Network Layout

From FGWiki
Jump to: navigation, search

Overview

The Free Geek network is physically a Tree Topology network rooted at the mezzanine switch and 2-4 levels deep. VLAN's are used to separate the logical network uses from each other. Each VLAN consists of a separate class C (or /24) IP subnet. Subnets are matched to VLAN by the third octet, so for example VLAN 5 uses subnet 10.0.5.0/24 and VLAN 9 uses subnet 10.0.9.0/24.

Physical

The main mezzanine switch is located above the stationery cabinet in the south east corner of the mezzanine. From this switch connections are made to all other switches in the mezzanine with cables running along the east and north walls. Connections to the rest of Free Geek are via the warehouse through a hole in the wall immediately behind the switch. Connections to Laptop build and the cave run through the wall, down to the warehouse bathroom and along a drain pipe from the kitchen through the walls to the laptop bathroom where they terminate at the bathroom switch. In addition to the trunk connection between the mezzanine switch and the bathroom switch a parallel cable connects the DSL modem in the store bathroom to the mezzanine switch however it is no longer in use. Connections to the server rack run through the wall along the floor towards the kitchen and terminate at the server rack switch in the rack beside the kitchen door. Warehouse connections primarily run along the warehouse ceiling to their termination points with a handful of cables running along the warehouse bathroom ceiling to stations in the north east corner of the warehouse.

Store/Mezzanine

Cables running from the main switch north along the east wall connect to a switch on the north wall/window sill and devices on the sales desk. The public terminals and sales coordinator's desk are connected via the switch on the north wall.

Refer to Hosts/mezz.switch and Hosts/window.switch for detailed switch configuration.

Laptop build

The primary switch for laptops is located in the laptop bathroom on the south wall. Cables exit through the west wall adjacent to the door for all connections. The storage room has one switch on top of the shelving against the west wall which is connected directly to the bathroom switch. Devices in the storage room are connected to the storage room switch. Devices in the store should be directly connected to the bathroom switch but may instead be connected via a switch in the southwest corner of the store.

Refer to Hosts/bathroom.switch for detailed switch configuration.

Warehouse

One run from the mezzanine connects to a switch in Nirvana (the raised work area against the southern wall of the warehouse) to which all devices in that area are connected. One run along the roof drops down onto the evaluation station. The remainder of connections are via cables loose on top of the warehouse bathroom to build, network and printer testing stations.

Server Rack

The rack is connected to the mezzanine via an aggregated link which runs through the warehouse. Each server is directly connected to the main rack switch with iLO connected to a secondary switch. The secondary switch is connected to the main rack switch. Within the rack cabling is colour coded by VLAN/Purpose wherever possible.

Colour VLAN/Purpose
Red Aggregated links handling all VLANs
Black VLAN 4 - ILo
Green VLAN 9 - Development servers
White VLAN 5 - Servers
Yellow Connections which don't follow the above conventions

Refer to Hosts/rack.switch for detailed switch configuration.

Logical

All VLANs are present on the 3 main switches, mezzanine, laptop bathroom and server rack. Please refer to the individual switch page for which VLANs are distributed beyond that switch.

VLAN 1 - Legacy

Subnet: 10.0.0.0/24

The original VLAN, a mix of everything operates on this VLAN. This VLAN is considered publicly accessible. Attempts should be made to migrate off of VLAN 1 at all opportunities.

VLAN 2 - Terminals

Subnet: 10.0.2.0/24

All permanent user facing terminals should reside on this network. This VLAN is considered internal use only, no public computers should connect to this network.

VLAN 3 - Build

Subnet: 10.0.3.0/24

The build program should operate on this VLAN, this includes testing stations. Additionally technical support is provided on this VLAN. When computers from the public are plugged in at Free Geek they connect to this VLAN.

VLAN 4 - Management

Subnet: 10.0.4.0/24

Server and infrastructure management (access points, etc.) operate on this VLAN. Under no circumstances should uncontrolled access be allowed to this VLAN.

VLAN 5 - Servers

Subnet: 10.0.5.0/24

Production servers are in this VLAN. Access to this VLAN should be controlled. Traffic on it can be considered to be firewalled but may originate from anywhere allowed by the firewall ruleset.

VLAN 6 - Wifi

Subnet: 10.0.6.0/24

Wifi access, all wifi clients are connected to this VLAN, considered publically accessible.

VLAN 7 - Internet

Subnet: Telus

Our previous connection to the internet, only the routers and upstream equipment are connected to this VLAN. This VLAN is no longer in active use.

VLAN 8 - Phones

Subnet: 10.0.8.0/24

All VoIP devices should be connected to this VLAN and only VoIP devices. This VLAN is considered internal only and no traffic except VoIP should occur on it.

VLAN 9 - Development

Subnet: 10.0.9.0/24

For development of network services, a separate network which may include any device device while testing. Should be considered similiar security to build.

VLAN 10 - Shaw Internet

Subnet: Shaw

Our current ISP connection. Only routers and upstream equipment should connect to this VLAN. As such access should be tightly controlled physically but data should be considered untrusted.

VLAN 11 - Volunteer WiFi

Subnet: 10.0.11.0/24

WiFi for volunteers is restricted to only accessing the internet and cannot see other networked devices.

VLAN 12 - Guest WiFi

Subnet: 10.0.12.0/24

Guest WiFi is an open network that is only able to access the internet. Traffic from this VLAN should be considered untrusted.