170 likes | 534 Vues
Network Infrastructure. IT Supporters Update – 26 June 2007. Contents. Network overview Server connectivity upgrade Wireless network changes Subnet changes DNS and DHCP infrastructure. Network overview. Two separate networks readingConnect (for halls of residence) Campus network
E N D
Network Infrastructure IT Supporters Update – 26 June 2007
Contents • Network overview • Server connectivity upgrade • Wireless network changes • Subnet changes • DNS and DHCP infrastructure
Network overview • Two separate networks • readingConnect (for halls of residence) • Campus network • Both networks share common border area • Focus on campus network • Each building connected at a minimum of 1Gbit/s • Except for Bulmershe and halls of residence • New router to be installed at Bulmershe to make better use of existing switches and infrastructure • Halls of residence too far away for more than 100Mbit/s
Network overview • Border network forms connection between campus network, readingConnect and JANET • Two JANET connections • Each 1Gbit/s over long-range fibre • Diverse routes • Endpoints over 1.5Km apart • Fully resilient • Traffic split across both links during normal operation • Campus traffic one way • readingConnect traffic goes the other
Network overview • 10616 IP addresses in use by 8964 unique hosts • 1844 hosts registered but not seen on network since Feb • These will be removed at the end of July • A list will be distributed to IT Supporters at start of July • Monthly stats (2 hour average) show: • 92.81Mbit/s peak traffic flow from JANET to campus • Average flow of 27.17MBit/s inbound and 15.39MBits/ outbound • 95th percentile is 73.02Mbit/s
Server connectivity upgrade • Introduction of 10Gbit Ethernet into the core • Two new (large) switches to be installed into ITS machine rooms • Each switch will have 10GBit/s to each core router (20Gbit/s) • Two switches connected to each other at 20Gbit/s • Each switch configured to connect up to 240 ports at 1Gbit/s • Switches configured as redundant pair for routing server VLANs • Two small switches will provide secondary connections • To be used by important systems only (Exchange, etc)
Guest / wireless network changes • Deployment of JANET Roaming / Eduroam • Web-based redirect no longer permitted to be advertised as eduroam name • New wireless network across campus to sit alongside existing service • SSID ‘eduroam’ • Requires 802.1x and WPA / WPA2 encryption • Set up and forget – works everywhere that has Eduroam
Guest / wireless network changes • Changes to existing ‘rdg.ac.uk’ service • Will move outside firewall • But retain protection from Internet hosts • Same set of base services as for JANET Roaming • Additional resilience through second BlueSocket device • Web-based login will accept eduroam / JANET Roaming credentials • Proposed service changes Summer 2008: • Users will no longer be able to sign on with plain username • Must use ‘username@reading.ac.uk’ instead • Native CIFS access will be turned off – shares still accessible through NetDrive service (WebDAV gateway)
Guest / wireless network changes • New IP address ranges: • 134.225.24.0 – 134.225.27.255 for JANET Roaming service • 134.225.28.0 – 134.225.31.255 for plug-in and ‘rdg.ac.uk’ service • Old address ranges to be removed by September 2007: • 134.225.8.0 – 134.225.15.255
Subnet changes • Psychology to complete move to .114 subnet • Soil and Plant Science to move to own subnets • Systems Engineering to vacate .4 and .56 subnets • Student subnets in Careers, Chaplaincy and RUSU to be separated
DNS / DHCP infrastructure • Currently two central servers • Sun hardware • Open source software • A bunch of in-house scripts to generate DNS zones • More in-house scripts to generate DHCP configuration • Painful to manage • Relatively slow turn-around for IP address allocation
DNS / DHCP infrastructure • New Infoblox 1550 appliances (HA pair) • Take over as master DNS database • Replace Sun boxes for DHCP • GUI for managing IP address and hostname allocation • Should give faster turn-around on IP allocations • Possibility of delegation (at least read-only) to IT supporters • Expansion of DNS topology • Existing Sun boxes become dedicated DNS cache servers • Addition of DNS servers into DMZ for best practise • Possible additional IT Services managed DNS secondary server at off-site co-location facility