1 / 17

Administering the SOWN Network

Learn about administering the SOWN network, including building distributed networks using VPNs, firmware development for embedded devices, global distributed authentication mechanisms, defining and setting up nodes, managing node deployment, and monitoring the network.

acrocker
Download Presentation

Administering the SOWN Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Administering the SOWN Network David R Newman & Chris Malton

  2. SOWN Talks Recap • Building Distributed Networks using VPNs • Firmware Development for Embedded Devices • Mechanisms for Global Distributed Authentication

  3. Overview • Defining a Node • Setting up a Node • Managing a Node Deployment • Monitoring the Network • Current Projects

  4. Node Hardware OpenMesh OM1P OpenMesh OM2P Meraki Mini Archer C7 AC1750 GLI.net AR150 GLI.net MT300A

  5. Defining Node Hardware

  6. Defining A Node

  7. Setting up a Node 8. Send complete request SOWN WWW 2. Send setup request 6. Relay tarball 5. Send Back Config tarball 3. Relay setup request SOWN AUTH2 1. Plug in node 4. Setup request approved 9. Node connects Over VPN 7. Node installs config

  8. Setup Node HTTP Codes • 200 OK – Request accepted and tarball successfully retrieved and sent • 201 Created – Request accepted and request record created • 202 Accepted – Request accepted but approval still pending • 204 No Content – Request stating complete no content needs to be sent. • 400 Bad Request – Nonce or MAC not set or Nonce not 128 hex chars • 403 Forbidden – Too many requests is short space of time or setup request rejected or expired • 404 Not Found – No node with MAC found or no existing request with matching MAC and Nonce • 405 Method Not Allowed - Not a POST request • 409 Conflict – More than one request with same Nonce • 500 Internal Server Error – Tarball not returned by Auth2

  9. Managing a Node Deployment

  10. Deployment Statistics

  11. SOWN Topology

  12. Icinga Status Map

  13. What is Monitored? • Nodes • Ping • SSH • DNS resolution • Free memory • Packages up to date • Configuration up to date • Crontab has expected cron jobs • Wireless interfaces match those defined in admin system • Syslog connected to auth2 • Password for SSH as expected. • Over data usage • Server • Ping • SSH • DNS resolution (IPv4 and IPv6, internal and external) • Free memory • Free disk • Load • Package upgrades • Number of processes • Number of zombie processes • Number off logged in users • Cronjobs are registered • Debsums have not changes • Appropriate folders backed up • Package list is backed up • Server needs reporting • Kernel running on server • Hardware/OS attributes on server • NRPE running • Server uptime

  14. Yet More Monitoring • Web host responding • HTTP and HTTPS • IPv4 and IPv6 • Certificate in date • HTML is valid • Wiki has no wanted pages or categories • MySQL is running and databases backed up • All authoritative DNS servers resolve to correct IP • RADIUS authentications for: • sown.org.uk • ecs.soton.ac.uk • soton.ac.uk • test.soton.ac.uk • eduroam.ac.uk • eduroam.theodi.org • Login to admin site (SOWN, ECS and Soton accounts) • Mailbox is empty

  15. Even More Monitoring • Node admin log files not too big • RADIUS tables not too large • Node and node control certificates are in date • VPN Server is configured for all nodes • Server not too hot • Firewall behaving as expected • Connection across the network working as expected • Backups successful transferred to backup servers • IRC server is running • Icinga to Database Abstracting running • Nagios (Icinga) API service running • Nagios Service Check Acceptor (NCSA) running

  16. Current Projects • 802.11ac SOWN Zepler • Node Firmware • GLI.net MT300A • Passive Pass-through for LAN port • MAC Blacklisting • Eduroam Extender • SOWN[at]Anywhere • Auth2 Migration • Monitoring using Icinga 2 • See the To Do List

  17. Questions?

More Related