2026 Network Re-architecture

From Pumping Station One

Foreword

Our current network topology is the legacy of my early days of learning networking and best practices. In the 8 years since I've become CTO, I've learned many things. While our networking config has worked up until now, it leaves a lot to be desired. - Sky, CTO in 2026.

Summary

Where We Are

The PS:One network is kinda wonky. We have a bunch of subnets that were setup with the naming convention 10.[VLAN-ID].X.X. While this works, it is not best practice and a bit silly looking. We're relying on Active Directory for DNS and DHCP on a lot of critical networks. This creates a bootstrap issue with the network where things don't work until AD has booted. Having AD play such a critical role in our network when most of our members are familiar with Linux does not make sense and creates a poor experience.

Where We're Going

Our 2026 network re-architecture project has three major goals and a few secondary goals:

Major Goals:

  1. VLAN / DHCP Rework
    1. VLANs will be formatted with the naming convention 10.19.[VLAN-ID].X with 19 being PS:One's site ID (3519)
    2. DHCP will be fully taken away from Active Directory and migrated to the Unifi equipment.
    3. Stretch goal: DHCP managed by IaC (infrastructure-as-code) solution.
  2. DNS Rework
    1. DNS will be taken away from Active Directory on most VLANs.
    2. Active Directory will continue manage DNS on the VLAN where space computers reside since that's what AD likes.
    3. AD DNS will be replaced with another solution. Ideally an IaC (infrastructure-as-code) managed solution that is easier for the membership to access and understand.
  3. AD Isolation
    1. Active Directory will be isolated to a VLAN that is separate from other space infrastructure.

Secondary Goals:

  1. Migrate from UXG-Pro to UDM-Pro/Max
    1. Goal is to save $360/y on cloud controller + enable SSO
    2. Unifi local hosted platform has significantly stabilized since leaving our last on-prem controller
  2. Expand networking capacity at central IDF location
  3. Install fiber-interconnects to all IDFs
  4. Add UPSes/surge protection to all IDFs

New VLANs

The VLANs are staying mostly the same. The major move is going to be re-IPing the subnets and changing which service has responsibility for network services on each VLAN.

Proposed VLANs
Description VLAN ID Subnet Size
0 - Untagged 0 /30
15 - Dante 15 /26
16 - AV Control 16 /26
2 - Unifi 2 /24
10 - PS1 Infrastructure 10 /24
20 - PS1 Wired Network 20 /24
50 - Member Wireless 50 /24
60 - Guest Wireless 60 /24
70 - IoT 70 /24
150 - Member Rack 150 /22
160 - Passthrough VLAN 160 N/A
Retrieved from "https://ps1.mywikis.wiki/w139/index.php?title=2026_Network_Re-architecture&oldid=49275"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information
Powered by MediaWiki
Powered by Semantic MediaWiki