Freifunk-Leipzig
/
eae-am-deutschen-platz
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

documentation: first rework 

* split-off overview and configuration
* add eae-adp-jump01 into diagram
* mention ospf link between gw-core01 and eae-adp-jump01
replace_gw-core01
Gregor Michels 2022-07-03 03:25:42 +02:00
parent d4432cb0f4
commit d4b3b616a5
6 changed files with 71 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -12,7 +12,7 @@ This repo contains the config and documentation for our installation at the "Ers
* [Documentation](documentation/README.md)
* [Incidents](documentation/INCIDENTS.md)
* [TODO](documentation/TODO.md)
* [Todo](documentation/TODO.md)
## Usage

45
documentation/README.md → documentation/CONFIGURATION.md
View File

@ -1,49 +1,6 @@
Doku: EAE - Am deutschen Platz
Installation and Confguration
==============================
Overview:
--------
![Layer 1 Overview of Network](layer1_overview.png)
IPAM / Device Overview:
-----------------------
| Name | Location | MGMT IPv4 | MAC | Device | Notes |
| -------------- | --------- | ------------ | ------------------- | -------------------- | ----- |
| `gw-core01` | Büro | `10.84.1.1` | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX | |
| `sw-access01` | Büro | `10.84.1.10` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | |
| `sw-access02` | Zelt 5 | `10.84.1.11` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | |
| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | |
| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM | |
| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | |
| `ap-1a38` | Zelt 5 | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | |
| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | |
| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | |
| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | |
| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | |
Cloud VMs:
----------
| VM Name | IPv4 | IPv6 | Location | Provider | Type | Description | Notes |
| ---------------- | -------------- | ------------------------ | -------------------------- | -------- | ---- | ----------------------------------- | --------------------------- |
| `eae-adp-jump01` | `162.55.53.85` | `2a01:4f8:c0c:1281::/64` | Germany - Nuerenberg - DC3 | Hetzner | CX11 | vpn and jump host for remote access | kvm access: `@hirnpfirsich` |
Networks:
---------
| Name | VLAN | v4 Space | v6 Space | Description |
| ---------- | ---- | ----------------- | -------- | --------------------------------------------------------------------- |
| `mgmt` | 1 | `10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks |
| `clients` | 2 | `10.84.2.0/22` | / | this is where the wifi clients live |
| `gigacube` | / | `192.168.8.0/24` | / | created by the gigacube. wan for our gateway |
| `backbone` | / | `10.254.254.0/30` | / | tunnel network between `gw-core01` and `eae-adp-jump01` |
Configuration:
--------------
### `sw-access0{1-2}`
OS:

6
documentation/MAIN.md Normal file
View File

@ -0,0 +1,6 @@
# Documentation
* [System/Network Overview](OVERVIEW.md)
* [Installation and Configuration of Systems](CONFIGURATION.md)
* [Incidents](INCIDENTS.md)
* [Todo](TODO.md)

62
documentation/OVERVIEW.md Normal file
View File

@ -0,0 +1,62 @@
System/Network Overview
=======================
Diagram:
--------
![Layer 1 Overview of Network](layer1_overview.png)
IPAM / Device Overview:
-----------------------
| Name | Location | MGMT IPv4 | MAC | Device | Notes |
| -------------- | --------- | ------------ | ------------------- | -------------------- | ----- |
| `gw-core01` | Büro | `10.84.1.1` | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX | |
| `sw-access01` | Büro | `10.84.1.10` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | |
| `sw-access02` | Zelt 5 | `10.84.1.11` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | |
| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | |
| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM | |
| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | |
| `ap-1a38` | Zelt 5 | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | |
| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | |
| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | |
| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | |
| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | |
Cloud VMs:
----------
| VM Name | IPv4 | IPv6 | Location | Provider | Type | Description | Notes |
| ---------------- | -------------- | ------------------------ | -------------------------- | -------- | ---- | ----------------------------------- | --------------------------- |
| `eae-adp-jump01` | `162.55.53.85` | `2a01:4f8:c0c:1281::/64` | Germany - Nuerenberg - DC3 | Hetzner | CX11 | vpn and jump host for remote access | kvm access: `@hirnpfirsich` |
Networks:
---------
| Name | VLAN | v4 Space | v6 Space | Description |
| ---------- | ---- | ----------------- | -------- | --------------------------------------------------------------------- |
| `mgmt` | 1 | `10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks |
| `clients` | 2 | `10.84.2.0/22` | / | this is where the wifi clients live |
| `gigacube` | / | `192.168.8.0/24` | / | created by the gigacube. wan for our gateway |
| `backbone` | / | `10.84.254.0/30` | / | tunnel network between `gw-core01` and `eae-adp-jump01` |
WiFi Networks:
--------------
| SSID | Encryption | VLAN | Description |
| -------------------- | ---------- | ---- | ----------- |
| `GU Deutscher Platz` | / | 2 | |
Remote Access / VPN:
--------------------
Remote access is possible via a `eae-adp-jump01`.
`gw-core01` digs a wireguard tunnel into `eae-adp-jump01` (network: `10.54.254.0/30`, wg port `51820`).
This point-to-point link is used to establish an ospf adjacency between the two routers.
(`gw-core01` uses `frr` as the routing daemon, `eae-adp-jump01` uses openbsds own `ospfd`).
The most straight forward way to access machines inside the EAE is to use the `ProxyJump` feature of `ssh`.
Take a look at the `README.md` in the root of this repo for details.
In the future there maybe wg profiles for admins to directly route into the network.

2
documentation/layer1_overview.drawio
View File

@ -1 +1 @@
<mxfile host="app.diagrams.net" modified="2022-07-02T22:57:26.359Z" agent="5.0 (X11)" etag="-5CiJQ5CAa_DNUZglvCE" version="20.0.4" type="device"><diagram id="6Gaa_q8_w2FQ-ZHDfri3" name="Page-1">7V1tc5s6Fv41+dgMQgjwxyZtsruznelMZvZu75cOxrLNXmx5sBI799evAGGDjmJoakCO1aZ1OALZnOe8PDqS8A2+X+0fs2iz/MZmNL1xndn+Bn+5cd3QD8X/ueC1FHgBKgWLLJmVoprgKfmbSqEjpc/JjG4bJ3LGUp5smsKYrdc05g1ZlGVs1zxtztLmu26iBQWCpzhKofSPZMaX8raIc5T/gyaLZfXOyJEtq6g6WQq2y2jGdjUR/nqD7zPGePnban9P01x3lV7K6x7eaD18sIyueZcL8FPwn38tH/jrPnH/fnz6svqx/+OT55fdvETps7xj+Wn5a6WCjD2vZzTvBd3gu90y4fRpE8V5605gLmRLvkpl85ytuUQR+flxkqb3LGVZ0Reez6kfx0K+5Rn7i9ZaZsFkKnSH7+B9yVt9oRmn+5pI3ucjZSvKs1dximwlE1JeIo0OY4nB7gghqnBZ1uHzpDCSZrM49H3UrPhFKvdXFO0Nq+hZRMO5VtF+HNLp/DyKdkN8G7TrOhxW1QSo+k+aciHBQOXiPnlTr019rdmanlBulCaLtZDFQoVUNN7lqktE9PgsG1bJbJa/lxbNI96ODtD8WH5SjbP/OlYTgJXnQax8DVa4N6jcgcNPGFN9+JmGxCNnCj8ocFpdYjKsS+C3XALq+x0uIUWX5A0oNM0VnIETBKHhzNO5QuhOse+fxxX8dk8YNjngcFg1UyQUHejUPPEDHJ1JzSrhQR35Tn/mjM9OLFUiOXffIJL+1Cdn0isirXrFLhlSr6hdrdu/KI+XMo5uWLLmxYcgd+LHuRWf9t4p/hFx8r2QofxIyitZeYyaMu15yCsk1WutJSTkRFPRUp2i6S88toifYy75dzSl6Xe2TXjC8pwyZZyzVdNW1LzDWW5M0XZTjhDnyT63OpivCmXR7OsLLXVWJL9ltMkVu9ov8gHubZxsY4Ymt1nR190m+2dcfI5dktGUbrc/hVWXvSkW+/A5/6uzWMchToDPY7Ge04y4mrRGNIHA781eHWCfdCZG2PJQModm7mcZX7IFWwuwWY5cgcP/KOevMtBGz5w1Eaf7hP83v1zYZ3n0o9byZS97Lg5eq4O1uMHaRfnhj3rb8bLiqHHdd5olQkM50FI4+5yXG473JCQPSa6sLydp5ZY9ZzE9oUHp4DzKFpSfOE9SvFy7Jw1FmGnEk5dmfePsuENi/5gsovh5Sg0lnGfwPQyycDdO6fbmfAgou1fnq7ne0RHfcD5xAH1IOiRquOPRO81wSNzRIYlRDom8QW0BncsWnAFsYSuw5MoZ77cPEnQ0EGRWyIY1AkstjaCWZjFK5HejlKS3Sgmw08XuU8wy6sB092G5hW4oOiy3CEYk9ocU8o580iT7B6rxZj7pi0aQjlkiNCtJwKRQh/2I8Nej1ECGqQ75brFnFsnsah2uZ5Z5nGaZPZtHk3QG1j6EfZgVPuDU7C9yTAeVHE6+1tjdJGxrka+1lqo32OJCMqsjuIWV6VmvSzRCnSxQ3zvQEGQdaS7fQsek1S519Fr5kBfBhFP353aXFOYxDhlGE8PIMIZrGobMx+cotxoXW/2usdU3KrbCGbft7lMUx3S7/cgjIxS0j4x0c8y9jYyC9hwH0xouwnE+a9osWYRvpaHca5TKh6s5dxLoOi4Tjx+Ak2U6BClJl30c942zlc67ZZZG2h84zRzm7kpv+VlcC1PMIZFoPaWH7NJx8q635ALXSkSbTzGZXVE0mYwcTA6rh22Z5X3JHHWdrkETo7I5+u1yvB0q2aHSiEMlH5s2VCJ2qHT26Np1rFQZgynR9dRgCQbaD0NvfGTYYAl1WI9rR0t2tNQhwYw9WqoIZHO4hKJqyfk1xJPRh0u/vT7asuZrYs1bmr3oltb0Hrwwag1ebnBLnPofb8Bg5p6eVzBk3Xa+oqvBj2sCMwhyFX8ubfm2C+Lo8nVDs488kaDZIKtJZ4MusnI77Bq37NiyY401q9vyx66+VNvkmuw4nHvQoj9MRFF2v3pjD7bdDpsybTix4aTD1OT48QROs4t44kwnk48bT9TJyfEDiq3e2YDyXrYdgkcHjR5TtBW82Kv2XnzEmKJ5hNPoYaUq7NqwYsPKb04KYDJyTMGwIi1iijudzj9uTFFnBTzNRvhhAwoki3c39/jm7j5jhsIwwuPgOm4p7O+ZQTD9yqeUmZp/+wbJd81CyIPBTCJkal24b4SUR/2N/xg5GOkkQnBn3nUgpPrQ+BDBQTPlS7jO1zx4HAUefAZ4PDXEaeCpVu4NwhU8mIUEPKZWqfuGB/sKPJopsUHhIXBsKOC5hODWCzxhM/+M7j0EMgQBz1kevHyB8HhEgScYGx4XwJNG60sgb33Ac1h1Yww8cNOHgOcSRj+9wENAidjVVBKGRQiuyBAIXWt8A8/HHd2B4CoDAc+1sgNXWWR40Pto8MAFCAKea+XWKjzjkzdYPLhidgAeqj56cOsw234Rz/RUnu8atK/ZHf1ZrtIzzrc8V176vZgne3vAUH1NRdVFeUfyqqM9gY7A7ku1o/KWQUeFYR7u5zdsFVZRrjjS+75hkd6HVZQrprE+MYwn+bCKQpzVBaFT323+4Dihito5CvtEpU+a/FzVO4ZBDRZXLGqtvhaOjRqsuVjUWkeSo6MG6zChRU2dHXBNQw2WZ7BFTS2qVd9TaQxqsGqDHi8TNMfJYeslQAa3ympmXak6GBI2WM2xsKm+hhzjYINVHuQ43yxwSmrzwfaB0ZGDNQ/rcID+h2aBFsBKiAUNjLTV5KZdBjQobLBCYmEDKx+bRBLpylqDggYLJBa0li/6GR80WB+xoAE20sxq2vr+oKDB8ogFTeX+ocr9x/c1WB+xsIENqxOwcUk3Mz8obroHa/jRKtdammMl2oitc4GZgA7+N2ilK9B9d4PFsWWRM/KNw1G3Usbi2EJivNAwFGE9xaLYiiJCXdLjoECGsMZigWzlOQ6ocPbokeIwY4zXF4Hlz3f4xmY0P+P/</diagram></mxfile>
<mxfile host="app.diagrams.net" modified="2022-07-03T01:18:35.647Z" agent="5.0 (X11)" etag="15O49dfz7zvIiD1srMjG" version="20.0.4" type="device"><diagram id="6Gaa_q8_w2FQ-ZHDfri3" name="Page-1">7V1Zc6O4Fv41ebQLIcTy2Fmnb92e6Zr0nb7dLykMss2MbVyYxE7/+hEgDOjIhjhsjnEvCZKQ4XxnRzpc4Zvl7iGw1/MvvksXV6ri7q7w7ZWqmrrJ/o8aXpMGRAyUtMwCz+VtWcOj94vyRoW3Pnsu3RQGhr6/CL11sdHxVyvqhIU2Owj8bXHY1F8Uv3VtzyhoeHTsBWz97rnhnN8XUbL236g3m6ffjBTes7TTwbxhM7ddf5trwndX+Cbw/TD5bbm7oYuIeCldkvPuD/TuLyygq7DKCfjR+Os/8/vwdeepvx4eb5c/dt9Hmp5M82Ivnvkd86sNX1MSBP7zyqXRLOgKX2/nXkgf17YT9W4Z6KxtHi4XvHvqr0KOItKjY2+xuPEXfhDPhadTqjsOa9+Egf8PzfW4hjVhtMPX8L74rb7QIKS7XBO/zwfqL2kYvLIhvJdYJDmFcx3GHINtBiFKcZnn4dN4o83ZZrafO6Ms+4UT9y2E1toltGtTcyoltO6YdDKth9CqicdGOa3NdklNAKl/0kXIWjAgObvPsEjXIr1W/ooeIa698GYr1uYwElLWeR2RzmPa4xPvWHquG32XFM0Mb0UGaHTMr1Qi7G/HygJYaRrESpdghRuDSm1Z/ZgOlaufiUk0UpP6QYZSKhJWuyKBD4kEpPcJIsGbzkkakNk3UVBaNhCEmq4mEwVTnWBdr0cU9HJJaNc4YLNdMlPECG3IyGzpBrZrIrPo8KCK/k5z7IxrdyxFR3KqHnAk9YlOaqIrIqV0xSppk66onKybf2jozLkeXfveKowvglyzv8qYXe2NEv8jbPANa0PREW9P25JjVGyTjkNa3JL+zPWYhBzpinvSIZL5zKyH/c1syX/tCV189Tde6PmRTZn4Yegvi7wi2p3Qj5jJ3qyTCHHq7SKug/YqJhYN7l5oQrPY+M3tdUTY5W4WRbhjx9s4PrLGQTzX9Tr47MTXsfUCuqCbzRPj6mQ2gWPvP0V/ZByrKEQxcD0cqylFjSsxa0SiCPTG+FUB/EldFmHzQ+45FG2/H4Rzf+avGNh+hFyMw980DF+5orWfQ7+ION154f+j0xl/Jkc/cj23Oz5zfPCaHqzYDeZOig5/5Puy0+KjwnlfaeAxCkVA80b3U5RuyO6Jtdx7EbFuj7qVG/85cOgRCnIBD+1gRsMj47iLF1H3KKMwNrVD76WY36gdd+jYP3gz23me0J46nDXIHgZWuJpPqTYmfAgQu1Hhy4leJogHhI8dQBniAokK4phJZz8EElcUSNIrgURaq7yA6uIFpQVe2DAsQ2HE6fxBjIoMgjpT2dT6EXpf/vo5+/zd+fRt9r8/ft7+OZK4knkOyZjhLmu9dp6Dl70LX6MZjz3DPAtFfmGnCsW1N/P9neajvkMcFLfluCzHhc7C3mw8p8CI0PDFrmH02fekjyDUPYMKvFObRpNyCH4ne8anMhrYr7kBPELJZv4aNeRiW1L0aJFu5Fm9dPwIcbOcyUZyCZmk7O/lHfHuEJf1My7rVziG9GrxGGkszQj4dLYdOX5AFegrfljHXJbHadcxN9p1zAtR8d50nuCMFSPlvVk9aEeb8sFJRRfL7JUPjk/xsPoXnon5kjHW+hWhVeUOVesXexwP0Rpmj2LEZgz8wfijX+oDrmt4o4+poMSH4z9z3p1llvXwn7medDbYo0JnVubgxlwm93pVImmUtRnidxsSB1nmNCdfIfOkxSll7rVwkWfhCS/Up83Wi9mjG2cYWT1zhjFcENSmPa7jWUXvdKteVbfqvdKt8HH1ZjuyHYduNh85MkJGeWQkW6DRWGRklNs4aNZwrI6jJQfFlIV5yAxFUiNkPlTJWMuQTZwYHt0Ag7k5BCZJZn0U9cBoYfJqlqVg9ls2M/sH34m0PMXnQhOzNyRSSWnAulR88t2YcYELjez1yCHuBWkTq2Nlsl96P6RZTjPmqOqzTmT1ypqjd6fjh1BpCJU6DJV03LdQiQyhUu3atWqslDJDX7TrsWAJKtoP497oqGfBEqqwmH2IloZoqYKB6TpaSh3IYriE7HS/xiXok87DpXdvLhi85kvymjc0eJEtrWlceWFUqrxUY0yU/EdrUZmpx58r9GTTA19RmfnHuYZ+OMip/jm3vQ8q0KPz1zUNPvKDBMnucok5a3WRlVqh5MLgHQ/esYSbxZoWXWdf0j2mRe/YnGqQoz+MRhG2jmtdB9tqhR3NgzoZ1EmFR5Pd6xP4mJ3pE2ViWR9Xn4gPJ7tXKEP2blAop3rbJqi71blOkWbwHC3de/ERdYqk/lnnaiVN7A5qZVAr73wogEnHOgXDjDTTKepkMv24OkV8KqBJqki0q1Cgs3h9dYOvrm8Cv6cwdFBLseKWwuYKbkHzy0v89dX+Ng2SrvYLIQ0qM45QX/PCTSMk1MnsvgYj1HQcIbgz7zIQEmWoe4hg0EzDOVzn2z94FAEeXAM8mqjiJPCkK/da8RU0aIUYPH3NUjcND9YFeCSPxFqFh8DYkMFzDsqtEXjMov3pXHoI9BAYPLVULT9DeDSx8I/RNTwqgGdhr87BeWsCnv2qm97AAzd9MHjOIfppBB4CUsSqJJPQLkJwRQZD6FL1Gygu3bkAwVUGDJ5L9Q5UYZHhnu6dwQMXIDB4LtW3FuHp3nmDyYML9g7AGwk6V24VnrafRUFcoZapUb5mt/NCyFwy6luey08VKn+CgCF9x0s6RXJH/KyMn8BEYPelOFFyy2CiuoqJEphFuWBNr+s90/Q6zKJcsBurk575STrMohBleUbo5Heb3yuKKaJWR2KfiO6TxD6n+Y52UIPJlQG1Ulkzu0YN5lwG1Eojyc5Rg3kYc0BNfDqg9g01mJ7BA2piUi19yWtvUINZG/RwnqApSgRbIwrSGAurmWWpaqNN2GA2Z4BNlDWk9A42mOVBivJlAE4wbTrYPtA5cjDnMQgccP/NfoFmwEzIABqItEXjJl0G1CpsMEMywAZWPhYdSSRLa7UKGkyQDKCVvOine9BgfmQADXgjRasmze+3ChpMjwygib6/Kfr+3csazI8MsIENqxbYuCR7Mt8qbrLCGrq9jKi2iLBifWTIc4EnARXkr9VMlyF7d8OAY8kiZ6T3DkfZSpkBxxInRjN7hiLMpwwolqKIUBXz2CqQJsyxDECW+jkKyHC2KZHSt2ejCvUIZ4x86wM3qyqOv1pRJ7Qn6XDlAKkOMzixxki3so9eoNEISTZJI10f65Jz8kTbn1f/W+nLiSZWM0nqf4jlSdS4GZQfjoeNFbG4SKQ+D5UJ1sU54iIpY1MsnhJt+AZVS5AuDO5/eRJn4T+7qqAsmPRiJr/394c0y0EuznPrEUGBPCzypCRIQUpTfCh1imL9O2G/zKJfPv/+7e7P3+++pR3se/Z9PdXP9YO0z8SNTQzLLx8u2GwiiGYdu8jlF39SLUeFlzC3xEJEsiJJhn5YgViqWPiIt1ug7pFxoEPRePEjAnr4ZWr4fDQMnj1psydv5bIvCiNef1vpI9HLCPzQ5reHMGmSzQk5xuaS5zypyW7H44CbH7suOq5dFXYvKOXvNpNUHBfxLtviIHlVU/TZ93zn+KA9qwhbFUr3R0jJz5khvz/isIvzjt0Q7+ORk964OajC81OFI62yKizLWYlrRzpWczDVsZ2dcUmYd4FDiCYkFEct7peR67cKFSkbD3yFWh8j2TYVS8K1VlNUefcrKg+92qZC7UzpOMT1KP+Zj28JOdKVxLMEaN90PjPr6eVrbMSXPzJODGWvtan85sdT/MyEG4/kswCzNlWI85grky9MY9OR7a5Hfz8v11H2hMfCQRrw/rGmq+vHW9jxGw1/rRh9+6me60fwtQhNibrR3o4gOwx8P8xvQY34+4vv0mjEvw==</diagram></mxfile>

BIN
documentation/layer1_overview.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 65 KiB

After

Width:  |  Height:  |  Size: 85 KiB