Hackerspace Network Planning: Bubbly Dynamics
Jump to navigation
Jump to search
Background
We're taking advantage of our building's shared internet access, which puts a limit on our network design. In particular, we will be double-nat-ed.
This isn't an ideal situation, but isn't necessarily something we can't work around.
Network Layout
For now, we'll refrain from setting up network segmentation internally.
┌────────────────────────────┐ │ │ │ │ │ │ │ SSH:C Network │ │ 172.16.24.0/20 │ │ │ │ │ │ │ └────────────────────────────┘ │ │ │ │ ┌─────────────────┐ │ SSH:C ROUTER │ │LAN: 172.16.24.1 │ │ WAN: 10.1.10.x │ │ │ └─────────────────┘ │ │ │ │ │ ┌────────────────────────────┐ │ │ │ │ │ │ │ Building Network │ │ 192.168.2.0/24 │ │ │ │ │ │ │ └────────────────────────────┘ │ │ │ ┌────────────────────┐ │ BUILDING ROUTER │ └────────────────────┘ │ │ │ ┌─────────────────────┐ │ INTERNET │ └─────────────────────┘
Hardware considerations
- Booting up the old pfsense box seemed to not go well. We'll need to derack it and see what's up with it.
- We'll need to permanently mount the switch that's at the front of the space to prevent interruption of traffic for other tenants.
- What do we need to do to finally get rid of this design? How hard is it going to be to pull a new home-run for us and stop depending on that splice? cswingler (talk) 20:20, 6 June 2016 (CDT)
- Can we hard-wire that switch in, both electrically and network-wise? cswingler (talk) 20:20, 6 June 2016 (CDT)
- How do we make sure no one disturbs that switch? cswingler (talk) 20:20, 6 June 2016 (CDT)
- We will need to run a line from the front of the space near the door to the back of the space, where the cabinet is.
- Hard network drops throughout the rest of the space should be considered.
- We should probably get some internal monitoring stuff back online.
Network Routing Considerations
The double-NAT setup does prevent us from having a publicly-routable IP address. Ways to work around this include:
- Setting up an AWS VPC gateway that we permanently leave online (this isn't particularly cheap, but it's not that expensive)
- Use an AWS EC2 instance with an Elastic IP and an OpenVPN point-to-point route (this is a little cheaper)
- Ask our landlord to get some more public IP space and route one of them to us (this is probably the cheapest and the most reliable)
- Or pony up for our own network link.