0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/2072 Thanks! 1 00:00:09,370 --> 00:00:11,679 Hello and welcome to yet 2 00:00:11,680 --> 00:00:14,079 another talk here on Khowst Serenity 3 00:00:14,080 --> 00:00:16,399 Flower Life from our studio 4 00:00:16,400 --> 00:00:17,409 here in Potsdam. 5 00:00:17,410 --> 00:00:19,929 This talk will be named Triffids Usable 6 00:00:19,930 --> 00:00:22,179 Building Network Infrastructure 7 00:00:22,180 --> 00:00:24,849 and will be given to you from us tour, 8 00:00:24,850 --> 00:00:26,979 who is located in Dresden at sea to 9 00:00:26,980 --> 00:00:29,259 guide its Will 50 Deutschland 10 00:00:29,260 --> 00:00:32,289 to shower. These are talks that exist 11 00:00:32,290 --> 00:00:34,929 on the subject of English Vixen. 12 00:00:34,930 --> 00:00:37,589 Five years ago, the C3 13 00:00:37,590 --> 00:00:40,059 D2 moved into a new 14 00:00:40,060 --> 00:00:42,159 and renovated building, 15 00:00:42,160 --> 00:00:44,979 and with this they had the opportunity to 16 00:00:44,980 --> 00:00:46,569 kind of take over the network 17 00:00:46,570 --> 00:00:48,759 infrastructure and become kind of 18 00:00:48,760 --> 00:00:51,189 an ISP to all of the community 19 00:00:51,190 --> 00:00:53,019 that is surrounding them inside the 20 00:00:53,020 --> 00:00:53,979 building. 21 00:00:53,980 --> 00:00:56,529 And it's talk, I hope, will tell us 22 00:00:56,530 --> 00:00:59,109 how he structured 23 00:00:59,110 --> 00:01:01,509 and maybe restructured 24 00:01:01,510 --> 00:01:04,029 all of this networked infrastructure 25 00:01:04,030 --> 00:01:05,859 based on Nicholas. 26 00:01:05,860 --> 00:01:07,929 And I will wish you 27 00:01:07,930 --> 00:01:09,999 lots of good information and 28 00:01:10,000 --> 00:01:11,889 lots of fun here at this talk. 29 00:01:11,890 --> 00:01:13,539 Reproducible building network 30 00:01:13,540 --> 00:01:15,339 infrastructure by US total. 31 00:01:15,340 --> 00:01:17,319 The stage is yours and hello. 32 00:01:17,320 --> 00:01:19,239 Come back Sunday for the issues 33 00:01:20,590 --> 00:01:22,059 from the beginning on. 34 00:01:22,060 --> 00:01:24,249 I am actually a software developer by 35 00:01:24,250 --> 00:01:25,989 heart, but I'm also a computer 36 00:01:25,990 --> 00:01:27,759 administrator. 37 00:01:27,760 --> 00:01:30,459 I have a strong interest in using 38 00:01:30,460 --> 00:01:32,559 network infrastructure because it is 39 00:01:32,560 --> 00:01:34,299 required for my communications programs 40 00:01:34,300 --> 00:01:35,589 when I write software. 41 00:01:35,590 --> 00:01:37,389 So over the time, I developed a few 42 00:01:37,390 --> 00:01:39,789 strong opinions about how computer 43 00:01:39,790 --> 00:01:41,919 networks should be designed so that they 44 00:01:41,920 --> 00:01:45,099 actually serve their users and don't 45 00:01:45,100 --> 00:01:47,559 put additional restrictions on them. 46 00:01:47,560 --> 00:01:49,779 And I've always asked myself how 47 00:01:49,780 --> 00:01:51,309 this can be done, actually. 48 00:01:51,310 --> 00:01:53,799 And five years ago, I had the opportunity 49 00:01:53,800 --> 00:01:55,899 to try this at a larger scale and learn 50 00:01:55,900 --> 00:01:58,299 a lot. And that's why why I'm 51 00:01:58,300 --> 00:01:59,889 doing this talk today because I want to 52 00:01:59,890 --> 00:02:02,079 share my experience and maybe 53 00:02:02,080 --> 00:02:04,149 inspire you to do the same for your 54 00:02:04,150 --> 00:02:05,409 community. 55 00:02:05,410 --> 00:02:07,479 And before I begin, I will tell you 56 00:02:07,480 --> 00:02:09,889 a bit about the location because 57 00:02:11,350 --> 00:02:13,599 where our hex base was located 58 00:02:13,600 --> 00:02:16,329 before in an office complex, this was 59 00:02:16,330 --> 00:02:17,469 recent. 60 00:02:17,470 --> 00:02:19,839 This wouldn't have been possible. 61 00:02:19,840 --> 00:02:21,909 But then we found 62 00:02:21,910 --> 00:02:23,319 the traffic 63 00:02:25,480 --> 00:02:28,419 and we met these 64 00:02:28,420 --> 00:02:29,979 creative, open minded people. 65 00:02:29,980 --> 00:02:32,589 The thing an old 66 00:02:32,590 --> 00:02:34,150 factory building, 67 00:02:35,200 --> 00:02:37,269 and we immediately felt 68 00:02:37,270 --> 00:02:39,579 that they were us 69 00:02:39,580 --> 00:02:40,979 and this 70 00:02:42,580 --> 00:02:43,549 the the environment. 71 00:02:43,550 --> 00:02:45,549 The screen is, for example, the old 72 00:02:45,550 --> 00:02:48,099 factory hand, which tell 73 00:02:48,100 --> 00:02:50,609 us where we can put up my phone 74 00:02:50,610 --> 00:02:52,789 or link 75 00:02:52,790 --> 00:02:55,689 and we can install antenna 76 00:02:55,690 --> 00:02:57,759 and the fire and radio 77 00:02:57,760 --> 00:02:58,839 to. 78 00:02:58,840 --> 00:03:01,419 This region that provides 79 00:03:01,420 --> 00:03:03,639 a lot of opportunity to fun 80 00:03:03,640 --> 00:03:05,829 with technology here 81 00:03:05,830 --> 00:03:08,949 at the best is there is a 82 00:03:08,950 --> 00:03:11,169 ballroom that is 83 00:03:11,170 --> 00:03:13,419 a beautiful event venue where we 84 00:03:13,420 --> 00:03:15,699 hold our annual conference 85 00:03:15,700 --> 00:03:16,700 up. 86 00:03:17,660 --> 00:03:20,689 As to be nice atmosphere. 87 00:03:20,690 --> 00:03:22,759 So in these buildings, they are built 88 00:03:22,760 --> 00:03:25,010 and ethernet cables to all the apartments 89 00:03:26,570 --> 00:03:28,339 because there were no tech people before 90 00:03:28,340 --> 00:03:30,649 us. We were offered to run 91 00:03:30,650 --> 00:03:32,979 it, so 92 00:03:34,390 --> 00:03:36,769 it seized the opportunity because 93 00:03:36,770 --> 00:03:38,899 I was very afraid there 94 00:03:38,900 --> 00:03:41,150 would be a a 95 00:03:42,350 --> 00:03:45,019 growing chaos if 96 00:03:45,020 --> 00:03:46,909 organic clean. 97 00:03:46,910 --> 00:03:49,219 So I invited 98 00:03:49,220 --> 00:03:51,619 all the interest, the technical 99 00:03:51,620 --> 00:03:53,689 people to propose the structure, and 100 00:03:53,690 --> 00:03:55,789 that's what we've been running ever 101 00:03:55,790 --> 00:03:56,790 since. 102 00:03:57,710 --> 00:04:00,649 And our goals 103 00:04:00,650 --> 00:04:01,650 are, of course, 104 00:04:02,720 --> 00:04:05,329 the eyeballs want to watch some Facebook. 105 00:04:05,330 --> 00:04:07,430 And it's often disappointing for me, 106 00:04:08,540 --> 00:04:11,269 to be honest, most people would be 107 00:04:11,270 --> 00:04:12,560 very happy. 108 00:04:13,580 --> 00:04:16,338 Network address, translation, gateway 109 00:04:16,339 --> 00:04:17,600 alone and the internet. 110 00:04:19,300 --> 00:04:21,729 Trust that with Metcalfe's 111 00:04:21,730 --> 00:04:23,470 Law one. 112 00:04:24,560 --> 00:04:26,779 A Senate, 113 00:04:26,780 --> 00:04:29,509 he postulated that 114 00:04:29,510 --> 00:04:31,729 the value of a network grows 115 00:04:31,730 --> 00:04:34,009 with the of connected 116 00:04:34,010 --> 00:04:36,469 devices and users. 117 00:04:36,470 --> 00:04:38,689 So actually, you wouldn't want 118 00:04:38,690 --> 00:04:39,690 to be. 119 00:04:40,470 --> 00:04:41,709 Do you want to be connected? 120 00:04:42,790 --> 00:04:44,979 Maybe you want to be connected with 121 00:04:44,980 --> 00:04:47,049 even faster cables to your neighbors? 122 00:04:48,830 --> 00:04:51,329 The two are connected 123 00:04:51,330 --> 00:04:53,069 in internet infrastructure. 124 00:04:53,070 --> 00:04:55,319 Of course, pool their resources, 125 00:04:55,320 --> 00:04:57,449 pool their money to get 126 00:04:57,450 --> 00:04:59,879 high quality internet uplink, 127 00:04:59,880 --> 00:05:02,459 which means for less 128 00:05:02,460 --> 00:05:04,859 money, there's more peak bandwidth 129 00:05:04,860 --> 00:05:07,110 for everyone and. 130 00:05:17,220 --> 00:05:20,039 Because access is a fundamental 131 00:05:20,040 --> 00:05:22,139 requirement, and it's 21st century. 132 00:05:22,140 --> 00:05:24,299 There needs to be 133 00:05:24,300 --> 00:05:25,259 open. 134 00:05:25,260 --> 00:05:27,509 I think it's a shame that there's so 135 00:05:27,510 --> 00:05:29,129 few open Wi-Fi in Germany. 136 00:05:30,630 --> 00:05:32,879 When I ran the network, there has 137 00:05:32,880 --> 00:05:35,159 to be open Wi-Fi and because 138 00:05:35,160 --> 00:05:36,160 we want to run 139 00:05:37,420 --> 00:05:39,569 and find that 140 00:05:39,570 --> 00:05:41,669 we actually actually you have two 141 00:05:41,670 --> 00:05:43,769 of the wireless access 142 00:05:43,770 --> 00:05:46,379 points, which is a 143 00:05:46,380 --> 00:05:48,899 kind of big difference to an ordinary 144 00:05:48,900 --> 00:05:49,900 ISP. 145 00:05:52,680 --> 00:05:55,259 And then we want to make it 146 00:05:55,260 --> 00:05:57,539 useful beyond internet. 147 00:05:57,540 --> 00:05:59,279 We want to enable that cooperation. 148 00:05:59,280 --> 00:06:01,739 So that's why we oppose 149 00:06:01,740 --> 00:06:03,929 the internet principle of the internet 150 00:06:03,930 --> 00:06:05,009 and our network. 151 00:06:05,010 --> 00:06:07,169 There is no network address translation 152 00:06:07,170 --> 00:06:09,659 between neighbors, so 153 00:06:09,660 --> 00:06:12,119 peer-to-peer and sharing printers 154 00:06:12,120 --> 00:06:13,679 actually works. 155 00:06:13,680 --> 00:06:15,929 And by now, it is a few 156 00:06:15,930 --> 00:06:18,389 service for house internet 157 00:06:18,390 --> 00:06:19,319 service. 158 00:06:19,320 --> 00:06:21,449 But that's not what does talk us about 159 00:06:21,450 --> 00:06:23,909 this talk about the underlying 160 00:06:23,910 --> 00:06:25,529 infrastructure. 161 00:06:25,530 --> 00:06:27,629 And because I do not want to be 162 00:06:27,630 --> 00:06:30,299 the sole responsible 163 00:06:30,300 --> 00:06:32,939 person for all of it, 164 00:06:32,940 --> 00:06:35,189 I tried to enable collaborative 165 00:06:35,190 --> 00:06:37,719 administration from the beginning on. 166 00:06:37,720 --> 00:06:39,809 So of course, I 167 00:06:39,810 --> 00:06:42,029 want to increase the bus factor, 168 00:06:42,030 --> 00:06:44,219 so if anything happens to me 169 00:06:44,220 --> 00:06:46,049 that people can continue to take care of 170 00:06:46,050 --> 00:06:48,209 it. But I also want to invite users to 171 00:06:48,210 --> 00:06:49,210 take care of the 172 00:06:50,700 --> 00:06:52,889 of the infrastructure that is 173 00:06:52,890 --> 00:06:54,600 beyond their premises because. 174 00:06:57,010 --> 00:06:59,199 That would be very attractive to me as 175 00:06:59,200 --> 00:07:00,249 well. 176 00:07:00,250 --> 00:07:02,709 So I'm just projecting it 177 00:07:02,710 --> 00:07:03,609 onto them. 178 00:07:03,610 --> 00:07:05,409 And indeed, they are a few trusted 179 00:07:05,410 --> 00:07:07,869 neighbors from outside the hackerspace 180 00:07:07,870 --> 00:07:10,329 that have root access to the server. 181 00:07:10,330 --> 00:07:12,519 But in reality, no 182 00:07:12,520 --> 00:07:14,679 one really cares until there 183 00:07:14,680 --> 00:07:17,409 is an outage. 184 00:07:17,410 --> 00:07:20,079 So how do we enable that collaboration 185 00:07:20,080 --> 00:07:21,699 and transparency? 186 00:07:21,700 --> 00:07:24,129 Of course, like a software project, 187 00:07:24,130 --> 00:07:25,869 we have all the configuration that you 188 00:07:25,870 --> 00:07:27,969 get repository at 189 00:07:27,970 --> 00:07:29,649 first. Five years ago, we started out 190 00:07:29,650 --> 00:07:31,869 with a SaltStack, which was 191 00:07:31,870 --> 00:07:33,369 recommended to me at the time. 192 00:07:33,370 --> 00:07:35,649 I never got really happy with that 193 00:07:35,650 --> 00:07:37,869 and switched to an nexus 194 00:07:37,870 --> 00:07:39,069 this year. 195 00:07:39,070 --> 00:07:41,979 And that means the set up is 196 00:07:41,980 --> 00:07:44,769 entirely reproducible 197 00:07:44,770 --> 00:07:47,049 from the codebase 198 00:07:47,050 --> 00:07:49,329 is great for consistency. 199 00:07:49,330 --> 00:07:51,819 So what you see in the repository 200 00:07:51,820 --> 00:07:54,009 is the documentation. 201 00:07:54,010 --> 00:07:56,229 There are no fires in 202 00:07:56,230 --> 00:07:58,659 it'sI that have been touched by 203 00:07:58,660 --> 00:08:01,149 someone business luckily 204 00:08:03,880 --> 00:08:06,879 kind of enforced by a nexus, 205 00:08:06,880 --> 00:08:09,189 but should be done with any other 206 00:08:09,190 --> 00:08:11,289 deployment tool elsewhere. 207 00:08:11,290 --> 00:08:14,289 And if you contrast that to 208 00:08:14,290 --> 00:08:16,449 imperative style, where you actually 209 00:08:16,450 --> 00:08:18,109 touch the files intellectually slash 210 00:08:18,110 --> 00:08:20,229 Etsy, you will forget 211 00:08:20,230 --> 00:08:23,049 about them after a few days 212 00:08:23,050 --> 00:08:24,699 which have been modified, which are 213 00:08:24,700 --> 00:08:25,629 actually important. 214 00:08:25,630 --> 00:08:28,509 And this is even worse if you collaborate 215 00:08:28,510 --> 00:08:30,639 with other administrators. 216 00:08:30,640 --> 00:08:33,548 So a central repository 217 00:08:33,549 --> 00:08:35,048 where you have everything that is 218 00:08:35,049 --> 00:08:37,239 irrelevant in one place 219 00:08:37,240 --> 00:08:39,460 is really great for transparency. 220 00:08:41,020 --> 00:08:43,089 So Anne-Marie, you 221 00:08:43,090 --> 00:08:44,889 Nicholas fanboy, 222 00:08:46,120 --> 00:08:48,999 when there's no lockdown, we have 223 00:08:49,000 --> 00:08:51,319 daily record exchange and 224 00:08:51,320 --> 00:08:53,799 a with you at the space, 225 00:08:53,800 --> 00:08:55,929 so we get accused of 226 00:08:55,930 --> 00:08:58,149 circuit jerking and this is why this 227 00:08:58,150 --> 00:09:00,009 talk is not going to be in the 228 00:09:00,010 --> 00:09:01,269 advertisment. 229 00:09:01,270 --> 00:09:03,489 And indeed, if you 230 00:09:03,490 --> 00:09:05,799 prescribe declarative 231 00:09:05,800 --> 00:09:08,739 administration to your collaborators, 232 00:09:08,740 --> 00:09:10,869 that content can actually turn out to be 233 00:09:10,870 --> 00:09:13,149 a blocker for people who are 234 00:09:13,150 --> 00:09:14,150 not used to. 235 00:09:16,420 --> 00:09:18,489 Declarative style, 236 00:09:18,490 --> 00:09:20,589 who I used to touch face and 237 00:09:20,590 --> 00:09:21,590 such ATC. 238 00:09:23,730 --> 00:09:25,129 That is my experience. 239 00:09:26,720 --> 00:09:28,939 But it's better than touching 240 00:09:28,940 --> 00:09:31,159 to see you have to ignore these people. 241 00:09:32,390 --> 00:09:34,279 So people are always calling out for 242 00:09:34,280 --> 00:09:35,239 documentation. 243 00:09:35,240 --> 00:09:37,189 My experience is that doesn't work. 244 00:09:37,190 --> 00:09:38,190 People. 245 00:09:38,850 --> 00:09:40,319 Who do not look into court. 246 00:09:40,320 --> 00:09:42,419 Do not look into documentation, and 247 00:09:42,420 --> 00:09:44,379 there's also this problem this external 248 00:09:44,380 --> 00:09:46,589 addiction mutation gets 249 00:09:46,590 --> 00:09:48,689 out of sync with the actual state 250 00:09:48,690 --> 00:09:49,889 really quickly. 251 00:09:49,890 --> 00:09:52,019 So that's why you best keep it in 252 00:09:52,020 --> 00:09:53,669 the repository. 253 00:09:53,670 --> 00:09:54,670 And that's what we do. 254 00:09:57,070 --> 00:09:59,349 We've written quite some 255 00:09:59,350 --> 00:10:01,779 texts so that every neighbor 256 00:10:01,780 --> 00:10:03,999 can, like, get to know 257 00:10:04,000 --> 00:10:05,000 the network. 258 00:10:06,330 --> 00:10:08,339 But in fact, no one ever reached that no 259 00:10:08,340 --> 00:10:11,699 one ever scans those QR codes. 260 00:10:11,700 --> 00:10:14,069 And by now, because people, 261 00:10:14,070 --> 00:10:15,070 even the 262 00:10:16,350 --> 00:10:17,999 the admin team doesn't like to read 263 00:10:18,000 --> 00:10:20,369 documentation, I 264 00:10:20,370 --> 00:10:22,949 package the 265 00:10:22,950 --> 00:10:25,319 packages little scripts 266 00:10:25,320 --> 00:10:28,229 for four regular chores, so 267 00:10:28,230 --> 00:10:30,479 they do not have to look up documentation 268 00:10:30,480 --> 00:10:33,029 but just run the commands 269 00:10:33,030 --> 00:10:35,249 that are, yeah, documented 270 00:10:35,250 --> 00:10:36,250 in the process. 271 00:10:37,970 --> 00:10:39,950 So how do we design our network? 272 00:10:42,090 --> 00:10:43,479 Before we connect people, we actually 273 00:10:43,480 --> 00:10:46,139 need to separate the networks 274 00:10:46,140 --> 00:10:48,299 so they cannot 275 00:10:49,800 --> 00:10:51,869 break the neighbors network with a 276 00:10:51,870 --> 00:10:53,939 rope. It's a piece of a sending 277 00:10:53,940 --> 00:10:56,039 out an IP address 278 00:10:56,040 --> 00:10:58,619 or even worse, to wound up spoofing 279 00:10:58,620 --> 00:11:01,049 spoofing to redirect traffic. 280 00:11:02,550 --> 00:11:04,679 So what we want 281 00:11:04,680 --> 00:11:07,109 is an isolated link between 282 00:11:07,110 --> 00:11:10,319 a neighbor and a server 283 00:11:10,320 --> 00:11:12,509 and then connects on the 284 00:11:12,510 --> 00:11:15,299 IP level with 285 00:11:15,300 --> 00:11:17,339 well-defined routing and maybe even 286 00:11:17,340 --> 00:11:18,340 firewalls. 287 00:11:19,500 --> 00:11:21,989 So what we need is virtualization, and 288 00:11:21,990 --> 00:11:24,629 it's a vital technology for that card. 289 00:11:24,630 --> 00:11:25,630 Virtual lab, 290 00:11:27,180 --> 00:11:29,369 where you just give a 291 00:11:29,370 --> 00:11:31,439 network a number and a 292 00:11:31,440 --> 00:11:34,469 switch and to 293 00:11:34,470 --> 00:11:37,379 send multiple networks over one cable. 294 00:11:37,380 --> 00:11:40,529 This is where supported 295 00:11:40,530 --> 00:11:41,849 VLAN packet format 296 00:11:43,740 --> 00:11:44,740 you can see 297 00:11:46,290 --> 00:11:48,599 on the on top, you can see 298 00:11:48,600 --> 00:11:50,939 the normal Ethernet frame starting 299 00:11:50,940 --> 00:11:53,579 with a destination and source addresses. 300 00:11:53,580 --> 00:11:55,739 And then comes the packet type like 301 00:11:55,740 --> 00:11:57,899 I before I bibisex IP, 302 00:11:57,900 --> 00:11:58,900 you name it. 303 00:11:59,640 --> 00:12:01,759 And on the bottom, you have a 304 00:12:01,760 --> 00:12:03,839 special packet type 305 00:12:03,840 --> 00:12:06,179 for Velan, which 306 00:12:06,180 --> 00:12:08,789 is followed by the villain number, 307 00:12:08,790 --> 00:12:10,889 the network number and 308 00:12:10,890 --> 00:12:13,109 then the rest of 309 00:12:13,110 --> 00:12:15,149 the original packet follows. 310 00:12:16,290 --> 00:12:19,409 So when such a packet 311 00:12:19,410 --> 00:12:21,539 is received by a network 312 00:12:21,540 --> 00:12:23,819 device that understands that it 313 00:12:23,820 --> 00:12:26,189 can look at the number 314 00:12:26,190 --> 00:12:28,529 in the packet and assign 315 00:12:28,530 --> 00:12:29,669 it to the proper network. 316 00:12:32,050 --> 00:12:33,050 So this is 317 00:12:34,260 --> 00:12:36,489 this is understood by lots 318 00:12:36,490 --> 00:12:38,649 of configurable switches 319 00:12:38,650 --> 00:12:41,169 and by Linux and open w.r.t 320 00:12:41,170 --> 00:12:42,069 devices. 321 00:12:42,070 --> 00:12:44,169 And this is what we actually 322 00:12:44,170 --> 00:12:46,299 use on 323 00:12:46,300 --> 00:12:47,229 top. 324 00:12:47,230 --> 00:12:49,419 You can see cheap Wi-Fi routers 325 00:12:49,420 --> 00:12:51,579 that are supported by 326 00:12:51,580 --> 00:12:52,580 open w.r.t. 327 00:12:54,190 --> 00:12:56,469 Remember, we run them for 328 00:12:56,470 --> 00:12:58,569 our users to ensure they do not 329 00:12:58,570 --> 00:13:00,879 only run their private 330 00:13:00,880 --> 00:13:03,249 Wi-Fi network, but also their 331 00:13:03,250 --> 00:13:05,739 public, the public network 332 00:13:05,740 --> 00:13:07,329 that is open to anyone. 333 00:13:07,330 --> 00:13:09,759 And we run it with open w.r.t 334 00:13:09,760 --> 00:13:12,009 because it runs on many cheap devices 335 00:13:12,010 --> 00:13:13,029 and means freedom. 336 00:13:14,570 --> 00:13:15,570 And 337 00:13:16,880 --> 00:13:19,339 we get updates, and it's nice 338 00:13:19,340 --> 00:13:21,559 people often tell me to to just 339 00:13:21,560 --> 00:13:24,079 buy devices from the proper vendor. 340 00:13:24,080 --> 00:13:26,269 But that's not what we do here because 341 00:13:26,270 --> 00:13:27,559 we don't actually have a budget. 342 00:13:29,560 --> 00:13:32,679 In the middle, you can see big switches. 343 00:13:32,680 --> 00:13:33,909 These are not the 344 00:13:34,930 --> 00:13:37,089 10 euro switches you buy 345 00:13:37,090 --> 00:13:38,229 for your desk. 346 00:13:38,230 --> 00:13:39,729 But these are manageable switches that 347 00:13:39,730 --> 00:13:42,309 can be configured so that you can 348 00:13:42,310 --> 00:13:44,469 put sets of ports 349 00:13:44,470 --> 00:13:46,779 in different numbers, which 350 00:13:46,780 --> 00:13:47,820 are dense 351 00:13:48,970 --> 00:13:50,559 and on the bottom. 352 00:13:50,560 --> 00:13:52,719 That is the most important part 353 00:13:52,720 --> 00:13:53,829 of A. 354 00:13:53,830 --> 00:13:56,199 And once Tesla looks, we have freedom 355 00:13:56,200 --> 00:13:58,299 and to do whatever we want. 356 00:14:01,060 --> 00:14:03,849 So how do we configure these devices 357 00:14:03,850 --> 00:14:06,069 to issue the configuration should come 358 00:14:06,070 --> 00:14:08,379 from our repository 359 00:14:08,380 --> 00:14:10,689 and from that data, 360 00:14:10,690 --> 00:14:12,970 we just generate expected scripts. 361 00:14:14,710 --> 00:14:16,869 Expect is a domain specific 362 00:14:16,870 --> 00:14:18,760 language that just 363 00:14:20,290 --> 00:14:22,659 sends output and expects input, 364 00:14:22,660 --> 00:14:23,950 and that's how we can 365 00:14:25,180 --> 00:14:27,519 control it and assess its connections 366 00:14:27,520 --> 00:14:28,520 to these devices. 367 00:14:31,470 --> 00:14:33,959 And I recognize this 368 00:14:33,960 --> 00:14:36,179 as an OK way 369 00:14:36,180 --> 00:14:38,339 to do it, but it works with any 370 00:14:38,340 --> 00:14:40,439 device that is configurable over 371 00:14:40,440 --> 00:14:42,089 the command line. 372 00:14:42,090 --> 00:14:44,399 And we don't need vendor specific 373 00:14:44,400 --> 00:14:47,339 tools to use 374 00:14:47,340 --> 00:14:49,499 our devices because 375 00:14:49,500 --> 00:14:50,459 we got them for free. 376 00:14:50,460 --> 00:14:51,629 They are old. 377 00:14:51,630 --> 00:14:52,709 They are. 378 00:14:52,710 --> 00:14:54,719 There's no current software. 379 00:14:54,720 --> 00:14:56,789 Some network switches 380 00:14:56,790 --> 00:14:57,790 require 381 00:14:59,700 --> 00:15:01,829 configuration via 382 00:15:01,830 --> 00:15:03,809 a web interface that only supports 383 00:15:03,810 --> 00:15:05,759 Internet Explorer six. 384 00:15:05,760 --> 00:15:08,879 And it's really great if you 385 00:15:08,880 --> 00:15:11,219 discover a hidden command line in it 386 00:15:11,220 --> 00:15:13,559 where you can actually do 387 00:15:13,560 --> 00:15:15,149 these things, would you simply? 388 00:15:17,190 --> 00:15:19,289 But in the end, does this 389 00:15:19,290 --> 00:15:21,419 technology really sex 390 00:15:21,420 --> 00:15:23,669 and that there are no 391 00:15:23,670 --> 00:15:24,670 updates? 392 00:15:25,450 --> 00:15:27,539 It's a huge problem because this network 393 00:15:27,540 --> 00:15:28,769 infrastructure, this is not only a 394 00:15:28,770 --> 00:15:31,049 smartphone, I 395 00:15:31,050 --> 00:15:33,149 I rather have a big Linux box 396 00:15:33,150 --> 00:15:35,489 with 48 Ethernet ports instead. 397 00:15:37,740 --> 00:15:39,929 So how do we segment 398 00:15:39,930 --> 00:15:40,930 our network? 399 00:15:42,090 --> 00:15:44,279 We decided to go for the 400 00:15:44,280 --> 00:15:46,619 following network 401 00:15:46,620 --> 00:15:47,579 types. 402 00:15:47,580 --> 00:15:49,529 At first, we have a management network 403 00:15:49,530 --> 00:15:51,719 which is not really accessible. 404 00:15:51,720 --> 00:15:54,329 This is just for getting to 405 00:15:54,330 --> 00:15:56,999 the network devices 406 00:15:57,000 --> 00:15:59,269 and reconfiguring them with 407 00:15:59,270 --> 00:16:00,270 generated scripts. 408 00:16:01,740 --> 00:16:03,569 Then we have a core network, which is 409 00:16:03,570 --> 00:16:04,619 just at the center. 410 00:16:06,160 --> 00:16:08,889 It is where all the routers are there. 411 00:16:08,890 --> 00:16:11,529 We run a routine protocol 412 00:16:11,530 --> 00:16:13,899 open shortest path first so 413 00:16:13,900 --> 00:16:15,789 that there's a consistent view of 414 00:16:17,050 --> 00:16:19,660 the specific routes and 415 00:16:20,860 --> 00:16:23,169 all the other 416 00:16:23,170 --> 00:16:24,429 routes connected there. 417 00:16:26,080 --> 00:16:29,019 And for 418 00:16:29,020 --> 00:16:31,389 every network, we had 419 00:16:31,390 --> 00:16:32,390 clients. 420 00:16:33,880 --> 00:16:36,039 We have a gateway that is 421 00:16:36,040 --> 00:16:38,409 between the core network 422 00:16:38,410 --> 00:16:40,509 and those client networks, and those kind 423 00:16:40,510 --> 00:16:42,549 of networks is one for services, one for 424 00:16:42,550 --> 00:16:45,189 the hackerspace, one fully open Wi-Fi 425 00:16:45,190 --> 00:16:47,559 and many for every neighbor. 426 00:16:48,910 --> 00:16:51,399 And then there are isolated networks 427 00:16:51,400 --> 00:16:53,529 because sometimes 428 00:16:53,530 --> 00:16:55,719 people are afraid of doing 429 00:16:55,720 --> 00:16:58,659 networking with people. 430 00:16:58,660 --> 00:17:01,119 So we can connect them 431 00:17:01,120 --> 00:17:03,219 with their modem in the basement. 432 00:17:04,920 --> 00:17:07,479 Yeah, and provide an isolated Ethernet 433 00:17:07,480 --> 00:17:08,480 link. 434 00:17:09,250 --> 00:17:12,039 This has all other been very useful 435 00:17:12,040 --> 00:17:14,338 for conferences like the urban sprawl 436 00:17:14,339 --> 00:17:17,299 and the the U.S. 437 00:17:17,300 --> 00:17:19,479 want to do, like 438 00:17:19,480 --> 00:17:21,818 audio video breeches or put 439 00:17:21,819 --> 00:17:24,249 their computer nodes 440 00:17:24,250 --> 00:17:25,250 in another room. 441 00:17:26,109 --> 00:17:28,088 So that's a lot of flexibility that you 442 00:17:28,089 --> 00:17:30,459 get when 443 00:17:30,460 --> 00:17:32,769 you have 444 00:17:32,770 --> 00:17:34,899 manageability, which is put 445 00:17:34,900 --> 00:17:35,799 everywhere. 446 00:17:35,800 --> 00:17:38,079 This is a Griffith generated 447 00:17:38,080 --> 00:17:40,209 visualization form 448 00:17:40,210 --> 00:17:42,279 or configuration. It's 449 00:17:42,280 --> 00:17:44,800 just a side product and 450 00:17:47,050 --> 00:17:49,569 rectangular islets, which is circular 451 00:17:50,770 --> 00:17:51,909 and hexagon. 452 00:17:51,910 --> 00:17:54,459 All the access points and indeed 453 00:17:54,460 --> 00:17:56,559 cheap open access points 454 00:17:56,560 --> 00:17:58,029 are manageable switches. 455 00:17:59,470 --> 00:18:01,569 A lot of them have configurable 456 00:18:01,570 --> 00:18:04,090 the switching chips inside to 457 00:18:05,170 --> 00:18:07,389 to separate all those 458 00:18:07,390 --> 00:18:08,390 Ethernet ports. 459 00:18:09,610 --> 00:18:11,649 So now that a physical structure is soft, 460 00:18:11,650 --> 00:18:13,239 let's connect these networks logically 461 00:18:13,240 --> 00:18:15,219 with IPv4 and IPV six. 462 00:18:22,790 --> 00:18:23,790 I want a strong image, 463 00:18:26,480 --> 00:18:28,219 this physical structure. 464 00:18:28,220 --> 00:18:29,220 So 465 00:18:30,500 --> 00:18:32,569 we have a startup, I look at 466 00:18:32,570 --> 00:18:34,249 topology topology 467 00:18:36,020 --> 00:18:37,969 with the core at the center. 468 00:18:37,970 --> 00:18:40,250 And this way our route is up 469 00:18:41,990 --> 00:18:44,119 and running a routine protocol 470 00:18:44,120 --> 00:18:46,459 means we can add routers with 471 00:18:46,460 --> 00:18:48,739 reconfiguring the others 472 00:18:48,740 --> 00:18:49,880 so we don't have. 473 00:18:58,210 --> 00:19:00,579 For flexibility, we have no constraints 474 00:19:00,580 --> 00:19:01,479 by embedded hardware. 475 00:19:01,480 --> 00:19:03,489 I know there's and there's hardware that 476 00:19:03,490 --> 00:19:05,889 can do IP and IPV six rooting. 477 00:19:05,890 --> 00:19:07,089 But on Linux, 478 00:19:08,290 --> 00:19:10,690 it's just much more potential. 479 00:19:12,190 --> 00:19:14,469 So for the routers, I decided 480 00:19:14,470 --> 00:19:16,749 to to have the granularity 481 00:19:16,750 --> 00:19:19,449 at the router level, so I put them in 482 00:19:19,450 --> 00:19:20,450 Linux containers. 483 00:19:21,700 --> 00:19:24,069 This is not like talking about this for 484 00:19:24,070 --> 00:19:25,539 Nicholas and Alex. 485 00:19:25,540 --> 00:19:27,729 See where we can actually 486 00:19:27,730 --> 00:19:29,799 have moved to the network 487 00:19:29,800 --> 00:19:31,989 interfaces per container. 488 00:19:31,990 --> 00:19:34,689 And so we can 489 00:19:34,690 --> 00:19:37,329 bring the core network into 490 00:19:37,330 --> 00:19:39,159 one of the access networks to a 491 00:19:39,160 --> 00:19:40,160 container, 492 00:19:41,410 --> 00:19:43,720 and the villain is 493 00:19:45,850 --> 00:19:48,249 handled by the Linux, host 494 00:19:48,250 --> 00:19:50,409 the bridges and network 495 00:19:50,410 --> 00:19:51,459 into the container. 496 00:19:54,520 --> 00:19:56,769 So what the router containers do, 497 00:19:56,770 --> 00:19:57,789 of course, is rooting, 498 00:19:59,680 --> 00:20:01,749 not rooting for 499 00:20:01,750 --> 00:20:03,939 the internet uplinks and 500 00:20:03,940 --> 00:20:05,769 for the routers between the Kornet and 501 00:20:05,770 --> 00:20:08,079 the access networks. 502 00:20:08,080 --> 00:20:10,149 The HP servers for and 503 00:20:10,150 --> 00:20:11,979 the IP for addresses as potential 504 00:20:11,980 --> 00:20:14,889 treatments for any IPV six addresses 505 00:20:14,890 --> 00:20:17,559 and neighbors can actually 506 00:20:17,560 --> 00:20:19,659 get a firewall if they do not want 507 00:20:19,660 --> 00:20:20,709 incoming connections. 508 00:20:24,280 --> 00:20:26,379 So when you have 509 00:20:26,380 --> 00:20:28,959 shed infrastructure, people are always 510 00:20:28,960 --> 00:20:31,839 afraid of the leeches inside us. 511 00:20:31,840 --> 00:20:33,579 That's why we need. 512 00:20:36,440 --> 00:20:39,079 That's why we need Typekit scheduling 513 00:20:39,080 --> 00:20:41,899 on the sending interfaces. 514 00:20:41,900 --> 00:20:44,029 And for quite some 515 00:20:44,030 --> 00:20:46,130 time, we used control delay 516 00:20:47,180 --> 00:20:49,460 ship to our upstream bandwidth. 517 00:20:50,480 --> 00:20:52,969 It is. This shape is also the default 518 00:20:52,970 --> 00:20:54,319 for open N.W.T. 519 00:20:54,320 --> 00:20:55,579 by now. 520 00:20:55,580 --> 00:20:57,739 So this also keeps 521 00:20:57,740 --> 00:21:00,289 queues short on Wi-Fi. 522 00:21:00,290 --> 00:21:01,640 But by now, there is this 523 00:21:03,470 --> 00:21:04,600 cake shaper 524 00:21:05,960 --> 00:21:07,879 called Come on, applications kept 525 00:21:07,880 --> 00:21:08,880 enhanced. 526 00:21:09,660 --> 00:21:11,879 That boots on top of quarter 527 00:21:11,880 --> 00:21:14,069 and brings many 528 00:21:14,070 --> 00:21:16,469 more integrated features for 529 00:21:16,470 --> 00:21:18,569 a most snappy internet access. 530 00:21:23,970 --> 00:21:27,119 So now that our networks 531 00:21:27,120 --> 00:21:29,549 and network runs and provides internet 532 00:21:29,550 --> 00:21:30,550 to people, 533 00:21:31,650 --> 00:21:34,439 I have spent a few thoughts 534 00:21:34,440 --> 00:21:35,999 for appalling quality. 535 00:21:40,330 --> 00:21:42,449 So we were on 536 00:21:42,450 --> 00:21:44,799 network on cheap devices 537 00:21:44,800 --> 00:21:48,009 where there are no no replacements, 538 00:21:48,010 --> 00:21:49,779 there's no redundancy. 539 00:21:51,650 --> 00:21:53,809 Because there's simply no similar 540 00:21:53,810 --> 00:21:55,430 devices left. 541 00:21:56,450 --> 00:21:58,069 That means we have the best monitoring 542 00:21:58,070 --> 00:21:59,749 people call me when they don't have 543 00:21:59,750 --> 00:22:00,709 internet. 544 00:22:00,710 --> 00:22:02,359 But of course, I want to make people 545 00:22:02,360 --> 00:22:03,360 happy. 546 00:22:04,040 --> 00:22:06,439 And because they 547 00:22:08,210 --> 00:22:10,279 have their want fire devices on 548 00:22:10,280 --> 00:22:12,559 premises where we can't 549 00:22:12,560 --> 00:22:13,560 go and check. 550 00:22:15,020 --> 00:22:17,089 I was afraid of it's becoming 551 00:22:17,090 --> 00:22:18,949 unplugged, which would mean there would 552 00:22:18,950 --> 00:22:20,999 be dysfunction. 553 00:22:21,000 --> 00:22:23,089 The Wi-Fi networks, 554 00:22:23,090 --> 00:22:25,609 which is why I 555 00:22:25,610 --> 00:22:27,679 made a little Akron drop that runs every 556 00:22:27,680 --> 00:22:29,749 few minutes and checks if the 557 00:22:29,750 --> 00:22:31,819 server is reachable 558 00:22:31,820 --> 00:22:34,429 and if it's not that were turned on, 559 00:22:34,430 --> 00:22:37,789 shut down the Wi-Fi, avoiding 560 00:22:37,790 --> 00:22:39,260 broken Wi-Fi networks. 561 00:22:42,390 --> 00:22:44,279 By now, we have multiple internet 562 00:22:44,280 --> 00:22:45,280 connections. 563 00:22:45,900 --> 00:22:48,119 Originally, I planned that move to 564 00:22:48,120 --> 00:22:50,369 enable this can put into one internet 565 00:22:50,370 --> 00:22:52,589 connection. Turns out one 566 00:22:52,590 --> 00:22:54,299 big internet connection is enough. 567 00:22:55,480 --> 00:22:56,480 For everyone. 568 00:22:57,360 --> 00:22:59,579 So people don't actually care 569 00:22:59,580 --> 00:23:01,679 about which technology they use to get to 570 00:23:01,680 --> 00:23:03,059 the internet. 571 00:23:03,060 --> 00:23:05,249 They just want internet 572 00:23:05,250 --> 00:23:07,049 and I want to give them the fastest 573 00:23:07,050 --> 00:23:08,399 experience. 574 00:23:08,400 --> 00:23:11,219 So actually, everyone 575 00:23:11,220 --> 00:23:13,469 is routed over 576 00:23:13,470 --> 00:23:16,259 the fastest internet connection 577 00:23:16,260 --> 00:23:17,849 except for the public network, which you 578 00:23:17,850 --> 00:23:20,129 can't directly because we're in Germany. 579 00:23:20,130 --> 00:23:22,889 That's why we use VPN providers. 580 00:23:22,890 --> 00:23:25,559 But there's more internet connections. 581 00:23:25,560 --> 00:23:27,929 And I use them as 582 00:23:27,930 --> 00:23:30,239 fallback because we run or 583 00:23:30,240 --> 00:23:32,729 we already run the routine protocol 584 00:23:32,730 --> 00:23:34,589 between routers. 585 00:23:35,670 --> 00:23:37,739 We have some dynamic sharing 586 00:23:37,740 --> 00:23:39,569 of the rooting state. 587 00:23:39,570 --> 00:23:41,669 But the protocol has 588 00:23:41,670 --> 00:23:44,279 a consistent view of the routing table 589 00:23:44,280 --> 00:23:45,299 in a network. 590 00:23:45,300 --> 00:23:48,059 That means if you put multiple routing 591 00:23:48,060 --> 00:23:49,649 multiple default routes for internet 592 00:23:49,650 --> 00:23:51,749 access in there, the network 593 00:23:51,750 --> 00:23:53,939 will decide on just one 594 00:23:53,940 --> 00:23:54,940 router for everyone. 595 00:23:55,800 --> 00:23:57,869 So I was looking for a solution with 596 00:23:57,870 --> 00:24:00,419 that. And then I discovered that, 597 00:24:00,420 --> 00:24:02,639 well, SPF can coexist 598 00:24:02,640 --> 00:24:05,879 on one network in multiple instances, 599 00:24:05,880 --> 00:24:08,099 and you can actually configure this. 600 00:24:08,100 --> 00:24:10,679 But the routine protocol implementation 601 00:24:10,680 --> 00:24:11,680 to select 602 00:24:13,140 --> 00:24:15,329 routes from these OPF 603 00:24:15,330 --> 00:24:18,269 instances with a specific preference. 604 00:24:18,270 --> 00:24:20,459 So we remove 605 00:24:20,460 --> 00:24:22,859 the decision process from the 606 00:24:22,860 --> 00:24:24,899 we move the decision process from the 607 00:24:24,900 --> 00:24:27,630 protocol into the routine suit and 608 00:24:28,680 --> 00:24:30,480 have some preference 609 00:24:31,800 --> 00:24:34,019 for which route to which 610 00:24:34,020 --> 00:24:36,869 internet router to take if 611 00:24:36,870 --> 00:24:38,220 the first one is done. 612 00:24:39,300 --> 00:24:41,489 And this works very well 613 00:24:41,490 --> 00:24:43,799 due to that. We don't have a 614 00:24:43,800 --> 00:24:46,769 public IP addresses inside the network 615 00:24:46,770 --> 00:24:47,789 where we don't have public. 616 00:24:47,790 --> 00:24:49,649 I mean, I prefer addresses. 617 00:24:49,650 --> 00:24:51,569 We have public IPV six addresses in the 618 00:24:51,570 --> 00:24:54,209 network. But 619 00:24:54,210 --> 00:24:56,339 that works too, 620 00:24:56,340 --> 00:24:58,859 because on the 621 00:24:58,860 --> 00:25:01,499 internet uplink that are not associated 622 00:25:01,500 --> 00:25:03,900 with these addresses, we use not 66. 623 00:25:07,420 --> 00:25:09,639 And on the space, 624 00:25:09,640 --> 00:25:12,189 because we have moved to the 625 00:25:12,190 --> 00:25:13,360 internet, connections 626 00:25:14,590 --> 00:25:17,169 actually provide multiple 627 00:25:17,170 --> 00:25:18,170 default worlds. 628 00:25:20,000 --> 00:25:22,429 So users can actually 629 00:25:22,430 --> 00:25:24,829 add a different route, taking that away 630 00:25:24,830 --> 00:25:26,899 to the internet, just for the technical 631 00:25:26,900 --> 00:25:27,900 people. 632 00:25:29,440 --> 00:25:30,489 So 633 00:25:31,540 --> 00:25:33,009 because we have a few service 634 00:25:34,060 --> 00:25:36,669 now, the two services, 635 00:25:36,670 --> 00:25:39,309 I am also looking into redundancy 636 00:25:39,310 --> 00:25:40,310 for the network. 637 00:25:41,680 --> 00:25:43,839 By now, we have 638 00:25:43,840 --> 00:25:46,179 a second server that is on standby. 639 00:25:46,180 --> 00:25:48,549 I bought booted every month to do updates 640 00:25:48,550 --> 00:25:50,769 to deploy the extra state, 641 00:25:50,770 --> 00:25:53,049 but then I it down 642 00:25:53,050 --> 00:25:55,599 again because server 643 00:25:55,600 --> 00:25:57,609 needs a lot of energy. 644 00:25:57,610 --> 00:26:00,250 But I do now have also looked into 645 00:26:01,480 --> 00:26:03,639 using pacemaker because these 646 00:26:03,640 --> 00:26:05,709 containers they can be are pretty 647 00:26:05,710 --> 00:26:07,269 independent from their host that can be 648 00:26:07,270 --> 00:26:09,490 started on any host, on any server. 649 00:26:10,810 --> 00:26:13,599 So that's actually really where 650 00:26:13,600 --> 00:26:14,600 suitable for 651 00:26:16,120 --> 00:26:17,829 for high availability 652 00:26:19,240 --> 00:26:21,459 and to to 653 00:26:21,460 --> 00:26:23,559 start them on another server when the 654 00:26:23,560 --> 00:26:24,640 first server has gone down. 655 00:26:26,820 --> 00:26:27,820 So. 656 00:26:29,680 --> 00:26:31,779 Just to show you a quote 657 00:26:31,780 --> 00:26:32,780 slight with caught, 658 00:26:34,120 --> 00:26:36,069 this is how our next flick looks like 659 00:26:37,480 --> 00:26:38,739 an exit. 660 00:26:38,740 --> 00:26:40,959 We have an excellent configuration for 661 00:26:40,960 --> 00:26:43,689 all the containers for the service. 662 00:26:43,690 --> 00:26:45,969 And then we build packages from 663 00:26:45,970 --> 00:26:46,970 that. 664 00:26:48,610 --> 00:26:51,129 Packages containing Linux 665 00:26:51,130 --> 00:26:53,709 that we can with it to a script 666 00:26:53,710 --> 00:26:55,929 switch to very quickly 667 00:26:55,930 --> 00:26:58,299 and in a kind of atomic 668 00:26:58,300 --> 00:27:00,369 way, and we can also roll that 669 00:27:00,370 --> 00:27:02,919 back in a very quick fashion. 670 00:27:02,920 --> 00:27:05,259 And what you can also see here is 671 00:27:05,260 --> 00:27:07,929 that device 672 00:27:07,930 --> 00:27:10,599 configuration scripts just packages 673 00:27:10,600 --> 00:27:13,359 that you can run with next run 674 00:27:13,360 --> 00:27:15,639 and do the deployment 675 00:27:15,640 --> 00:27:16,869 that way. 676 00:27:16,870 --> 00:27:19,149 So it's really a nice interface and 677 00:27:19,150 --> 00:27:20,920 flakes gifts 678 00:27:22,330 --> 00:27:24,579 perfect cute usability 679 00:27:24,580 --> 00:27:26,799 by pinning all the inputs, 680 00:27:26,800 --> 00:27:29,049 all versions of the state that 681 00:27:29,050 --> 00:27:31,179 goes into your code. 682 00:27:31,180 --> 00:27:34,359 And Nicholas also 683 00:27:34,360 --> 00:27:36,699 provides facilities to actually 684 00:27:36,700 --> 00:27:38,859 start the system and look over to 685 00:27:38,860 --> 00:27:40,929 the machine very quickly so it can 686 00:27:40,930 --> 00:27:43,449 actually develop all of that 687 00:27:43,450 --> 00:27:46,089 in on my local machine. 688 00:27:46,090 --> 00:27:47,139 Tested. 689 00:27:47,140 --> 00:27:49,279 And once it runs, I can't deploy 690 00:27:49,280 --> 00:27:50,349 to production. 691 00:27:50,350 --> 00:27:52,509 And that has worked really 692 00:27:52,510 --> 00:27:54,160 well over time. 693 00:28:01,140 --> 00:28:03,629 So in all the time, we connected 694 00:28:03,630 --> 00:28:06,059 three isolated networks one hackerspace 695 00:28:06,060 --> 00:28:08,489 network, 42 696 00:28:08,490 --> 00:28:10,649 neighbor networks, we ran 697 00:28:10,650 --> 00:28:12,630 41 Wi-Fi access points 698 00:28:14,250 --> 00:28:16,529 with open Wi-Fi and neighbor 699 00:28:16,530 --> 00:28:17,549 networks. 700 00:28:17,550 --> 00:28:19,799 And if you listen to a number 701 00:28:19,800 --> 00:28:21,909 that is less, why four extra 702 00:28:21,910 --> 00:28:24,119 points than neighbor networks 703 00:28:24,120 --> 00:28:25,529 people can actually share, 704 00:28:27,260 --> 00:28:30,179 you know, plastic routers as well. 705 00:28:30,180 --> 00:28:32,579 We ran seven manageable switches. 706 00:28:32,580 --> 00:28:34,679 We have one active and one called 707 00:28:34,680 --> 00:28:36,299 by server. 708 00:28:36,300 --> 00:28:38,670 We have six service, a service and. 709 00:28:40,360 --> 00:28:42,579 The entire house is Richard 710 00:28:42,580 --> 00:28:44,709 Burr globally, IPV six 711 00:28:44,710 --> 00:28:47,439 and Richard Burr from Jean, 42. 712 00:28:47,440 --> 00:28:49,210 We have an infrastructure. 713 00:28:51,220 --> 00:28:53,079 Few internet connections, 714 00:28:54,460 --> 00:28:56,739 and I have to say once, once 715 00:28:56,740 --> 00:28:58,959 the stuff is running smoothly, 716 00:28:58,960 --> 00:29:01,359 maintenance gets reduced to 717 00:29:01,360 --> 00:29:03,819 keeping devices updated, onboarding 718 00:29:03,820 --> 00:29:05,889 new participants and 719 00:29:05,890 --> 00:29:06,890 extending the network. 720 00:29:08,900 --> 00:29:10,849 I get a lot of satisfaction from this 721 00:29:10,850 --> 00:29:13,429 project because it actually provides 722 00:29:13,430 --> 00:29:15,559 an important service to people that I 723 00:29:15,560 --> 00:29:17,749 know. I want you to think about it. 724 00:29:17,750 --> 00:29:19,879 You can do 725 00:29:19,880 --> 00:29:21,649 it this too. 726 00:29:21,650 --> 00:29:23,629 Once you automate your infrastructure, 727 00:29:23,630 --> 00:29:25,729 you can do it very, very 728 00:29:25,730 --> 00:29:26,730 easily for us. 729 00:29:28,220 --> 00:29:30,049 I want you to ensure end to end 730 00:29:30,050 --> 00:29:32,179 reachability, which is easy with 731 00:29:32,180 --> 00:29:34,399 IPV six nowadays and promote 732 00:29:34,400 --> 00:29:35,359 usage of the internet. 733 00:29:35,360 --> 00:29:38,359 How it is supposed to be used to work 734 00:29:38,360 --> 00:29:40,489 end to end so everyone can be 735 00:29:40,490 --> 00:29:41,490 assisted. 736 00:29:41,900 --> 00:29:42,900 Thank you for listening. 737 00:29:45,830 --> 00:29:48,079 Thanks so much for your great 738 00:29:48,080 --> 00:29:49,849 talk. Reproducible building network 739 00:29:49,850 --> 00:29:51,319 infrastructure. 740 00:29:51,320 --> 00:29:54,079 Back here on the Harat stage, 741 00:29:54,080 --> 00:29:56,209 we of course collected some questions for 742 00:29:56,210 --> 00:29:59,029 you. The first one would be 743 00:29:59,030 --> 00:30:01,099 did you have any non-technical 744 00:30:01,100 --> 00:30:02,959 issues with open public Wi-Fi? 745 00:30:02,960 --> 00:30:04,669 I mean, you already talked about it a 746 00:30:04,670 --> 00:30:06,979 bit. You explicitly 747 00:30:06,980 --> 00:30:09,019 use VPN for those ones. 748 00:30:09,020 --> 00:30:11,149 But what is your experience running those 749 00:30:11,150 --> 00:30:14,209 networks on a kind of non-technical 750 00:30:14,210 --> 00:30:16,309 level where the legal 751 00:30:16,310 --> 00:30:18,589 level, I guess, because we were very 752 00:30:18,590 --> 00:30:21,139 aware of the legal issues and Germany, 753 00:30:21,140 --> 00:30:23,719 we decided to use a VPN provider 754 00:30:23,720 --> 00:30:24,859 from the beginning on. 755 00:30:24,860 --> 00:30:27,829 But the other aspect is that 756 00:30:27,830 --> 00:30:29,989 people don't scan makes you are quotes. 757 00:30:29,990 --> 00:30:32,719 People don't read my documentation. 758 00:30:32,720 --> 00:30:34,999 They just say, Oh, there's a public Wi-Fi 759 00:30:35,000 --> 00:30:36,679 that can use it. That's OK. 760 00:30:36,680 --> 00:30:38,509 And yes, later they come to me and say 761 00:30:38,510 --> 00:30:40,519 what I can. I can get like a private 762 00:30:40,520 --> 00:30:41,989 Wi-Fi. 763 00:30:41,990 --> 00:30:44,029 I've been using this open way for other 764 00:30:44,030 --> 00:30:46,189 time, and people have been printing on 765 00:30:46,190 --> 00:30:47,929 my friend to I don't know who it was. 766 00:30:51,490 --> 00:30:53,739 All right, so this is a 767 00:30:53,740 --> 00:30:55,599 kind of a positive experience that is 768 00:30:55,600 --> 00:30:57,729 possible as well as long as you're kind 769 00:30:57,730 --> 00:30:59,680 of legally safe to run your network. 770 00:31:01,570 --> 00:31:04,059 So there's another question. 771 00:31:04,060 --> 00:31:06,729 Well, you made a bit of advertisement 772 00:31:06,730 --> 00:31:08,799 for a Nicholas, but there's 773 00:31:08,800 --> 00:31:11,289 a question why didn't you choose a 774 00:31:11,290 --> 00:31:12,309 few weeks? 775 00:31:12,310 --> 00:31:14,679 The new to you 776 00:31:14,680 --> 00:31:17,019 been very paranoid this system? 777 00:31:18,130 --> 00:31:19,140 Too many passengers. 778 00:31:21,720 --> 00:31:22,869 Oh, there's a there's a big concern 779 00:31:22,870 --> 00:31:25,209 Exodus community here, and I actually 780 00:31:25,210 --> 00:31:26,979 like the language a lot. 781 00:31:26,980 --> 00:31:29,049 OK, so this would be would 782 00:31:29,050 --> 00:31:31,409 have been an alternative, but you're 783 00:31:31,410 --> 00:31:33,399 a clearly mixed race fan. 784 00:31:33,400 --> 00:31:35,469 And so you just decided, yes, I am a 785 00:31:35,470 --> 00:31:37,869 fanboy. This like like saltstack 786 00:31:37,870 --> 00:31:40,149 ends of a chef 787 00:31:40,150 --> 00:31:41,799 and puppet. 788 00:31:41,800 --> 00:31:43,390 But I really think this race is based. 789 00:31:45,130 --> 00:31:46,130 Nice. 790 00:31:46,750 --> 00:31:49,419 Another question we collected here is 791 00:31:49,420 --> 00:31:51,639 do you have or run a pipeline 792 00:31:51,640 --> 00:31:53,709 on your git repository, which is kind 793 00:31:53,710 --> 00:31:55,539 of related to the next US? 794 00:31:55,540 --> 00:31:57,609 So the person that asked it says I have 795 00:31:57,610 --> 00:32:00,099 no idea how says is really working. 796 00:32:00,100 --> 00:32:02,499 So is it kind of like a pipeline 797 00:32:02,500 --> 00:32:05,739 where you can deploy every change 798 00:32:05,740 --> 00:32:07,629 to your overall network infrastructure 799 00:32:07,630 --> 00:32:09,759 then? Or is it kind of implicit 800 00:32:09,760 --> 00:32:11,949 within existing kind 801 00:32:11,950 --> 00:32:13,419 of implicit? 802 00:32:13,420 --> 00:32:15,639 Mm hmm. So the deployment is 803 00:32:15,640 --> 00:32:17,499 self scripted and was very trivial to do 804 00:32:17,500 --> 00:32:18,500 with Nicolas. 805 00:32:20,300 --> 00:32:22,549 All right. So you just run 806 00:32:22,550 --> 00:32:24,709 the updates on us and everyone 807 00:32:24,710 --> 00:32:26,569 just gets the latest infrastructure 808 00:32:26,570 --> 00:32:27,679 there. 809 00:32:27,680 --> 00:32:28,909 All right. 810 00:32:28,910 --> 00:32:31,699 With this and 811 00:32:31,700 --> 00:32:33,889 yeah, with another thanks to you 812 00:32:33,890 --> 00:32:35,119 as a to do this and 813 00:32:36,290 --> 00:32:37,579 we can end this talk. 814 00:32:37,580 --> 00:32:39,949 And again, thanks for watching here 815 00:32:39,950 --> 00:32:42,469 on couse salinity for 816 00:32:42,470 --> 00:32:44,329 life from the Potsdam stage. 817 00:32:44,330 --> 00:32:45,739 See you for the next talk.