X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;f=doc%2FNetwork.mdwn;h=7f9634b544df7b9197d480dd81612e92adc00712;hb=33c54ab6078c9eb6e870fa8a6db8043031da40ce;hp=9410317912ee087779db0094434b820ad183688e;hpb=c6d49679a2b57a6129e576c8bd32e257f2130b7b;p=noc.git

diff --git a/doc/Network.mdwn b/doc/Network.mdwn
index 9410317..7f9634b 100644
--- a/doc/Network.mdwn
+++ b/doc/Network.mdwn
@@ -26,11 +26,21 @@ We use a number of conventions to make things more consistent:
 - The gateway for a network is on the last IP for the subnet.
 
 
+### Routing and firewall rules
+
+This network diagram represents networks, and the connection flows between them:
+an arrow from A to B means that a connection can be opened from network A to
+network B.  In all cases, a subset of ICMP (ECHO, ...) is allowed.
+
+Note that any given system might have interfaces in several of these networks.
+
+[[!img Network/overview.svg alt="r³ network overview"]]
+
 
 ## WiFi
 
 Each location has a single AP, `ap{0,1}.mgmt.realraum.at`, which provides SSIDs
-for the management VLAN (`realstuff`) and the LAN (`realraum` and `realraum5`);
+for the IoT network (`realstuff`) and the LAN (`realraum` and `realraum5`);
 we use Ubiquity hardware running OpenWRT.