NOC operates a number of networks, available as tagged VLANs on the core
switches (one in each half of the hackerspace). These networks are:
-- the IoT network (33);
-- the services interconnect (34) and management (23) networks;
-- the guests (127) and members (128) LANs;
-- the public services network (36, 89.106.211.32/27);
-- the Funkfeuer VLAN (255, `0xFF`).
+| Network | VLAN id | Extra subnets |
+|------------|---------|------------------|
+| Management | 32 | -- |
+| IoT | 33 | -- |
+| Services | 34 | -- |
+| Public | 36 | 89.106.211.64/27 |
+| Guests | 127 | -- |
+| Members | 128 | 89.106.211.32/27 |
+| `0xFF` | 255 | -- |
### Conventions
We use a number of conventions to make things more consistent:
- The DNS zone for a given network is `NET.realraum.at`, with the exception
- of the public services network (which has `realraum.at`);
+ of the public services network (which uses `realraum.at`) and of the Funkfeuer
+ VLAN (which has no `realraum.at` zone).
- Networks using RFC 1918 IP space use the 192.168.VID.0/24 subnet;
- The gateway for a network is on the last IP for the subnet.
+### Routing and firewall rules
+
+This network diagram represents networks, and the connection flows between them:
+an arrow from A to B means that a connection can be opened from network A to
+network B. In all cases, a subset of ICMP (ECHO, ...) is allowed.
+
+Note that any given system might have interfaces in several of these networks.
+
+[[!img Network/overview.svg alt="r³ network overview"]]
+
## WiFi
Each location has a single AP, `ap{0,1}.mgmt.realraum.at`, which provides SSIDs
-for the management VLAN (`realstuff`) and the LAN (`realraum` and `realraum5`);
+for the IoT network (`realstuff`) and the LAN (`realraum` and `realraum5`);
we use Ubiquity hardware running OpenWRT.
(We use fiber to avoid creating a ground loop between the locations.)
In r1w2, we have a rack hosting a number of devices:
+
- the patch panel and core switch (`sw1.mgmt.realraum.at`) for W2;
- the `alfred` virtualization server;
- miscelaneous devices:
antenna for our link to Funkfeuer.
The network shelf in Cx also houses some important devices:
+
- `gw.realraum.at`;
- `smsgw.mgmt.realraum.at`, plus its mobile phone;
- the PoE injectors for `ap0.mgmt.realraum.at` and `sch24.r3.ffgraz.net`;