Setting up separate network question

Tom Buskey tom at buskey.name
Mon Mar 17 13:24:17 EDT 2008


On Mon, Mar 17, 2008 at 12:46 PM, Labitt, Bruce <
labittb1 at tycoelectronics.com> wrote:

> I don't want to violate corporate policy.  I do want to get my job done.
> It involves putting a cluster together for scientific computations.  IT
> should be an enabler, correct?


It depends on the IT dept and the company policies.

I do IT for an R&D group in the company.  Much of what we do in the lab is
against the letter of the policy, but needs to be done for the projects.
Engineers will do what they have to get things done, so it's better to have
a "liason" IT guy to prevent problems.


> I spoke with one of our linux guys and he deferred to the network folks.
> My linux guy said this (ip masquerade) used to be verboten.  (Although,
> he said that many moons ago using a linux box with iptables was how they
> secured the network.)  So, I have to wait for my network person... I
> know him pretty well, and we have talked about this earlier.  I thought
> he indicated it would be ok.  However, when one gets to specifics,
> things can and do change.
>

Sure.  We have a few networked oscilliscopes & network sniffers in the lab.
They're windows based.  The engineers would just throw them on the net if I
wasn't there to put AV on them, etc.

I don't know how I am going to do this cluster on a public (company)
> network...  That would be absurd.  Anyone have any alternate ideas?  My
> clusteree's (just made that up) do need periodic access to the net.
> This is to get software updates and "stuff".  They also need to
> communicate at 1Gbit rates during computations.  That would clog the
> public network.


Well, maybe.  Gigabit networks are switched.  There are no gigabit hubs that
share the traffic.  So port to port traffic (your cluster systems) are
isolated from the other ports.

But I'd guess your cluster has its own gigabit switch for in cluster
traffic.  My engineers often forget that but they're using over 100 gigabit
ports right now.  Anyways, get your own switch & have 1 uplink to the rest
of the network.  That will isolate your traffic to your IP addresses.

I'd suggest you vlan your setup from the rest of the company network.
Unless you're doing something funky network wise, that'll probably isolate
you "enough" for some values of isolate.  But your network guy will know
better.


>
>
> Bruce
>
>
> -----Original Message-----
> From: gnhlug-discuss-bounces at mail.gnhlug.org
> [mailto:gnhlug-discuss-bounces at mail.gnhlug.org] On Behalf Of Ben Scott
> Sent: Monday, March 17, 2008 12:10 PM
> To: Greater NH Linux User Group
> Subject: Re: Setting up separate network question
>
> On Mon, Mar 17, 2008 at 10:55 AM, Labitt, Bruce
> <labittb1 at tycoelectronics.com> wrote:
> >  I just want to ask the list if I've got this right.
>
>  What you describe sounds like it will work, for most definitions of
> "work".
>
> >  Is this benign to the outside network?
>
>  It depends on what you mean by "benign".  I presume this is in a
> corporate IT scenario.  Done properly, and without intent to abuse, it
> is unlikely to cause any technical problems.  It may violate corporate
> security or administration practices, though.  (And that's not just
> bureaucracy -- if I'm a corporate IT guy being held responsible for
> security, I will want to be able to make sure things are secure.)
>
> > Do some networks block this?
>
>  It is generally easier to hide masquerading than it is to detect it,
> so most network operators don't try to block it using technical means
> (because they would get into an arms race they would probably lose).
>
>  That said, if it violates corporate policy, it may get you in
> trouble, fired, or even in legal trouble.  Definitely ask first.  :)
>
> -- Ben
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080317/0543015b/attachment.html 


More information about the gnhlug-discuss mailing list