Resources/Network: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
No edit summary
 
(322 intermediate revisions by 65 users not shown)
Line 1: Line 1:
== Status ==
{{network}}
{{blackbox}}[[File:Nbrack.png|250px|right]]
You are standing beneath Noisebridge's network rack on the wall in the [[Hackitorium]].


There is an external status monitor at [http://status.noisebridge.net/ status.noisebridge.net].  If something is wrong with the network at 83c, you should contact [[Admins|an admin]].
You see a "Noisebridge has an open WiFi network" sign.


The Ops personnel can be reached by calling (650) 248-2445 24/7.
'''EXITS:''' [[Hackitorium]], [[Roll up door]]
{{cursorboxend}}
{{headerbox}}
'''The open WiFi networks''' are free to all at Noisebridge. In most cases if you connect to the network '''Noisebridge''' your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.
{{boxend}}


== It's 2 AM And The Admins Are Asleep ==
== Free Public Wireless Networks ==
The WiFi and Internet provided is for public use. Like any public network, you should regard Noisebridge's as [[Visitor_advice#Hostile_network|potentially hostile]] and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.


If no admin responds within a reasonable period of time (say, an hour), take matters into your own hands and send mail to [mailto:noisebridge-discuss@lists.noisebridge.net noisebridge-discuss] with answers to the following questions:
The following wireless networks (SSIDs) are active:
* '''Noisebridge Cap'''
** No password
** 802.11g/n/ac 2.4 and 5 gHz
** This is a temporary SSID set up for use during the move until the long term equipment is set up.


* Who are you?
If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.
* What happened?
* When did the problem begin?  (If you were able to find out.)
* When was the problem noticed?
* When did it get fixed?
* What did you do to fix it?  Please err on the side of too much detail rather than not enough.


Please try to observe [[Network Policies|the guidelines]] for network maintenance, but use your Most Excellent Judgment if something there doesn't seem to apply.
__TOC__


= 83c Wiese Street =
== [[Network Troubleshooting]] ==
== Hardware ==


=== Current Gear ===
Are you having issues with the internet or local network? Check out the [[Network Troubleshooting]] page for more information on what you can do to make things better or possibly seek help.


* A [http://www.soekris.com/net4801.htm Soekris net4801] configured with a [http://www.nmedia.net/flashdist/ flashdist]-built [http://www.openbsd.org/ OpenBSD] 4.4 build. All administration is done via SSH or a direct RS-232C connection.
== Network Security Disclaimer ==
* [[User:Ioerror|Jake]] has donated a FON [http://en.wikipedia.org/wiki/FON#La_Fonera_WiFi_Router La Fonera] router that has been liberated with a [http://www.dd-wrt.com/dd-wrtv3/index.php DD-WRT] install.
* A [http://www.ruckuswireless.com/products/zoneflex-high-end/2942 Ruckus Wireless ZoneFlex 2942] access point.
** Can connect to an [http://en.wikipedia.org/wiki/IEEE_802.1Q IEEE 802.1Q] trunk (with [http://en.wikipedia.org/wiki/Power_over_Ethernet Power-over-Ethernet]) and bridge up to 8 VLANs to individual 802.11b/g SSIDs.


* [[switch1]], a [http://cisco.com/en/US/products/hw/switches/ps637/tsd_products_support_eol_series_home.html Cisco 3512XL].
''Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.''
* [[Switch2]]
* [[tunnelrouter1]], A [http://www.cisco.com/en/US/products/hw/routers/ps274/ps276/index.html Cisco 3620]. Brokers external IPv4 connectivity for VLAN 6.


=== Future Gear ===
See [[Security]] for tips on maintaining your own security.


== Wired network ==
There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).


== Local Network Address Information ==
DHCP is offered automatically on the network. Currently the IP range is as follows:


== Logical Topology ==
* IP Range: 10.21.0.1-10.21.1.254
* Gateway: 10.21.0.1
* Subnet: 255.255.'''254'''.0 (a "slash" /23)
* DNS: 10.21.0.1, 1.1.1.1


[[Image:Noisebridge_logical-2009-06-10.png|thumb|right|350px|Logical topology]]
==Network Devices & Services==
 
* [[Music]]
* The Soekris provides NAT / Firewalling to hosts inside of 172.30.0.0/24 -- the "inside" network.
* [[2D Paper Printer]]
** The same Soekris holds an external IP from Comcast on sis2, an external IP from Speakeasy on sis1, and 172.30.0.1/24 on sis0.
* [[Infrastructure]]
** Current Comcast IP: 24.5.85.158/21 (Comcast will now only hand out a DHCP lease requested from 00:0A:E4:32:44:6E)
** Current Speakeasy IP: 66.92.8.180/24
 
* Internal subnet is 172.30.0.0/24
** Soekris box is at 172.30.0.1
** [[switch1]] is at 172.30.0.3
** Ruckus AP (needs hostname) is at 172.30.0.5
*** Default login is "super"/"sp-admin"
 
== Physical Topology ==
[[Image:Noisebridge_physical-2009-06-10.png|thumb|right|300px|Physical topology]]
[http://farm4.static.flickr.com/3303/3615394907_b938aa3b4a_o.jpg Huge JPEG of pony's closet]
 
Connectivity to the outside comes over one copper POTS circuit (Speakeasy/Covad) and some RG-59 coaxial cable. Both circuits terminate in the closet attached to the shop/fishbowl. Most of the networking equipment has moved to the upstairs closet attached to the electronics lab. Still downstairs is the DOCSIS (Cable) modem, as the coax coming in couldn't easily be moved to the upstairs closet.


The copper Ethernet connectivity to baseboard connectors downstairs and the DSL/POTS circuit has been patched to the patch panel in the upstairs closet.


== Uplinks ==
== Uplinks ==
=== Monkeybrains Wireless Link ===
We have a point-to-point wireless link to Monkeybrains on the roof, it's a microwave dish on the roof at the front of the building.


=== '''24Mb/5Mb''' currently via Comcast ===
==I want to help!==
* Comcast Cable (Only internet, no voice or tv service)
Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the #rack channel in the Noisebridge Slack.
** $66.95 per month (After taxes COD at time of install is $169.21) - $3 modem rental per month
** No contract!
** Link speed is ~24Mbit down / ~5Mbit up. More testing during different times of the day would be useful.
** Wonderful quote from the service representative when asked about network filtering: "The network is filtered. Dynamic ips.'' Constantly flowing.'' Upgrading to static is possible through the business department."
** The direct line for the person who took the order is 1-925-349-3300 x644201
** Our confirmation number for this order is: 503691


=== Speakeasy DSL ===
== Router ==
* Speakeasy DSL (On a dry pair - Ordered for the (415) 864 area)
** Service has been delivered and installed at 83c
** Modem acts as a bridge straight into Speakeasy and comes with 1 static IP, 4 more for $20 per month.
*** Currently 66.92.8.180
*** Additional IP added on Jan 26th (requires configuration on firewall) 66.92.8.123
** $105.95 per month - ($99.00 install fee, first month free, hardware included - Paid by Jake)
** Link speed: 6Mb down and 768k up
** 12 month contract (25 day trial period), $300 fee if canceled in contract but outside of stated trial period.
** 1 static ip included
** The direct line for the person (Michelle) who took the order is 1-877-240-4821
** In the future, we can upgrade the DSL to the following:
*** Kinda fast 8Mb down and 768k up. 149.95 per month. Hardware and install waved.
*** Super fast 10Mb and 1Mb up. 179.95 per month. Hardware and install waved.


=== Other uplink possibilities ===
Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution).
* Local wifi link (TBD - no current ETA on install)
We need an antenna and a wifi access point that will uplink to our core switch (we need one of those too)


* Metro fiber
The machines currently provides
** [[User:Jof|jof]] called IPN for a rough estimate for construction of fiber to 83c. The sales representative's estimate would be between 90,000USD - 100,000USD for the initial buildout.
  * NAT
  * DHCPD
  * DNS (dnsmasq) - <s>local TLD and</s> recursive proxy


* Sonic.net ADSL2
Access is via SSH with keys and a https web interface.
We're on the waiting list for 18Mb/1Mb ADSL2
  Sometime in the next year service will be available in San Francisco.


* WiMax
Access the router UI over https at 10.21.0.1.
Currently this hasn't been very seriously researched


* SFLan
== Address Allocations ==
===WAN - Monkeybrains - 192.195.83.128/29 ===
We may have line of sight to a node if we can bounce off of a local building. This hasn't been seriously researched. We may want to try to get roof access for antennas and should talk to our very quiet neighbors.
* Address range: 192.195.83.129-134
 
* Gateway: 192.195.83.129
I was contacted by Matt Peterson about connecting.  I would be happy to do a site survey to see if you can hit the SFLAN or City wirless deployment from the Valencia Gardens development.  That could get you 40Mb/s up and down. - Tim Pozar
* DNS: 208.69.43.23, 208.69.40.4
 
* Subnet Mask: 255.255.255.248
 
 
== DNS ==
 
Internal machines (with NAT addresses in 172.30.0.0/24) have names in the <tt>.noise</tt> pseudo-TLD.  These names are managed on the Soekris in <tt>/etc/hosts</tt> (NOT in a zone file).  After editing <tt>/etc/hosts</tt>, you can SIGHUP the dnsmasq process to trigger a reload.
 
The /etc/hosts file is persistent now (it wasn't back when we used pfSense) so it no longer needs to be maintained on the wiki; the copy on the soekris is canonical now.
 
== Wireless networks ==
 
The following networks are active at 83c now:
* '''noisebridge''' - insecure, NAT via Speakeasy and/or Comcast
 
The following networks are disabled in the Ruckus AP config:
* '''nbsweden''' - insecure, NAT to [https://www.relakks.com/?cid=gb Relakks]. '''not yet functional.''' vlan 21.
* '''nbgermany''' - insecure, NAT to Germany via CCC. '''not yet functional.''' vlan 31.
* '''nbipv6''' - insecure, IPv6 only. '''not yet functional.''' vlan 41.
* '''nbanonymous''' - insecure, transparent [[Tor]]. '''not yet functional.''' vlan 51.
* '''nbwpa''' - "secured" (so they say) using WPA. '''not yet functional.''' vlan 61.
* '''nblocal''' - insecure, local-only.  No Internet route. '''not yet functional.''' vlan 71.
 
== Development ==
* See [[Network/testing]].
 
==Network Devices & Services==
* [[Music]]
* [[Printers]]
* [[Infrastructure]]
 
= 2169 Mission =
 
== Interim Configuration ==
 
There is a sonic.net Fusion ADSL2+ DSL connection in the building.  The physical circuit comes in from the MPOE in the basement and runs across the roof of the basement and up the side of the building into the DJ booth.  The CPE is a Motorola 2210 ADSL2+.  The admin password is the serial number, written on the bottom. 
 
The addressing configuration is a little unusual. It's 75.101.62.0/24 and we've been allocated a /29 within that block: 75.101.62.88-75.101.62.95.  Note that we get to use all 8 addresses; the broadcast and network address are 75.101.62.255 and 75.101.62.0 respectively.  The gateway is 75.101.62.1.
 
The default CPE settings are not correct for our circuit configuration.  From a factory reset, do the following to configure the CPE:
 
# Configure a computer for 192.168.1.253/24.
# Connect the computer to the DSL CPE.
# Power cycle the DSL CPE.
# Connect to 192.168.1.254 using your web browser.
# You will be prompted to set a password, use the serial number on the bottom of the DSL CPE.
# Get into expert mode.
# Under configure->connections, set the following:
## VPI: 0
## VCI: 35
## Protocol: Bridged Ethernet LLC/SNAP
## Bridging: on
# Under configure->DHCP server, set the following:
## DHCP Server Enabled: unchecked
# Save and reboot.
 
[http://broadband.motorola.com/consumers/products/2210-02/downloads/2210-02-10NA-UserGuide.pdf Motorola 2210 User Guide]


== Router ==
====Addresses====


The router is a WRT54G running OpenWRT. Its wireless interface is disabled. Its WAN address is 75.101.62.88/24 and its LAN address is 192.168.3.1.
{| class="wikitable"
|-
! IP
! DNS
! Info
|-
| 192.195.83.130
| cycletrailer.noisebridge.net/cycletrailer.noisebridge.io
| EdgeRouter ER-4
|-
| 192.195.83.131
| cia.noisebridge.io
|
|-
| 192.195.83.132
| jitsi.noisebridge.io
|
|-
| 192.195.83.133
| zeppelin.noisebridge.net/zeppelin.noisebridge.io
|
|-
| 192.195.83.134
| pegasus.noisebridge.net/pegasus.noisebridge.io
|
|}


DHCP and DNS services are being provided by the Volcano laptop.


===LAN - 10.21.0.0/16===
====10.21.1.0 - 1.254====
* DHCP Pool - When connecting to the network, you will automatically receive an IP in this range.


=== IPv6 ===
We would like to setup IPv6, some day.


== Address Allocations ==
== [[Machine Rack]] ==
The reserved address allocations are:
[[File:rack-front.jpg|right|The rack layout, subject to change]]
There are two racks in the space, the main one on the first floor near the rolling door, and the secondary one on the second floor directly above the main one. They are small and up high to discourage people from messing with them or installing things in them. The internet works, please leave the boxes alone.


===75.101.62.88/29===
===Can I install/setup boxes on Noisebridge's network?===
====Short answer====
'''No.'''


* .88 - WRT54G router
====Long answer====
* .89 - Unallocated
See [[Rack]].
* .90 - s1
* .91 - Unallocated
* .92 - Unallocated
* .93 - Unallocated
* .94 - Unallocated
* .95 - Unallocated

Latest revision as of 11:22, 26 November 2025

Noisebridge | About | Visit | 272 | Manual | Contact | Guilds | Stuff | Events | Projects | Meetings | Donate E
Resources | Where to find things | Storage | Network | AV | Audio | Library | Servers | Printers | Sustenance | Sources E
Network | Network Troubleshooting | Machine Rack | Planning | (Edit)
Nbrack.png

You are standing beneath Noisebridge's network rack on the wall in the Hackitorium.

You see a "Noisebridge has an open WiFi network" sign.

EXITS: Hackitorium, Roll up door

> Blinkingcursor.gif

The open WiFi networks are free to all at Noisebridge. In most cases if you connect to the network Noisebridge your laptop/phone/device will have the best luck getting crystal clear wifi and roam between radio channels according to which provides the most reliable and fastest connection.

Free Public Wireless Networks

The WiFi and Internet provided is for public use. Like any public network, you should regard Noisebridge's as potentially hostile and take appropriate precautions. In order to not give the impression of providing false security, Noisebridge does not run any encrypted wifi networks.

The following wireless networks (SSIDs) are active:

  • Noisebridge Cap
    • No password
    • 802.11g/n/ac 2.4 and 5 gHz
    • This is a temporary SSID set up for use during the move until the long term equipment is set up.

If you're reading this from another point in time, please note that the reality of the situation may be different. Please update this page to reflect reality as it changes.

Network Troubleshooting

Are you having issues with the internet or local network? Check out the Network Troubleshooting page for more information on what you can do to make things better or possibly seek help.

Network Security Disclaimer

Please note that Noisebridge does not guarantee or provide a perfect secure experience in the space. Just like anywhere else in the world you're held responsible for your own safety and wellbeing. This also includes content you receive or transmit or provide through any mediums, such as through pen and paper, sound waves or any networks wired or wireless functioning in the space. Noisebridge is a volunteer run and operated space that provides you with infrastructure, which you use at your own risk.

See Security for tips on maintaining your own security.

Wired network

There are drops throughout the space. They are labeled with the corresponding number on the patch panel. Please don't destroy them (lol).

Local Network Address Information

DHCP is offered automatically on the network. Currently the IP range is as follows:

  • IP Range: 10.21.0.1-10.21.1.254
  • Gateway: 10.21.0.1
  • Subnet: 255.255.254.0 (a "slash" /23)
  • DNS: 10.21.0.1, 1.1.1.1

Network Devices & Services


Uplinks

Monkeybrains Wireless Link

We have a point-to-point wireless link to Monkeybrains on the roof, it's a microwave dish on the roof at the front of the building.

I want to help!

Noisebridge is run by volunteers, you're welcome to help but should get to know those helping first before touching/hacking the network gear. Try introducing yourself on the #rack channel in the Noisebridge Slack.

Router

Biketrailer is our humble router. It is an Ubiquiti Edgerouter (ER-4) box running EdgeOS, a fork of Vyatta (a Linux-based router distribution).

The machines currently provides 

  * NAT
  * DHCPD
  * DNS (dnsmasq) - local TLD and recursive proxy

Access is via SSH with keys and a https web interface.

Access the router UI over https at 10.21.0.1.

Address Allocations

WAN - Monkeybrains - 192.195.83.128/29

  • Address range: 192.195.83.129-134
  • Gateway: 192.195.83.129
  • DNS: 208.69.43.23, 208.69.40.4
  • Subnet Mask: 255.255.255.248

Addresses

IP DNS Info
192.195.83.130 cycletrailer.noisebridge.net/cycletrailer.noisebridge.io EdgeRouter ER-4
192.195.83.131 cia.noisebridge.io
192.195.83.132 jitsi.noisebridge.io
192.195.83.133 zeppelin.noisebridge.net/zeppelin.noisebridge.io
192.195.83.134 pegasus.noisebridge.net/pegasus.noisebridge.io


LAN - 10.21.0.0/16

10.21.1.0 - 1.254

  • DHCP Pool - When connecting to the network, you will automatically receive an IP in this range.

IPv6

We would like to setup IPv6, some day.

Machine Rack

The rack layout, subject to change

There are two racks in the space, the main one on the first floor near the rolling door, and the secondary one on the second floor directly above the main one. They are small and up high to discourage people from messing with them or installing things in them. The internet works, please leave the boxes alone.

Can I install/setup boxes on Noisebridge's network?

Short answer

No.

Long answer

See Rack.

Retrieved from "https://wiki.extremist.software/index.php?title=Resources/Network&oldid=86694"