WillB97
commented
5 years ago Is this network going to require an internet uplink and is there a plan of how this would be achieved.
Closed mildlyincompetent closed 5 years ago
WillB97
commented
5 years ago Is this network going to require an internet uplink and is there a plan of how this would be achieved.
Tyler-Ward
commented
5 years ago We will need an uplink, typically this has been an isoloutions port from the lighting booth.
PeterJCLaw
commented
5 years ago This doesn't strictly need an uplink, though it's definitely much easier if we have one.
PeterJCLaw
commented
5 years ago If we can do effectively the same as we did for Smallpeice (connecting segments of our own network using the existing infrastructure) I think that that would be ideal, not least as it would avoid us needing to run too much additional cabling through the venue.
I forget exactly whose kit we borrowed that time, but if we could borrow that again it would be handy. Alternatively we could probably hire some networking equipment.
trickeydan
commented
5 years ago This has got much easier now that we're not doing #71. I don't think we'll need much beyond the cube and tech deck. I suggest using Wireguard as a VPN due to the ease of setup compared to the technical expertise that was required last year for the IPSec.
RealOrangeOne
commented
5 years ago What part of our stack needs a VPN? We're not trying to securely bridge 2 networks. The arena will be hard-wired to the ops desk, and the screens can be driven by a public version of srcomp-http, right?
trickeydan
commented
5 years ago What part of our stack needs a VPN? We're not trying to securely bridge 2 networks. The arena will be hard-wired to the ops desk, and the screens can be driven by a public version of
srcomp-http, right?
What if the internet connection goes down? We need to use internal networks and traverse the LANs, much like we did at Smallpeice 2018
Tyler-Ward
commented
5 years ago The score entry desk will be in a different area to the rest of the kit so will need a VPN to talk to the comp-box directly.
WillB97
commented
5 years ago The score entry can be hard wired through the installed ethernet ties. I agree with @RealOrangeOne, as the only system accessed over the VPN would be the display endpoint this could be port forwarded through the compbox and directly accessed across the isolutions network
trickeydan
commented
5 years ago directly accessed across the isolutions network
this assumes that their firewalls don't get in the way. We had to have a VPN for smallpeice
WillB97
commented
5 years ago If you can't access http between them you won't be able to vpn between them.
trickeydan
commented
5 years ago If you can't access http between them you won't be able to vpn between them.
Not true. http traffic may only be traversable in the wrong direction. E.g compbox can reach screen
RealOrangeOne
commented
5 years ago I suggest we try at all costs not to ship a VPN, and only ship one if we actually have to. It's likely another piece to go wrong, and we can probably function without it.
That being said, if we do need a VPN, and we can make it do what we need to, my vote does go to WireGuard, although I don't think that's worth discussing here until the day when we realise we actually need one.
trickeydan
commented
5 years ago The best way to resolve this ticket is to send a volunteer around with an ethernet cable. Any takers? I might be able to do it next week.
PeterJCLaw
commented
5 years ago The arena will be hard-wired to the ops desk,
Definitely, this is pretty essential for ensuring smooth running.
and the screens can be driven by a public version of
srcomp-http, right?
Hrm, I'd not thought about this. For things outside the arena we certainly could do this, though it would be nicer to keep it all local. I doubt however that we would lose internet but still have local (Uni) networking (more likely it's all or nothing).
VPNs
I think there's bit of confusion here. I'm not aware that we've ever run a VPN in the strictest sense, certainly not something involving an external provider and in any case that would also be susceptible to an upstream failure, so doesn't solve the problem of internet loss. I don't see any benefit whatsoever to running this sort of VPN.
However, we did previously do some fancy routing between a pair of routers, enabling them to share routes. I would suggest we aim to replicate that as it avoids needing either long-range WiFi or needing to run our own cabling.
The unknown is which ports this will work with. Unfortunately, I don't think that we can determine this without actually setting it up (or at least having things plugged in at both ends).
The main complication here is that we previously set this up with only two ends, where now we're looking (#99) at having several more than that. As a result of that, having the non-Cube screens running off a public host is likely easiest (and definitely worth considering as a fallback). I'd like to try to make local networking work first though. I'll see if I can dig out the instructions we created for the route-sharing setup.
PeterJCLaw
commented
5 years ago The score entry desk will be in a different area to the rest of the kit
Why are we doing this? Usually they're sat on the same desk which has the compbox on it.
RealOrangeOne
commented
5 years ago The score entry desk will be in a different area to the rest of the kit
Why are we doing this? Usually they're sat on the same desk which has the compbox on it.
We trialed this at Smallpeice 2018 and it worked well. With scoring on the cube floor, the scoring sheets can get to the scorer much faster, and it clears some space on the balcony desk, which is probably a good thing.
trickeydan
commented
5 years ago The score entry desk will be in a different area to the rest of the kit
Why are we doing this? Usually they're sat on the same desk which has the compbox on it.
We trialed this at Smallpeice 2018. It resulted in less logistics of having to get the sheets upstairs, and faster uploading of the scores.
If there is a significant advantage to the scoring being on the balcony, I'd be interested to hear it.
trickeydan
commented
5 years ago However, we did previously do some fancy routing between a pair of routers, enabling them to share routes. I would suggest we aim to replicate that as it avoids needing either long-range WiFi or needing to run our own cabling.
I believe that this was an IPSec setup, i.e a VPN.
The main complication here is that we previously set this up with only two ends, where now we're looking (#99) at having several more than that. As a result of that, having the non-Cube screens running off a public host is likely easiest (and definitely worth considering as a fallback). I'd like to try to make local networking work first though. I'll see if I can dig out the instructions we created for the route-sharing setup.
A local (non-external) VPN solution also works here and I think a solution such as Wireguard is significantly easier to configure than routing. Especially given the restrictions of the iSol network.
trickeydan
commented
5 years ago We have had a volunteer and his IT company offer to provide equipment and setup the entire network.
If we wish to do this with him, we need to get a spec of all of the ports and their locations by tomorrow evening. He would like a specification so that he knows what he needs before setup.
PeterJCLaw
commented
5 years ago The score entry desk will be in a different area to the rest of the kit
Why are we doing this? Usually they're sat on the same desk which has the compbox on it.
We trialed this at Smallpeice 2018 and it worked well. With scoring on the cube floor, the scoring sheets can get to the scorer much faster, and it clears some space on the balcony desk, which is probably a good thing.
Interesting. We'd definitely found in the past that the score-entry and judging desks needed to be somewhere that was isolated from competitors and somewhat isolated form noise. If we can achieve that somewhere closer to the arena, then all's well.
Note that of course if they're near the arena then they're well in range to just take a network cable direct, via the arena structure. (which leaves me confused about the original comment about them being somewhere else, but oh well)
PeterJCLaw
commented
5 years ago I'm going to brain-dump some notes about the SRComp aspect of this, but into the description so they're easy to find.
PeterJCLaw
commented
5 years ago Who's router thingys did we borrow in the past? I'd be up for just going with that solution again as we know it works. Particularly if we can get a few more of those boxes and connect everything that way.
It also occurred to me that in theory we ought to be able to apply the config we applied to those directly to the Pis and avoid needing the middle boxes (though I'm less sure about that)
trickeydan
commented
5 years ago Who's router thingys did we borrow in the past?
They belonged to SOWN.
I would suggest going with the Volunteer who has offered to do it all. He has knowledge of undocumented cat5 that was put in place for previous competitions and doesn't intend to do any routing nonsense.
WillB97
commented
5 years ago He has knowledge of undocumented cat5 that was put in place for previous competitions
Is this cabling installed in SUSU or additional cable to be run during the setup.
trickeydan
commented
5 years ago Is this cabling installed in SUSU or additional cable to be run during the setup.
Installed in SUSU. Apparently by himself some years ago but is not known about by many. e.g apparently there is a run from Tech Deck to Cafe.
Update: Kajetan, Tyler and I are sitting down to sort this out.
WillB97
commented
5 years ago Last year SUSU upgraded their network audio and a large amount of the networking was rerun so it would be worth checking this still exists.
Tyler-Ward
commented
5 years ago This is a list of what we need in different parts of the building https://hackmd.io/rLCNPLVwRq2ibOe3-VZpBQ
trickeydan
commented
5 years ago We need to send this off by the end of the day.
trickeydan
commented
5 years ago Sent to Chris. I think we're safe to close this ticket now.
RealOrangeOne
commented
5 years ago Until a plan is confirmed, we shouldn't close the ticket. We should also enure that that Chris comes back with is appropriate and reasonable for what we're trying to achieve.
trickeydan
commented
5 years ago Until a plan is confirmed, we shouldn't close the ticket. We should also enure that that Chris comes back with is appropriate and reasonable for what we're trying to achieve.
You are aware that we are specifying to Chris? He is planning to do exactly as we tell him, as long as he thinks it will work. Thus the plan is pretty much confirmed.
trickeydan
commented
5 years ago The topology has now been confirmed with Chris.
WillB97
commented
5 years ago What is this topology that has been agreed on, I have seen mentions elsewhere of a 5GHz radio link but there are no details of this in the hackmd.
trickeydan
commented
5 years ago What is this topology that has been agreed on, I have seen mentions elsewhere of a 5GHz radio link but there are no details of this in the hackmd.
It's floating around partially in an email thread, and on paper. The hackmd was the specification.
We need to work out what we need in the competition network, what services we want to run, etc.
Includes:
Layer 2 only is apparently a good idea, but this will require our own cabling everywhere (which we should be doing anyway).
SRComp stuff
Hardwire is essential, WiFi very much a nice-to-have.
Everything wants to have DHCP issued addresses for ease of setup, though some of the addresses should be fixed in config. Everything here needs to be able to establish and maintain communications with everything else (there's a subset of this which is actually the strict requirement -- the screens don't need to be able to talk to each other, but it very nearly amounts to the same thing).
This consists of:
compbox-2019)x.x.x.103, mostly for ease of debugging) and MAY HAVE DNS entriesProtocols which MUST work (inwards, outwards and internally):
git://ping)Whatever is hosting the network MUST NOT assume that it has complete control over the physical topology. Being able to add a switch where we realise we need it, either to extend cables or for diagnostic access is important. Similarly, deciding that we're going to bridge other stuff into the network has been important (though hopefully we'd do that in concert with the host situation rather than against it).
Note on the screens
The screens around the venue need to be able to talk to a compbox like machine. Ideally that would be the in-venue one, over an in-venue-only link. There is no need for this link to be particularly secure as it is conveying public information. A fallback of using a public compbox (which would be secure as it would have TLS) is an option.