SL:Topology: Unterschied zwischen den Versionen
imported>Burghardt (Die Seite wurde neu angelegt: „The Sensor Lab gets its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allo…“) |
imported>Burghardt |
||
(9 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
+ | The Sensor Lab has its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way. |
||
− | The Sensor Lab gets its own separate network. |
||
− | |||
− | The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way. |
||
== Topology == |
== Topology == |
||
− | A <strike>small computer</strike> Virtual Machine works as a router. The allowed traffic is limited in some ways. The rules are managed by [[User:Burghardt|Udo Burghardt]]. |
+ | A <strike>small computer</strike> '''Virtual Machine''' works as a router. The allowed traffic is limited in some ways. The rules are managed by [[User:Burghardt|Udo Burghardt]]. |
<pre>root@slgw:~# lsb_release -a; ip a | grep global |
<pre>root@slgw:~# lsb_release -a; ip a | grep global |
||
No LSB modules are available. |
No LSB modules are available. |
||
Zeile 37: | Zeile 35: | ||
;60 : the server |
;60 : the server |
||
;61... : virtual guests on the server |
;61... : virtual guests on the server |
||
+ | ;101...: Raspberry Pis |
||
;240...: infrastructure |
;240...: infrastructure |
||
==== Zone file ==== |
==== Zone file ==== |
||
+ | Actual snapshot 31.01.2019: |
||
− | This is an actual (static) excerpt from the bind zone file: |
||
<pre> |
<pre> |
||
+ | esxsl.tmg.loc. 86400 IN CNAME tmg94.tmg.loc. |
||
− | $ORIGIN tmg.loc. |
||
+ | nst.tmg.loc. 86400 IN CNAME tmgsim2.sl.tmg.loc. |
||
− | </pre> |
||
+ | gw.sl.tmg.loc. 86400 IN A 192.168.22.254 |
||
− | <pre> |
||
+ | gw.sl.tmg.loc. 86400 IN TXT "Sensorlab Router eth1" |
||
− | ; |
||
+ | pc01.sl.tmg.loc. 86400 IN A 192.168.22.31 |
||
− | ; ws - ehemalige Pool Computer |
||
+ | pc02.sl.tmg.loc. 86400 IN A 192.168.22.32 |
||
− | ; |
||
− | + | pc03.sl.tmg.loc. 86400 IN A 192.168.22.33 |
|
− | + | pc04.sl.tmg.loc. 86400 IN A 192.168.22.34 |
|
− | + | ps1.sl.tmg.loc. 86400 IN A 192.168.22.241 |
|
− | + | ps2.sl.tmg.loc. 86400 IN A 192.168.22.242 |
|
− | + | rpi01.sl.tmg.loc. 86400 IN A 192.168.22.101 |
|
− | + | rpi02.sl.tmg.loc. 86400 IN A 192.168.22.102 |
|
− | + | rpi03.sl.tmg.loc. 86400 IN A 192.168.22.103 |
|
− | + | rpi04.sl.tmg.loc. 86400 IN A 192.168.22.104 |
|
− | + | rpi05.sl.tmg.loc. 86400 IN A 192.168.22.105 |
|
− | + | rpi06.sl.tmg.loc. 86400 IN A 192.168.22.106 |
|
− | + | rpi07.sl.tmg.loc. 86400 IN A 192.168.22.107 |
|
− | + | rpi08.sl.tmg.loc. 86400 IN A 192.168.22.108 |
|
+ | rpi09.sl.tmg.loc. 86400 IN A 192.168.22.109 |
||
− | |||
+ | rpi10.sl.tmg.loc. 86400 IN A 192.168.22.110 |
||
− | |||
+ | rpi11.sl.tmg.loc. 86400 IN A 192.168.22.111 |
||
− | ; |
||
+ | rpi12.sl.tmg.loc. 86400 IN A 192.168.22.112 |
||
− | ; pc - Desktop PC |
||
+ | rpi13.sl.tmg.loc. 86400 IN A 192.168.22.113 |
||
− | ; |
||
− | + | rpi14.sl.tmg.loc. 86400 IN A 192.168.22.114 |
|
− | + | rpi15.sl.tmg.loc. 86400 IN A 192.168.22.115 |
|
− | + | rpi16.sl.tmg.loc. 86400 IN A 192.168.22.116 |
|
− | + | rpi17.sl.tmg.loc. 86400 IN A 192.168.22.117 |
|
+ | rpi18.sl.tmg.loc. 86400 IN A 192.168.22.118 |
||
− | |||
− | + | rpi19.sl.tmg.loc. 86400 IN A 192.168.22.119 |
|
+ | rpi20.sl.tmg.loc. 86400 IN A 192.168.22.120 |
||
− | ; |
||
+ | rpi21.sl.tmg.loc. 86400 IN A 192.168.22.121 |
||
− | ; tmg94 Host plus Virtual machines |
||
+ | rpi22.sl.tmg.loc. 86400 IN A 192.168.22.122 |
||
− | ; |
||
− | + | rpi23.sl.tmg.loc. 86400 IN A 192.168.22.123 |
|
− | + | rpi24.sl.tmg.loc. 86400 IN A 192.168.22.124 |
|
− | + | rpi25.sl.tmg.loc. 86400 IN A 192.168.22.125 |
|
− | + | rpi26.sl.tmg.loc. 86400 IN A 192.168.22.126 |
|
− | + | rpi27.sl.tmg.loc. 86400 IN A 192.168.22.127 |
|
− | + | rpi28.sl.tmg.loc. 86400 IN A 192.168.22.128 |
|
+ | rpi29.sl.tmg.loc. 86400 IN A 192.168.22.129 |
||
− | |||
− | + | rpi30.sl.tmg.loc. 86400 IN A 192.168.22.130 |
|
− | + | rpi31.sl.tmg.loc. 86400 IN A 192.168.22.131 |
|
+ | rpi32.sl.tmg.loc. 86400 IN A 192.168.22.132 |
||
− | |||
− | + | rpi33.sl.tmg.loc. 86400 IN A 192.168.22.133 |
|
+ | rpi34.sl.tmg.loc. 86400 IN A 192.168.22.134 |
||
− | |||
+ | rpi35.sl.tmg.loc. 86400 IN A 192.168.22.135 |
||
− | |||
+ | rpi36.sl.tmg.loc. 86400 IN A 192.168.22.136 |
||
− | ; |
||
+ | rpi37.sl.tmg.loc. 86400 IN A 192.168.22.137 |
||
− | ; ps - power switch |
||
+ | rpi38.sl.tmg.loc. 86400 IN A 192.168.22.138 |
||
− | ; |
||
− | + | rpi39.sl.tmg.loc. 86400 IN A 192.168.22.139 |
|
− | + | rpi40.sl.tmg.loc. 86400 IN A 192.168.22.140 |
|
+ | rpi41.sl.tmg.loc. 86400 IN A 192.168.22.141 |
||
− | |||
+ | rpi42.sl.tmg.loc. 86400 IN A 192.168.22.142 |
||
− | ; |
||
+ | rpi43.sl.tmg.loc. 86400 IN A 192.168.22.143 |
||
− | ; sw - Switch |
||
+ | rpi44.sl.tmg.loc. 86400 IN A 192.168.22.144 |
||
− | ; |
||
− | + | rpi45.sl.tmg.loc. 86400 IN A 192.168.22.145 |
|
+ | rpi46.sl.tmg.loc. 86400 IN A 192.168.22.146 |
||
− | |||
+ | rpi47.sl.tmg.loc. 86400 IN A 192.168.22.147 |
||
− | |||
− | + | rpi48.sl.tmg.loc. 86400 IN A 192.168.22.148 |
|
+ | rpi49.sl.tmg.loc. 86400 IN A 192.168.22.149 |
||
+ | sensorpi1.sl.tmg.loc. 86400 IN A 192.168.22.50 |
||
+ | sensorpi2.sl.tmg.loc. 86400 IN A 192.168.22.51 |
||
+ | speedway.sl.tmg.loc. 86400 IN A 192.168.22.240 |
||
+ | sw.sl.tmg.loc. 86400 IN A 192.168.22.244 |
||
+ | tmgsim1.sl.tmg.loc. 86400 IN A 192.168.22.61 |
||
+ | tmgsim1.sl.tmg.loc. 86400 IN TXT "Windows 7" |
||
+ | tmgsim2.sl.tmg.loc. 86400 IN A 192.168.22.62 |
||
+ | tmgsim2.sl.tmg.loc. 86400 IN TXT "NST" |
||
+ | tmgsim3.sl.tmg.loc. 86400 IN A 192.168.22.63 |
||
+ | tmgsim3.sl.tmg.loc. 86400 IN TXT "Ubuntu" |
||
+ | tmgsim4.sl.tmg.loc. 86400 IN A 192.168.22.64 |
||
+ | tmgsim4.sl.tmg.loc. 86400 IN TXT "Win 7 english" |
||
+ | tmgsim5.sl.tmg.loc. 86400 IN A 192.168.22.65 |
||
+ | tmgsim5.sl.tmg.loc. 86400 IN TXT "Natty Roman Seibel" |
||
+ | tmgsim6.sl.tmg.loc. 86400 IN A 192.168.22.66 |
||
+ | tmgsim6.sl.tmg.loc. 86400 IN TXT "Natty Udo " |
||
+ | tmgsim7.sl.tmg.loc. 86400 IN A 192.168.22.67 |
||
+ | tmgsim7.sl.tmg.loc. 86400 IN TXT "Natty Ansgar Kellner" |
||
+ | tmgsim8.sl.tmg.loc. 86400 IN A 192.168.22.68 |
||
+ | tmgsim8.sl.tmg.loc. 86400 IN TXT "Oneiric Youssef" |
||
+ | tmgsim9.sl.tmg.loc. 86400 IN A 192.168.22.69 |
||
+ | tmgsim9.sl.tmg.loc. 86400 IN TXT "Oneiric Saleh" |
||
+ | tmgsimd.sl.tmg.loc. 86400 IN A 192.168.22.70 |
||
+ | tmgsimd.sl.tmg.loc. 86400 IN TXT "Trusty" |
||
+ | tmgslava.sl.tmg.loc. 86400 IN A 192.168.22.71 |
||
+ | tmgslava.sl.tmg.loc. 86400 IN TXT "Slava, Trusty" |
||
+ | ws1.sl.tmg.loc. 86400 IN A 192.168.22.1 |
||
+ | ws10.sl.tmg.loc. 86400 IN A 192.168.22.10 |
||
+ | ws11.sl.tmg.loc. 86400 IN A 192.168.22.11 |
||
+ | ws12.sl.tmg.loc. 86400 IN A 192.168.22.12 |
||
+ | ws2.sl.tmg.loc. 86400 IN A 192.168.22.2 |
||
+ | ws3.sl.tmg.loc. 86400 IN A 192.168.22.3 |
||
+ | ws4.sl.tmg.loc. 86400 IN A 192.168.22.4 |
||
+ | ws5.sl.tmg.loc. 86400 IN A 192.168.22.5 |
||
+ | ws6.sl.tmg.loc. 86400 IN A 192.168.22.6 |
||
+ | ws7.sl.tmg.loc. 86400 IN A 192.168.22.7 |
||
+ | ws8.sl.tmg.loc. 86400 IN A 192.168.22.8 |
||
+ | ws9.sl.tmg.loc. 86400 IN A 192.168.22.9 |
||
</pre> |
</pre> |
||
Zeile 110: | Zeile 148: | ||
<small> |
<small> |
||
---- |
---- |
||
− | '' |
+ | ''Important:'' This is the view from ''inside'' that network. From outside it looks this way: |
~$ host slgw.tmg.loc |
~$ host slgw.tmg.loc |
||
slgw.tmg.loc has address 172.22.255.253 |
slgw.tmg.loc has address 172.22.255.253 |
||
Zeile 129: | Zeile 167: | ||
}</pre> |
}</pre> |
||
− | Additionally for ''every single'' system which should benefit from dhcp we need an |
+ | Additionally for ''every single'' system which should benefit from dhcp we need an entry like this: |
<pre> |
<pre> |
||
Zeile 147: | Zeile 185: | ||
=== [[SSH]] === |
=== [[SSH]] === |
||
− | * enabled in all directions |
+ | * enabled in all directions - especially also ''from outside into the lab'' |
=== [[ICMP]] === |
=== [[ICMP]] === |
Aktuelle Version vom 31. Januar 2019, 07:48 Uhr
The Sensor Lab has its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way.
Topology
A small computer Virtual Machine works as a router. The allowed traffic is limited in some ways. The rules are managed by Udo Burghardt.
root@slgw:~# lsb_release -a; ip a | grep global No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 11.10 Release: 11.10 Codename: oneiric inet 172.22.255.253/16 brd 172.22.255.255 scope global eth0 inet 192.168.22.254/24 brd 192.168.22.255 scope global eth1
IP Ranges
We use a simple private address block of:
~# ipcalc 192.168.22.0/24 Address: 192.168.22.0 11000000.10101000.00010110. 00000000 Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000 Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111 => Network: 192.168.22.0/24 11000000.10101000.00010110. 00000000 HostMin: 192.168.22.1 11000000.10101000.00010110. 00000001 HostMax: 192.168.22.254 11000000.10101000.00010110. 11111110 Broadcast: 192.168.22.255 11000000.10101000.00010110. 11111111 Hosts/Net: 254 Class C, Private Internet
DNS
Dedicated ranges/naming convention:
- 1...
- former pool computers "wsxy"
- 31...
- "normal" computers "pcxy"
- 60
- the server
- 61...
- virtual guests on the server
- 101...
- Raspberry Pis
- 240...
- infrastructure
Zone file
Actual snapshot 31.01.2019:
esxsl.tmg.loc. 86400 IN CNAME tmg94.tmg.loc. nst.tmg.loc. 86400 IN CNAME tmgsim2.sl.tmg.loc. gw.sl.tmg.loc. 86400 IN A 192.168.22.254 gw.sl.tmg.loc. 86400 IN TXT "Sensorlab Router eth1" pc01.sl.tmg.loc. 86400 IN A 192.168.22.31 pc02.sl.tmg.loc. 86400 IN A 192.168.22.32 pc03.sl.tmg.loc. 86400 IN A 192.168.22.33 pc04.sl.tmg.loc. 86400 IN A 192.168.22.34 ps1.sl.tmg.loc. 86400 IN A 192.168.22.241 ps2.sl.tmg.loc. 86400 IN A 192.168.22.242 rpi01.sl.tmg.loc. 86400 IN A 192.168.22.101 rpi02.sl.tmg.loc. 86400 IN A 192.168.22.102 rpi03.sl.tmg.loc. 86400 IN A 192.168.22.103 rpi04.sl.tmg.loc. 86400 IN A 192.168.22.104 rpi05.sl.tmg.loc. 86400 IN A 192.168.22.105 rpi06.sl.tmg.loc. 86400 IN A 192.168.22.106 rpi07.sl.tmg.loc. 86400 IN A 192.168.22.107 rpi08.sl.tmg.loc. 86400 IN A 192.168.22.108 rpi09.sl.tmg.loc. 86400 IN A 192.168.22.109 rpi10.sl.tmg.loc. 86400 IN A 192.168.22.110 rpi11.sl.tmg.loc. 86400 IN A 192.168.22.111 rpi12.sl.tmg.loc. 86400 IN A 192.168.22.112 rpi13.sl.tmg.loc. 86400 IN A 192.168.22.113 rpi14.sl.tmg.loc. 86400 IN A 192.168.22.114 rpi15.sl.tmg.loc. 86400 IN A 192.168.22.115 rpi16.sl.tmg.loc. 86400 IN A 192.168.22.116 rpi17.sl.tmg.loc. 86400 IN A 192.168.22.117 rpi18.sl.tmg.loc. 86400 IN A 192.168.22.118 rpi19.sl.tmg.loc. 86400 IN A 192.168.22.119 rpi20.sl.tmg.loc. 86400 IN A 192.168.22.120 rpi21.sl.tmg.loc. 86400 IN A 192.168.22.121 rpi22.sl.tmg.loc. 86400 IN A 192.168.22.122 rpi23.sl.tmg.loc. 86400 IN A 192.168.22.123 rpi24.sl.tmg.loc. 86400 IN A 192.168.22.124 rpi25.sl.tmg.loc. 86400 IN A 192.168.22.125 rpi26.sl.tmg.loc. 86400 IN A 192.168.22.126 rpi27.sl.tmg.loc. 86400 IN A 192.168.22.127 rpi28.sl.tmg.loc. 86400 IN A 192.168.22.128 rpi29.sl.tmg.loc. 86400 IN A 192.168.22.129 rpi30.sl.tmg.loc. 86400 IN A 192.168.22.130 rpi31.sl.tmg.loc. 86400 IN A 192.168.22.131 rpi32.sl.tmg.loc. 86400 IN A 192.168.22.132 rpi33.sl.tmg.loc. 86400 IN A 192.168.22.133 rpi34.sl.tmg.loc. 86400 IN A 192.168.22.134 rpi35.sl.tmg.loc. 86400 IN A 192.168.22.135 rpi36.sl.tmg.loc. 86400 IN A 192.168.22.136 rpi37.sl.tmg.loc. 86400 IN A 192.168.22.137 rpi38.sl.tmg.loc. 86400 IN A 192.168.22.138 rpi39.sl.tmg.loc. 86400 IN A 192.168.22.139 rpi40.sl.tmg.loc. 86400 IN A 192.168.22.140 rpi41.sl.tmg.loc. 86400 IN A 192.168.22.141 rpi42.sl.tmg.loc. 86400 IN A 192.168.22.142 rpi43.sl.tmg.loc. 86400 IN A 192.168.22.143 rpi44.sl.tmg.loc. 86400 IN A 192.168.22.144 rpi45.sl.tmg.loc. 86400 IN A 192.168.22.145 rpi46.sl.tmg.loc. 86400 IN A 192.168.22.146 rpi47.sl.tmg.loc. 86400 IN A 192.168.22.147 rpi48.sl.tmg.loc. 86400 IN A 192.168.22.148 rpi49.sl.tmg.loc. 86400 IN A 192.168.22.149 sensorpi1.sl.tmg.loc. 86400 IN A 192.168.22.50 sensorpi2.sl.tmg.loc. 86400 IN A 192.168.22.51 speedway.sl.tmg.loc. 86400 IN A 192.168.22.240 sw.sl.tmg.loc. 86400 IN A 192.168.22.244 tmgsim1.sl.tmg.loc. 86400 IN A 192.168.22.61 tmgsim1.sl.tmg.loc. 86400 IN TXT "Windows 7" tmgsim2.sl.tmg.loc. 86400 IN A 192.168.22.62 tmgsim2.sl.tmg.loc. 86400 IN TXT "NST" tmgsim3.sl.tmg.loc. 86400 IN A 192.168.22.63 tmgsim3.sl.tmg.loc. 86400 IN TXT "Ubuntu" tmgsim4.sl.tmg.loc. 86400 IN A 192.168.22.64 tmgsim4.sl.tmg.loc. 86400 IN TXT "Win 7 english" tmgsim5.sl.tmg.loc. 86400 IN A 192.168.22.65 tmgsim5.sl.tmg.loc. 86400 IN TXT "Natty Roman Seibel" tmgsim6.sl.tmg.loc. 86400 IN A 192.168.22.66 tmgsim6.sl.tmg.loc. 86400 IN TXT "Natty Udo " tmgsim7.sl.tmg.loc. 86400 IN A 192.168.22.67 tmgsim7.sl.tmg.loc. 86400 IN TXT "Natty Ansgar Kellner" tmgsim8.sl.tmg.loc. 86400 IN A 192.168.22.68 tmgsim8.sl.tmg.loc. 86400 IN TXT "Oneiric Youssef" tmgsim9.sl.tmg.loc. 86400 IN A 192.168.22.69 tmgsim9.sl.tmg.loc. 86400 IN TXT "Oneiric Saleh" tmgsimd.sl.tmg.loc. 86400 IN A 192.168.22.70 tmgsimd.sl.tmg.loc. 86400 IN TXT "Trusty" tmgslava.sl.tmg.loc. 86400 IN A 192.168.22.71 tmgslava.sl.tmg.loc. 86400 IN TXT "Slava, Trusty" ws1.sl.tmg.loc. 86400 IN A 192.168.22.1 ws10.sl.tmg.loc. 86400 IN A 192.168.22.10 ws11.sl.tmg.loc. 86400 IN A 192.168.22.11 ws12.sl.tmg.loc. 86400 IN A 192.168.22.12 ws2.sl.tmg.loc. 86400 IN A 192.168.22.2 ws3.sl.tmg.loc. 86400 IN A 192.168.22.3 ws4.sl.tmg.loc. 86400 IN A 192.168.22.4 ws5.sl.tmg.loc. 86400 IN A 192.168.22.5 ws6.sl.tmg.loc. 86400 IN A 192.168.22.6 ws7.sl.tmg.loc. 86400 IN A 192.168.22.7 ws8.sl.tmg.loc. 86400 IN A 192.168.22.8 ws9.sl.tmg.loc. 86400 IN A 192.168.22.9
- Example
- the gateway is known as:
~# host gw.sl.tmg.loc gw.sl.tmg.loc has address 192.168.22.254
- Reverse Zone
- ...is not prepared as it is not required.
Important: This is the view from inside that network. From outside it looks this way:
~$ host slgw.tmg.loc slgw.tmg.loc has address 172.22.255.253
Service Availability
DHCP
The router offers dhcp services using ISC dhcpd
. It will deliver the usual information to the clients: address, netmask, gateway, nameservers. Event though the protocol is "dynamic" the configuration is static to be able to know exactly "who is who". Each computer will always get the same address.
The system wide configuration includes:
subnet 192.168.22.0 netmask 255.255.255.0 { # range 192.168.22.201 192.168.22.211; option domain-name-servers 134.76.81.212, 134.76.81.104; option domain-name "sl.tmg.loc"; option routers 192.168.22.254; option broadcast-address 192.168.22.255; }
Additionally for every single system which should benefit from dhcp we need an entry like this:
host ws1 { hardware ethernet 00:13:72:8a:bc:41; fixed-address ws1.sl.tmg.loc; }
You might verify the actual host definitions via
OpenAFS / Kerberos / LDAP
Should work as expected.
SSH
- enabled in all directions - especially also from outside into the lab
ICMP
- all Types enabled
Web
- Port 80 and 443 allowed
See also
- SL:Introduction
- Schematic:
/afs/informatik.uni-goettingen.de/user/s/sensorlab/documents/Documentation/sensorlab-network.dia
bzw. "falschrum:"\\afs\informatik.uni-goettingen.de\user\s\sensorlab\documents\Documentation\sensorlab-network.dia
... which is accessible only for project members
Links
- http://gw.sl.tmg.loc/sensorlab.conf -- configuration of the Hosts