Difference between revisions of "Networking"
Jump to navigation
Jump to search
m (→VOI IP usage) |
(→Stupid-High Level Diagram) |
||
| Line 11: | Line 11: | ||
== Stupid-High Level Diagram == | == Stupid-High Level Diagram == | ||
<pre> | <pre> | ||
| − | + | +-------------------+ | |
| − | + | | | | |
| − | + | | The Tubes | | |
| − | + | | On The Roof | | |
| − | +--------- | + | | | |
| − | + | +--+--------------+-+ | |
| − | + | | | | |
| − | + | | | | |
| − | + | +-------------------+-+ +-+-------------------+ | |
| − | + | | LES.net | | VOI | | |
| − | + | | 208.81.6.224/27 | +------+ CPE/Router | | |
| − | + | | | | | 206.220.196.49 | | |
| − | +--------------------+ +---------- | + | +-----------------+---+ | +------------+--------+ |
| − | | | + | | | | |
| − | + | | | | | |
| − | + | | | +--------+------------+ | |
| − | + | +---------+-------+-----+ | Skullspace-Router | | |
| − | +--------------------+ | + | | Skullspace-External | | RB450G | |
| − | + | +----------+ Cisco 2950 +----+ 206.220.196.50 | | |
| − | + | | | 172.30.6.3 | | 208.61.6.228 | | |
| − | + | | +----------------------++ | 172.30.6.1 | | |
| − | + | | | +--------+------------+ | |
| − | + | +---------+-----------+ | | | |
| − | + | | | | | | |
| − | + | | Rest of External | | | | |
| − | + | | PUBLIC/LAN | | +--------+--------------+ +------------------+ | |
| − | + | | | +-----+ Skullspace-Internal | | | | |
| − | + | | 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal | | |
| − | + | | 206.220.193.64/29 | | | | INTERNAL/LAN | | |
| − | + | | 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 | | |
| − | + | +---------------------+ | | | | | | |
| − | + | +--------+ | +--------+ +------------------+ | |
| − | + | | | | | |
| − | + | +------+------+ +------+------+ +------+------+ | |
| − | + | | WAP-A | | WAP-B | | WAP-C | | |
| − | + | | 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 | | |
| − | + | | | | | | | | |
| − | + | +-------------+ +-------------+ +-------------+ | |
</pre> | </pre> | ||
Built using ASCIIFlow - http://asciiflow.com/ | Built using ASCIIFlow - http://asciiflow.com/ | ||
Revision as of 17:59, 15 September 2015
- Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
- Also see IT Policies
- We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.
- this page is finally being updated for Sksp2, old page is at Networking/Old
Contents
High-level description
The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.
Stupid-High Level Diagram
+-------------------+
| |
| The Tubes |
| On The Roof |
| |
+--+--------------+-+
| |
| |
+-------------------+-+ +-+-------------------+
| LES.net | | VOI |
| 208.81.6.224/27 | +------+ CPE/Router |
| | | | 206.220.196.49 |
+-----------------+---+ | +------------+--------+
| | |
| | |
| | +--------+------------+
+---------+-------+-----+ | Skullspace-Router |
| Skullspace-External | | RB450G |
+----------+ Cisco 2950 +----+ 206.220.196.50 |
| | 172.30.6.3 | | 208.61.6.228 |
| +----------------------++ | 172.30.6.1 |
| | +--------+------------+
+---------+-----------+ | |
| | | |
| Rest of External | | |
| PUBLIC/LAN | | +--------+--------------+ +------------------+
| | +-----+ Skullspace-Internal | | |
| 206.220.196.48/28 | | 3-Com L2 Old Junk +------+ Rest of Internal |
| 206.220.193.64/29 | | | | INTERNAL/LAN |
| 208.61.6.224/27 | +---+-------+-------+---+ | 172.30.6.0/24 |
+---------------------+ | | | | |
+--------+ | +--------+ +------------------+
| | |
+------+------+ +------+------+ +------+------+
| WAP-A | | WAP-B | | WAP-C |
| 172.30.6.10 | | 172.30.6.11 | | 172.30.6.12 |
| | | | | |
+-------------+ +-------------+ +-------------+
Built using ASCIIFlow - http://asciiflow.com/
Internet feeds
Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).
Network hardware
- Mikrotik Routerboard 450G as main router
Netgear WNDR3700 router, donated by Project Bismark. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.A 3Com 4924 (:A0) as the main switch, by default everything connects here.A 3Com 4924 (:??) a spare switch.2 D-Link DWL-810+ bridges.- Netgear GS108T as the lounge switch.
D-Link DWL-7100AP AP.D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link").A Belkin F5D8236 wireless-N router as spare3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares.Belkin F5D5141-5 switch.- Cisco 2950 switches #1 and #2.
- Mikrotik RB750 (small white box) VOI's router
Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.
Wiring
Runs A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP. C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam. E+F+G: from rack to area behind rear black desk.
Tasks
- terminate ethernet lines correctly in a panel once we're sure server room is stable
- label networking equipment (IPs etc) and servers, update this page for the latter
- put read-only and full-access passwords on devices
Wireless Networks
skullspace = main SSID, usual password
skullspace_rear: linksys G router in the server rack, as a backup.
New IP Ranges
- 172.30.4.x = testing/reserved for later use
- 172.30.5.x = half Security/Management network half VPNs
- 172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254
- 172.30.7.x = CTF Network DHCP ??? router .1
Internal IP usage
Check these
Legacy IPs
- 192.168.1.1 Micro-tik Router
192.168.1.9 noel, alex's linux container on vmsrv192.168.1.10 kyle, a linux container on vmsrv192.168.1.11 stefen, a linux container on vmsrv- 192.168.1.12 Samsung CLP-310N printer
192.168.1.15 Cisco 2950 switch192.168.1.16 Netgear GS108T workshop switch192.168.1.17 Cisco 4924 Switch-1 (main)192.168.1.18 Cisco 4924 Switch-2192.168.1.22 DES-3224- 192.168.1.26 vmsrv
192.168.1.27 Who took this and didn't document?192.168.1.31 not in use, but don't use- 192.168.1.32 Skullhost on vmsrv
192.168.1.33 iscsi server on vmsrv192.168.1.34-35 Kenny servers192.168.1.36 VPN server on vmsrv - contact Jay or Alex- 192.168.1.37 Ben's server
192.168.1.38 Driftnet laptop192.168.1.39 open for use192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.
Current 172.30/16
- 172.30.6.1 Micro-tik Router
- 172.30.6.2 SkullSpace-External (Cisco 2850 Switch)
- 172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)
- 172.30.6.10 WAP-A (UniFI AP Management IP) - MAC = 0418D64E8BDE
- 172.30.6.11 WAP-B (UniFI AP Management IP) - MAC = 0418D64E8AED
- 172.30.6.12 WAP-C (UniFI AP Management IP) - MAC = 0418D64E8AE4
- 172.30.6.13 intarweb.ca (Sean's server, inside interface)
- 172.30.6.16 Netgear GS108T
- 172.30.6.30 latest Ubuntu graphical shell service on vmsrv
- 172.30.6.31-32 Mark's temporary project ips
- 172.30.6.33 UniFI AP Controller (Container on vmsrv)
- 172.30.6.34 Jay Bots (Container on vmsrv)
- 172.30.6.40 vmsrv
- 172.30.6.50-53 Chris Otto Servers
- 172.30.6.100-240 Main router DHCP space
- 172.30.6.241-254 VPN IPs
- 172.30.6.245 - sean VPN IP (sean cody)
- 172.30.6.247 - cchilds VPN IP
- 172.30.6.248 - jordansamulaitis VPN IP
- 172.30.6.249 - gygar VPN IP
- 172.30.6.250 - nwild VPN IP
- 172.30.6.251 - cstanners-router VPN IP
- 172.30.6.252 - odin VPN IP
- 172.30.6.254 - cstanners VPN IP
- 172.30.7.1 Micro-tik Router (WIFI VLAN)
- 10.50.31.0/24 TheLEDSign LAN
- 10.50.31.16 The Sign
- 10.50.31.17 The controlling container (vmsrv)
- 10.50.32.0/30 Mark project private Point to Point link LAN
VOI IP usage
VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.
| IP | DNS | Use | Contact | used by? | reason for public IP and notes | ||||
|---|---|---|---|---|---|---|---|---|---|
| 206.220.193.65 | TBD | VOI router | VOI | all machines | required by network design | ||||
| 206.220.193.66 |
|
Mark | temporary use | ||||||
| 206.220.193.67 |
|
||||||||
| 206.220.193.68 |
|
||||||||
| 206.220.193.69 |
|
Richard's Server | rjr point work at gmail | development server, potentially Starbound server | |||||
| 206.220.193.70 |
|
Chris's Server | cotto at ieee point org | development server, occasionally Terraria server | |||||
| 206.220.196.49 |
|
VOI Mikrotik RB750? router | VOI Networks | now | required by network design | ||||
| 206.220.196.50 |
|
Sksp Main Router | CStanners a gmail.com or Sksp admins | ||||||
| 206.220.196.51 | 2604:4280:1:c0de::53
|
SKSP DNS | it@skullspace.ca | 2014-10-08 | Skullspace Primary DNS Server | ||||
| 206.220.196.52 |
|
Vobster Nepharia Services | mak@kolybabi.com and dave@ysarro.com | 2012-02-17 | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains. | ||||
| 206.220.196.53 |
|
Vobster SkullSpace Services | mak@kolybabi.com and dave@ysarro.com | 2012-02-17 | Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace. | ||||
| 206.220.196.54 |
|
Vobster CTF Services | mak@kolybabi.com and dave@ysarro.com | 2013-04-09 | |||||
| 206.220.196.55 |
|
Edwin Amsler | edwinguy at gmail dot calm | 2015-02-23 | |||||
| 206.220.196.56 |
|
Colin / Jeremy FreeBSD server | phoul@insecure-complexity.com | 2013-10-01 | |||||
| 206.220.196.57 |
|
vmsrv | mark@parit.ca | 2012-08-27 | VM server open to all members, will run an http proxy to allow this one ip to host many web servers | ||||
| 206.220.196.58 | 2604:4280:1:c0de::314
|
Sean's server. | sean _at_ tinfoilhat _dot_ ca | 2013-09-27 | L2TP etc. | ||||
| 206.220.196.59 |
|
Ron's server | ron @ skullsecurity.net | Now | Websites and stuff | ||||
| 206.220.196.60 |
|
Colin's project server | CStanners @ gmail | Occasional | IPv6, VPN services and testing | ||||
| 206.220.196.61 |
|
Ben's server | ben@benbergman.ca | 2012-12-18 | http/ssh/vpn/other | ||||
| 206.220.196.62 |
|
The Danger Zone | ctfadmin@ | 2012-06-01 | The home of the SkullSpace Teaching CTF. |
Access
All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.
