Network Architecture - LinuxUserGroupUWSP/RackMesa GitHub Wiki

#What The network architecture is a multi-IP PAT (NAT overload) with RFC1918 10.0.0.0/8 for the private and 143.236.254.0/28 for the public. Each private subnet is defined by their organizational use and mapped to a unique public IP address implemented using VLANs and PF rules.

#Why Since we have a very limited public IP pool, we use PAT to artificially extend our ability to connect to the Internet at the price of some obscurity. NAT-based architectures also create a natural isolation as RFC1918 private IP addresses are unroutable. Since each subnet has its own VLAN, we are able to add granular ACLs to secure intercommunication.

#How ##Overview We eliminate some obscurity by mapping each subnet to a unique public IP address. This means that each subnet can have a maximum of 65536 connections with a maximum of 13 subnets (2⁴ - network address - next hop address - broadcast address).

Each room has one or more dumb switches connected to specific jacks. Each jack is patched into a central managed switch and tagged with a VLAN via 802.1Q. The managed switch's interface 0 is trunked with all VLANs. This trunk is linked into the server room's managed switched, and the server room's switch has a trunk into one interface of the router (AKA router-on-a-stick).