Our basic network philosophy is to try to exploit locality at layer-2 and to use layer-3 routing wherever possible. We try to allocate networks within a single building at layer-2 and route between buildings as much as possible. Some networks are large (/23) and some are small (e.g. /26 for smaller research groups. Not considering security, the tradeoff of small versus large is generally one of whether or not we can tolerate the broadcast traffic. Some protocols are "broadcast noisy" and so we probably don't want any general-use networks larger than /23. We might consider a /22 client network. but that's about it (a /22 is ~1000 hosts -- that can add up to a lot of broadcasting, especially if Samba/CIFS/Windows is present).
Using smaller layer-2 networks has the potential to allow better security design with the firewall. Small broadcast domains are isolated from each other and thus can be more secure for some classes of compromise -- at least, we can say that smaller networks don't leak broadcast traffic and compromised system can't see other non-local hosts at layer-2. That's the basic idea, at least -- it doesn't alway work out that way because many classes of compromise go beyond the local network.
CSCF has three basic ranges of network presently (as of Spring 2010):
Maintain zone name | Address space | Usage |
---|---|---|
cs-inet | 129.97.0.0/16 | UW-public addresses; routable to the world |
cs-campus | 172.19.0.0/16 | Campus-only; routable only within the UW Autonomous System |
cs-private | 10.15.0.0/16 | CS-only; routable only within the CS OSPF area 4 |
"Maintain" refers to the IST "Maintain" web application, which is used to record and manage UW network allocations.
As a general rule, we try to allocate networks on a per-building basis, which is to say that networks should exist only in one building (MC or DC). There are many legacy exceptions to this rule that are being eliminated over time -- however all new networks should be allocated to a specific building.
See the current network assignments for specific usage details.
Notes:
Some research groups within the School of Computer Science have their own networks, which they manage:
Network | Usage | Maintain DNS setup |
---|---|---|
172.19.0.0/20 | non-firewalled networks | various, see below |
172.19.16.0/20 | firewall zone 0 (CSCF systems) | as a /20 |
172.19.32.0/20 | firewall zone 1 (CS servers) | as a collection of /24s |
172.19.48.0/20 | firewall zone 2 (thin clients) | as a /20 |
172.19.64.0/20 | firewall zone 3 (teaching lab workstations) | as a /20 |
172.19.80.0/20 | firewall zone 4 (office workstations) | as a /20 |
172.19.96.0/20 | firewall zone 5 (research computers) | as a collection of /24s |
172.19.112.0/20 | unallocated | as a /20 |
172.19.128.0/20 | unallocated | as a /20 |
172.19.144.0/20 | unallocated | undefined |
172.19.160.0/20 | unallocated | undefined |
172.19.176.0/20 | unallocated | undefined |
172.19.192.0/20 | unallocated | undefined |
172.19.208.0/20 | unallocated | undefined |
172.19.224.0/20 | unallocated | undefined |
172.19.240.0/20 | unallocated | undefined |
Network | Usage |
---|---|
172.19.0.0/24 | unused |
172.19.1.{0,4,8,12,...,252}/30 | OSPF point to point links (64 2-usable-nodes per network) |
172.19.2.0/24 | some sort of legacy management network |
172.19.3.0/24 | unused |
172.19.4.{0,16,32,48,...112}/28 | block of eight 16-host (14 usable) networks |
172.19.4.128/25 | unused |
172.19.5.{0,8,16,24,,,,120}/29 | 16 6-node small networks |
172.19.5.128/25 | for IST wireless access points |
172.19.6.0/24 | unused |
172.19.7.0/24 | unused |
172.19.8.0/24 | unused |
172.19.9.0/24 | unused |
172.19.10.0/24 | for use in MC |
172.19.11.0/24 | for use in MC |
172.19.12.0/24 | for use in DC |
172.19.13.0/24 | for use in DC |
172.19.14.0/24 | for use in DC |
172.19.15.0/24 | for use in DC |
Network | Usage |
---|---|
172.19.32.0/24 | campus-only servers in DC |
172.19.33.0/24 | printers in DC |
172.19.34.0/25 | VM hosts in DC |
172.19.34.128/25 | VM hosts in MC |
172.19.47.0/24 | campus-only servers in MC |
remainder | undefined |
Network | Usage |
---|---|
172.19.96.0 to 172.19.96.? | used for management ports and ilom |
remainder | undefined |
Network | Usage |
---|---|
10.15.0.0/20 | non-firewalled networks |
10.15.16.0/20 | various LOM networks |
10.15.32.0/20 | unallocated |
10.15.48.0/20 | thin clients in DC (48 and up) and MC (63 and down) |
10.15.64.0/20 | various teaching/lab usage |
10.15.80.0/20 | unallocated |
10.15.96.0/20 | device management of research computers |
10.15.112.0/20 | unallocated |
10.15.128.0/20 | unallocated |
10.15.144.0/20 | unallocated |
10.15.160.0/20 | unallocated |
10.15.176.0/20 | unallocated |
10.15.192.0/20 | unallocated |
10.15.208.0/20 | unallocated |
10.15.224.0/20 | unallocated |
10.15.240.0/20 | unallocated |
The specific network allocations are recorded in the VLAN summary table.
Within a network, certain addresses are reserved for standard usage, as follows:
Note that these addresses are relative to the subnet base. For a /24 network that starts at 0, the above addresses are literal. But for a /25 network that begins at address 128, the relative translation would be: