Primary IT Infrastructure: Difference between revisions
Line 16: | Line 16: | ||
At HackRVA we have a segmented network using vlans for segregation of traffic. | At HackRVA we have a segmented network using vlans for segregation of traffic. | ||
;VLAN-1 | ;VLAN-1 | ||
: | :the management vlan | ||
: | :houses the management end-points for primary services. | ||
;VLAN-100 | ;VLAN-100 | ||
: | :the voip vlan, specifically intended to have all voip traffic. | ||
;VLAN-200 | ;VLAN-200 | ||
: | :the vlan for hackrva-wireless, and is the vlan which you will be assigned to, if access the hackrva-wireless ssid. | ||
;VLAN-300 | ;VLAN-300 | ||
: | :the vlan for all wired network infrastructure, and is also the vlan for network services such as email, and dns, as well as network printers. | ||
===TCP/IP Layer and 802.1q label assignment=== | ===TCP/IP Layer and 802.1q label assignment=== |
Revision as of 00:58, 30 June 2014
Please check back with this page, as we are in the process of populating good information, relating to how to get the most out of your HackRVA data experience.
The primary network architecture
At HackRVA we utilize a switched network with vlans and VoIP support. We have a dedicated smart-switch, a router and a Virtulization Server which runs our web services, and groupware.
Network Topology
Network Diagram
Layer 2 and Layer 3
VLANs (802.1q tags)
At HackRVA we have a segmented network using vlans for segregation of traffic.
- VLAN-1
- the management vlan
- houses the management end-points for primary services.
- VLAN-100
- the voip vlan, specifically intended to have all voip traffic.
- VLAN-200
- the vlan for hackrva-wireless, and is the vlan which you will be assigned to, if access the hackrva-wireless ssid.
- VLAN-300
- the vlan for all wired network infrastructure, and is also the vlan for network services such as email, and dns, as well as network printers.
TCP/IP Layer and 802.1q label assignment
Address Space (IPv4)
At HackRVA we have subneting that is assigned to specific vlans.
- VLAN-1
- subnet 192.168.10.0/24
- VLAN-100
- subnet 192.168.100.0/24
- VLAN-200
- subnet 192.168.200.0/24
- VLAN-300
- subnet 192.168.30.0/24
Address Space (IPv6)
HackRVA does not currently utilize IPv6 address space.
Wireless SSID List
At Hackrva, we utilize three ssids for specific access to services, which is relevant for different types of users.
- hackrva-wireless
- (vlan-200)
- General access to internet services only
- hackrva-lan
- (vlan-300)
- This is used for member access to all services within Hackrva's internal network.
- If a peripheral device is connected to the Layer 3 network, and hence connected on vlan-300, then this device will only be accessible via wireless on hackrva-lan ssid.
- hackrva-admin
- (vlan-1)
- Used for management purposes, when connecting via the wireless network layer.
Network Devices
The HackRVA network is comprised of four primary network infrastructure devices.
CPE devices
SMC Business Gateway
HackRVA uses comcast business class service with static IPv4 provisioned
The device provided for this service is the SMC Networks SMCD3GCCR business gateway.
The device provides a four port switch, for easy integration into our network architecture.
Cisco RV180 VPN Router
The RV180 VLAN-enabled VPN SOHO router is the brains of the internal network architecture.
This device provides dhcp to clients on the internal LAN as well as NAT functionlaty for accessing the internet from behind the cable modem.
To understand what vlan capabilities are being used as the space, please reference the VLAN section, below.
Ubiquiti Wireless AP
The wireless services are provided by a commerical-grade wireless access point.
The access point requires management software installed on a Windows computer, or Linux (with much more work).
CAUTION
- Do not plug IEEE standar PoE devices into the output of the supplied Ubiquiti PoE adaptor, or the converse.
- The Unifi model that is in use does not comply with IEEE standards based PoE voltages.
- Do not plug IEEE standar PoE devices into the output of the supplied Ubiquiti PoE adaptor, or the converse.
NetGear 24-port smart-switch
This device is referenced by Netgear as the GS724T-300 smart-switch.
This device is capable of vlan tagged ports, as well as port trunking.
Cisco 2651 Series Router
We have a Cisco 2651xm router which provides all major routing features that are configured on the HackRVA network.
Network Services
Domain Name Services (dns)
HackRVA currently hosts its own domain name services, or "DNS."
Authoritative dns services are supplied to the following domains.
hackrva.org
- lists - hosted offsite, at this time.
- www
- imap
- ftp
- listserver
- mobilsync
- smtp
- testweb
- zmail
- zmailserver
hackrva.net
(Not currently hosted on our dns servers, however this should change soon.)
hackrva.us
- list
- www
- imap
- ftp
- listserver
- mobilsync
- smtp
- testweb
- zmail
- zmailserver
hackrva.info
- list
- www
- imap
- ftp
- listserver
- mobilsync
- smtp
- testweb
- zmail
- zmailserver
Dynamic Host Control Protocol (dhcp)
The dhcp services are managed by the RV180 VPN router.
Network Time Protocol (ntp)
File Transfer Protocol (ftp)
VoIP
www
VPN
Servers and Workstations
Power Management
Battery Backup Devices
We have been supporting our network infrastructure, and servers with an entry-level server UPS from CyberPower since August 2013.
CyberPower OR700LCDRM1U
The CyberPower Smart App LCD 700VA Line-Interactive UPS with AVR, provides line conditioning, and other features which allow HackRVA to maintain a good uptime, in leu of power outages.
Key Information
Power Distributors
Racks and Cabinets
At HackRVA Labs, Inc. we have two racks, or "cabinets" in use.
One is a 36U full depth data server cabinet.