Hide Table of Contents
Well, after almost a year since the first blood, I managed to get time (and the mood) to document this fabulous gambiarra =P of mine.
Since the beginning, it's a fundamental requirement to (re)use used (or even thrown away) assets. I decided to avoid spend cash where possible, as long safety and the main goal are not negatively affected. We, Brazilians, are going to face some long low profile years thanks to our (almost collapsed) economy, and I need to prevent my setup to become expensive enough to be a hindrance to my hobby budget.
Redundancy, flexibility and (somewhat) high availability are also desirable, and are being implemented by baby steps (I already have an UPS, gift from a friend, but I still need to buy new power cells!).
One requirement for the Confederation is easy moving. I need to be able to physically move the whole thing to a new address (momentarily or permanently) at will and without too much harass.
This is interesting because eventually the thing will be used on some retro event I used to attend, and so the whole mess must be, somehow, portable.
So I decided to a hierarchical topology - the Confederation stuff is concealed in its own (sub) topology, and the resulting black box is attached under someone else's (usually mine) existing topology. Or directly into the a WAN, when a host network is not available or desirable (3G Access Points rulez!).
This is what I have for now from my side of the cable modem:
From left to right:
Not shown above there're three (one of them yet being planned) more switches, interconnecting a myriad of appliances (from videogames to media center, home automation, and some computers and servers).
The Network Diagram follows (click to full size version):
Alternatively, when on the road (or when I wonderfully botch up my home network, what happens now and then while I'm experimenting new things), the cluster can be hanged directly into the WAN (again, click to full size version):
The thing will detect the current hosting IP, and will update the DNS entry automatically at AWS' Route53. This makes moving the setup a breeze, and allow the thing to be served by dynamic IP ISPs.
Currently, only IPv4 are supported (mainly due the AWS being unable, yet, to handle IPv6, rendering it unusable to this setup for while) but the services are proved to work fine under IPv6 (my intranet uses both IPv4 and IPv6).
Nuff said. Whatever I would be using at the moment to connect to the Wild Wide Web, it will be it.
While piggybacked into that INTERNET thingy =P, I handle it as an autonomous entity.
This URL will be the entry point for every single service, even when accessed from my intranet (I'm lazy, I hate service configurations!). My router does the magic of translating things using NAT and rerouting, so intranet access remains on the intranet, and then only the accesses originated from the other side of my cable-modem effectively consumes my (scarce) bandwidth.
For example, accessing http://service.retro.lisias.net:8090/report.txt will hit my AWS appliance, that will detect an RESTful access to a Micro Service, and then redirect it to http://cluster.retro.lisias.net:8090/report.txt (or http://home.lisias.net:8090/report.txt , depending if the cluster is at my home or on the road). It detects, also, when ordinary HTTP requests must be handled by my AWS appliances (this page is served from there) or from my cluster's http2.bash daemon in the cluster (as the HTML clients for the Search Engines).
If that requests are made from your machine, outside my intranet (home.lisias.net), and the Confederation is hosted in my home, my home's router receives the request, NAT it and forward it to the cluster.retro.lisias.net's router, that so NAT it again and switch it to the target server. If the requests are made from inside of my intranet, once my router receives the redirect from the AWS appliance it resolves the name to a shortcut directly into the cluster.retro.lisias.net, not routing the answer to the INTERNET.
This make things a lot faster inside my intranet, and saves bandwidth while listening my own WebRadio. :-)
That NAT over NAT thing can be a pain in the arse, but this is exactly what allows me to move the cluster.retro.lisias.net from my intranet to anywhere in the world, and then back to my intranet, with exactly ZERO RECONFIGURATION.
The whole thing is Plug and Play. Honest. :-)
My home network, served by the 1043nd router.
Details are out of scope, but a small description follows.
My home network is subnetworked (using vlans). Heavily. There're wired subnetworks for my entertainment devices (PS3, PS2, Media Center, Smart TV, etc), for my personal computers and yet another one for my servers and computers used professionally.
Such division easy up QoS and security, and will allow me to better load balance am eventual second INTERNET provider I plan to contract in the near future (I work at home, after all).
The Wifi accesses are subnetworked too, as the wired ones:
wifisubnetwork is dedicated to thrusted devices (as my handhelds, and my son's PS Vita and mobile phone). There's low interaction with the other subnetworks for safety. Only a few, known devices, are allowed into this subnetwork.
guestsubnetwork, on the other hand, are loosely controlled. Anything that knows the password are allowed to connect, but this subnetwork is completely isolated from everything else. The guy can access the INTERNET, and that's all.
Things here are somewhat simpler on this router, a WR-740n. There're no wired subnetworks, as all the appliances here are dedicated to a single function, the Confederation.
The published service requests are handled by the router itself (that then reroute the request to the correct host), and the published ports are the only ones allowed to receive connections from the outside. The appliances, on the other hand, are free to connect to anywhere "out there".
However, the wifi accesses are subnetworked in a similar way my home router does:
wifisubnetwork is dedicated to a handful thrusted devices, and this is the subnetwork where administration can happen.
guestsubnetwork, as in my home network, are loosely controlled.
In order to cope with a growing (I hope! :-) ) base of appliances, I decided to split the appliances in "racks". Each rack is hang around a switcher (currently 100Base2 - there's no point on using 1000Base2 on Raspberries Pi, as they they only cut about 20Mb on the ETH).
The racks are numbered from 0, and each appliance is named from the Alphabet (and spelled using NATO phonetics - Alpha, Bravo, etc). The Alpha appliance is the rack's main controller. It's far easier to handle 2 Alphas, and delegating responsibilities over the others to them.
A full description of the appliances forming the Confederation can be found here, and will not be replicated on this text.
This section is Work In Progress at the moment.