As announced on April 19, 2017, MIT is migrating to IPv6, and in the process is consolidating our in-use IPv4 address space to facilitate the sale of excess IPv4 capacity. As part of the renumbering effort, we are also provisioning our infrastructure to accommodate private as well as public IPv4 addresses. IS&T intends to do whatever we can to foster the pace of experimentation and innovation at MIT as we introduce support for IPv6.
On June 23, 2017, to meet a contractual deadline, IS&T migrated devices in a small number of buildings from public to private IPv4 addresses. IS&T has received a number of questions and concerns about this work from the community.
This page is intended to answer those questions based on the current plan, which is a work in progress. IS&T will reach out to the community to discuss this work and collaborate with MIT’s IT Governance Committee and IT Policy Committee to finalize this plan before moving forward.
Why is IS&T making changes to MITnet?
We are preparing for the next generation of MITnet and IPv6. As part of our upgrade to IPv6, we will be consolidating our in-use IPv4 address space to facilitate the sale of MIT’s excess IPv4 capacity. As part of the renumbering effort, we are also provisioning our infrastructure to accommodate private as well as public IPv4 addresses. Proceeds from the sale will cover network upgrade costs and provide a source of endowed funding for the Institute to use in furthering its academic and research mission. See this letter to the MIT Community for more information on Next Generation MITnet.
What buildings are already using this configuration?
Buildings already impacted by this renumbering are W2, W5, W8, W64, E1, 50, W16, W15, W34, and W51c. (IS&T's buildings, W91 and W92, were renumbered previously, in preparation for this work.) These were selected because of the low number of devices (approximately 50) located within them, thereby limiting the impact associated with beginning our consolidation of in-use address space and rolling out the new dual-stack (IPv4/IPv6) architecture. During this work, one device in Building 50 became temporarily unavailable from outside MITnet (at track-blaster.com). It remained available from within MITnet (at turntable.mit.edu). Service was restored the following day. If you have a device in one of these buildings and need a public IPv4 address, email email@example.com.
Will MIT still have public IPv4 addresses?
Yes. Students, faculty, or staff who desire to use public IPv4 addresses will be able to obtain them. There will be both private and public addressing options, and the community will be able to select whichever best meets their needs.
How can I get a public-facing address?
Students, faculty, and staff will continue to be able to request public-facing addresses for machines that need to be exposed to connections from outside MITnet. IS&T plans to provide a self-service interface for these requests in Fall 2017, before the majority of migrations begin. This self-service interface will be fully automated, requiring no approval or manual updates by IS&T staff. In the meantime, to request a public-facing address, email firstname.lastname@example.org.
What will be the public-facing MITnet address range at the end of the consolidation?
As of June 26, 2018, MIT’s address range will be 184.108.40.206/9 (in CIDR notation), i.e. 220.127.116.11 through 18.104.22.168.
When will the MITnet range migration to the 22.214.171.124/9 configuration happen?
Gradually, beginning in earnest in the Fall and spanning the course of the 2017/2018 academic year, to be completed by June 2018.
What changes can I expect after June 2018?
Consolidation of the remainder of in-use IPv4 addresses will occur after June 2018.
What is the schedule for these changes?
Over the next two years, starting in the Fall, with the next milestone being a transaction in June 2018. The project team will reach out to affected building occupants as part of the migration effort, and will publish the draft of the migration schedule by the Fall. Implementation and communication plans will be reviewed in the Fall by MIT’s IT Policy and IT Governance committees before the main phase of our renumbering work begins. We plan to engage with our community (IT stakeholders and students) to coordinate plans for rolling out the new dual-stack IPv6/IPv4 architecture, and continuing our consolidation of in-use IPv4 address space. Our faculty technical adviser will participate in those technical sessions. (Text revised 7/19/17)
Why is MIT using private IPv4 addresses and Network Address Translation (NAT)?
Migrating devices that do not need to be reachable from outside MITnet behind a firewall will improve our default security posture. Moving into private IPv4 address space and using NAT to enable access to the Internet will aid in giving MIT flexibility in managing our public-facing address space with little or no disruption to hosts on the network. (Text revised 6/30/17)
Will these changes adversely affect innovation on MITnet?
No. With the ability to request a public-facing address via a self-service interface, as well as the addition of IPv6 connectivity and upgrades to the MITnet infrastructure, MITnet will continue to provide a platform for development of innovative applications in a modern networking environment.
I believe a service I run has been or may be affected by this change. Who do I contact to fix it?
Contact the Service Desk at email@example.com or by calling 617-253-1101 with a description of what services are or may be affected, along with the department and location. IS&T staff will do our best to keep this service up and running.
Can I choose when my migration will happen?
The migration schedule is being managed to ensure completion by June 2018, as required by the terms of the transaction, so specific migrations cannot be delayed in a way that compromises the overall schedule. However, IS&T plans to work closely with the community. If you have concerns about a specific migration or scheduling constraints, or are interested in moving early, please contact the Service Desk at firstname.lastname@example.org or by calling 617-253-1101.
How can I prepare for this?
You can configure machines that you manage to use DHCP if they don’t already. If you need any of these machines to retain a permanent address, IS&T can assign you a permanent DHCP reservation. Request this by contacting the Service Desk at email@example.com.
For IT Providers: Gather as much information as you can about machines that have static IP addresses assigned and what they are used for, all of your network printers, and any externally delivered services that your devices provide, and we will assist you in planning your migration.
If I use wireless, does this affect me?
Yes, the IPv4 addresses used by the MIT and MIT SECURE wireless networks are part of the address space that will be renumbered. All wireless hosts will continue to receive IPv4 addresses via DHCP. Wireless hosts will receive a private IPv4 address by default. You may request a public IPv4 wireless address should you need one.
Are static IPs going away altogether? If not, what can they be used for?
No. Permanent, public-facing addresses can be requested for devices that require them. They can continue to be used for hosts that need to be exposed to connections from outside MITnet. While we continue to recommend taking advantage of servers hosted in IS&T’s data centers for important applications and services whenever possible, this functionality is not going away.
The DLC I support provides public-facing services from devices on our network. How can we continue to provide these services?
IS&T offers services to DLCs such as managed server hosting (via our hybrid cloud environment) as well as colocation in our data center, and recommends leveraging these services whenever possible for security and resilience. If these services do not fit your needs, then we can assign an externally routable IP address to your host(s) via a permanent DHCP reservation.
How is this going to affect all campus subnets? I'm concerned about dorms.
Residence halls are treated like other campus subnets. Machines will transition to DHCP- assigned MITnet addresses. Students will continue to be able to request public-facing addresses, through a self-service process that will be available this Fall.
How will printing be affected?
Centrally-managed printing such as Pharos and the MIT print servers will not be affected. If you use static IP addresses to connect your printers to the MIT network, they should be migrated to DHCP just like any other network device. If you connect to printers using their IP address you will need to update your configuration to reestablish connections to those printers after they migrate.
How do I get remote access into my on-campus machine?
It will be possible to request a permanent, internal (10.x.x.x) IP address and hostname which will be assigned to a host via DHCP. Once that is in place the host can be remotely accessed through MIT’s VPN service.
Will port forwarding be allowed?
No. Port forwarding will not be supported.
How will use of peer-to-peer applications such as BitTorrent be affected?
Peer-to-peer applications such as BitTorrent are designed to work on private as well as public networks, and downloads should not be impacted by this change. Connections initiated from private addresses will be permitted outbound through the firewall. Connections initiated from outside of MITnet will only be able to connect to public addresses. For devices using private addresses, BitTorrent downloads will not be impacted, but sharing will only work from devices using public addresses. (Text revised 6/30/17)
Do we have dynamic DNS?
Not currently, but it is something we are working to make available in the future.
Does MIT have IPv6?
The Next Generation MITnet effort is part of our preparation for IPv6. See this letter to the MIT Community for more information on Next Generation MITnet.
When will IPv6 be available?
IS&T has begun an initial pilot of IPv6 technology in selected locations. A broader campus rollout will take place in a later project phase. (Text revised 12/18/17)
Are there changes planned that affect the security of the network?
Network connectivity to devices using private IPv4 addresses will be provided through a firewall that will connect those devices to the broader MIT network and external Internet. There were efforts already underway to place building networks throughout the MIT campus behind a firewall. That work is now being combined into this overall Next Generation MITnet effort. Network access to public IPv4 addresses will not traverse any firewalls.
If I maintain a firewall for servers, how and when can I find out necessary configuration changes as the campus IP space changes?
IS&T has published an updated list of MIT’s public IPv4 address ranges to the Knowledge Base. This list is current as of June 27, 2017, and will be updated again in June 2018, when the next transaction is complete. The ranges currently listed will remain owned by MIT through June 2018. During this time, some IP addresses in the listed ranges will be renumbered to become unused, but those freed-up addresses will remain owned by MIT until the June 2018 transaction. In June 2018, the range owned by MIT will be 126.96.36.199/9. (Text revised 6/30/17)
How does this affect systems with IPSec policies?
Machines using Windows Domain IPSec policies for access control will need to have their IPSec policies updated to reflect the new IPv4 addresses.
Do I need to register my device for DHCP?
Yes, the machine will need to be registered to use the network. If you would like to receive a specific IP address when your machine uses the network in your building, please contact the Service Desk at firstname.lastname@example.org.
What if my device does not support DHCP?
Please contact the Service Desk at email@example.com or call 617-253-1101 to discuss further.
What if I am already using private IPv4 addresses for my device or application?
The MIT network will be using 10.0.0.0/8 for private addressing on the campus network. Both 172.16.0.0/12 and 192.168.0.0/16 will remain available for your use. If you are currently using 10.0.0.0/8 for your device or application, please be prepared to move to 172.16.0.0/12 or 192.168.0.0/16. NOTE: A previous version of this page indicated that 172.16.0.0/12 would become reserved for campus use. This will not be the case, so this answer has been updated. (Text revised 6/29/17)
Will Zephyr, AFS and Athena services continue to work?
Yes, these services will continue to work as they do today. Their traffic will be routed directly across the campus network between the private IPv4 addresses and our data center facilities.
Will each building be limited to 256 public addresses? What if my location needs more than that?
IS&T will assign 256 public IPv4 addresses by default to each building, but we will add additional public IPv4 address capacity as needed to meet the demand for a particular building. No requests for a public IPv4 address will be turned away. (Question added 6/30/17)
Will IPv6 addresses be firewalled?
MIT plans to implement IPv6 both within and outside of the firewall. If your device is assigned a private IPv4 address, it is behind the firewall, and its IPv6 address will be behind the firewall as well. If your device is assigned a public IPv4 address, it is directly exposed to the Internet, and its IPv6 address will be, too. (Question added 6/30/17)
I provide IT support for a department, lab, or center. Who should I contact to coordinate scheduling and change communications?
IS&T’s Distributed Support (DITR) team will be working with IT providers to coordinate all changes. If you already have a DITR service agreement, contact your point person. If you do not already receive support through DITR, contact firstname.lastname@example.org and a DITR representative will reach out to you. (Question added 6/30/17)
What do I do if I have a hardcoded reference to an IP address impacted by this change?
You will need to update your configuration or code to update the reference. If there are extraordinary circumstances preventing you from doing this, contact email@example.com. (Question added 6/30/17)
I currently have one or more hostname(s) assigned using static IP. Can I retain my hostname(s)?
Yes. (Question added 6/30/17)
What happens if the public address I’m NAT’ed through gets blacklisted (i.e. someone else’s machine is causing trouble and that affects my connection)?
As always, if your connectivity has been disrupted, contact the Service Desk at firstname.lastname@example.org or by calling 617-253-1101. (Question added 6/30/17)
I have a question that is not answered here. Who do I contact?
If you have other questions that are not answered here, or you have further questions about any of the answers provided, please let us know by emailing email@example.com.
Page revised 12/18/17