FabFi Addressing 1.0

From Fab Lab wiki

Contents 1 Introduction 2 Architectural Overview 3 Addressing Rules 4 Firewall 5 Conventions and Simplifications

Introduction

NOTE: As of 8/2009 this information is obsolete. Unless you are using a 1.0 fabfi system, please get your addressing knowledge from here.

As with any coherent network architecture there must be a clear organizational structure to FabFi. This page outlines the structure, naming conventions, features and limitations of the addressing scheme we have used in our network.

Architectural Overview

Each FabFi network is made up of a series of linked pairs that look like this:

where the upstream subnet is the one closer to the internet or central server and the downstream subnet is the one closer to individual users or hosts. In between the two reflectors is a third subnet that is shared only by the two (or more) reflectors in a set. All the subnets are class C (255.255.255.0 netmask) and there are no static routes. Links can be strung together in any configuration by simply plugging the LAN port of a STA into the WAN port of an AP. It is also to have APs with multiple STAs, though the directionality of the reflectors limits the usefulness of this feature.

Addressing Rules

Overall we're using the 10.0.0.0/8 address space for our system. This affords maximum flexibility in naming things such that they're easy to remember. Within that, we've created some addressing rules that tie the IP address of each STA or AP to its name as follows:

where the IP addresses on either side of the // marks are the upstream and downstream IPs of each router, and each colored bubble lists the address space between the devices on the edge of each bubble. There are two variables, X and Y that can be solved for using the equations at the bottom of the diagram and the numbers from the node names. For example, the upstream IP of fabfi4STA2 would be 10.2.103.3 and the downstream IP would be 10.3.103.1. As of this posting, both the AP and STA provide DHCP to their subnets (addresses 100-150, I believe), though we statically address our STAs outside of this range for convenience. The upstream IP of the AP is always a DHCP'd address.

The feature of the scheme above is that if you know the names of the devices in your system, you know or can easily root out by looking at

/tmp/dhcp.leases

all the IP addresses you will ever need. Inversely, if you know the IP addresses of a device you know it's name. As a convenience the config script sets the system name and SSID of the wireless link with the appropriate name, so your command prompt and the name of the wireless net will tell you all you need to know about the addressing.

The limitation of the scheme as designed, is that it is possible to end up with duplicate downstream subnets (blue in image) if an AP has multiple STAs. In practice, this does not cause any problems with the current setup because we aren't routing between subnets, but would be problematic if this were the case and the addressing rules could easily be adjusted to eliminate duplicates. a possible suggestion for this would be 10.N+100.?/100/200+Z.Z+1, which would accomodate 154 links (more if you started with a lower class B number), each with up to 54 STAs, all with unique addresses that you could determine from the node name. Maybe in Fabfi 2.0...

Firewall

The firewalls at each network boundary forward all traffic traveling upstream and traffic traveling downstream for established connections. As such, a device on any given subnet can see any other device in a subnet that can be reached by traversing the network tree upward, across, or a combination of both, but not any devices in subnets that require traveling down the tree to reach. This is a simplified version of the default behavior of most off-the-shelf routers. As of this posting the firewall rules are simple enough that I can just list them:

       iptables --table nat --append POSTROUTING --out-interface $UPLINK -j MASQUERADE
       iptables --append FORWARD --in-interface $LOCAL -j ACCEPT
       echo 1 > /proc/sys/net/ipv4/ip_forward

Future development will fill these out to increase security and maybe add some more efficient routing.

Conventions and Simplifications

You may have noticed in the diagrams above that I never mention DNS or gateway. For the purposes of our system, the DNS and Gateway for every subnet is the .1 address in that subnet. This is also always the downstream IP of the router providing that network. DNS requests are forwarded transparently by the router at each node. As a result, you will never see gateway or DNS parameters listed in any of the drawings. The broadcast address, by convention is .255

Wtgphoben 17:27, 24 March 2009 (UTC)