Sometimes an external organization with a need for Internet connectivity at the University is provided with an external customer network.
One example may be a building contractor who needs Internet connectivity in one or more construction trailers.
In these circumstances, it is sometimes appropriate to treat the organization as "external" to the University. Instead of providing the organization with connections "on" the campus network, they are instead provided with connections that appear to be "external" to the campus network.
The existing physical network infrastructure on the campus may be used to provide these connections, but the connections are configured in such a way as to make them appear to be logically external to the campus network.
The service provided to the organization is roughly similar (but not identical) to what it would receive had it contracted with a commercial ISP for network service.
These connections are very different than other campus network connections OIT normally provides to University customers. You should assume that unless indicated otherwise, any documentation published by OIT regarding network service at Princeton University do not apply to these external customer network connections.
This document provides general information about external customer networks.
The document External Customer Network Assignments lists all the external customer networks, showing the IP network ranges, network masks, default routers, and to which organization each of these networks is assigned.
(For example, "we currently need three to five IP addresses, and expected to need fewer than a dozen total IP addresses during the three years we will be on campus.")
This estimate is necessary so we can create an external customer network of an appropriate size.
OIT will use this information if it becomes necessary to contact someone regarding this network, or regarding an issue involving some device attached to this network.
(For example, "your network is 192.168.10.64/28, that is, IP range 192.168.10.64 - 192.168.10.79. The IP subnet mask for your network is 255.255.255.240. OIT's name for your network is "external-customer-network-513.")
The numbers cited above and in the remainder of this document are only examples; in actuality, an external customer network will always be assigned globally routable IP addresses, not RFC1918 IP addresses.
If you need to look up the information for your network, please consult External Customer Network Assignments .
(For example, in the example network 192.168.10.64/28 above, the first usable IP address is 192.168.10.65. That IP address is assigned to the IP router operated by OIT.)
If you need to look up this information for your network, please consult External Customer Network Assignments .
Keep in mind that the first and last IP addresses on any IP network are never usable.
Also remember that the first usable IP address is already assigned to the IP router.
The remaining IP addresses are available for the external organization to assign to their devices.
(In the example network 192.168.10.64/28 above, IP addresses 192.168.10.64 and 192.168.10.79 are unusable because they are the first and last IP addresses. IP address 192.168.10.65 is the first usable IP address, so it is assigned to the router. The remaining IP addresses 192.168.10.66 through 192.168.10.78 inclusive are available for the external organization to assign.)
(For example, "I am with building contractor Smith Contractors Inc. You've assigned external-customer-network-513 to my company. Please install/enable in my construction trailer three additional Ethernet ports wired to that network.")
If you want your device to have a name in DNS, you will need to arrange for it yourself.
(For example, if your company operates its own DNS domain smithcontractors.com, and you want the name foo.smithcontractors.com to map to IP address 192.168.10.66 (on the external customer network), arrange with your own company to update your company's DNS data to add a DNS record for foo.smithcontractors.com pointing to 192.168.10.66.)
(For example, we will not arrange for there to be a record in DNS that maps from your device's IP address (e.g. 192.168.10.66) to your device's name (e.g. foo.smithcontractors.com).
If you have such a need, and your company is prepared to operate its own DNS servers for the reverse DNS zone corresponding to the network range we've assigned to you, please contact OIT to have us delegate the appropriate reverse DNS zone to your DNS servers.
If you feel your external customer network needs DHCP or BootP service, you are welcome to operate your own DHCP or BootP server(s) on that network. (Note that you must take great care to only operate a DHCP or BootP server on your external customer network, not on the campus network. Attaching a DHCP or BootP server to the campus network will disrupt service on the campus network, and lead OIT to blocking your network service. So be sure that the Ethernet port on which you plan to operate your DHCP or BootP server is one that is wired to your external customer network.)
You are welcome to operate your own NTP server(s) on that network.
However, there is no such proscription regarding such devices attached to external customer networks. You are welcome to attach NATs to your external customer network (and deal with any problems they may cause).
Attaching a malfunctioning NAT to the campus network (as opposed to an external customer network) may disrupt service on the campus network, and lead OIT to blocking your network service. So be sure that the Ethernet port on which you plan to operate your NAT is one that is wired to your external customer network (not the campus network). That way, if your NAT malfunctions and disrupts services, it will likely disrupt service to just your external customer network. As disruptions of that nature do not affect the campus network (just your network), they will not lead to OIT blocking your network service.
If you need for the device to be able to use OIT Mobile IP Service or OIT Wireless Service when it visits the campus network, then you will also need to register the device in the Princeton University Host Database, independantly of its normal use on your external customer network.
Like any other "outside" network, devices attached to external customer networks are not able to reach some on-campus services that are intended to be restricted to clients within the campus network.
For example, unlike the campus network, we don't attempt to discover misconfigured or malfunctioning customer devices attached to external customer networks that are causing problems on those networks.
The external organization to whom the external customer network has been allocated is responsible for the devices attached to that network (except for OIT's router). Any misconfigured or malfunctioning devices causing problems on that external customer network are the customer's responsibility.
Each external organization is assigned its own separate external customer network, so that problems with one organization's devices do not affect another organization's network. It's up to each external organization to manage their devices.
OIT is, of course, responsible for any physical problems with the network connections we provide (e.g. defective Ethernet port) or any problem with the OIT router that connects the external customer network to the Internet.
If a device attached to an external customer network is the source of a problem that affects the campus network or the Internet, OIT may take appropriate measures to contain the problem to the external customer network. For example, if such a device is attacking other devices outside the external customer network, OIT may block the device from communicating outside the external customer network. When OIT takes such measures, we will attempt to notify the contact(s) specified for the external customer network.