User Tools

Site Tools


testbeds:upc-cn

UPC testbed

This information is partially obsolete. Kept here for the record. (Leandro)

Network infrastructure

source Fig. 1: Structure of the CONFINE network in the UPC

figure 1 shows the structure of the CONFINE network in the UPC Campus Nord.

Public IPv4 range

TBD

Public IPv6 range

The public IPv6 range 2001:40b0:7c06::/48 has been allocated from CESCA for the CONFINE project. It is currently routed to the CONFINE servers VLAN in the UPC Campus Nord and handled by the Community-Lab Controller. It follows the same addressing scheme used for CONFINE management networks (see Addressing in CONFINE). Thus, in a future this public range may be used to reach all Community-Lab components via public IPv6 addresses even if IPv6 is not supported by the underlying infrastructure, by means of the tinc overlay (see The management network).

The Community-Lab Controller is reachable at 2001:40b0:7c06::2. Other available servers are:

Name Address Description
devel.confine-project.eu 2001:40b0:7c06:0:f000::64 Development server (Redmine, Git…)
repo.confine-project.eu 2001:40b0:7c06:0:f000::6e Node images, sliver templates, OpenWrt Packages…
monitor.confine-project.eu 2001:40b0:7c06:0:f000::70 Community-Lab Monitor instance
sandbox.confine-project.eu 2001:40b0:7c06:0:f000::73 Testing controller with no attached nodes
frontend02.x.pangea.org 2001:40b0:7c06:0:f000::74 Web frontend
opendata.confine-project.eu 2001:40b0:7c06:0:f000::76 OpenData server for publications
smokeping.confine-project.eu 2001:40b0:7c06:0:f000::77 SmokePing instance for checking CN connectivity
controller-wrapper.confine-project.eu 2001:40b0:7c06:0:f000::7a SFA Wrapper portal
openvpn.confine-project.eu 2001:40b0:7c06:0:f000::80 OpenVPN server (see VPN access to UPC Testbed)

Since these servers are not registered in Community-Lab, a range has been chosen which falls inside of the individual hosts range of CONFINE management network addressing, but is still not used in the specification (see Addressing in CONFINE). More specifically, each server has an 2001:40b0:7c06:0:f000::X/128 address where the X usually corresponds to its hexadecimal OpenVZ VEID from CONFINE's UPC Proxmox VE cluster.

The router exposes a link-local fe80::20c:42ff:feeb:ac7f/64 address in the servers VLAN and routes 2001:40b0:7c06::/48 towards the link-local fe80::2001:40b0:7c06/64 which belongs to the Controller, which uses the router's address as a default gateway for IPv6 traffic. The rest of servers use fe80::2001:40b0:7c06 as the default gateway. Since all servers (including the Controller) have /128 addresses according to CONFINE addressing (instead of /64), the Controller has static host routes for each of the servers to complete the routing. Since the router, the Controller and servers are on the same link, when the Controller routes a packet from a server to the router, it also sends an ICMPv6 redirect to the server so that it can send the next packet straight to the router, saving one hop in subsequent sends.

Nodes

A list of specific hardware and where to buy can be found here Boards (one of the two).

Node Type Community Research Notes
Device Radios Addr Device Radios
UPC-Omega outdoor NS-Loco5 1 28 - fd02::27:228a:b828:0:12 PcEngines-Alix2d2 2
UPC-C6 outdoor NS-M5 1 7a - fd02::27:22ae:5d7a:0:12 Comell 1
UPC-C6 outdoor Mikrotik RB433U 2 10.139.37.225 (DSG-ST1), 10.139.37.226 (DSG-BgH) 0 Guifi.net node
UPC-C6E104 indoor PcEngines-Alix2d2 2+ 2b - fd02::80:4873:9fb4:0:12 Zotac? 1? Lab
UPC-C6E104 indoor PcEngines-Alix2d2 2+ f3 - fd02::80:486b:24e2:0:12 Zotac? 1? Lab
UPC-C6E104 indoor PcEngines-Alix2d2 2+ fc - fd02::90a4:dec0:bbc3:0:12 Zotac? 1? Lab
UPC-C61-- indoor PcEngines-Alix2d2 2 59 - fd02::f8d1:11c4:525a:0:12 0 Ester
UPC-C6E206 indoor PcEngines-Alix2d2 2 04 - fd02::80:4874:4c07:0:12 0 Felix
UPC-D6116 indoor PcEngines-Alix2d2 2 3f - fd02::f8d1:11c4:5240:0:12 Zotac 1? Xavi
UPC-D6105 indoor PcEngines-Alix2d2 2 98 - fd02::90a4:dec0:bbf4:0:12 0 Leandro
UPC-D6S00 server Dell Poweredge R510 0 10.228.207.8 - – 0 Pangea-confine server (confine.ac.upc.edu)
UPC-C6E104 server PC 0 10.139.37.228 - – 0 server (old confine10)
UPC-Vertex indoor NS-M5 1 10.228.205.209 Zotac 1 At Pangea's office (CLab node #7)

Community device

This device is used to create a network from where Research devices can be reached. This should be part of the Community network, in our case Guifi.net. The experiments cannot use/change this device, because it can be part of the production community network and might be some users using it. A firmware compatible with the Community is needed (using compatible routing protocols, IP range, etc.). We are using qMp.

Research device

This device is only used for the experiments, so a powerful hardware is needed. We are using Atom based boards and Alix. Normally these have at least one radio to allow link-layer WiFi experiments, but it is not mandatory. The software running inside is the OpenWRT based Confine distribution: Confine-dist.

Kinds of nodes

Outdoors

Outdoor nodes are placed on the roofs of some buildings of UPC campus, a set of 4 or 5 nodes will be deployed. These nodes are expensive and hard to deploy because of outdoor conditions.

Indoors

Indoor nodes are placed inside the buildings of UPC campus, mainly in laboratories and work places. These nodes are cheaper and easier to deploy.

Server SSH Key

ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQDGl/x9r98Zpf/wn0XUa3pojxlOLKUfY7GX9BZ7aTnA88XRoJcnvwiWXVNLwp0LtN77mb2R+qr2tPkwPODr28s9z/FyFvLJYJA4SKHfADYbPDFVHhuK0+tgpX4GysGsaIXVsRWUSq+j151JdoSaiLdtoh0COJ91q5ySuzzPRyrhBKlYvy8o9wUaHfBgLfqLINeW6NqC7LFnoGm64Ozrq2E2NsJIT6WZo6PHbElzUQ8xE8peBIISaXn42qdXhFXWuQkNt0ajXWol2h5ab9HDa+sKx5CvzJiKm/vZcFP519sIjbKC6lf9AkTbIQs87efOc3LsuBj1CBHHh+NupHx2CZGD confine@controller

Services

List of different services for the project.

  • The IP range 84.88.85.0/27 is set manually in each machine with a static route.
  • The IP range 10.228.207.0/24 is set by a DHCP server in the ROUTER-DSG. However, DHCP is not used by servers for better robustness in case of misbehaving DHCP servers.
Name Public IP Community IP
84.88.85.0/27
ROUTER-DSG 84.88.85.1 10.228.207.1
–FREE– 84.88.85.3-6 -
citizensqkm.net 84.88.85.8 10.228.207.48
cloudy.community 84.88.85.9 10.228.207.11
Clommunity Smokeping 84.88.85.10 10.228.207.5
Clommunity Thingspeak 84.88.85.11 10.228.207.13
Cloudy demo 2 84.88.85.12 10.228.207.15
–FREE– 84.88.85.13-14 -
Confine Trento - 10.228.207.7
Confine OpenVPN 84.88.85.15 10.228.207.14
Confine Controller-wrapper 84.88.85.16 10.228.207.23
Confine Controller 84.88.85.17 10.228.207.8
Confine server (devel/distro/redmine) 84.88.85.18 10.228.207.4
Confine Smokeping 84.88.85.19 10.228.207.63
Confine Repo 84.88.85.20 10.228.207.12
Confine Opendata 84.88.85.21 10.228.207.18
Confine Sandbox 84.88.85.22 10.228.207.21
Confine web frontend 84.88.85.23 10.228.207.22
Confine Monitor 84.88.85.24 10.228.207.61
–FREE– 84.88.85.25-30 -

VPN access to UPC Testbed

A VPN server for accessing Confine' UPC testbed is provided.

The security-approach for now is all sharing the same key and certificates for authentication and traffic encryption. You can found the needed keys at private BSCW. Please do not share them with people not directly involved with the project.

These are the connection parameters:

  • host: vpn.confine-project.eu
  • port: 1194 UDP
  • device-type: TAP (link-layer/bridge)
  • ca certificate: confine-ca.crt

guifi.net network is accessible through the VPN using this routing rule:

route add -net 10.0.0.0 gw 10.228.207.1 netmask 255.0.0.0 dev tap0

Configuration example for Linux OpenVPN clients:

client
dev tap
proto udp
remote vpn.confine-project.eu 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca confine-ca.crt
cert confine-client.crt
key confine-client.key
ns-cert-type server
comp-lzo
verb 3

Also available for Mac OS X Users...

We also have a preconfigured Tunnelblick configuration file that can be found on BSCW here

Please amend the routing configuration if you want to route all traffic from the VPN

testbeds/upc-cn.txt · Last modified: 2016/10/20 12:29 by ivilata