What are the specifics of the red network?

CSLab maintains a number of discrete networks, one of which is the 'red' network, so named for the colour of the cables. This network has a protective firewall, and rules are in place that prevent any two machines on the red network from directly communicating. Because we are unable to ensure that adequate security measures are taken to protect machines which we don't administer, we must fall back to a position that at least allows us to protect other users of the red network should a machine be compromised.

For example, we cannot prevent a user from allowing their desktop or laptop to be compromised by a worm because they didn't regularly update their security patches. We can do the next best thing for the community, which is to prevent the compromised computer from propagating the worm to other computers on the same network.

We allow most common services outbound from the red network, and allow ssh connections into the red network. These are the default restrictions, and if they prove to be too restrictive for you to function and you need special firewall considerations, we suggest that you probably need to move from the red network to a private network that we can build for you.

How do I have my computer put on the red network?

Before you begin, make sure you or someone helping you has obtained a CSLab Account. You will need this when you register your devices for our network services.

If you have an available (i.e. unused) red cable at your location, plug it into your device. Try to open http://red-register.cs.toronto.edu (many websites will redirect you to this site in any event) after you plug it in, and you will be presented with the registration page. If you need to have a static IP for some particular reason, please contact your Point of Contact (PoC) - there may be more optimal solutions than simply a static IP, i.e. a private network.

If you are requesting access for a desktop, please note that in your email to your Point of Contact (PoC).

A note on Docker

Docker, by default, selects a network range that conflicts with our red network range. If you are trying to use docker, you will need to alter the network range(s) your docker uses or you will experience unpredictable results.

We highly recommend that you select one of the network ranges that we have reserved for docker:

docker1 192.168.152.0/24
docker2 192.168.153.0/24
docker3 192.168.154.0/24