Campus Networking Workshop

CIS 399

Dale Smith
University of Oregon & NSRC
[email protected]
 Course Notes
• Course Participants:
– US Computer Science Students
– Undergraduate students from China
– Network and IT professionals from Africa and
South Asia
• Course Grading (US CS Students Only)
– No exams
– Attendance and participation is mandatory
 Daily Schedule
• 08:30am-10:00am Morning Session I
• 10:00am-10:30am Morning Break
• 10:30am-12:30pm Morning Session II
• 12:30pm-01:30pm Lunch
• 1:30pm-03:00pm Afternoon Session I
• 03:00pm-03:30pm Afternoon Break
• 03:30pm-05:00pm Afternoon Session II
 Week at a Glance
• Monday: Introduction and Cabling Systems
• Tuesday: Layer 2 (in-building edge)
• Wednesday: Layer 3 (campus core routing)
• Thursday: Advanced routing (border)
• Friday: Network Management and Network
Engineering Round Table
 Today
• Morning session 1:
Campus Network Best Practices
• Morning session 2:
Cabling Infrastructure Design
• Afternoon session 1 & 2:
Fiber termination lab (NSRC Students)
or campus network tour (rest of group)
 Why Are We Doing This?
• Our goal is to build networking capacity to
support Research and Education
– Remember: University = Research & Education
• The end game is regional, national, and
larger Research and Education Networks
(RENs)
• All RENs start with campus networks – they
are the foundation of the REN
 Why a REN?
• Enable research or services that could
not be accomplished otherwise
• Cost Savings (buyers club)
• Vision of building alliances
• Successful RENs find that there are
unanticipated benefits
 REN Services
• What services are provisioned? Various
models:
– REN provides all Internet connectivity
– Peering network to exchange traffic between
members
– Advanced peering network that might
• Develop or peer with a local commercial exchange
• Provide international connections (GEANT, etc)
– Other services (video conferencing)
REN as Internet Service Provider
Internet
exchange
Internet point

REN

Member
Member
Member
REN as Peering Network

Internet
REN

Member
Member
Member
What model of NREN will you use?
• NREN as Primary Internet Service Provider?
• NREN as local peering between members?
• NREN as local peer plus other peers?
• What are implications from a public IP and
Autonomous System Number perspective of
these models?
 Who Needs ASN?
• Very Simple:
– Anyone who is multi-homed (connected to
multiple outside networks) needs an ASN
• All RENs need ASN
• Any multi-homed campus needs ASN
 Who Needs Public IP Space?
• Every campus must have Public IP
address space
• Question is really: Provider dependent or
provider independent.
• If provider is REN, then REN must have
public IP address space for customers
• Any large campus should have provider
independent IP address space
Provider Independent IP Addresses
• What are provider independent IP
addresses?
– Public IP addresses that are not allocated to
you by your Internet Service Provider.
• Can move between service providers
without renumbering
• If REN assigns IP, then it is NOT provider
independent, your REN is a provider
 To NAT or not to NAT
• NAT is common technique to reduce
number of IP addresses required
• NAT makes some things hard.
– NAT breaks things like SIP (standard-based
VoIP), which you have to work around
– NAT translation device needs to know about
applications. Stifles innovation.
• NAT is probably a reality for some
• Still need some public IP space
What About Campus Networks?
• The Campus Network is the foundation for
all Research and Education activity
• Without a good campus network, the
Research and Education Network can’t
work as well as it should
• Ad-hoc campus networks work OK with
VSAT uplinks, but moving to high speed
external links, they start to fail.
 Campus Network Personnel
• Every campus should have at least one
person who does nothing but work on the
network. Not email systems, not course
management systems. Just networks.
• Larger campuses will need more
• University of Oregon has 8 people just
doing networking plus 3 doing security
– Started small 20 years ago with 2 people
 Why is This Stuff Important
• The campus network is the foundation that
all services are provisioned on
• Ad hoc networks just don’t work well
• Without a plan, how will you know where
to make investments?
• You must develop a plan to get Provider
Independent Public IP address space
 Campus Network Rules
• Build Separate Core and Edge Networks
• Minimize number of network devices in any path
• Use standard solutions for common situations
• Provide services near the core
• Separate border routers from core
• Provide opportunities to firewall and shape
network traffic
 Core versus Edge
• Core network is the “core” of your network
– Provides service between buildings
– Must have reliable power and air conditioning
– May have multiple cores
– Always route in the core
• Edge is toward the edges of your network
– Edge is inside of individual buildings to
individual computers
– Always switch at the edge
 Core versus Edge
Core
Router

Core

Edge
Building

Fiber Optic Links

Fiber Optic Links

Building Building
Building
Building
Building
 Minimize Number of Network
Devices in the Path
• Build star networks

• Not daisy chained networks

 Edge Networks
• Make every network look like this:

Fiber link to
core router
 Edge Networks Continued
• Build Edge network incrementally as you
have demand and money
• Start Small:
Fiber link to
core router
 Edge Networks Continued
• Then as you need to add machines to the
network, add a switch to get this:
Fiber link to
core router
 Edge Networks Continued
• And keep adding switches to get to the
final configuration
Fiber link to
core router
 Edge Networks Continued
• And keep adding switches to get to the
final configuration
Fiber link to
core router
 Edge Networks Continued
• Resist the urge to save money by breaking this
model and daisy chaining networks or buildings
together
• Try hard not to do this: Fiber link to
core router
Link to
another
building
Link to adjacent building
 Edge Networks Continued
• There are cases where you can serve multiple
small buildings with one subnet.
• Do it carefully. Copper or fiber
• Two basic models: link to core router

Fiber link to Switch in core

core router location

Fiber circuits to small buildings

Cat5e Cat5e
or fiber or fiber
 Core Networks
Core
Router

Core

Edge
Building

Fiber Optic Links

Fiber Optic Links

Building Building
Building
Building
Building
 Core Network
• Reliability is the key
– remember many users and possibly your whole network relies on the core
• May have one or more network core locations
• Core location must have reliable power
– UPS battery backup (redundant UPS as your network evolves)
– Generator
• Core location must have reliable air conditioning
• As your network evolves, core equipment should be equipped with
dual power supplies, each powered from separate UPS
• Border routers separate from Core
• Firewalls and Traffic Shaping Devices
• Intrusion Detection
• Intrusion Prevention
• Network Address Translation
 Core Network
• At the core of your network should be routers – you must
route, not switch.
• Routers give isolation between subnets
• A simple core:
Firewall/
Border Router Core Router All router
Traffic Shaper
interfaces on a
separate subnet

Fiber optic links to remote buildings

Central
Servers for
campus
 Border Router
• Connects to outside world
• RENs and Peering are the reason you need
them
• Must get Provider Independent IP address
space to really make this work right
Internet
Exchange REN

Campus
Network
 Remember the Rules
• Build star networks – don’t daisy chain
• Use managed switches
– You can’t do a lot of things I’ve talked about
with unmanaged switches
– re-purpose your old unmanaged switches for
labs
• Route in the core
• Switch at the edge