[http://no-www.org/ www. is deprecated.]
== Historic ===== ECE Server Closet ======= Limitations ====We are behind the ECE Whittemore NAT, which is on a single 100 Mbps CNS port. We have the following limitations:* All adjustments to ECE DNS must be made through See [mailto:rbrand7@vt.edu Brandon Russell]* IP addresses are difficult to claim, because they must be forwarded through the NAT* IPv6 is not supported behind the Whittemore NAT Consequently, We must:* Use an IPv6 tunnel if we want access to IPv6 addresses* Keep all internal services (like NFS) on an internal network<!--* Only one MAC address may appear on the port at a time (port security)* There is no prefix delegation for IPv6, so each address must be individually requested via NDP. This means we must:* Use ARP proxying or 1-to-1 NAT for IPv4* Use an NDP proxy for IPv6--> ==== Desired Setup ====This is what I'm hoping to migrate us to:* OpenWrt ([https://github.com/sbyx/odhcpd odhcpd] has built-in NDP proxying) or pfSense Router** Partial: pfSense provides NATing on [[Infrastructure:Cyberdelia|cyberdeliaDeprecated Network]]* An internal network smaller than a /8 (room for expansion)** Done: 10.99.0.0/16* IPsec (point-to-point and road warrior for users)** Can be done through openWRT or pfSense* Each VM host has a bridged ethernet port with a global IPv4 address and performs NAT to its VMs. Additional IPv4s are assigned as VMs as needed (e.g. milton and acidburn probably need their own)** Done on [[Infrastructure:Cyberdelia|cyberdelia]]* All internal IPv4 addresses are static leases assigned by [[Infrastructure:temp88191|the router]] or set statically '''and documented somewhere'''; hypervisors do not have their own networks unnecessarily like wood currently does.** Internal network on [[Infrastructure:Cyberdelia|cyberdelia]] has static IPs or long-term leases.** Cyberdelia still has too many internal networks, most of which are unnecessary.* Each device has a global IPv6 address** Currently provided through tunnel === CVL setup (deprecated) === Hardware:* "luugtemp" or "temp88191": a Poweredge 2650 with 2 NICs configured as an Ubuntu router* 8-port Gigabit unmanaged switch* 48-port 100 Mbps managed switch (attached to sunway) Port security evasion:* A bash script named "Nat" which presumably does 1-to-1 NAT* NDP proxying via https://npd6.github.io/npd6/** This is broken an misconfigured. It doesn't properly add routes. IPs / networks:* temp88191 is 10.0.0.1/8 and 128.173.88.191. It provides DHCP on our internal interface* Sunway has static IPs setup (10.0.97.10 to 10.0.97.28)* Rackable servers: joey (10.0.4.10) and phantomphreak (10.0.4.11)* cyberdelia's IPv4 is luug0.ece.vt.edu** Port 9001 <-> 10.0.1.3 (cerealkiller)** Port 9030 <-> 10.0.1.3 (cerealkiller)* wood's IPv4 is luug1.ece.vt.edu* milton's IPv4 is luug2.ece.vt.edu* luug3.ece.vt.edu is (in theory) used by westinghouse (sunway's head node)* acidburn's IPv4 is luug.ece.vt.edu* acidburn has iodine configured as a DNS tunnel (10.152.78.1/27)* Other tenants of our router: mjh.ece.vt.edu and mirror.ece.vt.edu * 10.99.0.2/24 appears to be statically assigned to wood's guests. Cyberdelia VMs - assigned 10.0.1.1/24 (not actually a separate subnet):* dhcp-host=52:54:00:14:df:c2,10.0.1.1 # "mail" (not yet configured)* dhcp-host=52:54:00:68:81:33,10.0.1.2 # crashoverride 2.0* dhcp-host=52:54:00:40:9a:55,10.0.1.3 # Cerealkiller 2.0historic information
[[Category:Infrastructure]]
[[Category:Needs restoration]]