## Networks
-NOC operates a number of networks, available as tagged VLANs on the core
-switches (one in each half of the hackerspace). These networks are:
+NOC operates a number of networks, available as tagged VLANs on the core switches:
-| Network | VLAN id | Extra subnets |
-|------------|---------|------------------|
-| Management | 23 | -- |
-| IoT | 33 | -- |
-| Services | 34 | -- |
-| Public | 36 | 89.106.211.32/27 |
-| Guests | 127 | -- |
-| Members | 128 | 89.106.211.64/27 |
-| `0xFF` | 255 | -- |
+| Name | ID | DNS | CIDR | Comment |
+|----------|-----|-----|------------------------------------|--------------------------------------|
+| realfunk | 6 | n | 192.168.6.0/24 | realfunk management network |
+| mgmt | 32 | y | 192.168.32.0/24 | management network |
+| iot | 33 | y | 192.168.33.0/24 | IoT devices, room infrastructure |
+| svc | 34 | y | 192.168.34.0/24 | Services LAN, see below |
+| [HAMNET] | 44 | n | 44.0.0.0/8 | Amateur Radio Digital Communications |
+| guests | 127 | y | 192.168.127.0/24 | Exposed through the “realraum” SSIDs |
+| members | 128 | y | 89.106.211.32/27, 192.168.128.0/24 | Accessed with per-member credentials |
+| pub | 130 | y | 89.106.211.64/27 | Publicly-available services |
+| UPC | 168 | n | <dynamically assigned> | UPC DOCSIS Internet |
+| `0xFF` | 255 | n | 10.12.240.240/28 | Funkfeuer VLAN |
+[HAMNET]: https://wiki.oevsv.at/index.php/Kategorie:Digitaler_Backbone
-### Conventions
-We use a number of conventions to make things more consistent:
+### `realfunk` -- realfunk management network
+
+This network will be used by realfunk to communicate between the ground station
+and things like SDR or similar stuff mounted on the roof. For now this network
+does not need DNS or connection to any other network. There also won't be any
+network services such as DHCP or recursive DNS. realfunk will probably run their
+own DHCP server.
+
+
+### `svc` -- Services LAN
+
+This network is intended for services that aren't directly exposed to users
+(be they humans or machines); this includes services exposed through a frontend
+(like realraum web services) and services only meant to be consumed by another
+service (like a database server).
+
+
+### `pub` -- Publicly-available services
+
+This network is intended for services that can be consumed by non-NOC systems,
+including our HTTP(S) frontend -- `entrance`, `mqtt`, ...
-- The DNS zone for a given network is `NET.realraum.at`, with the exception
- of the public services network (which has `realraum.at`);
-- Networks using RFC 1918 IP space use the 192.168.VID.0/24 subnet;
+Services in this network can restrict availability, for instance by only
+allowing clients connecting from our LANs, or by requiring authentication.
+
+No RFC 1918 subnet is used on this network, only `89.106.211.64/27`.
+
+
+### Conventions
+
+- The DNS zone for a given network is `NET.realraum.at`, with the exception of
+ `pub` (which uses `realraum.at`) and VLANs which have no `realraum.at` zone.
+- When a network uses RFC 1918 IP space, it is the 192.168.VID.0/24 subnet;
+ for instance, the `iot` network has id 33 and uses the 192.168.33.0/24 subnet.
- The gateway for a network is on the last IP for the subnet.
The switches have hostnames `sw{0,1}.mgmt.realraum.at`, and the WiFi access
points are similarly `ap{0,1}.mgmt.realraum.at`. `0` denotes the main room, and
-`1` denotes Wöhnung 2.
-
+`1` denotes the second appartment.
-### Wöhnung 2
-#### Raum 1
+### W2 -- Room 1
r1w2 has two fiber connections: one to the main room, and one to the radio room.
(We use fiber to avoid creating a ground loop between the locations.)
In r1w2, we have a rack hosting a number of devices:
+
- the patch panel and core switch (`sw1.mgmt.realraum.at`) for W2;
- the `alfred` virtualization server;
- miscelaneous devices:
on `alfred`).
-#### realfunk
+### W2 -- realfunk
-realfunk receives the `0xFF` and LAN VLANs trunked on a single fiber;
-the switch there, `sw2.mgmt.realraum.at`, provides untagged ports on either VLAN.
+realfunk receives the VLANs trunked on a single fiber; the switch there, `sw2`,
+provides untagged ports on guests, `0xFF`, and HAMNET, which are labelled on the
+device. Moreover, a single port (5) has the untagged guests LAN, along with
+tagged HAMNET packets, used by the desktop computer there.
Moreover, there is a Funkfeuer node there; it *does not* advertise the realraum
SSIDs.
antenna for our link to Funkfeuer.
The network shelf in Cx also houses some important devices:
+
- `gw.realraum.at`;
- `smsgw.mgmt.realraum.at`, plus its mobile phone;
- the PoE injectors for `ap0.mgmt.realraum.at` and `sch24.r3.ffgraz.net`;
projects / noc.git / blobdiff