THIS IS NOT DC19 Infrastructure This is a cut and paste to be used as a template....

Infrastructure Team

Technical documentation

The NOC - Network Operations Center is located in room B-2206. The thermal properties of the room should be sufficient since it's large enough for effective heat dissipation.

APT proxy

An APT proxy is setup in the NOC room to alleviate upstream bandwidth needs and accelerate repeated builds. It's currently running on the gateway which has only a HDD (spinning disk, 7200 rpm, Seagate ST1000DM003-9YN1) so it may not be as fast as your favorite mirror running a shiny SSD drive. But we'll fix this eventually as well.

To configure your clients, see the quick tutorial for autoconfiguration. The address of the proxy is http://proxy:3142, if you prefer manual configuration. That assumes you obey DHCP search domain directives, if not, you'll need the full domain (http://proxy.dc17.debconf.org:3142).

DNS cache

We are providing a DNS caching server ("unbound") that provides DNS to the network. The domain "dc17.debconf.org" is reserved for the internal network and records are added on the DHCP/DNS server (noc0gw0) in the unbound.conf file, using entries like:

Backend documentation

Maisonneuve IT has four gigabit ethernet drops directly from the nearby distribution switch (with 10gbit uplink) in the NOC, near the teacher's desk. The four ports are in the NOC room, next to the teacher's desk, and labeled B-2206 D1, 2, 3 and 4. The top port shouldn't be used: it's in the "teacher's" VLAN and has some ports blocked.

Here's the current port usage for the drops:

Port

Device

D1

noc0sw0

D2

noc0sw1

D3

free

D4

free

So the two core switches are independently connected to the backend distribution switches. From those distribution switches, we are in Maisonneuve's IT network, which interconnects the other rooms. They do propagate VLANs and routing (incl. NAT) for us, and also handle Wifi hotspots which are bridged with our VLANs.

All NATed traffic will come from 206.167.44.0/24.

Wifi

APs connected to our network have the ESSID "?DebConf17" with the password "stretch17". The other ESSID ("cmaisonneuve"/"sansfil3800") is in a different network with blocked some ports.

IP allocation

Host

IP

Notes

noc0sw0

10.17.127.0/17

core switch near teacher desk

noc0sw1

10.17.127.1/17

core switch on table

hacklabsw{0-6}

10.17.127.1{0-6}/17

hacklab switches

noc0gw0

10.17.127.100/17

DHCP / DNS server wired VLAN

noc0gw0

10.17.254.100/17

DHCP / DNS server wireless VLAN

noc0gw0

10.18.0.2/24

DNS server (not used)

gw

10.18.0.3/24

DHCP, PXE, DNS server video VLAN

noc0gw0

206.167.36.194/26

DHCP / DNS server public VLAN

noc1st0

206.167.36.195/26

8TB media server

odroid4

206.167.36.196/26

Atlys debugging odroid

noc0stream0

206.167.36.197/26

Local Stream mirror

noc0stream1

206.167.36.198/26

Stream master

VLAN and network allocations

Name

Network

Gateway (ingress)

Egress IP

VLAN id

dc_wired

10.17.0.0/17

10.17.0.1

206.167.44.200-210

901 (default)

dc_wireless

10.17.128.0/127

10.17.128.1

206.167.44.200-210

902

dc_video

10.18.0.0/24

10.18.0.1

206.167.44.99

903

dc_public

206.167.36.192/26

206.167.36.193

same IP

904

More IP space can be allocated as needed, but do not use any of 10.20.0.0/16, 10.30.0.0/16, 10.80.0.0/16, which are used internally by Maisonneuve

Outgoing IP addresses are for the dc_wired and dc_wireless are spooled in the range 206.167.44.200-210.

Core switch port allocation

Ports are allocated to certain VLANs. They were grouped by columns to ease labeling and identification...

VLAN 903

VLAN 902

VLAN 904

Misc.

1

7

13

19: 902

2

8

14

20: 902

3

9

15

21: trunk

4

10

16

22: trunk

5

11

17

23: trunk

6

12

18

24: trunk

Each cell in the table is a port, and unless otherwise noted, is in the VLAN identified by the column heading.

Bandwidth and capacity

The total available Internet bandwidth at Maisonneuve will be 450mbit.

Teachers and students will be absent from the venue in August, so a big chunk of that bandwidth should be available to the conferece.

The building are wired, most ports should be gig. Physical ports are all numbered which will make tagging them to specific VLANs easy.

We will also be provided with a block of public IP addresses, while most ports and wireless access will be NATed. A dedicated, password-protected SSID will be setup for the conference.

Setting up our own network services (DHCP, DNS, etc.) will be required. We'll use a debian box for these things, but it will probably not act as router, we'll rely on IT for that.

Cisco configuration tricks

We have Cisco switches. Proprietary hardware, we know, but that's what we have. This is the dumbest, simplest Cisco configuration primer ever.

First things, you need to connect, either through the "console" port, which is a basic serial console (9600 bauds etc)

Sample configs, for the core switches:

Global configuration to make STP faster:

The above enters configuration mode on the terminal, then sets up gigabit ports 1 through 6 (inclusively) to be in "access" (untagged) mode on VLAN id 901. For trunked ports:

We also disable the HTTP server:

And configure SSH:

Note that Cisco switches may use older SSH crypto that will cause problems in newer versions of SSH (e.g. in stretch). To workaround, use:

Tasks

Rooms

We get access to all rooms Monday July 31, and that will be the day we setup most infrastructure.

Note that the reference list of all rooms is in ?DebConf17/Venue, this is merely a convenience copy to keep track of our presences and setup.

Known issues

Resolved

Volunteers

Meetings

Hardware inventory

Provided by Maisonneuve IT

Powerstrips and consumables (eg. tape) won't be provided.

Old wishlist

This was written before debconf and is no longer relevant but could be useful for next ones!

Todo: merge that stuff into ?Teams/Infrastructure and subpages.


CategoryDebConf19