Assign at least one static, publicly routable IP address to each of your nodes. The addresses should be outside of any firewalls at your site, or in an otherwise unrestricted network segment. We recommend that an entire network segment (or CIDR block) be dedicated to the nodes. If additional IP addresses on the segment are available for use by the nodes, please let PlanetLab Support know. All addresses dedicated to the nodes should have registered DNS names and support both forward and reverse lookup.

Because a wide variety of experiments and services will run on your nodes, they should not be subject to port filtering. We recommend placing your nodes in a network DMZ outside of any firewalls, which will also protect your internal network from any misbehaving experiments.

 

PlanetLab nodes send packets to a large number of unique IP addresses. This behavior may overload routers that utilize route caches. We recommended that you disable route caching on any routers between your nodes and the Internet. Additionally, nodes require a minimum of 400 kbps of bi-directional bandwidth to the Internet. Connecting your nodes to the Internet via a DSL line is feasible, but higher bandwidth connections are recommended.

 

We do not recommend that you monitor your PlanetLab nodes with an automated Intrusion Detection System (IDS) or other automated system that scans for attack signatures or specific content. PlanetLab experiments, by their very nature, often generate large amounts of network traffic that can appear to be port scans or attacks but are really mapping experiments or honeypots. Most automated IDSs are not intelligent enough to tell the difference. All users of PlanetLab are bound by an Acceptable Use Policy (AUP) that expressly forbids systematic hacking, spoofing, or scanning, and the staff at PlanetLab Operations actively monitors all nodes for intrusion attempts and abnormal behavior.