From 33c54ab6078c9eb6e870fa8a6db8043031da40ce Mon Sep 17 00:00:00 2001 From: nicoo Date: Tue, 3 Jul 2018 15:36:13 +0200 Subject: [PATCH] doc/Network: Add network diagram --- doc/Makefile | 7 +++++-- doc/Network.mdwn | 10 ++++++++++ doc/Network/.gitignore | 2 ++ doc/Network/Makefile | 8 ++++++++ doc/Network/overview.dot | 21 +++++++++++++++++++++ 5 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 doc/Network/.gitignore create mode 100644 doc/Network/Makefile create mode 100644 doc/Network/overview.dot diff --git a/doc/Makefile b/doc/Makefile index e91e3c6..4927b59 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -1,6 +1,6 @@ -.PHONY: default clean serve +.PHONY: default clean serve diagram -default: favicon.ico +default: diagram favicon.ico ikiwiki --refresh --setup ikiwiki.setup clean: @@ -9,6 +9,9 @@ clean: serve: default @cd dest; python -m SimpleHTTPServer +diagram: + $(MAKE) -C Network/ + favicon.ico: convert assets/logo.png -define icon:auto-resize=64,48,32,16 \ -fill 'rgb(118,20,7)' -opaque white \ diff --git a/doc/Network.mdwn b/doc/Network.mdwn index 689766c..7f9634b 100644 --- a/doc/Network.mdwn +++ b/doc/Network.mdwn @@ -26,6 +26,16 @@ We use a number of conventions to make things more consistent: - The gateway for a network is on the last IP for the subnet. +### Routing and firewall rules + +This network diagram represents networks, and the connection flows between them: +an arrow from A to B means that a connection can be opened from network A to +network B. In all cases, a subset of ICMP (ECHO, ...) is allowed. + +Note that any given system might have interfaces in several of these networks. + +[[!img Network/overview.svg alt="r³ network overview"]] + ## WiFi diff --git a/doc/Network/.gitignore b/doc/Network/.gitignore new file mode 100644 index 0000000..664db10 --- /dev/null +++ b/doc/Network/.gitignore @@ -0,0 +1,2 @@ +*.png +*.svg diff --git a/doc/Network/Makefile b/doc/Network/Makefile new file mode 100644 index 0000000..fd0d37c --- /dev/null +++ b/doc/Network/Makefile @@ -0,0 +1,8 @@ +DIAGRAMS:=overview +FORMATS:=svg png + +.PHONY: default +default: $(foreach diagram,$(DIAGRAMS),$(foreach ext,$(FORMATS),$(diagram).$(ext))) + +$(foreach ext,$(FORMATS),%.$(ext)): %.dot + $(foreach ext,$(FORMATS),circo -T$(ext) $^ -o $*.$(ext);) diff --git a/doc/Network/overview.dot b/doc/Network/overview.dot new file mode 100644 index 0000000..f29d9cb --- /dev/null +++ b/doc/Network/overview.dot @@ -0,0 +1,21 @@ +digraph network { + label="r³ network overview"; + node [ shape=none ]; + edge [ lblstyle="above, sloped" ]; + + public [ label="Public (36)\n89.106.211.32/27" ] + inet [ label="Internet" ] + guests [ label="Guests (127)" ] + members [ label="Members (128)\n89.106.211.64/27" ] + mgmt [ label="Management (23)" ] + iot [ label="IoT (33)" ] + svc [ label="Services (34)" ] + + public -> inet [ dir=both ]; + + guests -> inet [ label="NAT, tc" ]; + members -> inet [ dir=both label="NAT || firewall" ]; + guests -> members [ dir=both label="firewall" ]; + + {svc mgmt iot guests members} -> public; +} -- 1.7.10.4