External Customer Networks

Sometimes an external organization with a need for Internet connectivity at the University is provided with an external customer network.

One example may be a building contractor who needs Internet connectivity in one or more construction trailers.

In these circumstances, it is sometimes appropriate to treat the organization as "external" to the University. Instead of providing the organization with connections "on" the campus network, they are instead provided with connections that appear to be "external" to the campus network.

The existing physical network infrastructure on the campus may be used to provide these connections, but the connections are configured in such a way as to make them appear to be logically external to the campus network.

The service provided to the organization is similar to what it would receive had it contracted with a commercial ISP for network service.

These connections are very different than other campus network connections OIT normally provides to University customers. You should assume that unless indicated otherwise, any documentation published by OIT regarding network service at Princeton University do not apply to these external customer network connections.

This document provides general information about external customer networks.

The document External Customer Network Assignments lists all the external customer networks, showing the IP network ranges, network masks, default routers, and to which organization each of these networks is assigned.

General Information

• When OIT determines that the networking needs of an external organization should be met through the use of an external customer network, we will ask the external organization to provide us with an estimate as to the number of IP addresses that network will need at the outset, and the number it may grow to require over time.

  (For example, "we currently need three to five IP addresses, and expected to need fewer than a dozen total IP addresses during the three years we will be on campus.")

  This estimate is necessary so we can create an external customer network of an appropriate size.

• OIT will allocate a network, and advise the external organization of the network's IP range.

  (For example, "your network is 192.168.10.64/28, that is, IP range 192.168.10.64 - 192.168.10.79. The IP subnet mask for your network is 255.255.255.240. OIT's name for your network is "external-customer-network-513.")

  The numbers cited above and in the remainder of this document are only examples; in actuality, an external customer network will always be assigned globally routable IP addresses, not RFC1918 IP addresses.

  If you need to look up the information for your network, please consult External Customer Network Assignments .

• OIT will ask the external organization to provide us with contact information we should associate with this external customer network. That information will be published in External Customer Network Assignments .

  OIT will use this information if it becomes necessary to contact someone regarding this network, or regarding an issue involving some device attached to this network.

• OIT operates an IP router that connects this network to the Internet. The IP address of the router will be the first usable IP address on the network. OIT will advise the external organiation of the router's IP address.

  (For example, in the example network 192.168.10.64/28 above, the first usable IP address is 192.168.10.65. That IP address is assigned to the IP router operated by OIT. OIT would advise the customer "The IP router (gateway) address for this network is 192.168.10.65.")

  If you need to look up the information for your network, please consult External Customer Network Assignments .

• It is the responsibility of the external organization to manage the IP space on that external customer network, and assign IP addresses to their devices.

  Keep in mind that the first and last IP addresses on any IP network are never usable.

  Also remember that the first usable IP address is already assigned to the IP router.

  The remaining IP addresses are available for the external organization to assign to their devices.

  (In the example network 192.168.10.64/28 above, IP addresses 192.168.10.64 and 192.168.10.79 are unusable because they are the first and last IP addresses. IP address 192.168.10.65 is the first usable IP address, so it is assigned to the router. The remaining IP addresses 192.168.10.66 through 192.168.10.78 inclusive are available for the external organization to assign.)

• Devices attached to the external customer network should not be registered in the Princeton University Host Database. We do not treat them as "attached to the campus network." OIT does not allocate IP addresses to these devices; it is up to the external organization to assign IP addresses to their devices.

• When the external organization needs additional Ethernet ports (e.g. in the same location, or elsewhere on campus), they need to be sure to clearly specify to OIT that these Ethernet ports must be attached to their particular external customer network.

  (For example, "I am with building contractor Smith Contractors Inc. You've assigned external-customer-network-513 to my company. Please install/enable in my construction trailer three additional Ethernet ports wired to that network.")

• When the external organization no longer needs the network service, it should advise OIT so we can reclaim the network that was allocated to you.

• OIT does not provide DNS resolving service to external customer networks. If you want your devices to be able to look up information in DNS, you will need to configure the devices to use someone else's DNS resolving servers.

  As the network service Princeton University provides to you relies on USLEC (one of Princeton University's Internet Service Provider's), you might be able to configure your DNS clients to rely on the following resolving DNS servers that USLEC (formerly named FastNET) provides to its customers: 209.92.1.12 and 206.245.170.12.

  If the USLEC/FastNET DNS resolving servers do not meet your needs, you will need to instead use someone else's DNS resolving servers. For example, if your company operates its own DNS resolving servers elswhere on the Internet, arrange for your devices to use your company's DNS resolving servers. Or set up your own DNS resolving servers (here, or elsewhere on the Internet) for your devices to use.

• OIT does not insert your devices names into Princeton University's forward DNS data. For example, there will not be a foo.princeton.edu DNS name that maps to the IP address of the customer's device.

  If you want your device to have a name in DNS, you will need to arrange for it yourself.

  (For example, if your company operates its own DNS domain smithcontractors.com, and you want the name foo.smithcontractors.com to map to IP address 192.168.10.66 (on the external customer network), arrange with your own company to update your company's DNS data to add a DNS record for foo.smithcontractors.com pointing to 192.168.10.66.)

• OIT does not insert your devices' IP addreses into any reverse DNS data.

  (For example, we will not arrange for there to be a record in DNS that maps from your device's IP address (e.g. 192.168.10.66) to your device's name (e.g. foo.smithcontractors.com).

  If you have such a need, and your company is prepared to operate its own DNS servers for the reverse DNS zone corresponding to the network range we've assigned to you, please contact OIT.

• OIT does not provide DHCP or BootP services to devices attached to external customer networks.

  If you feel your external customer network needs DHCP or BootP service, you are welcome to operate your own DHCP or BootP server(s) on that network. (Note that you must take great care to only operate a DHCP or BootP server on your external customer network, not on the campus network. Attaching a DHCP or BootP server to the campus network will disrupt service on the campus network, and lead OIT to blocking your network service. So be sure that the Ethernet port on which you plan to operate your DHCP or BootP server is one that is wired to your external customer network.)

• OIT does not provide NTP (Network Time Protocol) service to devices attached to external customer networks.

  You are welcome to operate your own NTP server(s) on that network.

• OIT Mobile IP Service is not available to devices visiting external customer networks.

• Because NAT (Network Address Translation) Routers often malfunction and disrupt network service, OIT strongly discourages the connection of NATs to the campus network.

  However, there is no such proscription regarding such devices attached to external customer networks. You are welcome to attach NATs to your external customer network (and deal with any problems they may cause).

  Attaching a malfunctioning NAT to the campus network (as opposed to an external customer network) may disrupt service on the campus network, and lead OIT to blocking your network service. So be sure that the Ethernet port on which you plan to operate your NAT is one that is wired to your external customer network (not the campus network). That way, if your NAT malfunctions and disrupts services, it will likely disrupt service to just your external customer network. As disruptions of that nature do not affect the campus network (just your network), they will not lead to OIT blocking your network service.

• Devices that are attached to external customer networks are not eligible to use OIT Mobile IP Service or OIT Wireless Service if they visit the campus network. (Recall that these devices are not normally registered in the Princeton University Host Database.)

  If you need for the device to be able to use OIT Mobile IP Service or OIT Wireless Service when it visits the campus network, then you will also need to register the device in the Princeton University Host Database, independantly of its normal use on your external customer network.

• External customer networks are treated as "outside" the campus network from the point of view of IP. The IP network range is treated as being "off-campus", similar to any other off-campus IP network on the Internet.

  Like any other "outside" network, devices attached to external customer networks are not able to reach some on-campus services that are intended to be restricted to clients within the campus network.

• External customer networks are served by just one of the University's Internet Service Providers (ISPs), not all of them. Their network connectivity relies on a single ISP. When that single ISP is down, external customer networks lose their connectivity to the Internet.

  (The normal campus network enjoys multiple redundant IPv4 ISPs, so the failure of a single ISP only reduces the University's IPv4 Internet bandwidth, rather than causing a complete loss of IPv4 connectivity. This redundancy is not available to external customer networks, as they rely on a single ISP. Currently, that ISP is USLEC.)

• In the event the University changes its Internet Service Providers (ISPs) in the future, it might be necessary to renumber external customer networks to use different IP ranges.

• The Internet bandwidth allocated to external customer networks may be limited to ensure they do not consume an inordinate amount of the University's Internet bandwidth.

• OIT's responsibility for an external customer network is primarily to provide working physical connectivity, and to operate the OIT IP router leading to the Internet. OIT doesn't actively monitor or manage the external customer networks at a higher layer.

  For example, unlike the campus network, we don't attempt to discover misconfigured or malfunctioning customer devices attached to external customer networks that are causing problems on those networks.

  The external organization to whom the external customer network has been allocated is responsible for the devices attached to that network (except for OIT's router). Any misconfigured or malfunctioning devices causing problems on that external customer network are the customer's responsibility.

  Each external organization is assigned its own separate external customer network, so that problems with one organization's devices do not affect another organization's network. It's up to each external organization to manage their devices.

  OIT is, of course, responsible for any physical problems with the network connections we provide (e.g. defective Ethernet port) or any problem with the OIT router that connects the external customer network to the Internet.

  If a device attached to an external customer network is the source of a problem that affects the campus network or the Internet, OIT may take appropriate measures to contain the problem to the external customer network. For example, if such a device is attacking other devices outside the external customer network, OIT may block the device from communicating outside the external customer network. When OIT takes such measures, we will attempt to notify the contact(s) specified for the external customer network.

• OIT provides only Ethernet connections to external customer networks, not wireless service.