|
| 1 | +[](){#ref-guides-internet-access} |
| 2 | +# Internet Access on Alps |
| 3 | + |
| 4 | +The [Alps network][ref-alps-hsn] is mostly configured with private IP addresses (`172.28.0.0/16`). |
| 5 | +Login nodes have public IP addresses which means that they can directly access the internet, while a proxy server provides internet access for compute nodes. |
| 6 | + |
| 7 | +??? info "Compute node proxy configuration" |
| 8 | + |
| 9 | + Compute nodes are configured with the following environment variables to use the proxy server: |
| 10 | + |
| 11 | + ```bash |
| 12 | + export https_proxy=http://proxy.cscs.ch:8080 |
| 13 | + export http_proxy=http://proxy.cscs.ch:8080 |
| 14 | + export no_proxy=.local, .cscs.ch, localhost, 148.187.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 |
| 15 | + export HTTPS_PROXY=http://proxy.cscs.ch:8080 |
| 16 | + export HTTP_PROXY=http://proxy.cscs.ch:8080 |
| 17 | + export NO_PROXY=.local, .cscs.ch, localhost, 148.187.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 |
| 18 | + ``` |
| 19 | + |
| 20 | +!!! warning "Public IPs are a shared resource" |
| 21 | + Be aware that public IPs, whether on login nodes or through the proxy, are essentially a shared resource. |
| 22 | + Many services will rate limit or block usage based on the IP address if abused. |
| 23 | + An example is pulling container images from Docker Hub. |
| 24 | + [Authenticating with Docker Hub][ref-ce-third-party-private-registries] makes their rate limit apply per user instead. |
| 25 | + |
| 26 | +## Using SSH through the proxy server |
| 27 | + |
| 28 | +While use of the proxy server is transparent for most use cases, others need additional configuration for compute nodes. |
| 29 | +An example is cloning git repositories from GitHub over SSH. |
| 30 | +Cloning over https works without additional configuration. |
| 31 | +To make SSH use the proxy server, add the following to your `~/.ssh/config` file: |
| 32 | + |
| 33 | +``` title="~/.ssh/config" |
| 34 | +Match Host *,!148.187.0.0/16,!192.168.0.0/16,!172.16.0.0/12,!10.0.0.0/8exec "hostname -I | grep -vqF 148.187." |
| 35 | + ProxyCommand nc -X connect -x proxy.cscs.ch:8080 %h %p |
| 36 | +``` |
| 37 | + |
| 38 | +This configuration takes into account that login and compute nodes require a different setup. |
| 39 | + |
| 40 | +??? warning "Error message when cloning without the proxy set up for SSH" |
| 41 | + When cloning a git repository without the correct SSH configuration, cloning will time out as follows: |
| 42 | + ```bash |
| 43 | + [daint ][<user>@daint-ln001 ~]$ git clone [email protected]:open-mpi/ompi.git |
| 44 | + Cloning into 'ompi'... |
| 45 | + ssh: connect to host github.com port 22: Connection timed out |
| 46 | + fatal: Could not read from remote repository. |
| 47 | + |
| 48 | + Please make sure you have the correct access rights |
| 49 | + and the repository exists. |
| 50 | + ``` |
| 51 | + |
| 52 | +## Accessing the public IP of a node |
| 53 | + |
| 54 | +When on a login node configured with a public IP address, you can retrieve the public IP address for example as follows: |
| 55 | + |
| 56 | +```bash |
| 57 | +[daint][<user>@daint-ln001 ~]$ curl api.ipify.org |
| 58 | +148.187.6.19 |
| 59 | +``` |
0 commit comments