|
2 | 2 | # Internet Access on Alps |
3 | 3 |
|
4 | 4 | The [Alps network][ref-alps-hsn] is mostly configured with private IP addresses (`172.28.0.0/16`). |
5 | | -Login nodes have public IP addresses which means that they can directly access the internet, while a proxy server provides internet access for compute nodes. |
6 | | - |
7 | | -??? info "Compute node proxy configuration" |
8 | | - |
9 | | - Compute nodes are configured with the following environment variables to use the proxy server: |
10 | | - |
11 | | - ```bash |
12 | | - export https_proxy='http://proxy.cscs.ch:8080' |
13 | | - export http_proxy='http://proxy.cscs.ch:8080' |
14 | | - export no_proxy='.local, .cscs.ch, localhost, 148.187.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16' |
15 | | - export HTTPS_PROXY='http://proxy.cscs.ch:8080' |
16 | | - export HTTP_PROXY='http://proxy.cscs.ch:8080' |
17 | | - export NO_PROXY='.local, .cscs.ch, localhost, 148.187.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16' |
18 | | - ``` |
| 5 | +Login nodes have public IP addresses which means that they can directly access the internet, while compute nodes access the internet through NAT. |
19 | 6 |
|
20 | 7 | !!! warning "Public IPs are a shared resource" |
21 | | - Be aware that public IPs, whether on login nodes or through the proxy, are essentially a shared resource. |
| 8 | + Be aware that public IPs, whether on login nodes or through NAT, are essentially a shared resource. |
22 | 9 | Many services will rate limit or block usage based on the IP address if abused. |
23 | 10 | An example is pulling container images from Docker Hub. |
24 | 11 | [Authenticating with Docker Hub][ref-ce-third-party-private-registries] makes their rate limit apply per user instead. |
25 | 12 |
|
26 | | -## Using SSH through the proxy server |
27 | | - |
28 | | -While use of the proxy server is transparent for most use cases, others need additional configuration for compute nodes. |
29 | | -An example is cloning git repositories from GitHub over SSH. |
30 | | -Cloning over https works without additional configuration. |
31 | | -To make SSH use the proxy server, add the following to your `~/.ssh/config` file: |
32 | | - |
33 | | -``` title="~/.ssh/config" |
34 | | -Match Host *,!148.187.0.0/16,!192.168.0.0/16,!172.16.0.0/12,!10.0.0.0/8exec "hostname -I | grep -vqF 148.187." |
35 | | - ProxyCommand nc -X connect -x proxy.cscs.ch:8080 %h %p |
36 | | -``` |
37 | | - |
38 | | -This configuration takes into account that login and compute nodes require a different setup. |
39 | | - |
40 | | -??? warning "Error message when cloning without the proxy set up for SSH" |
41 | | - When cloning a git repository without the correct SSH configuration, cloning will time out as follows: |
42 | | - ```bash |
43 | | - [daint ][<user>@daint-ln001 ~]$ git clone [email protected]:open-mpi/ompi.git |
44 | | - Cloning into 'ompi'... |
45 | | - ssh: connect to host github.com port 22: Connection timed out |
46 | | - fatal: Could not read from remote repository. |
47 | | - |
48 | | - Please make sure you have the correct access rights |
49 | | - and the repository exists. |
50 | | - ``` |
51 | | - |
52 | 13 | ## Accessing the public IP of a node |
53 | 14 |
|
54 | 15 | When on a login node configured with a public IP address, you can retrieve the public IP address for example as follows: |
55 | 16 |
|
56 | | -```bash |
57 | | -[daint][<user>@daint-ln001 ~]$ curl api.ipify.org |
| 17 | +```console |
| 18 | +$ curl api.ipify.org |
58 | 19 | 148.187.6.19 |
59 | 20 | ``` |
0 commit comments