CCSE NETWORK STRUCTURE. CCSE NETWORK OUTLINE Mid-sized Building Network spanning over Building 22...

CCSE NETWORK STRUCTURE

CCSE NETWORK OUTLINE

• Mid-sized Building Network spanning over Building 22 and Building 23.

• Autonomous from ITC’s KFUPM Domain– Different IP domain– Independent Services– Separate Network Administration and

Management– Separate Budgeting

CCSE Network Administration

• CCSE Network Administration is broken down into four groups– Windows PC Administration Group– Unix Administration Group– Network and Hardware Services– User Support Services

CCSE Network Administration

• Windows Administration– Responsible for Windows Labs, User Accounts, Student Storage

Drives, Faculty Teaching Support

• Unix Administration– Responsible for Unix Labs, Majority of servers and services,

research groups, Faculty Teaching Support

• Network & Hardware Services– Network Infrastructure installation, maintenance and management.

– Installation of servers, Printers and PCs

– All Hardware Services

CCSE NETWORK OUTLINE• Six networks, segmented based on functionality

comprise the overall CCSE Network– Faculty Network (196.1.65.0/24)– Student Network (172.16.0.0/16)– Unix Network (196.1.64.0/24)– Management Network (196.1.67.0/24)– Wireless Network (192.168.100.0/24)– Remote Access Service (RAS) – Dialup connections

(10.222.0.0/24)ITC uses the 10.0.0.0 network, with variable subnetting.

CCSE Network Structure

196.1.64.0/24

196.1.67.0/24172.16.0.0/16

196.1.65.0/24

10.222.0.0/24ITC Network192.168.100.0/24

CCSE NETWORK OUTLINE

CCSE NETWORK INFRASTRUCTURE

• Initial Network Structuring used Coaxial Cable• In early 1990s, decision was taken to scrap Coaxial and

move to UTP/Fiber.• UTP – Category 5/5E

– Ability to scale up to Gigabit connectivity– Deliver Gigabit to Desktop if required in future

• Fiber – MultiMode Fiber– Works till 500 meters. Suits CCSE requirements– Easier to work with and deploy– Scalability Guaranteed– Fiber deployed at Distribution layer

CCSE NETWORK INFRASTRUCTURE

• Layer-2 at both Access and Distribution layer is 3Com

• Comparatively Inexpensive with good ROI

• Educational Institution – No Enterprise demands such as VPNs or Multimedia Conferencing

• Layer-3 at Distribution and Core is Cisco

• Core and Distribution layer is where Servers are located and it is the Backbone of the network

• Need for reliability and extensive features for segmentation, security and traffic control.

CCSE INTER-NETWORKING

• Dynamic Routing implemented at the CCSE Cisco backbone.

• No static routes

• RIPv1 is used for routing within CCSE and between CCSE/ITC.

– No real subnetting within CCSE. Hence RIPv1 suffices

– ITC uses VLSM to segment its network and hence uses EIGRP on its network

CCSE NETWORK SERVERS AND SERVICES

- Unix Services- Solaris, Linux, Unix, and MacOS Environments- Email on username@ccse.kfupm.edu.sa domain- Shell Terminal accounts and storage- VNC Terminal Emulation- Web-hosting- High Performance, Parallel and Distributed Computing- OPNET

- Windows Services- Windows Active Directory based student, faculty and staff accounts- Student accounts and storage- Exchange Server and Calendaring Facility for faculty- Numerous Software and applications

Network Peculiarities

• A very large IP address space is in use for Student’s network. The 172.16.0.0/16 offers 65000+ addresses while host machines in the network are approximately 500.

• Use of /24 network mask [~254 hosts] for faculty network. This is pushing the network with around 235 IP addresses in use.

• Use of public IP addresses – 196.1.65.0, 196.1.64.0 and 196.1.67.0

• Ad hoc growth pattern implies lack of layered structure – No proper distinction between Access/Distributed/Core layers

• Using RIP prevents route summarization on our Core router for ITC networks i.e., CCSE router has to keep a route map for ALL networks on ITC instead of one summarized route.

Network Peculiarities - Solutions

• Reallocate IP addressing to segment the 172.16.0.0 network

• Use EIGRP or OSPF within our network so that we can use Route Summarization to relieve memory resources on Backbone.

• Restructure network into properly layered structure

• Proper server location with respect to bandwidth demands

CCSE Network – Security

• Security is addressed in two layers– Network Level Security

• On routes using Access Control Lists

• An Intrusion Detection System on CCSE-ITC network (more of an academic exercise)

• Port Security on Switches – Binds Ports to pre-defined MAC addresses. Users cannot plug in their machines.

• Binded MAC – IPs. MAC addresses of user machines have to be first registered before they can get a network IP.

CCSE Network – Security

Security at Hosts• Host-based ACLs and rulesets

• Firewalls

• Central Active Directory, LDAP based User authentication/authorization

• Logging

CCSE Network - Management

• Management achieved through different network tools

– 3Com Network Supervisor

• Topology Discovery

• Resources Utilization

– MRTG

• Traffic plotting.

• Publicly available at http://196.1.67.151

– Ntop Traffic Characterization

CCSE Network – Wireless Network

• Rudimentary Wireless Network covering Department locations in the building

• Cisco centric with 802.11b at 11Mbps

• Security – – Static WEP key 128 Bit.

– Traffic Control via ACLs on router between Wireless and Wired network.