SlideShare a Scribd company logo

Campus network refresh

Jisc
Jisc

A presentation at Networkshop46, by David Stockdale

Technology
1 of 27
Download to read offline
Campus network refresh David Stockdale, Imperial College London
>17,000 students >8,000 staff >Main campus – South Kensington, London >Under construction – White City, London >6 other large campuses (hospitals, Silwood Park) >10+ other sites (hospitals, halls, sports grounds) >2 datacentres – Slough & South Ken >Centralised ICT Facts and figures – Imperial
>Over 65,000 unique hosts on wired network >Over 60,000 unique hosts on wireless network >Over 20,000 concurrent wireless clients at peak time >~400 active comms rooms (CWCs) >~20 dark fibre links >~15 Ethernet circuits >40G to Janet via two 2x10G trunks Facts and figures – Network
>Routers – 23x Juniper MX & Cisco 6500/6880/N7K >Smaller sites – 12x Juniper SRX 2xx/3xx >Firewalls – 2x Juniper SRX 3xxx >Switches – 1,900x Juniper & Extreme >Wireless – 2,900x Cisco lightweight APs >VoIP – 10,000x Cisco handsets Facts and figures – Equipment
Physical infrastructure Core location • Core router, dark fibre and optical equipment Distribution location • Site router, distribution switch Building ODF (BODF) • Passive fibre patching CWC • One or more stacks of edge switches
>One or more per building >Fewer, bigger CWCs >Stacks of edge switches >Until now cat 5e >In future cat 6a >Diverse fibre to BODF CWC
>One per building >No active equipment >Single-mode throughout >Fibre to dist locations BODF
>Typically 2-3 per site >Site router >Distribution switch >Fibre to core locations Distribution location
>Two in London >Core router >Lots of dark fibre >Lots of optical equipment >Also: >Firewalls >Border routers >Route reflectors >etc. Core location
>DWDM and CWDM >Physical topology != active topology >Up to 40x 10G* links over single fibre pair >Passive on shorter distances >Amplifiers on longer links >Coloured optics in our equipment >Transponders for links to other equipment WDM
Network hierarchy Core routers • 2 in London at different sites Site routers • Pairs, each attached to both core routers Distribution switches • Pairs, each attached to both site routers Edge switches • Each stack attached to both distribution switches
>2x MPLS P routers >No VRFs >Lots of 10G ports >Lots of IPv4/IPv6 P2Ps >OSPF v2/v3 as IGP – loopbacks & P2Ps >iBGP with route reflectors – other routes >PIM >LDP >ECMP >Links to border, site, datacentre and wireless routers Core routers
>VRF lite doesn’t scale well >No per-VRF P2Ps or routing protocols >VRFs don’t need to exist on intermediate routers >VRF routes in iBGP >L3VPN – IPv4 routes for VRFs >6VPE – IPv6 routes for VRFs >EoMPLS / VPLS / EVPN >MVPN – Multicast for VRFs (Draft-Rosen, not MPLS) MPLS
>2x central devices for everything >One-armed off border routers >VRFs map to zones >eBGP session per zone, landing in VRFs on routers >BGP for failover, rather than HA >Networks Group runs network side >Security Group maintains policy side Firewalls
>Production >BYOD >Guest >BMS >Device management >Registration >Banned >Many smaller VRFs VRFs / firewall zones
>MPLS PE routers >In pairs >Limited, expensive 10G ports >Dual-stack IPv4/IPv6 for production and BYOD >VRRP / HSRP >PIM, IGMP >2x10G to each core router (40G ECMP) Site routers
>Layer 2 only >MLAG pairs of stacks >Plentiful, affordable 1/10G ports >2x10G per stack to each router (40G total) Distribution switches
>1G PoE everywhere >Interested in 2.5/5G – works over cat5e >2x1/10G LACP to distribution >Standard set of per-VRF VLANs >All edge ports alike – VLANs assigned by RADIUS >No UPS >Edge SLA – higher SLA available in datacentre Edge switches
>~30% of our Internet traffic IPv6 >Dual stack on production & BYOD (including wireless) >AAAAs on most load-balanced services >Other services enabled: >Home directories (>95% IPv6!), more storage soon >Mail, DNS, Skype for Business, HEP systems >SLAAC rather than DHCPv6 (historical reasons) >Feature parity mandated in tenders IPv6
>2008 – First subnets enabled, separate firewalls >2010 – Upstream native IPv6, dual-stack firewalls >2010/11 – Most production and BYOD enabled >2010/11 – Some servers including mail & DNS >2011 – World IPv6 Day: College websites enabled >2013 – Wireless enabled >2015 – AAAAs added to most load-balanced VIPs >During a migration to new hardware >Single protocol backends IPv6 - Milestones
>IPv4 exhaustion – wireless is now using /17! >NAT will be inevitable – IPv6 minimizes it >HEP community – dependent on IPv6, run out of IPv4 >Overseas students – better IPv6 connectivity at home >People have it at home in UK! Sky, BT, Virgin (soon?) >Cost us very little, deploying opportunistically >Could cost a lot to deploy in a hurry! >We’ve seen very few problems IPv6 - Reasons
>Separate DMZ router connected to border routers >Initially for HEP, soon to be standard service >Bypasses firewall >Avoids upgrading whole path >Cheaper equipment but fewer features >Essential moving towards 100G >ECMP outbound, multiple subnets inbound = 40G! Science DMZ
>We’re gonna need a bigger pipe… :-/ Science DMZ – Success!
>Private network for participating HEP sites >Tagged VLANs on Janet links >BGP peerings into L3VPN >DMZ router has BGP peerings into Internet/LHCONE >More specific LHCONE prefixes preferred >It works… LHCONE
>Router configs built and managed by Ansible >Firewall groups fed from host database >Switch configs automatically generated >Network built from standard blocks >All edge ports alike >MPLS simplifies configuration >WDM and dark fibre surprisingly affordable >Simple is better! Automation & scalability
David Stockdale ICT Networks Group Imperial College London I have been… Exhibition Road, London, SW7 2AZ T 020 7594 6968 david@imperial.ac.uk www.imperial.ac.uk
Any questions? / Thank you

Recommended

Birds of a feather - network engineering
Birds of a feather - network engineeringBirds of a feather - network engineering
Birds of a feather - network engineering
Jisc
 
Experiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive researchExperiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive research
Jisc
 
Brocade IP Quick Guide
Brocade IP Quick GuideBrocade IP Quick Guide
Brocade IP Quick Guide
Roberto Rivas Lopez
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
MyNOG
 
General bypass application v1.4 2016
General bypass application v1.4 2016General bypass application v1.4 2016
General bypass application v1.4 2016
Christian Ferenz
 
6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)
Jeff Green
 
Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...
Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...
Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...
Netgear Italia
 
IPv6 implementation for end users
IPv6 implementation for end usersIPv6 implementation for end users
IPv6 implementation for end users
draskolnikova
 

Recommended

Birds of a feather - network engineering
Birds of a feather - network engineeringBirds of a feather - network engineering
Birds of a feather - network engineering
Jisc
 
Experiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive researchExperiments in 100G networking for data-intensive research
Experiments in 100G networking for data-intensive research
Jisc
 
Brocade IP Quick Guide
Brocade IP Quick GuideBrocade IP Quick Guide
Brocade IP Quick Guide
Roberto Rivas Lopez
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
MyNOG
 
General bypass application v1.4 2016
General bypass application v1.4 2016General bypass application v1.4 2016
General bypass application v1.4 2016
Christian Ferenz
 
6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)
Jeff Green
 
Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...
Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...
Webinar NETGEAR - Switch Prosafe Stackable per l'alta disponibilità (HA) dell...
Netgear Italia
 
IPv6 implementation for end users
IPv6 implementation for end usersIPv6 implementation for end users
IPv6 implementation for end users
draskolnikova
 
44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...
44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...
44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...
Indonesia Network Operators Group
 
Cubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatCubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic format
Christian Ferenz
 
TRX Suspension Training
TRX Suspension TrainingTRX Suspension Training
TRX Suspension Training
lestrai38190
 
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Netgear Italia
 
TRX Force Tactical Kit
TRX Force Tactical KitTRX Force Tactical Kit
TRX Force Tactical Kit
lestrai38190
 
Alu xgpon solution for pt telkom akses 20130830+
Alu xgpon solution for pt telkom akses 20130830+Alu xgpon solution for pt telkom akses 20130830+
Alu xgpon solution for pt telkom akses 20130830+
Wahyu Nasution
 
BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR
Bertrand Duvivier
 
10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
Jeff Green
 
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ? Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
OVHcloud
 
Allstar (AECS)
Allstar (AECS)Allstar (AECS)
Allstar (AECS)
David Houser
 
20.) physical (optics copper and power)
20.) physical (optics copper and power)20.) physical (optics copper and power)
20.) physical (optics copper and power)
Jeff Green
 
7.) convergence (w automation)
7.) convergence (w automation)7.) convergence (w automation)
7.) convergence (w automation)
Jeff Green
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
AREDN
AREDNAREDN
AREDN
David Houser
 
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
Indonesia Network Operators Group
 
TRX Suspension Training
TRX Suspension TrainingTRX Suspension Training
TRX Suspension Training
icesdo33646
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
Krunal Shah
 
ComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data SheetComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data Sheet
JMAC Supply
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
Ameen Wayok
 
Janet access solutions
Janet access solutionsJanet access solutions
Janet access solutions
Jisc
 
L6 6 lowpan
L6 6 lowpanL6 6 lowpan
L6 6 lowpan
bimal2638
 
Packet light short1
Packet light short1Packet light short1
Packet light short1
Kurt Rahrig
 

More Related Content

What's hot

10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
Jeff Green
 
20.) physical (optics copper and power)
20.) physical (optics copper and power)20.) physical (optics copper and power)
20.) physical (optics copper and power)
Jeff Green
 
7.) convergence (w automation)
7.) convergence (w automation)7.) convergence (w automation)
7.) convergence (w automation)
Jeff Green
 
TRX Suspension Training
TRX Suspension TrainingTRX Suspension Training
TRX Suspension Training
icesdo33646
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
Krunal Shah
 

What's hot (18)

44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...
44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...
44 - IDNOG03 - LT - Rommy Kuntoro - G.Fast 1Gbps over Copper Cable, Are we r...
 
Cubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatCubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic format
 
TRX Suspension Training
TRX Suspension TrainingTRX Suspension Training
TRX Suspension Training
 
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
 
TRX Force Tactical Kit
TRX Force Tactical KitTRX Force Tactical Kit
TRX Force Tactical Kit
 
Alu xgpon solution for pt telkom akses 20130830+
Alu xgpon solution for pt telkom akses 20130830+Alu xgpon solution for pt telkom akses 20130830+
Alu xgpon solution for pt telkom akses 20130830+
 
BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR
 
10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
 
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ? Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
Hybrid cloud : why and how to connect your datacenters to OVHcloud ?
 
Allstar (AECS)
Allstar (AECS)Allstar (AECS)
Allstar (AECS)
 
20.) physical (optics copper and power)
20.) physical (optics copper and power)20.) physical (optics copper and power)
20.) physical (optics copper and power)
 
7.) convergence (w automation)
7.) convergence (w automation)7.) convergence (w automation)
7.) convergence (w automation)
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
 
AREDN
AREDNAREDN
AREDN
 
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
 
TRX Suspension Training
TRX Suspension TrainingTRX Suspension Training
TRX Suspension Training
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 
ComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data SheetComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data Sheet
 

Similar to Campus network refresh

CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
Ameen Wayok
 
Packet light short1
Packet light short1Packet light short1
Packet light short1
Kurt Rahrig
 
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
gogo6
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
The Linux Foundation
 

Similar to Campus network refresh (20)

CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 
Janet access solutions
Janet access solutionsJanet access solutions
Janet access solutions
 
L6 6 lowpan
L6 6 lowpanL6 6 lowpan
L6 6 lowpan
 
Packet light short1
Packet light short1Packet light short1
Packet light short1
 
Networking Concepts Lesson 07 - Architectures - Eric Vanderburg
Networking Concepts Lesson 07 - Architectures - Eric VanderburgNetworking Concepts Lesson 07 - Architectures - Eric Vanderburg
Networking Concepts Lesson 07 - Architectures - Eric Vanderburg
 
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz JantasPLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
PLNOG14: Konwergentność, Wydajność, Szybkość w Data Center - Kazimierz Jantas
 
CCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreCCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in Bangalore
 
PLNOG 8: Peter Ashwood-Smith - Shortest Path Bridging IEEE 802.1aq
PLNOG 8: Peter Ashwood-Smith - Shortest Path Bridging IEEE 802.1aqPLNOG 8: Peter Ashwood-Smith - Shortest Path Bridging IEEE 802.1aq
PLNOG 8: Peter Ashwood-Smith - Shortest Path Bridging IEEE 802.1aq
 
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
 
Shortest path bridging 802.1 aq
Shortest path bridging 802.1 aqShortest path bridging 802.1 aq
Shortest path bridging 802.1 aq
 
Moving To IP Backhaul
Moving To IP BackhaulMoving To IP Backhaul
Moving To IP Backhaul
 
Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...
 
PLNOG 13: Krzysztof Konkowski: Cisco Access Architectures: GPON, Ethernet, Ac...
PLNOG 13: Krzysztof Konkowski: Cisco Access Architectures: GPON, Ethernet, Ac...PLNOG 13: Krzysztof Konkowski: Cisco Access Architectures: GPON, Ethernet, Ac...
PLNOG 13: Krzysztof Konkowski: Cisco Access Architectures: GPON, Ethernet, Ac...
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
Cisco nx os
Cisco nx os Cisco nx os
Cisco nx os
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
SAN and FICON Long Distance Connectivity
SAN and FICON Long Distance ConnectivitySAN and FICON Long Distance Connectivity
SAN and FICON Long Distance Connectivity
 
Mobility access switches_madani adjali
Mobility access switches_madani adjaliMobility access switches_madani adjali
Mobility access switches_madani adjali
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
 
The technical details of presenting 100GbE networking to sites
The technical details of presenting 100GbE networking to sitesThe technical details of presenting 100GbE networking to sites
The technical details of presenting 100GbE networking to sites
 

More from Jisc

More from Jisc (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

Campus network refresh

  • 2. >17,000 students >8,000 staff >Main campus – South Kensington, London >Under construction – White City, London >6 other large campuses (hospitals, Silwood Park) >10+ other sites (hospitals, halls, sports grounds) >2 datacentres – Slough & South Ken >Centralised ICT Facts and figures – Imperial
  • 3. >Over 65,000 unique hosts on wired network >Over 60,000 unique hosts on wireless network >Over 20,000 concurrent wireless clients at peak time >~400 active comms rooms (CWCs) >~20 dark fibre links >~15 Ethernet circuits >40G to Janet via two 2x10G trunks Facts and figures – Network
  • 4. >Routers – 23x Juniper MX & Cisco 6500/6880/N7K >Smaller sites – 12x Juniper SRX 2xx/3xx >Firewalls – 2x Juniper SRX 3xxx >Switches – 1,900x Juniper & Extreme >Wireless – 2,900x Cisco lightweight APs >VoIP – 10,000x Cisco handsets Facts and figures – Equipment
  • 5. Physical infrastructure Core location • Core router, dark fibre and optical equipment Distribution location • Site router, distribution switch Building ODF (BODF) • Passive fibre patching CWC • One or more stacks of edge switches
  • 6. >One or more per building >Fewer, bigger CWCs >Stacks of edge switches >Until now cat 5e >In future cat 6a >Diverse fibre to BODF CWC
  • 7. >One per building >No active equipment >Single-mode throughout >Fibre to dist locations BODF
  • 8. >Typically 2-3 per site >Site router >Distribution switch >Fibre to core locations Distribution location
  • 9. >Two in London >Core router >Lots of dark fibre >Lots of optical equipment >Also: >Firewalls >Border routers >Route reflectors >etc. Core location
  • 10. >DWDM and CWDM >Physical topology != active topology >Up to 40x 10G* links over single fibre pair >Passive on shorter distances >Amplifiers on longer links >Coloured optics in our equipment >Transponders for links to other equipment WDM
  • 11. Network hierarchy Core routers • 2 in London at different sites Site routers • Pairs, each attached to both core routers Distribution switches • Pairs, each attached to both site routers Edge switches • Each stack attached to both distribution switches
  • 12. >2x MPLS P routers >No VRFs >Lots of 10G ports >Lots of IPv4/IPv6 P2Ps >OSPF v2/v3 as IGP – loopbacks & P2Ps >iBGP with route reflectors – other routes >PIM >LDP >ECMP >Links to border, site, datacentre and wireless routers Core routers
  • 13. >VRF lite doesn’t scale well >No per-VRF P2Ps or routing protocols >VRFs don’t need to exist on intermediate routers >VRF routes in iBGP >L3VPN – IPv4 routes for VRFs >6VPE – IPv6 routes for VRFs >EoMPLS / VPLS / EVPN >MVPN – Multicast for VRFs (Draft-Rosen, not MPLS) MPLS
  • 14. >2x central devices for everything >One-armed off border routers >VRFs map to zones >eBGP session per zone, landing in VRFs on routers >BGP for failover, rather than HA >Networks Group runs network side >Security Group maintains policy side Firewalls
  • 16. >MPLS PE routers >In pairs >Limited, expensive 10G ports >Dual-stack IPv4/IPv6 for production and BYOD >VRRP / HSRP >PIM, IGMP >2x10G to each core router (40G ECMP) Site routers
  • 17. >Layer 2 only >MLAG pairs of stacks >Plentiful, affordable 1/10G ports >2x10G per stack to each router (40G total) Distribution switches
  • 18. >1G PoE everywhere >Interested in 2.5/5G – works over cat5e >2x1/10G LACP to distribution >Standard set of per-VRF VLANs >All edge ports alike – VLANs assigned by RADIUS >No UPS >Edge SLA – higher SLA available in datacentre Edge switches
  • 19. >~30% of our Internet traffic IPv6 >Dual stack on production & BYOD (including wireless) >AAAAs on most load-balanced services >Other services enabled: >Home directories (>95% IPv6!), more storage soon >Mail, DNS, Skype for Business, HEP systems >SLAAC rather than DHCPv6 (historical reasons) >Feature parity mandated in tenders IPv6
  • 20. >2008 – First subnets enabled, separate firewalls >2010 – Upstream native IPv6, dual-stack firewalls >2010/11 – Most production and BYOD enabled >2010/11 – Some servers including mail & DNS >2011 – World IPv6 Day: College websites enabled >2013 – Wireless enabled >2015 – AAAAs added to most load-balanced VIPs >During a migration to new hardware >Single protocol backends IPv6 - Milestones
  • 21. >IPv4 exhaustion – wireless is now using /17! >NAT will be inevitable – IPv6 minimizes it >HEP community – dependent on IPv6, run out of IPv4 >Overseas students – better IPv6 connectivity at home >People have it at home in UK! Sky, BT, Virgin (soon?) >Cost us very little, deploying opportunistically >Could cost a lot to deploy in a hurry! >We’ve seen very few problems IPv6 - Reasons
  • 22. >Separate DMZ router connected to border routers >Initially for HEP, soon to be standard service >Bypasses firewall >Avoids upgrading whole path >Cheaper equipment but fewer features >Essential moving towards 100G >ECMP outbound, multiple subnets inbound = 40G! Science DMZ
  • 23. >We’re gonna need a bigger pipe… :-/ Science DMZ – Success!
  • 24. >Private network for participating HEP sites >Tagged VLANs on Janet links >BGP peerings into L3VPN >DMZ router has BGP peerings into Internet/LHCONE >More specific LHCONE prefixes preferred >It works… LHCONE
  • 25. >Router configs built and managed by Ansible >Firewall groups fed from host database >Switch configs automatically generated >Network built from standard blocks >All edge ports alike >MPLS simplifies configuration >WDM and dark fibre surprisingly affordable >Simple is better! Automation & scalability
  • 26. David Stockdale ICT Networks Group Imperial College London I have been… Exhibition Road, London, SW7 2AZ T 020 7594 6968 david@imperial.ac.uk www.imperial.ac.uk