Project

General

Profile

Story #3010

Create a VPN between the production CNs

Added by Andrew Pippin about 12 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dave Vieglais
Category:
Support Operations
Target version:
-
Start date:
Due date:
% Done:

100%

Story Points:
Sprint:

Description

  In order for the three Coordinating Nodes to communicate securely using a variety of services, a Virtual Private Network will be created to connect the three. While there are probably other ways to configure this, I am configuring the VPN as three pairs of peer-to-peer connections with the following node ids:

      cn-ucsb-1 = Node 1
      cn-unm-1 = Node 2
      cn-orc-1 = Node 3

  As a result, I need an inbound ports opened on the border and host firewalls: 7600 + (source-node-id * 10) + (destination-node-id)

      cn-ucsb-1 → cn-unm-1:7612
      cn-ucsb-1 → cn-orc-1:7613
      cn-unm-1 → cn-ucsb-1:7621
      cn-unm-1 → cn-orc-1:7623
      cn-orc-1 → cn-ucsb-1:7631
      cn-orc-1 → cn-unm-1:7632

Thinking the other way:
      cn-ucsb-1 needs to open ports 7621 and 7631 (#3012)
      cn-unm-1 needs to open ports 7612 and 7632 (#3013)
      cn-orc-1 needs to open ports 7613 and 7623 (#3011)

Subtasks

Task #3011: Firewall change: ORC (7613 and 7623)ClosedChris Brumgard

Task #3012: Firewall change: UCSB (7621 and 7631)ClosedNick Outin

Task #3013: Firewall change: UNM (7612 and 7632)ClosedDave Vieglais

Task #3014: Update cn-os-core to install OpenVPNRejectedChris Brumgard

Task #3110: Review alternate options for VPN implementationRejectedDave Vieglais

History

#1 Updated by Andrew Pippin about 12 years ago

  • Category set to Support Operations
  • Assignee set to Dave Vieglais
  • Milestone changed from CCI-1.0.0 to CCI-1.0.3

Assigning story to Dave.

#2 Updated by Andrew Pippin about 12 years ago

Update description to reflect modified port list. I am working with each site to make sure there is little (if any) confusion.

Previously I had arranged the nodes alphabetically. However, since all other sequences have an order of UCSB, UNM, ORC, I am changing to that sequence to reduce long-term confusion.

#3 Updated by Andrew Pippin almost 12 years ago

Chris is taking this over. Dave, go ahead and grab this back if you want to own the Story.

#4 Updated by Dave Vieglais almost 12 years ago

  • Milestone changed from CCI-1.0.3 to CCI-1.0.5
  • Status changed from New to In Progress

The openVPN approach isn't viable due to the low bandwidth that results from the software only approach.

Investigating dedicated hardware for VPN solutions.

#5 Updated by Dave Vieglais almost 12 years ago

  • Target version set to Sprint-2012.39-Block.5.4
  • Milestone changed from CCI-1.0.5 to CCI-1.1

#6 Updated by Dave Vieglais over 11 years ago

  • Milestone changed from CCI-1.1 to None
  • Target version deleted (Sprint-2012.39-Block.5.4)
  • Due date deleted (2012-10-06)
  • Start date deleted (2012-06-22)

Moving this to backlog - VPN performance impacts operations too much so need to evaluate alternative approaches.

#7 Updated by Dave Vieglais about 11 years ago

  • Status changed from In Progress to Closed

VPN was not viable due to overhead

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)