Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
RTC Network Background• Campus network since 2009 originally serving a base
of ~350 users with < 1 device per person• Scarce bandwidth, challenges with reliability• Was a need to expand, add more wifi access points• Implementation of fiber backbone network
connecting more distant buildings• Growth to user base of ~1,300 since 2013, now > 1
device per person on average
RTC Network
• Fiber to major buildings, some Ethernet• End-point media converters to switches (100Mbps), Ethernet
to access ports (in offices) or WiFi APs (~80 across campus, all in bridge mode)• All centrally monitored in an open-source firewall appliance
RTC Network• 30 Mbps internet over fiber from
Bhutan Telecom and Nano (load balancing through gateway / boarder router• 6 global IP addresses, NAT / port
forwarded to LAN server / firewall core router: pfSense• FreeBSD-based firewall, installed
on a MiniITX computer with dual Gb NICs (WAN/LAN)• Migrated from a ClearOS firewall
Firewall• Do-it-yourself firewall appliance with most of the
advanced features of commercial products, webGUI
• RTC LAN:
• LAN is one single flat network: 172.16.0.0/20, all clients
assigned over DHCP except some static IPs for official uses
• Strict firewalling, traffic only for allowed ports
• DNS fixed in server to OpenDNS, extremely difficult to
circumvent traffic filtering; easy blocking of gaming, porn,
file and video sharing, social networking sites during office
hours, etc.
• Proxy/caching possible, but shows no real performance
benefit
Traffic shaping• Traffic shaping / QoS: set to per-host fair share of bandwidth
depending on load – solves most bandwidth hog problems; traffic is automatically shaped only when the demand exceeds the capacity