Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  <20142015  2016  2017  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  <20142015  2016  2017 
<== Date ==> <== Thread ==>

Subject: Re: VLANS designing,Geographical vs functional?
From: "Konrad, Martin" <konrad@frib.msu.edu>
To: Zhang Yuliang <zhangyl@ihep.ac.cn>, tech-talk <tech-talk@aps.anl.gov>
Date: Wed, 8 Jan 2014 16:25:14 +0000
Hi,
> We are designing VLANS for CSNS(China Spallation Neutron Source).  I
> want to know which method do you choose in your site, geographical or
> functional?  Any advice? Thanks in advance.
At the S-DALINAC we used functional segregation (cf. [1] p. 107f). The 
reason for this was security: We wanted to make sure that the office 
network is separate from the accelerator's network. It's also a good 
idea to keep the data acquisition network of the experiments separate of 
the accelerator network. You also might want to consider moving some 
machines like configuration databases, archiver machines etc. into some 
sort of a demilitarized zone.

Generally, a good starting point would be to use separation analogue to 
the social separation of the groups that are maintaining the machines on 
your network. This gives each group a reasonable amount of freedom in 
their VLAN while making connections to other machines a reasonable thing 
to maintain. Note that over-segregation results in a lot of work for the 
administrators of your gateways and also might have some impact on 
performance. Under-segregation, on the other hand, leads to problems 
caused by administrators which are not aware of the details of all 
machines on the network as well as security issues.

HTH,

Martin

[1] http://tuprints.ulb.tu-darmstadt.de/3398/

-- 
Martin Konrad
Control System Engineer
Facility for Rare Isotope Beams
Michigan State University
640 South Shaw Lane
East Lansing, MI 48824-1321, USA
Tel. 517-908-7253
Email: konrad@frib.msu.edu


Navigate by Date:
Prev: Re: Increasing scan rate to 10 kHz Till Straumann
Next: Re: A call to 'assert(capacity != 0)' by thread‏ Dirk Zimoch
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  <20142015  2016  2017 
Navigate by Thread:
Prev: Re: Agilent 33522A Function / Arbitrary Waveform Generator Michael Johnson
Next: Re: VLANS designing,Geographical vs functional? Konrad, Martin
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  <20142015  2016  2017 
ANJ, 17 Dec 2015 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·