Open bhoutrosjh opened 10 months ago
can you please attach the rack diagram link here? the pics here look outdated https://github.com/opiproject/opi-poc/tree/main/lab
uploaded here for now, there is a lot of churn plan to make it PR once the OS is installed and IP networking works.
F5 is in the process of providing a pair of Physical F5 BIG-IPs that can be the authentication, VPN, and Load balancer that will use those public IP's and proxy them to resources inside the lab.
I propose we choose a few ranges of RFC 1918 IP addresses to utilize inside the lab.
I've attached a diagram of the simplified network design used for the OCP demo.
agreed to subnetting as of 20240103:
172.22.0.0/21 -- Lab infrastructure (DNS, DHCP for Lab equipment--not for device under test), KVM/serial console access, hypervisor host IP,) Not pictured in attached diagram 172.22.10.0/21 -- DUT DMZ network (aka External network This network would be proxied to public IPs:ports via the BIG-IP. Traffic generation etc.) VLAN 1 in pic. use VLAN10 172.22.20.0/21 -- DUT Internal network. (Webservers, target servers.) VLAN2 in pic. Use VLAN20 172.22.30.0/21 -- DUT management OOB network, (DPU/IPU BMC IPs, sZTP server, DHCP for DUTs) VLAN 3 in pic. Use VLAN30
our lab management switch is an unmanaged switch with no support for VLANS, only the 100G switch for the test links has management.
proposing to use 172.22.0.0/16 subnet for the lab, if need be the management server, could do the routing the nating the .....
Our typical rack diagram recommendation would look like this to accommodate more servers in the future.
We need to make sure that the DHCP work is merged and approved....
as of now we have been assigned 32 public IPs. for bringup all devices will get one of the public IPs assigned to prove they are working install OS and so on.
my suggestion will be to have a "jumpbox/vpn gateway..." that has the public ip and rest of devices to be on a private network, so we can give VPN access to the lab maintainers .... and have smaller attack surface.
please provide feedback.