Differences between revisions 1 and 3 (spanning 2 versions)
Revision 1 as of 2008-08-19 15:57:51
Size: 2783
Editor: LukeWilliams
Comment: have at it!
Revision 3 as of 2008-08-19 16:06:23
Size: 2790
Editor: LukeWilliams
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Routing and switching at UCC is done on three core switches and a linux-based router. There are eight VLANs hosted in the club, as well as additional four which are trunked in from ITS. Understanding UCC's network can be a bit challenging at first, but after a bit of reading you'll find that it is actually very challenging, and give up. Here is an overview of how it all works:

Understanding UCC's network can be a bit challenging at first, but after a bit of reading you'll find that it is actually very challenging, and give up. Here is an overview of how it all works:

Layer One

There is a long piece of CAT5 running through the walls from the machine room to the Guild machine room in Cameron Hall (across from UWAnime). This plugs in to a 100M D-Link media converter, which leads to a similar media converter in the Guild comms room in the main Guild building. Our uplink is into an ITS managed switch called 'cruzob'.

Machine Room

The machine rooms contains three core switches and a router:

  • Olive, a 24-port Cisco Catalyst 2900 series switch.
  • Lorenzo, a 48-port Cisco Catalyst 2950 series with some dead ports and dual gigabit uplinks.
  • Curviceps, a 48-port HP Procurve with full gig ports.
  • Madako, a linux-based router running iptables.

These are all labeled and in the rack. There is also a patch panel for the clubroom wall-ports at the top of the rack.

Clubroom

There is CAT5 cabling run from a patch panel at the top of the rack to a number of wall ports throughout the room. Where not enough wall-ports are available, there are small 5-port unmanaged switches used to attach more devices to the network.

Layer Two

Internal VLANs

UCC uses seven VLANs internally for various purposes:

  • VLAN 1: Network and server management.
  • VLAN 2: Machine room network.
  • VLAN 3: Clubroom network.
  • VLAN 5: Loft network (used for LANs).
  • VLAN 6: Wireless network.
  • VLAN 7: Printers.
  • VLAN 8: Netboot (Ubuntu port)

External VLANs

ITS trunks to us the following VLANs:

  • VLAN 11: SNAP.
  • VLAN 13: Our main uplink, provides us our internet connection and address space.
  • VLAN 102: Guild clubs. Not used by UCC, forwarded on to UniSFA.

Layer Three

Layer three at UCC is pretty nasty, and the firewall script alone probable deserves its own article. However, a brief summary of how it all works:

Subnets

There are a number of IP ranges used at UCC for various things:

  • 130.95.13.0/24 is the public address space for our AARNet connection. Incoming, non-peering traffic to these addresses is charged at 4c/mb. This range is routed to us via VLAN 13.
  • 203.24.97.249/29 is the public address space for our Silk connection. Traffic to and from these addresses is unmetered. This range is also routed to us via VLAN 13.
  • 10.13.13.0/24 is a private range used for network printers. These addresses reside on VLAN 7 and are not routed outside.
  • 10.203.13.0/24 is our address range on the Resnet (college) network. Routed via VLAN 13.
  • 172.26.42.96/27 is the range we use for PPTP.
  • 172.44.24.224/27 is the wireless network range.