Networking

From SkullSpace Wiki
Revision as of 02:38, 26 March 2015 by Sean (talk | contribs) (Current 172.30/16)
Jump to navigation Jump to search
  • Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
  • Also see IT Policies
  • We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.
  • this page is finally being updated for Sksp2, old page is at Networking/Old


High-level description

The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.

Stupid-High Level Diagram

                                 +---------------------+                                        
                                 |    The Internet     |                                        
                                 | External CPE/Router |                                        
                                 |   206.220.196.49    |                  +--------------------+
                                 +---------^-----------+                  |                    |
                                           |                              |  dns.skullspace.ca |
                               +-----------v-----------+                  |   206.220.196.53   |
                               |   206.220.194.90/30   |                  +--^-----------------+
                               |  Skullspace+Router    <---------------+     |                  
                               | 172.30.6.1 172.30.7.1 |               |     |                  
                               +-----------^-----------+               |     |                  
                           Trunk Port      |                           |     |                  
+--------------------+          +----------v----------+     +----------v-----v----+             
|                    |          |                     |     |                     |             
|   Rest of the      <----------> Skullspace+Internal <-----> Skullspace+External |             
|   Internal LAN     |          |      172.30.6.2     |     |      172.30.6.3     |             
|                    |          +------^----^----^----+     +----------^----------+             
+--------------------+                 |    |    |                     |                        
                           Trunk Ports |    |    |               +-----v--------------+         
                                       |    |    |               |                    |         
                                       |    |    |               |   Rest of the      |         
                           +-----------+    |    +-----------+   |   External/PUBLIC  |         
                           |                |                |   |   LAN              |         
                           |                |                |   |                    |         
                           |                |                |   +--------------------+         
                           |                |                |                                  
                   +-------v-----+   +------v------+  +------v------+                           
                   | 172.30.6.10 |   | 172.30.6.11 |  | 172.30.6.12 |                           
                   |    WAP+A    |   |    WAP+B    |  |    WAP+C    |                           
                   | 172.30.7.10 |   | 172.30.7.11 |  | 172.30.7.12 |                           
                   +------+------+   +-------------+  +------+------+                           
                          |                                  |                                  
                   +------+------+                    +------+-----+                            
                   | 172.30.7.X  |                    | 172.30.7.Y |                            
                   |  client+X   |                    |  client+Y  |                            
                   |             |                    |            |                            
                   +-------------+                    +------------+                            

Built using ASCIIFlow - http://http://asciiflow.com/

Internet feeds

Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).

Network hardware

  • Mikrotik Routerboard 450G as main router
  • Netgear WNDR3700 router, donated by Project Bismark. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
  • Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.
  • Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.
  • Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
  • A 3Com 4924 (:A0) as the main switch, by default everything connects here.
  • A 3Com 4924 (:??) a spare switch.
  • 2 D-Link DWL-810+ bridges.
  • Netgear GS108T as the lounge switch.
  • D-Link DWL-7100AP AP.
  • D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link").
  • A Belkin F5D8236 wireless-N router as spare
  • 3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares.
  • Belkin F5D5141-5 switch.
  • Cisco 2950 switches #1 and #2.
  • Mikrotik RB750 (small white box) VOI's router
  • Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.

Wiring

Runs A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP. C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam. E+F+G: from rack to area behind rear black desk.


Tasks

  • terminate ethernet lines correctly in a panel once we're sure server room is stable
  • label networking equipment (IPs etc) and servers, update this page for the latter
  • put read-only and full-access passwords on devices

Wireless Networks

skullspace = main SSID, usual password skullspace_rear: linksys G router in the server rack, as a backup.


New IP Ranges

  • 172.30.4.x = testing/reserved for later use
  • 172.30.5.x = half Security/Management network half VPNs
  • 172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254
  • 172.30.7.x = CTF Network DHCP ??? router .1

Internal IP usage

Check these

Legacy IPs

  • 192.168.1.1 Micro-tik Router
  • 192.168.1.9 noel, alex's linux container on vmsrv
  • 192.168.1.10 kyle, a linux container on vmsrv
  • 192.168.1.11 stefen, a linux container on vmsrv
  • 192.168.1.12 Samsung CLP-310N printer
  • 192.168.1.15 Cisco 2950 switch
  • 192.168.1.16 Netgear GS108T workshop switch
  • 192.168.1.17 Cisco 4924 Switch-1 (main)
  • 192.168.1.18 Cisco 4924 Switch-2
  • 192.168.1.22 DES-3224
  • 192.168.1.26 vmsrv
  • 192.168.1.27 Who took this and didn't document?
  • 192.168.1.31 not in use, but don't use
  • 192.168.1.32 Skullhost on vmsrv
  • 192.168.1.33 iscsi server on vmsrv
  • 192.168.1.34-35 Kenny servers
  • 192.168.1.36 VPN server on vmsrv - contact Jay or Alex
  • 192.168.1.37 Ben's server
  • 192.168.1.38 Driftnet laptop
  • 192.168.1.39 open for use
  • 192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.

Current 172.30/16

  • 172.30.6.1 Micro-tik Router
  • 172.30.6.2 SkullSpace-External (Cisco 2850 Switch)
  • 172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)
  • 172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE
  • 172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED
  • 172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4
  • 172.30.6.13 intarweb.ca (Sean's server, inside interface)
  • 172.30.6.16 Netgear GS108T
  • 172.30.6.30 latest Ubuntu graphical shell service on vmsrv
  • 172.30.6.31-32 Mark's temporary project ips
  • 172.30.6.33 UniFI AP Controller (Container on vmsrv)
  • 172.30.6.40 vmsrv
  • 172.30.6.50-53 Chris Otto Servers
  • 172.30.6.100-240 Main router DHCP space
  • 172.30.6.241-254 VPN IPs
  • 172.30.7.1 Micro-tik Router (WIFI VLAN)

VOI IP usage

VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.

IP DNS Use Contact used by? reason for public IP and notes
206.220.193.65 TBD VOI router VOI all machines required by network design
206.220.193.66
Fwd:
Rev:
Mark temporary mark@markjenkins.ca Mark temporary ipsec test
206.220.193.67
Fwd:
Rev:
206.220.193.68
Fwd:
Rev:
206.220.193.69
Fwd:
Rev:
Richard's Server rjr point work at gmail development server, potentially Starbound server
206.220.193.70
Fwd:
Rev:
Chris's Server cotto at ieee point org development server, occasionally Terraria server
206.220.196.49
Fwd: h49-skullspace.winnipeg.voinetworks.net.
Rev: h49-skullspace.winnipeg.voinetworks.net.
VOI Mikrotik RB750? router VOI Networks now required by network design
206.220.196.50
Fwd:
Rev:
Sksp Main Router CStanners a gmail.com or Sksp admins
206.220.196.51 2604:4280:1:c0de::53
Fwd: ns1.skullspace.ca (Pending)
Rev: ns1.skullspace.ca (Pending)
SKSP DNS it@skullspace.ca 2014-10-08 Skullspace Primary DNS Server
206.220.196.52
Fwd: <several>
Rev: mail.nepharia.org
Vobster Nepharia Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains.
206.220.196.53
Fwd: <several>
Rev: mail.skullspace.ca
Vobster SkullSpace Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace.
206.220.196.54
Fwd: ctf.skullspace.ca
Rev: ctf.skullspace.ca
Vobster CTF Services mak@kolybabi.com and dave@ysarro.com 2013-04-09
206.220.196.55
Fwd:
Rev:
Edwin Amsler edwinguy at gmail dot calm 2015-02-23
206.220.196.56
Fwd:
Rev:
Colin / Jeremy FreeBSD server phoul@insecure-complexity.com 2013-10-01
206.220.196.57
Fwd:
Rev:
vmsrv mark@parit.ca 2012-08-27 VM server open to all members, will run an http proxy to allow this one ip to host many web servers
206.220.196.58 2604:4280:1:c0de::314
Fwd: intarweb.ca
Rev:
Sean's server. sean _at_ tinfoilhat _dot_ ca 2013-09-27 L2TP etc.
206.220.196.59
Fwd:
Rev:
Ron's server ron @ skullsecurity.net Now Websites and stuff
206.220.196.60
Fwd:
Rev:
Colin's project server CStanners @ gmail Occasional IPv6, VPN services and testing
206.220.196.61
Fwd:
Rev:
Ben's server ben@benbergman.ca 2012-12-18 http/ssh/vpn/other
206.220.196.62
Fwd: dangerzone.skullspace.ca
Rev: dangerzone.skullspace.ca
The Danger Zone ctfadmin@ 2012-06-01 The home of the SkullSpace Teaching CTF.

Access

All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.