Open main menu

Linux and Unix Users Group at Virginia Teck Wiki β

Changes

Infrastructure:Network Architecture

1,756 bytes removed, 19:37, 27 January 2019
no edit summary
This is == General Information ===== IPv4 ===Most Internet-connected computers communicate using Internet Protocol version 4, usually abbreviated IPv4. IPv4 assigns an attempt address to document VTLUUG's overly complex each computer. These addresses are 32 bits long, and can be written as a period-separated list of four numbers from zero to 255. One example would be 192.168.1.1, an address commonly given to home networking setupequipment. Apologies The 32-bit address space of IPv4 allows for about four billion addresses. Given that there are over six billion people on the disorganizationplanet,this is mainly just a it's clear that these addresses will eventually run out. It turns out that due to the way to get everything these addresses are allocated in one placeblocks, we actually already have run out. --[[User:Mjh|Mjh]] ([[User talk:Mjh|talk]]) 21:43, 28 December 2014 (EST
Note: This === IPv6 ===Enter IP version 6, or IPv6. IPv6 uses 128 bits for each address, but is extraordinarily datednot yet very widely used. Revisions are in progressVirginia Tech, but currentlybeing the cutting edge institution it is, do already supports IPv6 campus-wide. While this does not consider it directly affect your computing experience, connecting your computer to a native IPv6 networks has a few implications you should beremotely correctaware of. --[[User:echarlie|echarlie]]
=== Limitations Stateless Autoconfiguration and Privacy Extensions ===We are behind the ECE Whittemore NAT, which is on a single 100 Mbps CNS port. We have the following limitations:* All adjustments to ECE DNS must be made through Brandon* IP addresses are difficult to claim, because they must be forwarded through the NAT, and ARP proxying must be configured by Brandon* IPv6 is not supported behind the Whittemore NAT
ConsequentlyIn IPv4, We must:* Use an IPv6 tunnel if we want access a computer would need to IPv6 addresses* Keep all internal services (like NFS) on an internal be told its address either manually or by using a network<!--* Only one MAC address may appear on service called DHCP. In DHCP, the port at computer asks a time (port security)* There server to assign it an IP address that is no prefix delegation for IPv6, so each address must be individually requested via NDPnot in use by anyone else.
In IPv6, the address space is so large that a mechanism called "stateless autoconfiguration" can be used. In stateless autoconfiguration, a computer asks a nearby router for the network prefix (the first few digits of the IP address that will be the same for all computers on the network), and then the computer fills in the rest of the bits by using the hardware address of the network adapter. This means we must:* Use ARP proxying or 1-that by default, your IP address could be used to-1 NAT for IPv4* Use an NDP proxy for IPv6-->uniquely identify your computer anywhere on the Internet, threatening your privacy online.
==Current = Desired Setup ===This is what I'm hoping to migrate us to:* OpenWrt ([https://github.com/sbyx/odhcpd odhcpd] has built-in NDP proxying) or pfSense Router** Partial: pfSense provides NATing on See [[Infrastructure:Cyberdelia|cyberdeliaNetwork]]* An internal network smaller than a /8 (room for expansion)** Done: 10.99.0.0/16* IPsec (point-to-point and road warrior for users)** Can be done through openWRT or pfSense* Each VM host has a bridged ethernet port with a global IPv4 address and performs NAT to its VMs. Additional IPv4s are assigned as VMs as needed (e.g. milton and acidburn probably need their own)** Done on [[Infrastructure:Cyberdelia|cyberdelia]]* All internal IPv4 addresses are static leases assigned by [[Infrastructure:temp88191|the router]] or set statically '''and documented somewhere'''; hypervisors do not have their own networks unnecessarily like wood currently does.** Internal network on [[Infrastructure:Cyberdelia|cyberdelia]] has static IPs or long-term leases.** Cyberdelia still has too many internal networks, most of which are unnecessary.* Each device has a global IPv6 address** Currently provided through tunnel
==See Also = CVL setup (deprecated) === Hardware:* "luugtemp" or "temp88191"[[Infrastructure: a Poweredge 2650 with 2 NICs configured as an Ubuntu router* 8-port Gigabit unmanaged switch* 48-port 100 Mbps managed switch (attached to sunway) Port security evasion:* A bash script named "Nat" which presumably does 1-to-1 NAT* NDP proxying via https://npd6.github.io/npd6/** This is broken an misconfigured. It doesn't properly add routes.  IPs / networks:* temp88191 is 10.0.0.1/8 and 128.173.88.191. It provides DHCP on our internal interface* Sunway has static IPs setup (10.0.97.10 to 10.0.97.28)* Rackable servers: joey (10.0.4.10) and phantomphreak (10.0.4.11)* cyberdelia's IPv4 is luug0.ece.vt.edu** Port 9001 <-> 10.0.1.3 (cerealkiller)** Port 9030 <-> 10.0.1.3 (cerealkiller)* wood's IPv4 is luug1.ece.vt.edu* milton's IPv4 is luug2.ece.vt.edu* luug3.ece.vt.edu is (in theory) used by westinghouse (sunway's head node)* acidburn's IPv4 is luug.ece.vt.edu* acidburn has iodine configured as a Network#DNS|DNS tunnel (10.152.78.1/27)]]* Other tenants of our router: mjh.ece.vt.edu and mirror.ece.vt.edu * 10.99.0.2/24 appears to be statically assigned to wood's guests. Cyberdelia VMs - assigned 10.0.1.1/24 (not actually a separate subnet):* dhcp-host=52:54:00:14:df:c2,10.0.1.1 # "mail" (not yet configured)* dhcp-host=52:54:00:68:81:33,10.0.1.2 # crashoverride 2.0* dhcp-host=52:54:00:40:9a:55,10.0.1.3 # Cerealkiller 2.0[[Deprecated Network]]
[[Category:Infrastructure]]
Retrieved from "https://vtluug.org/wiki/Special:MobileDiff/5628...7652"