Each Pod has one Public reachable minimum of /29 IPv4 subnet.
Name |
**IP Address |
|---|---|
PodNet Public PE |
A usable IP from the Link Subnet |
PodNet Public CPE |
A usable IP from the Link Subnet |
Each Pod has one Public reachable minimum of /126 IPv6 subnet.
Name |
**IP Address |
|---|---|
PodNet Public PE |
A usable IP from the Link Subnet |
PodNet Public CPE |
A usable IP from the Link Subnet |
Name |
Network Function |
|---|---|
PMS+1 |
Gateway defined on PodNet Management Interface |
PMS+2 |
PodNet A Management |
PMS+3 |
PodNet B Management |
PMS+4 |
“nginxcop” - redirect requests to CloudCIX APIs |
PMS+5 |
“nginxcop” - redirect requests to “cop” container |
PMS+6 |
Appliance Management |
Each Pod has a /48 of IPv6 Addresses as a routed subnet. This subnet is defined by first three common hextets of each address of that range. The use of the fourth hextet is defined in the sub-table below.
Name |
Network Function |
|---|---|
0::/64 |
Allocated to the Management Network. |
0001::/64 0999::/64 |
Reserved, do not use. |
<vlan>::/64 |
Project Assignments. where vlan > 999 and < 4000. Note: As VLANs are decimal, IP addresses containing a, b, c, ,d, e or f in this hextet, are reserved. |
4000::/64 to d0c5::/64 |
Reserved, do not use. |
d0c6::/64 |
Docker Management. |
doc7::/64 to ffef::/64 |
Reserved, do not use. |
fff0::/64 |
IPv6 Project Link Subnet fff0::1/64 is the Gateway. |
The Management IPv6 Addresses are the first /64 subnet taken from the /48 allocated to the Pod.
Name |
**IP Address |
|---|---|
PodNet Hosts |
<prefix>::10:0:1-ffff |
PodNet Gateway |
<prefix>::10:0:1 |
PodNet Primary |
<prefix>::10:0:2 |
PodNet Secondary |
<prefix>::10:0:3 |
HyperV Hosts |
<prefix>::20:0:1-ffff |
KVM Hosts |
<prefix>::30:0:1-ffff |
Backup NAS |
<prefix>::40:0:1-ffff |
GPU-KVM Hosts |
<prefix>::50:0:1-ffff |
Ceph Hosts |
<prefix>::60:0:1-ffff |
The Out of Band (OOB) network is used by level 2 and level 3 PAT support engineers to deploy and manage infrastructure and to debug issues. ‘Mgmt’ IPMI/iLO/iDRAC ports on Hosts are are connected to the OOB Network. The OOB network is untagged to give it isolation from the OOB Recovery Subnet.
Name |
Network Function |
|---|---|
10.<pod_id>.0.1 |
Gateway |
10.<pod_id>.0.254 |
Podnet A |
10.<pod_id>.0.253 |
Podnet B |
To implememnt HA capabilities a VLAN 44 on the OOB network is used to manage the failover process. This VLAN must be manually configured on the OOB VPN Appliance in the Pod. This VLAN segregation is to prevent the standard OOB network from being connected to the Main Namespace in PodNet.
Name |
Network Function |
|---|---|
100.64.<pod_id>.1 |
Gateway |
100.64.<pod_id>.254 |
Podnet A |
100.64.<pod_id>.253 |
Podnet B |
A /64 is assigned for Docker Management within the Pod (<prefix>:d0c6::/64).
Container |
COP |
Region |
*IPv4 Address |
**Mgmt IPv6 |
API |
|---|---|---|---|---|---|
pgadmin |
X |
X |
<prefix>:d0c6::5002:1 |
No |
|
jaeger-agent |
X |
X |
No |
||
apachedscop |
X |
<prefix>:d0c6::5002:2 |
No |
||
membershipldap |
X |
No |
|||
seed |
X |
No |
|||
user_expiration_cron |
X |
No |
|||
nginx1 |
X |
PMS+4 |
<prefix>:d0c6::4004:a |
No |
|
nginx2 |
X |
PMS+5 |
<prefix>:d0c6::4005:a |
No |
|
pgsqlapi |
X |
No |
|||
pgsqltotp |
X |
No |
|||
cop |
X |
via nginx2 |
Inbound via nginx2; Outbound <prefix>:d0c6::5002:4 |
No |
|
membership |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:1 |
Yes |
|
otp |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:2 |
Yes |
|
iaas |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:3 |
Yes |
|
appmanager |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:4 |
Yes |
|
training |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:5 |
Yes |
|
financial |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:6 |
Yes |
|
scheduler |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:7 |
Yes |
|
asset |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:9 |
Yes |
|
support |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:10 |
Yes |
|
circuit |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:11 |
Yes |
|
legacyapi |
X |
via nginx2 |
Inbound via nginx2; Outbound <prefix>:d0c6::4004:12 |
Yes |
|
pat |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:13 |
Yes |
|
dcim |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:14 |
Yes |
|
contact |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:15 |
Yes |
|
scm |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:16 |
Yes |
|
plot |
X |
via nginx1 |
Inbound via nginx1; Outbound <prefix>:d0c6::4004:17 |
Yes |
|
reading_retention_cron |
X |
No |
|||
rabbitmqcop |
X |
No |
|||
flowerroutine |
X |
<prefix>:d0c6::5002:3 |
No |
||
routine |
X |
<prefix>:d0c6::5001:1 |
No |
||
routineworker |
X |
<prefix>:d0c6::5001:2 |
No |
||
jaeger-agent |
X |
No |
|||
pit |
X |
No |
|||
robot |
X |
<prefix>:d0c6::6001:1 |
No |
||
robotworker |
X |
<prefix>:d0c6::6001:2 |
No |
||
rabbitmqregion |
X |
No |
|||
flowerregion |
X |
<prefix>:d0c6::6002:4 |
No |
||
pgsqllocks |
X |
No |
*PMS represents the Primary Management Subnet assigned to a Pod.
**<prefix> represents the first three hextets in the /48 IPv6 Addresses assigned to a Pod.
All API containers serves requests through ‘nginx’ proxy service container over IPv4 and IPv6. Oubound API requests are directly over IPv6.