九州大学の無線LANシステム kitenet

Download Report

Transcript 九州大学の無線LANシステム kitenet

Campus Wireless Network
kitenet
Koji OKAMURA
Research Institute for Information Technology,
Kyushu University
Overview of Kyushu Univ.
• is located in Fukuoka City of Fukuoka
Prefecture.
– Population of Fukuoka City is 1.3M.
– Population of Fukuoka Pref. is 5.0M.
• has
– 20,000 students and 10,000 staffs
(faculties and etc.).
– and two main big campus (hakozaki and
ito) and several satellite campus (hospital,
chikushi and oohashi ).
– every campus are connected 10G.
• uses
– AS2508 and one Class B address
(133.5.0.0/16).
Campus of Kyushu Univ.
Main
Hospital
15km
New Main
Art
Material,
Energy etc
Why Campus Wireless Network is necessary ?
• Everyone of Kyushu Univ. want to use Internet when
they come to University.
• Everyone had bought and set-upped their own
Wireless AP.
– Only owner can use his Wireless AP even there are so
many Wireless APs in campus.
– Policies for Member of Kyushu Univ. and guests should be
different.
• Computer Center had decide to introduce Campus
wide wireless network in 2006.
The 1st Version (2003~2007)
• Mobile IP based.
– Non Standard.
•
•
•
•
228APs
Special Driver (Software) is necessary.
The product becomes “Dis-Continue”.
No Windows Vista support.
The 2nd Version (2006~
• 802.1x Base
• 591 APs
• APs are installed with
core network when the
new building is build.
Infrastructure
Campus Network
of Kyushu Univ.
(KITE)
Authentication Server
Commercial
Network
Ether Switch
Authentication
Campus Network
of Kyushu Univ.
(KITE)
Authentication Server
Commercial
Network
Ether Switch
Connecting
Campus Network
of Kyushu Univ.
(KITE)
Authentication Server
Dynamic VLAN
Commercial
Network
Ether Switch
Policy for each user can be supported.
Campus Network
133.5.11.0/24
of Kyushu Univ.
133.5.22.0/24
(KITE) 133.5.7.0/24
Authentication Server
Commercial ISP
Tohoku Univ.
Commercial
Network
Kyoto Univ.
Ether Switch
System Design
• Functions
– Authentication
• 802.1x → Mandatory
• Web → Option
– Dynamic VLAN
Radius
Server
• Wired
Core SW
SW
which can not
pass
EAP packets
– AX (MAC VLAN)
• 802.1 1X
– SW or Wireless AP which
can pass EAP packets can
be cascaded.
AX-630x • Web
Wireless AP
by Allied Telesis
Center Network
User Network
• Wireless
– Allied Tetesis (Tagged VLAN)
• 802.1X
• Web(not supported)
AT-TQ2403
AX
Port which is set of
Authentication
SW or Wireless AP
which can pass
EAP packets
Dynamic VLAN
Wireless
AP
Wired
SW
Wireless
AP
Wired
SW
Wireless
AP
VID=xxx
VID=yyy
VID=zzz
Radius
kitenet (IPv4)
Wireless
AP
Wired
SW
Wireless
AP
Wired
SW
Wireless
AP
10.1.0.0/16
VID=xxx
10.2.0.0/16
VID=yyy
NAT
Internet
NAT
Kyush
u Univ.
ISP
kitenet (IPv6)
Wireless
AP
Wired
SW
10.1.0.0/16
10.2.0.0/16
Wireless
AP
Wireless
AP
VID=xxx
2001:200:905:15f1::/64
VID=yyy
2001:200:905:15f2::/64
QGPOP
IPv6
Internet
Wired
SW
NAT
NAT
Kyush
u Univ.
ISP
The current situation
• every one can use Internet using Windows, Mac,
iPhone, Windows Mobile….
• even guests can use Internet when they come to
Kyushu Univ. based on security policy of Kyushu Univ.
– Conference at Kyushu Univ.
Future Works
• Big segment across whole campus
management/authentication
Kyushu University
Main
Guest
Hospital
15km
New
Art
Material,
Energy etc
Future Works
• They should be segmented.
Authentication
Management
Kyushu Univ.
Guest
• IPv4 is used for each segment.
– Virtual Router will support the routing.
Thank you very much!