SL:Topology: Unterschied zwischen den Versionen

Aus Doc-Wiki
Zur Navigation springen Zur Suche springen
imported>Burghardt
(Die Seite wurde neu angelegt: „The Sensor Lab gets its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allo…“)
 
imported>Burghardt
 
(9 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
  +
The Sensor Lab has its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way.
The Sensor Lab gets its own separate network.
 
 
The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way.
 
   
 
== Topology ==
 
== Topology ==
A <strike>small computer</strike> Virtual Machine works as a router. The allowed traffic is limited in some ways. The rules are managed by [[User:Burghardt|Udo Burghardt]].
+
A <strike>small computer</strike> '''Virtual Machine''' works as a router. The allowed traffic is limited in some ways. The rules are managed by [[User:Burghardt|Udo Burghardt]].
 
<pre>root@slgw:~# lsb_release -a; ip a | grep global
 
<pre>root@slgw:~# lsb_release -a; ip a | grep global
 
No LSB modules are available.
 
No LSB modules are available.
Zeile 37: Zeile 35:
 
;60 : the server
 
;60 : the server
 
;61... : virtual guests on the server
 
;61... : virtual guests on the server
  +
;101...: Raspberry Pis
 
;240...: infrastructure
 
;240...: infrastructure
   
 
==== Zone file ====
 
==== Zone file ====
  +
Actual snapshot 31.01.2019:
This is an actual (static) excerpt from the bind zone file:
 
 
<pre>
 
<pre>
  +
esxsl.tmg.loc. 86400 IN CNAME tmg94.tmg.loc.
$ORIGIN tmg.loc.
 
  +
nst.tmg.loc. 86400 IN CNAME tmgsim2.sl.tmg.loc.
</pre>
 
  +
gw.sl.tmg.loc. 86400 IN A 192.168.22.254
<pre>
 
  +
gw.sl.tmg.loc. 86400 IN TXT "Sensorlab Router eth1"
;
 
  +
pc01.sl.tmg.loc. 86400 IN A 192.168.22.31
; ws - ehemalige Pool Computer
 
  +
pc02.sl.tmg.loc. 86400 IN A 192.168.22.32
;
 
ws1.sl IN A 192.168.22.1
+
pc03.sl.tmg.loc. 86400 IN A 192.168.22.33
ws2.sl IN A 192.168.22.2
+
pc04.sl.tmg.loc. 86400 IN A 192.168.22.34
ws3.sl IN A 192.168.22.3
+
ps1.sl.tmg.loc. 86400 IN A 192.168.22.241
ws4.sl IN A 192.168.22.4
+
ps2.sl.tmg.loc. 86400 IN A 192.168.22.242
ws5.sl IN A 192.168.22.5
+
rpi01.sl.tmg.loc. 86400 IN A 192.168.22.101
ws6.sl IN A 192.168.22.6
+
rpi02.sl.tmg.loc. 86400 IN A 192.168.22.102
ws7.sl IN A 192.168.22.7
+
rpi03.sl.tmg.loc. 86400 IN A 192.168.22.103
ws8.sl IN A 192.168.22.8
+
rpi04.sl.tmg.loc. 86400 IN A 192.168.22.104
ws9.sl IN A 192.168.22.9
+
rpi05.sl.tmg.loc. 86400 IN A 192.168.22.105
ws10.sl IN A 192.168.22.10
+
rpi06.sl.tmg.loc. 86400 IN A 192.168.22.106
ws11.sl IN A 192.168.22.11
+
rpi07.sl.tmg.loc. 86400 IN A 192.168.22.107
ws12.sl IN A 192.168.22.12
+
rpi08.sl.tmg.loc. 86400 IN A 192.168.22.108
  +
rpi09.sl.tmg.loc. 86400 IN A 192.168.22.109
 
  +
rpi10.sl.tmg.loc. 86400 IN A 192.168.22.110
 
  +
rpi11.sl.tmg.loc. 86400 IN A 192.168.22.111
;
 
  +
rpi12.sl.tmg.loc. 86400 IN A 192.168.22.112
; pc - Desktop PC
 
  +
rpi13.sl.tmg.loc. 86400 IN A 192.168.22.113
;
 
pc01.sl IN A 192.168.22.31
+
rpi14.sl.tmg.loc. 86400 IN A 192.168.22.114
pc02.sl IN A 192.168.22.32
+
rpi15.sl.tmg.loc. 86400 IN A 192.168.22.115
pc03.sl IN A 192.168.22.33
+
rpi16.sl.tmg.loc. 86400 IN A 192.168.22.116
pc04.sl IN A 192.168.22.34
+
rpi17.sl.tmg.loc. 86400 IN A 192.168.22.117
  +
rpi18.sl.tmg.loc. 86400 IN A 192.168.22.118
 
+
rpi19.sl.tmg.loc. 86400 IN A 192.168.22.119
  +
rpi20.sl.tmg.loc. 86400 IN A 192.168.22.120
;
 
  +
rpi21.sl.tmg.loc. 86400 IN A 192.168.22.121
; tmg94 Host plus Virtual machines
 
  +
rpi22.sl.tmg.loc. 86400 IN A 192.168.22.122
;
 
tmg94.sl IN A 192.168.22.60
+
rpi23.sl.tmg.loc. 86400 IN A 192.168.22.123
IN TXT "VM Host"
+
rpi24.sl.tmg.loc. 86400 IN A 192.168.22.124
server.sl IN CNAME tmg94.sl
+
rpi25.sl.tmg.loc. 86400 IN A 192.168.22.125
+
rpi26.sl.tmg.loc. 86400 IN A 192.168.22.126
tmgsim1.sl IN A 192.168.22.61
+
rpi27.sl.tmg.loc. 86400 IN A 192.168.22.127
IN TXT "Windows 7"
+
rpi28.sl.tmg.loc. 86400 IN A 192.168.22.128
  +
rpi29.sl.tmg.loc. 86400 IN A 192.168.22.129
 
tmgsim2.sl IN A 192.168.22.62
+
rpi30.sl.tmg.loc. 86400 IN A 192.168.22.130
IN TXT "Debian Squeeze"
+
rpi31.sl.tmg.loc. 86400 IN A 192.168.22.131
  +
rpi32.sl.tmg.loc. 86400 IN A 192.168.22.132
 
tmgsim3.sl IN A 192.168.22.63
+
rpi33.sl.tmg.loc. 86400 IN A 192.168.22.133
  +
rpi34.sl.tmg.loc. 86400 IN A 192.168.22.134
 
  +
rpi35.sl.tmg.loc. 86400 IN A 192.168.22.135
 
  +
rpi36.sl.tmg.loc. 86400 IN A 192.168.22.136
;
 
  +
rpi37.sl.tmg.loc. 86400 IN A 192.168.22.137
; ps - power switch
 
  +
rpi38.sl.tmg.loc. 86400 IN A 192.168.22.138
;
 
ps1.sl IN A 192.168.22.241
+
rpi39.sl.tmg.loc. 86400 IN A 192.168.22.139
ps2.sl IN A 192.168.22.242
+
rpi40.sl.tmg.loc. 86400 IN A 192.168.22.140
  +
rpi41.sl.tmg.loc. 86400 IN A 192.168.22.141
 
  +
rpi42.sl.tmg.loc. 86400 IN A 192.168.22.142
;
 
  +
rpi43.sl.tmg.loc. 86400 IN A 192.168.22.143
; sw - Switch
 
  +
rpi44.sl.tmg.loc. 86400 IN A 192.168.22.144
;
 
sw.sl IN A 192.168.22.244
+
rpi45.sl.tmg.loc. 86400 IN A 192.168.22.145
  +
rpi46.sl.tmg.loc. 86400 IN A 192.168.22.146
 
  +
rpi47.sl.tmg.loc. 86400 IN A 192.168.22.147
 
gw.sl IN A 192.168.22.254
+
rpi48.sl.tmg.loc. 86400 IN A 192.168.22.148
  +
rpi49.sl.tmg.loc. 86400 IN A 192.168.22.149
  +
sensorpi1.sl.tmg.loc. 86400 IN A 192.168.22.50
  +
sensorpi2.sl.tmg.loc. 86400 IN A 192.168.22.51
  +
speedway.sl.tmg.loc. 86400 IN A 192.168.22.240
  +
sw.sl.tmg.loc. 86400 IN A 192.168.22.244
  +
tmgsim1.sl.tmg.loc. 86400 IN A 192.168.22.61
  +
tmgsim1.sl.tmg.loc. 86400 IN TXT "Windows 7"
  +
tmgsim2.sl.tmg.loc. 86400 IN A 192.168.22.62
  +
tmgsim2.sl.tmg.loc. 86400 IN TXT "NST"
  +
tmgsim3.sl.tmg.loc. 86400 IN A 192.168.22.63
  +
tmgsim3.sl.tmg.loc. 86400 IN TXT "Ubuntu"
  +
tmgsim4.sl.tmg.loc. 86400 IN A 192.168.22.64
  +
tmgsim4.sl.tmg.loc. 86400 IN TXT "Win 7 english"
  +
tmgsim5.sl.tmg.loc. 86400 IN A 192.168.22.65
  +
tmgsim5.sl.tmg.loc. 86400 IN TXT "Natty Roman Seibel"
  +
tmgsim6.sl.tmg.loc. 86400 IN A 192.168.22.66
  +
tmgsim6.sl.tmg.loc. 86400 IN TXT "Natty Udo "
  +
tmgsim7.sl.tmg.loc. 86400 IN A 192.168.22.67
  +
tmgsim7.sl.tmg.loc. 86400 IN TXT "Natty Ansgar Kellner"
  +
tmgsim8.sl.tmg.loc. 86400 IN A 192.168.22.68
  +
tmgsim8.sl.tmg.loc. 86400 IN TXT "Oneiric Youssef"
  +
tmgsim9.sl.tmg.loc. 86400 IN A 192.168.22.69
  +
tmgsim9.sl.tmg.loc. 86400 IN TXT "Oneiric Saleh"
  +
tmgsimd.sl.tmg.loc. 86400 IN A 192.168.22.70
  +
tmgsimd.sl.tmg.loc. 86400 IN TXT "Trusty"
  +
tmgslava.sl.tmg.loc. 86400 IN A 192.168.22.71
  +
tmgslava.sl.tmg.loc. 86400 IN TXT "Slava, Trusty"
  +
ws1.sl.tmg.loc. 86400 IN A 192.168.22.1
  +
ws10.sl.tmg.loc. 86400 IN A 192.168.22.10
  +
ws11.sl.tmg.loc. 86400 IN A 192.168.22.11
  +
ws12.sl.tmg.loc. 86400 IN A 192.168.22.12
  +
ws2.sl.tmg.loc. 86400 IN A 192.168.22.2
  +
ws3.sl.tmg.loc. 86400 IN A 192.168.22.3
  +
ws4.sl.tmg.loc. 86400 IN A 192.168.22.4
  +
ws5.sl.tmg.loc. 86400 IN A 192.168.22.5
  +
ws6.sl.tmg.loc. 86400 IN A 192.168.22.6
  +
ws7.sl.tmg.loc. 86400 IN A 192.168.22.7
  +
ws8.sl.tmg.loc. 86400 IN A 192.168.22.8
  +
ws9.sl.tmg.loc. 86400 IN A 192.168.22.9
 
</pre>
 
</pre>
   
Zeile 110: Zeile 148:
 
<small>
 
<small>
 
----
 
----
''Hint:'' This is the view from ''inside'' that network. From outside it looks this way:
+
''Important:'' This is the view from ''inside'' that network. From outside it looks this way:
 
~$ host slgw.tmg.loc
 
~$ host slgw.tmg.loc
 
slgw.tmg.loc has address 172.22.255.253
 
slgw.tmg.loc has address 172.22.255.253
Zeile 129: Zeile 167:
 
}</pre>
 
}</pre>
   
Additionally for ''every single'' system which should benefit from dhcp we need an entries like this:
+
Additionally for ''every single'' system which should benefit from dhcp we need an entry like this:
   
 
<pre>
 
<pre>
Zeile 147: Zeile 185:
   
 
=== [[SSH]] ===
 
=== [[SSH]] ===
* enabled in all directions (read: especially also from outside into the lab)
+
* enabled in all directions - especially also ''from outside into the lab''
   
 
=== [[ICMP]] ===
 
=== [[ICMP]] ===

Aktuelle Version vom 31. Januar 2019, 07:48 Uhr

The Sensor Lab has its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way.

Topology

A small computer Virtual Machine works as a router. The allowed traffic is limited in some ways. The rules are managed by Udo Burghardt.

root@slgw:~# lsb_release -a; ip a | grep global
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 11.10
Release:        11.10
Codename:       oneiric
    inet 172.22.255.253/16 brd 172.22.255.255 scope global eth0
    inet 192.168.22.254/24 brd 192.168.22.255 scope global eth1


IP Ranges

We use a simple private address block of:

~# ipcalc 192.168.22.0/24
Address:   192.168.22.0         11000000.10101000.00010110. 00000000
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard:  0.0.0.255            00000000.00000000.00000000. 11111111
=>
Network:   192.168.22.0/24      11000000.10101000.00010110. 00000000
HostMin:   192.168.22.1         11000000.10101000.00010110. 00000001
HostMax:   192.168.22.254       11000000.10101000.00010110. 11111110
Broadcast: 192.168.22.255       11000000.10101000.00010110. 11111111
Hosts/Net: 254                   Class C, Private Internet

DNS

Dedicated ranges/naming convention:

1...
former pool computers "wsxy"
31...
"normal" computers "pcxy"
60
the server
61...
virtual guests on the server
101...
Raspberry Pis
240...
infrastructure

Zone file

Actual snapshot 31.01.2019:

esxsl.tmg.loc.          86400   IN      CNAME   tmg94.tmg.loc.
nst.tmg.loc.            86400   IN      CNAME   tmgsim2.sl.tmg.loc.
gw.sl.tmg.loc.          86400   IN      A       192.168.22.254
gw.sl.tmg.loc.          86400   IN      TXT     "Sensorlab Router eth1"
pc01.sl.tmg.loc.        86400   IN      A       192.168.22.31
pc02.sl.tmg.loc.        86400   IN      A       192.168.22.32
pc03.sl.tmg.loc.        86400   IN      A       192.168.22.33
pc04.sl.tmg.loc.        86400   IN      A       192.168.22.34
ps1.sl.tmg.loc.         86400   IN      A       192.168.22.241
ps2.sl.tmg.loc.         86400   IN      A       192.168.22.242
rpi01.sl.tmg.loc.       86400   IN      A       192.168.22.101
rpi02.sl.tmg.loc.       86400   IN      A       192.168.22.102
rpi03.sl.tmg.loc.       86400   IN      A       192.168.22.103
rpi04.sl.tmg.loc.       86400   IN      A       192.168.22.104
rpi05.sl.tmg.loc.       86400   IN      A       192.168.22.105
rpi06.sl.tmg.loc.       86400   IN      A       192.168.22.106
rpi07.sl.tmg.loc.       86400   IN      A       192.168.22.107
rpi08.sl.tmg.loc.       86400   IN      A       192.168.22.108
rpi09.sl.tmg.loc.       86400   IN      A       192.168.22.109
rpi10.sl.tmg.loc.       86400   IN      A       192.168.22.110
rpi11.sl.tmg.loc.       86400   IN      A       192.168.22.111
rpi12.sl.tmg.loc.       86400   IN      A       192.168.22.112
rpi13.sl.tmg.loc.       86400   IN      A       192.168.22.113
rpi14.sl.tmg.loc.       86400   IN      A       192.168.22.114
rpi15.sl.tmg.loc.       86400   IN      A       192.168.22.115
rpi16.sl.tmg.loc.       86400   IN      A       192.168.22.116
rpi17.sl.tmg.loc.       86400   IN      A       192.168.22.117
rpi18.sl.tmg.loc.       86400   IN      A       192.168.22.118
rpi19.sl.tmg.loc.       86400   IN      A       192.168.22.119
rpi20.sl.tmg.loc.       86400   IN      A       192.168.22.120
rpi21.sl.tmg.loc.       86400   IN      A       192.168.22.121
rpi22.sl.tmg.loc.       86400   IN      A       192.168.22.122
rpi23.sl.tmg.loc.       86400   IN      A       192.168.22.123
rpi24.sl.tmg.loc.       86400   IN      A       192.168.22.124
rpi25.sl.tmg.loc.       86400   IN      A       192.168.22.125
rpi26.sl.tmg.loc.       86400   IN      A       192.168.22.126
rpi27.sl.tmg.loc.       86400   IN      A       192.168.22.127
rpi28.sl.tmg.loc.       86400   IN      A       192.168.22.128
rpi29.sl.tmg.loc.       86400   IN      A       192.168.22.129
rpi30.sl.tmg.loc.       86400   IN      A       192.168.22.130
rpi31.sl.tmg.loc.       86400   IN      A       192.168.22.131
rpi32.sl.tmg.loc.       86400   IN      A       192.168.22.132
rpi33.sl.tmg.loc.       86400   IN      A       192.168.22.133
rpi34.sl.tmg.loc.       86400   IN      A       192.168.22.134
rpi35.sl.tmg.loc.       86400   IN      A       192.168.22.135
rpi36.sl.tmg.loc.       86400   IN      A       192.168.22.136
rpi37.sl.tmg.loc.       86400   IN      A       192.168.22.137
rpi38.sl.tmg.loc.       86400   IN      A       192.168.22.138
rpi39.sl.tmg.loc.       86400   IN      A       192.168.22.139
rpi40.sl.tmg.loc.       86400   IN      A       192.168.22.140
rpi41.sl.tmg.loc.       86400   IN      A       192.168.22.141
rpi42.sl.tmg.loc.       86400   IN      A       192.168.22.142
rpi43.sl.tmg.loc.       86400   IN      A       192.168.22.143
rpi44.sl.tmg.loc.       86400   IN      A       192.168.22.144
rpi45.sl.tmg.loc.       86400   IN      A       192.168.22.145
rpi46.sl.tmg.loc.       86400   IN      A       192.168.22.146
rpi47.sl.tmg.loc.       86400   IN      A       192.168.22.147
rpi48.sl.tmg.loc.       86400   IN      A       192.168.22.148
rpi49.sl.tmg.loc.       86400   IN      A       192.168.22.149
sensorpi1.sl.tmg.loc.   86400   IN      A       192.168.22.50
sensorpi2.sl.tmg.loc.   86400   IN      A       192.168.22.51
speedway.sl.tmg.loc.    86400   IN      A       192.168.22.240
sw.sl.tmg.loc.          86400   IN      A       192.168.22.244
tmgsim1.sl.tmg.loc.     86400   IN      A       192.168.22.61
tmgsim1.sl.tmg.loc.     86400   IN      TXT     "Windows 7"
tmgsim2.sl.tmg.loc.     86400   IN      A       192.168.22.62
tmgsim2.sl.tmg.loc.     86400   IN      TXT     "NST"
tmgsim3.sl.tmg.loc.     86400   IN      A       192.168.22.63
tmgsim3.sl.tmg.loc.     86400   IN      TXT     "Ubuntu"
tmgsim4.sl.tmg.loc.     86400   IN      A       192.168.22.64
tmgsim4.sl.tmg.loc.     86400   IN      TXT     "Win 7 english"
tmgsim5.sl.tmg.loc.     86400   IN      A       192.168.22.65
tmgsim5.sl.tmg.loc.     86400   IN      TXT     "Natty Roman Seibel"
tmgsim6.sl.tmg.loc.     86400   IN      A       192.168.22.66
tmgsim6.sl.tmg.loc.     86400   IN      TXT     "Natty Udo "
tmgsim7.sl.tmg.loc.     86400   IN      A       192.168.22.67
tmgsim7.sl.tmg.loc.     86400   IN      TXT     "Natty Ansgar Kellner"
tmgsim8.sl.tmg.loc.     86400   IN      A       192.168.22.68
tmgsim8.sl.tmg.loc.     86400   IN      TXT     "Oneiric Youssef"
tmgsim9.sl.tmg.loc.     86400   IN      A       192.168.22.69
tmgsim9.sl.tmg.loc.     86400   IN      TXT     "Oneiric Saleh"
tmgsimd.sl.tmg.loc.     86400   IN      A       192.168.22.70
tmgsimd.sl.tmg.loc.     86400   IN      TXT     "Trusty"
tmgslava.sl.tmg.loc.    86400   IN      A       192.168.22.71
tmgslava.sl.tmg.loc.    86400   IN      TXT     "Slava, Trusty"
ws1.sl.tmg.loc.         86400   IN      A       192.168.22.1
ws10.sl.tmg.loc.        86400   IN      A       192.168.22.10
ws11.sl.tmg.loc.        86400   IN      A       192.168.22.11
ws12.sl.tmg.loc.        86400   IN      A       192.168.22.12
ws2.sl.tmg.loc.         86400   IN      A       192.168.22.2
ws3.sl.tmg.loc.         86400   IN      A       192.168.22.3
ws4.sl.tmg.loc.         86400   IN      A       192.168.22.4
ws5.sl.tmg.loc.         86400   IN      A       192.168.22.5
ws6.sl.tmg.loc.         86400   IN      A       192.168.22.6
ws7.sl.tmg.loc.         86400   IN      A       192.168.22.7
ws8.sl.tmg.loc.         86400   IN      A       192.168.22.8
ws9.sl.tmg.loc.         86400   IN      A       192.168.22.9
Example
the gateway is known as:
~# host gw.sl.tmg.loc
gw.sl.tmg.loc has address 192.168.22.254
Reverse Zone
...is not prepared as it is not required.


Important: This is the view from inside that network. From outside it looks this way:

~$ host slgw.tmg.loc
slgw.tmg.loc has address 172.22.255.253

Service Availability

DHCP

The router offers dhcp services using ISC dhcpd. It will deliver the usual information to the clients: address, netmask, gateway, nameservers. Event though the protocol is "dynamic" the configuration is static to be able to know exactly "who is who". Each computer will always get the same address.

The system wide configuration includes:

subnet 192.168.22.0 netmask 255.255.255.0 {
#  range 192.168.22.201 192.168.22.211;
   option domain-name-servers 134.76.81.212, 134.76.81.104;
   option domain-name "sl.tmg.loc";
   option routers 192.168.22.254; 
   option broadcast-address 192.168.22.255;
}

Additionally for every single system which should benefit from dhcp we need an entry like this:

host ws1 {
        hardware ethernet 00:13:72:8a:bc:41;
        fixed-address ws1.sl.tmg.loc;
}


You might verify the actual host definitions via

OpenAFS / Kerberos / LDAP

Should work as expected.

SSH

  • enabled in all directions - especially also from outside into the lab

ICMP

  • all Types enabled

Web

  • Port 80 and 443 allowed

See also

  • SL:Introduction
  • Schematic:
    /afs/informatik.uni-goettingen.de/user/s/sensorlab/documents/Documentation/sensorlab-network.dia
    bzw. "falschrum:"
    \\afs\informatik.uni-goettingen.de\user\s\sensorlab\documents\Documentation\sensorlab-network.dia
    ... which is accessible only for project members

Links