Setting up separate network question

Labitt, Bruce labittb1 at tycoelectronics.com
Mon Mar 17 12:46:43 EDT 2008 

I don't want to violate corporate policy.  I do want to get my job done.
It involves putting a cluster together for scientific computations.  IT
should be an enabler, correct?

I spoke with one of our linux guys and he deferred to the network folks.
My linux guy said this (ip masquerade) used to be verboten.  (Although,
he said that many moons ago using a linux box with iptables was how they
secured the network.)  So, I have to wait for my network person... I
know him pretty well, and we have talked about this earlier.  I thought
he indicated it would be ok.  However, when one gets to specifics,
things can and do change.  

I don't know how I am going to do this cluster on a public (company)
network...  That would be absurd.  Anyone have any alternate ideas?  My
clusteree's (just made that up) do need periodic access to the net.
This is to get software updates and "stuff".  They also need to
communicate at 1Gbit rates during computations.  That would clog the
public network.

Bruce


-----Original Message-----
From: gnhlug-discuss-bounces at mail.gnhlug.org
[mailto:gnhlug-discuss-bounces at mail.gnhlug.org] On Behalf Of Ben Scott
Sent: Monday, March 17, 2008 12:10 PM
To: Greater NH Linux User Group
Subject: Re: Setting up separate network question

On Mon, Mar 17, 2008 at 10:55 AM, Labitt, Bruce
<labittb1 at tycoelectronics.com> wrote:
>  I just want to ask the list if I've got this right.

  What you describe sounds like it will work, for most definitions of
"work".

>  Is this benign to the outside network?

  It depends on what you mean by "benign".  I presume this is in a
corporate IT scenario.  Done properly, and without intent to abuse, it
is unlikely to cause any technical problems.  It may violate corporate
security or administration practices, though.  (And that's not just
bureaucracy -- if I'm a corporate IT guy being held responsible for
security, I will want to be able to make sure things are secure.)

> Do some networks block this?

  It is generally easier to hide masquerading than it is to detect it,
so most network operators don't try to block it using technical means
(because they would get into an arms race they would probably lose).

  That said, if it violates corporate policy, it may get you in
trouble, fired, or even in legal trouble.  Definitely ask first.  :)

-- Ben
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss at mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

More information about the gnhlug-discuss mailing list