ADR-0017: replace ASCII trunk diagram with excalidraw VLAN-tagging diagram
All checks were successful
ci/woodpecker/push/default Pipeline was successful

Viktor wants the traffic-flow view as a colored excalidraw instead of
the ASCII block (which was the only thing rendering after the earlier
VLAN-tagging SVG commit failed to push — a locally-masked non-fast-
forward this session, not a merge clobber). Ships both the editable
.excalidraw scene and a hand-drawn-style SVG export embedded in the
Traffic-on-the-trunk section: two lanes showing where the 802.1Q tag
is added, carried (only P5<->vmbr0) and stripped, L2 membership drops
vs L3 firewall verdicts.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-07-03 13:21:59 +00:00
parent 316cdb7441
commit f5187806f9
3 changed files with 1774 additions and 22 deletions

View file

@ -59,29 +59,9 @@ pfSense:
out of its WAN toward the AX6000. Load-wise the trunk gained only the out of its WAN toward the AX6000. Load-wise the trunk gained only the
camera's ~8 Mbps — it already carried all rack-bound home-LAN traffic. camera's ~8 Mbps — it already carried all rack-bound home-LAN traffic.
```text ![VLAN tagging — where traffic can flow](./0017-cctv-vlan-tagging.svg)
INTERNET ── AX6000 192.168.1.1 (home GW; camera-day route 10.0.30.0/24 → .2)
│ apartment uplink · V1 untagged
┌──────────────┴───────────────────────────────┐ ┌────────────────────┐
│ TL-SG105PE (mgmt 192.168.1.6) │ │ vermont-garage │
│ P1 apartment · P2 4G .7 · P3 UPS [VLAN 1] │◄───┤ HiLook, pure IR │
│ P4 camera PoE [VLAN 30] │cat6│ 10.0.30.70 (Kea) │
│ P5 TRUNK: V1 untagged + V30 tagged │ └────────────────────┘
└──────────────┬───────────────────────────────┘
│ ONE cable (existing LAN1 run)
┌──────────────┴───────────────────────────────────────────────┐
│ R730 · eno1 → vmbr0 (vlan-aware) │
│ ├─ untagged → host .127 + pfSense net0 WAN 192.168.1.2 │
│ └─ tag 30 → pfSense net3 dCCTV 10.0.30.1/24 (camera GW) │
│ eno2 → vmbr2: dormant fallback leg │
│ vmbr1: tag 10 → dManagementsVms · tag 20 → dKubernetes (k8s, │
│ Frigate on node1, go2rtc LB 10.0.20.204 → HA live) │
└───────────────────────────────────────────────────────────────┘
Frigate 10.0.20.x ─RTSP :554─► camera · ha-sofia .8 ─:80+:554─► camera *(editable source: [`0017-cctv-vlan-tagging.excalidraw`](./0017-cctv-vlan-tagging.excalidraw) — open it in excalidraw to tweak)*
camera ─NTP :123─► 10.0.30.1 · camera → anything else = DENY
```
## Considered options ## Considered options

File diff suppressed because it is too large Load diff

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 23 KiB