| Network | VLAN id | Extra subnets |
|------------|---------|------------------|
-| Management | 23 | -- |
+| Management | 32 | -- |
| IoT | 33 | -- |
| Services | 34 | -- |
-| Public | 36 | 89.106.211.32/27 |
+| Public | 36 | 89.106.211.64/27 |
| Guests | 127 | -- |
-| Members | 128 | 89.106.211.64/27 |
+| Members | 128 | 89.106.211.32/27 |
| `0xFF` | 255 | -- |
We use a number of conventions to make things more consistent:
- The DNS zone for a given network is `NET.realraum.at`, with the exception
- of the public services network (which has `realraum.at`);
+ of the public services network (which uses `realraum.at`) and of the Funkfeuer
+ VLAN (which has no `realraum.at` zone).
- Networks using RFC 1918 IP space use the 192.168.VID.0/24 subnet;
- The gateway for a network is on the last IP for the subnet.
+### Routing and firewall rules
+
+This network diagram represents networks, and the connection flows between them:
+an arrow from A to B means that a connection can be opened from network A to
+network B. In all cases, a subset of ICMP (ECHO, ...) is allowed.
+
+Note that any given system might have interfaces in several of these networks.
+
+[[!img Network/overview.svg alt="r³ network overview"]]
+
## WiFi
(We use fiber to avoid creating a ground loop between the locations.)
In r1w2, we have a rack hosting a number of devices:
+
- the patch panel and core switch (`sw1.mgmt.realraum.at`) for W2;
- the `alfred` virtualization server;
- miscelaneous devices:
antenna for our link to Funkfeuer.
The network shelf in Cx also houses some important devices:
+
- `gw.realraum.at`;
- `smsgw.mgmt.realraum.at`, plus its mobile phone;
- the PoE injectors for `ap0.mgmt.realraum.at` and `sch24.r3.ffgraz.net`;
projects / noc.git / blobdiff