Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
No edit summary
 
(233 intermediate revisions by 63 users not shown)
Line 1: Line 1:
== [[Network Troubleshooting]] ==
{{network}}
{{blackbox}}[[File:Nbrack.png|400px|right]]
You are standing beneath Noisebridge's network rack on the wall in the [[Hackitorium]].


Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.
You see a "Noisebridge has an open WiFi network" sign.


== DNS ==
'''EXITS:''' [[Hackitorium]], [[Roll up door]]
{{cursorboxend}}
{{headerbox}}
'''The open WiFi networks''' are free to all at Noisebridge. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.
{{boxend}}


Dynamic DNS is provided by the nat machine for DHCP clients on 172.30.0.30/24.  Resolution of machines with static addresses is done by ipv4 or ipv6 mDNS and dynamic DNS entries on the nat machine from the DHCP service.
== Free Public Wireless Networks ==
The WiFi and Internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.


== Wireless networks ==
The following wireless networks (SSIDs) are active:
* '''Noisebridge Cap'''
** No password
** 802.11g/n/ac 2.4 and 5 gHz
** This is a temporary SSID set up for use during the move until the long term equipment is set up.


The following networks are active at 2169 now:
If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.
* '''noisebridge''' - No encryption, NATted via the Monkeybrains link, 802.11bg
* '''noisebridge-a''' - No encryption, NATted via the Monkeybrains link, 802.11a


== Development ==
__TOC__
* See [[Network/testing]].


==Network Devices & Services==
== [[Network Troubleshooting]] ==
* [[Music]]
* [[Printers]]
* [[Infrastructure]]


= 2169 Mission =
Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.


== DSL Circuit ==
== Network Security Disclaimer ==


There is a Sonic.net Fusion ADSL2+ DSL connection in the building. The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth (Tea Room). The CPE is a Motorola 2210 ADSL2+ and is just outside the Tea Room on the floor.  The admin password is the serial number, written on the bottom.
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''


The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88 - 75.101.62.95.  Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively.  The gateway is 75.101.62.1.
See [[Security]] for tips on maintaining your own security.


The default CPE settings are not correct for our circuit configuration. From a factory reset, do the following to configure the CPE:
== Wired network ==
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).


# Configure a computer for 192.168.1.253/24.
== Local Network Address Information ==
# Connect the computer to the DSL CPE.
DHCP is offered automatically on the network. Currently the IP range is as follows:
# Power cycle the DSL CPE.
# Connect to 192.168.1.254 using your web browser.
# You will be prompted to set a password, use the serial number on the bottom of the DSL CPE.
# Get into expert mode.
# Under configure->connections, set the following:
## VPI: 0
## VCI: 35
## Protocol: Bridged Ethernet LLC/SNAP
## Bridging: on
# Under configure->DHCP server, set the following:
## DHCP Server Enabled: unchecked
# Save and reboot.


[http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02-10NA-UserGuide.pdf Motorola 2210 User Guide]
* IP Range: 10.21.0.1-10.21.1.254
* Gateway: 10.21.0.1
* Subnet: 255.255.'''254'''.0 (a "slash" /23)
* DNS: 10.21.0.1, 1.1.1.1


== Routers ==
==Network Devices & Services==
Currently, DHCPd is handing out a default gateway (172.30.0.3) that floats between r00ter and gorilla for automatic ISP failover.
* [[Music]]
===r00ter===
* [[2D Paper Printer]]
The Sonic.net router is a Soekris net4801 (hostname: "r00ter") running OpenBSD with some modifications to support running with a flash-backed root filesystem.  Its WAN address is 75.101.62.88/24 and its LAN address is 172.30.0.1.  Access is via SSH with a key.
* [[Infrastructure]]
 
DHCP and DNS services are being provided by r00ter as well: it has a DNS forwarder (dnsmasq), and dhcpd spits out addresses from 172.30.0.0/22 (172.30.0.200 and up).


===gorilla===
The router for our Monkeybrains link (hostname: "gorilla") is also a Soekris running a similar OpenBSD installation. Access is via SSH with a key.


== Address Allocations ==
== Uplinks ==
The reserved address allocations are:
=== Monkeybrains Wireless Link ===
We have a point-to-point wireless link to Monkeybrains on the roof, it's a microwave dish on the roof at the front of the building.


===75.101.62.88/29 from Sonic.net===
==I want to help!==
We have a range within the encompassing /24: 75.101.62.{88..95}
Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the #rack channel in the Noisebridge Slack.


* .88 - router ("r00ter")
== Router ==
* .89 - pony
* .90 - stallion
* .91 - ChaosVPN la fonera eth0.1
* .92 - ops (console server)
* .93 - Unallocated
* .94 - Unallocated
* .95 - Unallocated


===172.30.0.0/22 ("inside" network)===
Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution).
====172.30.0.0/25 (.1 - .127) Statically-addressed things====


* .1 - r00ter, main soekris router connected to the sonic.net DSL
The machines currently provides
* .2 - gorilla, soekris router hooked up the monkeybrains link
  * NAT
* .3 - CARP interface for r00ter and gorilla
  * DHCPD
* .4 - ops, console server and network troubleshooting/monitoring box
  * DNS (dnsmasq) - <s>local TLD and</s> recursive proxy
* .5 - PS3 (goat), usually powered down to save power
* .6 - treechopper, [http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl07288/bpl07288.pdf|HP Laserjet 5Si MX] (working, not hosed)
* .7 - OpenGear IP Power 9258 in supply closet (power1)
* .8 - Dell switch (switch1)
* .9 - Cisco Catalyst 2940 in Susan the Rack, unit 24 (switch2)
* .10 - stallion
* .11 - ChaosVPN la fonera internal interface (br-lan)
* .12 - [http://www.ubnt.com/powerstation Powerstation 5] 802.11a (ap3, above the supply closet)
* .13 - Cisco Aironet 1100 series (ap2, above the supply closet)
* .14 - Cisco Aironet 1100 series (ap4, above the Eastern windows)
* .15 - Cisco Catalyst 3500 XL (switch3)
* .16 - Cisco Catalyst 3512 XL (switch4)
* .30 - [[Pony]], main sandbox server
* .31 - Touchpanel by the door
* .32 - Touchpanel by the bar
* .33 - Red Payphone (Linksys PAP2)
* .34 - Linux Study Group Linksys BBEFS41 Router
* .41 - [[Zebra]], Rebar and jukebox, Brother print server
* .42 - [[Ass]], greeting terminal
* .43 - Cisco SIP Phone
* .44 - [[Horsy]]. media center
* .49 - Pantheon, Isky's Windows box/print server


====172.30.0.128/25, 172.30.1.0/24, 172.30.2.0/24, 172.30.3.0/24====
Access is via SSH with keys and a https web interface.
* DHCP-assigned, user-access IP space


===172.30.4.0/24 (Tor-ified network)===
Access the router UI over https at 10.21.0.1.


Note that 172.30.4.1 transparently proxies TCP connections via privoxy to tor.
== Address Allocations ==
 
===WAN - Monkeybrains - 192.195.83.128/29 ===
* .1 - "torbridge" interface on pony
* Address range: 192.195.83.129-134
* .2 - "noisebridge-tor" access point.
* Gateway: 192.195.83.129
* .10 - .254 -- Tor-ified clients (served by DHCP)
* DNS: 208.69.43.23, 208.69.40.4
 
* Subnet Mask: 255.255.255.248
=== 10.100.4.0/23 ChaosVPN Range ===
* Network in the ChaosVPN
** Has yet to be setup. In the future, we may join the network so that we can route to other hackerspaces
* [http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ip_ranges ChaosVPN Wiki]
 
== OOB Management ==
 
{|border="1" cellspacing="0" cellpadding="5"
!Device
!Where
|-
|gorilla
|ops /dev/ttyS0
|-
|r00ter
|ops /dev/ttyS1
|}
 
== IP PDU ==
 
There is an IP PDU (model "IP 9258") at 172.30.0.7 which can be used to power cycle some of the devices in Susan the Rack.
 
To change the state of the power ports, you'll need to telnet in and run "setpower=11000000". Each index represents a port, "1" is on and "0" is off.  
 
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Device
|-
|1
|empty
|-
|2
|pony
|-
|3
|Power Strip with: Stallion, Sonic.net DSL Modem, and r00ter
|-
|4
|gorilla
|}
 
== Machine Rack ==
 
The rack of machines and switches is counted by U, from the bottom, starting from "1".
 
{|border="1" cellspacing="0" cellpadding="5"
!"U"/Unit
!Device
|-
|24
|small stuff - soekrises, switch2.noise, ops
|-
|21-23
|unused
|-
|19-20
|patch panel
|-
|18
|switch3.noise (12-port Cisco Cat. 3500 XL)
|-
|17
|switch1
|-
|16
|2 - jim's, for linux user group
|-
|15
|1 - jim's, for linux user group
|-
|14
|hammer - aestetix
|-
|12-13
|unused
|-
|7-11
|pony
|-
|5-6
|rack support for pony
|-
|4
|Mostly unused (IP PDU stuffed in back)
|-
|1-3
|APC
|}


== Switch Ports ==
====Addresses====
=== switch1 ===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far End
|-
|1
| --
|-
|2
| --
|-
|3
| --
|-
|4
| --
|-
|5
| --
|-
|6
| --
|-
|7
| --
|-
|8
| --
|-
|9
| --
|-
|10
| --
|-
|11
| --
|-
|12
| --
|-
|13
| --
|-
|14
| --
|-
|15
| --
|-
|16
| --
|-
|17
| --
|-
|18
| --
|-
|19
| --
|-
|20
| --
|-
|21
| --
|-
|22
| --
|-
|23
| --
|-
|24
| --
|}


===switch2.noise===
{| class="wikitable"
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far end
|-
|-
|1
! IP
|Uplink to switch1 (VLAN 1)
! DNS
! Info
|-
|-
|2
| 192.195.83.130
|Fa0/1.switch3 (IEEE 802.1Q trunk, VLANs 1,10,20,702)
| cycletrailer.noisebridge.net/cycletrailer.noisebridge.io
| EdgeRouter ER-4
|-
|-
|3
| 192.195.83.131
|Monkeybrains Wireless CPE (VLAN 10)
| cia.noisebridge.io
|
|-
|-
|4
| 192.195.83.132
|Sonic.net ADSL2+ Modem/CPE (VLAN 20)
| jitsi.noisebridge.io
|
|-
|-
|5
| 192.195.83.133
|sis0.router (Sonic.net) (VLAN 20)
| zeppelin.noisebridge.net/zeppelin.noisebridge.io
|
|-
|-
|6
| 192.195.83.134
|sis1.gorilla (VLAN 10)
| pegasus.noisebridge.net/pegasus.noisebridge.io
|-
|  
|7
|sis1.router (VLAN 1)
|-
|8
|sis0.gorilla (VLAN 1)
|}
|}


===switch3.noise===
{|border="1" cellspacing="0" cellpadding="5"
!Port
!Far end
|-
|1
|fa0/2.switch2 (IEEE 802.1Q Trunk, VLANs 1,10,20,702)
|-
|2
|ops.noise. Atom-based console server. (VLAN 1)
|-
|5
|noisebridge-tor AP (VLAN 702)
|-
|6
|ap4 (VLAN 1)
|-
|7
|ap3 (VLAN 1)
|-
|8
|ap2 (VLAN 1)
|-
|9
|stallion.noise inside (VLAN 1)
|-
|10
|eth1.pony (IEEE 802.1Q Trunk, VLANs 1,702)
|-
|11
|eth0.pony (VLAN 20)
|-
|12
|stallion.noise frontend (VLAN 20)
|}
== Network Diagram ==
[[Image:2169_network_diagram-2010-04-09.png]]
== KVM ==
There is no KVM, but there are monitors and a keyboard dedicated to the machines in the rack.  You can easily recognize it because it's covered in nail polish and you can't see the keycaps.  The delete key is in the upper-right corner of the keyboard, which is handy to know if you want to get into the BIOS of the machines.


= Other uplink possibilities =
===LAN - 10.21.0.0/16===
* Metro fiber
====10.21.1.0 - 1.254====
** [[User:Jof|jof]] called IPN for a rough estimate for construction of fiber to 83c. The sales representative's estimate would be between 90,000USD - 100,000USD for the initial buildout.
* DHCP Pool - When connecting to the network, you will automatically receive an IP in this range.


* Sonic.net ADSL2
=== IPv6 ===
** We have this, woot.
We would like to setup IPv6, some day.


* WiMax
== [[Machine Rack]] ==
** Currently this hasn't been very seriously researched
[[File:rack-front.jpg|right|The rack layout, subject to change]]
There are two racks in the space, the main one on the first floor near the rolling door, and the secondary one on the second floor directly above the main one. They are small and up high to discourage people from messing with them or installing things in them. The internet works, please leave the boxes alone.


* SFLan
===Can I install/setup boxes on Noisebridge's network?===
====Short answer====
We may have line of sight to a node if we can bounce off of a local building. This hasn't been seriously researched. We may want to try to get roof access for antennas and should talk to our very quiet neighbors.
'''No.'''


I was contacted by Matt Peterson about connecting. I would be happy to do a site survey to see if you can hit the SFLAN or City wirless deployment from the Valencia Gardens development.  That could get you 40Mb/s up and down. - Tim Pozar
====Long answer====
See [[Rack]].

Latest revision as of 02:03, 6 January 2022

Noisebridge | About | Visit | 272 | Manual | Contact | Guilds | Resources | Events | Projects | 5MoF | Meetings | Donate | (Edit)
Resources | Where to find things | Network | AV | Audio | Library | Servers | Printers | Sustenance | Edit
Network | Network Troubleshooting | Machine Rack | Planning | Edit
Nbrack.png

You are standing beneath Noisebridge's network rack on the wall in the Hackitorium.

You see a "Noisebridge has an open WiFi network" sign.

EXITS: Hackitorium, Roll up door

> Blinkingcursor.gif

The open WiFi networks are free to all at Noisebridge. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

Free Public Wireless Networks

The WiFi and Internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following wireless networks (SSIDs) are active:

  • Noisebridge Cap
    • No password
    • 802.11g/n/ac 2.4 and 5 gHz
    • This is a temporary SSID set up for use during the move until the long term equipment is set up.

If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Network Security Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

See Security for tips on maintaining your own security.

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

Local Network Address Information

DHCP is offered automatically on the network. Currently the IP range is as follows:

  • IP Range: 10.21.0.1-10.21.1.254
  • Gateway: 10.21.0.1
  • Subnet: 255.255.254.0 (a "slash" /23)
  • DNS: 10.21.0.1, 1.1.1.1

Network Devices & Services


Uplinks

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof, it's a microwave dish on the roof at the front of the building.

I want to help!

Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the #rack channel in the Noisebridge Slack.

Router

Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution).

The machines currently provides

  * NAT
  * DHCPD
  * DNS (dnsmasq) - local TLD and recursive proxy

Access is via SSH with keys and a https web interface.

Access the router UI over https at 10.21.0.1.

Address Allocations

WAN - Monkeybrains - 192.195.83.128/29

  • Address range: 192.195.83.129-134
  • Gateway: 192.195.83.129
  • DNS: 208.69.43.23, 208.69.40.4
  • Subnet Mask: 255.255.255.248

Addresses

IP DNS Info
192.195.83.130 cycletrailer.noisebridge.net/cycletrailer.noisebridge.io EdgeRouter ER-4
192.195.83.131 cia.noisebridge.io
192.195.83.132 jitsi.noisebridge.io
192.195.83.133 zeppelin.noisebridge.net/zeppelin.noisebridge.io
192.195.83.134 pegasus.noisebridge.net/pegasus.noisebridge.io


LAN - 10.21.0.0/16

10.21.1.0 - 1.254

  • DHCP Pool - When connecting to the network, you will automatically receive an IP in this range.

IPv6

We would like to setup IPv6, some day.

Machine Rack

The rack layout, subject to change

There are two racks in the space, the main one on the first floor near the rolling door, and the secondary one on the second floor directly above the main one. They are small and up high to discourage people from messing with them or installing things in them. The internet works, please leave the boxes alone.

Can I install/setup boxes on Noisebridge's network?

Short answer

No.

Long answer

See Rack.