• 192.84.86.0/24
• 198.32.43.0/24
• 198.32.44.0/24

The UltraLight IPv6 network is 2001:468:0e9c::/48

The UltraLight AS is 32361

Some UltraLight related networks are:

• CENIC LA Management 137.164.19.32/28
• CENIC LA for tests: 137.164.30.24/27
• CENIC SNV Management: ?
• StarLight Management (CERN IP): 192.91.246.192/26

Some additional network config info:

DNS:

Default is to use the DNS server setup by Caltech 192.84.86.88 (ns1.ultralight.org) and dxmon.cern.ch as secondary. Send email to noc@ultralight.org to register your DNS entries. If you anticipate a lot of changes or want "local" control, bring up your own DNS server and notify the noc@ultralight.org so they can delegate to your DNS server. NOTE: machines should be named .ultralight.org for now.

MonALISA:

Bring up a machine in the UltraLight address space. OS would preferably be Scientific Linux 4.3 (make sure you have Java installed). SL3, SLC3, SLF3 should also works (as well as RHEL3, RHEL4, RH9). Create an account for Iosif to install MonALISA with and send the details to Iosif < Iosif.Legrand@cern.ch> .

Syslog:

Setup your routers/switches to report syslog info to:

1. UltraLight syslog server at Caltech: 131.215.207.45 or 192.84.86.88, udp/514, facility local7 (default)
2. UltraLight syslog server at FIU: 198.32.252.3 (ultralog.ampath.net), udp/514, facility local7 (default)

Send email to the FLR-ULTRALIGHT-NETWORK-L@LIST.UFL.EDU mailing list when you have done this. Including the IP addresses which should be reporting to syslog.

You can view the FIU syslog info at http://ultralog.ampath.net/php-syslog-ng. Use the username 'ultralight' and the VRVS ultralight room password to gain access.

SNMP:

Setup your routers/switches to allow Read-Only access for the SNMP community 'ultralight'. Send email to the FLR-ULTRALIGHT-NETWORK-L@LIST.UFL.EDU mailing list when you have done this. Including the IP addresses which should allow SNMP RO access.

RADIUS:

Proposal is to utilize the Caltech OpenRADIUS server for all users. Please send to noc@ultralight.org your list of UltraLight users who will get readonly access to the UltraLight infrastructure. Include any "local" authorization information (local radius account and domain). All users should plan on accessing switches with SSH only. A message from Dan Nae is include here:

"I have set up a radius server on our mgmt station. Based on what my server (freeradius) can do, I propose to do realm based proxying (users can log in with username@umich.edu and my radius server will strip the "@umich.edu" and forward the requests to your radius server, which can authenticate or not). Please note that I haven't tried this setup before, but I don't think it should present any problem. Please tell me if your radius server supports this configuration. For easier configuration, I propose that we share the enable passwords between the "RW group" members. Also, please send me a list of IP's outside the UltraLight domain from which you would like to be able to telnet/ssh to the routers (I will try to set up ssh on all of them for secure access). Apparently rancid also supports ssh, so we could switch to ssh only access. We could also try to do Kerberos based authentication, but I see that at least in our case, the current IOS doesn't support it (it needs an upgrade). Since the upgrade should be done anyway (the current version is listed as deferred with Cisco), this can become an alternative solution, if you are very concerned about security."

We need to discuss how sites can then utilize the OpenRADIUS server at 192.84.86.88 (How to configure your switch/router to use this)

1. SSH --- Is this available on all our UltraLight Cisco chassis's? What about the Juniper at MIT?
2. IOS Version --- Are we up-to-date at every site? What is the current recommended version? Where does it need to be installed?