Need decisions about how to "house" CIROH members within the VPC. #10
Comments
|
It feels like the ability to know where things are is a benefit here. E.g., BYU is planning to set up an app store. If they know that data coming out of RTI's evaluation systems live in a particular space, that's useful for their app store to connect to. (In addition to knowing that no-one will stomp on your space.) Thinking this way, we are talking about 65k IPs per institution. @ZacharyWills, are we capped at 256 institutions or can we go to 101.1.x.x, etc.? |
|
We can divide the IP ranges based on application type such as web applications (public) or backend services. (private) |
We can go further when we need to, there's other space and things we can do to consolidate address space. Arita has a good overview. |
|
Next step is to make a "client" TF that allows someone to select their institution and then dole out the subnets etc. based on the response. |
|
Separating public and private VPC is good idea. A couple of questions:
There is concept of VPC peering in AWS that connect a VPC with another VPC. From the subject of this issue, not clear to me how VPC is being used? |
So let's say that a VPC has a 100.x.x.x address space,
Ideally each CIROH member could get a LOT of address space within their own block of that 100.x net.
Something like CIROH member #1 gets 100.1.x.x and #2 gets 100.2.x.x
I can add a basic table and ENV to the Terraform that allows the user to pick from a list of Institutions and thus fills those blocks in for them for creation of modeling and experimental space.
@jameshalgren @arpita0911patel Does this sound reasonable?
Users would still have access to others' subnets (which dont stop communications themselves but would mean that if I ran my institution out of address space, I wouldn't run someone else out of address space as well), for limiting access we would need to add Security Groups.
The text was updated successfully, but these errors were encountered: