Network
Řádka 1: | Řádka 1: | ||
+ | ==Info== | ||
+ | * '''[[FAQ - Frequently Asked Questions]]''' | ||
+ | * [[Servers]] | ||
+ | ==IP ranges== | ||
+ | |||
+ | ===Public address=== | ||
+ | '''IPv4''' | ||
+ | |||
+ | Club Silicon Hill has a range of 147.32.112.0/20 given by CTU. This range is divided on http://faq.sh.cvut.cz/#IP . Every block has around 1 and 1/2 C of range = 254+126 address. | ||
+ | |||
+ | '''IPv6''' | ||
+ | |||
+ | http://ipv6.sh.cvut.cz | ||
+ | |||
+ | ===Private address=== | ||
+ | |||
+ | Because of lack of public addresses, private addresses from sh.nat domain are also included. These addresses are directed, without limitation, by club out and converted (NAT) on a central element (Cisco Catalyst 6509). | ||
+ | |||
+ | '''New solution ''' | ||
+ | |||
+ | Private addresses on blocks are divided as follows. Every block has at its disposition 2*254 addresses (2xC): | ||
+ | * 172.16.< Number of Block >9.0/24 | ||
+ | * 172.16.< Number of Block >8.0/24 | ||
+ | |||
+ | |||
+ | '''Old solution''' (until April 06) | ||
+ | |||
+ | One VLan throughout the whole net. Block’s sharing range | ||
+ | * 172.16.0.0/23 | ||
+ | |||
+ | ===Generally=== | ||
+ | '''Gates (Gateway)''' | ||
+ | |||
+ | Range for users ends on blocks Cisco, which behaves as L3 switch and rotates this range using main Vlans (5) to the central server, where it works in Cisco 6509. For all gates from this range was given out different IP – for example range 147.32.119.0/24 uses gate 147.32.119.1 and range 147.32.125.128/25 uses 147.32.125.129. | ||
+ | |||
+ | The only exception is Strahov’s gate, which has IP 147.32.127.254, so the last possible IP address range Strahov’s network. | ||
+ | |||
+ | |||
+ | ==How does the network work== | ||
+ | ===For starters=== | ||
+ | From every room, two connectors for computer network go to floors distributors placed mostly in rooms with air-technics. In it on every floor there are three switches Cisco. These switches are connected to blocks server (usually third floor) using gigabyte’s connection, where the most efficient pointer is Cisco. Those within distributor from spine connect that blocks server. Block’s switches, built in 2001, are connected optically to central server on block 8. Center of network creates big switch Cisco, bought in 2004, and all servers within block are connected to it in one central server. From there gigabyte server goes by: Strahov tunnel, Anděl, Karlovo náměstí, until Dejvic to computer center ČVUT. | ||
+ | |||
+ | ===For professionals=== | ||
+ | ====Topology==== | ||
+ | |||
+ | [[Soubor:Topologie.jpg]] | ||
+ | |||
+ | Main schematic of topology of Strahov’s network is tree – like. The root is most important element Cisco Catalyst 6509, some parts than lead to block’s L3 switches (rotors) Cisco 3750. They again create root for (usually) 18 floor’s switches Cisco 2950. To them some user stations are connected. | ||
+ | |||
+ | <s>Actual topology state and network load: https://nms1.sh.cvut.cz/weather/</s> | ||
+ | |||
+ | ====Other connections ==== | ||
+ | The backbone is made of optical single - mode fibre with speed 1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind. | ||
+ | |||
+ | ===Connections to internet=== | ||
+ | FIXME (here author forgot to write something??) | ||
+ | |||
+ | |||
+ | ====DUSPS and configuration==== | ||
+ | All kind of user configurations and services go through [http://dusps.sh.cvut.cz DUSPS] . Almost every hour exports (outputs) on dusps.sh are in progress, which configure blocks L3 switches (Cisco 3750) (ACL, list of filtered users ) and L2 floor switches (Cisco 2950) (MAC address for port security and numbers VLAN, to whom user do belongs). | ||
+ | |||
+ | ====Vlans==== | ||
+ | Silicon Hill network uses directional protocol OSPF. Every block has usually two VLAN’s with public range. In that range are added addresses of user and block’s server, if it exists. Vlan’s are regularly marked <number_of_block>1 and <number_of_block>2, while first vlan’s contains range .(110+<number_of_block>).0/24 and second vlana remaining, visit: http://faq.sh.cvut.cz/. | ||
+ | |||
+ | For private range were reserved two Vlany <number_of_block>9 and <number_of_block>8, every with capacity /24 and have in future use as range for users in OZU level 0 for block. Until that time they will be used for users without restriction, when free IP from public range are not available. | ||
+ | <Number_of_block> is in this example number 2-11 and marks the respective block. Block 12 and 11 exit the network together with block 11. | ||
+ | |||
+ | {| border="1" | ||
+ | |style="background:#DDF"|Vlan||style="background:#DDF"|Range||style="background:#DDF"|Value | ||
+ | |- | ||
+ | |style="background:#FFD"|< Number_of_block >1||147.32. Number_of_block.0/24||Public range | ||
+ | |- | ||
+ | |style="background:#FFD"|< Number_of_block >2||147.32.číslo_viz_faq.viz_faq/25||Public range | ||
+ | |- | ||
+ | |style="background:#FFD< Number_of_block >8||172.16. Number_of_block 8.0/24||Private range | ||
+ | |- | ||
+ | |style="background:#FFD< Number_of_block >9||172.16. Number_of_block 9.0/24||Private range | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | ====Security==== | ||
+ | Floor switches are used as port security, while doing so they accept pause MAC address, which are given and registered for each port in [http://dusps.sh.cvut.cz DUSPS]. If a port in [http://dusps.sh.cvut.cz DUSPS]. is not registered in the backbone switch, it remains in primary status and isn’t updated. Ports, on which in [http://dusps.sh.cvut.cz DUSPS]. computer isn’t assigned, are off (shutdown). Basic configurations in ports are off for 30 seconds, if MAC address, which doesn’t have anything to do there, appears on port. | ||
+ | |||
+ | Block’s Cisco uses vlan filter and allows to rotational process only those IP address, which are in DUSPS allowed. All traffic continues to rotate over Cisco 6509 in central server on block 8. | ||
+ | |||
+ | |||
+ | ====Connection servers on blocks ==== | ||
+ | Block’s are usually connected to the backbone vlan (number 5), while doing so some blocks guest part server, which don’t come to the central server-room (CS) or servers on other blocks (Block 4 for example). In that example accepts blocks also vlan 6 (servers). | ||
+ | |||
+ | ====IPv6==== | ||
+ | Blocks Ciscos behave as IPv6 routers range look: http://ipv6.sh.cvut.cz | ||
+ | |||
+ | ==NAT== | ||
+ | |||
+ | FIXME | ||
+ | |||
+ | ==Wifi== | ||
+ | |||
+ | In SH club it is possible to connect to network with [[Wifi_EN | Wifi]]. It works with private address, but it is necessary to registries computer in DUSPS to Wifi area. This can be done by blocks administrator. | ||
+ | |||
+ | * All information are available on web pages of project [[Wifi_EN | Wifi]], where it is also possible to get some experience with working with these kind of connection | ||
+ | |||
+ | == Photo-gallery == | ||
+ | |||
+ | [[Soubor:2950.jpg|thumb|left|Catalyst 2950 Catalyst 2950 (on SH there is around 200 of these), here we connect users ]][[Soubor:Kabely patro.jpg|thumb|left|This is how it looks like on every floor ]][[Soubor:3750.jpg|thumb|left|Catalyst 3750, the heart of block. Optically connected to 6509 – green cable]][[Soubor:Opticky patchpanel.jpg|thumb|left|Optical patch panel in block 5]][[Soubor:6509.jpg|thumb|left|Central element 6509 (that monster below), here are connections of whole block 3750 (green cables)]][[Soubor:Centralni_serverovna.jpg|thumb|left|Central serveroom view - 6509 is completely in the back ]] |
Verze z 21. 3. 2007, 19:42
Obsah |
Info
IP ranges
Public address
IPv4
Club Silicon Hill has a range of 147.32.112.0/20 given by CTU. This range is divided on http://faq.sh.cvut.cz/#IP . Every block has around 1 and 1/2 C of range = 254+126 address.
IPv6
Private address
Because of lack of public addresses, private addresses from sh.nat domain are also included. These addresses are directed, without limitation, by club out and converted (NAT) on a central element (Cisco Catalyst 6509).
New solution
Private addresses on blocks are divided as follows. Every block has at its disposition 2*254 addresses (2xC):
- 172.16.< Number of Block >9.0/24
- 172.16.< Number of Block >8.0/24
Old solution (until April 06)
One VLan throughout the whole net. Block’s sharing range
- 172.16.0.0/23
Generally
Gates (Gateway)
Range for users ends on blocks Cisco, which behaves as L3 switch and rotates this range using main Vlans (5) to the central server, where it works in Cisco 6509. For all gates from this range was given out different IP – for example range 147.32.119.0/24 uses gate 147.32.119.1 and range 147.32.125.128/25 uses 147.32.125.129.
The only exception is Strahov’s gate, which has IP 147.32.127.254, so the last possible IP address range Strahov’s network.
How does the network work
For starters
From every room, two connectors for computer network go to floors distributors placed mostly in rooms with air-technics. In it on every floor there are three switches Cisco. These switches are connected to blocks server (usually third floor) using gigabyte’s connection, where the most efficient pointer is Cisco. Those within distributor from spine connect that blocks server. Block’s switches, built in 2001, are connected optically to central server on block 8. Center of network creates big switch Cisco, bought in 2004, and all servers within block are connected to it in one central server. From there gigabyte server goes by: Strahov tunnel, Anděl, Karlovo náměstí, until Dejvic to computer center ČVUT.
For professionals
Topology
Main schematic of topology of Strahov’s network is tree – like. The root is most important element Cisco Catalyst 6509, some parts than lead to block’s L3 switches (rotors) Cisco 3750. They again create root for (usually) 18 floor’s switches Cisco 2950. To them some user stations are connected.
Actual topology state and network load: https://nms1.sh.cvut.cz/weather/
Other connections
The backbone is made of optical single - mode fibre with speed 1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind.
Connections to internet
FIXME (here author forgot to write something??)
DUSPS and configuration
All kind of user configurations and services go through DUSPS . Almost every hour exports (outputs) on dusps.sh are in progress, which configure blocks L3 switches (Cisco 3750) (ACL, list of filtered users ) and L2 floor switches (Cisco 2950) (MAC address for port security and numbers VLAN, to whom user do belongs).
Vlans
Silicon Hill network uses directional protocol OSPF. Every block has usually two VLAN’s with public range. In that range are added addresses of user and block’s server, if it exists. Vlan’s are regularly marked <number_of_block>1 and <number_of_block>2, while first vlan’s contains range .(110+<number_of_block>).0/24 and second vlana remaining, visit: http://faq.sh.cvut.cz/.
For private range were reserved two Vlany <number_of_block>9 and <number_of_block>8, every with capacity /24 and have in future use as range for users in OZU level 0 for block. Until that time they will be used for users without restriction, when free IP from public range are not available. <Number_of_block> is in this example number 2-11 and marks the respective block. Block 12 and 11 exit the network together with block 11.
Vlan | Range | Value |
< Number_of_block >1 | 147.32. Number_of_block.0/24 | Public range |
< Number_of_block >2 | 147.32.číslo_viz_faq.viz_faq/25 | Public range |
style="background:#FFD< Number_of_block >8 | 172.16. Number_of_block 8.0/24 | Private range |
style="background:#FFD< Number_of_block >9 | 172.16. Number_of_block 9.0/24 | Private range |
Security
Floor switches are used as port security, while doing so they accept pause MAC address, which are given and registered for each port in DUSPS. If a port in DUSPS. is not registered in the backbone switch, it remains in primary status and isn’t updated. Ports, on which in DUSPS. computer isn’t assigned, are off (shutdown). Basic configurations in ports are off for 30 seconds, if MAC address, which doesn’t have anything to do there, appears on port.
Block’s Cisco uses vlan filter and allows to rotational process only those IP address, which are in DUSPS allowed. All traffic continues to rotate over Cisco 6509 in central server on block 8.
Connection servers on blocks
Block’s are usually connected to the backbone vlan (number 5), while doing so some blocks guest part server, which don’t come to the central server-room (CS) or servers on other blocks (Block 4 for example). In that example accepts blocks also vlan 6 (servers).
IPv6
Blocks Ciscos behave as IPv6 routers range look: http://ipv6.sh.cvut.cz
NAT
FIXME
Wifi
In SH club it is possible to connect to network with Wifi. It works with private address, but it is necessary to registries computer in DUSPS to Wifi area. This can be done by blocks administrator.
- All information are available on web pages of project Wifi, where it is also possible to get some experience with working with these kind of connection