docs-onboarding/network.md

# Network

List of vnets (latest version see Unifi console):

| Name | VLAN ID | Router | Subnet |
| --- | --- | --- | --- |
| Default | 1 | prd-unifi-1 | 192.168.1.0/24 |
| Management | 2 | prd-unifi-1 | 192.168.2.0/24 |
| Clients | 3 | prd-unifi-1 | 192.168.3.0/24 |
| Server | 4 | prd-unifi-1 | 192.168.4.0/24 |
| IoT | 5 | prd-unifi-1 | 192.168.5.0/24 |
| Guests | 6 | prd-unifi-1 | 192.168.6.0/24 |
| Volt - Development | 7 | prd-unifi-1 | 192.168.7.0/24 |
| Var - Testing | 8 | prd-unifi-1 | 192.168.8.0/24 |
| Watt - Production | 9 | prd-unifi-1 | 192.168.9.0/24 |

Tasks:

- Define Networks
  - OK Ranges definieren
  - OK Verteilen, was wohin kommt
  - OK VLAN IDs statisch besser als dynamisch
  - OK DNS definieren (fix vs. dynamisch)
- Gateway Settings
  - Auto Update
  - Block outgoing DNS
  - Plugins wie OPNSense CrowdSec

<!-- markdownlint-disable MD033 -->
::: mermaid
graph LR
    A[Internet] -->|ISP Connection| ND1[Gateway<br>gw-jj-nar-prd-opr-1]

    subgraph "On-Prem Hub (VLAN ID 1)"
        ND1 -->|VPN Tunnel to Azure| C[VPN Gateway]
        ND1 --> D[Firewall & Security Policies]
        ND2[Switch<br>sw-jj-nar-prd-opr-1]
        ND3[Access Point<br>ap-jj-nar-prd-opr-0]
        ND4[Access Point<br>ap-jj-nar-prd-opr-1]
        ND5[Access Point<br>ap-jj-nar-prd-opr-2]
        ND6[Access Point<br>ap-jj-nar-prd-opr-3]
    end

    subgraph "On-Premises Spoke Networks"
        D --> V2[Management VLAN ID 2]
        V2 --> V201[Supermicro]
        V2 --> V202[prd-proxmox-1]
        V2 --> V203[prd-proxmox-2]
        D --> V3[Clients VLAN 3]
        V3 --> V301[Mobiles]
        V3 --> V302[Laptops]
        V3 --> V303[Apple TV]
        V3 --> V304[HomePods]
        D --> V4[Servers VLAN 4]
        V4 --> V401[Legacy unneeded in future<br>will be in VLAN 7/8/9]
        D --> V5[IoT VLAN 5 - Isolated 🔒]
        V5 --> V501[Home infrastructure]
        V5 --> V502[Loxone]
        V5 --> V503[Home Assistant]
        D --> V6[Guests VLAN 6]
        V6 --> V601[Friends visting]
        D --> V10[Guests VLAN 10]
        V10 --> V1001[Customers of rented<br>out flat]

    end

    subgraph "On-Premises Workload Spoke Networks"
        D --> O[*.volt.* VLAN ID 7]
        D --> P[*.war.* VLAN 8]
        D --> Q[*.watt.* VLAN 9]
    end

    C -->|VPN Tunnel| J[Azure VPN Gateway]

    subgraph "Azure Hub"
        J --> K[Azure Firewall]
    end

    subgraph "Azure Workload Spoke Networks"
        K --> L[Spoke 1: *.volt.*]
        K --> M[Spoke 2: *.var.*]
        K --> N[Spoke 3: *.watt.*]
    end
:::

<!-- markdownlint-enable MD033 -->

Legacy diagram for reference:

![Basic network structure](resources/diagrams/network.png)
add network diagram draft 2024-05-11 23:02:45 +02:00			`# Network`

update: Network vlans added. 2025-02-02 17:19:45 +01:00			`List of vnets (latest version see Unifi console):`

			`\| Name \| VLAN ID \| Router \| Subnet \|`
			`\| --- \| --- \| --- \| --- \|`
			`\| Default \| 1 \| prd-unifi-1 \| 192.168.1.0/24 \|`
			`\| Management \| 2 \| prd-unifi-1 \| 192.168.2.0/24 \|`
			`\| Clients \| 3 \| prd-unifi-1 \| 192.168.3.0/24 \|`
			`\| Server \| 4 \| prd-unifi-1 \| 192.168.4.0/24 \|`
			`\| IoT \| 5 \| prd-unifi-1 \| 192.168.5.0/24 \|`
			`\| Guests \| 6 \| prd-unifi-1 \| 192.168.6.0/24 \|`
			`\| Volt - Development \| 7 \| prd-unifi-1 \| 192.168.7.0/24 \|`
			`\| Var - Testing \| 8 \| prd-unifi-1 \| 192.168.8.0/24 \|`
			`\| Watt - Production \| 9 \| prd-unifi-1 \| 192.168.9.0/24 \|`

add network diagram draft 2024-05-11 23:02:45 +02:00			`Tasks:`

			`- Define Networks`
			`- OK Ranges definieren`
			`- OK Verteilen, was wohin kommt`
update: Network vlans added. 2025-02-02 17:19:45 +01:00			`- OK VLAN IDs statisch besser als dynamisch`
			`- OK DNS definieren (fix vs. dynamisch)`
add network diagram draft 2024-05-11 23:02:45 +02:00			`- Gateway Settings`
			`- Auto Update`
			`- Block outgoing DNS`
			`- Plugins wie OPNSense CrowdSec`

new: Mermaid Network Diagram. 2025-03-06 10:38:48 +01:00			`<!-- markdownlint-disable MD033 -->`
			`::: mermaid`
			`graph LR`
			`A[Internet] -->\|ISP Connection\| ND1[Gateway<br>gw-jj-nar-prd-opr-1]`

			`subgraph "On-Prem Hub (VLAN ID 1)"`
			`ND1 -->\|VPN Tunnel to Azure\| C[VPN Gateway]`
			`ND1 --> D[Firewall & Security Policies]`
			`ND2[Switch<br>sw-jj-nar-prd-opr-1]`
			`ND3[Access Point<br>ap-jj-nar-prd-opr-0]`
			`ND4[Access Point<br>ap-jj-nar-prd-opr-1]`
			`ND5[Access Point<br>ap-jj-nar-prd-opr-2]`
			`ND6[Access Point<br>ap-jj-nar-prd-opr-3]`
			`end`

			`subgraph "On-Premises Spoke Networks"`
			`D --> V2[Management VLAN ID 2]`
			`V2 --> V201[Supermicro]`
			`V2 --> V202[prd-proxmox-1]`
			`V2 --> V203[prd-proxmox-2]`
			`D --> V3[Clients VLAN 3]`
			`V3 --> V301[Mobiles]`
			`V3 --> V302[Laptops]`
			`V3 --> V303[Apple TV]`
			`V3 --> V304[HomePods]`
			`D --> V4[Servers VLAN 4]`
			`V4 --> V401[Legacy unneeded in future<br>will be in VLAN 7/8/9]`
			`D --> V5[IoT VLAN 5 - Isolated 🔒]`
			`V5 --> V501[Home infrastructure]`
			`V5 --> V502[Loxone]`
			`V5 --> V503[Home Assistant]`
			`D --> V6[Guests VLAN 6]`
			`V6 --> V601[Friends visting]`
			`D --> V10[Guests VLAN 10]`
			`V10 --> V1001[Customers of rented<br>out flat]`

			`end`

			`subgraph "On-Premises Workload Spoke Networks"`
			`D --> O[.volt. VLAN ID 7]`
			`D --> P[.war. VLAN 8]`
			`D --> Q[.watt. VLAN 9]`
			`end`

			`C -->\|VPN Tunnel\| J[Azure VPN Gateway]`

			`subgraph "Azure Hub"`
			`J --> K[Azure Firewall]`
			`end`

			`subgraph "Azure Workload Spoke Networks"`
			`K --> L[Spoke 1: .volt.]`
			`K --> M[Spoke 2: .var.]`
			`K --> N[Spoke 3: .watt.]`
			`end`
			`:::`

			`<!-- markdownlint-enable MD033 -->`

			`Legacy diagram for reference:`

add network diagram draft 2024-05-11 23:02:45 +02:00			`![Basic network structure](resources/diagrams/network.png)`