Hackerspace Network Planning: Bubbly Dynamics

From sshcWiki
Jump to navigation Jump to search
EightInchFloppyDisk.png This article is Out of date.
Please update this article and remove this template!

Background

We're taking advantage of our building's shared internet access, which puts a limit on our network design. In particular, we will be double-nat-ed.

This isn't an ideal situation, but isn't necessarily something we can't work around.

Network Layout

For now, we'll refrain from setting up network segmentation internally. 

┌────────────────────────────┐
│                            │
│                            │
│                            │
│       SSH:C Network        │
│       172.16.24.0/20       │
│                            │
│                            │
│                            │
└────────────────────────────┘
               │
               │
               │
               │
      ┌─────────────────┐
      │  SSH:C ROUTER   │
      │LAN: 172.16.24.1 │
      │ WAN: 10.1.10.x  │
      │                 │
      └─────────────────┘
               │
               │
               │
               │
               │
┌────────────────────────────┐
│                            │
│                            │
│                            │
│      Building Network      │
│       192.168.2.0/24       │
│                            │
│                            │
│                            │
└────────────────────────────┘
               │
               │
               │
    ┌────────────────────┐
    │  BUILDING ROUTER   │
    └────────────────────┘
               │
               │
               │
    ┌─────────────────────┐
    │      INTERNET       │
    └─────────────────────┘

Hardware considerations

  • Booting up the old pfsense box seemed to not go well. We'll need to derack it and see what's up with it.
  • We'll need to permanently mount the switch that's at the front of the space to prevent interruption of traffic for other tenants.
    • What do we need to do to finally get rid of this design? How hard is it going to be to pull a new home-run for us and stop depending on that splice? cswingler (talk) 20:20, 6 June 2016 (CDT)
    • Can we hard-wire that switch in, both electrically and network-wise? cswingler (talk) 20:20, 6 June 2016 (CDT)
    • How do we make sure no one disturbs that switch? cswingler (talk) 20:20, 6 June 2016 (CDT)
  • We will need to run a line from the front of the space near the door to the back of the space, where the cabinet is.
    • Do we want to protect this in conduit? There's nothing that mandates that we do so, but it's an important link cswingler (talk) 20:20, 6 June 2016 (CDT)
  • Hard network drops throughout the rest of the space should be considered.
  • We should probably get some internal monitoring stuff back online.

Network Routing Considerations

The double-NAT setup does prevent us from having a publicly-routable IP address. Ways to work around this include:

  • Setting up an AWS VPC gateway that we permanently leave online (this isn't particularly cheap, but it's not that expensive)
  • Use an AWS EC2 instance with an Elastic IP and an OpenVPN point-to-point route (this is a little cheaper)
  • Ask our landlord to get some more public IP space and route one of them to us (this is probably the cheapest and the most reliable)
  • Or pony up for our own network link.
Retrieved from "https://wiki.sshchicago.org/index.php?title=Hackerspace_Network_Planning:_Bubbly_Dynamics&oldid=1896"