Difference between revisions of "Hackerspace Network Planning: Bubbly Dynamics"
Jump to navigation
Jump to search
(words words words) |
(thoughts, designs, i am sitting in my back yard by a fire) |
||
Line 55: | Line 55: | ||
│ INTERNET │ | │ INTERNET │ | ||
└─────────────────────┘</pre> | └─────────────────────┘</pre> | ||
+ | |||
+ | = Hardware considerations = | ||
+ | |||
+ | * Booting up the old pfsense box seemed to not go well. We'll need to derack it and see what's up with it. | ||
+ | * We'll need to permanently mount the switch that's at the front of the space to prevent interruption of traffic for other tenants. | ||
+ | ** ''What do we need to do to finally get rid of this design? How hard is it going to be to pull a new home-run for us and stop depending on that splice? [[User:Cswingler|cswingler]] ([[User talk:Cswingler|talk]]) 20:20, 6 June 2016 (CDT)'' | ||
+ | ** ''Can we hard-wire that switch in, both electrically and network-wise? [[User:Cswingler|cswingler]] ([[User talk:Cswingler|talk]]) 20:20, 6 June 2016 (CDT)'' | ||
+ | ** ''How do we make sure no one disturbs that switch? [[User:Cswingler|cswingler]] ([[User talk:Cswingler|talk]]) 20:20, 6 June 2016 (CDT)'' | ||
+ | * We will need to run a line from the front of the space near the door to the back of the space, where the cabinet is. | ||
+ | ** ''Do we want to protect this in conduit? There's nothing that mandates that we do so, but it's an important link [[User:Cswingler|cswingler]] ([[User talk:Cswingler|talk]]) 20:20, 6 June 2016 (CDT)'' | ||
+ | * Hard network drops throughout the rest of the space should be considered. | ||
+ | * We should probably get some internal monitoring stuff back online. | ||
+ | |||
+ | = Network Routing Considerations = | ||
+ | |||
+ | The double-NAT setup does prevent us from having a publicly-routable IP address. Ways to work around this include: | ||
+ | |||
+ | * Setting up an AWS VPC gateway that we permanently leave online (this isn't particularly cheap, but it's not that expensive) | ||
+ | * Use an AWS EC2 instance with an Elastic IP and an OpenVPN point-to-point route (this is a little cheaper) | ||
+ | * Ask our landlord to get some more public IP space and route one of them to us (this is probably the cheapest and the most reliable) | ||
+ | * Or pony up for our own network link. |
Revision as of 20:20, 6 June 2016
Background
We're taking advantage of our building's shared internet access, which puts a limit on our network design. In particular, we will be double-nat-ed.
This isn't an ideal situation, but isn't necessarily something we can't work around.
Network Layout
For now, we'll refrain from setting up network segmentation internally.
┌────────────────────────────┐ │ │ │ │ │ │ │ SSH:C Network │ │ 172.16.24.0/20 │ │ │ │ │ │ │ └────────────────────────────┘ │ │ │ │ ┌─────────────────┐ │ SSH:C ROUTER │ │LAN: 172.16.24.1 │ │ WAN: 10.1.10.x │ │ │ └─────────────────┘ │ │ │ │ │ ┌────────────────────────────┐ │ │ │ │ │ │ │ Building Network │ │ 10.1.10.0/24 │ │ │ │ │ │ │ └────────────────────────────┘ │ │ │ ┌────────────────────┐ │ BUILDING ROUTER │ └────────────────────┘ │ │ │ ┌─────────────────────┐ │ INTERNET │ └─────────────────────┘
Hardware considerations
- Booting up the old pfsense box seemed to not go well. We'll need to derack it and see what's up with it.
- We'll need to permanently mount the switch that's at the front of the space to prevent interruption of traffic for other tenants.
- What do we need to do to finally get rid of this design? How hard is it going to be to pull a new home-run for us and stop depending on that splice? cswingler (talk) 20:20, 6 June 2016 (CDT)
- Can we hard-wire that switch in, both electrically and network-wise? cswingler (talk) 20:20, 6 June 2016 (CDT)
- How do we make sure no one disturbs that switch? cswingler (talk) 20:20, 6 June 2016 (CDT)
- We will need to run a line from the front of the space near the door to the back of the space, where the cabinet is.
- Hard network drops throughout the rest of the space should be considered.
- We should probably get some internal monitoring stuff back online.
Network Routing Considerations
The double-NAT setup does prevent us from having a publicly-routable IP address. Ways to work around this include:
- Setting up an AWS VPC gateway that we permanently leave online (this isn't particularly cheap, but it's not that expensive)
- Use an AWS EC2 instance with an Elastic IP and an OpenVPN point-to-point route (this is a little cheaper)
- Ask our landlord to get some more public IP space and route one of them to us (this is probably the cheapest and the most reliable)
- Or pony up for our own network link.