Infrastructure:Network Architecture

From the Linux and Unix Users Group at Virginia Teck Wiki
Revision as of 02:43, 29 December 2014 by imported>Mjh (Created page with "This is an attempt to document VTLUUG's overly complex networking setup. Apologies for the disorganization, this is mainly just a way to get everything in one place. --~~~~ =...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This is an attempt to document VTLUUG's overly complex networking setup. Apologies for the disorganization, this is mainly just a way to get everything in one place. --Mjh (talk) 21:43, 28 December 2014 (EST)

Limitations

We have a single 100 Mbps CNS port, which comes with the following limitations:

  • Only one MAC address may appear on the port at a time (port security)
  • There is no prefix delegation for IPv6, so each address must be individually requested via NDP.

This means we must:

  • Use ARP proxying or 1-to-1 NAT for IPv4
  • Use an NDP proxy for IPv6

Current setup

Hardware:

  • "luugtemp" or "temp88191": a Poweredge 2x50 with 2 NICs configured as an Ubuntu router
  • 8-port Gigabit unmanaged switch
  • 48-port 100 Mbps managed switch (attached to sunway)

Port security evasion:

  • A bash script named "Nat" which presumably does 1-to-1 NAT
  • NDP proxying via https://npd6.github.io/npd6/
    • This is broken an misconfigured. It doesn't properly add routes.

IPs / networks:

  • temp88191 is 10.0.0.1/8 and 128.173.88.191. It provides DHCP on our internal interface
  • Sunway has static IPs setup (10.0.97.10 to 10.0.97.28)
  • Rackable servers: joey (10.0.4.10) and phantomphreak (10.0.4.11)
  • cyberdelia's IPv4 is luug0.ece.vt.edu
  • wood's IPv4 is luug1.ece.vt.edu
  • milton's IPv4 is luug2.ece.vt.edu
  • luug3.ece.vt.edu is (in theory) used by westinghouse (sunway's head node)
  • acidburn's IPv4 is luug.ece.vt.edu
  • acidburn has iodine configured as a DNS tunnel (10.152.78.1/27)
  • Other tenants of our router: mjh.ece.vt.edu and mirror.ece.vt.edu
  • 10.99.0.2/24 appears to be statically assigned to wood's guests.

Cyberdelia VMs - assigned 10.0.1.1/24 (not actually a separate subnet):

  • dhcp-host=52:54:00:14:df:c2,10.0.1.1 # "mail" (not yet configured)
  • dhcp-host=52:54:00:68:81:33,10.0.1.2 # crashoverride 2.0
  • dhcp-host=52:54:00:40:9a:55,10.0.1.3 # Cerealkiller 2.0


Desired Setup

This is what I'm hoping to migrate us to:

  • OpenWrt (odhcpd has built-in NDP proxying)
  • An internal network smaller than a /8 (room for expansion)
  • IPsec (point-to-point and road warrior for users)
  • Each VM host has a bridged ethernet port with a global IPv4 address and performs NAT to its VMs. Additional IPv4s are assigned as VMs as needed (e.g. milton and acidburn probably need their own)
  • All internal IPv4 addresses are static leases assigned by temp88191 or set statically and documented somewhere; hypervisors do not have their own networks unnecessarily like wood currently does.
  • Each device has a global IPv6 address
Retrieved from "https://vtluug.org/w/index.php?title=Infrastructure:Network_Architecture&oldid=5625"