Embed Size (px)
Citation preview
Royal Thimphu CollegeCampus Network Management
RTC Network Background• Campus network since 2009 originally serving a base
of ~350 users with < 1 device per person• Scarce bandwidth, challenges with reliability• Was a need to expand, add more wifi access points• Implementation of fiber backbone network
connecting more distant buildings• Growth to user base of ~1,300 since 2013, now > 1
device per person on average
RTC Network
• Fiber to major buildings, some Ethernet• End-point media converters to switches (100Mbps), Ethernet
to access ports (in offices) or WiFi APs (~80 across campus, all in bridge mode)• All centrally monitored in an open-source firewall appliance
RTC Network• 30 Mbps internet over fiber from
Bhutan Telecom and Nano (load balancing through gateway / boarder router• 6 global IP addresses, NAT / port
forwarded to LAN server / firewall core router: pfSense• FreeBSD-based firewall, installed
on a MiniITX computer with dual Gb NICs (WAN/LAN)• Migrated from a ClearOS firewall
Firewall• Do-it-yourself firewall appliance with most of the
advanced features of commercial products, webGUI
• RTC LAN:
• LAN is one single flat network: 172.16.0.0/20, all clients
assigned over DHCP except some static IPs for official uses
• Strict firewalling, traffic only for allowed ports
• DNS fixed in server to OpenDNS, extremely difficult to
circumvent traffic filtering; easy blocking of gaming, porn,
file and video sharing, social networking sites during office
hours, etc.
• Proxy/caching possible, but shows no real performance
benefit
Web Content Filtering
Bandwidth monitoring• Typically ~200-300 simultaneous flows
Traffic shaping• Traffic shaping / QoS: set to per-host fair share of bandwidth
depending on load – solves most bandwidth hog problems; traffic is automatically shaped only when the demand exceeds the capacity
Traffic shaping• Uses limiters based on dummynet• Dynamic so that each host gets its own pipe
Challenges
• Mostly flat network, unmanaged switches = noisy• Efficiency problems• Weak points and lack of redundancy• Challenges implementing policy; circumvention of
network controls• Network security issues• IT staff training
