CLIO CDS Network
This page explains the layout and the settings of the CLIO CDS network.
Overview
CLIO CDS network is a private network serving the CDS computers. The purpose of this network is to isolate those mission critical computers from the global network for security and performance reasons. Once the CDS system is fully running, significant amount of data will flow through the CDS network. Isolating the CDS network from the common Kamioka network infrastructure is very important to ensure that we will not flood the public routers with network packets. The CLIO CDS network uses a private subnet of 192.168.11.0/24. For convenience, the subnet is given a domain name clio.km.icrr.u-tokyo.ac.jp. However, since the network is invisible from the outside world, you cannot access this domain from outside other than through a gateway machine.
Network layout
The layout of the network is shown in the diagram below. A router (currently a cheap wireless router) serves as the default gateway for the network. It is connected to Kamioka network through its WAN port, providing NAT. Therefore, computers inside the CDS network can access computers outside the private network. However, accesses to those CDS computers from outside are blocked by the router.
An application gateway machine, called porta, is also connected both to the CDS network and the Kamioka network. You can login to this machine from outside through SSH. From this machine you can login to other CDS machines. This machine also serves as a local DNS server to resolve names given to the CDS machines. Currently, porta is also an NFS server for the CDS machines, exporting /cvs/cds/kami, though we plan to install a dedicated machine for the file server.
Installation Notes
Memo of the installation processes.
When you access CDS network from a mac computer...
- select cliocds network and check
clio.km.icrr.u-tokyo.ac.jp is in search domain.
$ssh -Y controls@porta