebridge doesn't give you more security since the shared secret is widely known and the space is not secure. But WPA2 is a useful technology in general, and it's not practical to brute force if the [http://wifinetnews.com/archives/2003/11/weakness_in_passphrase_choice_in_wpa_interface.html key is longer than 13 random characters]. By comparison, people who use unencrypted wireless are subject to [http://www.ethicalhacker.net/content/view/182/1/ trivially easy packet sniffing over the wire]. -- [[User:wsargent]]
+
* IP Range: 10.20.0.90-10.20.0.94
 +
* Gateway: 10.20.0.1
 +
* Subnet: 255.255.'''254'''.0 (a "slash" /23)
 +
* DNS: 10.20.0.1,208.69.43.23,208.69.40.4,8.8.8.8
  
In most cases you may encounter more problems trying to get "online" through one of the encrypted networks than using one of the open ones.
+
Dynamic DNS is provided by the router for DHCP clients on 10.20.0.1/23 which also provides name resolution of some local machines.
 
 
A few members of the space have gone out of their way to make the internet run as smooth as possible, part of that is disabling these so called secure networks [where do we call this "secure"?] to give room for the legitimate [citation needed] open ones that work a whole lot better [citation needed].
 
 
 
== DNS ==
 
 
 
Dynamic DNS is provided by the nat machine for DHCP clients on 172.30.0.30/22.  Resolution of machines with static addresses is done by ipv4 or ipv6 mDNS and dynamic DNS entries on the nat machine from the DHCP service.
 
  
 
== Development ==
 
== Development ==
Line 42: Line 44:
 
==Network Devices & Services==
 
==Network Devices & Services==
 
* [[Music]]
 
* [[Music]]
* [[Printers]]
+
* [[2D Paper Printer]]
 
* [[Infrastructure]]
 
* [[Infrastructure]]
  
 
= 2169 Mission =
 
= 2169 Mission =
  
== DSL Circuit ==
+
[[File:Layer1_network_diagram.svg |thumb| alt=Inkscape SVG diagram of physical layer connections]]
  
There is a Sonic.net Fusion ADSL2+ DSL connection in the building. The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth (Tea Room).  The CPE is a Motorola 2210 ADSL2+ and is just outside the Tea Room on the floor. The admin password is the serial number, written on the bottom.
+
== Uplinks ==
 +
=== Monkeybrains Wireless Link ===
 +
We have a point-to-point wireless link to Monkeybrains on the roof, it's a gigabit laser, think of fiber without the physical medium of glass. It is wired into the Monkeybrains NEMA box on the roof, and from there into our own NEMA box in which we house a managed switch. From there the cable enters into the space through the ladder chute in the fox lounge and runs to the rack where it enters the switchboard at port 48. Port 48 is a second redundant run that follows the same path from the rack back to our NEMA box for future projects.
  
The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88 - 75.101.62.95.  Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively.  The gateway is 75.101.62.1.
+
=== SFBroadband / City of SF / Internet Archive ===
  
The default CPE settings are not correct for our circuit configuration. From a factory reset, do the following to configure the CPE:
+
'''NB: As of September 2017 this section is out of date. If you're interested in reviving this radio link hit up [[User:patrickod|Patrick]]'''
  
# Configure a computer for 192.168.1.253/24.
+
We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.
# Connect the computer to the DSL CPE.
 
# Power cycle the DSL CPE.
 
# Connect to 192.168.1.254 using your web browser.
 
# You will be prompted to set a password, use the serial number on the bottom of the DSL CPE.
 
# Get into expert mode.
 
# Under configure->connections, set the following:
 
## VPI: 0
 
## VCI: 35
 
## Protocol: Bridged Ethernet LLC/SNAP
 
## Bridging: on
 
# Under configure->DHCP server, set the following:
 
## DHCP Server Enabled: unchecked
 
# Save and reboot.
 
  
[http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02-10NA-UserGuide.pdf Motorola 2210 User Guide]
+
There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.
  
== Routers ==
+
==I want to help!==
Currently, DHCPd is handing out a default gateway (172.30.0.3) that floats between r00ter and gorilla for automatic ISP failover.
+
Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the [rack mailing list https://www.noisebridge.net/mailman/listinfo/rack].
===r00ter===
 
The Sonic.net router is a Soekris net4801 (hostname: "r00ter") running OpenBSD with some modifications to support running with a flash-backed root filesystem.  Its WAN address is 75.101.62.88/24 and its LAN address is 172.30.0.1.  Access is via SSH with a key.
 
  
DHCP and DNS services are being provided by r00ter as well: it has a DNS forwarder (dnsmasq), and dhcpd spits out addresses from 172.30.0.0/22 (172.30.0.200 and up).
+
== Router ==
  
===gorilla===
+
[[Biketrailer]] is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution). While the router does provide PoE, it is non-standard passive Ubiquiti PoE which you should avoid using.
The router for our Monkeybrains link (hostname: "gorilla") is also a Soekris running a similar OpenBSD installation. Access is via SSH with a key.
 
  
== Address Allocations ==
+
The machines currently provides
The reserved address allocations are:
+
  * NAT
 +
  * DHCPD
 +
  * DNS (dnsmasq) - .noise local TLD and recursive proxy
  
===75.101.62.88/29 from Sonic.net===
+
Access is via SSH with keys and a https web interface.
We have a range within the encompassing /24: 75.101.62.{88..95}
 
  
* .88 - router ("r00ter")
+
== Address Allocations ==
* .89 - pony.noisebridge.net
+
===WAN - Monkeybrains - 192.195.83.128/29 ===
* .90 - stallion.noisebridge.net
+
* Address range: 192.195.83.129-134
* .91 - ChaosVPN la fonera eth0.1
+
* Gateway: 192.195.83.129
* .92 - minotaur.noisebridge.net
+
* DNS: 208.69.43.23, 208.69.40.4
* .93 - [[Noise-Bot|MC Hawking -- The Wheelchair Robot]]
+
* Subnet Mask: 255.255.255.248
* .94 - Unallocated
 
* .95 - Mode-S Equipment (various port-NATings)
 
  
===172.30.0.0/22 ("inside" network)===
+
====Addresses====
====172.30.0.0/25 (.1 - .127) Statically-addressed things====
 
  
* .1 - r00ter - main soekris router connected to the sonic.net DSL (runs OpenBSD and pf)
+
{| class="wikitable"
* .2 - bikeshed, soekris router hooked up the Monkeybrains wireless link (runs Linux and iptables/netfilter)
+
|-
* .3 - CARP interface for r00ter and bikeshed
+
! IP
* .4 - minotaur - console server and network troubleshooting/monitoring box
+
! DNS
* .5 - PS3 (goat), usually powered down to save power
+
! Info
* .6 - treechopper, [http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl07288/bpl07288.pdf|HP Laserjet 5Si MX] (working, not hosed)
+
|-
* .7 - OpenGear IP Power 9258 in supply closet (power1)
+
| 192.195.83.130
* .8 - switch1 - Linksys 48-port gige
+
| cycletrailer.noisebridge.net
* .9 - switch2 - Cisco Catalyst 2940 TWoT
+
| EdgeRouter ER-4
* .10 - stallion - VM hosting server
+
|-
* .11 - ChaosVPN la fonera internal interface (br-lan)
+
| 192.195.83.131
* .12 - ap3 - [http://www.ubnt.com/powerstation Powerstation 5] 802.11a (above the supply closet)
+
|
* .13 - ap2 - Cisco Aironet 1100 series (above the supply closet)
+
| Unused
* .14 - ap4 - Cisco Aironet 1100 series (above the Eastern windows)
+
|-
* .15 - switch3 - DECOMMISSIONED
+
| 192.195.83.132
* .16 - switch4 - DECOMMISSIONED
+
|
* .17 - Cisco Aironet 1220B (wbr1)
+
| Unused
* .18 - Cisco Aironet 1220B (wbr2)
+
|-
* .19 - switch5 - Cisco Catalyst 3550-12T - DECOMMISSIONED
+
| 192.195.83.133
* .20 - D-Link DIR-615 AP (ap5, in Turing)
+
| zeppelin.noisebridge.net
* .30 - [[Pony]], main sandbox server
+
| 1:1 NAT
* .31 - [[Touch_Panels|Touchpanel]] by the door
+
|-
* .32 - [[Touch_Panels|Touchpanel]] by the bar
+
| 192.195.83.134
* .33 - Red Payphone (Linksys PAP2)
+
| pegasus.noisebridge.net
* .34 - Linux Study Group Linksys BBEFS41 Router
+
| 1:1 NAT
* .35 - Cisco IP Phone
+
|}
* .41 - [[Zebra]], Rebar and jukebox, Brother print server
 
* .42 - [[Ass]], greeting terminal
 
* .43 - Cisco SIP Phone
 
* .44 - [[Horsy]]. media center
 
* .48 - [[s3]]
 
* .49 - [[s3]] BMC
 
* .50 - [[Noise-Bot|MC Hawking -- The Wheelchair Robot]]
 
* .51 - Noise-Bot-Server; back-end computing for Noise-Bot
 
* .52 - bunny (on the roof)
 
* .53 - ronin (works with bunny)
 
  
====172.30.0.128/25, 172.30.1.0/24, 172.30.2.0/24, 172.30.3.0/24====
+
====Uplink Management - 10.19.0.0/24====
* DHCP-assigned, user-access IP space
 
  
===172.30.4.0/24 (Tor-ified network)===
+
{| class="wikitable"
 +
|-
 +
! IP
 +
! DNS (.noise)
 +
! Info
 +
|-
 +
| 10.19.0.1
 +
| cycletrailer
 +
| EdgeRouter ER-4
 +
|-
 +
| 10.19.0.5
 +
| roofswitch
 +
| ToughSwitch/EdgeSwitch 8 port
 +
|}
  
Note that 172.30.4.1 transparently proxies TCP connections via privoxy to tor.
+
===LAN - 10.20.0.0/16===
 +
====10.20.0.0 - 0.89 Statically address services====
  
* .1 - "torbridge" interface on pony
+
''Note: This is '''not''' a /24 subnet! The netmask is a /16.''
* .2 - "noisebridge-tor" access point.
 
* .10 - .254 -- Tor-ified clients (served by DHCP)
 
  
=== 10.100.4.0/23 ChaosVPN Range ===
+
{| class="wikitable"
* Network in the ChaosVPN
+
|-
** Has yet to be setup. In the future, we may join the network so that we can route to other hackerspaces
+
! IP
* [http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ip_ranges ChaosVPN Wiki]
+
! DNS (.noise)
 
+
! Info
=== IPv6 ===
+
|-
 
+
| 10.20.0.1
We have IPv6 support on the DSL circuit via a tunnel provided by sonic.net. Some details on how to get the OpenBSD-based flashrd distribution on the routers to tunnel correctly can be found on the [[Flashrd]] page.
+
| cycletrailer
 
+
| EdgeRouter ER-4
Note that using IPv6 in some situations can result in people knowing what model of computer you have and the network card's serial number, because of the way IPv6 stateless address configuration works. If this is a concern, tell your computer not to use IPv6. Ask around Noisebridge if you need help or want more details.
+
|-
 
+
| 10.20.0.4
==== 2001:5a8:4:5630::/60 ====
+
| edgeswitch
 
+
| Ubiquiti EdgeSwitch POE+
This is the IPv6 subnet assigned to us by sonic. We only use the bottom /64 of this /60 so automatic address configuration works right; the other 15/16s of the address space are intentionally wasted. r00ter hands out IPv6 router advertisements for this subnet directly. They're directly routable, but unsolicited incoming traffic is blocked by the firewall to protect the users. This means you can't run an IPv6 server on our IPv6 subnet, but you can connect to other machines on the IPv6 Internet just fine. If you really need to run an IPv6 server for some reason, consider using Teredo.
+
|-
 
+
| 10.20.0.5
== OOB Management ==
+
| unifi
 
+
| Unifi Cloud Key
{|border="1" cellspacing="0" cellpadding="5"
+
|-
!Device
+
| 10.20.0.6
!Where
+
| cyber
!Settings
+
| CyberPower UPS
 +
|-
 +
| 10.20.0.10
 +
| earl
 +
| Raspberry Pi
 +
|-
 +
| 10.20.0.11
 +
| west-ap
 +
| Unifi AP
 +
|-
 +
| 10.20.0.12
 +
| church-ap
 +
| Unifi AP
 +
|-
 +
| 10.20.0.13
 +
| center-ap
 +
| Unifi AP
 +
|-
 +
| 10.20.0.14
 +
| sparkle-ap
 +
| Unifi AP
 +
|-
 +
| 10.20.0.15
 +
| flaschen-ap
 +
| Unifi AP
 +
|-
 +
| 10.20.0.22
 +
| pegasus
 +
| Mini Server
 +
|-
 +
| 10.20.0.23
 +
| entropi
 +
| Raspberry Pi (Power monitoring)
 +
|-
 +
| 10.20.0.25
 +
| noisebridge-printer-brother
 +
|
 +
|-
 +
| 10.20.0.33
 +
| cloud
 +
| nextcloud file share (cloud.noise / share.noise)
 +
|-
 +
| 10.20.0.39
 +
| power-monitor
 +
|
 +
|-
 +
| 10.20.0.40
 +
|
 +
| ??? Unknown (to me) raspberry-pi, b8:27:eb:cf:d9:27
 
|-
 
|-
|gorilla
+
| 10.20.0.41
|ops /dev/ttyS0
+
| noisebridgebbs
|9600
+
|
 
|-
 
|-
|r00ter
+
| 10.20.0.42
|ops /dev/ttyS1
+
| ft
|9600
+
| Flaschen-Taschen
 
|-
 
|-
|Maybe this port doesn't work?
+
| 10.20.0.43
|ops /dev/ttyS2
+
| noisebridge-kiosk-1 / noiseboard
 
|
 
|
 
|-
 
|-
|stallion
+
| 10.20.0.44
|ops /dev/ttyS3
+
| square
 +
| Noisesquare table
 +
|-
 +
| 10.20.0.45
 +
| bookcase
 +
| LEDs on the library bookcase
 +
|-
 +
| 10.20.0.46
 +
| zeppelin
 
|
 
|
 
|-
 
|-
|s2
+
| 10.20.0.47
|ops /dev/ttyS4
 
 
|
 
|
 +
| Dell PowerConnect 2848 switch in rack (removed due to suspect arp behaviour)
 
|-
 
|-
|modem
+
| 10.20.0.49
|ops /dev/ttyS5
 
 
|
 
|
 +
| Open Lighting Controller (Hackitorium)
 
|-
 
|-
 +
| 10.20.0.50
 +
|
 +
| QLC+ Lighting Controller
 
|}
 
|}
  
=== Dial Backup ===
+
====10.20.0.90 - 0.94====
 +
* Available for adhoc manual IP address configurations.
 +
 
 +
====10.20.1.0 - 9.254====
 +
* DHCP-assigned, user-access IP space
  
There is a modem connected to 415 800 6786 which you can call to talk to an mgetty process on the ops machine.  This may be handy if the upstream Internet connections aren't working or you locked yourself out by accident.  Please don't dial out on the modem, it costs money.  Inbound calls on that circuit are free.
+
=== IPv6 ===
 +
We would like to setup IPv6, some day.
  
The modem is a [http://www.usr.com/support/product-template.asp?prod=2806 US Robotics 56K Corporate Analog Modem].  If you don't have a modem in your computer, you might be able to call it using your mobile phone. Just tether your phone to your computer like you normally would, but call our modem instead of calling the number to start the tethering connection.
+
== Machine Rack ==
 +
The rack sits on the South wall, it's small and up high to discourage people from messing with it or installing things in it. The internet works, please leave the box alone.
  
The modem has its remote access feature enabled.  Read the manual for details.
+
===Can I install/setup boxes on Noisebridge's network?===
 +
====Short answer====
 +
'''No.'''
  
== IP PDU ==
+
====Long answer====
 +
Noisebridge is here to provide infrastructure for creative projects. We're really good at some things. One thing we suck at is administrating boxes setup on our network. They eat power, internet, the attention span of volunteers, and people who set them up generally are bad at communicating later on down the line when something breaks or a machine magically appears.
  
There is an IP PDU (model "IP 9258") at 172.30.0.7 which can be used to power cycle some of the devices in Susan the Rack.
+
Noisebridge network infrastructure policy is as such:
 +
* Critical infrastructure machines (like our access control system): Low power ok!
 +
* Machines for classes that cannot be hosted on the internet: Low power ok!
 +
* Personal machines: NO!
 +
* High power machines: NO!
 +
* Bitcoin miners: NO!
 +
* Torrent boxes: NO!
 +
* Everything else: NO!
  
To change the state of the power ports, you'll need to telnet in and run "setpower=11000000". Each index represents a port, "1" is on and "0" is off. Port 1 sometimes doesn't turn on unless you use the web interface, and it might take a couple requests. Just keep clicking the apply button until it looks like power has been applied.
+
If a machine gets setup on the network without first getting an ok from the [https://www.noisebridge.net/mailman/listinfo/rack rack list], it will be unplugged and thrown in the trash. Please don't host your box at Noisebridge. We can't afford it. Thanks for understanding.
  
Changing some settings on the IP 9258 in the web interface may result in the power being cycled on some of the ports.  Don't change settings unless you're prepared to deal with machines spontaneously resetting.
+
===Rack setup===
 +
[[File:rack-front.jpg|right]]
  
{|border="1" cellspacing="0" cellpadding="5"
+
{| class="wikitable"
!Port
 
!Device
 
 
|-
 
|-
|1
+
! RU
|s2
+
! Item
 
|-
 
|-
|2
+
| 1-2
|pony
+
| Patch Panel
 
|-
 
|-
|3
+
| 3
|Power Strip with: Stallion, Sonic.net DSL Modem, and r00ter
+
| TrendNet Unmanaged Switch
 
|-
 
|-
|4
+
| 4
|gorilla
+
| Ubiquiti EdgeSwitch
|}
 
 
 
== Machine Rack ==
 
 
 
The rack of machines and switches is counted by U, from the bottom, starting from "1".
 
 
 
{|border="1" cellspacing="0" cellpadding="5"
 
!"U"/Unit
 
!Device
 
 
|-
 
|-
|22-24
+
| 5
|small stuff shelf
+
| pegasus.noise
 
|-
 
|-
|19-21
+
| 6-7
|EMPTY
+
| Shelf with zepplin.noise
 
|-
 
|-
|18
+
| 7
|NEW switch1 (Linksys SRW2048 - 48 port gige)
+
|  
 
|-
 
|-
|16-17
+
| 8
|patch panel
+
|  
 
|-
 
|-
|11-15
+
| 9
|EMPTY
+
| EdgeRouter (biketrailer.noise)
 
|-
 
|-
|7-10
+
| 10
|pony
+
| cloud.noise
 
|-
 
|-
|5-6
+
| 11
|rack support for pony
+
| Power Strip
 
|-
 
|-
|4
+
| 12
|EMPTY
+
| UPS
|-
 
|1-3
 
|APC
 
 
|}
 
|}
  
== Switch Ports ==
 
=== switch1 ===
 
'''Linksys 48 port gige'''
 
  
This switch is all for vlan 1 (172.30.0.0/22)
+
* [[User:juul|juul]]'s banana pi storage server (two harddrives with heat-sinks strapped to a banana pi)
  
The yellow cable is the uplink to switch2
+
====Cyberpower UPS (Uninterrupted Power Supply)====
  
===switch2===
+
All the rack infra is plugged into the UPS. If the power goes out, the UPS will provide battery power and also beep.
{|border="1" cellspacing="0" cellpadding="5"
+
 
!Port
+
=====Administration=====
!Far end
+
 
|-
+
You can administrate the UPS through visiting http://cyber.noise on the Noisebridge wifi network, or by running pwrstat commands in the Pegasus machine (pegasus.noise)
|Fa0/1
+
 
|Sonic DSL modem (VLAN 20)
+
======Test======
|-
+
 
|Fa0/2
+
http://cyber.noise > Diagnostics > Test
|Monkeybrains Wireless CPE (VLAN 10)
+
 
|-
+
or run on pegasus:
|Fa0/3
+
<code>pwrstat -test</code>
|r00ter eth0 (VLAN 20)
+
 
|-
+
======Status======
|Fa0/4
+
 
|r00ter eth1 (gateway for vlan1) (VLAN 1)
+
http://cyber.noise/env_status.html
|-
+
 
|Fa0/5
+
or run on pegasus:
|minotaur.noisebridge.net (VLAN 20)
+
<code>pwrstat -status</code>
|-
+
 
|Fa0/6
+
= People's Open Network =
|pony.noisebridge.net (VLAN 20)
+
 
|-
+
There are several nodes from the [https://peoplesopen.net People's Open Network] located at Noisebridge.
|Fa0/7
+
 
|EMPTY (VLAN 1)
+
== Nodes administered by sudo mesh ==
|-
+
 
|Fa0/8
+
Here is a [https://sudomesh.org/ link to sudo mesh].
|Linksys uplink (VLAN 1)
+
 
|-
+
For info/assistance with these nodes you can contact info@sudoroom.org or ask on #peoplesopen.net on freenode IRC (try highlighting juul).
|Gi0/1
+
 
|Linksys uplink fiber (TODO) (VLAN 1)
+
There is a Western Digital My Net N600 (configured as a people's open net home node) mounted on the ceiling close to the pillar by the library (NBiblioteca). It is black with white sides and held to the ceiling by two red straps. This node is announcing the following SSIDs:
|}
 
  
== Network Diagram ==
+
* "peoplesopen.net 📡☠️": On 2.4 GHz channel 6. No password. All traffic routed through the sudo mesh VPN. Bandwidth limited to 50 mbits/sec.
OBSOLETE
+
* "peoplesopen.net 📡☠️ fast": On 5 GHz channel 157. No password. All traffic routed through the sudo mesh VPN. Bandwidth limited to 50 mbits/sec.
[[Image:2169_network_diagram-2010-04-09.png]]
+
* "admin 📡☠️": On 2.4 channel 6. Has password. Not VPN'ed or bandwidth limited. Used to manage the node.
 +
* "admin 📡☠️": On 2.4 channel 6 and 5 GHz channel 157. Has password. Not VPN'ed or bandwidth limited. Used to manage the node.
 +
* "pplsopen.net-node2node": Ad-hoc mode for meshing. On 2.4 channel 6 and 5 GHz channel 157. No password. Uses [https://github.com/jech/babeld babeld] for meshing. Talk to [https://sudomesh.org/ sudo mesh] for details.
  
== KVM ==
+
The My Net N600 gives out IPs on the 100.65.9.192/26 range which is within the wider People's Open Network range from 100.64.x.x-100.128.x.x
  
There is no KVM, but there are monitors and a keyboard dedicated to the machines in the rack. You can easily recognize it because it's covered in nail polish and you can't see the keycaps. The delete key is in the upper-right corner of the keyboard, which is handy to know if you want to get into the BIOS of the machines.
+
The My Net N600 is connected to the switch above the main hacking tables (the one that has the braid of multicolored ethernet cables coming out of it) using a normal ethernet cable. This is where it gets is internet. Another ethernet cable runs from the node to behind the bottom of the indoor roof ladder where it connects to the non-powered port on a PoE injector. From the powered port on the PoE a grounded and shielded outdoor cable travels to the roof where it connects to a NanoStation M2 pointing east which is broadcasting:
  
= Other uplink possibilities =
+
* "pplsopen.net-node2node": Ad-hoc mode for meshing. On 2.4 GHz channel 1. No password. Uses [https://github.com/jech/babeld babeld] for meshing. Talk to [https://sudomesh.org/ sudo mesh] for details.
* Metro fiber
+
* "peoplesopen.net noisebridge": Access point (master) mode. On 2.4 GHz channel 1. No password.
** [[User:Jof|jof]] called IPN for a rough estimate for construction of fiber to 83c. The sales representative's estimate would be between 90,000USD - 100,000USD for the initial buildout.
 
  
* Sonic.net ADSL2
+
The NanoStation M2 is connected using its PoE passthrough ethernet port to a NanoBridge M5, which is mounted on a pole next to it. Currently the passthrough is not enabled and that NanoBridge is off. This is because the PoE injector needs to be upgraded to a beefier unit that can power both the NanoStation and the NanoBridge at the same time.
** We have this, woot.
 
  
* WiMax
+
== Nodes administered by Max B ==
** Currently this hasn't been very seriously researched
 
  
* SFLan
+
The following was written by [[User:juul|juul]] who was not part of installing any of this gear nor does he have admin access (I'm just writing what I'm seeing).
 
''We may have line of sight to a node if we can bounce off of a local building. This hasn't been seriously researched. We may want to try to get roof access for antennas and should talk to our very quiet neighbors.''
 
  
''I was contacted by Matt Peterson about connecting.  I would be happy to do a site survey to see if you can hit the SFLAN or City wirless deployment from the Valencia Gardens development. That could get you 40Mb/s up and down. - Tim Pozar''
+
There is a Ubiquiti Bullet (not sure if M2 or M5) mounted out on the fire escape balcony with a high gain omni-directional antenna attached. This is connected via an outdoor shielded and grounded cable up over the side of the building and to a Western Digital My Net (N600 or N750, not sure) which is located in the metal box with the padlock on it. This node is not administered by sudo mesh. It is administered by Max B who is on the Noisebridge Slack.

Latest revision as of 13:38, 21 April 2019

If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

Free Public Wireless Networks

Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following networks are active:

  • Noisebridge
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 5 gHz only
  • Noisebridge
    • No password
    • Uplink through Monkeybrains gigabit laser
    • 802.11an 2.4 gHz only

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

Local Network Address Information

DHCP is offered automatically on the network, if that doesn't work for you here's some more static information...

  • IP Range: 10.20.0.90-10.20.0.94
  • Gateway: 10.20.0.1
  • Subnet: 255.255.254.0 (a "slash" /23)
  • DNS: 10.20.0.1,208.69.43.23,208.69.40.4,8.8.8.8

Dynamic DNS is provided by the router for DHCP clients on 10.20.0.1/23 which also provides name resolution of some local machines.

Development

Network Devices & Services

2169 Mission

Inkscape SVG diagram of physical layer connections

Uplinks

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof, it's a gigabit laser, think of fiber without the physical medium of glass. It is wired into the Monkeybrains NEMA box on the roof, and from there into our own NEMA box in which we house a managed switch. From there the cable enters into the space through the ladder chute in the fox lounge and runs to the rack where it enters the switchboard at port 48. Port 48 is a second redundant run that follows the same path from the rack back to our NEMA box for future projects.

SFBroadband / City of SF / Internet Archive

NB: As of September 2017 this section is out of date. If you're interested in reviving this radio link hit up Patrick

We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.

There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.

I want to help!

Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the [rack mailing list https://www.noisebridge.net/mailman/listinfo/rack].

Router

Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution). While the router does provide PoE, it is non-standard passive Ubiquiti PoE which you should avoid using.

The machines currently provides

  * NAT
  * DHCPD
  * DNS (dnsmasq) - .noise local TLD and recursive proxy

Access is via SSH with keys and a https web interface.

Address Allocations

WAN - Monkeybrains - 192.195.83.128/29

  • Address range: 192.195.83.129-134
  • Gateway: 192.195.83.129
  • DNS: 208.69.43.23, 208.69.40.4
  • Subnet Mask: 255.255.255.248

Addresses

IP DNS Info
192.195.83.130 cycletrailer.noisebridge.net EdgeRouter ER-4
192.195.83.131 Unused
192.195.83.132 Unused
192.195.83.133 zeppelin.noisebridge.net 1:1 NAT
192.195.83.134 pegasus.noisebridge.net 1:1 NAT

Uplink Management - 10.19.0.0/24

IP DNS (.noise) Info
10.19.0.1 cycletrailer EdgeRouter ER-4
10.19.0.5 roofswitch ToughSwitch/EdgeSwitch 8 port

LAN - 10.20.0.0/16

10.20.0.0 - 0.89 Statically address services

Note: This is not a /24 subnet! The netmask is a /16.

IP DNS (.noise) Info
10.20.0.1 cycletrailer EdgeRouter ER-4
10.20.0.4 edgeswitch Ubiquiti EdgeSwitch POE+
10.20.0.5 unifi Unifi Cloud Key
10.20.0.6 cyber CyberPower UPS
10.20.0.10 earl Raspberry Pi
10.20.0.11 west-ap Unifi AP
10.20.0.12 church-ap Unifi AP
10.20.0.13 center-ap Unifi AP
10.20.0.14 sparkle-ap Unifi AP
10.20.0.15 flaschen-ap Unifi AP
10.20.0.22 pegasus Mini Server
10.20.0.23 entropi Raspberry Pi (Power monitoring)
10.20.0.25 noisebridge-printer-brother
10.20.0.33 cloud nextcloud file share (cloud.noise / share.noise)
10.20.0.39 power-monitor
10.20.0.40 ??? Unknown (to me) raspberry-pi, b8:27:eb:cf:d9:27
10.20.0.41 noisebridgebbs
10.20.0.42 ft Flaschen-Taschen
10.20.0.43 noisebridge-kiosk-1 / noiseboard
10.20.0.44 square Noisesquare table
10.20.0.45 bookcase LEDs on the library bookcase
10.20.0.46 zeppelin
10.20.0.47 Dell PowerConnect 2848 switch in rack (removed due to suspect arp behaviour)
10.20.0.49 Open Lighting Controller (Hackitorium)
10.20.0.50 QLC+ Lighting Controller

10.20.0.90 - 0.94

  • Available for adhoc manual IP address configurations.

10.20.1.0 - 9.254

  • DHCP-assigned, user-access IP space

IPv6

We would like to setup IPv6, some day.

Machine Rack

The rack sits on the South wall, it's small and up high to discourage people from messing with it or installing things in it. The internet works, please leave the box alone.

Can I install/setup boxes on Noisebridge's network?

Short answer

No.

Long answer

Noisebridge is here to provide infrastructure for creative projects. We're really good at some things. One thing we suck at is administrating boxes setup on our network. They eat power, internet, the attention span of volunteers, and people who set them up generally are bad at communicating later on down the line when something breaks or a machine magically appears.

Noisebridge network infrastructure policy is as such:

  • Critical infrastructure machines (like our access control system): Low power ok!
  • Machines for classes that cannot be hosted on the internet: Low power ok!
  • Personal machines: NO!
  • High power machines: NO!
  • Bitcoin miners: NO!
  • Torrent boxes: NO!
  • Everything else: NO!

If a machine gets setup on the network without first getting an ok from the rack list, it will be unplugged and thrown in the trash. Please don't host your box at Noisebridge. We can't afford it. Thanks for understanding.

Rack setup

Rack-front.jpg
RU Item
1-2 Patch Panel
3 TrendNet Unmanaged Switch
4 Ubiquiti EdgeSwitch
5 pegasus.noise
6-7 Shelf with zepplin.noise
7
8
9 EdgeRouter (biketrailer.noise)
10 cloud.noise
11 Power Strip
12 UPS


  • juul's banana pi storage server (two harddrives with heat-sinks strapped to a banana pi)

Cyberpower UPS (Uninterrupted Power Supply)

All the rack infra is plugged into the UPS. If the power goes out, the UPS will provide battery power and also beep.

Administration

You can administrate the UPS through visiting http://cyber.noise on the Noisebridge wifi network, or by running pwrstat commands in the Pegasus machine (pegasus.noise)

Test

http://cyber.noise > Diagnostics > Test

or run on pegasus: pwrstat -test

Status

http://cyber.noise/env_status.html

or run on pegasus: pwrstat -status

People's Open Network

There are several nodes from the People's Open Network located at Noisebridge.

Nodes administered by sudo mesh

Here is a link to sudo mesh.

For info/assistance with these nodes you can contact info@sudoroom.org or ask on #peoplesopen.net on freenode IRC (try highlighting juul).

There is a Western Digital My Net N600 (configured as a people's open net home node) mounted on the ceiling close to the pillar by the library (NBiblioteca). It is black with white sides and held to the ceiling by two red straps. This node is announcing the following SSIDs:

  • "peoplesopen.net 📡☠️": On 2.4 GHz channel 6. No password. All traffic routed through the sudo mesh VPN. Bandwidth limited to 50 mbits/sec.
  • "peoplesopen.net 📡☠️ fast": On 5 GHz channel 157. No password. All traffic routed through the sudo mesh VPN. Bandwidth limited to 50 mbits/sec.
  • "admin 📡☠️": On 2.4 channel 6. Has password. Not VPN'ed or bandwidth limited. Used to manage the node.
  • "admin 📡☠️": On 2.4 channel 6 and 5 GHz channel 157. Has password. Not VPN'ed or bandwidth limited. Used to manage the node.
  • "pplsopen.net-node2node": Ad-hoc mode for meshing. On 2.4 channel 6 and 5 GHz channel 157. No password. Uses babeld for meshing. Talk to sudo mesh for details.

The My Net N600 gives out IPs on the 100.65.9.192/26 range which is within the wider People's Open Network range from 100.64.x.x-100.128.x.x

The My Net N600 is connected to the switch above the main hacking tables (the one that has the braid of multicolored ethernet cables coming out of it) using a normal ethernet cable. This is where it gets is internet. Another ethernet cable runs from the node to behind the bottom of the indoor roof ladder where it connects to the non-powered port on a PoE injector. From the powered port on the PoE a grounded and shielded outdoor cable travels to the roof where it connects to a NanoStation M2 pointing east which is broadcasting:

  • "pplsopen.net-node2node": Ad-hoc mode for meshing. On 2.4 GHz channel 1. No password. Uses babeld for meshing. Talk to sudo mesh for details.
  • "peoplesopen.net noisebridge": Access point (master) mode. On 2.4 GHz channel 1. No password.

The NanoStation M2 is connected using its PoE passthrough ethernet port to a NanoBridge M5, which is mounted on a pole next to it. Currently the passthrough is not enabled and that NanoBridge is off. This is because the PoE injector needs to be upgraded to a beefier unit that can power both the NanoStation and the NanoBridge at the same time.

Nodes administered by Max B

The following was written by juul who was not part of installing any of this gear nor does he have admin access (I'm just writing what I'm seeing).

There is a Ubiquiti Bullet (not sure if M2 or M5) mounted out on the fire escape balcony with a high gain omni-directional antenna attached. This is connected via an outdoor shielded and grounded cable up over the side of the building and to a Western Digital My Net (N600 or N750, not sure) which is located in the metal box with the padlock on it. This node is not administered by sudo mesh. It is administered by Max B who is on the Noisebridge Slack.