Sometimes an external organization with a need for Internet connectivity at the University is provided with an external customer network.
One example may be a building contractor who needs Internet connectivity in one or more construction trailers.
In these circumstances, it is sometimes appropriate to treat the organization as "external" to the University. Instead of providing the organization with connections "on" the campus network, they are instead provided with connections that appear to be "external" to the campus network.
The existing physical network infrastructure on the campus may be used to provide these connections, but the connections are configured in such a way as to make them appear to be logically external to the campus network.
The service provided to the organization is roughly similar (but not identical) to what it would receive had it contracted with a commercial ISP for network service.
These connections are very different than other campus network connections OIT normally provides to University customers. You should assume that unless indicated otherwise, any documentation published by OIT regarding network service at Princeton University do not apply to these external customer network connections.
This document provides general information about external customer networks.
The document External Customer Network Assignments lists all the external customer networks, showing the VLAN names and VLAN numbers, IP network ranges, network masks, default IP routers, and to which organization each of these networks is assigned.
(For example, "we currently need three to five IPv4 addresses, and expected to need fewer than a dozen total IPv4 addresses during the three years we will be on campus.")
This estimate is necessary so we can create an external customer network of an appropriate size.
OIT will use this information if it becomes necessary to contact someone regarding this network, or regarding an issue involving some device attached to this network.
(For example, in the example network 192.168.10.64/28 above, the first usable IPv4 address is 192.168.10.65. That IPv4 address is assigned to the IPv4 router operated by OIT.)
If you need to look up this information for your network, please consult External Customer Network Assignments .
When OIT operates IPv6 service for the network, OIT operates an IPv6 router that connects this network to the Internet. The IPv6 Global Unique Address of the router will be the first usable IPv6 Global Unique Address on the network.
IPv6 devices identify their default router(s) by the router's IPv6 Link-Local addresses, not the router's IPv6 Global Unique Address. The IPv6 device will learn the default router(s) IPv6 Link-Local address(es) by listening to ICMPv6 Router-Advertisement messages.
Keep in mind that the first and last IPv4 addresses on any IPv4 network are never usable.
The first usable IPv4 address is already assigned to the IPv4 router operated by OIT.
The second and third usable IPv4 addresses are also used by OIT, as the IPv4 router service operated by OIT needs two additional IPv4 addresses because OIT's router is actually a high-availability pair of routers. (There are a few exceptions to this noted in External Customer Network Assignments , in which the two additional IPv4 addresses used by OIT are not the second and third usable IPv4 addresses on the network, but intead are other specific addresses on the network.)
The remaining IPv4 addresses are available for the external organization to assign to their devices.
(In the example IPv4 network 192.168.10.64/28, IPv4 addresses 192.168.10.64 and 192.168.10.79 are unusable because they are the first and last IP addresses. IPv4 address 192.168.10.65 is the first usable IPv4 address, so it is assigned to router operated by OIT. IPv4 addresses 192.168.10.66 and 192.168.10.67 are also used by OIT in support of our router service. The remaining IPv4 addresses 192.168.10.68 through 192.168.10.78 inclusive are available for the external organization to assign.)
The first usable IPv6 Global Unique address is already assigned to the IPv6 router operated by OIT.
The second and third usable IPv6 Global Unique addresses are also used by OIT, as the IPv6 router service operated by OIT uses two additional IPv6 Global Unique addresses because OIT's router is actually a high-availability pair of routers.
The remaining IPv6 Global Unique Addresses on the network are available for the external organization to assign to their devices, or for their devices to generate using SLAAC.
(For example, "I am with building contractor Smith Contractors Inc. You've assigned external-customer-network-513 to my company. Please install/enable in my construction trailer three additional Ethernet ports wired to that network.")
If you want your device to have a name in DNS, you will need to arrange for it yourself.
(For example, if your company operates its own DNS domain smithcontractors.com, and you want the name foo.smithcontractors.com to map to IPv4 address 192.168.10.66 (on the external customer network), arrange with your own company to update your company's DNS data to add a DNS record for foo.smithcontractors.com pointing to 192.168.10.66.)
(For example, we will not arrange for there to be a record in DNS that maps from your device's IP address (e.g., 192.168.10.66) to your device's name (e.g. foo.smithcontractors.com).
If you have such a need, and your company is prepared to operate its own DNS servers for the reverse DNS zone corresponding to the network range we've assigned to you, please contact OIT to have us delegate the appropriate reverse DNS zone to your DNS servers.
If you feel your external customer network needs DHCP or BootP service, you are welcome to operate your own DHCP or BootP server(s) on that network. (Note that you must take great care to only operate a DHCP or BootP server on your external customer network, not on the campus network. Attaching a DHCP or BootP server to the campus network will disrupt service on the campus network, and lead OIT to blocking your network service. So be sure that the Ethernet port on which you plan to operate your DHCP or BootP server is one that is wired to your external customer network.)
You are welcome to operate your own NTP server(s) on that network, or use any of the freely available NTP services on the Internet.
However, there is no such proscription regarding such devices attached to external customer networks. You are welcome to attach NATs to your external customer network (and deal with any problems they may cause).
Attaching a malfunctioning NAT to the campus network (as opposed to an external customer network) may disrupt service on the campus network, and lead OIT to blocking your network service. So be sure that the Ethernet port on which you plan to operate your NAT is one that is wired to your external customer network (not the campus network). That way, if your NAT malfunctions and disrupts services, it will likely disrupt service to just your external customer network. As disruptions of that nature do not affect the campus network (just your network), they will not lead to OIT blocking your network service.
(Recall that devices attached to external customer networks are not normally registered in Princeton University Network Registration, and that would include lack of registration for "wired dynamic" service.)
Like other "outside" networks, devices attached to external customer networks are not able to reach some on-campus services that are intended to be restricted to clients within the campus network.
For example, unlike the campus network, we don't attempt to discover misconfigured or malfunctioning customer devices attached to external customer networks that are causing problems on those networks.
The external organization to whom the external customer network has been allocated is responsible for the devices attached to that network (except for OIT's router). Any misconfigured or malfunctioning devices causing problems on that external customer network are the customer's responsibility.
Each external organization is assigned its own separate external customer network, so that problems with one organization's devices do not affect another organization's network. It's up to each external organization to manage their devices.
OIT is, of course, responsible for any physical problems with the network connections we provide (e.g. defective Ethernet port) or any problem with the OIT router that connects the external customer network to the Internet.
If a device attached to an external customer network is the source of a problem that affects the campus network or the Internet, OIT may take appropriate measures to contain the problem to the external customer network. For example, if such a device is attacking other devices outside the external customer network, OIT may block the device from communicating outside the external customer network. When OIT takes such measures, we will attempt to notify the contact(s) specified for the external customer network.