[57north-discuss] Space Network

Iain R. Learmonth irl at fsfe.org
Mon Apr 15 11:49:21 BST 2019


Hi,

On 15/04/2019 11:20, Alfie Pates wrote:
> This is very cool - I have been wanting to play with the pcE boxes for a
> while.

They are very nice, super stable boxes. They have changed my life.

> However, I've got a few concerns. Primarily, this does not sound super
> maintainable, and also sounds a little bit more broken than it was
> before. Is there any firewalling in place, etc?

We have pf running on the OpenBSD box. I plan to put the rules into a
git repository that we would accept pull requests on, for example for
people to do port forwarding.

I'm not sure yet if this will take the form of just having the files
there and a script that will copy them, or going full Ansible on it.

> I am currently running a bsdrp router alongside my Juniper setup at home
> and I am quite familiar with now unmanageable these boxes can get if
> you're not intimately familiar with BSD networking.

I am pretty familiar with BSD networking. If there are others that would
like to be involved in running the space network, I am happy to assist
them until they can do it on their own.

The OpenBSD manpages are excellent at describing the various options for
drivers (we are using em, trunk, gif, gre, and vlan).

We currently are using only static routes but once some dn42 peers have
tunnels we will start using OpenBGPD.

> I would maybe suggest that the Er-X is the better device for this - it
> may not quite be the awesome open-source gateway that we'd *like* to
> have in the space, but it's a lot more maintainable by more people.

We shouldn't have everyone maintaining the device that provides everyone
with Internet. It should be stable, reliable, do the right thing when
you turn it off and on again, and generally not get in the way.

> Re: switches, I've had a few of the various Netgear managed switches -
> the CLI is an absolute horror and the web interface doesn't always
> "take". My home network is currently hanging off a managed TP-link
> switch which didn't cost very much and is a lot friendlier. My last
> Netgear also went pop and decided not to do PoE once, taking an access
> point with it.

I too have had various Netgear switches and I know that the CLI isn't
the best. If there are TP-Link alternatives then we should look at
those. The problem we have is mostly the depth of the cabinet. Again
though, configuration changes should not be necessary on this switch
that often, it is providing a base infrastructure for others to build on
top of and should really just be forwarding packets.

Also, if someone already has a managed 1U 24 port switch that is not
that deep and would like to donate it, that would be super awesome.

We have a whole bunch of Cisco kit if people want to play, build test
networks, learn stuff, etc. If this switch is messed up then we can't
open the door so access should really be restricted.

> DN42 is exciting, however. More of that!

If you're not already set up on dn42, you can take a look at the wiki.

https://wiki.dn42.us/Home

Thanks,
Iain.


More information about the 57north-discuss mailing list