VLAN and IP address-space information

This page documents established network assignments (that is manually maintained). For the definitive list of VLans in use (that includes projects under developement) refer to this CSCF Vlan Information or IST's nsbuild application. For a discussion about general policies and our general network architecture, see the network schema discussion.

Additional references

Router configurations

All of our vlans are routed one of five HP routers, as shown in the "Location" column of the reference tables below. The ONA links to their configurations are:

If two location labels appear (eg: mc-dc) that indicates an inter-building trunk (typically a /30 point-to-point network).

"Network name" column in the following tables

The network name column is intended to show the router name of the network, not the DNS name. The DNS name for the network is, by convention, assigned to the ".0" address (the address of the network) and can be determined from a standard DNS lookup.

Please be sure to use the correct name in the column. Router network names can be determined from the ONA vlan summary for the router on which the network is routed (see the bullet list above).

Current VLAN assignments

VLAN 438 is IST wired authentication or 802.1x (building independent)

Date: Thu, 14 Feb 2013 13:54:30 -0500
To: <noc@ist.uwaterloo.ca>, <ist-mgmt@lists.uwaterloo.ca>,
   <ctsc@lists.uwaterloo.ca>, <cnsc@lists.uwaterloo.ca>, <watcard@uwaterloo.ca>,
   <ist-css@lists.uwaterloo.ca>, <ist-itms@lists.uwaterloo.ca>,
   <acohelp@watarts.uwaterloo.ca>, <admin-support@lists.uwaterloo.ca>,
   <tg-networks@cscf.cs.uwaterloo.ca>, <kevin.kennedy@family-medicine.ca>,
   <esag@engmail.uwaterloo.ca>, <cmseitz@uwaterloo.ca>,
   <admin@pdeng.uwaterloo.ca>, <faccus@lists.uwaterloo.ca>,
   <isthd@ist.uwaterloo.ca>, <acoccia@uwaterloo.ca>, <sbradley@uwaterloo.ca>,
   <wcarroll@uwaterloo.ca>, <tkanerva@uwaterloo.ca>,
   <uw.network@rumours.uwaterloo.ca>, <reshelp@uwaterloo.ca>,
   <cskingle@uwaterloo.ca>, <rddigby@uwaterloo.ca>, <arbhagat@uwaterloo.ca>,
   <kjjack@uwaterloo.ca>
Subject: NETWORK ALERT - 2013-02-19 - Activation of 802.1x in MC
From: <daldwinc@uwaterloo.ca>

Description:     Activation of 802.1x in MC
Date: (YYYY-MM-DD)     2013-02-19
Start Time:              7 AM
End Time:   8 AM   
Impact:           
Resolution:     
Submitted By: daldwinc@uwaterloo.ca

Comment:        On the morning of February 19th, a number of network ports in MC will have 802.1X authentication turned on.

Ports in public locations may require users to authenticate before the port becomes fully active.

Dave Aldwinckle
IST Network Services

Notice Submitted:    Thu Feb 14 13:54:30 EST 2013

Note:   If you have any questions or concerns please contact the IST Help Desk at ext: 84357 or helpdesk@uwaterloo.ca


Subject: [UW-RT #273071] FW: NETWORK ALERT - 2013-02-19 - Activation of 802.1x in MC
From: David Aldwinckle via RT <rt@rt.uwaterloo.ca>
To: <isthelpd@uwaterloo.ca>
CC: <trevor.grove@uwaterloo.ca>
Date: Fri, 15 Feb 2013 11:26:58 -0500

The ports in question are all on either MATH or AS switches. There will be no changes to CS devices at this time.

> 1) which ports are affected?

Those that have historically had authentication enabled (the old aruba captive portal page), and are now sitting on VLAN 438 with no authentication enabled.

> 2) how will users know if they are supposed to authenticate?

Users will DHCP a private address and all of their web traffic will be redirected to a web page that explains that they are using a port that requires authentication.

> 3) how will they authenticate (if necessary)?

The page mentioned above will have instructions on how to configure 802.1x for Windows 7 and Ubuntu 12.04. OS X clearly prompts the user for authentication. 

The most important things to note are:

Authentication Type: PEAP
Inner authentication: MSCHAPv2
Certificate: GlobalSign Root CA (built-in to Windows, Ubuntu, OS X)
UserID: MUST have the @uwaterloo.ca suffix.

Specific user issues can be handled through RT.

Please let me know if you have any additional questions.

Dave

VLAN 439 in the future will be wired authentication or 802.1x (building independent)

Research external network

CS VLAN summary -- external
VLAN id Location IP range Description and notes Network name  
521 dc 198.96.155.0/28 Ian Goldberg's external research network ex-iangoldberg.net  

VLANs in 129.97.0.0/16

CS VLAN summary -- public networks
VLAN idSorted ascending Location IP range Description and notes Network name Access restrictions (ACLs)
  dc 129.97.60.128/25 managed by IST cs-auth-dc  
  mc 129.97.141.160/27 managed by IST cs-auth-mc  
  dc 129.97.63.160/27 completely unknown -- doesn't show in ONA's vlan summary dcsci.net  
105 dc 129.97.105.0/24 Shoshin research group flash-csnet  
114 dc 129.97.114.0/24 CGL lab network CGLnet  
134 mc 129.97.134.0/24 Mathsoc & other student orgs mathstudentorgnet  
15 dc 129.97.15.0/24 CSCF internal operations & staff workstations cscfnet  
152 dc,mc 129.97.152.0/24 No longer exists Was: CS public servers; NB: upper half DC, lower MC csservernet1  
1594 dc 129.97.59.128/26 imacs and other ISG systems in DC; cslabdcnet  
1595 dc 129.97.59.192/26 SW.Eng lab in DC cslab2dcnet  
167 dc2303a 129.97.167.64/26 public CS servers in dc2303a cs-srv2-dc-pub  
168 dc 129.97.168.0/24 cs client-only hosts csclient1net  
169 dc 129.97.169.0/24 cs client-only hosts csclient2net  
170 dc 129.97.170.0/23 cs client-only hosts -- NB this is a /23 network comprising both the 170 and 171 /24 networks csclient3net  
1731 dc 129.97.173.128/26 DC Nettops csreservenet  
1732 dc 129.97.173.192/26 CSG lab network effective 2009-5-12 csg2net  
186 dc 129.97.186.0/24 PLG lab network wheatnet  
1892       VLAN1892  
26 dc 129.97.26.1/24 research server network #2 csresearch2  
421 m3 129.97.173.32/27 M3 3101 server room Internet Vlan m3-cs-inet-server1  
421 dc 129.97.167.128/25 public CS servers in DC csserver1-dc  
422 mc 129.97.167.0/26 public CS servers in MC csserver1-mc  
422 dc 129.97.173.0/27 32-host SCS admin workstation network dc-cs-admin  
424 mc 129.97.173.64/26 64-host Ugster network mc-cs-ugrad  
426 dc 129.97.119.128/26 62-node Boutaba research network ST#88103 cs-savi-dc  
51 mc 129.97.51.0/24 MAC lab workstations and servers cslab1net  
510 phy 129.97.119.192/26 RIPPLE admin network SHARCNET cs-sw-phy-1002  
52 mc 129.97.16.192/26 Mac Lab workstations and servers cslab2net  
528 mc 129.97.152.128/29 cs-mc-server IST RT#350945    
59 mc 129.97.59.0/25 MC-only Linux Stations (GL & Nettops) cstc2net  
7 dc 129.97.7.0/24 research server network #1 csresearch1net  
719 mc 129.97.1.72/30 OSPF trunk between mc-cs1 and cn-rt-mc (IST managed) cn-rt-mc-cs-rt-mc  
720 dc 129.97.1.76/30 OSPF trunk between dc-cs1 and cn-rt-phy (IST managed) cn-rt-phy-cs-rt-dc  
74 dc 129.97.74.0/24   csnet  
75 dc 129.97.75.0/24   cs2net  
84 dc 129.97.84.0/24 cs client-only hosts csclientnet  
851 dc 129.97.151.128/27 32-node research network CSCF ST#78148 csnet-research  
864       cspriv-zone4-net  
880       cspriv-zone5-0et  

129.97.152.0/24 Notes

  • On IST RT#350945 and CS ST#94616 129.97.152.0/24 was split into small networks as follows (to allow for CS networks in other buildings)
    • 129.97.152.0/25 into /28 (16 IPs) blocks
    • 129.97.152.128/25 into /29 (8 IPs) blocks

VLANs in 192.168.0.0/16

CS VLAN summary -- non-infrastructure networks
VLAN id Location IP range Description and notes Network name  
4000 n/a 192.168.15.0/24 Netscreen 500 management network default n/a  
4003 dc 192.168.2.0/24 for Mac imaging; has its own DHCP n/a  
420 dc 192.168.1.0/24 routed and natted on asimov.cscf CSCFPrivateNet  
500 dc 192.168.2.0/24 local to dc3556: dc3556-cs2a, dc3556-cs2b cs-rsch1-dc  
n/a n/a 192.168.56.0/24 Sun Virtualbox n/a  
n/a n/a 192.168.10.0/16 ?? behind cabernet.cs.uwaterloo.ca n/a  
n/a n/a 192.168.100.0/24 behind m160.cs.uwaterloo.ca n/a  
n/a n/a 192.168.0.0/24 Bioinformatics n/a  
n/a vmserver212 192.168.100.0/24 VM-only interior network for Adobe Connect    

VLANs in 172.19.0.0/16

CS VLAN summary -- campus-routable private networks
VLAN idSorted ascending Location IP range Description and notes Network name
    172.19.6.0/24 future  
    172.19.7.0/24 future  
    172.19.9.0/24 future  
    172.19.11.0/24 future MC  
    172.19.13.0/24 future DC  
    172.19.14.0/24 future DC  
    172.19.5.{32,40,...,112,120}/29 remainder of block of 16 /29s reserved for max-6-node vlans (eg firewalls, NetApps)  
    172.19.1.{32,36,..., 248, 252}/30 remainder of block of 30 4-address (2 usable) networks for OSPF trunks  
    172.19.3.0/24 future  
    172.19.4.(16,32,48,64,80,96,112}/28 remainder of block of 8 16-address (14 usable)  
    172.19.4.192/27 future 172-19-4-192.net
  dc 172.19.5.24/29 dc netapp network dc-storage
    172.19.8.0/24 future cs-srv3-dc3558
    172.19.144.0/24 future CSCF admin dc3558 server room UW Intranet cs-srv3-dc3558
    172.19.145.0/24 future CSCF admin dc2303a server room UW Intranet cs-srv6-dc2303
    172.19.146.0/24 future CSCF admin mc3015 server room UW Intranet cs-srv4-mc
    172.19.147.0/24 future CSCF admin m33101 server room UW Intranet cs-srv4-m3
    172.19.148.0/22 future CSCF admin server rooms UW Intranets  
    172.19.156.0/22 future SCS server rooms UW Intranets  
    172.19.16.0/20 block reserved for research; currently vlan dc:435  
         
1 mc 172.19.2.0/25 mc routed but unused? to be renamed to mc-HPmanagement HPmanagementnet
1 dc 172.19.2.128/25 dc unused? to be renamed to dc-HPmanagement HPmanagementnet
1799 dc 172.19.5.0/29 addresses for the firewall(s) fwuntrustnet
1800 dc 172.19.0.0/24 used for testing cscore
1801 dc 172.19.1.16/30 OSPF point-to-point dc-cs1 to dc-cs2 trk1interconnect
1801 mc 172.19.1.8/30 OSPF point-to-point mc-cs1 to mc-cs2 trk1interconnect
1802 dc-mc 172.19.1.0/30 OSPF point-to-point main dc to mc connection trk2interconnect
1803 mc1-dc2 172.19.1.12/30 OSPF point-to-point mc-cs1 to dc-cs2 trk3interconnect
1803 mc2-dc1 172.19.1.4/30 OSPF point-to-point mc-cs2 to dc-cs1 trk3interconnect
1810 mc 172.19.10.0/24 MC device/switch management mc-cs-cvl
1812 dc 172.19.12.0/24 CSCF switch/net-device management, a /22 netblock implemented as 4 /24s dc-cs-cvl
1832 dc 172.19.32.0/24 campus-wide "public" services in dc dc-cs-server1-campus
1833 dc 172.19.33.0/24 printers in DC dc-cs-printer
1834 dc 172.19.34.0/25 DC Virtual Machines root OS (not Virtual Hosts) dc-cs-vm1net
1835 mc 172.19.47.0/24 campus-wide "public" services in mc mc-cs-server1-campus
1836 dc 172.19.4.224/27 cscf systems campus-only dc-cscf-campus
1894 dc 172.19.97.0/24 highly restricted research LOMs HR-IPMI
1896 dc 172.19.96.0/24 research device mgmt & ilom (dc-cs-research1) UR-IPMI
1897 dc 172.19.97.0/24 (reserved) Nabeel's Tetherless Networks Lab research project network not routed (do not use! see st#94366) dd-net
2834 mc 172.19.34.128/25 MC Virtual Machines root OS (not Virtual Hosts) mc-cs-vm1net
421 mc 172.19.5.8/29 MC netapp network mc-storage
422 m3 172.19.5.16/29 M3 3101 Server Room CS Storage Vlan (m3-storage ) cs-user1-m3
425 dc 172.19.40.0/24 IST-managed printers? we probably shouldn't use this dc-printer2
435 dc 172.19.16.0/24 Keshav's research network st#94366 dc-cs-research
469 dc 172.19.4.0/28 Door-fob-controller DC3335 (managed by IST) sec-net-dc2
480 dc-dc2303a 172.19.1.20/30 OSPF point-to-point between dc-cs1 & cs-rt-dc-2303a cs-ptp-dc
481 mc-dc2303a 172.19.1.24/30 OSPF point-to-point between cs-rt-mc-3015-a & cs-rt-dc-2303a cs-mgmt2-dc
482 m3-dc2303a 172.19.1.28/30 OSPF point-to-point between cs-rt-dc-2303a & cs-rt-m3-3101 cs-mgmt3-dc
499 dc 172.19.4.128/27 IST management of DC switch UPSes cs-ups-dc
503 Phy 172.19.128.0/24 For use Ashraf/Hans cluster in SHARCnet himrod
511 Phy 172.19.157.0/25 RIPPLE IPMI network SHARCNET cs-sw-phy-1002
512 Phy 172.19.156.0/24 RIPPLE 10GbE network SHARCNET cs-sw-phy-1002
524 dc3558 172.19.15.0/27 CSCF Secure UW-Intranet VLan in server room DC 3558 dc-cs2 (RT #256680)
524 dc2303a 172.19.15.64/26 CSCF Secure UW-Intranet VLan in server room DC 2303a cs-rt-dc-2303a (RT #256680)
524 mc3015 172.19.15.128/26 CSCF Secure UW-Intranet VLan in server room MC 3015 cs-rt-mc-3015-a (RT #253182)
524 mc3101 172.19.15.192/26 CSCF Secure UW-Intranet VLan in server room M3 3101 cs-rt-m3-3101 (RT #253182)
524 dc 172.19.15.0/26 unknown -- "servers in dc3558"? cs-srv1-dc3558
524 m3 172.19.15.192/26 (obsolete please use Vlan ID 253) Section of 172.19.15.0/24 localized to M3 3101 Server room. cs-srv-m3
524 mc border 172.19.15.128/26 unknown cs-srv2-mc
526 dc 172.19.152.0/24 SCS dc3558 server room UW Intranet cs-srv3-dc3558
526 dc2303a 172.19.153.0/24 SCS dc2303a server room UW Intranet cs-srv6-dc2303
526 mc border 172.19.154.0/24 SCS mc3015 server room UW Intranet cs-srv4-mc
526 m3 172.19.155.0/24 SCS m33101 server room UW Intranet cs-srv4-m3
527 mc 172.19.20.0/24 CSCF research device mgmt & ilom in MC3015 cs-researchmgmt-mc RT#350945
805 dc 172.19.5.128/25 for IST wireless APs cs-net-dc-ap-mgmt
?   172.19.4.160/27 ?future? M3 3101 Server Room CS Campus Vlan  

172.19.20.0/24 Notes

  • On IST RT#350945 and CS ST#94616 172.19.20.0/24 was created to support CS management and ILOM access in MC

VLANs in 10.0.0.0/8

CS VLAN summary -- CS-only routable networks
VLAN idSorted ascending Location IP range Description and notes Network name
    10.15.96.0/24 future for device mgmt of research systems cspriv96net
    10.15.74.0/24 DNS migration from 129.97.74.0/24  
    10.15.75.0/24 DNS migration from 129.97.75.0/24  
    10.15.78.0/24 DNS migration from 129.97.78.0/24  
    10.15.77.0/24 DNS migration from 129.97.79.0/24  
    10.15.8.{32,64,96,128,160,192,224}/27 reserved /27 private networks  
    10.10.83.0/24 unknown istpriwireless.net
    10.1.2.0/24 unknown private-cs-san152.net
4002 dc 10.84.0.0/16 layer 2 only, access to gnat.cscf gnatnet
420 m3 10.15.8.0/27 M3 3101 server room private vlan m3-cs-private-server1
501 dc 10.0.2.0/24 local to dc3556: dc3556-cs2a, dc3556-cs2b cs-rsch2-dc
520 mc 10.15.134.0/24 private device network for Math Student Orgs mso-private
520 dc 10.15.167.128/25 DC general-purpose servers on CS private network csserver1-dc-private
521 mc 10.15.167.0/25 MC general-purpose servers on CS private network csserver1-mc-private
522 dc 10.10.152.0/24 Network File traffic ie *.storage.cs.waterloo.ca in DC cs-dc3558-storage-network (was vlan 803?)
522 dc2303a 10.10.153.0/24 dc2303a NAS storage cs-dc2303a-storage-network
522 m3 10.10.155.0/24 M3 NAS storage cs-m33101-storage-network
522 mc border 10.10.154.0/24 MC NAS storage cs-mc3015-storage-network
523 dc2303a 10.15.153.0/24 servers? cs-srv3-dc2303a
523 dc 10.15.152.0/24 cscf private servers in dc3558 cs-srv-dc3558
523 mc border 10.15.154.0/24 MC servers? cs-srv1-mc
523 m3 10.15.155.0/24 M3 servers? cs-srv2-m3
525 dc 10.0.152.0/24 DC LOM cs-srv2-dc3558
525 dc2303a 10.0.153.0/24 DC2303a LOM cs-srv5-dc2303
525 mc border 10.0.154.0/24 MC LOM cs-srv3-mc
525 m3 10.0.155.0/24 M3 LOM cs-srv3-m3
529 dc 10.0.151.0/24 DC LOM cs-srv2-dc3556
800 ? 10.15.10.0/24 origin/use/presence unknown cspriv800net
802 dc 10.15.2.0/24 (DEPRECATED) DC sensor devices cspriv002net
806 mc 10.15.3.0/24 (DEPRECATED) MC sensor devices mc-sensor
810 mc 10.15.28.0/24 (DEPRECATED) Lights-out Management in MC mc-lom
812 dc 10.15.18.0/24 (DEPRECATED) Lights-out Management in DC. The plan is to use the following naming convention (not enforce by subnet): 18.1 to 18.127 in DC3558; 18.128 to 18.191 for the CGL room and the balance (18.192 to 18.254) for future expansion dc-lom
816 dc 10.15.16.0/24 legacy vmhost ipmi cspriv-zone1-net
817 mc 10.15.62.0/24 MC Nettop network (NATted via ubuntu-ltsp{1,2}.student.cs.ca mc-cs-nettop1
818 dc 10.15.49.0/24 DC Nettop network NATted via ubuntu-ltsp{1,2}.cs.ca dc-cs-nettop1
819 dc 10.15.4.0/24 DC clouds; bridged by cloud controllers dc-cloud102-c1.cloud.cs.uwaterloo.ca and dc-cloud102-c2.cloud.cs.uwaterloo.ca dc-cloud
820 mc 10.15.5.0/24 MC clouds; bridged by cloud controllers mc-cloud002-c1.cloud.cs.uwaterloo.ca and mc-cloud002-c2.cloud.cs.uwaterloo.ca mc-cloud
821 dc 10.15.64.0/24 real-time development workstations in DC dc-rtlab
822 mc 10.15.79.0/24 real-time development workstations in MC mc-rtlab
823 dc 10.15.6.0/24 DC cscf development network dc-cscf-dev
824 mc 10.15.7.0/24 MC cscf development network mc-cscf-dev
832 dc 10.15.32.0/24 special purpose printers in DC -- use vlan 1833 (172.19.33.0/24) for "standard" printers) dc-printer
848 dc 10.15.48.0/24 DC thin clients dc-cs-tcl
863 mc 10.15.63.0/24 MC thin clients (should move to Security Zone 3 when firewalls upgraded) mc-cs-tcl
??? ??? 10.15.80.0/24 unknown -- defined in "hosts" cspriv080net
n/a n/a 10.84.0.0/16 address range served by vpn1.cscf (not routed anywhere)  
n/a n/a 10.15.0.0/23 hostname park cs-dns-park

IST networks of interest

These are of interest, not as vlan information but for the address-range information, for use in setting up local firewalls or access restrictions.

Campus IPv4 network address ranges
IPv4 range Description NATted range
172.16.36.0/22 campus VPN address range n/a
10.20.0.0/14 campus wireless, divided into:
10.22.0.0/15 main campus, divided into:
10.20.0.0/16 Eduroam 129.97.124.0/23
10.21.0.0/16 uw-guest/uw-unsecured 129.97.124.0/23
10.22.0.0/15 ResNet, divided into:
10.22.0.0/16 Eduroam 129.97.124.0/23
10.23.0.0/16 uw-guest/uw-unsecured 129.97.124.0/23
172.31.192.0/18 ResNet wired (ie dorm rooms) address range 129.97.131.0/24

And for those of you keen on IPv6:

Campus IPv6 network address ranges
IPv6 range Description
2620:101:f000:700::/62 campus wireless, divided into:
2620:101:f000:700::/63 main campus, divided into:
2620:101:f000:700::/64 Eduroam
2620:101:f000:701::/64 uw-guest/uw-unsecured
2620:101:f000:702::/63 ResNet, divided into:
2620:101:f000:702::/64 Eduroam
2620:101:f000:703::/64 uw-guest/uw-unsecured
2620:101:f000:3000::/54 ResNet wired (ie dorm rooms) address range

All IPv6 addresses are public, so no NATting is required.

Historical information (no longer correct but perhaps of historical interest)

Topic revision: r197 - 2019-07-03 - DevonMerner
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback