[Micronet] Airbears2 and Data Center connectivity issues...

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Airbears2 and Data Center connectivity issues...

Luis Torres
Hello Micronet Users,


I've been having issues with airbears2 and
accessing most of our UCB data center servers
on a specific subnet once I switch to that wi-fi
network.  Some of those boxes have public
services that should be accessible from anywhere
in the world, however, I get no response from
the servers while on airbears2.  The original
Airbears has no problem and since these
services are configure to let anyone through,
there's no firewall configuration needed.

Has anyone experienced this?  I have a ticket
opened with IST Networks but I would like
to know if I'm the only one.

Thanks!
-Luis Torres-
System Administrator
UC Berkeley, PATH/ICM

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Stephen Paul Carrier
Hi Luis.  I can't confirm it from where I am now, but I think AirBears2
uses 10.x.x.x addresses.  Is it possible the affected systems are sending
reply packets somewhere other than the campus network?

--
Stephen Carrier
Systems Administrator
BEAR (Berkeley Evaluation & Assessment Research) Center
Graduate School of Education
University of California, Berkeley
http://BEARcenter.Berkeley.EDU/
[hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Luis Torres
Hi Stephen,


Apparently, any of our dual NIC systems do not respond to any queries
from airbears2, no matter the service.  I tested by shutting one of the interfaces
down in a non-critical service and noticed that with a single, external NIC it
was responding to ssh requests just fine.  Single NIC machines with just
external IP work w/o problems.

-L-
On Aug 2, 2013, at 8:09 PM, Stephen Paul Carrier wrote:

> Hi Luis.  I can't confirm it from where I am now, but I think AirBears2
> uses 10.x.x.x addresses.  Is it possible the affected systems are sending
> reply packets somewhere other than the campus network?
>
> --
> Stephen Carrier
> Systems Administrator
> BEAR (Berkeley Evaluation & Assessment Research) Center
> Graduate School of Education
> University of California, Berkeley
> http://BEARcenter.Berkeley.EDU/
> [hidden email]
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Isaac Orr
Hi Luis,

Did you get any response on the ticket you have opened?  Feel free to
share the ticket # with me and I'll make sure someone follows up if
they haven't already.

Also, care to share what addressing you're using on the non-external
NIC?  It sounds like this is somewhat related to the issue you're
seeing.

Regards

iso


On Wed, Aug 7, 2013 at 8:50 AM, Luis Torres <[hidden email]> wrote:

> Hi Stephen,
>
>
> Apparently, any of our dual NIC systems do not respond to any queries
> from airbears2, no matter the service.  I tested by shutting one of the interfaces
> down in a non-critical service and noticed that with a single, external NIC it
> was responding to ssh requests just fine.  Single NIC machines with just
> external IP work w/o problems.
>
> -L-
> On Aug 2, 2013, at 8:09 PM, Stephen Paul Carrier wrote:
>
>> Hi Luis.  I can't confirm it from where I am now, but I think AirBears2
>> uses 10.x.x.x addresses.  Is it possible the affected systems are sending
>> reply packets somewhere other than the campus network?
>>
>> --
>> Stephen Carrier
>> Systems Administrator
>> BEAR (Berkeley Evaluation & Assessment Research) Center
>> Graduate School of Education
>> University of California, Berkeley
>> http://BEARcenter.Berkeley.EDU/
>> [hidden email]
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Mike Howard
In reply to this post by Luis Torres
UC Berkeley doesn't have enough IPv4 allocation to assign globally
unique addresses to always-on WiFi clients.  (In part why AirBears
requires interactive login.)

Hosts on AirBears2 are assigned private RFC 1918 [1] IPv4 addresses
and global IPv6 addresses.  10.142.0.0/16 is allocated to AirBears2
[2].

For traffic to OUTSIDE the campus network, AirBears2 uses Network
Address Translation (NAT aka PAT) [3] to share a small pool of
globally routable IPv4 addresses among all AirBears2 clients.

For traffic to INSIDE the campus network, the RFC 1918 IPs are routed normally.

If you want to allow connections from AirBears2 clients to servers
inside campus, make sure your firewall allows connections from
10.142.0.0/16 (and any future AirBears2 subnets.)  If you're using RFC
1918 IPs within your service, follow UCB's RFC 1918 guidelines [4] so
that your private subnets don't overlap with networks routed on
campus.

This only applies to AirBears2; AirBears is different.

[1] http://tools.ietf.org/html/rfc1918
[2] http://net.berkeley.edu/netinfo/ip/
[3] http://www.wikipedia.org/wiki/Network_address_translation
[4] http://net.berkeley.edu/netinfo/ip/rfc1918.shtml

On Wed, Aug 7, 2013 at 8:50 AM, Luis Torres <[hidden email]> wrote:

> Hi Stephen,
>
>
> Apparently, any of our dual NIC systems do not respond to any queries
> from airbears2, no matter the service.  I tested by shutting one of the interfaces
> down in a non-critical service and noticed that with a single, external NIC it
> was responding to ssh requests just fine.  Single NIC machines with just
> external IP work w/o problems.
>
> -L-
> On Aug 2, 2013, at 8:09 PM, Stephen Paul Carrier wrote:
>
>> Hi Luis.  I can't confirm it from where I am now, but I think AirBears2
>> uses 10.x.x.x addresses.  Is it possible the affected systems are sending
>> reply packets somewhere other than the campus network?

--
Mike Howard
Network Engineer
UC Berkeley SAIT

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Greg Merritt
Many of our servers in the data center have a secondary NIC connected to a private switch; it's a privileged, private, internal network.

This physically-private switch uses the 10.* address space.

On-campus AirBears2 clients are connecting to our data center machines on their public interfaces, with AirBears2-issued 10.* addresses.  However, our machines expect that all 10.* addresses are on our private switch.

This seems like trouble for anybody using the 10.* space on-campus for private networks, eh?

If this truly is the problem, then it sounds very messy.

-Greg



On Wed, Aug 7, 2013 at 10:01 AM, Mike Howard <[hidden email]> wrote:
UC Berkeley doesn't have enough IPv4 allocation to assign globally
unique addresses to always-on WiFi clients.  (In part why AirBears
requires interactive login.)

Hosts on AirBears2 are assigned private RFC 1918 [1] IPv4 addresses
and global IPv6 addresses.  10.142.0.0/16 is allocated to AirBears2
[2].

For traffic to OUTSIDE the campus network, AirBears2 uses Network
Address Translation (NAT aka PAT) [3] to share a small pool of
globally routable IPv4 addresses among all AirBears2 clients.

For traffic to INSIDE the campus network, the RFC 1918 IPs are routed normally.

If you want to allow connections from AirBears2 clients to servers
inside campus, make sure your firewall allows connections from
10.142.0.0/16 (and any future AirBears2 subnets.)  If you're using RFC
1918 IPs within your service, follow UCB's RFC 1918 guidelines [4] so
that your private subnets don't overlap with networks routed on
campus.

This only applies to AirBears2; AirBears is different.

[1] http://tools.ietf.org/html/rfc1918
[2] http://net.berkeley.edu/netinfo/ip/
[3] http://www.wikipedia.org/wiki/Network_address_translation
[4] http://net.berkeley.edu/netinfo/ip/rfc1918.shtml

On Wed, Aug 7, 2013 at 8:50 AM, Luis Torres <[hidden email]> wrote:
> Hi Stephen,
>
>
> Apparently, any of our dual NIC systems do not respond to any queries
> from airbears2, no matter the service.  I tested by shutting one of the interfaces
> down in a non-critical service and noticed that with a single, external NIC it
> was responding to ssh requests just fine.  Single NIC machines with just
> external IP work w/o problems.
>
> -L-
> On Aug 2, 2013, at 8:09 PM, Stephen Paul Carrier wrote:
>
>> Hi Luis.  I can't confirm it from where I am now, but I think AirBears2
>> uses 10.x.x.x addresses.  Is it possible the affected systems are sending
>> reply packets somewhere other than the campus network?

--
Mike Howard
Network Engineer
UC Berkeley SAIT


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Tom Holub
In reply to this post by Mike Howard
How far are we from issuing IPv6 addresses to AirBears2 clients (or others)? Seems like that could be a good population to start with.


On Wed, Aug 7, 2013 at 10:01 AM, Mike Howard <[hidden email]> wrote:
UC Berkeley doesn't have enough IPv4 allocation to assign globally
unique addresses to always-on WiFi clients.  (In part why AirBears
requires interactive login.)

Hosts on AirBears2 are assigned private RFC 1918 [1] IPv4 addresses
and global IPv6 addresses.  10.142.0.0/16 is allocated to AirBears2
[2].

For traffic to OUTSIDE the campus network, AirBears2 uses Network
Address Translation (NAT aka PAT) [3] to share a small pool of
globally routable IPv4 addresses among all AirBears2 clients.

For traffic to INSIDE the campus network, the RFC 1918 IPs are routed normally.

If you want to allow connections from AirBears2 clients to servers
inside campus, make sure your firewall allows connections from
10.142.0.0/16 (and any future AirBears2 subnets.)  If you're using RFC
1918 IPs within your service, follow UCB's RFC 1918 guidelines [4] so
that your private subnets don't overlap with networks routed on
campus.

This only applies to AirBears2; AirBears is different.

[1] http://tools.ietf.org/html/rfc1918
[2] http://net.berkeley.edu/netinfo/ip/
[3] http://www.wikipedia.org/wiki/Network_address_translation
[4] http://net.berkeley.edu/netinfo/ip/rfc1918.shtml

On Wed, Aug 7, 2013 at 8:50 AM, Luis Torres <[hidden email]> wrote:
> Hi Stephen,
>
>
> Apparently, any of our dual NIC systems do not respond to any queries
> from airbears2, no matter the service.  I tested by shutting one of the interfaces
> down in a non-critical service and noticed that with a single, external NIC it
> was responding to ssh requests just fine.  Single NIC machines with just
> external IP work w/o problems.
>
> -L-
> On Aug 2, 2013, at 8:09 PM, Stephen Paul Carrier wrote:
>
>> Hi Luis.  I can't confirm it from where I am now, but I think AirBears2
>> uses 10.x.x.x addresses.  Is it possible the affected systems are sending
>> reply packets somewhere other than the campus network?

--
Mike Howard
Network Engineer
UC Berkeley SAIT


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Tom Holub ([hidden email], 510-642-9069)
Director of Computing, College of Letters & Science
101.D Durant Hall
<http://LSCR.berkeley.edu/>

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Michael Sinatra-3
In reply to this post by Greg Merritt
On 8/7/13 10:21 AM, Greg MERRITT wrote:

> Many of our servers in the data center have a secondary NIC connected to
> a private switch; it's a privileged, private, internal network.
>
> This physically-private switch uses the 10.* address space.
>
> On-campus AirBears2 clients are connecting to our data center machines
> on their public interfaces, with AirBears2-issued 10.* addresses.
>  However, our machines expect that all 10.* addresses are on our private
> switch.
>
> This seems like trouble for anybody using the 10.* space on-campus for
> private networks, eh?
>
> If this truly is the problem, then it sounds very messy.

This is exactly why ken lindahl and I (back when we both worked at UCB)
created the document that Mike Howard posted in a previous message in
this thread:

http://net.berkeley.edu/netinfo/ip/rfc1918.shtml

This shows which RFC1918 addresses will be routed on campus and which
ones can be safely used for internal networks.

In fact, you posted that very link to Micronet during a CalTime
discussion last year.

Prior to that, the link was posted to Micronet in 2010, and can easily
be retrieved by googling for 'RFC1918 site:berkeley.edu' - it is the
first link that comes up.

michael


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Jeff Anderson-Lee
In reply to this post by Greg Merritt
Campus policy on 10.* networks and routing has been around for a while now. 


If you restrict your private use to 10.0.0.0/12 you will be fine.

Jeff Anderson-Lee

On Wed, Aug 7, 2013 at 10:21 AM, Greg MERRITT <[hidden email]> wrote:
Many of our servers in the data center have a secondary NIC connected to a private switch; it's a privileged, private, internal network.

This physically-private switch uses the 10.* address space.

On-campus AirBears2 clients are connecting to our data center machines on their public interfaces, with AirBears2-issued 10.* addresses.  However, our machines expect that all 10.* addresses are on our private switch.

This seems like trouble for anybody using the 10.* space on-campus for private networks, eh?

If this truly is the problem, then it sounds very messy.

-Greg



On Wed, Aug 7, 2013 at 10:01 AM, Mike Howard <[hidden email]> wrote:
UC Berkeley doesn't have enough IPv4 allocation to assign globally
unique addresses to always-on WiFi clients.  (In part why AirBears
requires interactive login.)

Hosts on AirBears2 are assigned private RFC 1918 [1] IPv4 addresses
and global IPv6 addresses.  10.142.0.0/16 is allocated to AirBears2
[2].

For traffic to OUTSIDE the campus network, AirBears2 uses Network
Address Translation (NAT aka PAT) [3] to share a small pool of
globally routable IPv4 addresses among all AirBears2 clients.

For traffic to INSIDE the campus network, the RFC 1918 IPs are routed normally.

If you want to allow connections from AirBears2 clients to servers
inside campus, make sure your firewall allows connections from
10.142.0.0/16 (and any future AirBears2 subnets.)  If you're using RFC
1918 IPs within your service, follow UCB's RFC 1918 guidelines [4] so
that your private subnets don't overlap with networks routed on
campus.

This only applies to AirBears2; AirBears is different.

[1] http://tools.ietf.org/html/rfc1918
[2] http://net.berkeley.edu/netinfo/ip/
[3] http://www.wikipedia.org/wiki/Network_address_translation
[4] http://net.berkeley.edu/netinfo/ip/rfc1918.shtml

On Wed, Aug 7, 2013 at 8:50 AM, Luis Torres <[hidden email]> wrote:
> Hi Stephen,
>
>
> Apparently, any of our dual NIC systems do not respond to any queries
> from airbears2, no matter the service.  I tested by shutting one of the interfaces
> down in a non-critical service and noticed that with a single, external NIC it
> was responding to ssh requests just fine.  Single NIC machines with just
> external IP work w/o problems.
>
> -L-
> On Aug 2, 2013, at 8:09 PM, Stephen Paul Carrier wrote:
>
>> Hi Luis.  I can't confirm it from where I am now, but I think AirBears2
>> uses 10.x.x.x addresses.  Is it possible the affected systems are sending
>> reply packets somewhere other than the campus network?

--
Mike Howard
Network Engineer
UC Berkeley SAIT


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Greg Merritt
In reply to this post by Michael Sinatra-3
Ha!  Thanks, Michael.  This was suddenly sounding familiar, actually, but I couldn't remember the previous context!

Well, hopefully AirBears2 support will now also get hip to this, so that folks using "forbidden" private address space can be guided to using "UCB-permissable" private address space.  (We're getting multiple people responding off-list about the same issue; we know we're not the only ones, and certainly won't be the last to contact AirBears2 support!)

Meanwhile, we changed a machine's netmask to 255.128.0.0 on its private 10.* network, and, lo & behold, the AirBears2 10.142.* client could indeed connect.

Mystery solved...

-Greg 



On Wed, Aug 7, 2013 at 10:41 AM, Michael Sinatra <[hidden email]> wrote:
On 8/7/13 10:21 AM, Greg MERRITT wrote:
> Many of our servers in the data center have a secondary NIC connected to
> a private switch; it's a privileged, private, internal network.
>
> This physically-private switch uses the 10.* address space.
>
> On-campus AirBears2 clients are connecting to our data center machines
> on their public interfaces, with AirBears2-issued 10.* addresses.
>  However, our machines expect that all 10.* addresses are on our private
> switch.
>
> This seems like trouble for anybody using the 10.* space on-campus for
> private networks, eh?
>
> If this truly is the problem, then it sounds very messy.

This is exactly why ken lindahl and I (back when we both worked at UCB)
created the document that Mike Howard posted in a previous message in
this thread:

http://net.berkeley.edu/netinfo/ip/rfc1918.shtml

This shows which RFC1918 addresses will be routed on campus and which
ones can be safely used for internal networks.

In fact, you posted that very link to Micronet during a CalTime
discussion last year.

Prior to that, the link was posted to Micronet in 2010, and can easily
be retrieved by googling for 'RFC1918 site:berkeley.edu' - it is the
first link that comes up.

michael



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Erik McCroskey
In reply to this post by Tom Holub
Both AirBears and AirBears2 already provide SLAAC-assigned IPv6
addresses to clients.

--Erik

On Wed, Aug 7, 2013 at 10:26 AM, Tom Holub <[hidden email]> wrote:
> How far are we from issuing IPv6 addresses to AirBears2 clients (or others)?
> Seems like that could be a good population to start with.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Michael Sinatra-3
In reply to this post by Greg Merritt
On 8/7/13 10:57 AM, Greg MERRITT wrote:

> Meanwhile, we changed a machine's netmask to 255.128.0.0 on its private
> 10.* network, and, lo & behold, the AirBears2 10.142.* client could
> indeed connect.

To be on the safe side, you should change the netmask to 255.240.0.0
(i.e. 10.0.0.0/12).  Assuming you have fewer than 1 million hosts in the
data center, this will be more than enough space to address everything
*and* will keep you out of the way of any future routed RFC1918 space.

If you have more than 1 million hosts, then you should think about using
IPv6 to number the interfaces.

michael


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Greg Merritt
Yep yep!

Thanks,

-Greg


On Wed, Aug 7, 2013 at 11:05 AM, Michael Sinatra <[hidden email]> wrote:
On 8/7/13 10:57 AM, Greg MERRITT wrote:

> Meanwhile, we changed a machine's netmask to 255.128.0.0 on its private
> 10.* network, and, lo & behold, the AirBears2 10.142.* client could
> indeed connect.

To be on the safe side, you should change the netmask to 255.240.0.0
(i.e. 10.0.0.0/12).  Assuming you have fewer than 1 million hosts in the
data center, this will be more than enough space to address everything
*and* will keep you out of the way of any future routed RFC1918 space.

If you have more than 1 million hosts, then you should think about using
IPv6 to number the interfaces.

michael



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Stephen Paul Carrier
In reply to this post by Isaac Orr
Well, 10.x.x.x is supposed to be reserved to organizations for internal
networking.  To make this work, those addresses are not supposed to be
used on the world-routed Internet.

UC Berkeley is a pretty big organization.  In the same spirit as RFC1918,
perhaps UCB could set aside a subset of 10.x.x.x that it promises not
to use.  Then, departments can use that subset of addresses for traffic
that doesn't go outside the department networks.

Stephen Carrier

On Wed, Aug 07, 2013 at 09:45:01AM -0700, Isaac Orr wrote:

> Hi Luis,
>
> Did you get any response on the ticket you have opened?  Feel free to
> share the ticket # with me and I'll make sure someone follows up if
> they haven't already.
>
> Also, care to share what addressing you're using on the non-external
> NIC?  It sounds like this is somewhat related to the issue you're
> seeing.
>
> Regards
>
> iso

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Isaac Orr
In reply to this post by Greg Merritt
On Wed, Aug 7, 2013 at 10:57 AM, Greg MERRITT <[hidden email]> wrote:

[...]

> Well, hopefully AirBears2 support will now also get hip to this, so that
> folks using "forbidden" private address space can be guided to using
> "UCB-permissable" private address space.  (We're getting multiple people
> responding off-list about the same issue; we know we're not the only ones,
> and certainly won't be the last to contact AirBears2 support!)
>

There's a couple layers of what could be considered "AirBears2
Support".  The official support group for AirBears2, as for all
network services, is us (Network Operations and Services).  Since
we're also responsible for the allocation of RFC1918 address space for
campus uses, I think we are pretty hip to this.

That said, the other (first) layer of support, is the CSS-IT group.
They seem to try to solve a lot of the problems that users call in
with, particularly on the desktop side.  Because of the huge
variations in end client configurations, NOS does not support end user
devices/configurations, just the delivery of the service itself.

If you get an actual ticket number, that should mean that your problem
has been assigned into a queue that is looked at by people here in
NOS.  As always, if you have a ticket # and aren't getting your
problem solved, let me know and I will find out what is up.

Regards

iso

--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Airbears2 and Data Center connectivity issues...

Isaac Orr
In reply to this post by Stephen Paul Carrier
Hi Stephen.

UCB has indeed done exactly what you state, the subset of networks
that are available for use privately on campus, without interaction
with the UCB Telecommunications department, are laid out on the page
that has been discussed:

http://net.berkeley.edu/netinfo/ip/rfc1918.shtml

Regards

iso


On Wed, Aug 7, 2013 at 11:30 AM, Stephen Paul Carrier
<[hidden email]> wrote:

> Well, 10.x.x.x is supposed to be reserved to organizations for internal
> networking.  To make this work, those addresses are not supposed to be
> used on the world-routed Internet.
>
> UC Berkeley is a pretty big organization.  In the same spirit as RFC1918,
> perhaps UCB could set aside a subset of 10.x.x.x that it promises not
> to use.  Then, departments can use that subset of addresses for traffic
> that doesn't go outside the department networks.
>
> Stephen Carrier
>
> On Wed, Aug 07, 2013 at 09:45:01AM -0700, Isaac Orr wrote:
>> Hi Luis,
>>
>> Did you get any response on the ticket you have opened?  Feel free to
>> share the ticket # with me and I'll make sure someone follows up if
>> they haven't already.
>>
>> Also, care to share what addressing you're using on the non-external
>> NIC?  It sounds like this is somewhat related to the issue you're
>> seeing.
>>
>> Regards
>>
>> iso



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.