MakerFLOSS_Troubleshooting/network-map.md
sjat 9ff12700ae Initial troubleshooting workspace: access, network map, runbooks
Scaffold for troubleshooting MakerFLOSS hosts at the makerspace.
Reference + thin runbooks model — authoritative data stays in the
source repos (AnsibleBaobabV4, MakerFLOSS_Mikrotik, MakerFLOSS).

- access.md: reach paths for mamba-on-LAN and fisi-tunneling-in
  (netbird on-demand, VPS bastion, ProxyJump via kuku->mamba),
  with the isolation rule.
- network-map.md: subnet pointers + open question on makerspace
  addressing (10.2.30/172.17.3/10.0.0).
- runbooks/switch-crs310.md: CRS310 connectivity + lockout recovery.
- incidents/: dated log scaffold.
- CLAUDE.md: operating rules for this repo.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 13:24:26 +02:00

43 lines
2.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Network map (thin)
Pointers, not the source of truth. Authoritative data is in the source repos —
links below. Confirm live values before acting.
## Subnets seen across the repos
| Subnet | Role | Source of truth |
|--------|------|-----------------|
| `10.2.30.0/24` | **CRS310 data VLAN 30** (the new switch). Uplink `ether1` → gateway `10.2.30.1`; access ports `ether27`. | `MakerFLOSS_Mikrotik/host_vars/crs310-maker.yml`, `docs/superpowers/specs/2026-06-09-crs310-flat-mgmtvlan-design.md` |
| `192.168.88.0/24` | **CRS310 mgmt VLAN 99** — isolated, switch at `192.168.88.1`, reachable only from `ether8`. DHCP `.10.254`. | same |
| `172.17.3.0/24` | OrangeMakers LAN — `makerfloss1` at `.51`. | `AnsibleBaobabV4/host_vars/makerfloss1.yml` |
| `10.0.0.0/24` | Makerspace LAN — `mf04` at `.184`. | `AnsibleBaobabV4/host_vars/mf04.yml` |
| `10.13.0.0/24` | **makerfloss WireGuard plane (`wg1`)**. Hub `10.13.0.1` (VPS), `makerfloss1` `.2`, `mf04` `.3`, `sjat-roaming` `.5`. UDP `:51820`. | `AnsibleBaobabV4/host_vars/makerfloss.yml`, `specs/2026-05-12-makerfloss-wireguard-design.md` |
| `100.92.0.0/16` | **Netbird overlay** (`wt0`), control plane `nb.makerfloss.eu`. | `specs/2026-05-27-makerspace-vpn-design.md` |
| `10.8.0.0/24` | baobab (home) WireGuard plane. Hub **kuku** `10.8.0.1` (UDP `:51194`); mamba `10.8.0.4`. | `AnsibleBaobabV4` |
| `10.20.10.0/24` | homelab LAN — **fisi** `.17`, kuku `.118`, papa `.11`. | `AnsibleBaobabV4` |
## ⚠️ Open question — makerspace addressing
The makerspace shows **three different subnets** for hosts that are all
physically there: `10.2.30.0/24` (new CRS310 data VLAN), `172.17.3.0/24`
(`makerfloss1`), and `10.0.0.0/24` (`mf04`). It's not yet documented here how
they relate — i.e. whether the new switch sits in front of the existing
OrangeMakers `172.17.3.x` / `10.0.0.x` network, replaces part of it, or is a
parallel segment.
**To resolve (sjat to confirm on-site):**
- What IP does an ethernet client on the new switch's data ports (`ether27`)
actually get, and from which DHCP server / gateway?
- Are `makerfloss1` (`172.17.3.51`) and `mf04` (`10.0.0.184`) reachable from a
data-port client on the new switch, or are they on a different segment?
- Is the `10.2.30.1` uplink gateway the OrangeMakers router, or something new?
Update this section (and the host IPs in [access.md](access.md)) once confirmed.
## Public services (makerfloss VPS, `88.99.32.236`)
All TLS-terminated at the VPS via Traefik, certs via Gandi DNS-01:
`docs.makerfloss.eu`, `slides.makerfloss.eu`, `forgejo.makerfloss.eu` (git SSH
`:7577`), `mail.makerfloss.eu` (Poste.io), `discourse.makerfloss.eu`,
`snipeit.makerfloss.eu`, `nb.makerfloss.eu` (Netbird).
Source: `AnsibleBaobabV4/host_vars/makerfloss.yml`.