SL:Topology: Unterschied zwischen den Versionen

Aus Doc-Wiki
Wechseln zu: Navigation, Suche
imported>Burghardt
(Zone file)
imported>Burghardt
(DNS)
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt)
Zeile 35: Zeile 35:
 
;60 : the server
 
;60 : the server
 
;61... : virtual guests on the server
 
;61... : virtual guests on the server
  +
;101...: Raspberry Pis
 
;240...: infrastructure
 
;240...: infrastructure
   
Zeile 85: Zeile 86:
 
ws9.sl.tmg.loc. 86400 IN A 192.168.22.9
 
ws9.sl.tmg.loc. 86400 IN A 192.168.22.9
 
</pre>
 
</pre>
  +
Nachtrag: 22.70 + 22.71 ist belegt
   
 
;Example: the gateway is known as:
 
;Example: the gateway is known as:

Version vom 31. Januar 2019, 08:46 Uhr

The Sensor Lab has its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way.

Topology

A small computer Virtual Machine works as a router. The allowed traffic is limited in some ways. The rules are managed by Udo Burghardt.

root@slgw:~# lsb_release -a; ip a | grep global
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 11.10
Release:        11.10
Codename:       oneiric
    inet 172.22.255.253/16 brd 172.22.255.255 scope global eth0
    inet 192.168.22.254/24 brd 192.168.22.255 scope global eth1


IP Ranges

We use a simple private address block of:

~# ipcalc 192.168.22.0/24
Address:   192.168.22.0         11000000.10101000.00010110. 00000000
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard:  0.0.0.255            00000000.00000000.00000000. 11111111
=>
Network:   192.168.22.0/24      11000000.10101000.00010110. 00000000
HostMin:   192.168.22.1         11000000.10101000.00010110. 00000001
HostMax:   192.168.22.254       11000000.10101000.00010110. 11111110
Broadcast: 192.168.22.255       11000000.10101000.00010110. 11111111
Hosts/Net: 254                   Class C, Private Internet

DNS

Dedicated ranges/naming convention:

1...  
former pool computers "wsxy"
31... 
"normal" computers "pcxy"
60  
the server
61... 
virtual guests on the server
101...
Raspberry Pis
240...
infrastructure

Zone file

Actual snapshot 07. Feb. 2013:

dig tmg.loc axfr | grep -e .sl.tmg
esxsl.tmg.loc.          86400   IN      CNAME   tmg94.tmg.loc.
nst.tmg.loc.            86400   IN      CNAME   tmgsim2.sl.tmg.loc.
gw.sl.tmg.loc.          86400   IN      A       192.168.22.254
gw.sl.tmg.loc.          86400   IN      TXT     "Sensorlab Router eth1"
pc01.sl.tmg.loc.        86400   IN      A       192.168.22.31
pc02.sl.tmg.loc.        86400   IN      A       192.168.22.32
pc03.sl.tmg.loc.        86400   IN      A       192.168.22.33
pc04.sl.tmg.loc.        86400   IN      A       192.168.22.34
ps1.sl.tmg.loc.         86400   IN      A       192.168.22.241
ps2.sl.tmg.loc.         86400   IN      A       192.168.22.242
rpi01.sl.tmg.loc.       86400   IN      A       192.168.22.41
rpi02.sl.tmg.loc.       86400   IN      A       192.168.22.42
sw.sl.tmg.loc.          86400   IN      A       192.168.22.244
tmgsim1.sl.tmg.loc.     86400   IN      A       192.168.22.61
tmgsim1.sl.tmg.loc.     86400   IN      TXT     "Windows 7"
tmgsim2.sl.tmg.loc.     86400   IN      A       192.168.22.62
tmgsim2.sl.tmg.loc.     86400   IN      TXT     "NST"
tmgsim3.sl.tmg.loc.     86400   IN      A       192.168.22.63
tmgsim3.sl.tmg.loc.     86400   IN      TXT     "Ubuntu"
tmgsim4.sl.tmg.loc.     86400   IN      A       192.168.22.64
tmgsim4.sl.tmg.loc.     86400   IN      TXT     "Win 7 english"
tmgsim5.sl.tmg.loc.     86400   IN      A       192.168.22.65
tmgsim5.sl.tmg.loc.     86400   IN      TXT     "Natty Roman Seibel"
tmgsim6.sl.tmg.loc.     86400   IN      A       192.168.22.66
tmgsim6.sl.tmg.loc.     86400   IN      TXT     "Natty Udo "
tmgsim7.sl.tmg.loc.     86400   IN      A       192.168.22.67
tmgsim7.sl.tmg.loc.     86400   IN      TXT     "Natty Ansgar Kellner"
tmgsim8.sl.tmg.loc.     86400   IN      A       192.168.22.68
tmgsim8.sl.tmg.loc.     86400   IN      TXT     "Oneiric Youssef"
tmgsim9.sl.tmg.loc.     86400   IN      A       192.168.22.69
tmgsim9.sl.tmg.loc.     86400   IN      TXT     "Oneiric Saleh"
ws1.sl.tmg.loc.         86400   IN      A       192.168.22.1
ws10.sl.tmg.loc.        86400   IN      A       192.168.22.10
ws11.sl.tmg.loc.        86400   IN      A       192.168.22.11
ws12.sl.tmg.loc.        86400   IN      A       192.168.22.12
ws2.sl.tmg.loc.         86400   IN      A       192.168.22.2
ws3.sl.tmg.loc.         86400   IN      A       192.168.22.3
ws4.sl.tmg.loc.         86400   IN      A       192.168.22.4
ws5.sl.tmg.loc.         86400   IN      A       192.168.22.5
ws6.sl.tmg.loc.         86400   IN      A       192.168.22.6
ws7.sl.tmg.loc.         86400   IN      A       192.168.22.7
ws8.sl.tmg.loc.         86400   IN      A       192.168.22.8
ws9.sl.tmg.loc.         86400   IN      A       192.168.22.9

Nachtrag: 22.70 + 22.71 ist belegt

Example
the gateway is known as:
~# host gw.sl.tmg.loc
gw.sl.tmg.loc has address 192.168.22.254
Reverse Zone
...is not prepared as it is not required.


Important: This is the view from inside that network. From outside it looks this way:

~$ host slgw.tmg.loc
slgw.tmg.loc has address 172.22.255.253

Service Availability

DHCP

The router offers dhcp services using ISC dhcpd. It will deliver the usual information to the clients: address, netmask, gateway, nameservers. Event though the protocol is "dynamic" the configuration is static to be able to know exactly "who is who". Each computer will always get the same address.

The system wide configuration includes:

subnet 192.168.22.0 netmask 255.255.255.0 {
#  range 192.168.22.201 192.168.22.211;
   option domain-name-servers 134.76.81.212, 134.76.81.104;
   option domain-name "sl.tmg.loc";
   option routers 192.168.22.254; 
   option broadcast-address 192.168.22.255;
}

Additionally for every single system which should benefit from dhcp we need an entry like this:

host ws1 {
        hardware ethernet 00:13:72:8a:bc:41;
        fixed-address ws1.sl.tmg.loc;
}


You might verify the actual host definitions via

OpenAFS / Kerberos / LDAP

Should work as expected.

SSH

  • enabled in all directions - especially also from outside into the lab

ICMP

  • all Types enabled

Web

  • Port 80 and 443 allowed

See also

  • SL:Introduction
  • Schematic:
    /afs/informatik.uni-goettingen.de/user/s/sensorlab/documents/Documentation/sensorlab-network.dia
    bzw. "falschrum:"
    \\afs\informatik.uni-goettingen.de\user\s\sensorlab\documents\Documentation\sensorlab-network.dia
    ... which is accessible only for project members

Links