Embed Size (px)
Citation preview
CCSE NETWORK STRUCTURE
CCSE NETWORK OUTLINE
• Mid-sized Building Network spanning over Building 22 and Building 23.
• Autonomous from ITC’s KFUPM Domain– Different IP domain– Independent Services– Separate Network Administration and
Management– Separate Budgeting
CCSE Network Administration
• CCSE Network Administration is broken down into four groups– Windows PC Administration Group– Unix Administration Group– Network and Hardware Services– User Support Services
CCSE Network Administration
• Windows Administration– Responsible for Windows Labs, User Accounts, Student Storage
Drives, Faculty Teaching Support
• Unix Administration– Responsible for Unix Labs, Majority of servers and services,
research groups, Faculty Teaching Support
• Network & Hardware Services– Network Infrastructure installation, maintenance and management.
– Installation of servers, Printers and PCs
– All Hardware Services
CCSE NETWORK OUTLINE• Six networks, segmented based on functionality
comprise the overall CCSE Network– Faculty Network (196.1.65.0/24)– Student Network (172.16.0.0/16)– Unix Network (196.1.64.0/24)– Management Network (196.1.67.0/24)– Wireless Network (192.168.100.0/24)– Remote Access Service (RAS) – Dialup connections
(10.222.0.0/24)ITC uses the 10.0.0.0 network, with variable subnetting.
CCSE Network Structure
196.1.64.0/24
196.1.67.0/24172.16.0.0/16
196.1.65.0/24
10.222.0.0/24ITC Network192.168.100.0/24
CCSE NETWORK OUTLINE
CCSE NETWORK INFRASTRUCTURE
• Initial Network Structuring used Coaxial Cable• In early 1990s, decision was taken to scrap Coaxial and
move to UTP/Fiber.• UTP – Category 5/5E
– Ability to scale up to Gigabit connectivity– Deliver Gigabit to Desktop if required in future
• Fiber – MultiMode Fiber– Works till 500 meters. Suits CCSE requirements– Easier to work with and deploy– Scalability Guaranteed– Fiber deployed at Distribution layer
CCSE NETWORK INFRASTRUCTURE
• Layer-2 at both Access and Distribution layer is 3Com
• Comparatively Inexpensive with good ROI
• Educational Institution – No Enterprise demands such as VPNs or Multimedia Conferencing
• Layer-3 at Distribution and Core is Cisco
• Core and Distribution layer is where Servers are located and it is the Backbone of the network
• Need for reliability and extensive features for segmentation, security and traffic control.
CCSE INTER-NETWORKING
• Dynamic Routing implemented at the CCSE Cisco backbone.
• No static routes
• RIPv1 is used for routing within CCSE and between CCSE/ITC.
– No real subnetting within CCSE. Hence RIPv1 suffices
– ITC uses VLSM to segment its network and hence uses EIGRP on its network
CCSE NETWORK SERVERS AND SERVICES
- Unix Services- Solaris, Linux, Unix, and MacOS Environments- Email on [email protected] domain- Shell Terminal accounts and storage- VNC Terminal Emulation- Web-hosting- High Performance, Parallel and Distributed Computing- OPNET
- Windows Services- Windows Active Directory based student, faculty and staff accounts- Student accounts and storage- Exchange Server and Calendaring Facility for faculty- Numerous Software and applications
Network Peculiarities
• A very large IP address space is in use for Student’s network. The 172.16.0.0/16 offers 65000+ addresses while host machines in the network are approximately 500.
• Use of /24 network mask [~254 hosts] for faculty network. This is pushing the network with around 235 IP addresses in use.
• Use of public IP addresses – 196.1.65.0, 196.1.64.0 and 196.1.67.0
• Ad hoc growth pattern implies lack of layered structure – No proper distinction between Access/Distributed/Core layers
• Using RIP prevents route summarization on our Core router for ITC networks i.e., CCSE router has to keep a route map for ALL networks on ITC instead of one summarized route.
Network Peculiarities - Solutions
• Reallocate IP addressing to segment the 172.16.0.0 network
• Use EIGRP or OSPF within our network so that we can use Route Summarization to relieve memory resources on Backbone.
• Restructure network into properly layered structure
• Proper server location with respect to bandwidth demands
CCSE Network – Security
• Security is addressed in two layers– Network Level Security
• On routes using Access Control Lists
• An Intrusion Detection System on CCSE-ITC network (more of an academic exercise)
• Port Security on Switches – Binds Ports to pre-defined MAC addresses. Users cannot plug in their machines.
• Binded MAC – IPs. MAC addresses of user machines have to be first registered before they can get a network IP.
CCSE Network – Security
Security at Hosts• Host-based ACLs and rulesets
• Firewalls
• Central Active Directory, LDAP based User authentication/authorization
• Logging
CCSE Network - Management
• Management achieved through different network tools
– 3Com Network Supervisor
• Topology Discovery
• Resources Utilization
– MRTG
• Traffic plotting.
• Publicly available at http://196.1.67.151
– Ntop Traffic Characterization
CCSE Network – Wireless Network
• Rudimentary Wireless Network covering Department locations in the building
• Cisco centric with 802.11b at 11Mbps
• Security – – Static WEP key 128 Bit.
– Traffic Control via ACLs on router between Wireless and Wired network.
