Versions Compared

Old Version 4

changes.mady.by.user Lars Erik Pedersen

Saved on

compared with

New Version 5

changes.mady.by.user Eigil Obrestad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The skyhigh installation has the following external networks:

  • ntnu-internal - 10.212.136.0/21 - This is the general purpose network used for access to your virtual machines, and is available within NTNU or over NTNU VPN.
  • ntnu-external - 128.39.143.128/25 - There is a network with global addresses available. If your project needs global routed addresses which are available troughout the whole internet you should contact us to request access. 
  • ext-net - 172.16.0.0/16 - An This network is deprecated, and should not be used anymore. It was an external network which is not routed troughout NTNU. Used , used for general purpose access to the virtual machines. This network will be removed during the Summer 2018.

skylow.hig.no

The skylow installation (the development platform at Gjøvik) has the following external networks:

  • ntnu-internal - 10.212.131.0/25 - The general purpose network used for access to virtual machines.
  • ntnu-external - 128.39.45.0/26 - Global addresses in skylow.
  • ext-net - 172.18.128.0/17 - An The old external network which is not routed troughout to all of NTNU. Used for general purpose access to the virtual machines.

stack.it.ntnu.no

The skyhigh installation has the following external networks:

  • ntnu-internal - 10.212.24.0/22 - Used for general purpose access to the virtual machines. Accessible from all NTNU networks. Use VPN for external access.

 

Restricting access to an external network

...

  • access

...

  • .

...

Code Block
$ openstack network list -c Name -c ID
+--------------------------------------+-------------+
| ID                                   | Name        |
+--------------------------------------+-------------+
| 50a80b8c-d06c-4b53-97f2-6c0b9f9a405c | test-ext    |
| ab6cf6f2-b320-4522-99bf-e5ab65c51553 | admin-lan   |
| dfc8c97d-8cf1-4b4a-9d42-f2cd184b4540 | ext-net     |
+--------------------------------------+-------------+
 

Then remove the RBAC rule with the corresponding object_id . object_id is the network ID. There should only be one RBAC rule with the object_id of the network we are working with here.

Code Block
$ neutron rbac-list
+--------------------------------------+-------------+--------------------------------------+
| id                                   | object_type | object_id                            |
+--------------------------------------+-------------+--------------------------------------+
| c1d8506f-a9a2-4f93-9921-0a8969dac3d8 | network     | 50a80b8c-d06c-4b53-97f2-6c0b9f9a405c |
| e8abdcf5-1bdd-4087-82bf-26dc08bf0fa1 | network     | dfc8c97d-8cf1-4b4a-9d42-f2cd184b4540 |
+--------------------------------------+-------------+--------------------------------------+
 
$ neutron rbac-delete <id>

Create a new RBAC rule for "test-ext", that states access for given projects only. You need one RBAC rule per project:

...