Updated and added information about services, infrastructure, network…

… topology, etc. - Added Talks page - DHCP server EOL notice - Trimmed comments from DHCP server config - Added Tiamat to 145 subnet listing - Updated information about Unbound - Added CSlabs website, more information about containers on Tiamat - Updated info about Ziltoid - Created page for Kasper - Deprecation notice added for Atlas - Updated IP allocations to include Kasper - Updated information about our firewall service - Updated info about our switches - VLANs are now their own page with descriptions - Updated current and desired topologies to (loosely) match our plans for next semester
COSI-Lab · Dec 17, 2023 · a44918c · a44918c
2 parents 613a7b1 + 99f258a
commit a44918c
Show file tree

Hide file tree

Showing 15 changed files with 239 additions and 174 deletions.
diff --git a/src/SUMMARY.md b/src/SUMMARY.md
@@ -9,6 +9,7 @@
     - [Allocations](./infrastructure/network/ip_allocations.md)
     - [Topology](./infrastructure/network/topology.md)
     - [Switches](./infrastructure/network/switches.md)
+    - [VLANs](./infrastructure/network/vlans.md)
 
 - [Racks](./infrastructure/racks.md)
 
@@ -17,6 +18,7 @@
     - [Elephant](./infrastructure/servers/elephant.md)
   	- [Eldwyn](./infrastructure/servers/eldwyn.md)
     - [Hydra](./infrastructure/servers/hydra.md)
+    - [Kasper](./infrastructure/servers/kasper.md)
     - [Talos](./infrastructure/servers/talos.md)
     - [TalDos](./infrastructure/servers/taldos.md)
     - [Tiamat](./infrastructure/servers/tiamat.md)
@@ -59,11 +61,11 @@
     - [Murmur (Mumble)](./services/murmur.md)
 
 - [Websites]()
-    - [cslabs]()
+    - [cslabs](./websites/cslabs.md)
     - [book](./websites/book.md)
     - [files]()
     - [random]()
-    - [talks]()
+    - [talks](./websites/talks.md)
 
 - [Mirror](./mirror/introduction.md)
     - [Hardware](./mirror/hardware.md)
@@ -73,4 +75,4 @@
 # Guides 
 
 - [Guides]() 
-    - [COSI Accounts](./guides/cosi_accounts.md)
+    - [COSI Accounts]()
diff --git a/src/infrastructure/network/ip_allocations.md b/src/infrastructure/network/ip_allocations.md
@@ -4,7 +4,7 @@ All links on this page should point at the underlying physical (or virtual) _inf
 
 ## IP Address Listing for 128.153.144.1/24 subnet
 
-_updated: Sep 25, 2023_
+_updated: December 15, 2023_
 
 | 128.153.144.# | Name |
 | :--- | :---
@@ -33,9 +33,10 @@ _updated: Sep 25, 2023_
 | 128.153.145.# | Name |
 | :--- | :---
 | 1 | OIT Gateway |
-| 2 | [Ziltoid](../servers/ziltoid.md) |
+| 2 | [Kasper](../servers/kasper.md) |
 | 3 | [TalDos](../servers/taldos.md) |
 | 4 | [Talos](../servers/talos.md) |
+| 41 | [Tiamat](../servers/tiamat.md) |
 | 42 | [Hydra](../servers/hydra.md) |
 | 53 | [TalDos](../servers/taldos.md) |
 | 179 | [hbox](../servers/hbox.md) |
@@ -49,8 +50,6 @@ _TODO: reallocate the entire network_
 
 ## IPv6 Address Listing for 2605:6480:c051::/48 network
 
-|
-
 ### Subnet Allocations
 
 | 2605:6480:c051 | :XXXX: | YYYY:YYYY:YYYY:YYYY |

diff --git a/src/infrastructure/network/switches.md b/src/infrastructure/network/switches.md
@@ -2,33 +2,60 @@
 
 The purpose of this document is to provide more detailed descriptions of our managed network switches. 
 
-## F2
+## FHILL
 
-_updated: Jan 12th 2023_
+_updated: December 17th, 2023_
 
-F2 is currently our top level fiber networking switch. It is a Juniper QFX 3500 running `JUNOS 12.3X50-D30.2`. The management interface is assigned to `128.153.145.21`.
+FHILL is currently our top level fiber networking switch. It is a
+[Mikrotik CRS326-24S+2Q+RM](https://mikrotik.com/product/crs326_24s_2q_rm)
+running `RouterOS v7`. The management interface is assigned to `128.153.145.21`,
+and is currently only accessible by plugging in to one of the service ports.
+If in doubt, the Ethernet port labeled `MGMT/BOOT` should always be configured
+to allow access to the management interface.
 
 | Ports | Count |
 |-------------|-------|
-| SPF+ (10G)  | 48    |
-| QSPF+ (40G) | 4     |
+| SPF+ (10G)  | 24    |
+| QSPF+ (40G) | 2     |
 
-The switch is physically split into 6 groups of 8 SFP+ ports and 1 group of 4 QSPF+ ports. 
+The switch is physically split into 3 groups of 8 SFP+ ports and 1 group
+containing the 2 QSFP+ ports. It also has a 100M Ethernet port for management.
 
 ```
-| 0 | 2 | 4 | 6 |   | 8 | 10 | 12 | 14 |   | 16 | 18 | 20 | 22 |   |  Q0  |  Q2  |   | 24 | 26 | 28 | 30 |   | 32 | 34 | 36 | 38 |   | 40 | 42 | 44 | 46 |
-|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|------|---|----|----|----|----|---|----|----|----|----|---|----|----|----|----|
-| 1 | 3 | 5 | 7 |   | 9 | 11 | 13 | 15 |   | 17 | 19 | 21 | 23 |   |  Q1  |  Q3  |   | 25 | 27 | 29 | 31 |   | 33 | 35 | 37 | 39 |   | 41 | 43 | 45 | 47 |
+| 0 | 2 | 4 | 6 |   | 8 | 10 | 12 | 14 |   | 16 | 18 | 20 | 22 |   |  Q0  |   |      |
+|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|---|------|
+| 1 | 3 | 5 | 7 |   | 9 | 11 | 13 | 15 |   | 17 | 19 | 21 | 23 |   |  Q1  |   | MGMT |
 ```
 
-We've allocated (but have not configured) groups of ports to map to certain VLANs. Likewise, even number SFP+ ports are allocated for 10 gigabit while odd numbers are allocated to 1 gigabit. 
+We've configured groups of ports to map to certain [VLANs](../network/vlans.md).
 
-| Ports | VLANs    | Speed |
-|-------|----------|-------|
-| 0-7   | v2\_wan  | 10 G  |
-| 8-15  | v2\_wan  | 1 G   |
-| 16-23 | TBD      |       |
-| 24-39 | v3\_lan  | 10 G  |
-| 40-47 | v3\_lan  | 1 G   |
+| Ports | VID | Name       | Speed |
+|-------|-----|------------|-------|
+| 0-7   | 3   | cosi\_priv | 10 G  |
+| 8-15  | 2   | cosi\_pub  | 10 G  |
+| 16-23 | 1   | service    | 10 G  |
+| Q0-Q1 | 1   | service    | 40 G  |
+| MGMT  | 1   | service    | 100 M |
 
-On the back there are 2 RJ45 ports for management over IP and a RJ45 port for serial management using a cross over serial cable. The serial connection has a baud rate of `9600`.
+## FCOLO
+
+_updated: December 17th, 2023_
+
+FCOLO is our fiber network switch in COLO, which we are planning to use as our
+top level switch once we have moved some critical infrastructure there. It is a
+[Mikrotik CRS326-24S+2Q+RM](https://mikrotik.com/product/crs326_24s_2q_rm)
+running `RouterOS v7`. Its management interface is currently not accessible.
+
+| Ports | Count |
+|-------------|-------|
+| SPF+ (10G)  | 24    |
+| QSPF+ (40G) | 2     |
+
+The switch is physically split into 3 groups of 8 SFP+ ports and 1 group
+containing the 2 QSFP+ ports. It also has a 100M Ethernet port for management.
+
+```
+| 0 | 2 | 4 | 6 |   | 8 | 10 | 12 | 14 |   | 16 | 18 | 20 | 22 |   |  Q0  |   |      |
+|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|---|------|
+| 1 | 3 | 5 | 7 |   | 9 | 11 | 13 | 15 |   | 17 | 19 | 21 | 23 |   |  Q1  |   | MGMT |
+```
diff --git a/src/infrastructure/network/topology.md b/src/infrastructure/network/topology.md
@@ -36,7 +36,7 @@ If you have trouble distinguishing colors, you can read the source code.
 
 ## Current Topology
 
-_updated: Mar 2nd 2023_
+_updated: December 17th, 2023_
 
 ```dot process
 /* COSI network topology
@@ -56,15 +56,15 @@ graph {
 	/* Nodes */
 	internet [shape=none,height=1,width=1,fixedsize=true,image="cloud.gif",label=""];
 	mirror [class="host"];
-	ziltoid [class="host"];
+	kasper [class="host"];
 
 	subgraph switches {
 		node [shape="record"]
 
 		jgw [class="clarkson"];
 		sc334 [class="clarkson",label="sc-334-c2960s"];
 	
-		f2 [class="agg"];
+		FHILL [class="agg"];
 	
 		m2 [class="managed"];
 		m3 [class="managed"];
@@ -80,7 +80,7 @@ graph {
 		cosi2 [class="unmanaged"];
 	}
 
-	talos [class="host"];
+	taldos [class="host"];
 	eldwyn [class="host"];
 	hydra [class="host"];
 	tiamat [class="host"];
@@ -96,19 +96,19 @@ graph {
 	internet -- jgw[dir=back,len=1,class="clarkson"];
 	jgw -- sc334 [class="clarkson"];
 	
-	sc334 -- f2 -- mirror [class="smf10",label="3"];
-	f2 -- ziltoid [dir=forward,class="smf10",label="3"];
-	f2 -- ziltoid [dir=back,class="smf10",label="2"];
-	f2 -- tiamat [class="smf10",label="2"];
+	sc334 -- FHILL -- mirror [class="smf10",label="3"];
+	FHILL -- kasper [dir=forward,class="smf10",label="3"];
+	FHILL -- kasper [dir=back,class="smf10",label="2"];
+	FHILL -- tiamat [class="smf10",label="2"];
 
-	f2 -- private  [label="2"];
-	private -- {itl1, itl2, itl3, itl4, talos, hydra, ziltoid};
+	FHILL -- private  [label="2"];
+	private -- {itl1, itl2, itl3, itl4, taldos, hydra, kasper};
 	{itl1, itl2, itl3, itl4} -- ITL;
 
-	f2 -- {cosi1, cosi2, m2} [label="2"];
+	FHILL -- {cosi1, cosi2, m2} [label="2"];
 	{cosi1, cosi2} -- COSI;
 
-	f2 -- m3 [label="2,5"];
+	FHILL -- m3 [label="2,5"];
 
 	m2 -- {prometheus, wifi};
 	m3 -- {eldwyn};
@@ -132,18 +132,16 @@ graph {
 	subgraph switches {
 		node [shape="record"]
 		jgw [class="clarkson"];
-		sc334 [class="clarkson",label="sc-334-c2960s"];
-		"beef*" [class="clarkson"];
 		
-		fcolo [class="agg"];
-		fhill [class="agg"];
+		FCOLO [class="agg"];
+		FHILL [class="agg"];
 		
-		mnet [class="managed"];
 		mrackl [class="managed"];
 		mrackr [class="managed"];
+		mnet [class="managed"];
 
 		wifi [class="unmanaged"];
-		shitch [class="unmanaged"];
+
 		itl1 [class="unmanaged"];
 		itl2 [class="unmanaged"];
 		itl3 [class="unmanaged"];
@@ -153,66 +151,35 @@ graph {
 	}
 
 	mirror [class="host",href="../../mirror/introduction.md"];
-	ziltoid [class="host",href="../servers/ziltoid.md"];
+	kasper [class="host",href="../servers/kasper.md"];
+	taldos [class="host",href="../servers/talos.html"];
 	hydra [class="host",href="../servers/hydra.html"];
 	bacon [class="host",href="../servers/bacon.html"];
 	tiamat [class="host",href="../servers/tiamat.html"];
-	eldwyn [class="host",href="../servers/eldwyn.html"];
-	"grand-dad" [class="host"];
-	ziltoid [class="host",href="../servers/ziltoid.html"];
-	talos [class="host",href="../servers/talos.html"];
+	TBD [class="host"];
 	elephant [class="host",href="../servers/elephant.html"];
 	prometheus [class="host"];
 	norm [class="host"];
 	"red-dwarf" [class="host"];
+
 	COSI [class="room"];
 	ITL [class="room"];
 	
 	/* Edges */
 	internet -- jgw [dir=back,class="clarkson"];
-	jgw -- {sc334, "beef*"} [class="clarkson"];
-	"beef*" -- ITL [class="room"];
-	fhill -- sc334 [class="smf10",label="3"];
-	fcolo -- jgw [class="smf10",label="3"];
-
-	fcolo -- fhill [class="smf10",label="2,4,5,6,7"];
-	fhill -- {mnet, hydra, bacon, tiamat} [class="smf10",label="2"];
-	fhill -- mrackl [label="2,5"];
-	fhill -- mrackr [label="2"];
+	FHILL -- FCOLO [class="smf10",label="2"];
+	FCOLO -- jgw [class="clarkson"];
+
+	FHILL -- {mrackl, mrackr, mnet, hydra, bacon, tiamat} [class="smf10",label="2"];
 	mnet -- {itl1, itl2, itl3, itl4, cosi1, cosi2, wifi};
 	mrackr -- {norm, "red-dwarf", prometheus} [label="2"];
-	mrackl -- "grand-dad" [label="2"];
-	mrackl -- eldwyn [label="2,5"];
+	mrackl -- TBD [label="2"];
 	{cosi1, cosi2} -- COSI [class="room"];
 	{itl1, itl2, itl3, itl4} -- ITL [class="room"];
-	shitch -- talos;
-	shitch -- ziltoid;
-	fcolo -- {mirror} [class="smf10",label="3"];
-	fcolo -- shitch [dir=forward,label="2"];
-	fcolo -- elephant [class="smf10",label="2"];
-	fcolo -- shitch [dir=back];
-	fcolo -- ziltoid [dir=forward,class="smf10",label="3"];
-	fcolo -- ziltoid [dir=back,class="smf10",label="2"];
+	FCOLO -- {mirror} [class="smf10",label="3"];
+	FCOLO -- {elephant, taldos} [class="smf10",label="2"];
+	FCOLO -- kasper [dir=forward,class="smf10",label="3"];
+	FCOLO -- kasper [dir=back,class="smf10",label="2"];
 	norm -- prometheus [class="e10g",label="direct 10G",fontcolor="blue"];
 }
 ```
-
-- _"beef" is switch with a 40 gigabit uplink that has yet to been allocated by OIT. It will connect the Window's machines to OIT's lab vlan._
-
-## VLANS
-
-_updated: Jan 15th 2023_
-
-> TODO: Make a separate page for VLANs w/ a short explanation and more detail.
-
-COSI has the following VLANs.
-
-| VLAN id | name   | description
-|---------|--------|-------------
-| 1       | unused | Many switches this is the default, therefor we don't use it 
-| 2       | v2\_cosi\_priv   | Our "default". This VLAN is behind the [firewall](../../services/firewall.md).
-| 3       | v3\_cosi\_public | VLAN with a direct connection to OIT. This is infront of the [firewall](../../services/firewall.md).
-| 4       | v4\_146 | VLAN for the 128.153.146.0/24 network. Currently this is unused and not well documented
-| 5       | v5\_phones | VLAN for Voice Over IP (VOIP) phones. Read [Asterisk](../../services/asterisk.md) for more information.
-| 6       | v6\_iot | VLAN for untrusted devices that require an internet connect. Think : Amazon Alexa |
-| 7       | v7\_cameras | A very poorly named VLAN for untrusted devices that do not require an internet connect. Consider the printer. Arguably, it seems the need for this VLAN is low.
diff --git a/src/infrastructure/network/vlans.md b/src/infrastructure/network/vlans.md
@@ -0,0 +1,54 @@
+# VLANs
+
+_updated: December 17th, 2023_
+
+COSI has allocated the following VLANs:
+
+| VID | Name       | Active? |
+|-----|------------|---------|
+| 1   | service    | yes     |
+| 2   | cosi\_priv | yes     |
+| 3   | cosi\_pub  | yes     |
+| 4   | 146        | no      |
+| 5   | phones     | no      |
+| 6   | iot        | no      |
+| 7   | cameras    | no      |
+
+
+## VLAN 1: `service`
+
+Since this is the default VID on many switches, it is never configured to allow
+access to the internet. Whenever possible, it should be used for unassigned
+interfaces and to provide access to management interfaces for our switches.
+
+## VLAN 2: `cosi_priv`
+
+This VLAN is our "default", and is behind our
+[firewall](../../services/firewall.md). Any personal computer, or any server
+that does not need direct from the Internet should be here.
+
+## VLAN 3: `cosi_pub`
+
+This VLAN has a direct connection to OIT, and is not protected by the 
+[firewall](../../services/firewall.md). Only servers that need direct, 
+unfiltered access to the Internet (ex. [Mirror](../../mirror/introduction.md))
+should be on this VLAN.
+
+## VLAN 4: `146`
+
+This VLAN was used for the 128.153.146.0/24 subnet, but is not currently active.
+
+## VLAN 5: `phones`
+
+This VLAN was used for our VOIP phones.
+See [Asterisk](../../services/asterisk.md) for more information.
+
+## VLAN 6: `iot`
+
+For untrusted devices that require an internet connection
+(ex. smart home devices). It is currently unused.
+
+## VLAN 7: `cameras`
+
+This VLAN was used for untrusted devices that do NOT require an internet
+connection. It is currently unused.