Operations grimoire/Network: Difference between revisions

From Nasqueron Agora
(→‎172.27.27/24: +router-001 +docker-001)
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
== 172.27.27/24 ==
== 172.27.27.0/24 ==
Nasqueron servers are managed through Drake Network private IPs.
Nasqueron servers are managed through Drake Network private IPs.
This subnet is divided into 16 subnets of 16 addresses.
{| class="wikitable collapsible collapsed"
! Subnet ID !! Subnet Address !! Host Address Range !! Broadcast Address !! Subnet Name !! Description
|-
| 1 || 172.27.27.0 || 172.27.27.1 - 172.27.27.14 || 172.27.27.15 || IntraNought || VMs hosted on DreadNought hypervisor
|-
| 2 || 172.27.27.16 || 172.27.27.17 - 172.27.27.30 || 172.27.27.31 || prod.nasqueron.drake || Service mesh in prod (Kubernetes) ✱
|-
| 3 || 172.27.27.32 || 172.27.27.33 - 172.27.27.46 || 172.27.27.47 || dev.nasqueron.drake || Development servers ✱
|-
| 4 || 172.27.27.48 || 172.27.27.49 - 172.27.27.62 || 172.27.27.63 || ''free'' ||
|-
| 5 || 172.27.27.64 || 172.27.27.65 - 172.27.27.78 || 172.27.27.79 || ''free'' ||
|-
| 6 || 172.27.27.80 || 172.27.27.81 - 172.27.27.94 || 172.27.27.95 || ''free'' ||
|-
| 7 || 172.27.27.96 || 172.27.27.97 - 172.27.27.110 || 172.27.27.111 || ''free'' ||
|-
| 8 || 172.27.27.112 || 172.27.27.113 - 172.27.27.126 || 172.27.27.127 || ''free'' ||
|-
| 9 || 172.27.27.128 || 172.27.27.129 - 172.27.27.142 || 172.27.27.143 || ''free'' ||
|-
| 10 || 172.27.27.144 || 172.27.27.145 - 172.27.27.158 || 172.27.27.159 || ''free'' ||
|-
| 11 || 172.27.27.160 || 172.27.27.161 - 172.27.27.174 || 172.27.27.175 || ''free'' ||
|-
| 12 || 172.27.27.176 || 172.27.27.177 - 172.27.27.190 || 172.27.27.191 || ''free'' ||
|-
| 13 || 172.27.27.192 || 172.27.27.193 - 172.27.27.206 || 172.27.27.207 || ''free'' ||
|-
| 14 || 172.27.27.208 || 172.27.27.209 - 172.27.27.222 || 172.27.27.223 || ''free'' ||
|-
| 15 || 172.27.27.224 || 172.27.27.225 - 172.27.27.238 || 172.27.27.239 || ''free'' ||
|-
| 16 || 172.27.27.240 || 172.27.27.241 - 172.27.27.254 || 172.27.27.255 || Tunnels || Tunneling to router-001.nasqueron.org
|}
✱ denotes currently a false subnet, containing isolated bare metal servers, not linked to any private network excepted through tunnels, with IP are assigned as /32 (netmask 255.255.255.255 0xffffffff)
=== 172.27.27.0/29 ===
IntraNought, VM hosted on [[Dreadnought]]
Netmask: 255.255.255.248 / 0xFFFFFFF8


{| class="wikitable"
{| class="wikitable"
Line 10: Line 56:
! AUP
! AUP
|-
|-
| 172.27.27.1||[[router-001]]||router-001.nasqueron.drake||pfSense (FreeBSD 10)|||Router||''Infrastructure server''
| 172.27.27.1||[[router-001]]||router-001.nasqueron.drake||FreeBSD 12|||Router||''Infrastructure server''
|-
| 172.27.27.2
|colspan="5"|''Reserved for DNS server''
|-
| 172.27.27.3
|colspan="5"|''Reserved for mail server''
|-
| 172.27.27.4||[[Dwellers]]||dwellers.nasqueron.drake||CentOS 8|||Docker development server hosting||Open for Docker images building
|-
| 172.27.27.5||[[Equatower]]||equatower.nasqueron.drake||CentOS 8|||Docker engine||''Infrastructure server''
|-
| 172.27.27.6||[[docker-001]]||docker-001.nasqueron.drake||CentOS 8|||Docker engine||''Infrastructure server''
|-
|-
| 172.27.27.27||[[WindRiver]]||windriver.nasqueron.drake||FreeBSD 12.1|||Nasqueron development server||Access for any Nasqueron project
| 172.27.27.7
|colspan="5"|''Free''
|-
| ...
|colspan="5"|''Free''
|-
| 172.27.27.14
|colspan="5"|''Free''
|}
 
=== 172.27.27.16/29 ===
 
Servers for the production service mesh. Kubernetes.
 
Netmask could be:
* if you need to target the service mesh for access purpose: 255.255.255.248 / 0xFFFFFFF8
* if you need to address a specific IP of a server: 255.255.255.255 / 0xFFFFFFFF - servers are currently baremetal not linked to any private network ethernet card
 
{| class="wikitable"
! IP
! Server
! Reverse DNS
! OS
! Purpose
! AUP
|-
|-
| 172.27.27.28||[[CloudHugger]]||cloudhugger.nasqueron.drake||Debian 10|||Kubernetes||''Infrastructure server''
| 172.27.27.28||[[CloudHugger]]||cloudhugger.nasqueron.drake||Debian 10|||Kubernetes||''Infrastructure server''
|}
=== 172.27.27.32/29 ===
Development and management servers. Work by humans should always be from those servers.
Netmask could be:
* if you need to target the servers humans will use to manage the infrastructure and deploy applications: 255.255.255.248 / 0xFFFFFFF8
* if you need to address a specific IP of a server: 255.255.255.255 / 0xFFFFFFFF - servers are currently baremetal not linked to any private network ethernet card
{| class="wikitable"
! IP
! Server
! Reverse DNS
! OS
! Purpose
! AUP
|-
| 172.27.27.33||[[Ysul]]||ysul.nasqueron.drake||FreeBSD 12.1|||Nasqueron development server||Access for any Nasqueron or Wolfplex project
|-
|-
| 172.27.27.29||[[Equatower]]||equatower.nasqueron.drake||CentOS 8|||Docker engine||''Infrastructure server''
| 172.27.27.34
|colspan="5"|''Free''
|-
| 172.27.27.35||[[WindRiver]]||windriver.nasqueron.drake||FreeBSD 12.1|||Nasqueron development server||Access for any Nasqueron project
|}
 
=== 172.27.27.240/29 ===
 
IP range for tunnels from router-001.nasqueron.org
 
Netmask: 255.255.255.248 / 0xFFFFFFF8
 
{| class="wikitable"
! IP
! Server
! Reverse DNS
! OS
! Purpose
! AUP
|-
|-
| 172.27.27.30||[[docker-001]]||docker-001.nasqueron.drake||CentOS 8|||Docker engine||''Infrastructure server''
| 172.27.27.252||router-001||-||-|||Reserved for tunnel with Ysul||-
|-
|-
| 172.27.27.33||[[Ysul]]||ysul.nasqueron.drake||FreeBSD 12.1|||Nasqueron development server||Access for any Nasqueron or Wolfplex project
| 172.27.27.253||router-001||-||-|||Reserved for tunnel with CloudHugger||-
|-
|-
| 172.27.27.49||[[Dwellers]]||dwellers.nasqueron.drake||CentOS 8|||Docker developent server hosting||Open for Docker images building
| 172.27.27.254||router-001||-||-|||Tinc tunnel with WindRiver (and perhaps all others?)||-
|-
|-
|}
|}
Line 41: Line 160:
{| class="wikitable sortable"
{| class="wikitable sortable"
|-
|-
! Cluster name !! IP range !! DNS domain
! Cluster name !! IP range !! DNS domain !! Use
|-
| nasqueron-k8s-prod || 10.92.0.0/12 || k8s.prod.nasqueron.local || Kubernetes services
|-
|-
| nasqueron-k8s-prod|| 10.92.0.0/12 || k8s.prod.nasqueron.local
| nasqueron-k8s-prod-pods || 10.192.0.0/12 || ''None'' || Pods for nasqueron-k8s-prod
|}
|}
[[Category:Drake]]
[[Category:Reference]]

Revision as of 14:37, 26 September 2020

172.27.27.0/24

Nasqueron servers are managed through Drake Network private IPs.

This subnet is divided into 16 subnets of 16 addresses.

✱ denotes currently a false subnet, containing isolated bare metal servers, not linked to any private network excepted through tunnels, with IP are assigned as /32 (netmask 255.255.255.255 0xffffffff)

172.27.27.0/29

IntraNought, VM hosted on Dreadnought

Netmask: 255.255.255.248 / 0xFFFFFFF8

IP Server Reverse DNS OS Purpose AUP
172.27.27.1 router-001 router-001.nasqueron.drake FreeBSD 12 Router Infrastructure server
172.27.27.2 Reserved for DNS server
172.27.27.3 Reserved for mail server
172.27.27.4 Dwellers dwellers.nasqueron.drake CentOS 8 Docker development server hosting Open for Docker images building
172.27.27.5 Equatower equatower.nasqueron.drake CentOS 8 Docker engine Infrastructure server
172.27.27.6 docker-001 docker-001.nasqueron.drake CentOS 8 Docker engine Infrastructure server
172.27.27.7 Free
... Free
172.27.27.14 Free

172.27.27.16/29

Servers for the production service mesh. Kubernetes.

Netmask could be:

  • if you need to target the service mesh for access purpose: 255.255.255.248 / 0xFFFFFFF8
  • if you need to address a specific IP of a server: 255.255.255.255 / 0xFFFFFFFF - servers are currently baremetal not linked to any private network ethernet card
IP Server Reverse DNS OS Purpose AUP
172.27.27.28 CloudHugger cloudhugger.nasqueron.drake Debian 10 Kubernetes Infrastructure server

172.27.27.32/29

Development and management servers. Work by humans should always be from those servers.

Netmask could be:

  • if you need to target the servers humans will use to manage the infrastructure and deploy applications: 255.255.255.248 / 0xFFFFFFF8
  • if you need to address a specific IP of a server: 255.255.255.255 / 0xFFFFFFFF - servers are currently baremetal not linked to any private network ethernet card
IP Server Reverse DNS OS Purpose AUP
172.27.27.33 Ysul ysul.nasqueron.drake FreeBSD 12.1 Nasqueron development server Access for any Nasqueron or Wolfplex project
172.27.27.34 Free
172.27.27.35 WindRiver windriver.nasqueron.drake FreeBSD 12.1 Nasqueron development server Access for any Nasqueron project

172.27.27.240/29

IP range for tunnels from router-001.nasqueron.org

Netmask: 255.255.255.248 / 0xFFFFFFF8

IP Server Reverse DNS OS Purpose AUP
172.27.27.252 router-001 - - Reserved for tunnel with Ysul -
172.27.27.253 router-001 - - Reserved for tunnel with CloudHugger -
172.27.27.254 router-001 - - Tinc tunnel with WindRiver (and perhaps all others?) -

DNS entries

Domain IP Description
k8s.prod.nasqueron.drake 172.27.27.28 Advertise address for k8s cluster

Other network ranges

Kubernetes clusters use the following network ranges:

Cluster name IP range DNS domain Use
nasqueron-k8s-prod 10.92.0.0/12 k8s.prod.nasqueron.local Kubernetes services
nasqueron-k8s-prod-pods 10.192.0.0/12 None Pods for nasqueron-k8s-prod