X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;ds=sidebyside;f=doc%2FNetwork.mdwn;h=b822a582c266e9cb759c150f7de184c34bc748de;hb=ad4589a18ab5669989f3ebb1b10898afc1e6c42b;hp=9410317912ee087779db0094434b820ad183688e;hpb=c6d49679a2b57a6129e576c8bd32e257f2130b7b;p=noc.git diff --git a/doc/Network.mdwn b/doc/Network.mdwn index 9410317..b822a58 100644 --- a/doc/Network.mdwn +++ b/doc/Network.mdwn @@ -10,9 +10,9 @@ switches (one in each half of the hackerspace). These networks are: | Management | 23 | -- | | IoT | 33 | -- | | Services | 34 | -- | -| Public | 36 | 89.106.211.32/27 | +| Public | 36 | 89.106.211.64/27 | | Guests | 127 | -- | -| Members | 128 | 89.106.211.64/27 | +| Members | 128 | 89.106.211.32/27 | | `0xFF` | 255 | -- | @@ -21,16 +21,27 @@ switches (one in each half of the hackerspace). These networks are: We use a number of conventions to make things more consistent: - The DNS zone for a given network is `NET.realraum.at`, with the exception - of the public services network (which has `realraum.at`); + of the public services network (which uses `realraum.at`) and of the Funkfeuer + VLAN (which has no `realraum.at` zone). - Networks using RFC 1918 IP space use the 192.168.VID.0/24 subnet; - The gateway for a network is on the last IP for the subnet. +### Routing and firewall rules + +This network diagram represents networks, and the connection flows between them: +an arrow from A to B means that a connection can be opened from network A to +network B. In all cases, a subset of ICMP (ECHO, ...) is allowed. + +Note that any given system might have interfaces in several of these networks. + +[[!img Network/overview.svg alt="r³ network overview"]] + ## WiFi Each location has a single AP, `ap{0,1}.mgmt.realraum.at`, which provides SSIDs -for the management VLAN (`realstuff`) and the LAN (`realraum` and `realraum5`); +for the IoT network (`realstuff`) and the LAN (`realraum` and `realraum5`); we use Ubiquity hardware running OpenWRT.