1 / 28

State of the Network 2005: An General Overview of the York Data Network

Donal Lynch Network Operations Computing & Network Services 15 June 2005. State of the Network 2005: An General Overview of the York Data Network. Agenda. Current Network Design GTAnet & ORION Networks Border Network Design, Internet Connectivity & Peering

Angelica
Télécharger la présentation

State of the Network 2005: An General Overview of the York Data Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Donal Lynch Network Operations Computing & Network Services 15 June 2005 State of the Network 2005:An General Overview of the York Data Network

  2. Agenda Current Network Design GTAnet & ORION Networks Border Network Design, Internet Connectivity & Peering Internet Traffic Shaping & Security Internet/R & E Network Bandwidth Network Infrastructure Upgrade Project AirYork Expansion Plans Planned Changes to YorkNet, ResNet and AirYork The End of IPX and ATALK at York The Central Server Room NetInfo Demo.

  3. York Network Design: Circa 1991 ISTS Internet 1 Ethernet 3 Ethernets 4 rings Glendon 1 Ethernet CS LocalTalk 8 Ethernets

  4. York Network Design: 1994 Glendon 12 Ethernets 17 Ethernets 9 Ethernets 15 TRs 7 Ethernets 2 Ethernets Edu Remotes 13 Ethernets 16 Ethernets ISTS, Onet, CA*net, Internet

  5. York Network Design: Early 1998 Backbone FDDI CCS Machine Room FDDI Building Ethernets Building Ethernets ISTS DS-3 Onet, CA*net, Internet ATM Switch Fast Ethernet PIX Ethernets Switch T-1 Glendon Building Ethernets Building Ethernets & Modem Pools Remote Sites Building Ethernets

  6. Network Drops & Hardware 1994: Approx. 4000 Network Drops at York 2000: Approx. 11,200 Network Drops at York 2005: Over 25,000 Network Drops at York Current Production Hardware: 8 Bluesocket Wireless Access Gateways 154 Cisco Wireless Access Points 3 Cisco 3000 Series VPN Concentrators 5 Cisco (Modem Pool) Access Servers (Various Types) 18 Cisco 2500 Series Routers 284+ Cisco Layer 2 Switches (Various Types), Non Blocking. 3 Cisco 5500 Series Multilayer Switches 6 Cisco 6500 Series Multilayer Switches, 256-720 Gbps Backplane 8 Cisco Firewalls (Various Types) Other Assorted Devices (ex: server console ports ASMs, etc,) 6 DNS Servers, 5 DHCP Servers, NTP Servers

  7. Network Design Philosophy York's network uses a hierarchical, three layer design – core, distribution and access. This design provides for a fast, reliable and stable network. It allows for easy expansion and fault isolation. Currently York's network is physically hierarchical, but not logically hierarchical (ex: currently certain VLANs appear on more than one switch). A network core design that is both logically and physically hierarchical is often referred to as a “Layer 3 Core”. A “Layer 3 core” design will be required if it becomes necessary deploy redundant links and/or redundant hardware or to introduce services that may require high availability, such as VoIP. We are slowly moving towards a “Layer 3 core”.

  8. York Network Design: 2005

  9. GTAnet: A High Speed R & E Networkwww.gtanet.ca Member Owned and Operated. York CIO, Bob Gagne is the Chair of GTAnet

  10. ORION: A High Speed R & E Networkwww.orion.on.ca York VP Stan Shapson is Chair of the Board of Directors for ORION

  11. Border Network Design:R & E Network and Internet Connectivity + Peering Traffic between York and Cogent (Commodity Internet) goes through the Traffic Shaper. Traffic between York and Cogent travels through the GTAnet and ORION network using private Layer 2 VLANs. All other traffic does not go through the Traffic Shaper. Research & Educational Networks (ORION, CA*Net, Internet2, etc) Peers via torix.net (ex: Rogers, Cogeco, Google, ACI, Q9, etc.). NOT BELL. GTAnet PoP at York ORION PoP at York Traffic Shaper L2 Switch Intrusion Prevention System Internet York Border Router Cogent PoP at 151 Front TORIX at 151 Front GTAnet PoP at UofT ORION PoP at 151 Front

  12. Traceroute/Ping to a Rogers Customer traceroute to 24.156.246.1 (24.156.246.1), 30 hops max, 38 byte packets 1 ccsnoc168.gw.yorku.ca (130.63.168.1) 0.481 ms 0.261 ms 0.211 ms 2 gladiator.gw.yorku.ca (130.63.27.18) 0.275 ms 0.261 ms 0.231 ms 3 205.211.95.129 (205.211.95.129) 0.719 ms 0.326 ms 0.297 ms 4 ORION-GTANET-RNE.DIST2-TORO.IP.orion.on.ca (66.97.23.125) 0.483 ms 0.381 ms 0.393 ms 5 BRDR2-TORO-GE2-2.IP.orion.on.ca (66.97.16.125) 0.853 ms 0.901 ms 0.855 ms 6 gw-rogers.torontointernetxchange.net (198.32.245.29) 1.078 ms 1.049 ms 1.068 ms 7 gw02.wlfdle.phub.net.cable.rogers.com (66.185.81.17) 1.258 ms 1.315 ms 1.129 ms 8 gw01.ym.phub.net.cable.rogers.com (66.185.80.221) 1.897 ms 1.949 ms 2.074 ms 9 gw04.ym.phub.net.cable.rogers.com (66.185.93.22) 1.781 ms 1.872 ms 1.786 ms 10 tlgw45.ym.phub.net.cable.rogers.com (24.156.246.1) 2.953 ms 2.187 ms 2.533 ms PING 24.156.246.85 (24.156.246.85): 56 data bytes 64 bytes from 24.156.246.85: icmp_seq=0 ttl=117 time=55.2 ms 64 bytes from 24.156.246.85: icmp_seq=1 ttl=117 time=51.2 ms 64 bytes from 24.156.246.85: icmp_seq=2 ttl=117 time=35.5 ms 64 bytes from 24.156.246.85: icmp_seq=3 ttl=117 time=118.3 ms 64 bytes from 24.156.246.85: icmp_seq=4 ttl=117 time=55.2 ms 64 bytes from 24.156.246.85: icmp_seq=5 ttl=117 time=50.9 ms 64 bytes from 24.156.246.85: icmp_seq=6 ttl=117 time=50.9 ms

  13. Traceroute to Simon Fraser in BC traceroute to buntzen.sfu.ca (142.58.200.82), 30 hops max, 38 byte packets 1 ccsnoc168.gw.yorku.ca (130.63.168.1) 0.351 ms 0.213 ms 0.206 ms 2 gladiator.gw.yorku.ca (130.63.27.18) 0.279 ms 0.222 ms 0.214 ms 3 205.211.95.129 (205.211.95.129) 0.566 ms 0.286 ms 0.320 ms 4 ORION-GTANET-RNE.DIST2-TORO.IP.orion.on.ca (66.97.23.125) 0.457 ms 0.372 ms 0.367 ms 5 BRDR2-TORO-GE2-2.IP.orion.on.ca (66.97.16.125) 0.870 ms 0.850 ms 0.891 ms 6 c4-tor01.canet4.net (205.189.32.214) 1.207 ms 2.052 ms 4.850 ms 7 c4-cal01.canet4.net (205.189.32.5) 45.632 ms 45.916 ms 45.648 ms 8 c4-bcnet.canet4.net (205.189.32.193) 58.904 ms 58.854 ms 58.756 ms 9 R1-SFU-ORAN.BC.net (142.231.1.41) 59.142 ms 59.068 ms 58.945 ms 10 142.58.29.209 (142.58.29.209) 59.622 ms 129.551 ms 59.190 ms 11 buntzen.sfu.ca (142.58.200.82) 60.055 ms 59.343 ms 59.575 ms

  14. Traceroute to pepsi.com traceroute to pepsi.com (216.52.186.120), 30 hops max, 38 byte packets 1 ccsnoc168.gw.yorku.ca (130.63.168.1) 0.275 ms 0.197 ms 0.204 ms 2 gladiator.gw.yorku.ca (130.63.27.18) 0.272 ms 0.218 ms 0.214 ms 3 f0-11.na01.b011027-0.yyz01.atlas.cogentco.com (38.112.19.13) 1.435 ms 1.279 ms 1.765 ms 4 g1-2.core01.yyz01.atlas.cogentco.com (66.250.14.229) 2.079 ms 3.405 ms 3.241 ms 5 p13-0.core02.ord01.atlas.cogentco.com (66.28.4.213) 16.000 ms 15.314 ms 16.541 ms 6 p12-0.core01.mci01.atlas.cogentco.com (66.28.4.33) 27.411 ms 26.474 ms 26.621 ms 7 p5-0.core02.dfw01.atlas.cogentco.com (66.28.4.37) 36.003 ms 36.114 ms 36.308 ms 8 p2-0.core01.dfw03.atlas.cogentco.com (154.54.1.170) 36.524 ms 36.398 ms 36.474 ms 9 core101.cogent-213.ext1a.dal.pnap.net (63.251.32.82) 37.379 ms 36.839 ms 36.938 ms 10 border1.ge3-1-bbnet1.ext1a.dal.pnap.net (216.52.191.24) 37.003 ms 36.852 ms 36.971 ms 11 tribalddb-4.border1.ext1a.dal.pnap.net (216.52.189.234) 37.505 ms 35.924 ms 36.277 ms 12 *

  15. Traffic Shaping Nothing is blocked at the traffic shaper. Traffic is blocked at the IPS. Peer-to-Peer filesharing applications are given a low priority and a cap is placed on the total amount of commodity internet bandwidth that P2P can consume (currently 25 Mbps inbound & 10 Mbps outbound). Traffic that is sensative to latency and jitter (ex: streaming media, telnet, ssh), are given high priorities. There are no caps or rate limits on this traffic Everything else is given a mid level priority. There are no caps or rate limits on this traffic with a few exceptions: http traffic to/from debian.yorku.ca is capped skype is rate limited on a per IP basis at 56 Kbps

  16. Intrusion Protection System • Installed January 2005 • Co-managed by InfoSec and NetOps • NetOps is responsible for the management and operation of the hardware. • InfoSec is responsible for setting policy. • Performs packet inspection at Layer 2-7 • Adds less than 216 microsecond latency • Think of it as a firewall on steroids.

  17. Internet and GTAnet Bandwidth

  18. Internet & GTAnet Bandwidth Utilization Network Utilization Statistics available at: http://netops.yorku.ca Cogent Interface – Commodity Internet: Daily Average GTAnet Interface – R & E Networks and Internet Peers: Daily Average

  19. Infrastructure Upgrade Project In Progress Or Planned For 2005/2006 Fiscal Year: Atkinson College Lumbers Kinsmen Central Square Bethune College Behaviour Sciences Calumet College Bookstore & York Lanes Founders College McLaughlin College Stong College Vari Hall Ross (partial, as per renovations) http://www.yorku.ca/yrkinfra The schedule on the website is not current. Glendon has been postponed until next year. Osgoode has been postponed until renovation plans are finalized. As part of the upgrade network ports will be upgraded from 10-Base-T to 100-Base-TX. Network cables will be upgrade to Category 6. Fibre cables will be upgraded from Multi-mode to Single-mode Building switch uplinks will be upgraded from 100-Base-FX to 1000-Base-LX. The number of switches in each building will likely increase resulting in even more uplink ports. As

  20. AirYork Expansion Plans:250 New 802.11g Access Points Wall-to-wall wireless coverage in the following buildings by September: Atkinson Central Square CFT Chemistry Curtis Lecture Hall CSE Farquharson GCFA HNES Kinsmen Lumbers Scott Library (with exceptions – between stacks, in the basement, etc.) Steacie Library Stedman Lecture Hall Student Centre Vanier College Depending on the Infrastructure Upgrade Project, building renovations, and construction, the following buildings should have wall-to-wall building coverage sometime during Fiscal 2005/2006: Accolade York Lanes We will also be deploying wireless service to the 9th floor of the Ross Building.

  21. ResNet & The New Kiosk Service YorkNet to be split into three services, called YorkNet, ResNet and the new Kiosk Service See announcement on CNS Website For More Info On the Changes. Although “Home Routers” will be allowed on the ResNet network, hubs, switches and routers are still prohibited elsewhere on the campus network as per the Official University Network Security and Management Guidelines and Procedures. “All points of access to the University Network (including network drops and wireless access points) require authorization by the Central Computing Support Group.” The Kiosk service will be specifically for publically accessible kiosks. This service will operate in essentially the same manner as the current YorkNet/ResNet service except kiosk admins. will be required to manually register the MAC addresses. The main users of this service will be CNS & the Library.

  22. The New YorkNet The new YorkNet service will now service only those red network jacks that are not part of the ResNet or the Kiosk services. The new YorkNet will operate almost identically to the AirYork service. With the new service, mobile computing users will have the same experience whether connecting to the wireless or wired network.

  23. Planned AirYork, ResNet & YorkNet Security Changes As noted in the CNS Computing Plan for 2005/2006, laptops have become a significant vector for the introduction of compromised machines onto the York network. At the request of InfoSec we will be restricting the kinds of traffic that can pass between the AirYork and YorkNet services and the rest of the York Data Network. The restrictions will likely be similar to the restrictions at the Border Router. For example, the most common vectors for attack, Windows Networking/File Sharing, will be blocked as it is at the border.

  24. I Have A Dream.... We've been trying for 7 years and we aren't giving up. The end of IPX and ATALK on campus is coming. Supporting IPX and ATALK is expensive, difficult to support and troubleshoot. All major vendors, including Novell and Apple are moving away from IPX and ATALK to IP.

  25. York Central Server RoomFor More Info: helpdesk@yorku.ca • Pros: • Fully Redundant Power To Server Room. • Roughly one power outage per week at York. • A/C Services Monitored 24 x 7. • Gb Ethernet Service Available. • Server Room Network Supported 7x24x365 • Building switches are generally supported 07:00 – 22:00hrs. Due to access restrictions some building switches are only supported during normal business hours. • Access via Electronic Key Card. • Faster Central Backups. • Cons: • Outside normal hours you'll need Security to get access. • OTO cost for space.

  26. NetInfo Demo

  27. Presentation Will Be Available Online Go to http://netops.yorku.ca Select “Network Presentations & Papers”

  28. The End • Questions?

More Related