You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/guides/internet-access.md
+13-5Lines changed: 13 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,14 @@ $ curl api.ipify.org
21
21
```
22
22
23
23
[](){#ref-guides-internet-access-ext}
24
-
## Guidelines on communicating with external services (web scraping, bulk downloads,…)
24
+
## Communicating with external services
25
+
26
+
!!! note
27
+
Examples of the type of external communication that can trigger problems include:
28
+
29
+
* web scraping;
30
+
* bulk downloads;
31
+
* pipelines constantly pulling the same image from DockerHub.
25
32
26
33
Communication with external services from Alps is provided by a high-capacity 400 GBit/s connection to [SWITCH](https://www.switch.ch/en/network/ip-access).
27
34
SWITCH provides internet services to the research and education infrastructure in Switzerland.
@@ -33,11 +40,12 @@ However, communication with external services is not the focus of CSCS, it is ra
33
40
If you need to heavily interact with external systems there are some caveats that you have to keep in mind, in general some resources are shared resources, and a single user should not monopolize their use.
34
41
35
42
To avoid abuse there are measures in place at CSCS, on the transit networks, and on the remote systems, but these measures are often very blunt and would affect the CSCS as whole, so care should be taken to avoid triggering them.
36
-
We have a good relationship with SWITCH, so if we trigger some of their fail-safes (for example their anti-DDoS tools), they will contact us. Other might take action without telling us anything.
43
+
We have a good relationship with SWITCH, so if we trigger some of their fail-safes (for example their anti-DDoS tools), they will contact us.
44
+
External providers might take action, like blacklisting Alps, without warning or notification.
37
45
38
-
For example a website might blacklist IPs, or whole subnets from CSCS, which would make the service unavailable for all other CSCS users too.
39
-
Many sites use content delivery networks (CDN), like Cloudflare, Akamai, or similar, and if those blacklist the CSCS many users will be affected.
40
-
In addition, once we are blacklisted, it's extremely difficult and long be able to get out of these blacklists.
46
+
For example a website might blacklist IPs, or whole subnets from CSCS, rendering the service unavailable for **all CSCS users**.
47
+
Many sites use content delivery networks (CDN), like Cloudflare, Akamai, or similar, and if those blacklist CSCS we would lose access to all content provided by those CDNs.
48
+
In addition, once blacklisted, it is very difficult to get removed from the blacklist.
41
49
42
50
!!! info
43
51
Sites do not publish the number of requests/queries per second that trigger blacklisting, for some obvious reason that bad-intentioned people would stay just below this limit.
0 commit comments