Daniel and I made a few changes to the network configuration last night.
We had noticed that our connection was much slower than it should've
been and found a couple areas where we thought we could make improvements:
tl;dr: We fixed some janky old wiring, replaced a server that was
bloated, and added a wireless AP. There's bunches more to do and to
document!
Text wall incoming...
- We moved the modem from the backspace area to the sudoroom server rack
platform. We were able to keep the crazy phone + ethernet situation, but
with many many fewer crazy wire splits and adapters hanging off of
ethernet cables. It's a lot cleaner now
- We moved the gateway from the middle of the red servers to the dell
poweredge server on the top. We suspected that the fancy zentyal
software on the red server was a little bloated/mis-configured. Getting
an ethernet connection directly from the modem was providing 30Mb/s, but
getting a connection anywhere after the zentyal server it was dropping
to 10Mb/s. We installed Ubuntu Server 14.04 LTS and set up some basic
networking rules (read - no security per se). It's only got 2 ethernet
ports, so it acts as a dhcp client on one interface and gets internet in
from the modem and then does NATing and provides a dhcp server on the
other side. There were a number of devices in sudoroom that have fixed
192.168.42.0/24 network ip addresses, so I setup the server to provide
addresses on that range.
- We added a wireless AP repeater to the sudoroom area. It's
on channel 1 which doesn't overlap much. There should be three ssids in
sudoroom with strong signal "sudoroom2.4ghz" "sudoroom5ghz", and
"sudoroom24g2" (or something like that last one...). Daniel ran some
cable from the server racks to the ball room and I was going to put a
picostation there, but I was having trouble finding a picostation that
would flash. So the wiring is all ready for an AP, but we just need to
get a working picostation over there.
Which leaves us with some notes and some todos:
- It looked like a number of devices were all trying to provide dhcp
servers on the 192.168.42.0/24 network. This doesn't seem like a
particularly good idea to me. I don't see any reason we can't just do
one of two things when we add a router: 1. Let it provide DHCP, but on a
different subnet, with NAT or 2. Set it up to bridge connections to the
LAN where the rack server will provide dhcp.
- The server can use a bunch of configuration. I really don't know how
security policy can/should work at sudoroom. It seems a little silly to
have a complex firewall on a machine that's accessible to the public and
has a sudo username/password written on top of it.
- Need to get a picostation in the ballroom (maybe peoplesopen node once
we feel confident we can guarantee that the tunnel to the exit node will
stay up?)
- We could probably use one more AP in sudoroom proper. We're currently
using channels 1 and 6 I believe for the two APs. There are ~3
non-overlapping 2.4Ghz channels, so we might as well make full use of
the spectrum and add a channel 11 AP
- Would be nice to go around and make sure that no one else is providing
DHCP on the 192.168.42.0/24 subnet. There were even a couple instances
where I think I realized that we were inadvertently running an extra
DHCP server. That visio AP in sudoroom had been plugged into the switch
on the LAN side. It was a cute trick to keep everyone on the same subnet
and if the visio had been smarter, it would've gone into proper bridged
mode, but I'm not sure that was the case.
- Figure out a better(?) IP allocation scheme. Right now the ubuntu
server is providing 192.168.42.0/24 addresses and the visio router is
NATing and providing 192.168.6.0/24 addresses (don't ask me why I picked
that - it was really late/early). I think that will mean that folks
connected to the visio will be able to access services on the
192.68.42.0/24 LAN, but not the other way around.
- Document! I'm super guilty of not doing a good job of this, but Daniel
and I were scrambling to get stuff in place and working. I think every
router and host with a fixed ip address (or more) should get labelled
with those addresses. I need to document this process on the wiki (this
email was partially a preface to that). And, I think we should try to
either provide a network diagram or maybe even a live monitor for folks
to see what the hell is going on. It'd be pretty snazzy to be able to go
to a web site somewhere and see the network topology/connected hosts.
Either that or we could just use crayons.....
Ok that's all I got for now,
Max