Networking

From SkullSpace Wiki
Revision as of 17:59, 15 September 2015 by Sean (talk | contribs) (Stupid-High Level Diagram)
Jump to navigation Jump to search
  • Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
  • Also see IT Policies
  • We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.
  • this page is finally being updated for Sksp2, old page is at Networking/Old


High-level description

The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.

Stupid-High Level Diagram

                              +-------------------+                                                  
                              |                   |                                                  
                              |     The Tubes     |                                                  
                              |    On The Roof    |                                                  
                              |                   |                                                  
                              +--+--------------+-+                                                  
                                 |              |                                                    
                                 |              |                                                    
             +-------------------+-+          +-+-------------------+                                
             |     LES.net         |          |       VOI           |                                
             |  208.81.6.224/27    |   +------+     CPE/Router      |                                
             |                     |   |      |   206.220.196.49    |                                
             +-----------------+---+   |      +------------+--------+                                
                               |       |                   |                                         
                               |       |                   |                                         
                               |       |          +--------+------------+                            
                     +---------+-------+-----+    |  Skullspace-Router  |                            
                     |  Skullspace-External  |    |       RB450G        |                            
          +----------+      Cisco 2950       +----+  206.220.196.50     |                            
          |          |      172.30.6.3       |    |  208.61.6.228       |                            
          |          +----------------------++    |  172.30.6.1         |                            
          |                                 |     +--------+------------+                            
+---------+-----------+                     |              |                                         
|                     |                     |              |                                         
|  Rest of External   |                     |              |                                         
|     PUBLIC/LAN      |                     |     +--------+--------------+      +------------------+
|                     |                     +-----+  Skullspace-Internal  |      |                  |
|  206.220.196.48/28  |                           |  3-Com L2 Old Junk    +------+ Rest of Internal |
|  206.220.193.64/29  |                           |                       |      |   INTERNAL/LAN   |
|  208.61.6.224/27    |                           +---+-------+-------+---+      |   172.30.6.0/24  |
+---------------------+                               |       |       |          |                  |
                                             +--------+       |       +--------+ +------------------+
                                             |                |                |                     
                                      +------+------+  +------+------+  +------+------+              
                                      |    WAP-A    |  |    WAP-B    |  |    WAP-C    |              
                                      | 172.30.6.10 |  | 172.30.6.11 |  | 172.30.6.12 |              
                                      |             |  |             |  |             |              
                                      +-------------+  +-------------+  +-------------+              

Built using ASCIIFlow - http://asciiflow.com/

Internet feeds

Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).

Network hardware

  • Mikrotik Routerboard 450G as main router
  • Netgear WNDR3700 router, donated by Project Bismark. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
  • Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.
  • Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.
  • Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
  • A 3Com 4924 (:A0) as the main switch, by default everything connects here.
  • A 3Com 4924 (:??) a spare switch.
  • 2 D-Link DWL-810+ bridges.
  • Netgear GS108T as the lounge switch.
  • D-Link DWL-7100AP AP.
  • D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link").
  • A Belkin F5D8236 wireless-N router as spare
  • 3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares.
  • Belkin F5D5141-5 switch.
  • Cisco 2950 switches #1 and #2.
  • Mikrotik RB750 (small white box) VOI's router
  • Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.

Wiring

Runs A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP. C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam. E+F+G: from rack to area behind rear black desk.


Tasks

  • terminate ethernet lines correctly in a panel once we're sure server room is stable
  • label networking equipment (IPs etc) and servers, update this page for the latter
  • put read-only and full-access passwords on devices

Wireless Networks

skullspace = main SSID, usual password skullspace_rear: linksys G router in the server rack, as a backup.


New IP Ranges

  • 172.30.4.x = testing/reserved for later use
  • 172.30.5.x = half Security/Management network half VPNs
  • 172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254
  • 172.30.7.x = CTF Network DHCP ??? router .1

Internal IP usage

Check these

Legacy IPs

  • 192.168.1.1 Micro-tik Router
  • 192.168.1.9 noel, alex's linux container on vmsrv
  • 192.168.1.10 kyle, a linux container on vmsrv
  • 192.168.1.11 stefen, a linux container on vmsrv
  • 192.168.1.12 Samsung CLP-310N printer
  • 192.168.1.15 Cisco 2950 switch
  • 192.168.1.16 Netgear GS108T workshop switch
  • 192.168.1.17 Cisco 4924 Switch-1 (main)
  • 192.168.1.18 Cisco 4924 Switch-2
  • 192.168.1.22 DES-3224
  • 192.168.1.26 vmsrv
  • 192.168.1.27 Who took this and didn't document?
  • 192.168.1.31 not in use, but don't use
  • 192.168.1.32 Skullhost on vmsrv
  • 192.168.1.33 iscsi server on vmsrv
  • 192.168.1.34-35 Kenny servers
  • 192.168.1.36 VPN server on vmsrv - contact Jay or Alex
  • 192.168.1.37 Ben's server
  • 192.168.1.38 Driftnet laptop
  • 192.168.1.39 open for use
  • 192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.

Current 172.30/16

  • 172.30.6.1 Micro-tik Router
  • 172.30.6.2 SkullSpace-External (Cisco 2850 Switch)
  • 172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)
  • 172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE
  • 172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED
  • 172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4
  • 172.30.6.13 intarweb.ca (Sean's server, inside interface)
  • 172.30.6.16 Netgear GS108T
  • 172.30.6.30 latest Ubuntu graphical shell service on vmsrv
  • 172.30.6.31-32 Mark's temporary project ips
  • 172.30.6.33 UniFI AP Controller (Container on vmsrv)
  • 172.30.6.34 Jay Bots (Container on vmsrv)
  • 172.30.6.40 vmsrv
  • 172.30.6.50-53 Chris Otto Servers
  • 172.30.6.100-240 Main router DHCP space
  • 172.30.6.241-254 VPN IPs
    • 172.30.6.245 - sean VPN IP (sean cody)
    • 172.30.6.247 - cchilds VPN IP
    • 172.30.6.248 - jordansamulaitis VPN IP
    • 172.30.6.249 - gygar VPN IP
    • 172.30.6.250 - nwild VPN IP
    • 172.30.6.251 - cstanners-router VPN IP
    • 172.30.6.252 - odin VPN IP
    • 172.30.6.254 - cstanners VPN IP
  • 172.30.7.1 Micro-tik Router (WIFI VLAN)
  • 172.30.8.0/24 Virtual Machine Server (vmsrv) LAN
    • 172.30.8.1 vmsrv
    • 172.30.8.2 Mark private ubuntu vpn
    • 172.30.8.3 Mark private project ubuntu (Container on vmsrv)
  • 10.50.31.0/24 TheLEDSign LAN
    • 10.50.31.16 The Sign
    • 10.50.31.17 The controlling container (vmsrv)
  • 10.50.32.0/30 Mark project private Point to Point link LAN


VOI IP usage

VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.

IP DNS Use Contact used by? reason for public IP and notes
206.220.193.65 TBD VOI router VOI all machines required by network design
206.220.193.66
Fwd:
Rev:
Mark temporary use
206.220.193.67
Fwd:
Rev:
206.220.193.68
Fwd:
Rev:
206.220.193.69
Fwd:
Rev:
Richard's Server rjr point work at gmail development server, potentially Starbound server
206.220.193.70
Fwd:
Rev:
Chris's Server cotto at ieee point org development server, occasionally Terraria server
206.220.196.49
Fwd: h49-skullspace.winnipeg.voinetworks.net.
Rev: h49-skullspace.winnipeg.voinetworks.net.
VOI Mikrotik RB750? router VOI Networks now required by network design
206.220.196.50
Fwd:
Rev:
Sksp Main Router CStanners a gmail.com or Sksp admins
206.220.196.51 2604:4280:1:c0de::53
Fwd: ns1.skullspace.ca (Pending)
Rev: ns1.skullspace.ca (Pending)
2604:4280:1:c0de::80 - Relay/Proxy v6 to v4 for www.skullspace.ca (testing)
2604:4280:1:c0de::81 - Relay/Proxy v6 to v4 for wiki.skullspace.ca (testing)
SKSP DNS it@skullspace.ca 2014-10-08 Skullspace Primary DNS Server
206.220.196.52
Fwd: <several>
Rev: mail.nepharia.org
Vobster Nepharia Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains.
206.220.196.53
Fwd: <several>
Rev: mail.skullspace.ca
Vobster SkullSpace Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace.
206.220.196.54
Fwd: ctf.skullspace.ca
Rev: ctf.skullspace.ca
Vobster CTF Services mak@kolybabi.com and dave@ysarro.com 2013-04-09
206.220.196.55
Fwd:
Rev:
Edwin Amsler edwinguy at gmail dot calm 2015-02-23
206.220.196.56
Fwd:
Rev:
Colin / Jeremy FreeBSD server phoul@insecure-complexity.com 2013-10-01
206.220.196.57
Fwd:
Rev:
vmsrv mark@parit.ca 2012-08-27 VM server open to all members, will run an http proxy to allow this one ip to host many web servers
206.220.196.58 2604:4280:1:c0de::314
Fwd: intarweb.ca
Rev:
Sean's server. sean _at_ tinfoilhat _dot_ ca 2013-09-27 L2TP etc.
206.220.196.59
Fwd:
Rev:
Ron's server ron @ skullsecurity.net Now Websites and stuff
206.220.196.60
Fwd:
Rev:
Colin's project server CStanners @ gmail Occasional IPv6, VPN services and testing
206.220.196.61
Fwd:
Rev:
Ben's server ben@benbergman.ca 2012-12-18 http/ssh/vpn/other
206.220.196.62
Fwd: dangerzone.skullspace.ca
Rev: dangerzone.skullspace.ca
The Danger Zone ctfadmin@ 2012-06-01 The home of the SkullSpace Teaching CTF.

Access

All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.