Difference between revisions of "Networking"

From SkullSpace Wiki
Jump to navigation Jump to search
(VOI IP usage)
C (talk)
Line 2: Line 2:
 
*Also see [[IT Policies]]
 
*Also see [[IT Policies]]
 
*We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time a wire was pulled out of main internet switch.
 
*We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time a wire was pulled out of main internet switch.
 
+
*this page is finally being updated for Sksp2, old page is at [[Networking/Old]]
  
 
== Network status ==
 
== Network status ==
Skullspace internal network is fine but needs better organization and documentation, see tasks section. Occasional issues connecting to the main skullspace SSID. Internet connection has occasional issues when the SkSp or AW routers have trouble getting an IP, this is being troubleshooted.
+
Pretty sweet right now
  
 
== High-level description ==
 
== High-level description ==
Internet is furnished by VOI, goes to the internet switch where multiples routers and servers connect. There is a main router for the main Skullspace network; this connects to a 24-port gigabit switch which has a few sub-switches in different rooms. There are APs around Skullspace with SSIDs beginning with "skullspace" and some near the fire escape connected to dishes outside, with different SSIDs.
+
Do this
  
 
== Internet feeds ==
 
== Internet feeds ==
Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 20mbit up to Speedtest.net Winnipeg, with large packets) comes from a drop in the middle of the space, connects to line #?? below the drop, goes to the server room where its PoE is; afterwards goes to the primary internet switch. We have permission to use a few IPs (currently being assigned by DHCP, but that may change - that's why they have the small white Microtik router) and a 'reasonable' amount of bandwidth.
+
Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).
  
 
== Network hardware ==
 
== Network hardware ==
All switches and their interconnects are gigabit (a few exceptions below), so two machines doing 100mbit of transfer won't fill any pipes on the way. All items are donated unless otherwise noted.
+
*Mikrotik Routerboard 450G as main router
 
*Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
 
*Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
*Linksys WRT54G2 v1.5 as a classroom AP. G wireless has been tested to 33mbit. WAN port may sometime have packet loss.  
+
*Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.  
*Linksys WRT350N with DD-WRT v24SP2 firmware as a spare main router when the Netgear has issues. Lent by Stef.
+
*Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.
 
*Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
 
*Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
*A Cisco 4924 (:A0) as the main switch, by default everything connects here.  
+
*A 3Com 4924 (:A0) as the main switch, by default everything connects here.  
*A Cisco 4924 (:??) a spare switch.
+
*A 3Com 4924 (:??) a spare switch.
*2 D-Link DWL-810+ bridges for testing
+
*2 D-Link DWL-810+ bridges.
*Netgear GS108T as the workshop switch.
+
*Netgear GS108T as the lounge switch.
*D-Link DWL-7100AP as a testing 2ghz/5ghz wireless AP in the workshop, still unproven.
+
*D-Link DWL-7100AP AP.
*D-Link DES-3224 as a spare switch, management only on port 7 (Telnet, username "D-Link").
+
*D-Link DES-3224 as a static IP switch, set to management only on port 7 (Telnet, username "D-Link").
*A Belkin F5D8236 wireless-N router in the lounge room is setup as an AP and switch (100mbit only), connected to the main SkSp network. May have had packet loss before.
+
*A Belkin F5D8236 wireless-N router as spare
 
*2 Cisco Aironet 1100 APs with .B cards, modified with pigtails to connect to outside dishes, and two others (:90 G card, :4A B card) spare.
 
*2 Cisco Aironet 1100 APs with .B cards, modified with pigtails to connect to outside dishes, and two others (:90 G card, :4A B card) spare.
*Belkin F5D5141-5 switch in the lounge.
+
*Belkin F5D5141-5 switch.
*Intel 510T switch - currently unused. Old, only telnet management
 
 
*Cisco 2950 switches #1 and #2 - currently unused, will setup as internet-side switches
 
*Cisco 2950 switches #1 and #2 - currently unused, will setup as internet-side switches
 
*Mikrotik RB750 (small white box) VOI's router
 
*Mikrotik RB750 (small white box) VOI's router
*Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) will be used to link to Seccuris and as a spare. Long-term loan from HighSpeedCrow. Panel antenna loaned from Seccuris.
+
*Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.
  
 
== Wiring ==
 
== Wiring ==
Please follow the standard below when labeling any new lines. LSB is closest to the RJ45. Unless otherwise noted, all wires below originate from the main rack. All wiring should be cat5 or better, T568B standard (orange-first).
+
Todo
 
 
{| class="wikitable"
 
|-
 
! num
 
! in binary R/G
 
! Description
 
! Connects to
 
|-
 
| 00
 
| RRR (000)
 
| Workshop pole
 
| ?
 
|-
 
| 01
 
| RRG (001)
 
| wirelss APs (1of3)
 
| ?
 
|-
 
| 02
 
| RGR (010)
 
| Workbench south
 
| GS108 switch?
 
|-
 
| 03
 
| RGG (011)
 
| Workbench North
 
| nothing
 
|-
 
| 04
 
| GRR (100)
 
| Classroom west
 
| nothing
 
|-
 
| 05
 
| GRG (101)
 
| Drink machine
 
| nothing
 
|-
 
| 06
 
| RRG (110)
 
| Lounge north pole
 
| nothing
 
|-
 
| 07
 
| GGG (111)
 
| Lounge south pole
 
| Belkin switch, etc
 
|-
 
| 08
 
| GRRR (1000)
 
| Electrical room/Assentworks (1of2)
 
| AW internet?
 
|-
 
| 09
 
| GRRG (1001)
 
| Electrical room/Assentworks (2of2)
 
| sksp to AW link
 
|-
 
| 10
 
| GRGR (1010)
 
| War Room 1of2
 
| nothing
 
|-
 
| 11
 
| GRGG (1011)
 
| War Room 2of2
 
| nothing
 
|}
 
 
 
The above runs were conservative - in many cases only a single drop because we were low on cat5, when it'd have been preferable to put 2 drops to be prepared for the future - but they still total up to 2000ft of cable, and quite a few hrs of wiring work.
 
  
 
== Tasks ==
 
== Tasks ==
*discover why there's occasional issues connecting to the main SSID on Netgear router.
 
 
*finish mapping and labeling ethernet lines
 
*finish mapping and labeling ethernet lines
 
*terminate lines correctly in a panel once we're sure server room is stable
 
*terminate lines correctly in a panel once we're sure server room is stable
*run 18? lines cleanly from networking rack to the blue racks.
 
 
*label networking equipment (IPs etc) and servers, update this page for the latter
 
*label networking equipment (IPs etc) and servers, update this page for the latter
*separate security/camera network from Skullspace network
 
*organize secondary internet feed, better router and switch for it
 
 
*put read-only and full-access passwords on devices
 
*put read-only and full-access passwords on devices
  
 
== Wireless Networks ==
 
== Wireless Networks ==
{| class="wikitable"
+
Todo
|-
 
! SSID
 
! speeds
 
! password
 
! description
 
|-
 
| skullspace
 
| N2.4/5.x
 
| (normal)
 
| main network; Netgear AP in server room
 
|-
 
| skullspace[25]ghz_test
 
| A/G
 
| (normal)
 
| D-link AP in workshop, being tested
 
|-
 
| skullspace_lounge_test
 
| N2.4
 
| (normal)
 
| Belkin AP in lounge, being tested
 
|-
 
| skullspace_classroom
 
| G
 
| (normal)
 
| Linksys AP in classroom
 
|-
 
| Skullspace-dish-aimedatKingsHead
 
| B
 
| (normal)
 
| east-pointed dish on fire escape ladder.
 
|}
 
 
 
== King's Head Pub AP ==
 
 
 
A popular meeting space in Winnipeg, 1 block away from Skullspace, which doesn't have wifi - but we can see the rear of its brick building from Skullspace. So we used a donated Cisco Aironet 1100AP, modified it for external antenna connection, ran some LMR400 cable outside the fire escape door and up the fire escape ladder, and pointed a 19dbi dish towards the pub. SSID is SkullSpace-dish-aimedatKingsHead, ask a member for the password. It doesn't work at all in the south main-floor area, but it does have coverage in most parts of the north main-floor area. Speedtests: 1 to 4mbit down on a laptop with a good wireless card (Atheros N). Attempted to replace the Cisco 802.11B card in the AP with a 802.11G upgrade card (AIR-MP21G-A-K9), but it became almost impossible to connect - likely because Cisco was becoming involved with Broadcom at the time that G card was made, the latter is known for the low sensitivity and receiver quality of their chipsets.
 
 
 
Plans to increase coverage:
 
*upgrade 19dbi to 24dbi antenna - only issue is they're huge and a lot of windload to put on the fire escape ladder (especially if they ice up in the winter), would prefer a roofmount pad. We'd need to calculate that the smaller beamwidth of the higher-gain antennas doesn't lose coverage of the edges of the King's Head - this math would be size of Kings's Head building x distance = degrees of view?
 
*add antenna receive diversity - again, the second antenna would be better on an additional (spaced farther apart horizontally) roofmount pad; vertical diversity on the fire escape ladder wouldn't help as much.
 
*move antenna - currently the view (all the way up the fire escape ladder) to the front of King's Head is blocked by a concrete building. 5-10ft south on a roofmount would be ideal.
 
*add an amplifier or a higher-power radio. The Cisco puts out 100mw, have a 500mw amplifier. Since this isn't an omni but a highly directional antenna, we could maybe classify it under the rule that allows 24dbi gain and 24dbm power output (500mw is 27dbm, but we're losing 3 db in the 40ft of LMR cable and connections, which brings us nicely to 24dbm).
 
*ground the fire escape ladder - would be a good idea.
 
*check that the antenna and LMR cable/connections are running at full efficiency - this is old gear from a garage.
 
 
 
Signal in the North-main floor area is currently -82 to -87 when connection is possible, with all of the above it'd be good to get it to mid-70s numbers which should allow for pretty good coverage, considering we're a block away and going through thick brick/concrete.
 
 
 
  
 
== Main router Port Forwarding entries ==
 
== Main router Port Forwarding entries ==
 
If ever we need to reset the main router, these will be put back in, so keep them updated.
 
If ever we need to reset the main router, these will be put back in, so keep them updated.
 
+
Todoo
{| class="wikitable"
 
|-
 
! Name
 
! Port range
 
! Protocol
 
! Dest IP
 
! Enabled?
 
! Notes
 
|-
 
| [[mumd|MUMD]] latest ubuntu ssh
 
| 22
 
| TCP
 
| .29
 
| Y
 
| -
 
|-
 
| [[mumd|MUMD]] latest ubuntu rdp
 
| 3389
 
| TCP
 
| .29
 
| Y
 
| -
 
|-
 
| ben's server ssh
 
| 9222
 
| both
 
| .37
 
| Y
 
| -
 
|-
 
|}
 
  
 
== Internal IP usage ==
 
== Internal IP usage ==
 +
Check these
 
*192.168.1.1  main Linksys/Netgear router
 
*192.168.1.1  main Linksys/Netgear router
*192.168.1.3  Belkin F5D8236 Router as AP in Lounge area
 
*192.168.1.4  Cisco 1100AP (King's Head)
 
*192.168.1.6  Intel 510T 100mbit switch
 
*192.168.1.7  Cisco 1100AP South
 
*192.168.1.8  HP 300x? parallel print server
 
 
*192.168.1.9  noel, alex's linux container on [[vmsrv]]
 
*192.168.1.9  noel, alex's linux container on [[vmsrv]]
 
*192.168.1.10 kyle, a linux container on [[vmsrv]]
 
*192.168.1.10 kyle, a linux container on [[vmsrv]]
Line 216: Line 60:
 
*192.168.1.17 Cisco 4924 Switch-1 (main)
 
*192.168.1.17 Cisco 4924 Switch-1 (main)
 
*192.168.1.18 Cisco 4924 Switch-2
 
*192.168.1.18 Cisco 4924 Switch-2
*192.168.1.20 D-link DWL-7100AP for testing
 
*192.168.1.21 Linksys AP in classroom
 
 
*192.168.1.22 DES-3224
 
*192.168.1.22 DES-3224
*192.168.1.23 Spare Linksys AP
 
*192.168.1.24 Cisco Aironet 1100 :90
 
*192.168.1.25 Cisco Aironet 1100 :4A
 
 
*192.168.1.26 [[vmsrv]]
 
*192.168.1.26 [[vmsrv]]
 
*192.168.1.27 Who took this and didn't document?
 
*192.168.1.27 Who took this and didn't document?
 
*192.168.1.28 central services for [[mumd|MUMD]]  
 
*192.168.1.28 central services for [[mumd|MUMD]]  
 
*192.168.1.29 [[mumd|MUMD]] latest Ubuntu
 
*192.168.1.29 [[mumd|MUMD]] latest Ubuntu
*192.168.1.30 Assentworks router - Sksp network interface
 
 
*192.168.1.31 Wyse Winterm thin client (computer lab)
 
*192.168.1.31 Wyse Winterm thin client (computer lab)
 
*192.168.1.32 [[Skullhost]] on [[vmsrv]]
 
*192.168.1.32 [[Skullhost]] on [[vmsrv]]
Line 240: Line 78:
  
 
== VOI IP usage ==
 
== VOI IP usage ==
VOI gave us 206.220.196.48/28 (mask 255.255.255.240) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently DES-3224 on top of rack.
+
VOI gave us 206.220.196.48/28 (mask 255.255.255.240) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently DES-3224 in the rack.
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 274: Line 112:
 
|-
 
|-
 
|}
 
|}
| Ian
+
| Sksp Main Router
 
| CStanners a gmail.com or Sksp admins
 
| CStanners a gmail.com or Sksp admins
 
|  
 
|  
Line 288: Line 126:
 
|-
 
|-
 
|}
 
|}
| Main AssentWorks router
+
| Given to Ian
| CStanners a gmail.com or AW admins
+
|  
| feb 17
+
|  
| has AW port-forwarded services
+
|  
 
|-
 
|-
 
| 206.220.196.52
 
| 206.220.196.52
Line 450: Line 288:
  
 
== Servers & Internet-connected devices ==
 
== Servers & Internet-connected devices ==
 
+
Do we still need this section?
Main Skullspace router is always set to WAN MAC 00:01:01:01:01:01. IP is currently 206.220.196.50.
 
 
 
{| class="wikitable"
 
|-
 
! Name
 
! Model/setup
 
! IPs and MACs
 
! Description/contact
 
|-
 
| Ben's
 
| White case w/ front game port
 
| 206.220.194.212 / 00:4f:49:0b:f7:fb
 
| ben@benbergman.ca
 
|-
 
| [[vmsrv]]
 
| Black tower case.
 
| 192.168.1.26 / 00:24:1d:da:50:30
 
| See [[vmsrv]]
 
|-
 
| Vobster / Mak and Dave's server
 
| Dell PowerEdge R200
 
|
 
{|
 
|-
 
| 00:03:47:23:d4:f9
 
| 206.220.194.186
 
|-
 
| 00:22:19:d4:eb:ea
 
| 206.220.194.250
 
|-
 
| 00:22:19:d4:eb:eb
 
| 206.220.194.253
 
|-
 
|}
 
| mak@kolybabi.com or dave@ysarro.com
 
|-
 
|}
 
  
 
== Access ==
 
== Access ==
All members with RFID fobs have access to the server room
+
Todo
  
 
[[Category:Space]]
 
[[Category:Space]]
 
[[Category:Networking]]
 
[[Category:Networking]]
 
[[Category:Required Reading]]
 
[[Category:Required Reading]]

Revision as of 16:05, 7 October 2013

  • Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
  • Also see IT Policies
  • We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time a wire was pulled out of main internet switch.
  • this page is finally being updated for Sksp2, old page is at Networking/Old

Network status

Pretty sweet right now

High-level description

Do this

Internet feeds

Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).

Network hardware

  • Mikrotik Routerboard 450G as main router
  • Netgear WNDR3700 router, donated by Project Bismark. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
  • Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.
  • Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.
  • Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
  • A 3Com 4924 (:A0) as the main switch, by default everything connects here.
  • A 3Com 4924 (:??) a spare switch.
  • 2 D-Link DWL-810+ bridges.
  • Netgear GS108T as the lounge switch.
  • D-Link DWL-7100AP AP.
  • D-Link DES-3224 as a static IP switch, set to management only on port 7 (Telnet, username "D-Link").
  • A Belkin F5D8236 wireless-N router as spare
  • 2 Cisco Aironet 1100 APs with .B cards, modified with pigtails to connect to outside dishes, and two others (:90 G card, :4A B card) spare.
  • Belkin F5D5141-5 switch.
  • Cisco 2950 switches #1 and #2 - currently unused, will setup as internet-side switches
  • Mikrotik RB750 (small white box) VOI's router
  • Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.

Wiring

Todo

Tasks

  • finish mapping and labeling ethernet lines
  • terminate lines correctly in a panel once we're sure server room is stable
  • label networking equipment (IPs etc) and servers, update this page for the latter
  • put read-only and full-access passwords on devices

Wireless Networks

Todo

Main router Port Forwarding entries

If ever we need to reset the main router, these will be put back in, so keep them updated. Todoo

Internal IP usage

Check these

  • 192.168.1.1 main Linksys/Netgear router
  • 192.168.1.9 noel, alex's linux container on vmsrv
  • 192.168.1.10 kyle, a linux container on vmsrv
  • 192.168.1.11 stefen, a linux container on vmsrv
  • 192.168.1.12 Samsung CLP-310N printer
  • 192.168.1.13 MUMD Arch Linux
  • 192.168.1.15 Cisco 2950 switch
  • 192.168.1.16 Netgear GS108T workshop switch
  • 192.168.1.17 Cisco 4924 Switch-1 (main)
  • 192.168.1.18 Cisco 4924 Switch-2
  • 192.168.1.22 DES-3224
  • 192.168.1.26 vmsrv
  • 192.168.1.27 Who took this and didn't document?
  • 192.168.1.28 central services for MUMD
  • 192.168.1.29 MUMD latest Ubuntu
  • 192.168.1.31 Wyse Winterm thin client (computer lab)
  • 192.168.1.32 Skullhost on vmsrv
  • 192.168.1.33 iscsi server on vmsrv
  • 192.168.1.34-35 Kenny servers
  • 192.168.1.36 VPN server on vmsrv - contact Jay or Alex
  • 192.168.1.37 Ben's server
  • 192.168.1.38 Driftnet laptop
  • 192.168.1.39 bitcoin mining
  • 192.168.1.100-199 Main router DHCP space
  • 192.168.1.200-220 Network lab address space
  • 192.168.1.245-249 : IPs for temporary wireless links

VOI IP usage

VOI gave us 206.220.196.48/28 (mask 255.255.255.240) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently DES-3224 in the rack.

IP DNS Use Contact used by? reason for public IP and notes
206.220.196.49
Fwd: h49-skullspace.winnipeg.voinetworks.net.
Rev: h49-skullspace.winnipeg.voinetworks.net.
VOI Mikrotik RB750? router VOI Networks now required by network design
206.220.196.50
Fwd:
Rev:
Sksp Main Router CStanners a gmail.com or Sksp admins
206.220.196.51
Fwd:
Rev:
Given to Ian
206.220.196.52
Fwd: <several>
Rev: mail.nepharia.org
Vobster Nepharia Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains.
206.220.196.53
Fwd: <several>
Rev: mail.skullspace.ca
Vobster SkullSpace Services mak@kolybabi.com and dave@ysarro.com 2012-02-17 Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace.
206.220.196.54
Fwd:
Rev:
Andrew's Server andrew at andreworr dot ca 2012-02-17 http/ssh/vpn/IPv6
206.220.196.55
Fwd:
Rev:
Ayecee's Server ayecee@gmail.com 2012-07-07 Static address for freenet node
206.220.196.56
Fwd:
Rev:
Colin / Jeremy FreeBSD server phoul@insecure-complexity.com 2013-10-01
206.220.196.57
Fwd:
Rev:
vmsrv mark@parit.ca 2012-08-27 VM server open to all members, will run an http proxy to allow this one ip to host many web servers
206.220.196.58
Fwd: intarweb.ca
Rev:
Sean's server. sean _at_ tinfoilhat _dot_ ca 2013-09-27 L2TP etc.
206.220.196.59
Fwd:
Rev:
SkullSpace XMPP alexwebr @ gmail.com Now Hosts the XMPP server that servers xmpp.skullspace.ca.
206.220.196.60
Fwd:
Rev:
Colin's project server CStanners @ gmail Occasional IPv6, VPN services and testing
206.220.196.61
Fwd:
Rev:
Ben's server ben@benbergman.ca 2012-12-18 http/ssh/vpn/other
206.220.196.62
Fwd: dangerzone.skullspace.ca
Rev: dangerzone.skullspace.ca
The Danger Zone ctfadmin@ 2012-06-01 The home of the SkullSpace Teaching CTF.

Servers & Internet-connected devices

Do we still need this section?

Access

Todo