From f5187806f92731819152b1d10b4ca0ef19c0bc54 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 3 Jul 2026 13:21:59 +0000 Subject: [PATCH] ADR-0017: replace ASCII trunk diagram with excalidraw VLAN-tagging diagram MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Viktor wants the traffic-flow view as a colored excalidraw instead of the ASCII block (which was the only thing rendering after the earlier VLAN-tagging SVG commit failed to push — a locally-masked non-fast- forward this session, not a merge clobber). Ships both the editable .excalidraw scene and a hand-drawn-style SVG export embedded in the Traffic-on-the-trunk section: two lanes showing where the 802.1Q tag is added, carried (only P5<->vmbr0) and stripped, L2 membership drops vs L3 firewall verdicts. Co-Authored-By: Claude Fable 5 --- ...0017-cctv-segment-dedicated-pfsense-leg.md | 24 +- docs/adr/0017-cctv-vlan-tagging.excalidraw | 1771 +++++++++++++++++ docs/adr/0017-cctv-vlan-tagging.svg | 1 + 3 files changed, 1774 insertions(+), 22 deletions(-) create mode 100644 docs/adr/0017-cctv-vlan-tagging.excalidraw create mode 100644 docs/adr/0017-cctv-vlan-tagging.svg diff --git a/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md b/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md index 152e177b..d9de098d 100644 --- a/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md +++ b/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md @@ -59,29 +59,9 @@ pfSense: out of its WAN toward the AX6000. Load-wise the trunk gained only the camera's ~8 Mbps — it already carried all rack-bound home-LAN traffic. -```text - INTERNET ── AX6000 192.168.1.1 (home GW; camera-day route 10.0.30.0/24 → .2) - │ - │ apartment uplink · V1 untagged - ┌──────────────┴───────────────────────────────┐ ┌────────────────────┐ - │ TL-SG105PE (mgmt 192.168.1.6) │ │ vermont-garage │ - │ P1 apartment · P2 4G .7 · P3 UPS [VLAN 1] │◄───┤ HiLook, pure IR │ - │ P4 camera PoE [VLAN 30] │cat6│ 10.0.30.70 (Kea) │ - │ P5 TRUNK: V1 untagged + V30 tagged │ └────────────────────┘ - └──────────────┬───────────────────────────────┘ - │ ONE cable (existing LAN1 run) - ┌──────────────┴───────────────────────────────────────────────┐ - │ R730 · eno1 → vmbr0 (vlan-aware) │ - │ ├─ untagged → host .127 + pfSense net0 WAN 192.168.1.2 │ - │ └─ tag 30 → pfSense net3 dCCTV 10.0.30.1/24 (camera GW) │ - │ eno2 → vmbr2: dormant fallback leg │ - │ vmbr1: tag 10 → dManagementsVms · tag 20 → dKubernetes (k8s, │ - │ Frigate on node1, go2rtc LB 10.0.20.204 → HA live) │ - └───────────────────────────────────────────────────────────────┘ +![VLAN tagging — where traffic can flow](./0017-cctv-vlan-tagging.svg) - Frigate 10.0.20.x ─RTSP :554─► camera · ha-sofia .8 ─:80+:554─► camera - camera ─NTP :123─► 10.0.30.1 · camera → anything else = DENY -``` +*(editable source: [`0017-cctv-vlan-tagging.excalidraw`](./0017-cctv-vlan-tagging.excalidraw) — open it in excalidraw to tweak)* ## Considered options diff --git a/docs/adr/0017-cctv-vlan-tagging.excalidraw b/docs/adr/0017-cctv-vlan-tagging.excalidraw new file mode 100644 index 00000000..26eb9abd --- /dev/null +++ b/docs/adr/0017-cctv-vlan-tagging.excalidraw @@ -0,0 +1,1771 @@ +{ + "type": "excalidraw", + "version": 2, + "source": "https://excalidraw.viktorbarzin.me", + "elements": [ + { + "id": "el001", + "type": "text", + "x": 40, + "y": 20, + "width": 621.6, + "height": 35.0, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1778837932, + "version": 1, + "versionNonce": 1303193991, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "VLAN tagging \u2014 where traffic can flow", + "fontSize": 28, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "VLAN tagging \u2014 where traffic can flow", + "lineHeight": 1.25, + "baseline": 28 + }, + { + "id": "el002", + "type": "text", + "x": 40, + "y": 62, + "width": 758.4, + "height": 20.0, + "angle": 0, + "strokeColor": "#868e96", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1570340888, + "version": 1, + "versionNonce": 1243931547, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "the 802.1Q tag exists only between switch P5 and vmbr0 \u2014 endpoints never see it", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "the 802.1Q tag exists only between switch P5 and vmbr0 \u2014 endpoints never see it", + "lineHeight": 1.25, + "baseline": 16 + }, + { + "id": "el003", + "type": "rectangle", + "x": 700, + "y": 110, + "width": 210, + "height": 560, + "angle": 0, + "strokeColor": "#868e96", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "dashed", + "roughness": 1, + "opacity": 100, + "seed": 750280512, + "version": 1, + "versionNonce": 1195188524, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el004", + "type": "text", + "x": 742, + "y": 122, + "width": 97.2, + "height": 22.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 473142373, + "version": 1, + "versionNonce": 115692583, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "ONE CABLE", + "fontSize": 18, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "ONE CABLE", + "lineHeight": 1.25, + "baseline": 18 + }, + { + "id": "el005", + "type": "text", + "x": 716, + "y": 148, + "width": 171.6, + "height": 16.25, + "angle": 0, + "strokeColor": "#868e96", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1069030696, + "version": 1, + "versionNonce": 1650002323, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "the LAN1 run \u00b7 P5\u2194eno1", + "fontSize": 13, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "the LAN1 run \u00b7 P5\u2194eno1", + "lineHeight": 1.25, + "baseline": 13 + }, + { + "id": "el006", + "type": "text", + "x": 40, + "y": 120, + "width": 276.0, + "height": 25.0, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1802024079, + "version": 1, + "versionNonce": 1083980019, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "VLAN 30 \u00b7 CCTV (camera)", + "fontSize": 20, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "VLAN 30 \u00b7 CCTV (camera)", + "lineHeight": 1.25, + "baseline": 20 + }, + { + "id": "el007", + "type": "rectangle", + "x": 40, + "y": 160, + "width": 170, + "height": 100, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "#d0bfff", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1363373344, + "version": 1, + "versionNonce": 1724819963, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el008", + "type": "text", + "x": 56, + "y": 172, + "width": 126.0, + "height": 56.25, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 590735843, + "version": 1, + "versionNonce": 267116025, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "camera\n10.0.30.70\nsends untagged", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "camera\n10.0.30.70\nsends untagged", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el009", + "type": "arrow", + "x": 210, + "y": 210, + "width": 50, + "height": 0, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 600787264, + "version": 1, + "versionNonce": 844240212, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 50, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el010", + "type": "rectangle", + "x": 260, + "y": 160, + "width": 190, + "height": 100, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 648177040, + "version": 1, + "versionNonce": 901986117, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el011", + "type": "text", + "x": 274, + "y": 170, + "width": 153.0, + "height": 37.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1421789145, + "version": 1, + "versionNonce": 530430174, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "P4 ingress\nPVID 30 \u2192 VLAN 30", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "P4 ingress\nPVID 30 \u2192 VLAN 30", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el012", + "type": "text", + "x": 274, + "y": 226, + "width": 126.0, + "height": 17.5, + "angle": 0, + "strokeColor": "#e03131", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 297119438, + "version": 1, + "versionNonce": 1328001885, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "\u2717 not in VLAN 1", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "\u2717 not in VLAN 1", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el013", + "type": "arrow", + "x": 450, + "y": 210, + "width": 50, + "height": 0, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1759537933, + "version": 1, + "versionNonce": 351602578, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 50, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el014", + "type": "rectangle", + "x": 500, + "y": 160, + "width": 170, + "height": 100, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 2036237420, + "version": 1, + "versionNonce": 608198039, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el015", + "type": "text", + "x": 514, + "y": 172, + "width": 99.0, + "height": 37.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1755241687, + "version": 1, + "versionNonce": 1444750360, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "P5 egress\nadds 802.1Q", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "P5 egress\nadds 802.1Q", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el016", + "type": "text", + "x": 514, + "y": 226, + "width": 81.6, + "height": 21.25, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 76597799, + "version": 1, + "versionNonce": 1858784829, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "+ tag 30", + "fontSize": 17, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "+ tag 30", + "lineHeight": 1.25, + "baseline": 17 + }, + { + "id": "el017", + "type": "arrow", + "x": 670, + "y": 200, + "width": 270, + "height": 0, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 3, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1598556093, + "version": 1, + "versionNonce": 221916615, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 270, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el018", + "type": "arrow", + "x": 670, + "y": 222, + "width": 270, + "height": 0, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 3, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1523174671, + "version": 1, + "versionNonce": 216018217, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 270, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el019", + "type": "text", + "x": 724, + "y": 172, + "width": 126.0, + "height": 18.75, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 2049719155, + "version": 1, + "versionNonce": 1609878353, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "carries tag 30", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "carries tag 30", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el020", + "type": "rectangle", + "x": 940, + "y": 160, + "width": 180, + "height": 100, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 22152744, + "version": 1, + "versionNonce": 1741428563, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el021", + "type": "text", + "x": 954, + "y": 170, + "width": 144.0, + "height": 37.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1026267703, + "version": 1, + "versionNonce": 502895922, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "vmbr0 vlan-aware\nVID 30 \u2192 net3", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "vmbr0 vlan-aware\nVID 30 \u2192 net3", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el022", + "type": "text", + "x": 954, + "y": 226, + "width": 151.2, + "height": 17.5, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 918449769, + "version": 1, + "versionNonce": 1067599022, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "ONLY, nowhere else", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "ONLY, nowhere else", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el023", + "type": "arrow", + "x": 1120, + "y": 210, + "width": 50, + "height": 0, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1544933330, + "version": 1, + "versionNonce": 249589260, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 50, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el024", + "type": "rectangle", + "x": 1170, + "y": 130, + "width": 300, + "height": 190, + "angle": 0, + "strokeColor": "#7048e8", + "backgroundColor": "#d0bfff", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1147616804, + "version": 1, + "versionNonce": 275900123, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el025", + "type": "text", + "x": 1186, + "y": 142, + "width": 198.0, + "height": 56.25, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1183197673, + "version": 1, + "versionNonce": 827844211, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "pfSense net3 \u00b7 dCCTV\n10.0.30.1/24\ntag stripped by bridge", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "pfSense net3 \u00b7 dCCTV\n10.0.30.1/24\ntag stripped by bridge", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el026", + "type": "text", + "x": 1186, + "y": 212, + "width": 268.8, + "height": 35.0, + "angle": 0, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 556137867, + "version": 1, + "versionNonce": 1074481459, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "\u2713 in: Frigate :554 \u00b7 HA :80+:554\n\u2713 out: NTP :123 only", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "\u2713 in: Frigate :554 \u00b7 HA :80+:554\n\u2713 out: NTP :123 only", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el027", + "type": "text", + "x": 1186, + "y": 268, + "width": 193.2, + "height": 17.5, + "angle": 0, + "strokeColor": "#e03131", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1321167842, + "version": 1, + "versionNonce": 1493882225, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "\u2717 everything else: DENY", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "\u2717 everything else: DENY", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el028", + "type": "text", + "x": 40, + "y": 380, + "width": 480.0, + "height": 25.0, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1369574852, + "version": 1, + "versionNonce": 733267986, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "VLAN 1 \u00b7 home LAN (the rest of the rack)", + "fontSize": 20, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "VLAN 1 \u00b7 home LAN (the rest of the rack)", + "lineHeight": 1.25, + "baseline": 20 + }, + { + "id": "el029", + "type": "rectangle", + "x": 40, + "y": 420, + "width": 170, + "height": 120, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "#a5d8ff", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1426243518, + "version": 1, + "versionNonce": 404213796, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el030", + "type": "text", + "x": 54, + "y": 432, + "width": 142.79999999999998, + "height": 70.0, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1170712377, + "version": 1, + "versionNonce": 1439293404, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "apartment uplink\n4G router \u00b7 .7\nUPS \u00b7 switch mgmt\nall untagged", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "apartment uplink\n4G router \u00b7 .7\nUPS \u00b7 switch mgmt\nall untagged", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el031", + "type": "arrow", + "x": 210, + "y": 480, + "width": 50, + "height": 0, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 41933292, + "version": 1, + "versionNonce": 217435681, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 50, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el032", + "type": "rectangle", + "x": 260, + "y": 420, + "width": 190, + "height": 120, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1494665817, + "version": 1, + "versionNonce": 82528369, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el033", + "type": "text", + "x": 274, + "y": 430, + "width": 135.0, + "height": 37.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 2006432221, + "version": 1, + "versionNonce": 1170391402, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "P1 / P2 / P3\nPVID 1 \u2192 VLAN 1", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "P1 / P2 / P3\nPVID 1 \u2192 VLAN 1", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el034", + "type": "text", + "x": 274, + "y": 488, + "width": 142.79999999999998, + "height": 35.0, + "angle": 0, + "strokeColor": "#e03131", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 2035003054, + "version": 1, + "versionNonce": 231739024, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "\u2717 tag-30 arriving\nhere is DROPPED", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "\u2717 tag-30 arriving\nhere is DROPPED", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el035", + "type": "arrow", + "x": 450, + "y": 480, + "width": 50, + "height": 0, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 851649342, + "version": 1, + "versionNonce": 1330529717, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 50, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el036", + "type": "rectangle", + "x": 500, + "y": 420, + "width": 170, + "height": 120, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1108429504, + "version": 1, + "versionNonce": 322250604, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el037", + "type": "text", + "x": 514, + "y": 434, + "width": 117.0, + "height": 37.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 2082654793, + "version": 1, + "versionNonce": 88739979, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "P5 egress\nnative VLAN 1", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "P5 egress\nnative VLAN 1", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el038", + "type": "text", + "x": 514, + "y": 496, + "width": 108.0, + "height": 18.75, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 594390025, + "version": 1, + "versionNonce": 1730926570, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "no tag added", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "no tag added", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el039", + "type": "arrow", + "x": 670, + "y": 480, + "width": 270, + "height": 0, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 3, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 2082581262, + "version": 1, + "versionNonce": 1681796809, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 270, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el040", + "type": "text", + "x": 716, + "y": 452, + "width": 189.0, + "height": 18.75, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 787209477, + "version": 1, + "versionNonce": 840302416, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "plain untagged frames", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "plain untagged frames", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el041", + "type": "rectangle", + "x": 940, + "y": 420, + "width": 180, + "height": 120, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1079834069, + "version": 1, + "versionNonce": 647687454, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el042", + "type": "text", + "x": 954, + "y": 432, + "width": 168.0, + "height": 70.0, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 474197814, + "version": 1, + "versionNonce": 912206893, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "vmbr0 untagged\n= plain L2 switching\nhost .127 + pfSense\nWAN \u2014 no routing", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "vmbr0 untagged\n= plain L2 switching\nhost .127 + pfSense\nWAN \u2014 no routing", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el043", + "type": "arrow", + "x": 1120, + "y": 480, + "width": 50, + "height": 0, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 215726947, + "version": 1, + "versionNonce": 1310489154, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 50, + 0 + ] + ], + "lastCommittedPoint": null, + "startBinding": null, + "endBinding": null, + "startArrowhead": null, + "endArrowhead": "arrow", + "roundness": { + "type": 2 + } + }, + { + "id": "el044", + "type": "rectangle", + "x": 1170, + "y": 410, + "width": 300, + "height": 160, + "angle": 0, + "strokeColor": "#1971c2", + "backgroundColor": "#a5d8ff", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1355096973, + "version": 1, + "versionNonce": 1357902601, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el045", + "type": "text", + "x": 1186, + "y": 422, + "width": 218.4, + "height": 52.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 212355785, + "version": 1, + "versionNonce": 693422793, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "pfSense net0 \u00b7 WAN .2\njust a LAN client \u2014\nhome LAN never transits it", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "pfSense net0 \u00b7 WAN .2\njust a LAN client \u2014\nhome LAN never transits it", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el046", + "type": "text", + "x": 1186, + "y": 494, + "width": 201.6, + "height": 35.0, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1799580904, + "version": 1, + "versionNonce": 398539541, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "gateway = AX6000\npfSense NATs only 10.0.x", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "gateway = AX6000\npfSense NATs only 10.0.x", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el047", + "type": "rectangle", + "x": 40, + "y": 600, + "width": 630, + "height": 90, + "angle": 0, + "strokeColor": "#868e96", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "dashed", + "roughness": 1, + "opacity": 100, + "seed": 1339321764, + "version": 1, + "versionNonce": 1076065263, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "roundness": { + "type": 3 + } + }, + { + "id": "el048", + "type": "text", + "x": 56, + "y": 612, + "width": 554.4, + "height": 35.0, + "angle": 0, + "strokeColor": "#868e96", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1733803932, + "version": 1, + "versionNonce": 2062677415, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "not on this cable: vmbr1 tag 10 \u2192 dMgmt \u00b7 tag 20 \u2192 dK8s (Frigate)\ndormant fallback: eno2 \u2192 vmbr2 (revert = one qm set)", + "fontSize": 14, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "not on this cable: vmbr1 tag 10 \u2192 dMgmt \u00b7 tag 20 \u2192 dK8s (Frigate)\ndormant fallback: eno2 \u2192 vmbr2 (revert = one qm set)", + "lineHeight": 1.25, + "baseline": 14 + }, + { + "id": "el049", + "type": "text", + "x": 940, + "y": 620, + "width": 396.0, + "height": 37.5, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 322195856, + "version": 1, + "versionNonce": 365731358, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "L2 drops (membership) happen in the switch \u2014\nL3 allow/deny happens in pfSense", + "fontSize": 15, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "L2 drops (membership) happen in the switch \u2014\nL3 allow/deny happens in pfSense", + "lineHeight": 1.25, + "baseline": 15 + }, + { + "id": "el050", + "type": "text", + "x": 940, + "y": 676, + "width": 109.2, + "height": 16.25, + "angle": 0, + "strokeColor": "#868e96", + "backgroundColor": "transparent", + "fillStyle": "solid", + "strokeWidth": 2, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "seed": 1038112083, + "version": 1, + "versionNonce": 966092898, + "isDeleted": false, + "groupIds": [], + "frameId": null, + "boundElements": null, + "updated": 1, + "link": null, + "locked": false, + "text": "ADR-0017 rev 3", + "fontSize": 13, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "ADR-0017 rev 3", + "lineHeight": 1.25, + "baseline": 13 + } + ], + "appState": { + "gridSize": null, + "viewBackgroundColor": "#ffffff" + }, + "files": {} +} \ No newline at end of file diff --git a/docs/adr/0017-cctv-vlan-tagging.svg b/docs/adr/0017-cctv-vlan-tagging.svg new file mode 100644 index 00000000..868aa746 --- /dev/null +++ b/docs/adr/0017-cctv-vlan-tagging.svg @@ -0,0 +1 @@ +VLAN tagging — where traffic can flowthe 802.1Q tag exists only between switch P5 and vmbr0 — endpoints never see itONE CABLEthe LAN1 run - P5 to eno1VLAN 30 - CCTV (camera)camera10.0.30.70sends untaggedP4 ingressPVID 30 -> VLAN 30x not in VLAN 1P5 egressadds 802.1Q:+ tag 30carries tag 30vmbr0 vlan-awareVID 30 -> net3ONLY, nowhere elsepfSense net3 - dCCTV 10.0.30.1/24tag stripped by the bridgeok in: Frigate :554 - HA :80 + :554ok out: NTP :123 onlyx everything else: DENYVLAN 1 - home LAN (the rest of the rack)apartment uplink4G router - .7UPS - switch mgmtall untaggedP1 / P2 / P3PVID 1 -> VLAN 1x tag-30 arrivinghere is DROPPEDP5 egressnative VLAN 1:no tag addedplain untagged framesvmbr0 untagged =plain L2 switching:host .127 + pfSenseWAN - no routingpfSense net0 - WAN 192.168.1.2just a LAN client - home LANnever transits pfSensegateway = AX6000 - pfSense NATs only 10.0.xnot on this cable: vmbr1 tag 10 -> dMgmt - tag 20 -> dK8s (Frigate)dormant fallback: eno2 -> vmbr2 (revert = one qm set)L2 drops (membership) happen in the switch,L3 allow/deny happens in pfSenseADR-0017 rev 3 - editable source: 0017-cctv-vlan-tagging.excalidraw \ No newline at end of file