SL:Topology
The Sensor Lab has its own separate network. The idea is to have an isolated network with only a small chance to affect the "normal" LAN workstations while allowing all necessary connections (in and out) to work in a comfortable way.
Topology
A small computer Virtual Machine works as a router. The allowed traffic is limited in some ways. The rules are managed by Udo Burghardt.
root@slgw:~# lsb_release -a; ip a | grep global No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 11.10 Release: 11.10 Codename: oneiric inet 172.22.255.253/16 brd 172.22.255.255 scope global eth0 inet 192.168.22.254/24 brd 192.168.22.255 scope global eth1
IP Ranges
We use a simple private address block of:
~# ipcalc 192.168.22.0/24 Address: 192.168.22.0 11000000.10101000.00010110. 00000000 Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000 Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111 => Network: 192.168.22.0/24 11000000.10101000.00010110. 00000000 HostMin: 192.168.22.1 11000000.10101000.00010110. 00000001 HostMax: 192.168.22.254 11000000.10101000.00010110. 11111110 Broadcast: 192.168.22.255 11000000.10101000.00010110. 11111111 Hosts/Net: 254 Class C, Private Internet
DNS
Dedicated ranges/naming convention:
- 1...
- former pool computers "wsxy"
- 31...
- "normal" computers "pcxy"
- 60
- the server
- 61...
- virtual guests on the server
- 240...
- infrastructure
Zone file
This is an actual (static) excerpt from the bind zone file:
$ORIGIN tmg.loc.
; ; ws - ehemalige Pool Computer ; ws1.sl IN A 192.168.22.1 ws2.sl IN A 192.168.22.2 ws3.sl IN A 192.168.22.3 ws4.sl IN A 192.168.22.4 ws5.sl IN A 192.168.22.5 ws6.sl IN A 192.168.22.6 ws7.sl IN A 192.168.22.7 ws8.sl IN A 192.168.22.8 ws9.sl IN A 192.168.22.9 ws10.sl IN A 192.168.22.10 ws11.sl IN A 192.168.22.11 ws12.sl IN A 192.168.22.12 ; ; pc - Desktop PC ; pc01.sl IN A 192.168.22.31 pc02.sl IN A 192.168.22.32 pc03.sl IN A 192.168.22.33 pc04.sl IN A 192.168.22.34 ; ; tmg94 Host plus Virtual machines ; tmg94.sl IN A 192.168.22.60 IN TXT "VM Host" server.sl IN CNAME tmg94.sl tmgsim1.sl IN A 192.168.22.61 IN TXT "Windows 7" tmgsim2.sl IN A 192.168.22.62 IN TXT "Debian Squeeze" tmgsim3.sl IN A 192.168.22.63 ; ; ps - power switch ; ps1.sl IN A 192.168.22.241 ps2.sl IN A 192.168.22.242 ; ; sw - Switch ; sw.sl IN A 192.168.22.244 gw.sl IN A 192.168.22.254
- Example
- the gateway is known as:
~# host gw.sl.tmg.loc gw.sl.tmg.loc has address 192.168.22.254
- Reverse Zone
- ...is not prepared as it is not required.
Hint: This is the view from inside that network. From outside it looks this way:
~$ host slgw.tmg.loc slgw.tmg.loc has address 172.22.255.253
Service Availability
DHCP
The router offers dhcp services using ISC dhcpd
. It will deliver the usual information to the clients: address, netmask, gateway, nameservers. Event though the protocol is "dynamic" the configuration is static to be able to know exactly "who is who". Each computer will always get the same address.
The system wide configuration includes:
subnet 192.168.22.0 netmask 255.255.255.0 { # range 192.168.22.201 192.168.22.211; option domain-name-servers 134.76.81.212, 134.76.81.104; option domain-name "sl.tmg.loc"; option routers 192.168.22.254; option broadcast-address 192.168.22.255; }
Additionally for every single system which should benefit from dhcp we need an entry like this:
host ws1 { hardware ethernet 00:13:72:8a:bc:41; fixed-address ws1.sl.tmg.loc; }
You might verify the actual host definitions via
OpenAFS / Kerberos / LDAP
Should work as expected.
SSH
- enabled in all directions - especially also from outside into the lab'
ICMP
- all Types enabled
Web
- Port 80 and 443 allowed
See also
- SL:Introduction
- Schematic:
/afs/informatik.uni-goettingen.de/user/s/sensorlab/documents/Documentation/sensorlab-network.dia
bzw. "falschrum:"\\afs\informatik.uni-goettingen.de\user\s\sensorlab\documents\Documentation\sensorlab-network.dia
... which is accessible only for project members
Links
- http://gw.sl.tmg.loc/sensorlab.conf -- configuration of the Hosts