2026 Network Re-architecture
Foreword
Our current network topology is the legacy of my early days of learning networking and best practices. In the 8 years since I've become CTO, I've learned many things. While our networking config has worked up until now, it leaves a lot to be desired. - Sky, CTO in 2026.
Summary
Project Team
- Sky: "Project Manager" and whatever else.
- Cara: Technical Lead
- James: Physical Infrastructure
Where We Are
The PS:One network is kinda wonky. We have a bunch of subnets that were setup with the naming convention 10.[VLAN-ID].X.X. While this works, it is not best practice and a bit silly looking. We're relying on Active Directory for DNS and DHCP on a lot of critical networks. This creates a bootstrap issue with the network where things don't work until AD has booted. Having AD play such a critical role in our network when most of our members are familiar with Linux does not make sense and creates a poor experience.
Where We're Going
Our 2026 network re-architecture project has three major goals and a few secondary goals:
Major Goals:
- VLAN / DHCP Rework
- VLANs will be formatted with the naming convention 10.19.[VLAN-ID].X with 19 being PS:One's site ID (3519)
- DHCP will be fully taken away from Active Directory and migrated to the Unifi equipment.
- Stretch goal: DHCP managed by IaC (infrastructure-as-code) solution.
- DNS Rework
- DNS will be taken away from Active Directory on most VLANs.
- Active Directory will continue manage DNS on the VLAN where space computers reside since that's what AD likes.
- AD DNS will be replaced with another solution. Ideally an IaC (infrastructure-as-code) managed solution that is easier for the membership to access and understand.
- AD Isolation
- Active Directory will be isolated to a VLAN that is separate from other space infrastructure.
- Tune access point distribution and radio configuration
Secondary Goals:
- Migrate from UXG-Pro to UDM-Pro/Max
- Goal is to save $360/y on cloud controller + enable SSO
- Unifi local hosted platform has significantly stabilized since leaving our last on-prem controller
- Expand networking capacity at central IDF location
- Install fiber-interconnects to all IDFs
- Add UPSes/surge protection to all IDFs
New VLANs
The VLANs are staying mostly the same. The major move is going to be re-IPing the subnets and changing which service has responsibility for network services on each VLAN.
https://docs.google.com/spreadsheets/d/1AdhdpAwvZrBFPJrThjYoDQ_1GbStVPAHvoCQb6sZzMA/edit?gid=0#gid=0
| VLAN Name | VLAN ID | Gateway | Subnet | Usable IPs | Full Subnet | Status | Temp VLAN ID |
|---|---|---|---|---|---|---|---|
| 0 - Untagged VLAN | 0 | 10.19.0.1 | 30 | 1 | 10.19.0.1/30 | 3 | |
| 15 - Dante VLAN | 15 | 10.19.15.1 | 26 | 61 | 10.19.15.1/26 | N/A | |
| 16 - AV Control VLAN | 16 | 10.19.16.1 | 26 | 61 | 10.19.16.1/26 | N/A | |
| 2 - Unifi Equipment | 2 | 10.19.2.1 | 24 | 253 | 10.19.2.1/24 | 4 | |
| 10 - PS1 Infrastructure | 10 | 10.19.10.1 | 24 | 253 | 10.19.10.1/24 | 110 | |
| 20 - PS1 AD Infra | 20 | 10.19.20.1 | 24 | 253 | 10.19.20.1/24 | 120 | |
| 50 - Member Wireless | 50 | 10.19.50.1 | 24 | 253 | 10.19.50.1/24 | 151 | |
| 60 - Guest Wireless | 60 | 10.19.60.1 | 24 | 253 | 10.19.60.1/24 | 161 | |
| 70 - IoT | 70 | 10.19.70.1 | 24 | 253 | 10.19.70.1/24 | 170 | |
| 150 - Member Rack | 150 | 10.19.150.1 | 22 | 1021 | 10.19.150.1/22 | 151 | |
| 160 - Passthrough VLAN | N/A | 162 |
