From a3083483c9dbf7f3ba66116716bab4b4e26c5f16 Mon Sep 17 00:00:00 2001 From: Juno Date: Sun, 17 Dec 2023 11:47:58 -0500 Subject: [PATCH] Update info on switches, breakout VLANs to their own page --- src/infrastructure/network/switches.md | 63 ++++++++++++++++++-------- src/infrastructure/network/vlans.md | 54 ++++++++++++++++++++++ 2 files changed, 99 insertions(+), 18 deletions(-) create mode 100644 src/infrastructure/network/vlans.md diff --git a/src/infrastructure/network/switches.md b/src/infrastructure/network/switches.md index 230ab84..0d5b7c3 100644 --- a/src/infrastructure/network/switches.md +++ b/src/infrastructure/network/switches.md @@ -2,33 +2,60 @@ The purpose of this document is to provide more detailed descriptions of our managed network switches. -## F2 +## FHILL -_updated: Jan 12th 2023_ +_updated: December 17th, 2023_ -F2 is currently our top level fiber networking switch. It is a Juniper QFX 3500 running `JUNOS 12.3X50-D30.2`. The management interface is assigned to `128.153.145.21`. +FHILL is currently our top level fiber networking switch. It is a +[Mikrotik CRS326-24S+2Q+RM](https://mikrotik.com/product/crs326_24s_2q_rm) +running `RouterOS v7`. The management interface is assigned to `128.153.145.21`, +and is currently only accessible by plugging in to one of the service ports. +If in doubt, the Ethernet port labeled `MGMT/BOOT` should always be configured +to allow access to the management interface. | Ports | Count | |-------------|-------| -| SPF+ (10G) | 48 | -| QSPF+ (40G) | 4 | +| SPF+ (10G) | 24 | +| QSPF+ (40G) | 2 | -The switch is physically split into 6 groups of 8 SFP+ ports and 1 group of 4 QSPF+ ports. +The switch is physically split into 3 groups of 8 SFP+ ports and 1 group +containing the 2 QSFP+ ports. It also has a 100M Ethernet port for management. ``` -| 0 | 2 | 4 | 6 | | 8 | 10 | 12 | 14 | | 16 | 18 | 20 | 22 | | Q0 | Q2 | | 24 | 26 | 28 | 30 | | 32 | 34 | 36 | 38 | | 40 | 42 | 44 | 46 | -|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|------|---|----|----|----|----|---|----|----|----|----|---|----|----|----|----| -| 1 | 3 | 5 | 7 | | 9 | 11 | 13 | 15 | | 17 | 19 | 21 | 23 | | Q1 | Q3 | | 25 | 27 | 29 | 31 | | 33 | 35 | 37 | 39 | | 41 | 43 | 45 | 47 | +| 0 | 2 | 4 | 6 | | 8 | 10 | 12 | 14 | | 16 | 18 | 20 | 22 | | Q0 | | | +|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|---|------| +| 1 | 3 | 5 | 7 | | 9 | 11 | 13 | 15 | | 17 | 19 | 21 | 23 | | Q1 | | MGMT | ``` -We've allocated (but have not configured) groups of ports to map to certain VLANs. Likewise, even number SFP+ ports are allocated for 10 gigabit while odd numbers are allocated to 1 gigabit. +We've configured groups of ports to map to certain [VLANs](../network/vlans.md). -| Ports | VLANs | Speed | -|-------|----------|-------| -| 0-7 | v2\_wan | 10 G | -| 8-15 | v2\_wan | 1 G | -| 16-23 | TBD | | -| 24-39 | v3\_lan | 10 G | -| 40-47 | v3\_lan | 1 G | +| Ports | VID | Name | Speed | +|-------|-----|------------|-------| +| 0-7 | 3 | cosi\_priv | 10 G | +| 8-15 | 2 | cosi\_pub | 10 G | +| 16-23 | 1 | service | 10 G | +| Q0-Q1 | 1 | service | 40 G | +| MGMT | 1 | service | 100 M | -On the back there are 2 RJ45 ports for management over IP and a RJ45 port for serial management using a cross over serial cable. The serial connection has a baud rate of `9600`. +## FCOLO + +_updated: December 17th, 2023_ + +FCOLO is our fiber network switch in COLO, which we are planning to use as our +top level switch once we have moved some critical infrastructure there. It is a +[Mikrotik CRS326-24S+2Q+RM](https://mikrotik.com/product/crs326_24s_2q_rm) +running `RouterOS v7`. Its management interface is currently not accessible. + +| Ports | Count | +|-------------|-------| +| SPF+ (10G) | 24 | +| QSPF+ (40G) | 2 | + +The switch is physically split into 3 groups of 8 SFP+ ports and 1 group +containing the 2 QSFP+ ports. It also has a 100M Ethernet port for management. + +``` +| 0 | 2 | 4 | 6 | | 8 | 10 | 12 | 14 | | 16 | 18 | 20 | 22 | | Q0 | | | +|---|---|---|---|---|---|----|----|----|---|----|----|----|----|---|------|---|------| +| 1 | 3 | 5 | 7 | | 9 | 11 | 13 | 15 | | 17 | 19 | 21 | 23 | | Q1 | | MGMT | +``` diff --git a/src/infrastructure/network/vlans.md b/src/infrastructure/network/vlans.md new file mode 100644 index 0000000..855ddb1 --- /dev/null +++ b/src/infrastructure/network/vlans.md @@ -0,0 +1,54 @@ +# VLANs + +_updated: December 17th, 2023_ + +COSI has allocated the following VLANs: + +| VID | Name | Active? | +|-----|------------|---------| +| 1 | service | yes | +| 2 | cosi\_priv | yes | +| 3 | cosi\_pub | yes | +| 4 | 146 | no | +| 5 | phones | no | +| 6 | iot | no | +| 7 | cameras | no | + + +## VLAN 1: `service` + +Since this is the default VID on many switches, it is never configured to allow +access to the interent. Whenever possible, it should be used for unassigned +interfaces and to provide access to management interfaces for our switches. + +## VLAN 2: `cosi_priv` + +This VLAN is our "default", and is behind our +[firewall](../../services/firewall.md). Any personal computer, or any server +that does not need direct from the Internet should be here. + +## VLAN 3: `cosi_pub` + +This VLAN has a direct connection to OIT, and is not protected by the +[firewall](../../services/firewall.md). Only servers that need direct, +unfiltered access to the Internet (ex. [Mirror](../../mirror/introduction.md)) +should be on this VLAN. + +## VLAN 4: `146` + +This VLAN was used for the 128.153.146.0/24 subnet, but is not currently active. + +## VLAN 5: `phones` + +This VLAN was used for our VOIP phones. +See [Asterisk](../../services/asterisk.md) for more information. + +## VLAN 6: `iot` + +For untrusted devices that require an internet connection +(ex. smart home devices). It is currently unused. + +## VLAN 7: `cameras` + +This VLAN was used for untrusted devices that do NOT require an internet +connection. It is currently unused.