Tunnels

Between the lab in bat. 157 and in bat. 2, an IP-IP tunnel is set up between lbtbgw.cern.ch and pclbongw01.cern.ch. The packets belonging to the daq.lhcb domain are encapsulated by the two gateways into IP packets on the cern.ch network.

The daq.lhcb network part in bat. 2 has the following subnet assigned: 10.135.150.0/24.

Here's a summary of the tunnel setup in bat. 2:

on pclbongw01.cern.ch:

a tunnel interface has to be created at every boot-up of the box, c.f. /etc/rc.local.

modprobe ipip
ip tunnel add tun2r16 mode ipip remote 137.138.137.239 local 137.138.214.207
ifconfig tun2r16 10.135.150.2

Then, a route has to be explicitly created:

route add -net 10.135.0.0/16 dev tun2r16
 

on lbtbgw.cern.ch:

the corresponding tunnel-end point interface has to be created, again in /etc/rc.local:

ip tunnel add tun2r16 mode ipip remote 137.138.214.207 local 137.138.137.239
ifconfig tun2r16 10.135.1.3
route add -net 10.135.150.0/24 dev tun2r16
 

DNS issues:

the DNS server for all hosts in lab 2-r15 which are on the daq.lhcb network remains the gateway in bat. 157 (10.135.1.1), thus the resolv.conf should point there. Also pclbongw01 uses it as dns server, but with two search domains: search cern.ch daq.lhcb.

All hosts in the daq.lhcb domain have to be registered in the forward and reverse zone files on lbtbgw.cern.ch, c.f. Servers page.