The Private Network

Starting on Monday 9 July 2007, the Private Network goes live. This page explains what this means in practice for users accessing the network.

This service will not affect staff or students with a Departmental desktop administered by the Computing Team.

Affected individuals are:

  • Laptop users of ANY kind.
  • Users who administer their own computers, whether they are owned by the Department or privately.
  • Special restricted networks for specific functions (i.e.: special purpose laboratories).

From 9 July, all such computing equipment will obtain an IP address lease from one of our Private Network domains. The default private network has IP addresses of the form 10.3.0.X (1<=X<=253), but this can be expanded trivially. Indeed there are other Private Networks for special purposes already, all of which have addresses that are of the form 10.X.X.X (1<=X<=253). This gives us an enormous address expansion to our network, providing a greater access to the internet into the future. See the Network Layout for a brief guide on how the various networks relate to each other.

The notable point about these addresses is that they are "non-routable", meaning that normal networking equipment is unable to see them without special configuration. To facilitate access to the Departmental network and beyond we employ an intermediary service called a "NAT" (or "Network Address Translation") router. The NAT maps the many addresses on the Private Network to one single address on the Departmental network. The NAT also employs a Firewalling system to prevent certain traffic from crossing its boundary.

This means that access to any network outside the Private Network goes through the NAT and only certain services can cross it. These are discussed in Security-related issues.

For most purposes, anyone using the Private Network should have as much access as you need. In fact, the model used in the NAT is a larger-scale version of that used by ISPs when setting up home ADSL networks. In essence, the NAT used in most ADSL home internet boxes is doing much the same as our NAT.

For access to restricted Departmental services (services that are only for staff and students), like the P-drive and the intranet website, one must use the VPN, thus using your user account to authenticate. See the VPN documentation on how to do this. However, there are problems with the VPN so you should also read the Advice on VPN usage.

Finally, printing will work from the Private Network without having to sign into the VPN, although there are a few things you may need to know when setting it up. This is discussed in more detail in Setting up printing.