Networking

Please, do not fill this up with our speculation from Planning. This table is meant for hard current IPs and final IPs and other network configuration relevant to the current status of the build.

Contents 1 Static IPs in UGCS 2 VLANs 3 IP Allocations 4 Old IP Allocations 5 TODO

Static IPs in UGCS

Within UGCS, we get only part of the subnet, and the gateway isn't in that part. As a result, the following wonky config snippet is recommended by Maurer (and Liz, the bridging will work fine with this config). Note the MTU - because we use VLANs, we have 4 less bytes to work with.

 allow-hotplug eth0
 iface eth0 inet static
 address 131.215.176.num
 broadcast 131.215.176.127
 netmask 255.255.255.192
 mtu 1496
 # Route the Gateway
 post-up route add 131.215.176.254 eth0
 post-up route add default gw 131.215.176.254

VLANs

• Vlan 1: default (outside world/ITS) - 131.215.176.0/26 131.215.176.128/25
• Vlan 2: management - 192.168.0.0/24
• Vlan 3: core servers - 131.215.176.65-131.215.176.85
• Vlan 4: shell servers - 131.215.176.96-131.215.176.125
• Vlan 5: hosted servers - 131.215.176.86-131.215.176.95

All Vlans except for management fall within the same basic subnet; traffic can be routed without use of a gateway and thus subnetting is not required. However, traffic is passed between Vlans by a transparent bridge which performs packet filtering using IPTables and Snort in order to segregate traffic (for example, not allowing DHCP server responses to cross from Vlan 1 to inside or outward from Vlans 3-5 to Vlan 1). There is no access to Vlan2 except from the bridge itself. The bridge has IP 131.215.176.126

All servers must be registered with the bridge in order to receive a UGCS-internal Vlan assignment using VMPS and therefore a DHCP allocation from the UGCS DNS server; otherwise, they will be on Vlan 1 and be on the main Winnett network and get a DHCP address from the Winnett pool.

IP Allocations

• 64: Netblock
• 65-75: Coreserver
  • 64 netblock.ugcs.caltech.edu.
  • 65 hermes.ugcs.caltech.edu.
  • 66 demeter.ugcs.caltech.edu.
  • 67 apollo.ugcs.caltech.edu.
  • 68 athena.ugcs.caltech.edu.
  • 69 persephone.ugcs.caltech.edu
  • 70 hera.ugcs.caltech.edu.
  • 71 poseidon.ugcs.caltech.edu.
  • 72 zeus.ugcs.caltech.edu.
  • 73 hestia.ugcs.caltech.edu.
  • 74 hephaestus.ugcs.caltech.edu.
  • 75 dionysus.ugcs.caltech.edu.

• 75-85: Hosted servers that will be moved
  • 77 salamander.ugcs.caltech.edu. (DNS for salamander.caltech.edu points to UGCS-176-77.caltech.edu)
  • 79 lenin.ugcs.caltech.edu.
  • 80 doldnut.ugcs.caltech.edu.
  • 81 clubs.ugcs.caltech.edu. (not in use anymore)

• 86-95: Hosted servers
  • 86 averyfs.ugcs.caltech.edu.
  • 87 bsi-la.ugcs.caltech.edu.
  • 88 New lenin
  • 89 donut
  • 90 New salamander
  • 91 white.caltech.edu
  • 92 philemon.gelide.org
  • 93 daisy.ugcs.caltech.edu (Elizabeth Fong)
  • 94 Jay Conrod's machine
  • 95 Silas's machine (hiro.ugcs.caltech.edu)
• 96-124: Shellserver
  • 105 lara.ugcs.caltech.edu.
  • 106 styx.ugcs.caltech.edu.
  • 107 minthe.ugcs.caltech.edu.
  • 108 lethe.ugcs.caltech.edu.
  • 109 calliope.ugcs.caltech.edu.
  • 110 clio.ugcs.caltech.edu.
  • 111 erato.ugcs.caltech.edu. (down)
  • 112 euterpe.ugcs.caltech.edu. (down)
  • 113 melpomene.ugcs.caltech.edu.
  • 114 polyhymnia.ugcs.caltech.edu.
  • 115 terpsichore.ugcs.caltech.edu.
  • 116 thalia.ugcs.caltech.edu.
  • 117 urania.ugcs.caltech.edu.
• 125: printer
• 126: charon
• 127: broadcast

Old IP Allocations

Current

Permanent

64 - network ID 65 switch 66-70 - key NFS/domain servers (steals) 66 purchase 67 envy 68 barter 69 beg 70 steal 71 shekel (down) 72 jnumquam (down) 73 gir (down) 74 frankenpuke (refusing SSH, ping-responsive) 75-82 - third-party hosting 75 coconut (blacker) 76 kinakuta (keegan) 77 salamander (blacker) 78 donut2 (ascit development server) 79 lenin (dabney) 80 donut (ascit) 81 clubs (ascit) 82 <nameunknown> (Jon Dama) 83 oldbagel (ascit, jail running on donut) 84 mandrake (down) 85 eat (non-NFS gentoo) 86 turbine (jeremy) 87-93 - usable space for testing 87 kryten (kpu) 88 apollo 89 athena 90 demeter 91 <usable> 92 <usable> 93 <usable> 94-104 - pukes 94 chunder 95 retch 96 yak 97 regurgitate 98 hork (down) 99 barf 100 upchuck 101 hurl 102 spew 103 vomit (down) 104 heave 105-107 - itaniums 105 woglinde (down) 106 flosshilde (non-NFS gentoo) 107 wellgunde (down) 108-125 - currencies 108 schilling 109 seniti 110 groat (down) 111 pfennig (down) 112 quetzal (down) 113 cruzeiro (down) 114 zloty 115 baht 116 ngwee 117 mark 118 lira 119 lek (down) 120 krone (down) 121 euro (down) 122 dinar 123 riyal 124 bolivar 125 drachma (down) 126 printer (not in use) 127 <broadcast>

64 - Network ID 65-85: UGCS core servers 65 - hermes (mail) 66 - demeter (netboot/dhcp, dns) 67 - apollo (fileserver, AFS master) 68 - athena (fileserver) 69 - persephone (backup) 70 - hera (kerberos/LDAP backup) 71 - poseidon (subversion, postgresql, mysql, webserver) 72 - zeus (kerberos/LDAP master) 73 - hestia (netboot NFS) 74 - hephaestus (build) 75-85 - <open> 86-95 - hosting of third-party servers (can be expanded downwards) 86 - donut 87 - coconut 88 - turbine 89 - salamander 90 - bagel 91 - kinakuta (keegan) 92 - kryten (kpu) 93 - lenin (dabney) 94 - lily (elizabeth) 95 - [in progress] Silas Bennett 96-125 - clients 96-105 - old generation login clients (pukes) 96 yak 97 regurgitate 98 frankenpuke 99 barf 100 upchuck 101 hurl 102 spew 103 vomit 104 heave 105-110 - new generation X clients (naiads) 111-124 - new generation shell servers (muses) 125 - printer 126 - charon (VLAN bridging, snort, VMPS vlan assignment) 127 - broadcast

TODO

Set up port restrictions on all servers.