[Rack] Current network setup? Network wiki page?

Ben Kochie ben at nerp.net
Tue Aug 12 06:37:07 UTC 2014 

I think the simplicity is a good idea, but not all of this is necessary.

Having the core network switch and public network switch is a good idea. 
We had this before with the linksys switch.  But I think we should 
have one managed switch for the core network.  PoE for wifi is a good 
idea, but optional.  The big feature I think we want is fanless.  Reduced 
noise, power use, dust issues.  We don't need that many ports.  A 12-24 
port managed switch, and a 24 port public switch.

The one downside to being fully unmanaged is we don't get DHCP spoofing 
protection.  Having a basic managed switch allows us to do DHCP 
annoucement blocking on all ports.  DHCP spoofing has been one of the more 
troublesome activities on the network.

For wifi, I see no reason to disable WPA.  WPA still provides per-user 
stream crypto.  This is not a false sense of security, because with the 
combination of managed switch and WPA you can mostly prevent DHCP 
spoofing.

I agree that we shouldn't have any room for servers to be installed.  The 
one small rack was more than enough for all the equipment NB needs.  Susan 
the rack (the rolling telco rack) should be retired.

I don't think mounting the rack high up is hugely necessary if we now have 
a locked network room.

If we really want, we could get a lockable core network mini-rack.

I should be hearing back in the next couple days about some good quality 
fan/filter HEPA units.  We can use one of these to keep the air in the 
rack room nice and clean, also doubles as a circulation unit to keep the 
room cooler.

  -ben

On Mon, 11 Aug 2014, Rubin Abdi wrote:

> Not sure if I'll be around. The current network is in a working state,
> so I suggest we meed up when Casey returns from his Minnesotan sabbatical.
>
> Changes to network proposal:
>
> * The priority is internet -> wifi, not the ethernet network.
> * Split the network into two physical zones, Crucial and Voluntary.
> * Crucial involves everything to get internet from our uplinks to the
> wifi access points plus minotaur, and get locked into a shelf high up in
> the networking closet with a combo lock on it.
> * Simplify Crucial to the least number of moving parts to make it as
> reliable as possible.
> * Setup minotaur to do actual monitoring and have it be able to spit out
> some non-technical-human-readable health status dashboard on a display.
> * Voluntary is a single ethernet line coming down from Crucial.
> * Keep Voluntary as simple as possible, no managed switches, no space to
> put a server, none of that.
> * Mount a large non-managed switch (and the patch panel) to the wall
> under the shelf. Remove and re-purpose Susan.
> * If people want to randomly plug things into the switch, it's not
> managed, we don't care.
> * Not providing any place to have servers get installed. People will
> still dump shit there and plug in, but if the space isn't there they
> wont last as long. Especially if all the power outlets are inside the
> locked shelf.
>
> I think we should work towards figuring out a means for others to be
> able to setup server like machines in the space, however we currently
> (and never really before) had any good ways of facilitating that and
> also having good lines of communication back to those who did. We could
> setup another "lockable" shelf under the Crucial one, with its own shelf
> and its own combo lock (and own code) to allow people to use once
> they've popped onto Rack with a request to setup a system. And also make
> that shelf small so that only low power embedded machines can get installed.
>
> Thoughts?
>
> -- 
> Rubin
> rubin at starset.net
>
>

More information about the Rack mailing list