Carnegie Mellon University
Office of the CIO  ›  Computing Services  ›  Services  ›  End-Point Computing  ›  Network Access  ›  Network Guidelines  ›  Network Protocol

Network Protocol Guideline

Purpose

This guideline ensures the Carnegie Mellon community has a clear understanding of the network services and protocols that may cause network problems. In some cases, the protocol or service has potential to be so harmful and has been banned from use on campus. We reserve the right to modify this guideline as necessary. 

Applies to

All campus affiliates.

Definition/Clarification

  • DHCP - Dynamic Host Configuration Protocol
  • IP - Internet Protocol
  • SAP - Service Advertising Protocol

Guideline Statement

Adhere to this guideline and the Carnegie Mellon Computing Policy. Any systems violating this guideline will result in loss of connectivity. If the system is attached via a hub or switch to the network, it may be necessary to disable the outlet. This may result in loss of connectivity for other systems. In most cases, services will be restored once the system is reconfigured. Repeat offenders may lose connectivity for an extended period of time and may have disciplinary charges filed against them.

Responsibilities and Procedures

The protocols and services that are banned from use on campus are listed below.  See the Protocol Definitions to ensure your computer does not inadvertently perform one of these functions. Most out-of-the-box applicatons are listed below. However, this is not a comprehensive list.

  • DHCP
  • IP Routing
  • Virtual Hosting via Multiple IP Addresses
  • SAP
  • Microsoft Network Protocols and Services
  • Windows Domain

Protocol Definitions

Dynamic Host Configuration Protocol (DHCP) service is available for all computers on our campus network. This service provides is required for some computers to work properly. To register a computer or device, please visit the Network Access page.

Running your own DHCP service on our network is prohibited. If a rogue DHCP server is located, the computer will be removed from the network, and its owner contacted.

A rogue DHCP server may distribute incorrect information, and could cause those with properly configured computers to lose all network connectivity. To be sure that you do NOT accidentally turn on this service when installing the operating system:

  • Windows: Do NOT enable Internet Connection Sharing (i.e., Network Bridging) while connected to the campus network. Also, do NOT install the Microsoft DHCP Server or DHCP Relay Agent network services. 
  • macOS: Do NOT enable Internet Connection Sharing while connected to the campus network.
  • Linux/UNIX: Do NOT install DHCP server packages. Most distributions include a DHCP client, which you are encouraged to use.

Some operating systems offer the ability to act as a router and forward IP packets from one network interface to another based on its internal routing tables. IP Routing is banned.

If a computer is configured to route IP packets from one interface to another and both are on the same physical network, the packets will appear twice. As a result, ARP caches may become corrupt.

When hosts are incorrectly configured as routers, wrong information is disseminated. In order to advertise which networks are available on other interfaces, the host must send route advertisements in one format or another. These advertisements may impair the real routers from receiving information or may cause them to advertise the incorrect routes. To be sure that you do NOT configure your operating system for IP routing:

Windows: Do NOT enable Internet Connection Sharing.

macOS: Do NOT enable Internet Connection Sharing while connected to the campus network.

A network host may serve WWW data for multiple virtual sites. These sites may have different hostnames (www.cmu.edu, www.mit.edu) that are short and easy to remember. Carnegie Mellon does not provide multiple IP addresses to hosts. If this functionality is needed, the host may be configured with multiple valid hostnames.

Consider the following when configuring a host with multiple valid hostnames:

  • The host may have two separate hostnames or the host may have two separate hostnames which point to two separate IP addresses.
  • Those using Linux should not configure "Networking options: Network aliasing: IP: aliasing support." Aliasing support is not permitted on the campus network.