Update info on switches, breakout VLANs to their own page

COSI-Lab · Dec 17, 2023 · a308348 · a308348
1 parent eae51b9
commit a308348
Show file tree

Hide file tree

Showing 2 changed files with 99 additions and 18 deletions.
diff --git a/src/infrastructure/network/switches.md b/src/infrastructure/network/switches.md
@@ -2,33 +2,60 @@
 
 The purpose of this document is to provide more detailed descriptions of our managed network switches. 
 
-## F2
+## FHILL
 
-_updated: Jan 12th 2023_
+_updated: December 17th, 2023_
 
-F2 is currently our top level fiber networking switch. It is a Juniper QFX 3500 running `JUNOS 12.3X50-D30.2`. The management interface is assigned to `128.153.145.21`.
+FHILL is currently our top level fiber networking switch. It is a
+[Mikrotik CRS326-24S+2Q+RM](https://mikrotik.com/product/crs326_24s_2q_rm)
+running `RouterOS v7`. The management interface is assigned to `128.153.145.21`,
+and is currently only accessible by plugging in to one of the service ports.
+If in doubt, the Ethernet port labeled `MGMT/BOOT` should always be configured
+to allow access to the management interface.
 
 | Ports | Count |
 |-------------|-------|
-| SPF+ (10G)  | 48    |
-| QSPF+ (40G) | 4     |
+| SPF+ (10G)  | 24    |
+| QSPF+ (40G) | 2     |
 
-The switch is physically split into 6 groups of 8 SFP+ ports and 1 group of 4 QSPF+ ports. 
+The switch is physically split into 3 groups of 8 SFP+ ports and 1 group
+containing the 2 QSFP+ ports. It also has a 100M Ethernet port for management.
 
 ```
-| 0 | 2 | 4 | 6 |   | 8 | 10 | 12 | 14 |   | 16 | 18 | 20 | 22 |   |  Q0  |  Q2  |   | 24 | 26 | 28 | 30 |   | 32 | 34 | 36 | 38 |   | 40 | 42 | 44 | 46 |
-|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|------|---|----|----|----|----|---|----|----|----|----|---|----|----|----|----|
-| 1 | 3 | 5 | 7 |   | 9 | 11 | 13 | 15 |   | 17 | 19 | 21 | 23 |   |  Q1  |  Q3  |   | 25 | 27 | 29 | 31 |   | 33 | 35 | 37 | 39 |   | 41 | 43 | 45 | 47 |
+| 0 | 2 | 4 | 6 |   | 8 | 10 | 12 | 14 |   | 16 | 18 | 20 | 22 |   |  Q0  |   |      |
+|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|---|------|
+| 1 | 3 | 5 | 7 |   | 9 | 11 | 13 | 15 |   | 17 | 19 | 21 | 23 |   |  Q1  |   | MGMT |
 ```
 
-We've allocated (but have not configured) groups of ports to map to certain VLANs. Likewise, even number SFP+ ports are allocated for 10 gigabit while odd numbers are allocated to 1 gigabit. 
+We've configured groups of ports to map to certain [VLANs](../network/vlans.md).
 
-| Ports | VLANs    | Speed |
-|-------|----------|-------|
-| 0-7   | v2\_wan  | 10 G  |
-| 8-15  | v2\_wan  | 1 G   |
-| 16-23 | TBD      |       |
-| 24-39 | v3\_lan  | 10 G  |
-| 40-47 | v3\_lan  | 1 G   |
+| Ports | VID | Name       | Speed |
+|-------|-----|------------|-------|
+| 0-7   | 3   | cosi\_priv | 10 G  |
+| 8-15  | 2   | cosi\_pub  | 10 G  |
+| 16-23 | 1   | service    | 10 G  |
+| Q0-Q1 | 1   | service    | 40 G  |
+| MGMT  | 1   | service    | 100 M |
 
-On the back there are 2 RJ45 ports for management over IP and a RJ45 port for serial management using a cross over serial cable. The serial connection has a baud rate of `9600`.
+## FCOLO
+
+_updated: December 17th, 2023_
+
+FCOLO is our fiber network switch in COLO, which we are planning to use as our
+top level switch once we have moved some critical infrastructure there. It is a
+[Mikrotik CRS326-24S+2Q+RM](https://mikrotik.com/product/crs326_24s_2q_rm)
+running `RouterOS v7`. Its management interface is currently not accessible.
+
+| Ports | Count |
+|-------------|-------|
+| SPF+ (10G)  | 24    |
+| QSPF+ (40G) | 2     |
+
+The switch is physically split into 3 groups of 8 SFP+ ports and 1 group
+containing the 2 QSFP+ ports. It also has a 100M Ethernet port for management.
+
+```
+| 0 | 2 | 4 | 6 |   | 8 | 10 | 12 | 14 |   | 16 | 18 | 20 | 22 |   |  Q0  |   |      |
+|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|---|------|
+| 1 | 3 | 5 | 7 |   | 9 | 11 | 13 | 15 |   | 17 | 19 | 21 | 23 |   |  Q1  |   | MGMT |
+```
diff --git a/src/infrastructure/network/vlans.md b/src/infrastructure/network/vlans.md
@@ -0,0 +1,54 @@
+# VLANs
+
+_updated: December 17th, 2023_
+
+COSI has allocated the following VLANs:
+
+| VID | Name       | Active? |
+|-----|------------|---------|
+| 1   | service    | yes     |
+| 2   | cosi\_priv | yes     |
+| 3   | cosi\_pub  | yes     |
+| 4   | 146        | no      |
+| 5   | phones     | no      |
+| 6   | iot        | no      |
+| 7   | cameras    | no      |
+
+
+## VLAN 1: `service`
+
+Since this is the default VID on many switches, it is never configured to allow
+access to the interent. Whenever possible, it should be used for unassigned
+interfaces and to provide access to management interfaces for our switches.
+
+## VLAN 2: `cosi_priv`
+
+This VLAN is our "default", and is behind our
+[firewall](../../services/firewall.md). Any personal computer, or any server
+that does not need direct from the Internet should be here.
+
+## VLAN 3: `cosi_pub`
+
+This VLAN has a direct connection to OIT, and is not protected by the 
+[firewall](../../services/firewall.md). Only servers that need direct, 
+unfiltered access to the Internet (ex. [Mirror](../../mirror/introduction.md))
+should be on this VLAN.
+
+## VLAN 4: `146`
+
+This VLAN was used for the 128.153.146.0/24 subnet, but is not currently active.
+
+## VLAN 5: `phones`
+
+This VLAN was used for our VOIP phones.
+See [Asterisk](../../services/asterisk.md) for more information.
+
+## VLAN 6: `iot`
+
+For untrusted devices that require an internet connection
+(ex. smart home devices). It is currently unused.
+
+## VLAN 7: `cameras`
+
+This VLAN was used for untrusted devices that do NOT require an internet
+connection. It is currently unused.