# Network infrastructure ## Networks NOC operates a number of networks, available as tagged VLANs on the core switches (one in each half of the hackerspace). These networks are: | Network | VLAN id | Extra subnets | |------------|---------|------------------| | Management | 32 | -- | | IoT | 33 | -- | | Services | 34 | -- | | Public | 36 | 89.106.211.64/27 | | Guests | 127 | -- | | Members | 128 | 89.106.211.32/27 | | `0xFF` | 255 | -- | ### Conventions We use a number of conventions to make things more consistent: - The DNS zone for a given network is `NET.realraum.at`, with the exception of the public services network (which uses `realraum.at`) and of the Funkfeuer VLAN (which has no `realraum.at` zone). - Networks using RFC 1918 IP space use the 192.168.VID.0/24 subnet; - The gateway for a network is on the last IP for the subnet. ### Routing and firewall rules This network diagram represents networks, and the connection flows between them: an arrow from A to B means that a connection can be opened from network A to network B. In all cases, a subset of ICMP (ECHO, ...) is allowed. Note that any given system might have interfaces in several of these networks. [[!img Network/overview.svg alt="r³ network overview"]] ## WiFi Each location has a single AP, `ap{0,1}.mgmt.realraum.at`, which provides SSIDs for the IoT network (`realstuff`) and the LAN (`realraum` and `realraum5`); we use Ubiquity hardware running OpenWRT. ## Physical locations The switches have hostnames `sw{0,1}.mgmt.realraum.at`, and the WiFi access points are similarly `ap{0,1}.mgmt.realraum.at`. `0` denotes the main room, and `1` denotes Wöhnung 2. ### Wöhnung 2 #### Raum 1 r1w2 has two fiber connections: one to the main room, and one to the radio room. (We use fiber to avoid creating a ground loop between the locations.) In r1w2, we have a rack hosting a number of devices: - the patch panel and core switch (`sw1.mgmt.realraum.at`) for W2; - the `alfred` virtualization server; - miscelaneous devices: - RIPE ATLAS probe; - some Raspberry Pi belonging to members; - ... **Note:** members setting up devices that only need power and network access should do so in this rack (or even better, run a VM or a container on `alfred`). #### realfunk realfunk receives the `0xFF` and LAN VLANs trunked on a single fiber; the switch there, `sw2.mgmt.realraum.at`, provides untagged ports on either VLAN. Moreover, there is a Funkfeuer node there; it *does not* advertise the realraum SSIDs. ### Main room The main room has its patch panel and core switch (`sw0.mgmt.realraum.at`) in Cx. The patch panel has a fiber link to r2w1, and a copper link to an external antenna for our link to Funkfeuer. The network shelf in Cx also houses some important devices: - `gw.realraum.at`; - `smsgw.mgmt.realraum.at`, plus its mobile phone; - the PoE injectors for `ap0.mgmt.realraum.at` and `sch24.r3.ffgraz.net`; - `test.r3.ffgraz.net`, which is a test Funkfeuer node.