Network Operations

From Hack Manhattan Wiki
(Redirected from Operations)


Administrivia

Operations Contact List

Name Email Phone
Hack Manhattan Space VoIP Phone admin <at> hackmanhattan.com +1-646-513-4503

Passwords

Every board member should have access to most of the relevant passwords. Some passwords for financial accounts are only held by a couple of board members.

IRC

At the moment only guan, rmd6502, and jacolatern have AFRefiorstv mode on #hackmanhattan on Freenode. obscurite has fo but that's a really weird setup.

Out of House Infrastructure and Utilities

Spectrum

34 West 37th's only option was spectrum business. $89.99 and (400MBPS DL/ 20MBPS UL) *needs confirmation

Network Infrastructure

Network Patch

34W37 has a network patch with rj45 ports going to multiple jacks across the unit.

Port Wall Identifier Device Comment
3 South S3 AC1750 Router Provides primary Wifi
4 East n/a n/a
5 East n/a n/a
6 East n/a n/a
n/a n/a n/a
9 West1 n/a E3P Octoprint?
10 West2 n/a Uwuntu
11 West3 n/a n/a
12 West4 n/a n/a
13 West5 n/a n/a
14 West6 n/a
n/a n/a n/a
17 East n/a Main table Switch
n/a n/a n/a

Static IP allocations (as of 2019-04-17)

Sorted by IP.

: Hesiod enabled. i.e. if you have a hesiod dns record set (ask mz) you can log into all these machines with centralised credentials.

Assigned by DHCP

Hostname IPv4 address MAC address Device Maintainer Comment Location
space.hackmanhattan.com 192.168.42.1 64:70:02:77:ec:e0 TP-Link TL-WDR4300 v1 mz-ish & Guan-ish & Beadsland-ish Network cubby
137W14 192.168.42.10 e8:de:27:f9:cc:27 TP-LINK WR841N citybadger Harry Potter Closet
brother-printer 192.168.42.15 30:05:5c:f6:35:db Brother HL-L2380DW N/A Under the tool shelf
chromecast 192.168.42.16 48:d6:d5:39:28:f8 Chromecast (not 4K) mz Shows our space dashboard Attached to the TV by the desks
octoprint-main ⁂ 192.168.42.17 b8:27:eb:38:84:a2 RaspberryPi jay-ish & mz-ish & beadsland-ish By the 3D printer t
hydrocontroller ⁂ 192.168.42.18 b8:27:eb:5e:c5:bc RaspberryPi jay On the roof
buzzer-pi-shop ⁂ 192.168.42.19 b8:27:eb:b4:da:cb RaspberryPi jay-ish & mz-ish & beadsland-ish By the shop buzzer, showing the dashb. Runs OpenVPN for use by jay.
rfid-access-space 192.168.42.20 64:cf:d9:fd:42:93 BeagleBone Black mz & Guan Attachted to the back of the space door
rfid-access-building 192.168.42.21 64:cf:d9:fd:23:00 BeagleBone Black mz & Guan Also hosts the door camera Building door, top right when you enter
voip-phone (replacement) ? ? Polycom VVX-410 ? Laptop island
voip-phone (deprecated) 192.168.42.30 00:0b:82:4d:a0:6c Grandstream GXP1400 Guan Under the network cubby
voip-elevator 192.168.42.31 00:0b:82:47:26:30 Grandstream HT701 Guan Elevator shaft shed on the roof
voip-grandstream 192.168.42.33 00:0b:82:ad:e8:21 Grandstream HT814 Guan & mz Phone gateway for teletron8000 In the network cubby
bricolage 192.168.42.50 98:90:96:d0:63:4a Dell Optiplex 9020 Beadsland & jay-ish On the shelf by the window
box0rs 192.168.42.100 f0:de:f1:03:00:0f Lenovo T410 mz In the network cubby
teletron8000 ⁂ 192.168.42.108 00:16:3e:5e:e2:ee box0rs Guan-ish & mz-ish asterisk server hosting the phone project

Note: there used to be no system with regards to how these IPs are assigned, it was basically just whatever DHCP first gave these machines made permanent through OpenWRT's LuCI. New devices ought to be assigned to up to 192.168.42.150

Static configurations

Hostname IP address MAC address Device Maintainer Comment Location
ap-west 192.168.42.2 30:b5:c2:b2:76:3a TP-Link Archer C7 mz-ish AP/switch for WPA2-PSK mounted on the left side of the tool shelf
ap-elevator-shaft 192.168.42.6 64:66:b3:c6:f1:d4 TP-Link TL-WDR4300 v1 Guan-ish & mz-ish AP/switch for the rooftop Inside the elevator maintenance shed
3rdfloor 192.168.42.7 64:66:b3:fa:af:c4 TP-Link TL-WDR4300 v1 Guan-ish & mz-ish AP/switch for the 3rd floor 3rd floor, left from the office hallway door
wrtnode-webcam 192.168.42.22 64:51:7e:80:06:d6 WRTNode Guan-ish & mz-ish Hanging by the cubby power strip

Not integrated in our normal network

Hostname IP address MAC address Device Maintainer Comment Location
192.168.88.1 64:d1:54:ad:12:04 MikroTik SXTsq 5 ac N/A (yet) For potential LinkNYC uplink Mounted on the satellite dish on the rooftop

Notes about subnets, routes and DHCP

Since bo.x0.rs provides its own 10.133.7.0, 10.8.0.0, 10.0.59.0, and 10.0.93.0 subnets, it essentially acts as a second router. Hence, we send out classless static routes via DHCP to make sure none of the clients run into problems and the containers can identify which device is talking to them. This also means static routes are set on the router, plus the necessary DHCP-options may be found in LuCI: Network -> Interfaces -> lan -> DHCP -> Advanced -> DHCP Options.

Since the spec says to ignore the default route packet if classless static route options are seen, we include the default route in the static routes we send out.

Dynamic allocations start at 192.168.42.150.

Network Hierarchy (as of 2019-08-09)

---
network:
  - name: foo
    type: router
    children:
      - name: verizon
        type: uplink
        interface: em0
      - name: 24-port-switch
        type: unmanaged-switch
        interface: em1
        vlans:
          - name: NYC Mesh
            vid: 68
          - name: NYC Mesh Clients
            vid: 99
        children:
          - name: box0rs
            type: server
          - name: cnc
            type: device
          - name: rfid-access-space
            type: device
          - name: buzzer-pi-shop
            type: device
          - name: voip-space
            type: voip-phone
          - name: voip-teletron8000
            type: voip-ata
          - name: wrtnode-webcam
            type: device
          - name: north-switch
            type: unmanaged-switch
            children:
              - name: ap-basement
                type: ap-switch
                wireless:
                  - ssid: hackmanhattan west
                    wpa2: true
                  - ssid: hackmanhattan west 5Ghz
                    wpa2: true
                  - ssid: -NYC Mesh Community WiFi-
                    vlan: 99
                    crypto: false
                  - ssid: nycmesh-3664-inside
                    vlan: 99
                    crypto: true
          - name: west-switch
            type: unmanaged-switch
            children:
              - name: ap-west
                type: ap-switch
                wireless:
                  - ssid: hackmanhattan
                    crypto: false
                  - ssid: hackmanhattan west
                    crypto: true
                  - ssid: hackmanhattan west 5Ghz
                    crypto: true
                  - ssid: -NYC Mesh Community WiFi-
                    vlan: 99
                    crypto: false
                  - ssid: nycmesh-3664-inside
                    vlan: 99
                    crypto: true
              - name: octoprint-main
                type: device
              - name: brother-printer
                type: printer
              - name: bricolage
                type: server
          - name: hallway-switch
            type: unmanaged-switch
            children:
              - name: ap-south
                type: ap-switch
                wireless:
                  - ssid: hackmanhattan
                    crypto: false
                  - ssid: hackmanhattan west
                    crypto: true
                  - ssid: hackmanhattan west 5Ghz
                    crypto: true
                  - ssid: -NYC Mesh Community WiFi-
                    vlan: 99
                    crypto: false
                  - ssid: nycmesh-3664-inside
                    vlan: 99
                    crypto: true
              - name: ap-3rdfloor
                type: ap-switch
                wireless:
                  - ssid: hackmanhattan
                    crypto: false
                  - ssid: hackmanhattan west
                    crypto: true
                  - ssid: hackmanhattan west 5Ghz
                    crypto: true
                  - ssid: -NYC Mesh Community WiFi-
                    vlan: 99
                    crypto: false
                  - ssid: nycmesh-3664-inside
                    vlan: 99
                    crypto: true
              - name: rfid-access-building
                type: device
          - name: elevator-shed
            type: unmanaged-poe-switch
            poe: 48V @ 1.25A
            children:
              - name: mesh-hub
                type: ap-switch
                poe: 18W
                wireless:
                  - ssid: -NYC Mesh Community WiFi-
                    vlan: 99
                    crypto: false
                  - ssid: nycmesh-3664-back
                    vlan: 99
                    crypto: true
                  - ssid: nycmesh-wds
                    vlan: 68
                    crypto: true
              - name: ap-mesh-hybrid
                type: ap-switch
                poe: 24V @ 3A - ~18W
                wireless:
                  - ssid: hackmanhattan west
                    crypto: true
                  - ssid: hackmanhattan west 5Ghz
                    crypto: true
                  - ssid: -NYC Mesh Community WiFi-
                    vlan: 99
                    crypto: false
                  - ssid: nycmesh-3664-front
                    vlan: 99
                    cryppto: true
                  - ssid: nycmesh-wds
                    vlan: 68
                    crypto: true
                children:
                  - name: mesh-east
                    type: ap
                    poe: 10.5W
                    wireless:
                      - ssid: -NYC Mesh Community WiFi-
                        vlan: 99
                        crypto: false
                      - ssid: nycmesh-3664-east
                        vlan: 99
                        crypto: true
                      - ssid: nycmesh-wds
                        vlan: 68
                        crypto: true
                  - name: mesh-west
                    type: ap
                    poe: 10.5W
                    wireless:
                      - ssid: -NYC Mesh Community WiFi-
                        vlan: 99
                        crypto: false
                      - ssid: nycmesh-3664-west
                        vlan: 99
                        crypto: true
                      - ssid: nycmesh-wds
                        vlan: 68
                        crypto: true
                  - name: mesh-uplink
                    type: wireless-client
                    poe: 7W
                    wireless:
                      - ssid: LinkNYC Private
                        crypto: true
                        type: uplink
              - name: voip-elevator
                type: voip-ata
      - type: unused
        interface: em2
      - name: emergency
        type: static
        interface: em3
The content of the following article/section isn't up to date.
If you have some spare time, please consult the usual suspects and help update it!


Machine and IP Allocation Table (Old)

IP Hostname Device Maintainer Comment (Location)
n/a n/a Alcatel I-211M-K Operations ONT and Modem for Verizon FiOs
192.168.42.1 rtr1.ratpark.net TP-Link TL-WDR4300 v1 Operations Main router. Also does DNS, DHCP. Channel 1. Nonstandard port for external connections. Nonstandard password. (Hack Manhattan)
n/a n/a Netgear JGS516 Operations 16 Port Gigabit Switch
n/a n/a ? Operations 8 Port Switch
n/a n/a ? Operations 4 Port Switch
192.168.42.2 rtr2.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 11. (2rd Floor Hallway)
192.168.42.3 rtr3.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 6. (3rd Floor Hallway)
192.168.42.4 rtr4.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 11. (Elevator Machine Room)
surv-frontdoor.ratpark.net WRTnode Guan Yang Operates wirelessly. Can we change that? (First Floor)
surv-main.ratpark.net WRTnode Guan Yang Operates wirelessly. Can we change that? (Hack Manhattan)
wrtnode-hmdoor.ratpark.net WRTnode? Guan Yang Controls door strike. (First Floor)
octopi.ratpark.net Raspberry Pi Allows for unattended (no computer needed) printing. Username hackmanhattan. Canonical password. (Hack Manhattan)
boiler-wired.ratpark.net WRTnode Guan Yang Boiler controller and sensor. Is it still in use? (Where in the 3rd floor is the boiler?)
hackmanhattan.club ? Guan Yang Is it still in use? (Where is it?)
wr703n.ratpark.net TP-Link TL-WR703N ? We definitely do not need this. (Hack Manhattan)
quinn.ratpark.net What is this? (Where is it?)
ai-stem.ratpark.net What is this? (Where is it?)
kiosk.ratpark.net What is this? (Where is it?)
!?!?!? The list goes on and on.
192.168.43.0 Operations DHCP Allocation Block
192.168.43.255 Operations Broadcast

Network Diagram

Current

parent_device
|(physical port on parent_device)-(physical port on child_device)child_device

null can be used where applicable (device only has 1 port, etc.)
? can be used for incomplete data that could not be obtained due to security reasons or other.

fiosmodem
|(null)-(wan)rtr1
             |(1)-(1)jgs516 # Netgear JGS516
                     |(7)-(null)big-box # Octopi, Big-Box, and Backup_Terminal
                     |(8)-(8)teg580g # Treadnet TEG-580g 8 port switch on Laptopia
                     |(9)-(null)gxp400 # IP Phone
                     |(15)-(1)rtr2
                              |(2)-(1)rtr3 # light pink cable that gets painted over on it's way up
                                      |(2)-(null)wrtnode # boiler wrtnode
                              |(3)-(?)firstfloor # goes into box, don't want to break it open
                              |(4)-(null)null # long blue cable that goes to nothing
                              |(wan)-(5)tlsg1005d # TP-Link TL-SG1005D
                                        |(4)-(null)ds215j # Synology DS215j
                                        |(1)-(null)null # goes into gray cable that goes to nothing
                     |(16)-(1)rtr4
                              |(2)-(null)null # black cable, goes to front of building
                              |(3)-(null)gx # grandstream telephone line modem/device, need model number
                              |(4)-(null)null # short blue cable, goes to nothing

I'm not going to use proprietary diagramming tools or bother writing some script to graph this. Text is enough and more than sufficient for our purposes.

Expected

Fiber Modem
|-rtr1.ratpark.net
  |-Netgear JGS516
    |-IP Phone
    |-8 Port Switch On Laptopia
    |-Area with octopi, bigbox, and backup terminal?
  |-rtr2.ratpark.net
    |-First Floor 4 Port Switch
  |-rtr3.ratpark.net
    |-Stuff in the boiler room?
  |-rtr4.ratpark.net?
    |-Stuff in the elevator machine room?

Incidents

  • 2016-05-31: The space VoIP phone was reported to have no networking. A troubleshooting monkey was dispatched, and it was found that if one plugs said phone in the inappropriate holes, it will not work. RESOLVED.
  • 2016-05-23: Since our wrtnodes that run our streams operate within that band, our space stream was no longer accessible (but the front door still was?). This has been rectified by having it connect as a client to a different access point. Resolved.
  • 2016-05-23: Whilst performing hotfixes to rectify the 2016-05-23 network problem, one of our volunteer monkeys disabled the wireless interfaces on our space access point, and they are currently still down. Whack the main space stream once this is fixed. UNRESOLVED.
  • 2016-05-23: A building community member reported failure to obtain a DHCP lease on all over our access points' 2.4 GHz networks, which is extremely odd since they're all on the same VLAN and on the same hardware as their 5GHz radio interfaces. Regardless, volunteers attempted to look at the problem, which was magically gone by 2016-05-27. Unable to reproduce. Resolved.