User Tools

Site Tools


UPC testbed

This information is partially obsolete. Kept here for the record. (Leandro)

Network infrastructure

source Fig. 1: Structure of the CONFINE network in the UPC

figure 1 shows the structure of the CONFINE network in the UPC Campus Nord.

Public IPv4 range


Public IPv6 range

The public IPv6 range 2001:40b0:7c06::/48 has been allocated from CESCA for the CONFINE project. It is currently routed to the CONFINE servers VLAN in the UPC Campus Nord and handled by the Community-Lab Controller. It follows the same addressing scheme used for CONFINE management networks (see Addressing in CONFINE). Thus, in a future this public range may be used to reach all Community-Lab components via public IPv6 addresses even if IPv6 is not supported by the underlying infrastructure, by means of the tinc overlay (see The management network).

The Community-Lab Controller is reachable at 2001:40b0:7c06::2. Other available servers are:

Name Address Description 2001:40b0:7c06:0:f000::64 Development server (Redmine, Git…) 2001:40b0:7c06:0:f000::6e Node images, sliver templates, OpenWrt Packages… 2001:40b0:7c06:0:f000::70 Community-Lab Monitor instance 2001:40b0:7c06:0:f000::73 Testing controller with no attached nodes 2001:40b0:7c06:0:f000::74 Web frontend 2001:40b0:7c06:0:f000::76 OpenData server for publications 2001:40b0:7c06:0:f000::77 SmokePing instance for checking CN connectivity 2001:40b0:7c06:0:f000::7a SFA Wrapper portal 2001:40b0:7c06:0:f000::80 OpenVPN server (see VPN access to UPC Testbed)

Since these servers are not registered in Community-Lab, a range has been chosen which falls inside of the individual hosts range of CONFINE management network addressing, but is still not used in the specification (see Addressing in CONFINE). More specifically, each server has an 2001:40b0:7c06:0:f000::X/128 address where the X usually corresponds to its hexadecimal OpenVZ VEID from CONFINE's UPC Proxmox VE cluster.

The router exposes a link-local fe80::20c:42ff:feeb:ac7f/64 address in the servers VLAN and routes 2001:40b0:7c06::/48 towards the link-local fe80::2001:40b0:7c06/64 which belongs to the Controller, which uses the router's address as a default gateway for IPv6 traffic. The rest of servers use fe80::2001:40b0:7c06 as the default gateway. Since all servers (including the Controller) have /128 addresses according to CONFINE addressing (instead of /64), the Controller has static host routes for each of the servers to complete the routing. Since the router, the Controller and servers are on the same link, when the Controller routes a packet from a server to the router, it also sends an ICMPv6 redirect to the server so that it can send the next packet straight to the router, saving one hop in subsequent sends.


A list of specific hardware and where to buy can be found here Boards (one of the two).

Node Type Community Research Notes
Device Radios Addr Device Radios
UPC-Omega outdoor NS-Loco5 1 28 - fd02::27:228a:b828:0:12 PcEngines-Alix2d2 2
UPC-C6 outdoor NS-M5 1 7a - fd02::27:22ae:5d7a:0:12 Comell 1
UPC-C6 outdoor Mikrotik RB433U 2 (DSG-ST1), (DSG-BgH) 0 node
UPC-C6E104 indoor PcEngines-Alix2d2 2+ 2b - fd02::80:4873:9fb4:0:12 Zotac? 1? Lab
UPC-C6E104 indoor PcEngines-Alix2d2 2+ f3 - fd02::80:486b:24e2:0:12 Zotac? 1? Lab
UPC-C6E104 indoor PcEngines-Alix2d2 2+ fc - fd02::90a4:dec0:bbc3:0:12 Zotac? 1? Lab
UPC-C61-- indoor PcEngines-Alix2d2 2 59 - fd02::f8d1:11c4:525a:0:12 0 Ester
UPC-C6E206 indoor PcEngines-Alix2d2 2 04 - fd02::80:4874:4c07:0:12 0 Felix
UPC-D6116 indoor PcEngines-Alix2d2 2 3f - fd02::f8d1:11c4:5240:0:12 Zotac 1? Xavi
UPC-D6105 indoor PcEngines-Alix2d2 2 98 - fd02::90a4:dec0:bbf4:0:12 0 Leandro
UPC-D6S00 server Dell Poweredge R510 0 - – 0 Pangea-confine server (
UPC-C6E104 server PC 0 - – 0 server (old confine10)
UPC-Vertex indoor NS-M5 1 Zotac 1 At Pangea's office (CLab node #7)

Community device

This device is used to create a network from where Research devices can be reached. This should be part of the Community network, in our case The experiments cannot use/change this device, because it can be part of the production community network and might be some users using it. A firmware compatible with the Community is needed (using compatible routing protocols, IP range, etc.). We are using qMp.

Research device

This device is only used for the experiments, so a powerful hardware is needed. We are using Atom based boards and Alix. Normally these have at least one radio to allow link-layer WiFi experiments, but it is not mandatory. The software running inside is the OpenWRT based Confine distribution: Confine-dist.

Kinds of nodes


Outdoor nodes are placed on the roofs of some buildings of UPC campus, a set of 4 or 5 nodes will be deployed. These nodes are expensive and hard to deploy because of outdoor conditions.


Indoor nodes are placed inside the buildings of UPC campus, mainly in laboratories and work places. These nodes are cheaper and easier to deploy.

Server SSH Key

ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQDGl/x9r98Zpf/wn0XUa3pojxlOLKUfY7GX9BZ7aTnA88XRoJcnvwiWXVNLwp0LtN77mb2R+qr2tPkwPODr28s9z/FyFvLJYJA4SKHfADYbPDFVHhuK0+tgpX4GysGsaIXVsRWUSq+j151JdoSaiLdtoh0COJ91q5ySuzzPRyrhBKlYvy8o9wUaHfBgLfqLINeW6NqC7LFnoGm64Ozrq2E2NsJIT6WZo6PHbElzUQ8xE8peBIISaXn42qdXhFXWuQkNt0ajXWol2h5ab9HDa+sKx5CvzJiKm/vZcFP519sIjbKC6lf9AkTbIQs87efOc3LsuBj1CBHHh+NupHx2CZGD confine@controller


List of different services for the project.

  • The IP range is set manually in each machine with a static route.
  • The IP range is set by a DHCP server in the ROUTER-DSG. However, DHCP is not used by servers for better robustness in case of misbehaving DHCP servers.
Name Public IP Community IP
–FREE– -
Clommunity Smokeping
Clommunity Thingspeak
Cloudy demo 2
–FREE– -
Confine Trento -
Confine OpenVPN
Confine Controller-wrapper
Confine Controller
Confine server (devel/distro/redmine)
Confine Smokeping
Confine Repo
Confine Opendata
Confine Sandbox
Confine web frontend
Confine Monitor
–FREE– -

VPN access to UPC Testbed

A VPN server for accessing Confine' UPC testbed is provided.

The security-approach for now is all sharing the same key and certificates for authentication and traffic encryption. You can found the needed keys at private BSCW. Please do not share them with people not directly involved with the project.

These are the connection parameters:

  • host:
  • port: 1194 UDP
  • device-type: TAP (link-layer/bridge)
  • ca certificate: confine-ca.crt network is accessible through the VPN using this routing rule:

route add -net gw netmask dev tap0

Configuration example for Linux OpenVPN clients:

dev tap
proto udp
remote 1194
resolv-retry infinite
ca confine-ca.crt
cert confine-client.crt
key confine-client.key
ns-cert-type server
verb 3

Also available for Mac OS X Users...

We also have a preconfigured Tunnelblick configuration file that can be found on BSCW here

Please amend the routing configuration if you want to route all traffic from the VPN

testbeds/upc-cn.txt · Last modified: 2016/10/20 12:29 by ivilata