[Noisebridge-discuss] WPA ant other network Q's
Jonathan Lassoff
jof at thejof.com
Fri May 28 06:17:46 UTC 2010
Excerpts from Geoff Horne's message of Thu May 27 17:45:08 -0700 2010:
> I was just reading over the wiki and the network layout...
>
> Stop me if this has all be discussed before, but i couldn't find anything
> in the archives. (but feel free to point me to refs)
There's likely bits and pieces of discussion of what's where, but it's
all in flux.
> 2 questions :
>
> 1) why isn't WPA enabled for the wireless, surely that will help with
> some of the paranoia
Paranoia? What paranoia?
I for one prefer it not be configured for a couple of reasons:
1. It's easier for visitors and passers-by to connect to free internet.
I think pervasive wifi is cool.
2. It lures users into a bit of a false sense of security. Just because
the WiFi leg of the network is using WPA doesn't mean someone isn't
still sniffing your traffic.
That said, there's a point behind defense-in-depth.
3. We've got a mix of APs, and as far as I know, there's not a way to
do WPA authentication in a central place without a propriatary box.
That said, we have dearth of APs, most of which will support WPA/WPA2.
If you're interested in setting any of these up, you're more than
welcome. I would be glad to help or show you around.
> 2) why is gorilla switched through switch2.noise ? you have a single point
> of failure there. (the same applies to r00ter)
It's just acting as a central switch. Should anything happen or go down,
we just need to make sure that something connects these ports. I
intentionally put all of these uplinks on the same switch, so even
someone with limited knowledge of networking could even throw a dumb
switch in there, and things should just "work".
> other questions come to mind, i'm just curious who built and maintains the
> network.
I've built a few pieces of it, and many others have contributed. There's
no central maintainer, just interested people that jump in and do it.
Rubin110 made a great writeup of what this ethic is all about on the
wiki: https://www.noisebridge.net/wiki/Do-ocracy
> in, fact, since i'm digging around, here they are.
>
> - neither gorilla or r00ter are on a PDU, powercycling those
> bad monkeys could be an interesting exercise
Indeed. In theory, we'd never want to reboot them unless we're
physically there, but taking either down is a single-point-of-failure at
the moment.
> - the the traffic seems to be routing through gorilla, and r00ter is
> just acting as a DNS/DHCP server.
Indeed. r00ter was our original "do everything" host, but gorilla was
added to support a faster ISP link, so we're advertising that as a
default gateway to DHCP clients at the moment.
Knowledgeable users can choose to router over whichever router they
like, though.
Currently, there's no kind of failover between the two ISPs. Switching
routes will break NAT states, so I don't think anyone ever bothered to
make failover smarter.
> - DNS results are probably coming via sonic, even tough traffic is going
> via monkeybrains.
This is true. At the moment, we're really only using Sonic.net for
low-bandwith delay-sensitive traffic like DNS and SSH to external-facing
hosts.
Cheers,
jof
More information about the Noisebridge-discuss
mailing list