FHQ
From What The Wiki?!
| Volunteer Team | |
|---|---|
| Name | FHQ |
| Coordinator | Alex Bik Walter Belgers |
| Coordinator Mail | alex@bit.nl walter+wth AT belgers DOT com |
| Team | |
| Mailinglist | fhq@team.whatthehack.org |
| Phone | 1132 or 2278 (network support team) |
| Location | A1 |
Contents |
What we do
- Core network / switches
- Servers (DNS/DHCP/WWW)
- Wireless (Is being coordinated by Mac)
- CERT/Abuse/Rogue DHCP neutralization/Monitoring
- Physical network & repair
Public network information page
Please help fill the PublicNetworkInfo page, that's stuff the users should know.
Core network / switches
Available hardware
Switches / Routers
- Juniper M40 (I believe we get 2 from XS4all to borrow one on each side of the fiberlink (t1k))
- Foundry JetCore
- 50 x HP procurve 2626 switches (46 deployed)
- 3 x HP procurve 2824 switches (1 deployed)
--Dre 27 July 2005 18:13 (CEST): The Foundry Jetcores are placed in the NOC, WTB and MOA. They are configured to form a ring network with a 10 gigabit backbone.
The HP Procurve switches form 2x1Gb rings both attached to the 10Gb ring.
The HP procurves can be reached by snmp (only accessible through vlan v_admin) and have the following ip's:
87.76.82.100 r1-x1-cafetaria
87.76.82.101 r1-y1-cafetaria
87.76.82.102 r1-x2-a4n
87.76.82.103 r1-y2-a4n
87.76.82.104 r1-x3-a4s
87.76.82.105 r1-y3-a4s
87.76.82.106 r1-x4-a5n
87.76.82.107 r1-y4-a5n
87.76.82.108 r1-x5-gig (HP 2824)
87.76.82.109 r1-y5-gig
87.76.82.110 r1-x6-a5s
87.76.82.111 r1-y6-a5s
87.76.82.112 r1-x7-t3
87.76.82.113 r1-y7-t3
87.76.82.114 r1-x8-t4
87.76.82.115 r1-y8-t4
87.76.82.116 r1-x9-t2
87.76.82.117 r1-y9-t2
87.76.82.118 r1-x10-t1
87.76.82.119 r1-y10-t1
87.76.82.150 r2-x1-poc
87.76.82.151 r2-y1-poc
87.76.82.152 r2-x2-ccc
87.76.82.153 r2-y2-ccc
87.76.82.154 r2-x3-a7s
87.76.82.155 r2-y3-a7s
87.76.82.156 r2-x4-cert
87.76.82.157 r2-y4-cert
87.76.82.158 r2-x5-obsd
87.76.82.159 r2-y5-obsd
87.76.82.160 r2-x6-extra
87.76.82.161 r2-y6-extra
87.76.82.200 s1-x-hammocks
87.76.82.202 s2-x-sec-nl
87.76.82.204 s3-x-crew
87.76.82.206 s4-x-e1
87.76.82.208 s5-x-cypherpunk
87.76.82.210 s6-x-iguana
87.76.82.212 s7-x-AV
87.76.82.214 s8-x-lockpick
87.76.82.215 wtb-north
87.76.82.216 wtb-center1
87.76.82.217 wtb-center2
87.76.82.218 wtb-south
87.76.82.219 fhq
Servers
??? (alex, can you shed some light on this topic)
What will we have to toy with ;) Some numbers and specs might be useful... So we can see what might still be needed and try to get our hands on it.
Vasil: This is what I see:
- wth-srv-1 87.76.83.130
- Pentium 3/700 , 1GB ram, 9GB scsi drive, 3c905B NIC
- server for the administrative purposes of the field/tent switch configuring team
- wth-srv-2 87.76.84.17
- WINS server, Windows 2003
- wth-srv-3 87.76.84.18
- Dual Pentium3/1GB, 512MB ram , 9GB scsi drive, two intel EEpro100 NICs
- for spongebob
- wth-srv-4 87.76.84.19
- Pentium 3/500, 256MB ram, intel EEpro100 NIC, 10GB IDE drive
- clustered services
- wth-srv-5 87.76.84.20
- Pentium3/600, 256MB ram, intel EEpro100 NIC, 9GB SCSI drive
- clustered services
wth-srv-4 and wth-srv-5 form a HA cluster (using heartbeat) and transfer the ip addresses for the services between them. They also run DHCPD in failover mode.
All machines except wth-srv-2 run Debian stable, with kernel 2.6.12.3.
Co-located machines
- HP machine for shell server, 87.76.86.2, owner Scrumpy
- AMD64 machine, 3Gig of memory, 87.76.86.3, owner fabien
- FTP server on ftp://87.76.86.3
- FTP indexer on http://87.76.86.3/ftp/
- Web usenet indexer on http://87.76.86.3/
- A vserver on this for the OpenVPN stuff, 87.76.86.5, admin User:Felix Gröbert
- Mac mini, 87.76.86.4, owner dieppiej
- Archive Server1 @ archive.org1 on 87.76.86.6
- Archive Server2 @ archive.org2 on 87.76.86.7
Volunteers
- FooBar, maniac.nl AT gmail.com (arrival 23rd)
- LauPro, info@laupro.nl
- manduca, jeroen AT demeijer DOT com (event arrival: 21-7)
- Peanut, p.boven AT chello.nl
- Thali, jancfk AT web_D0T_de (dect 5265)
- brand, whatthehack AT brand.vvtp.tudelft.nl (arrival 23rd, maybe 22nd)
- Felix, fg at infoflood.de (doing OpenVPN) (dect 3359)
- Reggie, reggie@softhome.net
- Arien, arien AT vijn.net, phone 2116
- T1000, ernst at rent-a-lan.nl
- Dvorak, dvorak@xsall.nl
- bounce, will concentrate on preparation and not operations this time
- hpromatem, iljitsch monkeytail muada.com
- maniax (Vasil Kolev), vasil@ludost.net Servers, phone 2170
- Scrumpy, wth2005@smurfnet.xs4all.nl (arrives @ Juli 23rd)
- chervarium (Atanas Bachvaroff), bachvaroff@nove.bg (dect 8192)
- Dre (Andre de Jong), andre at rent-a-lan.nl
Services
We have the following services configured:
- DHCP on the HA cluster
- PEG-DHCP should be used for the wired network, and also for the OLSR wireless-mesh.
- DHCP (regular) should be used for the wireless (managed) network.
- DNS server
- We have a resolver running at 87.76.84.3 and 87.76.84.4
- We don't plan on having an automatic system for dns updates - if you want something, come to the NOC with some beer :)
- We have the autoritative forward and reverse lookup zones. If you want to change something in them, make it on wth-srv-4.
- Please follow the user.something.whatthehack.org scheme that's already in the files.
- FTP/HTTP fileserver (for the recorded video-sessions, user-uploaded files etc)
- We'll have a machine from Archive.org to dump stuff on, with enough space, we should use that one. There's not enough space on out servers
- OpenVPN
- as an alternative to IPSec we provide an OpenVPN Server to secure the networkpath from the users client (Win, Mac, *BSD, Linux, etc; wired(?) & wireless) up to the OpenVPN Server somewhere in DMZ. That way the client can securely transport sensitive data over a insecure network (i.e. wireless). more info here
Co-located services:
- Shell server, for terminal users - 87.76.86.2
- SSH for those using mobilephones with 802.11 & Putty.
- brought an HP D370/2 for this. currently being installed - Scrumpy
- SSH for those using mobilephones with 802.11 & Putty.
- IRC
- IRC server on 87.76.86.4, is connected to IRCnet. Ask dieppiej for details.
- irc.colo.whatthehack.org, IPv4 only
- IRC server on 87.76.86.4, is connected to IRCnet. Ask dieppiej for details.
- NNTP
- Text-only should be doable
- Binary would be really nice, however a whole lot of work for 4 days
- fabien is co-locating a machine that will index the binary newsgroups - http://87.76.86.3/ UPDATE: we provide access to giganews, the biggest binary usenet server (50 days of retention ... :) and nntp.whatthehack.org (which has a lot too).
Stuff that we still don't have or don't have information about:
- Jabber
- Use jabber.xs4all.nl, or do we set up our own server... I don't think it would be needed
- jabber.ccc.de folks (like Fh are also on the camp - you could contact them.
- jabber.xs4all.nl sucks, sorry to say. The need of an own server at WTH depends what some people are planning to do with jabber at WTH - it might be a nice toy. I (fh) hereby volunteer to set such a jabberd up if someone provides hardware. Opinions?
- jabber.ccc.de folks (like Fh are also on the camp - you could contact them.
- Use jabber.xs4all.nl, or do we set up our own server... I don't think it would be needed
- VOIP
VLAN & IP plan
It appears alex figured it out on network.
There's nothing there. Please fix this.
(Some info on how to get on the mailing list wouldn't be a bad thing either.)
Hpromatem 00:30, 7 Jul 2005 (CEST)
IPv6
We have ipv6 running in the VLANs, the servers support IPv6 and have addresses and we have a dns resolver for v6 addresses, all should work. Vasil
Monitoring
To monitor the network and power its maybe an idea to setup a 'control center'. And to display on every screen a device (like a switch or router etc). When there is something wrong with a device the screen will give a big red visual sign so we can repons directly instead of getting annoyed people at the infodesk complaining that switch #23 is down. Maybe send a SMS to some people when this monitor-system has detected a real big problem.
- We can set up [Nagios] or something alike. Here are some [screenshots] to get an impression of what it looks like.
LauPro has some experence with setting up a kind of multi-display thing and the software to monitor.
It'd be nice to have a couple of things. First, and foremost, a way to add and remove devices *quickly*, without having to type in screen coordinates for the icons. As much as I usually hate it, clickibunti is helpful here.
- there is a tool for nagios (written in tk), AFAIK called nagiosmap, which can do the placement of the incons on the status map easy. maniax
Of less importance; I'd like the system to have a way to export device and
link up/down events real-time, like dump them into a pgsql database or something. It looks like we might have use for such.
Bounce
- A simple parser for the nagios.savcould to the job (or maybe the pgsql plugin had the ability to hold the status in the databse, I can't really remember). maniax
- See the Monitoring page for more information.
Rogue DHCP
As bounce suggested on the mailing list, brand rewrote the rogue DHCP detector script (this time in C instead of PHP ;-) ). With some minor (depending on wether we just want to DoS them or turn off their switch port) scripting around it, it should work. The source is here. (not extensivly tested!)
Meetings/Discussions
Probably after the main points are clear (e.g. what and how much servers), there should probly be a meeting to discuss OSes (and to have a good flamewar about them), software, who will be hosting stuff on the machines (because the content AFAIK isn't a problem of the FHQ team), etc. It's probably a good idea to make them on irc (or something similar), because not everybody can attend a RL meeting. maniax
