Network

Keybinding Markup

---
title: Network
---

A project to construct a reliable, low-cost, secure, [IPv6][1] gigabit intranet. At home.

# Servers

## By Name

*   ~~[Azathoth][2] - Phase I general purpose gateway~~
*   ~~Byatis~~ 
*   ~~[Niggurath][5] - general purpose app server~~
*   ~~[Hastur][6] - media processor and storage~~
*   [Cyclops][7] - new media server 
*   [Yuggoth][8] - publicly accessible services 
*   [Pixie][9] - home automation controller

## By Service

*   [Perimeter Router][10] 
*   [Log Server][11] 
*   [Storage Server][12] 
*   DNS1 
*   DNS2 
*   VoIP Gateway 
*   [Mobile Router][16] 
*   [Automation Hub][17] - for [Home Automation][18] 
*   [Authentication][19] 
*   [Monitoring][20] 
*   [Power][21] distribution

# Network Hardware

*   TP-Link [WDR3600][25] x2 - wireless N600 routers (4-port gigabit switch) 
*   [Ricoh 213W][26] mono laser printer 
*   Eaton [Ellipse Eco 1200][27] - UPS
*   Eaton [5S 1500](Ellipse5S) - UPS
*   [CliMate CM-2][29] - climate monitor

## Switches

*   Extreme Networks [Summit X450e-24p][30] Gigabit PoE switch 
*   Dell [PowerConnect 2716][32] - 16-port gigabit rackmount switch 
*   Zyxel [GS108][33] - 8-port gigabit "media" switch 
*   Netgear FS105 - 5-port 100Mbit desktop switch 
*   On-Networks DSG005 - 5-port gigabit desktop switch

## Access Points

*   Ubiquiti [Unifi AP][36] x3 
*   Ubiquiti Unifi AC Lite x2

## Other Network Hardware

*   Thomson [Speedtouch 516v6][22] [ADSL Modem][23]
*   Cisco [WAP4410N][24] - 802.11n wireless access point
*   Zyxel [PLA5205][28] - powerline adapters
*   Linksys [WRT54GL][37] - 802.11g wireless router
*   D-Link [DGS-1008D][38] - 8-port gigabit desktop switch
*   Netgear [DG834GT][39] - Sky router

# Services

*   Routing 
*   [Name resolution][41] 
*   [Mail][42] 
*   [Web][43] 
*   [Logging][44] 
*   VoIP 
*   [LDAP][46] 
*   [Network Storage][12] 
*   [Video Surveillance][47] 
*   [Home Automation][18] 
*   [VPN][48] and [Geolocation Tunneling][49] 
*   [Indoor Positioning][50]

# Features

*   [Security][51] 
*   Gigabit ethernet 
*   [Bandwidth Management][53] 
*   [IPv6][1] 
*   Public Wireless 
*   [Wan Bonding][55]

# Clients

*   Omenbook laptop 
*   [Nixie][57] netbook 
*   [Archix][58] laptop 
*   [Shochu][59] laptop 
*   Mobile clients

# Troubleshooting

*   [Proto41Filtering][60] 
*   [PPTP][61] 
*   [Reboot][62] - power failures, etc

# Upgrades

*   [Upgrade 2016][63]

* * *

# Planned Features

*   Perimeter Subnet, Private Subnet and Wireless Subnet 
*   Public Wireless 
*   [IPv6][1] tunnelled to public internet via [IPv6][1]-over-IPv4 tunnel 
*   Gigabit ethernet 
*   Public and local [DNS][41] 
*   [Web][43], [Mail][42], [VPN][48] servers 
*   Remote logging / [SNMP][44] 
*   OpenBSD [Perimeter/Wireless Router][10] on embedded hardware 
*   Private Router with Gigabit throughput 
*   Network [Storage Server][12] 
*   [SAN][70] 
*   [Media transcoding][71] system 
*   Thin-client [Home-Theatre PC][72] using MythTV

# Implementation

Network is implemented in three phases:

## Phase I - Single subnet

In this phase a single privately addressed (NATted) subnet is created.

*   Single general purpose gateway ([Azathoth][2]) 
*   Public systems are accessible via DNAT on the [gateway][2]. 
*   One [DNS][41] server provides local cacheing and authoritative for public systems. 
*   Private [DNS][41] info is kept in /etc/hosts on each system. 
*   Single [Mail][42] server for secure submission and retrieval 
*   [Azathoth][2] is replaced with embedded/SBC system 
*   Public domain name registered 
    *   Update /etc files, mail config, LDAP database, certificates

## Phase II - Perimeter and Private subnets

In this phase the subnet is split in to perimeter (non-NAT) and private (NAT) and [IPv6][1] migration begins.

*   Second switch is added and Azathoth assumes the role of private router. 
*   Attempt Gigabit routing throughput on [Azathoth][2]. 
*   Private net migrates to pure [IPv6][1], router provides [IPv6][1]-to-IPv4 
*   Second [DNS][41] is added and provides cacheing and DNS for all systems 
*   Perimeter router provides Bandwith Management 
*   VPN gateway provides two-factor authenticated access to private network.

## Phase III - Perimeter, Private, Wireless

A wireless [IPv6][1] network is created on the internet side of the perimeter firewall

*   Wireless adapter is added to perimeter router 
*   Pure [IPv6][1] wireless network is created with router running radvd on wireless interface 
*   Aside from radvd, no systems exist on the wireless network

* * *

# Notes

[1]: IPv6
 [2]: Azathoth
 [5]: Niggurath
 [6]: Hastur
 [7]: Cyclops
 [8]: Yuggoth
 [9]: Pixie
 [10]: PerimeterRouter
 [11]: LogServer
 [12]: StorageServer
 [16]: MobileRouter
 [17]: AutomationHub
 [18]: HomeAutomation
 [19]: Authentication
 [20]: Monitoring
 [21]: Power
 [22]: Speedtouch516
 [23]: ADSLModem
 [24]: WAP4410N
 [25]: WDR3600
 [26]: Ricoh213W
 [27]: EllipseEco1200
 [28]: PLA5205
 [29]: CliMateCM-2
 [30]: SummitX450e
 [32]: PowerConnect2716
 [33]: GS108
 [36]: UnifiAP
 [37]: WRT54GL
 [38]: DGS-1008D
 [39]: DG834GT
 [41]: DNS
 [42]: Mail
 [43]: Web
 [44]: SNMP
 [46]: LDAP
 [47]: VideoSurveillance
 [48]: VPN
 [49]: GeolocationTunneling
 [50]: IndoorPositioning
 [51]: Security
 [53]: BandwidthManagement
 [55]: WanBonding
 [57]: Nixie
 [58]: Archix
 [59]: Shochu
 [60]: Proto41Filtering
 [61]: PPTP
 [62]: Reboot
 [63]: Upgrade2016
 [70]: SAN
 [71]: MediaTranscoder
 [72]: HTPC

Uploading file...

Sidebar

Edit message:

Cancel

Editing Network

Sidebar