Network Configuration Reference¶
This page provides quick reference information for network configuration, static IP assignments, firewall rules, and port allocations.
VLAN Configuration¶
For comprehensive VLAN configuration including subnet assignments, purposes, device lists, and security policies, see the Network Architecture page.
Quick Reference: * All VLANs use 172.16.x.0/24 addressing * Gateway: 172.16.x.1 for each VLAN * 7 VLANs: Management (0), Servers (90), Users (100), Guests (101), IoT (102), Lab (103), 10GbE Storage (104)
Static IP Assignments¶
Infrastructure (VLAN 0 - Management)¶
| Device | IP Address | Purpose |
|---|---|---|
| SW-AGGR-01 (WS-C3850-12X48U) | 172.16.0.10 | Primary aggregation switch |
| SW-RACK-01 (WS-C3850-12X48U) | 172.16.0.11 | Server rack switch |
| Various SG-300 | 172.16.0.20-30 | House access switches |
Server Management (VLAN 90)¶
| Device | IP Address | Purpose |
|---|---|---|
| emerald-idrac | 172.16.90.10 | emerald iDRAC |
| fuji-idrac | 172.16.90.11 | fuji iDRAC (planned) |
| apollo-mgmt | 172.16.90.20 | apollo unRAID management |
| emerald-host | 172.16.90.30 | emerald Proxmox |
| fuji-host | 172.16.90.31 | fuji Proxmox (planned) |
Lab Network (VLAN 103)¶
| Device | IP Address | Purpose |
|---|---|---|
| prod-cp-01 | 172.16.103.10 | Production control plane |
| prod-wk-01 | 172.16.103.11 | Production worker 1 |
| prod-wk-02 | 172.16.103.12 | Production worker 2 |
| dev-cp-01 | 172.16.103.20 | Development control plane |
| dev-wk-01 | 172.16.103.21 | Development worker |
Firewall Rules¶
Inter-VLAN Access Rules¶
```text
User network to lab services¶
VLAN 100 → VLAN 103: HTTP/HTTPS (80,443) ALLOW VLAN 100 → VLAN 103: All other traffic DENY
Management access¶
VLAN 90 → All VLANs: All traffic ALLOW VLAN 0 → All VLANs: Management traffic ALLOW
IoT isolation¶
VLAN 102 → Internet: ALLOW VLAN 102 → All other VLANs: DENY
Guest isolation¶
VLAN 101 → Internet: ALLOW VLAN 101 → All other VLANs: DENY
Lab network¶
VLAN 103 → Internet: ALLOW VLAN 103 → VLAN 90: NFS, API access ALLOW ```text
```text
DNS Configuration¶
Internal DNS Zones¶
- lab.local: Internal lab services
- home.local: User-facing services
- mgmt.local: Management interfaces
External DNS¶
- Managed by ExternalDNS controller
- Automatic record creation for Kubernetes services
- TLS certificate automation via cert-manager
Port Assignments¶
Standard Service Ports¶
| Service | Port | Protocol | Purpose |
|---|---|---|---|
| Kubernetes API | 6443 | TCP | Cluster management |
| Traefik HTTP | 80 | TCP | Web traffic |
| Traefik HTTPS | 443 | TCP | Secure web traffic |
| Traefik Dashboard | 8080 | TCP | Admin interface |
| NFS | 2049 | TCP | Storage access |
Application-Specific Ports¶
| Application | Port | Access | Notes |
|---|---|---|---|
| VaultWarden | 443 | VLAN 100, 103 | Password manager |
| Prometheus | 9090 | VLAN 90, 103 | Metrics |
| Grafana | 3000 | VLAN 100, 103 | Dashboards |
| Alertmanager | 9093 | VLAN 90, 103 | Alerts |
Quality of Service (QoS)¶
Traffic Prioritization¶
- Critical: Management traffic, cluster API
- High: User-facing web services
- Medium: Internal application traffic
- Low: Backup traffic, bulk transfers
Bandwidth Allocation¶
- Management: 10% reserved
- User services: 60% available
- Internal: 20% available
- Backup/bulk: 10% available