ccse network structure

Download Report

Transcript ccse network structure

CCSE NETWORK
STRUCTURE
CCSE NETWORK OUTLINE
• Mid-sized Building Network spanning over
Building 22 and Building 23.
• Autonomous from ITC’s KFUPM Domain
– Different IP domain
– Independent Services
– Separate Network Administration and
Management
– Separate Budgeting
CCSE Network Administration
• CCSE Network Administration is broken
down into four groups
–
–
–
–
Windows PC Administration Group
Unix Administration Group
Network and Hardware Services
User Support Services
CCSE Network Administration
• Windows Administration
– Responsible for Windows Labs, User Accounts, Student Storage
Drives, Faculty Teaching Support
• Unix Administration
– Responsible for Unix Labs, Majority of servers and services,
research groups, Faculty Teaching Support
• Network & Hardware Services
– Network Infrastructure installation, maintenance and management.
– Installation of servers, Printers and PCs
– All Hardware Services
CCSE NETWORK OUTLINE
• Six networks, segmented based on functionality
comprise the overall CCSE Network
–
–
–
–
–
–
Faculty Network (196.1.65.0/24)
Student Network (172.16.0.0/16)
Unix Network (196.1.64.0/24)
Management Network (196.1.67.0/24)
Wireless Network (192.168.100.0/24)
Remote Access Service (RAS) – Dialup connections
(10.222.0.0/24)
ITC uses the 10.0.0.0 network, with variable subnetting.
CCSE Network Structure
192.168.100.0/24
ITC Network
10.222.0.0/24
196.1.64.0/24
196.1.65.0/24
196.1.67.0/24
172.16.0.0/16
CCSE NETWORK OUTLINE
CCSE NETWORK
INFRASTRUCTURE
• Initial Network Structuring used Coaxial Cable
• In early 1990s, decision was taken to scrap Coaxial and
move to UTP/Fiber.
• UTP – Category 5/5E
– Ability to scale up to Gigabit connectivity
– Deliver Gigabit to Desktop if required in future
• Fiber – MultiMode Fiber
– Works till 500 meters. Suits CCSE requirements
– Easier to work with and deploy
– Scalability Guaranteed
– Fiber deployed at Distribution layer
CCSE NETWORK
INFRASTRUCTURE
• Layer-2 at both Access and Distribution layer is 3Com
• Comparatively Inexpensive with good ROI
• Educational Institution – No Enterprise demands
such as VPNs or Multimedia Conferencing
• Layer-3 at Distribution and Core is Cisco
• Core and Distribution layer is where Servers are
located and it is the Backbone of the network
• Need for reliability and extensive features for
segmentation, security and traffic control.
CCSE INTER-NETWORKING
• Dynamic Routing implemented at the CCSE Cisco
backbone.
• No static routes
• RIPv1 is used for routing within CCSE and between
CCSE/ITC.
– No real subnetting within CCSE. Hence RIPv1 suffices
– ITC uses VLSM to segment its network and hence uses
EIGRP on its network
CCSE NETWORK SERVERS
AND SERVICES
- Unix Services
-
Solaris, Linux, Unix, and MacOS Environments
Email on [email protected] domain
Shell Terminal accounts and storage
VNC Terminal Emulation
Web-hosting
High Performance, Parallel and Distributed Computing
OPNET
- Windows Services
-
Windows Active Directory based student, faculty and staff accounts
Student accounts and storage
Exchange Server and Calendaring Facility for faculty
Numerous Software and applications
Network Peculiarities
• A very large IP address space is in use for Student’s network. The
172.16.0.0/16 offers 65000+ addresses while host machines in the
network are approximately 500.
• Use of /24 network mask [~254 hosts] for faculty network. This is
pushing the network with around 235 IP addresses in use.
• Use of public IP addresses – 196.1.65.0, 196.1.64.0 and 196.1.67.0
• Ad hoc growth pattern implies lack of layered structure – No proper
distinction between Access/Distributed/Core layers
• Using RIP prevents route summarization on our Core router for ITC
networks i.e., CCSE router has to keep a route map for ALL networks
on ITC instead of one summarized route.
Network Peculiarities - Solutions
• Reallocate IP addressing to segment the
172.16.0.0 network
• Use EIGRP or OSPF within our network so that
we can use Route Summarization to relieve
memory resources on Backbone.
• Restructure network into properly layered
structure
• Proper server location with respect to bandwidth
demands
CCSE Network – Security
• Security is addressed in two layers
– Network Level Security
• On routes using Access Control Lists
• An Intrusion Detection System on CCSE-ITC network (more
of an academic exercise)
• Port Security on Switches – Binds Ports to pre-defined MAC
addresses. Users cannot plug in their machines.
• Binded MAC – IPs. MAC addresses of user machines have to
be first registered before they can get a network IP.
CCSE Network – Security
Security at Hosts
• Host-based ACLs and rulesets
• Firewalls
• Central Active Directory, LDAP based User
authentication/authorization
• Logging
CCSE Network - Management
• Management achieved through different network tools
– 3Com Network Supervisor
• Topology Discovery
• Resources Utilization
– MRTG
• Traffic plotting.
• Publicly available at http://196.1.67.151
– Ntop Traffic Characterization
CCSE Network – Wireless
Network
• Rudimentary Wireless Network covering Department
locations in the building
• Cisco centric with 802.11b at 11Mbps
• Security –
– Static WEP key 128 Bit.
– Traffic Control via ACLs on router between Wireless and Wired
network.