BonFIRE logo and link to main BonFIRE site

Table Of Contents

Previous topic

Mount a datablock storage

Next topic

Basic network resources

This Page

Overview of Networking in BonFIRE

This section aims to introduce the different networking options (basic resources, emulated network at Virtual Wall, AutoBAHN and FEDERICA, BonFIRE WAN and public internet), and to provide a high level overview of the inter-site networking capabilities, and limitations of BonFIRE.

Network Infrastructure

For details on the network resources offered within each site see the Infrastructure documentation.

By default (but see Advanced Network Features) the sites are interconnected solely via the public internet. Achieved network performance between sites is therefore highly variable depending on both the time of measurement and the particular pair of sites in question. Network performance is further affected by VPN issues - see below.


Testbed providers are not able to provision a public IPv4 address for all virtual machines running on their infrastructure. Because of this, virtual machines running on different sites can only communicate between themselves if they all have a IPv4 address that is not public but that is reachable from the other sites. These private (RFC 1918) addresses that are routable outside local testbed boundaries are part of what we call the BonFIRE WAN. In theory, we potentially have three classes of addresses in the facility:

  • Public IPv4 addresses
  • BonFIRE addresses: they are private in the RFC 1918 sense of the term, but are uniquely assigned in BonFIRE
  • Private addresses: they are unambiguous only inside a local testbed (or potentially even more narrowly).

In order to implement this, BonFIRE sites operate a VPN which tunnels BonFIRE WAN traffic between sites.

List of BonFIRE WAN Addresses
Site Name WAN Address
Inria 172.18.1.* 172.18.7.* 172.18.248.* 172.18.249.* 172.18.250.* 172.18.251.* 172.18.252.* 172.18.253.* 172.18.254.* 172.18.255.*
HLRS 172.18.2.*
EPCC 172.18.3.* 172.18.6.* 172.18.240.* 172.18.241.* 172.18.242.* 172.18.243.* 172.18.244.* 172.18.245.* 172.18.246.* 172.18.247.*
iMinds 172.18.4.*
PSNC 172.18.8.* 172.18.9.*

NOTE: You can set up a VPN on your local machine to access the VMs in the BonFIRE WAN by following these instructions.

Implications for Experiments

VM Networks

In order for a VM to be reachable by ssh, monitoring, etc. it must be reachable from the BonFIRE WAN. To achieve this, you need to add your VM (at least) to the BonFIRE WAN network, as discussed in Deploying Compute Resources in BonFIRE.

SSH Gateways

Because BonFIRE VMs do not, in general, have a public IP address, they cannot be reached directly from outside the BonFIRE WAN. An experimenter wishing to ssh to a VM must therefore do so via one of the SSH Gateway Configuration.

Network Performance

Experimenters should be aware that, because of the VPN tunnelling, network performance between BonFIRE sites will be substantially lower than would otherwise be the case. Note that this is likely to be the case even when one or both VMs are using a public IP.

User Defined Networks

The be-ibbt, pl-psnc and uk-epcc sites allow the creation of user defined networks. See Basic network resources for details.

VPN for users

OpenVPN service should enable the users to access the BonFIRE IPs at least on ssh and http(s) without limitation.

Advanced Network Features


VMs at EPCC offer a native IPv6 connection. This is on the same interface as the BonFIRE WAN and is enabled by default. At present the IPv6 address is not reported by the OCCI interface, but can be derived from the mac address if necessary (as per RFC 2464). The prefix used at EPCC is 2001:630:3c1:646.

Computes at iMinds are also capable of offering native IPv6 connectivity, but this is not enabled by default. Please e-mail if you require this.

If you wish to disable IPv6 then follow the instructions here.

Public IPs Available on Each Site

Different infrastructure sites can support a number of public IPs. The following table shows the number of public IPs available on each site:

List of public IPs on each site
Site Name Accessibility to Internet with WAN or private addresses Access Restriction Routing Public Internet Address Pool Size Public Internet Address Pool Size (BonFIRE Production Environment)
EPCC Yes No. Direct (for VMs with public IPs). 12 12
HLRS Yes No restrictions Directly 0 (not possible with current infrastructure) 0
iMinds Virtual Wall only via http_proxy no restrictions (within BonFIRE WAN) all traffic that CAN be routed via the WAN, IS currently routed over the WAN (according to Tinc config SVN) not available only few public addresses available for servers (where needed), only very limited availability
PSNC Yes No restrictions routed through the gateway 5 5
INRIA on 80/443/22 tcp only 80/443/22 tcp are opened through the WAN /24 /25 ( (128 ips)