Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
(102 intermediate revisions by 40 users not shown)
Line 7: Line 7:
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''


''As much as anyone volunteering at the space could state that we (Noisebridge) can provide you with a secure web browsing experience, this view may not be reflected over all of its members and participants (which is the actual case). Please take our advice and services with a grain of salt and understand that the only sure secure network is one that you setup and operate yourself.''
== Free Public Wireless Networks ==
Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.


''Thank you for reading, please continue now on creating interesting things.''
The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.


--[[User:Rubin110|rubin110]] 05:48, 25 December 2010 (UTC)
The following networks are active:
* '''Noisebridge'''
** No password
** Uplink through Sonic.net and Monkeybrains
** 802.11gn 2.4 gHz and 802.11an 5 gHz, your wifi device decides which network is the best for it and roams accordingly
* '''Noisebridge 5g'''
** No password
** Uplink through Sonic.net and Monkeybrains
** 802.11an 5 gHz only


== Wireless networks ==
== Wired network ==
=== Free Open Unsecure Wifi ===
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).
Noisebridge generally has two or more unencrypted open wifi access points available for your use. If you can see the "noisebridge-a" network, congratulations, you have an 802.11a-compatible card and should use this network as it is better faster and stronger than the others. If you cannot see noisebridge-a, either it is not working or you do not have an 802.11a card. You probably have an 802.11g card. Hopefully you can see the "noisebridge" network, which is the one you should use in that case. Like any public network, you should regard noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions.
 
The following networks are active at 2169 now:
* '''noisebridge''' - No encryption, NATted via the Sonic.net and Monkeybrains links, 802.11bg
* '''noisebridge-a''' - No encryption, NATted via the Sonic.net and Monkeybrains links, 802.11a
* '''noisebridge-tor''' - No encryption, all traffic transparently proxied through tor.
 
=== Free Encrypted Unsecure Wifi ===
There are sometimes "secure" or encrypted wireless networks running at Noisebridge for research purposes. Please do not assume that these networks are in any way safer than an open network is; they are not.
 
Encrypted wireless only means that anything transmitted between your laptop and the Wifi access point is encrypted. '''This does not guarantee security or privacy at all.''' Someone malicious could simply sit in between the "internet" and the Wifi access point and sniff all of your traffic after the access point unencrypts it, or they can simply figure out how the encryption functions and sit in on what your transmitting, or you use an encryption method that is already broken. In any case, '''using an encrypted Wifi network does not provide any useful security benefits at Noisebridge.'''
 
In most cases you may encounter more problems trying to get "online" through one of the encrypted networks then using one of the open ones.
 
* '''[[Noisebridge WEP]]''' - Password: noisebridge
* '''[[Noisebridge WPA]]''' - Password: noisebridgewpa
* '''[[Noisebridge WPA2]]''' - Password: noisebridgewpa2


== DNS ==
== DNS ==
Line 47: Line 39:
= 2169 Mission =
= 2169 Mission =


== DSL Circuit ==
== Uplinks ==
=== DSL Circuit ===


There is a Sonic.net Fusion ADSL2+ DSL connection in the building.  The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth (Tea Room).  The CPE is a Motorola 2210 ADSL2+ and is just outside the Tea Room on the floor.  The admin password is the serial number, written on the bottom.   
There is a Sonic.net Fusion ADSL2+ DSL connection in the building.  The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth (Tea Room), then over to the Wall o' Tubes.  The CPE is a Motorola 2210 ADSL2+.  The admin password is the serial number, written on the bottom.   


The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88 - 75.101.62.95.  Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively.  The gateway is 75.101.62.1.
The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88 - 75.101.62.95.  Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively.  The gateway is 75.101.62.1.
Line 72: Line 65:
[http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02-10NA-UserGuide.pdf Motorola 2210 User Guide]
[http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02-10NA-UserGuide.pdf Motorola 2210 User Guide]


== Routers ==
=== Monkeybrains Wireless Link ===
Currently, DHCPd is handing out a default gateway (172.30.0.3) that floats between r00ter and gorilla for automatic ISP failover.
We have a point-to-point wireless link to Monkeybrains on the roof. It comes down through the Dirty Shop skylight and runs in to the server closet.
===r00ter===
The Sonic.net router is a Soekris net4801 (hostname: "r00ter") running OpenBSD with some modifications to support running with a flash-backed root filesystem.  Its WAN address is 75.101.62.88/24 and its LAN address is 172.30.0.1.  Access is via SSH with a key.


DHCP and DNS services are being provided by r00ter as well: it has a DNS forwarder (dnsmasq), and dhcpd spits out addresses from 172.30.0.0/22 (172.30.0.200 and up).
=== SFBroadband / City of SF / Internet Archive ===


===gorilla===
We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.
The router for our Monkeybrains link (hostname: "gorilla") is also a Soekris running a similar OpenBSD installation. Access is via SSH with a key.


== Address Allocations ==
There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.
The reserved address allocations are:


===75.101.62.88/29 from Sonic.net===
== Access Control==
We have a range within the encompassing /24: 75.101.62.{88..95}


* .88 - router ("r00ter")
Most hardware is set to use the most guessable logins and passwords possible. If you're interested in logging in, just make some guesses as to what the login can be. Use your favorite search engine. Poke around. Hack.
* .89 - pony
* .90 - stallion
* .91 - ChaosVPN la fonera eth0.1
* .92 - ops (console server)
* .93 - [[Noise-Bot|MC Hawking -- The Wheelchair Robot]]
* .94 - Unallocated
* .95 - Unallocated


===172.30.0.0/22 ("inside" network)===
Experience the thrill of guessing a password that just works.
====172.30.0.0/25 (.1 - .127) Statically-addressed things====


* .1 - r00ter, main soekris router connected to the sonic.net DSL
== Router ==
* .2 - gorilla, soekris router hooked up the monkeybrains link
Bikeshed is our humble router. It is a Soekris running Vyatta(a Linux-based router distribution).
* .3 - CARP interface for r00ter and gorilla
* .4 - ops, console server and network troubleshooting/monitoring box
* .5 - PS3 (goat), usually powered down to save power
* .6 - treechopper, [http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl07288/bpl07288.pdf|HP Laserjet 5Si MX] (working, not hosed)
* .7 - OpenGear IP Power 9258 in supply closet (power1)
* .8 - Dell switch (switch1)
* .9 - Cisco Catalyst 2940 in Susan the Rack, unit 24 (switch2)
* .10 - stallion
* .11 - ChaosVPN la fonera internal interface (br-lan)
* .12 - [http://www.ubnt.com/powerstation Powerstation 5] 802.11a (ap3, above the supply closet)
* .13 - Cisco Aironet 1100 series (ap2, above the supply closet)
* .14 - Cisco Aironet 1100 series (ap4, above the Eastern windows)
* .15 - Cisco Catalyst 3500 XL (switch3)
* .16 - Cisco Catalyst 3512 XL (switch4)
* .17 - Cisco Aironet 1220B (wbr1)
* .18 - Cisco Aironet 1220B (wbr2)
* .30 - [[Pony]], main sandbox server
* .31 - [[Touch_Panels|Touchpanel]] by the door
* .32 - [[Touch_Panels|Touchpanel]] by the bar
* .33 - Red Payphone (Linksys PAP2)
* .34 - Linux Study Group Linksys BBEFS41 Router
* .35 - Cisco IP Phone
* .41 - [[Zebra]], Rebar and jukebox, Brother print server
* .42 - [[Ass]], greeting terminal
* .43 - Cisco SIP Phone
* .44 - [[Horsy]]. media center
* .49 - Pantheon, Isky's Windows box/print server
* .50 - [[Noise-Bot|MC Hawking -- The Wheelchair Robot]]


====172.30.0.128/25, 172.30.1.0/24, 172.30.2.0/24, 172.30.3.0/24====
The machines currently provides
* DHCP-assigned, user-access IP space
  * dhcpd
  * DNS (dnsmasq) - .noise local TLD and recursive proxy
  * Automatic loadbalancing and ailover between Sonic DSL and monkeybrains


===172.30.4.0/24 (Tor-ified network)===
Access is via SSH with keys.


Note that 172.30.4.1 transparently proxies TCP connections via privoxy to tor.
=== Salient configuration ===
* It is configured to fail over between DSL and Monkeybrains as conditions warrant.
* It is configured with traffic shaping to prevent individual users from sucking up all the tubes.


* .1 - "torbridge" interface on pony
If you have questions about these particular points of configuration, email rack. Nothing is particularly complicated.
* .2 - "noisebridge-tor" access point.
* .10 - .254 -- Tor-ified clients (served by DHCP)


=== 10.100.4.0/23 ChaosVPN Range ===
== Address Allocations ==
* Network in the ChaosVPN
The reserved address allocations are:
** Has yet to be setup. In the future, we may join the network so that we can route to other hackerspaces
* [http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ip_ranges ChaosVPN Wiki]


=== IPv6 ===
===75.101.62.88/29 from Sonic.net===
We have a range within the encompassing /24: 75.101.62.{88..95}


We have IPv6 support on the DSL circuit via a tunnel provided by sonic.net. Some details on how to get the OpenBSD-based flashrd distribution on the routers to tunnel correctly can be found on the [[Flashrd]] page.
* .88 - biketrailer
* .89 - pony.noisebridge.net
* .90 - stallion.noisebridge.net
* .91 - ChaosVPN la fonera eth0.1
* .92 - minotaur.noisebridge.net
* .93 - Unallocated
* .94 - Unallocated
* .95 - Mode-S Equipment (various port-NATings)


Note that using IPv6 in some situations can result in people knowing what model of computer you have and the network card's serial number, because of the way IPv6 stateless address configuration works. If this is a concern, tell your computer not to use IPv6. Ask around Noisebridge if you need help or want more details.
===10.20.0.0/22 ("inside" network)===
====10.20.0.0 - 100 Statically-addressed things====


==== 2001:5a8:4:5630::/60 ====
''Note: This is '''not''' a /24 subnet! The netmask is a /23.''


This is the IPv6 subnet assigned to us by sonic. We only use the bottom /64 of this /60 so automatic address configuration works right; the other 15/16s of the address space are intentionally wasted. r00ter hands out IPv6 router advertisements for this subnet directly. They're directly routable, but unsolicited incoming traffic is blocked by the firewall to protect the users. This means you can't run an IPv6 server on our IPv6 subnet, but you can connect to other machines on the IPv6 Internet just fine. If you really need to run an IPv6 server for some reason, consider using Teredo.
* .0.2 - biketrailer
* .0.3 - pony
* .0.4 - minotaur - console server and network troubleshooting/monitoring box
* .0.5 - roof switch
* .0.8 - Primary switch - Netgear GS724Tv2
* .0.11 - West AP, DHCP mapped
* .0.12 - Crutch AP, DHCP mapped
* .0.22 - [[Pegasus]]
* .0.52 - bunny (Bullion Mode-S receiver on the roof)
* .0.53 - ronin (white Atom works with bunny, lives in Susan the Rack)
* .0.54 - st01-noisebridge-sfo (sfwireless.org Ubiquiti Nanobridge M5 on the roof. Currently aimed at Twin Peaks.)


== OOB Management ==
====10.20.0.101 - 1.254====
* DHCP-assigned, user-access IP space


{|border="1" cellspacing="0" cellpadding="5"
!Device
!Where
|-
|gorilla
|ops /dev/ttyS0
|-
|r00ter
|ops /dev/ttyS1
|-
|pony
|ops /dev/ttyS2
|-
|stallion
|ops /dev/ttyS3
|-
|modem
|ops /dev/ttyS5
|-
|}


=== Dial Backup ===
=== IPv6 ===


There is a modem connected to 415 800 6786 which you can call to talk to an mgetty process on the ops machine. This may be handy if the upstream Internet connections aren't working or you locked yourself out by accident. Please don't dial out on the modem, it costs money. Inbound calls on that circuit are free.
Note: This is not currently implemented. The addresses are correct, though. Someday...


== IP PDU ==
We have IPv6 support on the DSL circuit via a tunnel provided by sonic.net.  The tunnel address is 2001:05a8:0:1::0ac6/127 , if it needs to be reconfigurated.


There is an IP PDU (model "IP 9258") at 172.30.0.7 which can be used to power cycle some of the devices in Susan the Rack.
==== 2001:5a8:4:5630::/60 ====


To change the state of the power ports, you'll need to telnet in and run "setpower=11000000". Each index represents a port, "1" is on and "0" is off.
This is the IPv6 subnet assigned to us by sonic. We configure the first /64 in this /60 so that autoconfiguration works. biketrailer hands out IPv6 router advertisements for this subnet directly, and your machine will SLAAC its way to ipv6 goodness. They're directly routable, but unsolicited incoming traffic is blocked by the firewall to protect the users.  This means you can't run an IPv6 server on our IPv6 subnet, but you can connect to other machines on the IPv6 Internet just fine.
 
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Device
|-
|1
|s2
|-
|2
|pony
|-
|3
|Power Strip with: Stallion, Sonic.net DSL Modem, and r00ter
|-
|4
|gorilla
|}


== Machine Rack ==
== Machine Rack ==


The rack of machines and switches is counted by U, from the bottom, starting from "1".
The rack of machines and switches is counted by U, from the top, starting from "1".


{|border="1" cellspacing="0" cellpadding="5"
{|border="1" cellspacing="0" cellpadding="5"
Line 215: Line 150:
!Device
!Device
|-
|-
|24
|1-2
|small stuff - soekrises, switch2.noise, ops
|-
|23
|unused
|-
|21-22
|switch5.noise (WS-C3550-12T)
|-
|19-20
|patch panel
|patch panel
|-
|18
|switch3.noise (12-port Cisco Cat. 3500 XL)
|-
|17
|switch1
|-
|16-15
|Unused
|-
|14
|hammer - aestetix
|-
|12-13
|unused
|-
|7-11
|pony
|-
|5-6
|rack support for pony
|-
|4
|s2
|-
|1-3
|APC
|}
== Switch Ports ==
=== switch1 ===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far End
|-
|1
| --
|-
|2
| --
|-
|3
| --
|-
|4
| --
|-
|5
| --
|-
|6
| --
|-
|7
| --
|-
|8
| --
|-
|9
| --
|-
|10
| --
|-
|11
| --
|-
|12
| --
|-
|13
| --
|-
|14
| --
|-
|15
| --
|-
|16
| --
|-
|17
| --
|-
|18
| --
|-
|19
| --
|-
|20
| --
|-
|21
| --
|-
|22
| --
|-
|23
| --
|-
|24
| --
|-
|g0/1
|-
|g0/2
|switch5 g0/10
|-
|}
===switch2.noise===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far end
|-
|1
|Uplink to switch1 (VLAN 1)
|-
|2
|Fa0/1.switch3 (IEEE 802.1Q trunk, VLANs 1,10,20,702)
|-
|-
|3
|3
|Monkeybrains Wireless CPE (VLAN 10)
|Netgear G724Tv2 switch
|-
|4
|Sonic.net ADSL2+ Modem/CPE (VLAN 20)
|-
|-
|5
|5
|sis0.router (Sonic.net) (VLAN 20)
|Shelf with Bikeshed and POE injectors
|-
|6
|sis1.gorilla (VLAN 10)
|-
|-
|7
|7
|sis1.router (VLAN 1)
|Minotaur
|-
|-
|8
|Bottom
|sis0.gorilla (VLAN 1)
|APC UPS
|}
|}
===switch3.noise===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far end
|-
|1
|fa0/2.switch2 (IEEE 802.1Q Trunk, VLANs 1,10,20,702)
|-
|2
|ops.noise. Atom-based console server. (VLAN 1)
|-
|5
|noisebridge-tor AP (VLAN 702)
|-
|6
|ap4 (VLAN 1)
|-
|7
|ap3 (VLAN 1)
|-
|8
|ap2 (VLAN 1)
|-
|9
|free
|-
|10
|eth1.pony (IEEE 802.1Q Trunk, VLANs 1,702)
|-
|11
|eth0.pony (VLAN 20)
|-
|12
|stallion.noise frontend (VLAN 20)
|-
|g0/1
|switch5 g0/11
|-
|g0/2
|-
|}
=== switch5 ===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far End
|-
|g0/1
|stallion eth0
|-
|g0/2
|DJ booth
|-
|g0/3
| --
|-
|g0/4
| --
|-
|g0/5
| --
|-
|g0/6
| --
|-
|g0/7
| --
|-
|g0/8
| --
|-
|g0/9
| --
|-
|g0/10
|switch1 g2
|-
|g0/11
|switch3 g0/1
|-
|g0/12
| --
|-
|}
== Network Diagram ==
[[Image:2169_network_diagram-2010-04-09.png]]
== KVM ==
There is no KVM, but there are monitors and a keyboard dedicated to the machines in the rack.  You can easily recognize it because it's covered in nail polish and you can't see the keycaps.  The delete key is in the upper-right corner of the keyboard, which is handy to know if you want to get into the BIOS of the machines.
= Other uplink possibilities =
* Metro fiber
** [[User:Jof|jof]] called IPN for a rough estimate for construction of fiber to 83c. The sales representative's estimate would be between 90,000USD - 100,000USD for the initial buildout.
* Sonic.net ADSL2
** We have this, woot.
* WiMax
** Currently this hasn't been very seriously researched
* SFLan
''We may have line of sight to a node if we can bounce off of a local building. This hasn't been seriously researched. We may want to try to get roof access for antennas and should talk to our very quiet neighbors.''
''I was contacted by Matt Peterson about connecting.  I would be happy to do a site survey to see if you can hit the SFLAN or City wirless deployment from the Valencia Gardens development.  That could get you 40Mb/s up and down. - Tim Pozar''

Revision as of 19:14, 8 May 2015

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

Free Public Wireless Networks

Noisebridge has two open wifi networks available for your use. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

The wifi and internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following networks are active:

  • Noisebridge
    • No password
    • Uplink through Sonic.net and Monkeybrains
    • 802.11gn 2.4 gHz and 802.11an 5 gHz, your wifi device decides which network is the best for it and roams accordingly
  • Noisebridge 5g
    • No password
    • Uplink through Sonic.net and Monkeybrains
    • 802.11an 5 gHz only

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

DNS

Dynamic DNS is provided by the nat machine for DHCP clients on 172.30.0.30/22. Resolution of machines with static addresses is done by ipv4 or ipv6 mDNS and dynamic DNS entries on the nat machine from the DHCP service.

Development

Network Devices & Services

2169 Mission

Uplinks

DSL Circuit

There is a Sonic.net Fusion ADSL2+ DSL connection in the building. The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth (Tea Room), then over to the Wall o' Tubes. The CPE is a Motorola 2210 ADSL2+. The admin password is the serial number, written on the bottom.

The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88 - 75.101.62.95. Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively. The gateway is 75.101.62.1.

The default CPE settings are not correct for our circuit configuration. From a factory reset, do the following to configure the CPE:

  1. Configure a computer for 192.168.1.253/24.
  2. Connect the computer to the DSL CPE.
  3. Power cycle the DSL CPE.
  4. Connect to 192.168.1.254 using your web browser.
  5. You will be prompted to set a password, use the serial number on the bottom of the DSL CPE.
  6. Get into expert mode.
  7. Under configure->connections, set the following:
    1. VPI: 0
    2. VCI: 35
    3. Protocol: Bridged Ethernet LLC/SNAP
    4. Bridging: on
  8. Under configure->DHCP server, set the following:
    1. DHCP Server Enabled: unchecked
  9. Save and reboot.

Motorola 2210 User Guide

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof. It comes down through the Dirty Shop skylight and runs in to the server closet.

SFBroadband / City of SF / Internet Archive

We have a wireless point-to-point path up to Twin Peaks that connects up to a city-owned and volunteer-run IP transit network. Currently, we're hitting the dish off of the side and have a pretty terrible connection. For now, this network path is mostly only usable as a backup path.

There is a router in our wireless CPE hardware (st01-noisebridge-sfo) that connects up to the Noisebridge network and terminates as 172.30.0.54 on the "Inside / Internal" network. Set your default route via this IP to try the other path.

Access Control

Most hardware is set to use the most guessable logins and passwords possible. If you're interested in logging in, just make some guesses as to what the login can be. Use your favorite search engine. Poke around. Hack.

Experience the thrill of guessing a password that just works.

Router

Bikeshed is our humble router. It is a Soekris running Vyatta(a Linux-based router distribution).

The machines currently provides

  * dhcpd
  * DNS (dnsmasq) - .noise local TLD and recursive proxy
  * Automatic loadbalancing and ailover between Sonic DSL and monkeybrains

Access is via SSH with keys.

Salient configuration

  • It is configured to fail over between DSL and Monkeybrains as conditions warrant.
  • It is configured with traffic shaping to prevent individual users from sucking up all the tubes.

If you have questions about these particular points of configuration, email rack. Nothing is particularly complicated.

Address Allocations

The reserved address allocations are:

75.101.62.88/29 from Sonic.net

We have a range within the encompassing /24: 75.101.62.{88..95}

  • .88 - biketrailer
  • .89 - pony.noisebridge.net
  • .90 - stallion.noisebridge.net
  • .91 - ChaosVPN la fonera eth0.1
  • .92 - minotaur.noisebridge.net
  • .93 - Unallocated
  • .94 - Unallocated
  • .95 - Mode-S Equipment (various port-NATings)

10.20.0.0/22 ("inside" network)

10.20.0.0 - 100 Statically-addressed things

Note: This is not a /24 subnet! The netmask is a /23.

  • .0.2 - biketrailer
  • .0.3 - pony
  • .0.4 - minotaur - console server and network troubleshooting/monitoring box
  • .0.5 - roof switch
  • .0.8 - Primary switch - Netgear GS724Tv2
  • .0.11 - West AP, DHCP mapped
  • .0.12 - Crutch AP, DHCP mapped
  • .0.22 - Pegasus
  • .0.52 - bunny (Bullion Mode-S receiver on the roof)
  • .0.53 - ronin (white Atom works with bunny, lives in Susan the Rack)
  • .0.54 - st01-noisebridge-sfo (sfwireless.org Ubiquiti Nanobridge M5 on the roof. Currently aimed at Twin Peaks.)

10.20.0.101 - 1.254

  • DHCP-assigned, user-access IP space


IPv6

Note: This is not currently implemented. The addresses are correct, though. Someday...

We have IPv6 support on the DSL circuit via a tunnel provided by sonic.net. The tunnel address is 2001:05a8:0:1::0ac6/127 , if it needs to be reconfigurated.

2001:5a8:4:5630::/60

This is the IPv6 subnet assigned to us by sonic. We configure the first /64 in this /60 so that autoconfiguration works. biketrailer hands out IPv6 router advertisements for this subnet directly, and your machine will SLAAC its way to ipv6 goodness. They're directly routable, but unsolicited incoming traffic is blocked by the firewall to protect the users. This means you can't run an IPv6 server on our IPv6 subnet, but you can connect to other machines on the IPv6 Internet just fine.

Machine Rack

The rack of machines and switches is counted by U, from the top, starting from "1".

"U"/Unit Device
1-2 patch panel
3 Netgear G724Tv2 switch
5 Shelf with Bikeshed and POE injectors
7 Minotaur
Bottom APC UPS