[auton-users] Important Network information

predragp at andrew.cmu.edu predragp at andrew.cmu.edu
Tue Mar 11 20:26:23 EDT 2014 

Dear Autons,

You might want to have the Auton Lab network topology map

http://www.autonlab.org/auton_intranet/g2/21625.html

while reading this e-mail.

This is just a quick update on the progress of network update. A cluster
of Unbounds (Unbound a validating, recursive, and caching DNS resolver)
consisting of three machines

Areas
Atlas
Horae

is fully functional. However old Bind based Master & Slave (Lofty & Liar)
DNS which is causing us so much pain is not decommissioned yet.
It will be taken of line only once all machines in the lab are switched to
DNS cluster.

Areas is also designated as a new main firewall and gateway to the LAB
while Horae is also DMZ firewall. Atlas main use is LDAP domain controller
(to replace NIS) which is still not functional.

I am in the process of killing DHCP server (runs on LOFTY) which was in
the past used to dynamically assigned prescribed internal IP addresses to
our server. All Auton Lab servers and virtual machines will have
statically configured internal IP addresses within 24-36h.


The following computing nodes are now fully switched to static IP
addresses (listed next to the names), new gateway (Areas 192.168.6.2) and
the above cluster of DNS servers.

gaia 192.168.6.5
neill-zfs 192.168.6.59
low1 192.168.6.81
lov3 192.168.6.102
lov4 192.168.6.103

Within next 24 hours I will try to switch all other computing nodes.
During this process you will notice at least two things

1. Until new OpenVPN server is up and running on Areas (hopefully next 36
hourse) the computing nodes will be reachable only through ssh gateway
LOP1 and LOP2. You will not be able to ssh on them from your desktops
because OpenVPN network is not cleared as safe.
2. I am filtering all network traffic on both external and internal
interface in both directions in and out of Auton Lab LAN zone with very
restrictive rules. Except ssh, http, and https you will not be able to
reach outside world from computing nodes. Any other monkey business will
have to be done in DMZ zone.


Auton Lab gateways LOP1 & LOP2 will not be reconfigured because they act
as proxy for TCWI instances, CVS and SVN proxy servers. Instead I will
bring (as soon as LDAP is on) a new dedicated gateway (machine is already
up and running). LOP1 & LOP2 as well as the rest of Auton Lab
tangle will be dealt when the core network infrastructure is 100% functional.


I apologize for any inconvenience. Unfortunately there is no easy way out
of the mess and this has to be done better sooner than later.


Most Kind Regards,
Predrag Punosevac

More information about the Autonlab-users mailing list