Logical network structure in the DiRT lab
The DiRT group maintains two classes of end-workstations:
- production -- connected directly to the departmental network
- experimental -- connected to the department through one of our routers,
if at all.
This section describes the logical structure of the networks and the
logical configuration of the different components of these networks.
The details of configuration are in section 2.
For easy reference, here's a list of all of our hostnames and
their IP addresses (well, the last octect anyway). The file currently
lives at /usr/dirt/config/ip.all
Production machines
Production machines are the ones that need a steady connection to the
department network. These are primarily our development machines,
mounting NFS partitions, etc. through the department.
- default NIC addr: 152.2.137.xx
- netmask: 255.255.0.0 (0xffff0000)
- default router:152.2.254.254 (the Cisco router, ciscokid.oit.unc.edu,
in OIT)
Experimental machines
Experimental machines are anything that we don't want connected to the
department ethernet. Most of these machines will usually have
connectivity to the department via a router, but these machines may
also be disconnected from time to time. We have a configuration that
offers 12 subnetworks for our experimental machines.
- available subnets:
- 152.2.134.xx - 152.2.136.xx
- 152.2.138.xx - 152.2.139.xx
- 152.19.160.xx - 152.19.167.xx
- 192.168.137.xx - 192.168.138.xx (PRIVATE NETWORKS ONLY)
- netmask: 255.255.255.0 (0xffffff00)
- default router: the machine connecting the subnet to the dept. network
We refer to these subnets by the number of their third octet. The private
networks are referred to by the number of their third octet, prefixed with
a 'P'. For example, 192.168.137.xx is referred to as the P137 network.
Routers and Proxy-Arp
Routing
A router is simply a machine with multiple network interface cards (NICs).
Each interface is configured based on the network it's attached to. It if is
the departmental interface, it is configured like a production machine above.
If it is an experimental subnetwork interface, it is configured like an
experimental machine above. We use FreeBSD machines as routers.
The FreeBSD machines must have a flag set at boot-up in order for the
machine to act as a gateway. When a router receives a packet intended for the
IP address of another machine, it attempts to send it out over the
interface with the appropriate netmask or to the default router, if one is specified.
Packets get directed to these routers off of the department network
via an evil hack called proxy-arp.
Proxy-Arp
Ok, check-list time! In order for an experimental machine to have proper
connectivity to the department, it must:
- be configured with the appropriate IP address and netmask as described above
- be plugged into the correct network, which is connected to a
properly configured router.
In addition to these "obvious" steps, our departmental configuration
has an additional requirement, proxy-arp. The entire UNC campus is
currently on a flat network. Everything is 152.2.xx.xx. Because our
departmental machines all communicate directly (without a router),
they all just find local machines (those in the departmental subnet)
via ARP requests. Since our experimental machines are hidden behind a
router, they cannot see these ARP messages and thus, cannot answer
them. Instead, some other machine must answer on their behalf.
Further, the proxy machine doesn't respond with the machine's true
hardware address, but with the hardware address of the router that
handles that machine's connection to the departmental subnet.
For example, consider goldberg, which handles routing between the
department and the 135 subnet, where dot135 is connected. Sam
(also directly connected to the departmental network) handles
proxy-arp for the 135 and 136 subnets. When a departmental or
production machine, such as tyagi broadcasts an arp request for
dot135, sam responds with the hardware address of the card
connecting goldberg to the department. Tyagi then sends the packets
destined for dot135 to goldberg, who routes the packets onto the
135 subnet.
Name to address-mapping:
Each of our machines has (or should have) 15 different entries in the
domain name service. Most of them are of the form
. That is, poirier on the 136 subnet
(152.2.136.57) is poirier136. Finally, the 137 addresses are also
in the DNS as the straight hostname (e.g. poirier). The logic for this
is that since this is subnet we use for machines that are connected
directly to the department network, those should be the unqualified
names.
Here's an example of all of the entries for poirier.
152.2.134.57 = poirier134
152.2.135.57 = poirier135
152.2.136.57 = poirier136
152.2.137.57 = poirier, poirier137
152.2.138.57 = poirier138
152.2.139.57 = poirier139
152.19.160.57 = poirier160
152.19.161.57 = poirier161
152.19.162.57 = poirier162
152.19.163.57 = poirier163
152.19.164.57 = poirier164
152.19.165.57 = poirier165
152.19.166.57 = poirier166
152.19.167.57 = poirier167
Ancient DiRT History: Token rings and ethernets
It may be worth noting that in the past we have used the 134 and 135
subnets for token ring and 136-139 for ethernet. Until now we have
only had 6 subnets so all of the addresses were effectively on the "A"
subnets as we had no machine addresses with the final octet greater
than 127 (0x7f). Some older demos still expect the networks to be set
up this way.
Previous document
Next document
Other DiRT documents
Author: Mark Parris Mark's
original network logic page, if you're interested in DiRT history.
Updated By: Michele Clark
Last updated: January 19, 1999