Network
(→Generally) |
(→For professionals) |
||
(Není zobrazena 1 mezilehlá verze od 1 uživatele.) | |||
Řádka 39: | Řádka 39: | ||
==How does the network work== | ==How does the network work== | ||
===For starters=== | ===For starters=== | ||
− | From every room, two connectors for computer network go to | + | From every room, two connectors for computer network go to the floor switch, placed mostly in a room with air conditioning. There are 3 Cisco switches on every floor. These switches are connected to the block server-room (usually on the third floor) using gigabit connection, where is a more powerful Cisco router. That router, else than the floor switches, connects the block main server. The block switches are connected to the central server-room on block 8 using an optical connection built on in the year 2001. The center of the network is based on a big Cisco switch bought in 2004 and every server in the central server-room is connected to it including the block main servers. From there goes a gigabit connection thru the Strahov tunnel, Andel and Charles Square all the way till Dejvice where it's connected to the CTU IT center. |
===For professionals=== | ===For professionals=== | ||
Řádka 51: | Řádka 51: | ||
====Other connections ==== | ====Other connections ==== | ||
− | The backbone is made of optical single - mode fibre with speed 1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind. | + | The backbone is made of optical single - mode fibre with speed 1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind. |
===Connections to internet=== | ===Connections to internet=== |
Aktuální verze z 21. 3. 2007, 22:50
Obsah |
[editovat] Info
[editovat] IP ranges
[editovat] Public addresses
IPv4
Club Silicon Hill has a range of 147.32.112.0/20 given by CTU. This range is divided on http://faq.sh.cvut.cz/#IP . Every block has 1 and 1/2 C of range = 254+126 address.
IPv6
[editovat] Private addresses
Because of the lack of public addresses, private addresses from the domain sh.nat are also used. These addresses are ruoted within the club network without limitation and when going out to the world are converted (NAT) on the central element (Cisco Catalyst 6509).
New solution
Private addresses on the blocks are divided as follows. Every block has at its disposition 2*254 addresses (2xC):
- 172.16.< Number of Block >9.0/24
- 172.16.< Number of Block >8.0/24
Old solution (until April 06)
One VLAN throughout the whole net. Blocks share the whole range
- 172.16.0.0/23
[editovat] General info
Gateways
The range for users ends on the block Cisco, which behaves as an L3 switch and routes this range using the main VLANs (5) to the central server room, where are further processed in a Cisco 6509. For every gateway from each of the mentioned ranges was assigned a different IP – for example the range 147.32.119.0/24 uses the gateway 147.32.119.1 and the range range 147.32.125.128/25 uses 147.32.125.129.
The only exception is the Strahov gateway, which used the IP 147.32.127.254, which is the last possible IP address from the Strahov network range.
[editovat] How does the network work
[editovat] For starters
From every room, two connectors for computer network go to the floor switch, placed mostly in a room with air conditioning. There are 3 Cisco switches on every floor. These switches are connected to the block server-room (usually on the third floor) using gigabit connection, where is a more powerful Cisco router. That router, else than the floor switches, connects the block main server. The block switches are connected to the central server-room on block 8 using an optical connection built on in the year 2001. The center of the network is based on a big Cisco switch bought in 2004 and every server in the central server-room is connected to it including the block main servers. From there goes a gigabit connection thru the Strahov tunnel, Andel and Charles Square all the way till Dejvice where it's connected to the CTU IT center.
[editovat] For professionals
[editovat] Topology
Main schematic of topology of Strahov’s network is tree – like. The root is most important element Cisco Catalyst 6509, some parts than lead to block’s L3 switches (rotors) Cisco 3750. They again create root for (usually) 18 floor’s switches Cisco 2950. To them some user stations are connected.
Actual topology state and network load: https://nms1.sh.cvut.cz/weather/
[editovat] Other connections
The backbone is made of optical single - mode fibre with speed 1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind.
[editovat] Connections to internet
FIXME (here author forgot to write something??)
[editovat] DUSPS and configuration
All kind of user configurations and services go through DUSPS . Almost every hour exports (outputs) on dusps.sh are in progress, which configure blocks L3 switches (Cisco 3750) (ACL, list of filtered users ) and L2 floor switches (Cisco 2950) (MAC address for port security and numbers VLAN, to whom user do belongs).
[editovat] Vlans
Silicon Hill network uses directional protocol OSPF. Every block has usually two VLAN’s with public range. In that range are added addresses of user and block’s server, if it exists. Vlan’s are regularly marked <number_of_block>1 and <number_of_block>2, while first vlan’s contains range .(110+<number_of_block>).0/24 and second vlana remaining, visit: http://faq.sh.cvut.cz/.
For private range were reserved two Vlany <number_of_block>9 and <number_of_block>8, every with capacity /24 and have in future use as range for users in OZU level 0 for block. Until that time they will be used for users without restriction, when free IP from public range are not available. <Number_of_block> is in this example number 2-11 and marks the respective block. Block 12 and 11 exit the network together with block 11.
Vlan | Range | Value |
< Number_of_block >1 | 147.32. Number_of_block.0/24 | Public range |
< Number_of_block >2 | 147.32.číslo_viz_faq.viz_faq/25 | Public range |
style="background:#FFD< Number_of_block >8 | 172.16. Number_of_block 8.0/24 | Private range |
style="background:#FFD< Number_of_block >9 | 172.16. Number_of_block 9.0/24 | Private range |
[editovat] Security
Floor switches are used as port security, while doing so they accept pause MAC address, which are given and registered for each port in DUSPS. If a port in DUSPS. is not registered in the backbone switch, it remains in primary status and isn’t updated. Ports, on which in DUSPS. computer isn’t assigned, are off (shutdown). Basic configurations in ports are off for 30 seconds, if MAC address, which doesn’t have anything to do there, appears on port.
Block’s Cisco uses vlan filter and allows to rotational process only those IP address, which are in DUSPS allowed. All traffic continues to rotate over Cisco 6509 in central server on block 8.
[editovat] Connection servers on blocks
Block’s are usually connected to the backbone vlan (number 5), while doing so some blocks guest part server, which don’t come to the central server-room (CS) or servers on other blocks (Block 4 for example). In that example accepts blocks also vlan 6 (servers).
[editovat] IPv6
Blocks Ciscos behave as IPv6 routers range look: http://ipv6.sh.cvut.cz
[editovat] NAT
FIXME
[editovat] Wifi
In SH club it is possible to connect to network with Wifi. It works with private address, but it is necessary to registries computer in DUSPS to Wifi area. This can be done by blocks administrator.
- All information are available on web pages of project Wifi, where it is also possible to get some experience with working with these kind of connection