General Purpose (office) Network Reorganisation

(Version francaise ici)

On 27th August, the IT Department’s Communication Systems Group will perform a major reorganisation of CERN’s General Purpose Network. Two separate sub-networks—one for devices with fixed addresses, such as desktop computers, and one for portable devices, such as laptops and tablets—will be merged into a single network that addresses both needs.

As part of this reorganisation, desktop systems with fixed IP addresses (e.g. 137.138.x.x) will be allocated new “dynamic” addresses. Fortunately, this should be transparent for most users. Portable devices will not see any change.

Dedicated Network services (please see https://cern.service-now.com/service-portal/article.do?n=KB0004179 if you think you may be concerned) are not affected by this change. Similarly, the Technical Network and Computer Centre network services are also unaffected.

New network address options

The reconfigured General Purpose Network will offer three different options for network addresses:

  1.  Dynamic addresses provide exactly the same general access to central services and the Internet as is provided today for desktop and portable devices. This is strongly recommended. Users with no special requirements should choose this option. Indeed, if you have no special requirements, you don’t even need to choose, this option will be chosen for you by default.
  2. To provide additional security, it will be possible to choose private addresses visible within CERN but without access to or from the Internet. This option is recommended for printers, embedded systems and other devices not needing Internet access.
  3. Static IP addresses with Internet connectivity will also be available where justified, for example for systems providing a service that must have a known IP address.

Owners of devices with a fixed 137.138.x.x address will be sent an email in early September asking them to visit a web site to choose one of the three options above by September 30th. If you have no special requirements, then no action is needed, the first, dynamic address option will be chosen for you. And if you don’t receive an email, don’t worry: it just means you are already using the dynamic addresses anyway (e.g. for a laptop using today’s “portable” sub-network).

If you have any questions about these changes please contact the Service Desk who will follow up as necessary.

Management of network sockets

These changes will also simplify the management of network plugs. Today, these are allocated either to the fixed “desktop” sub-network or to the “portable” sub-network. After the reorganisation, registered devices using dynamic addresses will be able to connect to any “live” network socket on the General Purpose Network. Devices using private or public static addresses, however, must still be connected to their registered network socket.

Practical Details

The network reorganisation will take place on Saturday 27th of August and will involve a series of brief network interruptions throughout the day as we restart network routers across the site. Users of today’s “portable” service may be affected for longer periods, however. Also, since much behind-the-scenes work is involved, some interruptions might also take place on Sunday 28th August. Users will be informed of the progress of the network reconfiguration via the IT Service Status Board.

Immediately after the reorganisation, all existing fixed IP addresses will continue to work as today. As from 8am on Monday 3rd October, however, dynamic addresses will be assigned to replace the fixed addresses if users have not chosen the private or static option (options 2 and 3 above). Since the dynamic options is the correct choice in almost all cases, most users won’t need to take any action. If you are sent an email in early September, though, you can follow the link provided and choose to switch immediately to a new dynamic address. Owners of devices that need private or static addresses, DNS aliases, firewall rules or inter-domain/restricted set memberships must follow the link in this email to ensure their device is allocated the correct type of address.

After the reorganisation, network plugs not used for 9 months will be automatically disconnected to ensure the efficient usage of expensive network hardware. Similarly users will be contacted if newly allocated fixed IP addresses are inactive for more than 9 months.

Background

This change is part of our continuing work to ensure our pool of IPv4 addresses is used efficiently. See, for example, the February Bulletin article on reclaiming unused IPv4 addresses available at https://cds.cern.ch/record/2130658?ln=en. Today, many separate pools of addresses are allocated both fixed and portable addresses in each building. As we have to allow room for growth, many of the addresses in all of these different pools are unused. As the unified General Purpose Network will not need so many separate address pools, we can recover some 30,000 IPv4 network addresses that we can allocate to machines in the computer centre where there is a growing demand.

Similarly, operating a single infrastructure will lead to a more efficient use of network hardware, freeing space in the network starpoints that will be used for the campus-wide deployment of Wi-Fi Services that was recently announced (https://cds.cern.ch/record/2196959?ln=en).

More technical information is available in the IT Technical Users Meeting presentation available at https://indico.cern.ch/event/507582 and the IT Technical Forum presentation available at https://indico.cern.ch/event/515258/.

You are here