Network admins
IP Usage in Grafana.
We have 10G connection from EENet (Non-commercial use only)
| INET | Network | Gateway | Usable range | Notes |
|---|---|---|---|---|
| IPv4 | 193.40.103.0/24 |
193.40.103.1 |
193.40.103.{2..98}193.40.103.{200..255} |
|
| IPv6 | 2001:bb8:4008::/48 |
|||
| IPv6 Zoo | 2001:bb8:4008:20::/64 |
2001:bb8:4008:20::/64 |
Use 2001:bb8:4008:20:193:40:103:X as static IPv6 format |
|
| IPv6 PD | 2001:0bb8:4008:2000::/52 |
Prefix Delegation pool for Zoo |
We have 10G 1G[1] connection from Elisa
| INET | Network | Gateway | Usable Range | Notes |
|---|---|---|---|---|
| IPv4 | 62.65.250.0/26 |
62.65.250.1 |
62.65.250.2 - 62.65.250.62 | IPv4 Usage status |
| IPv6 | 2001:1530:4::/48 |
Currently not routed |
Ubiquiti UniFi AC Lite APs managed by the UniFi controller.
k-space.ee (2.4GHz, 5 GHz)k-space.ee devices (2.4GHz, 5 GHz)k-space.ee iot, ask Secret Lords for pass.| VLAN | subnet | use |
|---|---|---|
| 1 pub | 100.101.0.0/16 | default for servers and VMs |
| 3 retro | 100.103.0.0/16 | switch and terminal server in coworking |
| VLAN | subnet | use |
|---|---|---|
| 20 zoo | 172.20.0.0/16 | default for servers and VMs |
| 23 mgmt | 172.20.0.0/16 | For BMC/IPMI (iDRAC, iLO, …) |
Members with multiple machines can request a private VLAN from Network admins.
| VLAN | subnet | use |
|---|---|---|
| 2 sec | 100.102.0.0/16 | doors and cameras |
| 4 iot | 100.104.0.0/16 | lightswitches |
| 21 infra | 172.21.0.0/16 | Kube backbones |
| 24 vpn | 172.24.1.0/16 | VPN |
Zoo is the default local network for servers. The local Zoo IPv4 may be assigned statically or with DHCP.
Local DNS is deprecated. You may use 1.1.1.1, 8.8.8.8 or others. K-SPACE services/domains are resovable publicly, both IPv4 and IPv6.
See also: HP blades netwroking
Change the IP addresses from example configs. Check for conflicts in Grafana. Attempts to hijack IPs without permission is against the rules with severe consequences. The network is monitored against such activities.
Install dependencies:
apt install ifenslave vlan bridge-utils
Identify network interface names and replace enp1s0f0, enp1s0f1 accordingly.
To obtain 10G link bring your own Intel X520, Chelsio T320 or Mellanox CX3 dual port SFP+ card and two 10G multimode SFP+ modules with LC connectors. Connect with multimode LC-LC patches to both Mikrotik switches on the top of the white rack.
If you don't need/want 10G, use RJ45 patches to connect your machine to per-rack patch panels and connect from the patch panel in white rack to the Cisco stackable switches.
Feel free to ask Network admins and/or add examples here.
/etc/network/interfaces targeting Debian
auto enp1s0f0
iface enp1s0f0 inet manual
bond-master bond0
auto enp1s0f1
iface enp1s0f1 inet manual
bond-master bond0
auto bond0
iface bond0 inet dhcp
bond-slaves none
bond-mode active-backup
bond-miimon 100
Use trunk port option if you have a justification, eg you need access to SAN network, or you want to have isolated VLAN between your own machines.
auto enp1s0f0
iface enp1s0f0 inet manual
bond-master bond0
auto enp1s0f1
iface enp1s0f1 inet manual
bond-master bond0
# Bond interface
auto bond0
iface bond0 inet static
address 0.0.0.0
bond-slaves none
bond-mode active-backup
bond-miimon 100
mtu 9000
# Zoo runs at VLAN20, use macvlan to expose this to VM-s and Docker containers
auto bond0.20
iface bond0.20 inet dhcp
mtu 1500
# SAN network, replace X with unused IP
auto bond0.101
iface bond0.101 inet static
address 172.18.101.X
netmask 255.255.255.0
mtu 9000
Add ipvlan network on Docker host, this config allows EENet IPv4/IPv6 as well
docker network rm zoo
docker network create -d ipvlan \
--subnet=172.20.0.0/16 --gateway=172.20.0.1 --ip-range=172.20.9.0/24 \
--subnet=193.40.103.0/24 --gateway=193.40.103.1 --ip-range=193.40.103.128/27 \
--subnet=62.65.250.0/26 --gateway=62.65.250.62 --ip-range=62.65.250.32/28 \
--ipv6 --subnet=2001:bb8:4008:20::/64 \
-o parent=bond0.20 zoo
In docker-compose.yml use:
version: '3.7'
networks:
zoo:
external: true
services:
yourawesomeservice:
image: blah
command: blah
networks:
zoo:
ipv4_address: 193.40.103.X
ipv6_address: 2001:bb8:4008:20:193:40:103:X
If your linux distro has support for systemd-networkd you can create a systemd.network file in /etc/systemd/network folder. (You can ping Arti Zirk for more info)
# /etc/systemd/network/wan.network
[Match]
# Activate this on network interface called enp0s25, use `ip link` to list interface names
Name=enp0s25
[Link]
RequiredForOnline=yes
[Network]
# Ask for DHCP aadress
DHCP=yes
# Use this suffix when generating IPv6 SLAAC aadress
IPv6Token=::dead:beef
# Accept IPv6 router advertisements
IPv6AcceptRA=yes
# Also attach a public IPv4 to the same interface
Address=193.40.103.x/24
Gateway=193.40.103.1
# And ipv6
Address=2001:bb8:4008:20:193:40:103:x/64
Gateway=2001:bb8:4008:20::1
# allow systemd-resolve to use Microsoft link local dns name resolution on this interface
LLMNR=yes
# allow systemd-resolve to use Apple Bonjour/Avahi link local dns name resolution on this interface
MulticastDNS=yes
[DHCP]
# tell systemd-resolve to use dns search list (zoo.k-space.lan) when doing dns name resolution
UseDomains=yes
You can use networkctl status ifacename to check current systemd-networkd status.
Elisa was previously 10 Gbps, but not utilized, it was downgraded to save costs. Upgrade possible. ↩︎