Network Topology¶

Network layout across Toronto and Kingston locations with Tailscale VPN.

Current Field Network¶

At TMU / school, the portable GL.iNet router is the preferred network anchor. It joins TMU Wi-Fi with WPA2-Enterprise and gives the Mac plus lab devices a private LAN. The lab Ubuntu host runs Home Assistant and controls the iDevices switch that acts as the robot's main power switch.


Router	GL.iNet GL-MT3000 / Beryl AX
Hostname	`eph107`
LAN	192.168.8.0/24, gateway 192.168.8.1
Tailscale IP	100.84.198.19
Uplink	TMU Wi-Fi, WPA2-Enterprise PEAP/MSCHAPv2
Current uplink IP	DHCP, observed as 10.16.144.207/20
Admin UI	`https://eph107.tailee9084.ts.net/` or LAN `http://192.168.8.1/`
WebFinder	`https://eph107.tailee9084.ts.net:9321/.well-known/web-finder.json`
Home Assistant	`http://192.168.8.241:8123/` on `jeffxi-ubuntu`
Robot power switch	iDevices `Switch 00101614`, `192.168.8.115`, HA entity `switch.switch_00101614`

flowchart TD
    TMU["TMU Wi-Fi<br/>DHCP 10.16.x.x"] --> GL["eph107<br/>GL-MT3000<br/>192.168.8.1"]
    GL --> ZMACS["zmac<br/>192.168.8.109<br/>TS: 100.117.222.41"]
    GL --> UBUNTU["jeffxi-ubuntu<br/>HA 192.168.8.241<br/>TS: 100.108.86.74"]
    GL --> POWER["iDevices Switch 00101614<br/>main robot power switch<br/>192.168.8.115"]
    GL --> LAB["robot tools / tablets / lab devices<br/>192.168.8.x"]
    GL --> TSNET["Tailnet<br/>eph107: 100.84.198.19"]

See Field Router for setup, recovery, and WebFinder details.

Main robot power switch

Switch 00101614 is not a random lab accessory. It is the main robot power switch. Treat switch.switch_00101614 as a power-control command and do not toggle it while robot software is running unless intentionally powering the robot on/off.

Locations¶

Toronto (Home) -- Primary location¶


ISP	Bell Canada via PPPoE
Public IP	Dynamic via PPPoE (no CGNAT, real public IP)
Router	UniFi Cloud Gateway Ultra (UX), firmware 4.0.12.17054
WAN	PPPoE (`ppp0`)
LAN	192.168.177.0/24 (Default network)
UPnP	Enabled (with NAT-PMP + Secure Mode)

Devices:

Device	LAN IP	Tailscale IP	Tags
`zmac` (Mac)	192.168.177.133	100.117.222.41	`tag:clients`
`tsrelay` (relay)	192.168.177.228	100.95.40.19	`tag:relay`

Secondary network: Bell Wi-Fi (separate Bell Home Hub router). More permissive NAT (Endpoint-Independent Filtering). Direct Tailscale connections work without UPnP.

Kingston (Remote) -- Workstation location¶


ISP	Virgin Plus (Bell flanker brand) via PPPoE (CGNAT)
Public IP	CGNAT -- not directly routable
Router	UniFi
WAN IP from Bell	10.130.37.119 (private, confirms CGNAT)
LAN	192.168.2.0/24, gateway 192.168.2.1

Workstation:


Hostname	`workstation`
LAN IP	192.168.2.239 (via enp5s0, 1G)
Tailscale IP	100.101.214.44, `tag:clients`
GPU	NVIDIA RTX 3090

Two physical NICs: - enp5s0 (1G): Connected to Kingston UniFi, active internet path - enp3s0 (10G): Has PPPoE config for Bell on VLAN 35 (enp3s0.35). Currently INACTIVE. Keep PPPoE off -- stale endpoints confuse Tailscale's hole-punching.

Other Kingston devices:

Device	LAN IP	Tailscale IP
`workstation-kvm`	--	100.67.214.102
`storage` (Synology DS620slim, DSM 7.3.2)	192.168.2.26	100.106.137.64

Backup access: Teleport VPN can reach workstation at LAN IP 192.168.2.239 when Tailscale is down.

Network Diagram¶

flowchart TD
    subgraph TOR["Toronto — Home"]
        TONT["Bell ONT"] -- "PPPoE" --> UX["UniFi UX<br/>dynamic public IP"]
        UX --> ZMAC["zmac<br/>192.168.177.133<br/>TS: 100.117.222.41"]
        UX --> TSR["tsrelay<br/>192.168.177.228<br/>TS: 100.95.40.19<br/>relay :40000"]
        BHH["Bell Home Hub"] --> ZMAC2["zmac (Bell Wi-Fi)"]
    end
    subgraph KNG["Kingston — Remote"]
        CGNAT["Bell CGNAT"] --> KONT["Bell ONT"]
        KONT -- "PPPoE" --> KUX["UniFi<br/>WAN 10.130.37.119"]
        KUX --> WS["workstation<br/>192.168.2.239<br/>TS: 100.101.214.44"]
        KUX --> STOR["storage<br/>192.168.2.26<br/>TS: 100.106.137.64"]
    end

Tailscale Devices¶

Device	Hostname	Tailscale IP	OS	Tags	Location
zmac	zeul-mac	100.117.222.41	macOS	tag:clients	Toronto
field-router	eph107	100.84.198.19	OpenWrt	--	TMU / mobile
jeffxi-ubuntu	jeffxi-ubuntu	100.108.86.74	Ubuntu	--	TMU / lab
tsrelay	tsrelay	100.95.40.19	Linux	tag:relay	Toronto
workstation	workstation	100.101.214.44	Linux	tag:clients	Kingston
workstation-kvm	workstation-kvm	100.67.214.102	Linux	--	Kingston
zeul-iphone	zeul-iphone	100.113.247.15	iOS	--	Mobile
robin-mac	robin-mac	100.99.96.72	macOS	--	Offline
robin-iphone	robin-iphone	100.105.68.71	iOS	--	Offline
storage	storage	100.106.137.64	Linux (DSM 7)	--	Kingston

Services and On-Demand Desktop¶

Workstation (Kingston)¶

Tailscale
Sunshine + Moonlight desktop: on demand via stream-desktop
GDM: autologin enabled, Wayland disabled (X11 only for NVIDIA), normally stopped until stream-desktop start
X11: headless virtual display via xorg.conf MetaModes, normally stopped until stream-desktop start

tsrelay (Toronto)¶


Hardware	Raspberry Pi 4 Model B Rev 1.4, 8GB RAM, 4-core ARM Cortex-A72 @ 1.8 GHz
Role	Tailscale peer relay, port 40000 (`--relay-server-port=40000`)
Port forward	UDP 40000 -> tsrelay on Toronto UniFi
NIC	Wired gigabit Ethernet (eth0)

Throughput Benchmarks (Tailscale Direct, Feb 2026)¶

Pi (wired) to Workstation¶

Direction	TCP (single)	TCP (4 streams)	UDP ceiling
Pi to WS (upload)	434 Mbps	--	323+ Mbps (0% loss at 500M)
WS to Pi (download)	119 Mbps	248 Mbps	~260 Mbps (drops above)

Mac (Wi-Fi) to Workstation¶

Direction	TCP (single)
Mac to WS	109 Mbps
WS to Mac	81 Mbps

Raw ISP speeds (Ookla)¶

Location	To Bell server	To Rogers (cross-network)
Kingston (WS)	896 down / 342 up Mbps	99 down / 212 up Mbps
Toronto (Pi)	Not tested	Not tested

Bottlenecks¶

Kingston CGNAT outbound: Hard packet drops above ~260 Mbps. Cross-network speeds drop significantly vs Bell-internal tests.
Mac Wi-Fi: Caps at ~250 Mbps LAN, further reduced through WireGuard to ~80-109 Mbps. Wired connection fixes this.
Tailscale MTU 1280: More packets per byte, higher overhead.