Use of the Network

2019/09/13 by CSO

These subsidiary rules to Operational Circular Nº5 are for all equipment connected to CERN's networks.

The CERN network is shared by most of the CERN community, and abuse, in the form of causing excessive traffic, affects many other users and the quality of the service. Similarly CERN’s connections to the Internet are of a finite bandwidth and excessive use impacts the quality of service for everyone.

Excess traffic is not the only form of abuse, and applications may behave in ways that jeopardize the functioning of other computers or elements of the network infrastructure. Some applications may be prohibited for other reasons, such as posing a security risk. Further details can be access from the sidebar.


  • Users must not attempt to reconfigure any elements of the CERN network infrastructure;
  • Any local, i.e. non-central, DHCP server, for example integrated in routers and Wi-Fi access-points, must be disabled before connecting the equipment to the CERN network;
  • The use of NAT (Network Address Translation) is strictly forbidden;
  • In order to keep a high level of protection of end-user devices, only the CERN internal DNS must be used. "DNS-over-HTTPS" and "DNS-over-TLS" must be avoided;
  • Control systems must comply with the CNIC Security Policy for Controls.
  • The Network service managers will detect abnormal use of the on-site network and off-site connections that could impact the operation of the service. The users concerned will be notified.
  • Users who are informed that their computers or applications are causing problems, must take all possible steps to help determine the cause and to prevent a reoccurrence.
  • In critical situations devices may be disconnected from the network until the problems are resolved.