2026 Network Re-architecture: Difference between revisions
Created page with "== Foreword == Our current network topology is the legacy of my early days of learning networking and best practices. In the 8 years since I've become CTO, I've learned many things. While our networking config has worked up until now, it leaves a lot to be desired. - Sky, CTO in 2026. == Summary == === Where We Are === The PS:One network is kinda wonky. We have a bunch of subnets that were setup with the naming convention 10.[VLAN-ID].X.X. While this works, it is not b..." |
Tags: mobile edit mobile web edit |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 3: | Line 3: | ||
== Summary == |
== Summary == |
||
=== Project Team === |
|||
* Sky: "Project Manager" and whatever else. |
|||
* Cara: Technical Lead |
|||
* James: Physical Infrastructure |
|||
=== Where We Are === |
=== Where We Are === |
||
| Line 22: | Line 27: | ||
# AD Isolation |
# AD Isolation |
||
## Active Directory will be isolated to a VLAN that is separate from other space infrastructure. |
## Active Directory will be isolated to a VLAN that is separate from other space infrastructure. |
||
# Tune access point distribution and radio configuration |
|||
Secondary Goals: |
Secondary Goals: |
||
| Line 31: | Line 37: | ||
# Install fiber-interconnects to all IDFs |
# Install fiber-interconnects to all IDFs |
||
# Add UPSes/surge protection to all IDFs |
# Add UPSes/surge protection to all IDFs |
||
==== New VLANs ==== |
|||
The VLANs are staying mostly the same. The major move is going to be re-IPing the subnets and changing which service has responsibility for network services on each VLAN. |
|||
https://docs.google.com/spreadsheets/d/1AdhdpAwvZrBFPJrThjYoDQ_1GbStVPAHvoCQb6sZzMA/edit?gid=0#gid=0 |
|||
{| class="wikitable" |
|||
|+ Proposed VLANs |
|||
|- |
|||
! VLAN Name !! VLAN ID !! Gateway |
|||
!Subnet |
|||
!Usable IPs |
|||
!Full Subnet |
|||
!Status |
|||
!Temp VLAN ID |
|||
|- |
|||
| 0 - Untagged VLAN || 0 || 10.19.0.1 |
|||
|30 |
|||
|1 |
|||
|10.19.0.1/30 |
|||
| |
|||
|3 |
|||
|- |
|||
| 15 - Dante VLAN || 15 || 10.19.15.1 |
|||
|26 |
|||
|61 |
|||
|10.19.15.1/26 |
|||
| |
|||
|N/A |
|||
|- |
|||
| 16 - AV Control VLAN || 16 || 10.19.16.1 |
|||
|26 |
|||
|61 |
|||
|10.19.16.1/26 |
|||
| |
|||
|N/A |
|||
|- |
|||
| 2 - Unifi Equipment || 2 || 10.19.2.1 |
|||
|24 |
|||
|253 |
|||
|10.19.2.1/24 |
|||
| |
|||
|4 |
|||
|- |
|||
| 10 - PS1 Infrastructure || 10 || 10.19.10.1 |
|||
|24 |
|||
|253 |
|||
|10.19.10.1/24 |
|||
| |
|||
|110 |
|||
|- |
|||
| 20 - PS1 AD Infra || 20 || 10.19.20.1 |
|||
|24 |
|||
|253 |
|||
|10.19.20.1/24 |
|||
| |
|||
|120 |
|||
|- |
|||
| 50 - Member Wireless || 50 || 10.19.50.1 |
|||
|24 |
|||
|253 |
|||
|10.19.50.1/24 |
|||
| |
|||
|151 |
|||
|- |
|||
| 60 - Guest Wireless || 60 || 10.19.60.1 |
|||
|24 |
|||
|253 |
|||
|10.19.60.1/24 |
|||
| |
|||
|161 |
|||
|- |
|||
| 70 - IoT || 70 || 10.19.70.1 |
|||
|24 |
|||
|253 |
|||
|10.19.70.1/24 |
|||
| |
|||
|170 |
|||
|- |
|||
| 150 - Member Rack || 150 || 10.19.150.1 |
|||
|22 |
|||
|1021 |
|||
|10.19.150.1/22 |
|||
| |
|||
|151 |
|||
|- |
|||
| 160 - Passthrough VLAN || N/A || |
|||
| |
|||
| |
|||
| |
|||
| |
|||
|162 |
|||
|} |
|||
==== DNS Rework ==== |
|||
Latest revision as of 12:16, 31 March 2026
Foreword
Our current network topology is the legacy of my early days of learning networking and best practices. In the 8 years since I've become CTO, I've learned many things. While our networking config has worked up until now, it leaves a lot to be desired. - Sky, CTO in 2026.
Summary
Project Team
- Sky: "Project Manager" and whatever else.
- Cara: Technical Lead
- James: Physical Infrastructure
Where We Are
The PS:One network is kinda wonky. We have a bunch of subnets that were setup with the naming convention 10.[VLAN-ID].X.X. While this works, it is not best practice and a bit silly looking. We're relying on Active Directory for DNS and DHCP on a lot of critical networks. This creates a bootstrap issue with the network where things don't work until AD has booted. Having AD play such a critical role in our network when most of our members are familiar with Linux does not make sense and creates a poor experience.
Where We're Going
Our 2026 network re-architecture project has three major goals and a few secondary goals:
Major Goals:
- VLAN / DHCP Rework
- VLANs will be formatted with the naming convention 10.19.[VLAN-ID].X with 19 being PS:One's site ID (3519)
- DHCP will be fully taken away from Active Directory and migrated to the Unifi equipment.
- Stretch goal: DHCP managed by IaC (infrastructure-as-code) solution.
- DNS Rework
- DNS will be taken away from Active Directory on most VLANs.
- Active Directory will continue manage DNS on the VLAN where space computers reside since that's what AD likes.
- AD DNS will be replaced with another solution. Ideally an IaC (infrastructure-as-code) managed solution that is easier for the membership to access and understand.
- AD Isolation
- Active Directory will be isolated to a VLAN that is separate from other space infrastructure.
- Tune access point distribution and radio configuration
Secondary Goals:
- Migrate from UXG-Pro to UDM-Pro/Max
- Goal is to save $360/y on cloud controller + enable SSO
- Unifi local hosted platform has significantly stabilized since leaving our last on-prem controller
- Expand networking capacity at central IDF location
- Install fiber-interconnects to all IDFs
- Add UPSes/surge protection to all IDFs
New VLANs
The VLANs are staying mostly the same. The major move is going to be re-IPing the subnets and changing which service has responsibility for network services on each VLAN.
https://docs.google.com/spreadsheets/d/1AdhdpAwvZrBFPJrThjYoDQ_1GbStVPAHvoCQb6sZzMA/edit?gid=0#gid=0
| VLAN Name | VLAN ID | Gateway | Subnet | Usable IPs | Full Subnet | Status | Temp VLAN ID |
|---|---|---|---|---|---|---|---|
| 0 - Untagged VLAN | 0 | 10.19.0.1 | 30 | 1 | 10.19.0.1/30 | 3 | |
| 15 - Dante VLAN | 15 | 10.19.15.1 | 26 | 61 | 10.19.15.1/26 | N/A | |
| 16 - AV Control VLAN | 16 | 10.19.16.1 | 26 | 61 | 10.19.16.1/26 | N/A | |
| 2 - Unifi Equipment | 2 | 10.19.2.1 | 24 | 253 | 10.19.2.1/24 | 4 | |
| 10 - PS1 Infrastructure | 10 | 10.19.10.1 | 24 | 253 | 10.19.10.1/24 | 110 | |
| 20 - PS1 AD Infra | 20 | 10.19.20.1 | 24 | 253 | 10.19.20.1/24 | 120 | |
| 50 - Member Wireless | 50 | 10.19.50.1 | 24 | 253 | 10.19.50.1/24 | 151 | |
| 60 - Guest Wireless | 60 | 10.19.60.1 | 24 | 253 | 10.19.60.1/24 | 161 | |
| 70 - IoT | 70 | 10.19.70.1 | 24 | 253 | 10.19.70.1/24 | 170 | |
| 150 - Member Rack | 150 | 10.19.150.1 | 22 | 1021 | 10.19.150.1/22 | 151 | |
| 160 - Passthrough VLAN | N/A | 162 |
