• Network

KGNU's network links KGNU's computer resources together and connects them to the world. It is managed by the InfoTech committee.

(I'd really prefer to automatically generate some of this documentation from a clever network management application. advice solicited.... -Neal)

1. Overview
2. DNS
3. LAN
4. WAN
   1. Routing - Boulder
   2. Routing - Denver
   3. Bandwidth
5. Security
6. Network Monitoring
   1. Outages
7. Backup

Overview

The network includes

• LAN at the main Walnut street building

• WAN linking Walnut street to the world, via Indras net

• the small network at the DenverStudios

• plans for a VPN to help connect the studios

• ties in to the NPR network

DNS

Domains:

• kgnu.org - the main domain for public KGNU sites

• kgnu.net - mostly for internal use

• hccrc.org - used to distribute audio among High Country Radio stations

• capcov.org - for the Capitol Coverage features, administered by Jon Lybrook

• grradio.org - was used by the Grassroots Radio Coalition, not up-to-date

LAN

Indra's Net wants to change our public IP addresses, as of Oct 2006. This would affect server configs, security settings, etc. First we should change what we can to use DNS instead.

IP addresses: 206.168.198.96/28 for our servers, 206.168.198.112/28 for LAN via NAT.

192.168.0.0 for internal networks.

DHCP is done by lunasa

Several servers run NTP, and one of them should be defined in DHCP as our local time server (option time-servers).

Rack: need picture and description of major equipment....

Wireless: waiting on better router security and bandwidth management

WAN

KGNU's main office is served by two T1 lines connected to our friends and benefactors at Indra's Net.

DenverStudios have a DSL to the office area: 256k/640k bandwidth, Actiontec GT701 modem

The studio is sharing the 1.5 Mb/s building-wide DSL network

Routing - Boulder

Cisco 2500 in use now

Moving to cisco 1760 plus bandwidth shaping.

• cisco 1700 config guide

arapahoe: an openbsd Soekris box for bandwidth shaping. interfaces:

• sis0: (eth 0) uplink 206.168.198.98

• sis1: (eth 1) "public"

• sis2: (eth 2) "private" (not plugged in, in july 2006)

Routing - Denver

Buffalo WHR-G54S flashed with OpenWrt Linux.

OpenVpn installed on router with link to 192.168.10.0 network 192.168.10.222 is the Denver side of the VPN tunnel.

Wifi netowrk is separate with no access to LAN or Boulder VPN connection.

Backup images for router are on toybox at /srv/mirror/DenverRouter

Bandwidth

Most of our bandwidth, used for audio streaming, comes from the stream.kgnu.net server which is offsite.

That frees up our T1 lines for providing access to our archives and email.

Security

Authentication: consider an LDAP server to unify login authentication on linux, windows, wiki, etc.

Firewalls

Network Monitoring

Currently using Nagios. It should be moved to a more reliable network to avoid false alarms.

Outages

Recent outages have come from cabling problems with our old cisco router, or from mysterious failures of arapahoe.

Backup

Backups can be found on toybox at /srv/mirror/

Backup scripts are /srv/mirror/scripts/rsync-backup-hostname , where 'hostname' is the name of a host that has a directory in/srv/mirror

Backups are run at regular intervals from root's crontab on toybox.