[#INSTRM-140] Convert existing networks to the Subaru address range?

[INSTRM-140] Convert existing networks to the Subaru address range? Created: 29/Jun/17 Updated: 07/Sep/17 Resolved: 07/Sep/17
Status:	Won't Fix
Project:	Instrument control development
Component/s:	ics_dnsmasq
Affects Version/s:	None
Fix Version/s:	None

Type:

Task

Priority:

Major

Reporter:

cloomis

Assignee:

Unassigned

Resolution:

Won't Fix

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Description

Shimono-san points out that the address range which Subaru has assigned to PFS: 133.40.164/23, is almost certainly what we will need to use. In order to minimize commissioning problems we should change from the 10.1/16 dnsmasq address range which is used at all the existing sites.

As long as the gateway machine(s) really and truly do not route from the outside to the inside, this should be straightforward. IPMU might have to do some mildly tricky routing. I can vouch for JHU and PU. Will LAM be OK? IPMU? Will this be OK at ASIAA?

I suggest that we renumber the dnsmasq host files after ~~INSTRM-71~~, or we will be making two changes at once.

Comments

Comment by shimono [ 29/Jun/17 ]

I don't think having the same IP address configuration helps us to prevent issues, since:

all ICS actors shall use hostname or FQDN to access others but not IP address.
rather than reducing hidden issues by misconfiguration of actors on network access (such as using IP address directly in configuration), it could be a good time to expose such misconfiguration on network

but if some firmware for our boards has static configuration in its assembly, we need to care of (and need to be well documented).

Comment by shimono [ 04/Jul/17 ]

IPMU would vote not to move to the same IP address range as one at the summit.
We already have bunch of configurations incl account/database server by IP address in existing server network. Of course, it shall be better to separate ICS simulator and servers, but SSO is better to be united, and it is quite difficult to separate from now on - even it is on private network address range. Also for upcoming univ of tokyo network management upgrade, it could be violant to have such global range within local network - we forced to plan to have filtered/inspected private network for internal operation.

So, IPMU would strongly request ICS simulation environment to accept customized network address configuration per site, rather than unit hostname to address assignment.

Comment by chihyi [ 03/Aug/17 ]

Currently there is no preference for what address range to use at IAA. In the near future we will setup a DNS server for running COBRA test, this DNS server will also run a firewall and all other computers will be behind this firewall. Both 133.40.164/23 or 10.1/16 is fine.

Comment by shimono [ 07/Sep/17 ]

As discussed in ~~INSTRM-71~~, this conversion is per site, which can or want to move.

Generated at Sat Feb 10 16:21:57 JST 2024 using Jira 8.3.4#803005-sha1:1f96e09b3c60279a408a2ae47be3c745f571388b.

[INSTRM-140] Convert existing networks to the Subaru address range? Created: 29/Jun/17 Updated: 07/Sep/17 Resolved: 07/Sep/17