This information is partially obsolete. Kept here for the record. (Leandro)
figure 1 shows the structure of the CONFINE network in the UPC Campus Nord.
The public IPv6 range
2001:40b0:7c06::/48 has been allocated from CESCA
for the CONFINE project. It is currently routed to the CONFINE servers VLAN
in the UPC Campus Nord and handled by the Community-Lab Controller.
It follows the same addressing scheme used for CONFINE management networks
(see Addressing in CONFINE). Thus, in a future this public range may be used to
reach all Community-Lab components via public IPv6 addresses even if IPv6 is
not supported by the underlying infrastructure, by means of the tinc overlay
(see The management network).
The Community-Lab Controller is reachable at
2001:40b0:7c06::2. Other available servers are:
|devel.confine-project.eu||2001:40b0:7c06:0:f000::64||Development server (Redmine, Git…)|
|repo.confine-project.eu||2001:40b0:7c06:0:f000::6e||Node images, sliver templates, OpenWrt Packages…|
|monitor.confine-project.eu||2001:40b0:7c06:0:f000::70||Community-Lab Monitor instance|
|sandbox.confine-project.eu||2001:40b0:7c06:0:f000::73||Testing controller with no attached nodes|
|opendata.confine-project.eu||2001:40b0:7c06:0:f000::76||OpenData server for publications|
|smokeping.confine-project.eu||2001:40b0:7c06:0:f000::77||SmokePing instance for checking CN connectivity|
|controller-wrapper.confine-project.eu||2001:40b0:7c06:0:f000::7a||SFA Wrapper portal|
|openvpn.confine-project.eu||2001:40b0:7c06:0:f000::80||OpenVPN server (see VPN access to UPC Testbed)|
Since these servers are not registered in Community-Lab, a range has been
chosen which falls inside of the individual hosts range of CONFINE
management network addressing, but is still not used in the specification (see
Addressing in CONFINE). More specifically, each server has an
2001:40b0:7c06:0:f000::X/128 address where the X usually corresponds to
its hexadecimal OpenVZ VEID from CONFINE's UPC Proxmox VE cluster.
The router exposes a link-local
fe80::20c:42ff:feeb:ac7f/64 address in the
servers VLAN and routes
2001:40b0:7c06::/48 towards the link-local
fe80::2001:40b0:7c06/64 which belongs to the Controller, which uses the
router's address as a default gateway for IPv6 traffic. The rest of servers
fe80::2001:40b0:7c06 as the default gateway. Since all servers
(including the Controller) have
/128 addresses according to CONFINE
addressing (instead of
/64), the Controller has static host routes for
each of the servers to complete the routing. Since the router, the Controller
and servers are on the same link, when the Controller routes a packet from a
server to the router, it also sends an ICMPv6 redirect to the server so that
it can send the next packet straight to the router, saving one hop in
A list of specific hardware and where to buy can be found here Boards (one of the two).
|UPC-Omega||outdoor||NS-Loco5||1||28 - fd02::27:228a:b828:0:12||PcEngines-Alix2d2||2|
|UPC-C6||outdoor||NS-M5||1||7a - fd02::27:22ae:5d7a:0:12||Comell||1|
|UPC-C6||outdoor||Mikrotik RB433U||2||10.139.37.225 (DSG-ST1), 10.139.37.226 (DSG-BgH)||–||0||Guifi.net node|
|UPC-C6E104||indoor||PcEngines-Alix2d2||2+||2b - fd02::80:4873:9fb4:0:12||Zotac?||1?||Lab|
|UPC-C6E104||indoor||PcEngines-Alix2d2||2+||f3 - fd02::80:486b:24e2:0:12||Zotac?||1?||Lab|
|UPC-C6E104||indoor||PcEngines-Alix2d2||2+||fc - fd02::90a4:dec0:bbc3:0:12||Zotac?||1?||Lab|
|UPC-C61--||indoor||PcEngines-Alix2d2||2||59 - fd02::f8d1:11c4:525a:0:12||–||0||Ester|
|UPC-C6E206||indoor||PcEngines-Alix2d2||2||04 - fd02::80:4874:4c07:0:12||–||0||Felix|
|UPC-D6116||indoor||PcEngines-Alix2d2||2||3f - fd02::f8d1:11c4:5240:0:12||Zotac||1?||Xavi|
|UPC-D6105||indoor||PcEngines-Alix2d2||2||98 - fd02::90a4:dec0:bbf4:0:12||–||0||Leandro|
|UPC-D6S00||server||Dell Poweredge R510||0||10.228.207.8 - –||–||0||Pangea-confine server (confine.ac.upc.edu)|
|UPC-C6E104||server||PC||0||10.139.37.228 - –||–||0||server (old confine10)|
|UPC-Vertex||indoor||NS-M5||1||10.228.205.209||Zotac||1||At Pangea's office (CLab node #7)|
This device is used to create a network from where Research devices can be reached. This should be part of the Community network, in our case Guifi.net. The experiments cannot use/change this device, because it can be part of the production community network and might be some users using it. A firmware compatible with the Community is needed (using compatible routing protocols, IP range, etc.). We are using qMp.
This device is only used for the experiments, so a powerful hardware is needed. We are using Atom based boards and Alix. Normally these have at least one radio to allow link-layer WiFi experiments, but it is not mandatory. The software running inside is the OpenWRT based Confine distribution: Confine-dist.
Outdoor nodes are placed on the roofs of some buildings of UPC campus, a set of 4 or 5 nodes will be deployed. These nodes are expensive and hard to deploy because of outdoor conditions.
Indoor nodes are placed inside the buildings of UPC campus, mainly in laboratories and work places. These nodes are cheaper and easier to deploy.
ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQDGl/x9r98Zpf/wn0XUa3pojxlOLKUfY7GX9BZ7aTnA88XRoJcnvwiWXVNLwp0LtN77mb2R+qr2tPkwPODr28s9z/FyFvLJYJA4SKHfADYbPDFVHhuK0+tgpX4GysGsaIXVsRWUSq+j151JdoSaiLdtoh0COJ91q5ySuzzPRyrhBKlYvy8o9wUaHfBgLfqLINeW6NqC7LFnoGm64Ozrq2E2NsJIT6WZo6PHbElzUQ8xE8peBIISaXn42qdXhFXWuQkNt0ajXWol2h5ab9HDa+sKx5CvzJiKm/vZcFP519sIjbKC6lf9AkTbIQs87efOc3LsuBj1CBHHh+NupHx2CZGD confine@controller
List of different services for the project.
|Name||Public IP||Community IP|
|Cloudy demo 2||184.108.40.206||10.228.207.15|
|Confine server (devel/distro/redmine)||220.127.116.11||10.228.207.4|
|Confine web frontend||18.104.22.168||10.228.207.22|
A VPN server for accessing Confine' UPC testbed is provided.
The security-approach for now is all sharing the same key and certificates for authentication and traffic encryption. You can found the needed keys at private BSCW. Please do not share them with people not directly involved with the project.
These are the connection parameters:
guifi.net network is accessible through the VPN using this routing rule:
route add -net 10.0.0.0 gw 10.228.207.1 netmask 255.0.0.0 dev tap0
Configuration example for Linux OpenVPN clients:
client dev tap proto udp remote vpn.confine-project.eu 1194 resolv-retry infinite nobind persist-key persist-tun ca confine-ca.crt cert confine-client.crt key confine-client.key ns-cert-type server comp-lzo verb 3