240px-Diamond warning sign (Vienna Convention style).svg.png Content of this wiki is DEPRECATED 240px-Diamond warning sign (Vienna Convention style).svg.png

Network

Z old-wiki.siliconhill.cz
(Rozdíly mezi verzemi)
Přejít na: navigace, hledání
(Wifi)
(For professionals)
 
(Není zobrazeno 8 mezilehlých verzí od 2 uživatelů.)
Řádka 5: Řádka 5:
 
==IP ranges==
 
==IP ranges==
  
===Public address===
+
===Public addresses===
 
'''IPv4'''
 
'''IPv4'''
  
Club Silicon Hill has a range of 147.32.112.0/20 given by CTU. This range is divided on http://faq.sh.cvut.cz/#IP . Every block has around 1 and 1/2 C of range = 254+126 address.  
+
Club Silicon Hill has a range of 147.32.112.0/20 given by CTU. This range is divided on http://faq.sh.cvut.cz/#IP . Every block has 1 and 1/2 C of range = 254+126 address.  
  
 
'''IPv6'''
 
'''IPv6'''
  
http://ipv6.sh.cvut.cz  
+
http://ipv6.sh.cvut.cz
  
===Private address===
+
===Private addresses===
  
Because of lack of public addresses, private addresses from sh.nat domain are also included. These addresses are directed, without limitation, by club out and converted (NAT) on a central element (Cisco Catalyst 6509).  
+
Because of the lack of public addresses, private addresses from the domain sh.nat are also used. These addresses are ruoted within the club network without limitation and when going out to the world are converted (NAT) on the central element (Cisco Catalyst 6509).  
  
 
'''New solution '''
 
'''New solution '''
  
Private addresses on blocks are divided as follows. Every block has at its disposition 2*254 addresses (2xC):  
+
Private addresses on the blocks are divided as follows. Every block has at its disposition 2*254 addresses (2xC):  
 
* 172.16.< Number of Block >9.0/24  
 
* 172.16.< Number of Block >9.0/24  
 
* 172.16.< Number of Block >8.0/24  
 
* 172.16.< Number of Block >8.0/24  
Řádka 27: Řádka 27:
 
'''Old solution''' (until April 06)
 
'''Old solution''' (until April 06)
  
One VLan throughout the whole net. Block’s sharing range  
+
One VLAN throughout the whole net. Blocks share the whole range  
* 172.16.0.0/23  
+
* 172.16.0.0/23
  
===Generally===
+
===General info===
'''Gates (Gateway)'''
+
'''Gateways'''
  
Range for users ends on blocks Cisco, which behaves as L3 switch and rotates this range using main Vlans (5) to the central server, where it works in Cisco 6509. For all gates from this range was given out different IP – for example range 147.32.119.0/24 uses gate 147.32.119.1 and range 147.32.125.128/25 uses 147.32.125.129.
+
The range for users ends on the block Cisco, which behaves as an L3 switch and routes this range using the main VLANs (5) to the central server room, where are further processed in a Cisco 6509. For every gateway from each of the mentioned ranges was assigned a different IP – for example the range 147.32.119.0/24 uses the gateway 147.32.119.1 and the range range 147.32.125.128/25 uses 147.32.125.129.
 
+
The only exception is Strahov’s gate, which has IP 147.32.127.254, so the last possible IP address range Strahov’s network.  
+
  
 +
The only exception is the Strahov gateway, which used the IP 147.32.127.254, which is the last possible IP address from the Strahov network range.
  
 
==How does the network work==
 
==How does the network work==
 
===For starters===
 
===For starters===
From every room, two connectors for computer network go to floors distributors placed mostly in rooms with air-technics. In it on every floor there are three switches Cisco. These switches are connected to blocks server (usually third floor) using gigabyte’s connection, where the most efficient pointer is Cisco. Those within distributor from spine connect that blocks server. Block’s switches, built in 2001, are connected optically to central server on block 8. Center of network creates big switch Cisco, bought in 2004, and all servers within block are connected to it in one  central server. From there gigabyte server goes by:  Strahov tunnel, Anděl, Karlovo náměstí, until Dejvic to computer center ČVUT.  
+
From every room, two connectors for computer network go to the floor switch, placed mostly in a room with air conditioning. There are 3 Cisco switches on every floor. These switches are connected to the block server-room (usually on the third floor) using gigabit connection, where is a more powerful Cisco router. That router, else than the floor switches, connects the block main server. The block switches are connected to the central server-room on block 8 using an optical connection built on in the year 2001. The center of the network is based on a big Cisco switch bought in 2004 and every server in the central server-room is connected to it including the block main servers. From there goes a gigabit connection thru the Strahov tunnel, Andel and Charles Square all the way till Dejvice where it's connected to the CTU IT center.
  
 
===For professionals===
 
===For professionals===
Řádka 52: Řádka 51:
  
 
====Other connections ====
 
====Other connections ====
The backbone is made of optical single - mode fibre with speed  1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind.  
+
The backbone is made of optical single - mode fibre with speed  1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind.
  
 
===Connections to internet===
 
===Connections to internet===
Řádka 98: Řádka 97:
 
==Wifi==
 
==Wifi==
  
In SH club it is possible to connect to network with [[Wifi_EN Wifi]]. It works with private address, but it is necessary to registries computer in DUSPS to Wifi area. This can be done by blocks administrator.   
+
In SH club it is possible to connect to network with [[Wifi_EN | Wifi]]. It works with private address, but it is necessary to registries computer in DUSPS to Wifi area. This can be done by blocks administrator.   
  
* All information are available on web pages of project [[Wifi_EN Wifi]], where it is also possible to get some experience with working with these kind of connection
+
* All information are available on web pages of project [[Wifi_EN | Wifi]], where it is also possible to get some experience with working with these kind of connection
  
 
== Photo-gallery ==
 
== Photo-gallery ==
  
 
[[Soubor:2950.jpg|thumb|left|Catalyst 2950 Catalyst 2950 (on SH there is around 200 of these), here we connect users ]][[Soubor:Kabely patro.jpg|thumb|left|This is how it looks like on every floor ]][[Soubor:3750.jpg|thumb|left|Catalyst 3750, the heart of block. Optically connected to 6509 – green cable]][[Soubor:Opticky patchpanel.jpg|thumb|left|Optical patch panel in block 5]][[Soubor:6509.jpg|thumb|left|Central element 6509 (that monster below), here are connections of whole block 3750 (green cables)]][[Soubor:Centralni_serverovna.jpg|thumb|left|Central serveroom view  - 6509 is completely in the back ]]
 
[[Soubor:2950.jpg|thumb|left|Catalyst 2950 Catalyst 2950 (on SH there is around 200 of these), here we connect users ]][[Soubor:Kabely patro.jpg|thumb|left|This is how it looks like on every floor ]][[Soubor:3750.jpg|thumb|left|Catalyst 3750, the heart of block. Optically connected to 6509 – green cable]][[Soubor:Opticky patchpanel.jpg|thumb|left|Optical patch panel in block 5]][[Soubor:6509.jpg|thumb|left|Central element 6509 (that monster below), here are connections of whole block 3750 (green cables)]][[Soubor:Centralni_serverovna.jpg|thumb|left|Central serveroom view  - 6509 is completely in the back ]]

Aktuální verze z 21. 3. 2007, 22:50

Obsah

[editovat] Info

[editovat] IP ranges

[editovat] Public addresses

IPv4

Club Silicon Hill has a range of 147.32.112.0/20 given by CTU. This range is divided on http://faq.sh.cvut.cz/#IP . Every block has 1 and 1/2 C of range = 254+126 address.

IPv6

http://ipv6.sh.cvut.cz

[editovat] Private addresses

Because of the lack of public addresses, private addresses from the domain sh.nat are also used. These addresses are ruoted within the club network without limitation and when going out to the world are converted (NAT) on the central element (Cisco Catalyst 6509).

New solution

Private addresses on the blocks are divided as follows. Every block has at its disposition 2*254 addresses (2xC):

  • 172.16.< Number of Block >9.0/24
  • 172.16.< Number of Block >8.0/24


Old solution (until April 06)

One VLAN throughout the whole net. Blocks share the whole range

  • 172.16.0.0/23

[editovat] General info

Gateways

The range for users ends on the block Cisco, which behaves as an L3 switch and routes this range using the main VLANs (5) to the central server room, where are further processed in a Cisco 6509. For every gateway from each of the mentioned ranges was assigned a different IP – for example the range 147.32.119.0/24 uses the gateway 147.32.119.1 and the range range 147.32.125.128/25 uses 147.32.125.129.

The only exception is the Strahov gateway, which used the IP 147.32.127.254, which is the last possible IP address from the Strahov network range.

[editovat] How does the network work

[editovat] For starters

From every room, two connectors for computer network go to the floor switch, placed mostly in a room with air conditioning. There are 3 Cisco switches on every floor. These switches are connected to the block server-room (usually on the third floor) using gigabit connection, where is a more powerful Cisco router. That router, else than the floor switches, connects the block main server. The block switches are connected to the central server-room on block 8 using an optical connection built on in the year 2001. The center of the network is based on a big Cisco switch bought in 2004 and every server in the central server-room is connected to it including the block main servers. From there goes a gigabit connection thru the Strahov tunnel, Andel and Charles Square all the way till Dejvice where it's connected to the CTU IT center.

[editovat] For professionals

[editovat] Topology

Topologie.jpg

Main schematic of topology of Strahov’s network is tree – like. The root is most important element Cisco Catalyst 6509, some parts than lead to block’s L3 switches (rotors) Cisco 3750. They again create root for (usually) 18 floor’s switches Cisco 2950. To them some user stations are connected.

Actual topology state and network load: https://nms1.sh.cvut.cz/weather/

[editovat] Other connections

The backbone is made of optical single - mode fibre with speed 1 Gbps. Vertical network on block’s (connection spine and blocks servers ) is made of UTP Cat6 metal connection with speed 1 Gbps. Users are connected with metallic connections UTP Cat5e with speed 10 or 100 Mbps. All connections are Ethernet-kind.

[editovat] Connections to internet

FIXME (here author forgot to write something??)


[editovat] DUSPS and configuration

All kind of user configurations and services go through DUSPS . Almost every hour exports (outputs) on dusps.sh are in progress, which configure blocks L3 switches (Cisco 3750) (ACL, list of filtered users ) and L2 floor switches (Cisco 2950) (MAC address for port security and numbers VLAN, to whom user do belongs).

[editovat] Vlans

Silicon Hill network uses directional protocol OSPF. Every block has usually two VLAN’s with public range. In that range are added addresses of user and block’s server, if it exists. Vlan’s are regularly marked <number_of_block>1 and <number_of_block>2, while first vlan’s contains range .(110+<number_of_block>).0/24 and second vlana remaining, visit: http://faq.sh.cvut.cz/.

For private range were reserved two Vlany <number_of_block>9 and <number_of_block>8, every with capacity /24 and have in future use as range for users in OZU level 0 for block. Until that time they will be used for users without restriction, when free IP from public range are not available. <Number_of_block> is in this example number 2-11 and marks the respective block. Block 12 and 11 exit the network together with block 11.

Vlan Range Value
< Number_of_block >1 147.32. Number_of_block.0/24 Public range
< Number_of_block >2 147.32.číslo_viz_faq.viz_faq/25 Public range
style="background:#FFD< Number_of_block >8 172.16. Number_of_block 8.0/24 Private range
style="background:#FFD< Number_of_block >9 172.16. Number_of_block 9.0/24 Private range

[editovat] Security

Floor switches are used as port security, while doing so they accept pause MAC address, which are given and registered for each port in DUSPS. If a port in DUSPS. is not registered in the backbone switch, it remains in primary status and isn’t updated. Ports, on which in DUSPS. computer isn’t assigned, are off (shutdown). Basic configurations in ports are off for 30 seconds, if MAC address, which doesn’t have anything to do there, appears on port.

Block’s Cisco uses vlan filter and allows to rotational process only those IP address, which are in DUSPS allowed. All traffic continues to rotate over Cisco 6509 in central server on block 8.


[editovat] Connection servers on blocks

Block’s are usually connected to the backbone vlan (number 5), while doing so some blocks guest part server, which don’t come to the central server-room (CS) or servers on other blocks (Block 4 for example). In that example accepts blocks also vlan 6 (servers).

[editovat] IPv6

Blocks Ciscos behave as IPv6 routers range look: http://ipv6.sh.cvut.cz

[editovat] NAT

FIXME

[editovat] Wifi

In SH club it is possible to connect to network with Wifi. It works with private address, but it is necessary to registries computer in DUSPS to Wifi area. This can be done by blocks administrator.

  • All information are available on web pages of project Wifi, where it is also possible to get some experience with working with these kind of connection

[editovat] Photo-gallery

Catalyst 2950 Catalyst 2950 (on SH there is around 200 of these), here we connect users
This is how it looks like on every floor
Catalyst 3750, the heart of block. Optically connected to 6509 – green cable
Optical patch panel in block 5
Central element 6509 (that monster below), here are connections of whole block 3750 (green cables)
Central serveroom view - 6509 is completely in the back
Jmenné prostory

Varianty
Akce