[57north-discuss] Space Network

[Iain R. Learmonth]

Hi,

On 15/04/2019 12:16, Alfie Pates wrote:
> I'm just a *little* concerned that this is sounds like a large number of moving parts for what is effectively a SMB network with a little site-to-site connectivity tacked on the side.

I have replaced 2 boxes with 1, and removed a NAT. This is definitely
reducing the number of parts and making it easier to understand. Last
night it took a lot of testing to work out whether or not the AP was
also acting as a NAT. It kinda looked like it was but in the end it
wasn't it just does some weird DHCP/DNS proxying thing.

> I'm not suggesting that people will be tinkering 24/7 - an unspoken rule of most spaces I've spent time is "don't hack the caffeine, don't hack the wifi" because once these two things are missing people get grumpy :P - but I am suggesting that if something breaks or a change (for which there is consensus) needs to be made, jumping through 75 different badly documented hoops is going to lead to somebody making a mistake and breaking something, somewhere. I've been there - it's not fun. 

I'd like the whole system to be rebuildable from scratch with a
documented process so that if it really does go wrong, you can unplug
the box, install OpenBSD on it, run a script or ansible playbook, and
it's back at a known working configuration, then plug it back in. Any
member should be able to follow these instructions in an emergency, but
should also never have to.

Why are there 75 hoops to jump through? All the configuration is
declarative and stored in /etc. Assuming you've built consensus, that's
probably also enough time that someone has produced a patch to the conf
files.

> If you can build something reliable, widely-understood and maintainable, I am super in favour of that. More so if it's built around open-source components and is redistributable - I'd be happy to contribute to that, actually. 

This is the idea. It's built on the same setup as my home router and I'd
like to only have to know one system.

> If this is another magical black box that only one or two people really understand... well, you're putting yourself at risk of 3AM phonecalls when the network breaks :D

It is a black box, but it's not magic. I want to restrict random
changes, but I also want the configuration to be transparent for those
that want to see it and/or submit patches to improve the space or for
their projects.

I think GNS3 allows you to have QEMU VMs as part of the network, so you
could even stand up a replica of the space network to test your
configurations virtually before making patches.

> The TP-link switches are very shallow - my rack at home is 300mm deep (versus the normal 600mm carrier suite rack) and the TP-links fit easily. I'll see if I have a spare one going.

That would be awesome!

Thanks,
Iain.