Introduction

The intention of the isolated network is to provide an inexpensive method for users to transfer files from one system to another.   Users of the isolated network are provided with a 100MB link up to a 1GB backbone that they may use to transfer files to any other user on the isolated network.  Users wishing to transfer files to systems on the regular Physics network can do so via a "drop-box" ftp server, which will be the ONLY system that exists on both the isolated network and the main Physics network.  There will be no routing done out of the isolated network, and no services except DHCP, local DNS, and ftp access to the drop-box system.

The isolated network is...

• A method to transfer files to other isolated systems directly, or regular physics system indirectly via the drop-box
• A separate network segment from the regular Physics network
• Free to anyone affiliated with the UCSB Physics Department

The isolated network is NOT...

• A place to put compromised machines
• Routed, resolved, or in any way connected to the rest of the world EXCEPT via the ftp server
• A place you can surf the web, send/receive email, or use ANY OTHER internet or Physics Network services

Please remember that this network is intended by PCS to be isolated.  ANYONE found to be connecting the isolated network to the outside by ANY MEANS, including dialing-up or dual-homing, hooking up a wireless network (which violates other PCS policies; see http://www.physics.ucsb.edu/~pcs/policies/), or any other method by which any system outside the isolated network could gain access to will be in violation of the isolated network agreement.  As such, they will be billed for their machines as well as every other system on the isolated network!  Why?  Because they've provided all those systems with general network access without consent of PCS or the users of those other systems, and we charge for regular network access.  So don't do it!

Connecting to the isolated network

Requesting a connection to the isolated network is just like requesting a connection on the main physics network.  Simply go to http://www.physics.ucsb.edu/~forms/iarf.html, and fill out the form presented.  Make sure, however, that under the Accounting Information section, where it says "Choose a service level", you  choose "Isolated".  Also, under the Commentssection, you should put what you would like your username and password to be for the ftp drop-box server.  You can make this the same as your regular ftp.physics.ucsb.edu password, or any other password on the physics network if you like.

NOTE: If you request an ip-address with this form, and you DO NOT choose "Isolated" you will be charged the current rate for a full network connection as listed on http://www.physics.ucsb.edu/~pcs/network/PhysicsDepartmentNetworkCharges.htm.  This charge is non-refundable, and you will be stuck with it until you tell us otherwise, for a minimum of 1 month.  So click carefully!!!

When you receive notification that your request has been processed, you may connect your system to the port you requested.  You MUST configure your system for DHCP to use the isolated network.  It should be set to get its ip address, DNS server, and hostname all from DHCP if possible (this is the default DHCP configuration for Windows, RedHat Linux, and most versions of the MacOS).  For more information on configuring your system for DHCP, please see Enabling DHCP for Laptops using Linux or Enabling DHCP for Laptops using Windows from the PCS FAQS.

If all works well after you have connected and rebooted, your system will have an ip address of the form 172.25.x.x, and will be called <HOSTNAME>.broida.  The .broida is the high-level domain for the isolated network; it's there to allow systems to be able to resolve their ip own ip address and hostname, as well as the hostnames of other systems on the isolated network as necessary.   Please remember that the ip address you are given will not be accessible and the name you're given will not resolve for any system outside of the isolated network.

To test your isolated network connection, you can try to ping 172.25.0.1.  If that works, you can try to ping the host ftp.broida.  If you're not sure how to ping, just try to ftp to ftp.broida.  If any of that works, you're connected!

Using the isolated network

You can use the isolated network to communicate with any other system on that network just as you would anywhere else, via ftp, ssh, http, or any other service that the system in question offers.   Transferring files to systems outside the isolated network is a two-step process, as follows:

1. From the system inside the isolated network, ftp to ftp.broida using the username and password assigned to you, and transfer all files to your directory there.
2. From any system on the regular Physics network, ftp to broida-ftp.physics.ucsb.edu using the same username and password, and transfer your files out

Transferring files from a system outside the isolated network to a system inside the isolated network follows the same 2 steps, just in reverse order.

There is a quota on the ftp drop-box of 100MB per user.  If you need to transfer more data than that at one time, please let us know.  Also, please be sure to delete the files when you're finished transferring them.  The ftp server is NOT to be used as a data repository or archive; that system is not backed up, and as such PCS does not guarantee the longevity of any data located there.  PCS reserves the right to purge any and all data, including user data, from that system whenever we deem necessary.

Finally, even though the isolated network is not connected to the rest of the Physics network or the UCSB network, acceptable use is still dictated by the terms of the UCSB Electronic Communications Policy and any other applicable departmental policies and agreements.  For more information regarding such policies, please see http://www.physics.ucsb.edu/~pcs/policies/, under the "Other Physics, UCSB, and UC System-wide Computer Policies" section.

Anticipated FAQ

1. I connected my system to the port requested, but I can't seem to access the isolated network.  What gives?

There are a few things you should check.  First, are you sure the cable you're using is working properly?  To verify this, you can look at the ethernet port on your system.  Most ethernet cards have a green "link-light" that tells you if you have a good physical connection or not.  If you see at least one solid green light on your card, you probably have a good connection.  If not, try another cable.  Also, check to make sure you're connected to the proper wall port.  If you still don't have a link light, contact pcs@physics.ucsb.edu or call us at x8366.  

Next, you should check to make sure you're setup for DHCP (see Enabling DHCP for Laptops using Linux or Enabling DHCP for Laptops using Windows).  If you are, reboot your system and see if it gets an address this time.  If you still can't access any isolated network resources, contact PCS.

2. OK, I have a link-light, and my system seems to have gotten an ip address.  I am able to ping 172.25.0.1, but if I try to ping or ftp to ftp.broida, it fails.  What's up?

Sounds like your not getting the DNS server properly.   Check to see if you've manually set the DNS server, if you know how to do so.  Otherwise you can try rebooting the system.  Failing that, contact PCS.

3. OK, I can access the isolated network stuff fine.  But when I try and send/receive mail, I get errors like "hostname not found", or "host unreachable", and I REALLY need to check my mail!  I also noticed that I can't get to the department homepage.

That's good!  Isolated network means ISOLATED.  You have no access to email, web, or any other normal Physics or public internet services.  The only way to get in or out of the isolated network is via the ftp server ftp.broida (if you're on the isolated side) or broida-ftp.physics.ucsb.edu (if you're on the regular Physics network side).

4. But I really need email access!!!

$50/month please; would you like fries with that?

All kidding aside, if you REALLY need normal network access, then you REALLY need to pay the normal network access fee.  It may not actually be $50/month for you.  Please see http://www.physics.ucsb.edu/~pcs/network/PhysicsDepartmentNetworkCharges.htm for more information.

5. Hey, this isolated network thing is great!  I don't have to keep my system updated anymore!

That's not entirely accurate.  In theory, yes, the network is isolated, so nothing bad should ever happen there.  In practice, we don't regulate who gets an isolated connection.  So someone may very well have a laptop they connect to the internet when at home, and to the isolated network when at work.  If that machine gets compromised or infected with a virus that your system is susceptible to, you're in trouble.  There's no excuse for not updating and/or securing your system!

6. I don't like the term "isolated".  I feel it conveys a negative feeling of loneliness and longing to my computers.  Can't we call it something else, like "different-but-still-very-capable-network" or "small-and-cozy-network"?

We'll take that under consideration.  Really.

7. Who can we thank for this marvel of computer engineering you call "the isolated network"?

Complaints, flames, comments, etc. should be sent to pcs@physics.ucsb.edu.  Alternatively, you can give us a call at 893-8366.  

---