Doc::Gilbert::Network: Difference between revisions

From Computer Science Wiki
Jump to navigation Jump to search
Rich08 (talk | contribs)
Rich08 (talk | contribs)
 
(5 intermediate revisions by the same user not shown)
Line 3: Line 3:
== Introduction ==
== Introduction ==
This page have information related to networking in the Gilbert Street building.  Specifically information about transitioning your equipment from Knowledgeworks to Gilbert.  Due to rarity of IPv4 address space at Virginia Tech, the networking in Gilbert (as with any new building at VT) will be slightly different from our traditional networking.  How you configure the networking for you machine will depend on how it will be used:
This page have information related to networking in the Gilbert Street building.  Specifically information about transitioning your equipment from Knowledgeworks to Gilbert.  Due to rarity of IPv4 address space at Virginia Tech, the networking in Gilbert (as with any new building at VT) will be slightly different from our traditional networking.  How you configure the networking for you machine will depend on how it will be used:
* '''(Private)''' - No remote access from outside VT to the machine is needed.  This will be the simplest to set up.  It uses a dynamic IPv4 address and IPv6 address with the option of a static IPv6 address.
* '''(Option 1)''' - No remote access from outside VT to the machine is needed.  This will be the simplest to set up.  It uses a dynamic IPv4 address and IPv6 address with the option of a static IPv6 address.
* '''(Internal)''' -  Remote access to the machine is desired, but only needed by Virginia Tech affiliates.  It uses a static internal IPv4 address and dynamic IPv6 address with the option of a static IPv6 address.
* '''(Option 2)''' -  Remote access to the machine is desired, but only needed by Virginia Tech affiliates.  It uses a static internal IPv4 address and dynamic IPv6 address with the option of a static IPv6 address.  The machine will be accessed remotely through VT's VPN.
* '''(External)''' - Remote access to the machine is desired, and access from non-VT persons is needed.  It uses a static external IPv4 address and dynamic IPv6 address with the option of a static IPv6 address.
* '''(Option 3)''' - Remote access to the machine is desired, and access from non-VT persons is needed.  It uses a static external IPv4 address and dynamic IPv6 address with the option of a static IPv6 address.


It is important to note there will be no External network connections in offices or labs in Gilbert.  All External connections will be limited to the server room on the 4th floor.  The reason for this being threefold:
It is important to note there will be no public IPv4 network connections in offices or labs in Gilbert.  All public IPv4 connections will be limited to the server room on the 4th floor.   
* VT is not issuing any new External IPv4 address ranges.  As a result, Computer Science is limited to the number of External addresses it currently has.
 
* Given the limited IPv4 range and the growth of the department, steps need to be taken to ensure only those machines which need to be accessed by non-VT persons have the option of getting an External address.
== Why we are doing this? ==
The reason for this being threefold:
* VT is not issuing any new or additional IPv4 address ranges.  As a result, Computer Science is limited to the number of public IPv4 addresses it currently has.
* Given the limited IPv4 range and the growth of the department, steps need to be taken to ensure only those machines which need to be accessed by non-VT persons have the option of getting a public IPv4 address.
* This will significantly increase the level of security for our machines:
* This will significantly increase the level of security for our machines:
** Machines that do not need to be accessed by non-VT persons will be on the Private or Internal network, significantly reducing the opportunity for attacks and systems being compromised.
** Machines that do not need to be accessed by non-VT persons will be on the private network, significantly reducing the opportunity for attacks and systems being compromised.
** By locating External machines in the server room, Techstaff will be made aware of the machine and its location, and can provide input on securing the machine and can respond more quickly to system breaches.
** By locating publicly accessible machines in the server room, Techstaff will be made aware of the machine and its location, and can provide input on securing the machine and can respond more quickly to system breaches.


== Private ==
== Option 1 Setup Instructions ==
This configuration is likely best for office desktop machines, and wired laptop connections.
This configuration is likely best for office desktop machines, and wired laptop connections.
* You can simply set your network configuration to '''DHCP''' and the connection will be automatically configured for Internet access.
* You can simply set your network configuration to '''DHCP''' and the connection will be automatically configured for Internet access.
Line 25: Line 28:
** A static IPv6 address would have to be configured after the machine is moved to Gilbert.  Please notify Techstaff ahead of the move if you want to do this.
** A static IPv6 address would have to be configured after the machine is moved to Gilbert.  Please notify Techstaff ahead of the move if you want to do this.


== Internal ==
== Option 2 Setup Instructions ==
This configuration is suitable for desktop machines and servers that need remote access only from someone associated with Virginia Tech.
This configuration is suitable for desktop machines and servers that need remote access only from someone associated with Virginia Tech.
* Techstaff will assign your machine a static 172.21.222.* address that you configure manually.  These addresses are not routable to the Internet, but are still accessible by other machines on the VT network.
* Techstaff will assign your machine a static 172.21.222.* address that you configure manually.  These addresses are not routable to the Internet, but are still accessible by other machines on the VT network.
Line 37: Line 40:
** After the machine is moved, you can configure the static IP(s).
** After the machine is moved, you can configure the static IP(s).


== External ==
== Option 3 Setup Instructions ==
This configuration is suitable for public facing servers such as web servers that need remote access from anywhere on the Internet.
This configuration is suitable for public facing servers such as web servers that need remote access from anywhere on the Internet.
* This network is '''only''' available in the Gilbert server rooms.   
* This network is '''only''' available in the Gilbert server rooms.   

Latest revision as of 15:48, 28 February 2023

Gilbert Place Networking

Introduction

This page have information related to networking in the Gilbert Street building. Specifically information about transitioning your equipment from Knowledgeworks to Gilbert. Due to rarity of IPv4 address space at Virginia Tech, the networking in Gilbert (as with any new building at VT) will be slightly different from our traditional networking. How you configure the networking for you machine will depend on how it will be used:

  • (Option 1) - No remote access from outside VT to the machine is needed. This will be the simplest to set up. It uses a dynamic IPv4 address and IPv6 address with the option of a static IPv6 address.
  • (Option 2) - Remote access to the machine is desired, but only needed by Virginia Tech affiliates. It uses a static internal IPv4 address and dynamic IPv6 address with the option of a static IPv6 address. The machine will be accessed remotely through VT's VPN.
  • (Option 3) - Remote access to the machine is desired, and access from non-VT persons is needed. It uses a static external IPv4 address and dynamic IPv6 address with the option of a static IPv6 address.

It is important to note there will be no public IPv4 network connections in offices or labs in Gilbert. All public IPv4 connections will be limited to the server room on the 4th floor.

Why we are doing this?

The reason for this being threefold:

  • VT is not issuing any new or additional IPv4 address ranges. As a result, Computer Science is limited to the number of public IPv4 addresses it currently has.
  • Given the limited IPv4 range and the growth of the department, steps need to be taken to ensure only those machines which need to be accessed by non-VT persons have the option of getting a public IPv4 address.
  • This will significantly increase the level of security for our machines:
    • Machines that do not need to be accessed by non-VT persons will be on the private network, significantly reducing the opportunity for attacks and systems being compromised.
    • By locating publicly accessible machines in the server room, Techstaff will be made aware of the machine and its location, and can provide input on securing the machine and can respond more quickly to system breaches.

Option 1 Setup Instructions

This configuration is likely best for office desktop machines, and wired laptop connections.

  • You can simply set your network configuration to DHCP and the connection will be automatically configured for Internet access.
    • You will receive an automatic 172.21.*.* address. These addresses are not routable to the Internet, and will not provide remote access from outside of VT.
    • The machine will be accessible from other machines on the VT network, and from users connected to VT VPN.
  • Remote access is achievable through a static IPv6 address assigned by Techstaff.
    • Remote access would be directly accessible from any IPv6 enabled endpoints.
  • For transitioning your machine from Knowledgeworks to Gilbert:
    • You can switch your network to DHCP ahead of the move and still have Internet access in Knowledgeworks. The machine will automatically re-configure itself in Gilbert.
    • A static IPv6 address would have to be configured after the machine is moved to Gilbert. Please notify Techstaff ahead of the move if you want to do this.

Option 2 Setup Instructions

This configuration is suitable for desktop machines and servers that need remote access only from someone associated with Virginia Tech.

  • Techstaff will assign your machine a static 172.21.222.* address that you configure manually. These addresses are not routable to the Internet, but are still accessible by other machines on the VT network.
  • A <hostname>.cs.vt.edu hostname is required and will be assigned to the static IPv4 address.
    • Optionally, a static IPv6 address can be assigned that is directly accessible from any IPv6 enabled endpoint.
  • Remote access is possible through the VT VPN service or via another machine on-campus.
  • For transitioning your machine from Knowledgeworks to Gilbert:
    • Please let Techstaff know before the move that you want an internal static IPv4 address. We can give you your IP before the move.
    • Also please let Techstaff if you are wanting to re-use a hostname you already have.
    • We recommend that you switch your networking to DHCP just before your machine moves so that will be functional when you plug it in.
    • After the machine is moved, you can configure the static IP(s).

Option 3 Setup Instructions

This configuration is suitable for public facing servers such as web servers that need remote access from anywhere on the Internet.

  • This network is only available in the Gilbert server rooms.
  • There is a server room that Faculty and their Graduate students can physically access.
  • Both Internal and External networks will be available in the server room.
  • The IPv4 range we have in Knowledgeworks (128.173.236.0/22) will be moving to Gilbert at some point. The exact day is still to be determined.
  • Techstaff will assign your machine a static 128.173.236.* address that you configure manually. This is a fully routed public Internet address.
  • A <hostname>.cs.vt.edu hostname is required and will be assigned to the static IPv4 address.
    • Optionally, a static IPv6 address can be assigned that is directly accessible from any IPv6 enabled endpoint.
  • For transitioning your machine from Knowledgeworks to Gilbert:
    • This network may not be accessible when we first move into Gilbert
    • If you already have a static IPv4 address from Knowledgeworks, then you can use that address. Please let Techstaff know if you intend to continue using an address.
    • You will need to work closely with Techstaff to time the move of your machine.
    • Please let techstaff know as soon as possible any Knowledgeworks public IPv4s you want to continue using in Gilbert.