search

opiproject / opi-poc

Developer Platform and PoC Work
Apache License 2.0
17 stars 30 forks source link

Network Design -- how do we want to set up our addressing scheme #884

Open bhoutrosjh opened 10 months ago

mgheorghe commented 10 months ago

as of now we have been assigned 32 public IPs. for bringup all devices will get one of the public IPs assigned to prove they are working install OS and so on.

my suggestion will be to have a "jumpbox/vpn gateway..." that has the public ip and rest of devices to be on a private network, so we can give VPN access to the lab maintainers .... and have smaller attack surface.

please provide feedback.

glimchb commented 10 months ago

can you please attach the rack diagram link here? the pics here look outdated https://github.com/opiproject/opi-poc/tree/main/lab

mgheorghe commented 10 months ago

opi-lab-cabling drawio (7) uploaded here for now, there is a lot of churn plan to make it PR once the OS is installed and IP networking works.

pdp2shirts commented 10 months ago

F5 is in the process of providing a pair of Physical F5 BIG-IPs that can be the authentication, VPN, and Load balancer that will use those public IP's and proxy them to resources inside the lab.

I propose we choose a few ranges of RFC 1918 IP addresses to utilize inside the lab.

I've attached a diagram of the simplified network design used for the OCP demo.

agreed to subnetting as of 20240103:

172.22.0.0/21 -- Lab infrastructure (DNS, DHCP for Lab equipment--not for device under test), KVM/serial console access, hypervisor host IP,) Not pictured in attached diagram 172.22.10.0/21 -- DUT DMZ network (aka External network This network would be proxied to public IPs:ports via the BIG-IP. Traffic generation etc.) VLAN 1 in pic. use VLAN10 172.22.20.0/21 -- DUT Internal network. (Webservers, target servers.) VLAN2 in pic. Use VLAN20 172.22.30.0/21 -- DUT management OOB network, (DPU/IPU BMC IPs, sZTP server, DHCP for DUTs) VLAN 3 in pic. Use VLAN30

labnetwork

mgheorghe commented 10 months ago

our lab management switch is an unmanaged switch with no support for VLANS, only the 100G switch for the test links has management.

mgheorghe commented 10 months ago

proposing to use 172.22.0.0/16 subnet for the lab, if need be the management server, could do the routing the nating the .....

venkatmahalingam commented 9 months ago

Our typical rack diagram recommendation would look like this to accommodate more servers in the future. image

bhoutrosjh commented 6 months ago

We need to make sure that the DHCP work is merged and approved....

https://github.com/opiproject/opi-poc/blob/c639dcfbcb6de7820ffaa485d96853bfeadd2e09/lab/hardware/mgmt/fs/etc/dhcp/dhcpd.conf