Network

Z wiki.siliconhill.cz
Přejít na: navigace, hledání

Obsah

Info

IP ranges

Public addresses

IPv4

Club Silicon Hill has a range of 147.32.112.0/20 given by CTU. This range is divided on http://faq.sh.cvut.cz/#IP . Every block has 1 and 1/2 C of range = 254+126 address.

IPv6

http://ipv6.sh.cvut.cz

Private addresses

Because of the lack of public addresses, private addresses from the domain sh.nat are also used. These addresses are ruoted within the club network without limitation and when going out to the world are converted (NAT) on the central element (Cisco Catalyst 6509).

New solution

Private addresses on the blocks are divided as follows. Every block has at its disposition 2*254 addresses (2xC):

  • 172.16.< Number of Block >9.0/24
  • 172.16.< Number of Block >8.0/24


Old solution (until April 06)

One VLAN throughout the whole net. Blocks share the whole range

  • 172.16.0.0/23

General info

Gateways

The range for users ends on the block Cisco, which behaves as an L3 switch and routes this range using the main VLANs (5) to the central server room, where are further processed in a Cisco 6509. For every gateway from each of the mentioned ranges was assigned a different IP – for example the range 147.32.119.0/24 uses the gateway 147.32.119.1 and the range range 147.32.125.128/25 uses 147.32.125.129.

The only exception is the Strahov gateway, which used the IP 147.32.127.254, which is the last possible IP address from the Strahov network range.

How does the network work

For starters

From every room, two connectors for computer network go to the floor switch, placed mostly in a room with air conditioning. There are 3 Cisco switches on every floor. These switches are connected to the block server-room (usually on the third floor) using gigabit connection, where is a more powerful Cisco router. That router, else than the floor switches, connects the block main server. The block switches are connected to the central server-room on block 8 using an optical connection built on in the year 2001. The center of the network is based on a big Cisco switch bought in 2004 and every server in the central server-room is connected to it including the block main servers. From there goes a gigabit connection thru the Strahov tunnel, Andel and Charles Square all the way till Dejvice where it's connected to the CTU IT center.

For professionals

Topology

Topologie.jpg

Main schematic of topology of Strahov’s network is tree – like. The root is most important element Cisco Catalyst 6509, some parts than lead to block’s L3 switches (rotors) Cisco 3750. They again create root for (usually) 18 floor’s switches Cisco 2950. To them some user stations are connected.

Actual topology state and network load: https://nms1.sh.cvut.cz/weather/

Other connections

The backbone is made of optical single - mode fibre with speed 1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind.

Connections to internet

FIXME (here author forgot to write something??)


DUSPS and configuration

All kind of user configurations and services go through DUSPS . Almost every hour exports (outputs) on dusps.sh are in progress, which configure blocks L3 switches (Cisco 3750) (ACL, list of filtered users ) and L2 floor switches (Cisco 2950) (MAC address for port security and numbers VLAN, to whom user do belongs).

Vlans

Silicon Hill network uses directional protocol OSPF. Every block has usually two VLAN’s with public range. In that range are added addresses of user and block’s server, if it exists. Vlan’s are regularly marked <number_of_block>1 and <number_of_block>2, while first vlan’s contains range .(110+<number_of_block>).0/24 and second vlana remaining, visit: http://faq.sh.cvut.cz/.

For private range were reserved two Vlany <number_of_block>9 and <number_of_block>8, every with capacity /24 and have in future use as range for users in OZU level 0 for block. Until that time they will be used for users without restriction, when free IP from public range are not available. <Number_of_block> is in this example number 2-11 and marks the respective block. Block 12 and 11 exit the network together with block 11.

Vlan Range Value
< Number_of_block >1 147.32. Number_of_block.0/24 Public range
< Number_of_block >2 147.32.číslo_viz_faq.viz_faq/25 Public range
style="background:#FFD< Number_of_block >8 172.16. Number_of_block 8.0/24 Private range
style="background:#FFD< Number_of_block >9 172.16. Number_of_block 9.0/24 Private range

Security

Floor switches are used as port security, while doing so they accept pause MAC address, which are given and registered for each port in DUSPS. If a port in DUSPS. is not registered in the backbone switch, it remains in primary status and isn’t updated. Ports, on which in DUSPS. computer isn’t assigned, are off (shutdown). Basic configurations in ports are off for 30 seconds, if MAC address, which doesn’t have anything to do there, appears on port.

Block’s Cisco uses vlan filter and allows to rotational process only those IP address, which are in DUSPS allowed. All traffic continues to rotate over Cisco 6509 in central server on block 8.


Connection servers on blocks

Block’s are usually connected to the backbone vlan (number 5), while doing so some blocks guest part server, which don’t come to the central server-room (CS) or servers on other blocks (Block 4 for example). In that example accepts blocks also vlan 6 (servers).

IPv6

Blocks Ciscos behave as IPv6 routers range look: http://ipv6.sh.cvut.cz

NAT

FIXME

Wifi

In SH club it is possible to connect to network with Wifi. It works with private address, but it is necessary to registries computer in DUSPS to Wifi area. This can be done by blocks administrator.

  • All information are available on web pages of project Wifi, where it is also possible to get some experience with working with these kind of connection

Photo-gallery

Catalyst 2950 Catalyst 2950 (on SH there is around 200 of these), here we connect users
This is how it looks like on every floor
Catalyst 3750, the heart of block. Optically connected to 6509 – green cable
Optical patch panel in block 5
Central element 6509 (that monster below), here are connections of whole block 3750 (green cables)
Central serveroom view - 6509 is completely in the back
Jmenné prostory

Varianty
Akce