Reference: Network configuration#
Intended audience
sysadm staff members.
The network is split in several VLANs provided by the INRIA network team:
VLANs#
All inter vlan communications are filtered by our firewalls pushkin and glyptotek.
Todo
Check the firewall settings page for more information.
VLAN1300 - Public network#
The detail of this range is available in this VLAN1300 inventory page
All the inbound traffic is firewalled by the INRIA gateway. The detail of the opened
ports is visible on the private archive in the file
sysadm/Software_Heritage_VLAN1300_plan.ods
Some nodes are directly exposed on this network for special needs:
moma: the main archive entry point
production workers: to have different visible ips during forge crawling
pergamon: act as a reverse proxy for some public sites (debian repository, annex, sentry, …)
forge: needs some special rules
VLAN440 - Production network#
All the nodes dedicated to the main archive are deployed in this network.
The detail of this range is available in this VLAN440 inventory page
For historical reasons, some admin nodes are deployed in this range (monitoring, ci, …) and will be progressively moved into the admin network.
The internal domain associated to this vlan is .internal.softwareheritage.org
VLAN443 - Staging network#
All the nodes dedicated to the staging version of the archive are deployed on this network (POCs and temporary nodes as well).
The detail of this range is visible in this VLAN443 inventory page
The internal domain associated to this vlan is .internal.staging.swh.network
VLAN442 - Admin network#
This network is dedicated for admin and support nodes (e.g firewall, grafana, sentry, …).
The detail of this range is visible in this VLAN442 inventory page.
The internal domain associated to this vlan is .internal.admin.swh.network