EditAttachPrintable
r3 - 08 Mar 2005 - 20:50:26 - MarkLeeuwYou are here: TWiki >  Ltsp Web  >  TWikiUsers > JPMcC > Tutorial > LTSPNetworkConsiderations

Tutorial

LTSP and the Network

Security

LTSP is designed to serve a trusted community on a LAN. As the package uses a number of different services, it can be tricky to set up to run through firewalls on a LAN (normally, a LAN would not be firewalled internally, so this is not a common problem).

On the other hand, if the users require access to external networks – such as the internet – then this absolutely should be set up through a firewall. Trying to run an LTSP service over a public network such as the internet without any security precautions is foolhardy in the extreme. See FirewallPorts

Bandwidth

Estimating the bandwidth requirements of an LTSP network is also not an exact science. The network traffic will be ‘point to point’ (terminal <-> server), which means that the network card on the server is a potential bottleneck. A wise systems administrator also steers users away from 'eye candy' applications which can generate unnecessary network 'chatter' (e.g. monitor applets displaying graphics in real time, or fancy screensavers with lots of graphics). Network restrictions are another good reason for keeping to a 'maximum 100 terminals per server' rule.

Note: this section needs some notes on segmenting LANs, etc... any volunteers?

Segmenting Lan's

A request for something on segmented lan's.

If you mean: more than one network interface used for ltsp in the server, read this:

In a situation were only one NIC is used for ltsp, all your clients are in the same subnet. So, with a subnet mask 255.255.255.0 and a NIC adres 192.168.0.254, all clients get a address like 192.168.0.x.

When adding an extra NIC, you add a new subnet to your server (e.g. NIC address 192.168.1.254, netmask 255.255.255.0). Some clients will be connected (via a router/switch/hub) to this NIC. They'll all be in the same subnet (e.g. 192.168.1.x). This should be reflected in your /etc/hosts, in your /etc/dhcpd.conf and maybe in your lts.conf. A modification in the startup of your dhcpd can be necessary, you can add the interfaces as arguments to the startup line or, on Redhat/Fedora, add them to /etc/sysconfig/dhcpd.

An example (4 clients, 3 NIC's/subnets):

/etc/hosts 

127.0.0.1       localhost.localdomain localhost
192.168.0.254   server.cerberus server
192.168.0.101   cerberus_b1.cerberus    cerberus_b1
192.168.0.102   cerberus_b2.cerberus    cerberus_b2
192.168.1.101   cerberus_s1.cerberus    cerberus_s1
192.168.2.101   cerberus_f1.cerberus    cerberus_f1

/etc/dhcpd.conf 

default-lease-time            21600;
max-lease-time                21600;
ddns-update-style none;
allow booting;
allow bootp;
 
option subnet-mask            255.255.255.0;
option option-128 code 128 = string;
option option-129 code 129 = text;
 
  subnet 192.168.0.0 netmask 255.255.255.0 {
     range dynamic-bootp 192.168.0.200 192.168.0.253;
     use-host-decl-names       on;
     option log-servers        192.168.0.254;
     option broadcast-address      192.168.0.255;
     option routers                192.168.0.254;
     option domain-name-servers    192.168.0.254;
     option domain-name            "cerberus";
     option root-path              "192.168.0.254:/opt/ltsp-4.1/i386";
     filename                      "/lts/vmlinuz-2.4.26-ltsp-2";
  }
  subnet 192.168.1.0 netmask 255.255.255.0 {
     range dynamic-bootp 192.168.1.200 192.168.1.253;
     use-host-decl-names       on;
     option log-servers        192.168.1.254;
     option broadcast-address      192.168.1.255;
     option routers                192.168.1.254;
     option domain-name-servers    192.168.1.254;
     option domain-name            "soos";
     option root-path              "192.168.1.254:/opt/ltsp-4.1/i386";
     filename                      "/lts/vmlinuz-2.4.26-ltsp-2";
  }
  subnet 192.168.2.0 netmask 255.255.255.0 {
     range dynamic-bootp 192.168.2.200 192.168.2.253;
     use-host-decl-names       on;
     option log-servers        192.168.2.254;
     option broadcast-address      192.168.2.255;
     option routers                192.168.2.254;
     option domain-name-servers    192.168.2.254;
     option domain-name            "bioscoop";
     option root-path              "192.168.2.254:/opt/ltsp-4.1/i386";
     filename                      "/lts/vmlinuz-2.4.26-ltsp-2";
  }
 
group   {
    use-host-decl-names       on;
 
    host cerberus_b1 {
        hardware ethernet     00:10:a7:1a:f7:cf;
        fixed-address         192.168.0.101;
    }
 
    host cerberus_b2 {
        hardware ethernet     00:02:44:69:23:7F;
        fixed-address         192.168.0.102;
    }
    host cerberus_f1 {
        hardware ethernet     00:02:44:69:23:87;
        fixed-address         192.168.2.101;
    }
    host cerberus_s1 {
        hardware ethernet     00:02:44:68:2b:52;
        fixed-address         192.168.1.101;
    }
}

/etc/sysconfig/dhcpd.conf (for Redhat/Fedora) 

# Command line options here
DHCPDARGS="eth1 eth2 eth3" # this server actually has 4 NIC's, but eth0 is connected to the internet

-- MarkLeeuw - 08 Mar 2005

Tutorial Home
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback