170 likes | 187 Views
Learn about administering the SOWN network, including building distributed networks using VPNs, firmware development for embedded devices, global distributed authentication mechanisms, defining and setting up nodes, managing node deployment, and monitoring the network.
E N D
Administering the SOWN Network David R Newman & Chris Malton
SOWN Talks Recap • Building Distributed Networks using VPNs • Firmware Development for Embedded Devices • Mechanisms for Global Distributed Authentication
Overview • Defining a Node • Setting up a Node • Managing a Node Deployment • Monitoring the Network • Current Projects
Node Hardware OpenMesh OM1P OpenMesh OM2P Meraki Mini Archer C7 AC1750 GLI.net AR150 GLI.net MT300A
Setting up a Node 8. Send complete request SOWN WWW 2. Send setup request 6. Relay tarball 5. Send Back Config tarball 3. Relay setup request SOWN AUTH2 1. Plug in node 4. Setup request approved 9. Node connects Over VPN 7. Node installs config
Setup Node HTTP Codes • 200 OK – Request accepted and tarball successfully retrieved and sent • 201 Created – Request accepted and request record created • 202 Accepted – Request accepted but approval still pending • 204 No Content – Request stating complete no content needs to be sent. • 400 Bad Request – Nonce or MAC not set or Nonce not 128 hex chars • 403 Forbidden – Too many requests is short space of time or setup request rejected or expired • 404 Not Found – No node with MAC found or no existing request with matching MAC and Nonce • 405 Method Not Allowed - Not a POST request • 409 Conflict – More than one request with same Nonce • 500 Internal Server Error – Tarball not returned by Auth2
What is Monitored? • Nodes • Ping • SSH • DNS resolution • Free memory • Packages up to date • Configuration up to date • Crontab has expected cron jobs • Wireless interfaces match those defined in admin system • Syslog connected to auth2 • Password for SSH as expected. • Over data usage • Server • Ping • SSH • DNS resolution (IPv4 and IPv6, internal and external) • Free memory • Free disk • Load • Package upgrades • Number of processes • Number of zombie processes • Number off logged in users • Cronjobs are registered • Debsums have not changes • Appropriate folders backed up • Package list is backed up • Server needs reporting • Kernel running on server • Hardware/OS attributes on server • NRPE running • Server uptime
Yet More Monitoring • Web host responding • HTTP and HTTPS • IPv4 and IPv6 • Certificate in date • HTML is valid • Wiki has no wanted pages or categories • MySQL is running and databases backed up • All authoritative DNS servers resolve to correct IP • RADIUS authentications for: • sown.org.uk • ecs.soton.ac.uk • soton.ac.uk • test.soton.ac.uk • eduroam.ac.uk • eduroam.theodi.org • Login to admin site (SOWN, ECS and Soton accounts) • Mailbox is empty
Even More Monitoring • Node admin log files not too big • RADIUS tables not too large • Node and node control certificates are in date • VPN Server is configured for all nodes • Server not too hot • Firewall behaving as expected • Connection across the network working as expected • Backups successful transferred to backup servers • IRC server is running • Icinga to Database Abstracting running • Nagios (Icinga) API service running • Nagios Service Check Acceptor (NCSA) running
Current Projects • 802.11ac SOWN Zepler • Node Firmware • GLI.net MT300A • Passive Pass-through for LAN port • MAC Blacklisting • Eduroam Extender • SOWN[at]Anywhere • Auth2 Migration • Monitoring using Icinga 2 • See the To Do List