Network
Moving to a new place will involve rebuilding the network, nearly from scratch.
The Gate will be our core router, but it will need some small modifications and updates
Here is how it is/will be laid out
[edit] Address pools
We have the following pools allocated to us:
IPv4: 172.22.33.0/24 (dn42) IPv6: 2001:6f8:147f::/48 (SixXS)
And here is how we'll divide it:
| VLAN ID | Tape color | Description | IPv4 range | IPv6 range | Infos |
|---|---|---|---|---|---|
| Green/Yellow | Trunk | Trunk lines - Only for devices understanding 802.1Q | |||
| DN42 VPN links | 172.22.33.0/27 | Address pool used for VPNs | |||
| 1 | (none) | Management LAN | 192.168.100.0/24 | 2001:6f8:147f:1::/64 | Devices web interfaces: should be accessible only from wired LAN (VLAN 4, 5 and 6) |
| 2 | Wireless Antwerpen WAN | ||||
| 3 | Servers LAN | 172.22.33.32/27 | 2001:6f8:147f:3::/64 | Quiet LAN for fixed services (SIP phones, network printers,...) | |
| 4 | Ground floor LAN | 172.22.33.64/27 | 2001:6f8:147f:4::/64 | ||
| 5 | 1st floor LAN | 172.22.33.96/27 | 2001:6f8:147f:5::/64 | ||
| 6 | 2nd floor LAN | 172.22.33.128/27 | 2001:6f8:147f:6::/64 | ||
| 7 | Open WiFi | 172.22.33.160/27 | 2001:6f8:147f:7::/64 | Locked down subnet open to everybody, including neighbours (SSID: hsbxl-public) | |
| 8 | WiFi WPA | 172.22.33.192/26 | 2001:6f8:147f:8::/64 | One subnet for all access points (SSID: hsbxl), enables AP roaming |
[edit] Why dividing the network like that ? Would everything in the same block be easier to manage ?
Of course it is !!
But since it's a hackerspace, people are very tempted in experimenting with stuff, and they should. :-)
Having 3 floors and the wifi in the same network will be a pain to debug in case the network go down or act funny because someone put a rogue DHCP server, announce an invalid or funky RA, made an ethernet loop, bridged two segments, use a crappy switch/hub, or is spoofing the gateway.
The worst that can happen with that setup is the wifi going down, or one floor misbehaving without interfering with the others.
Divide To Conquer, and let people play and experiment without any fear.
[edit] Hardware
Since we have 63 cables reaching the networking cabinet, we're forced to have two switches.
- 1 unmanaged to collect all the trunk lines
- 1 managed to dispatch the subnets across the floors
- create subpages to document our network infrastructure
- please remove passwds when posting configs...
| Network/IPv6 | Network/IPv6/OpenWRT | |
| Network/IPv6/tunnels | Network/Monitoring |
