Basic Networking


Step-by-step instructions for getting started with Chameleon are available in the Getting Started section of this documentation. These instructions include using basic networking functionality.

Shared Network

All Chameleon Projects have access to the fixed network sharednet1 which is used by most experiments. The sharednet1 is a pre-configured network shared among all Chameleon Projects with a Subnet whose address space is and includes a router providing NAT access to the public Internet. All instances using sharednet1 can communicate directly.

Multiple Networks

Some Chameleon bare metal nodes support connecting to multiple networks. Currently, the number of networks allowed is limited to the number of enabled NICs on the node (currently this is up to 2). It is possible to find such nodes via Resource Discovery by filtering by the “Enabled” flag for a given Network Adapter slot. Note that the slots are 0-indexed, meaning the first NIC is referred to as Network Adapter #0.

When launching a node that supports multiple networks, simply assign multiple networks to the instance when you are launching it. The networks will be mounted on NICs in the same order that the networks are assigned; that is, the first assigned network will be mounted on Network Adapter #0, and the second on Network Adapter #1, and so on.

Floating IP Addresses

Instances on Chameleon are assigned a fixed IP address that can be used for local connectivity as well as NAT access to the public Internet. A publicly accessible IPv4 address (Floating IP address) is required in order to access Chameleon instances from the Internet or host public services. CHI@TACC and CHI@UC each have a limited number of public IP addresses that can be allocated to your instances.

The Getting Started guide shows how to allocate Floating IP address to your nodes.


The Chameleon floating IP address pool is a shared and finite resource. Please be responsible and release any unused floating IP address, so other Chameleon users and projects can use them!

Security Groups

Currently, Security Groups are not implemented on CHI@TACC and CHI@UC. Therefore, all inbound and outbound port traffic is open to the Internet at these sites by default. KVM@TACC observes Security Groups, which allows inbound and outbound traffic to be filtered by port with a default policy.