NETWORK PLANNING TASK FORCE “SUMMER PLANNING

advertisement
FY ‘08 NETWORK PLANNING TASK
FORCE
10.1.07
First Strategy Discussion
NPTF Meetings – FY ‘08
2
■
1:30-3:00pm in 337A Conference Room, 3rd floor of 3401
Walnut Street
■
Process
■
■
■
■
■
■
■
Intake and Current Status Review – July 16
Agenda Setting & Discussion - September 17
Strategy Discussions - October 1
Security Strategy Discussions - October 15
Strategy Discussions - October 29
Prioritization - November 5
FY’09 Rate Setting – November 19
Proposed NPTF Meetings – “FY ’09”
3
■ February 18-Operational review
■ April 21- Planning discussions
■ June 2- Security strategy session
■ July 21-Strategy discussions
■ August 4- Strategy discussions
■ September 15- Preliminary rates/security
■ October 6- Strategy discussion
■ November 3- FY’10 Rate setting
Today’s Agenda
4
■
Strategy Discussions
■
■
■
■
Next Generation PennNet
UPS for network electronics
Integrated Communications
Intrusion-Detection
Next Generation PennNet-Gig
Connectivity & Building Redundancy
5
■ Goals
■ Gig enabled closet electronics
■ Gig to every building
■ Redundant Gig connectivity
■ Current Status
■ Approximately 60% of switches 10/100/1000 enabled
■ By the end of FY ’08, most switches will be 10/100/1000Mbps
■ 62 buildings with Gig Ethernet
Strategic Approach: NGP
6
■ Diversify the PennNet Routing Core
■ Move out of College Hall (Largest Single Point of Failure)
■ Construct 5 Network Aggregation Points (NAPs)
■ Redundant High Speed Connectivity between NAP locations
■ Highly Available Core Network Infrastructure
■ Relocate Campus Building Uplinks to Local NAP
■ Provide High Speed Uplinks to Buildings (where infrastructure can support
this now, single-mode fiber/conduit build outs sometimes necessary)
■ Provide Redundancy Uplinks to Campus Buildings
■ Five Connectivity Models
■ Based on Building Criticality (University Business)
■ Number of User Connections
■ Infrastructure Availability
Diversify PennNet Routing Core
7
■ Five NAP locations completed and in operation
■ NAP locations have redundant and diverse 10 gig feeds.
■ NAPs connect local buildings that have fiber and pathway.
■ 62 buildings have gigabit Ethernet service
■ College Hall node room will house a core router for next two
years (until all NAP to building feeds are in place)
■ Will reduce catastrophic disaster recovery time from 2 weeks to under 2
hours.
■ Will provide infrastructure foundation for next generation data, voice
and video services.
■ Eastern NAP feasibility study pending construction timeline.
Next Generation PennNet – Current Status/Plan
NAP4
NORTHERN TIER
SANSOM EAST
WAL (G)
NAP5
WESTERN TIER
LEVY
NAP2
CENTRAL TIER
HUNTSMAN
NAP3
SOUTHERN TIER
MOD5
8
NAP-CH
COLLEGE HALL
NODE ROOM
NAP1
EASTERN TIER
VAGELOS
Building Connectivity Models 1 & 2
(Dual Feeds to separate NAPs, each with either diverse or overlapping pathways)
9
Building Connectivity Model 3
(Each Building has 1 uplink to a separate NAP and one link to each other.)
10
Building Connectivity Model 4
(Building has 1 uplink to each Building Entrance Router in the local area.)
11
Building Connectivity Model 5
(Building has 1 uplink to a Building Entrance Router.)
12
Building Connectivity Model 5a
(Building has 1 uplink to a Building Entrance Router with dual feeds.)
13
Gig Connected Buildings (Single
Feed)
14
Building
Code
Description
Building
Classificatio
n (Model)
Primary NAP
(Uplink)
Second
ary NAP
(Uplink)
Comments
ACH
Anatomy Chemistry
2
Modv – Gig
None
Optimal 2nd link to Levy
BNH
Bennett Hall
2
Vag – Gig
None
Optimal 2nd link to ModV
CHV
3937 Chestnut St.
2
LEV – Gig
None
Remote Campus Location.
CPN
Colonial Penn
3
HNT - Gig
None
CST
3820 Locust Walk
3
HNT - Gig
CUT
Nursing LIFE
2
LEV - Gig
DUB
Dubois
2
HNT – Gig
FTY
108 S. 40th Street
3
LEV - Gig
None
GEB
Graduate Education
2
HNT - Gig
None
Optimal 2nd link to NIC
HIL
Hill House
2
Vag – Gig
None
Optimal 2nd link to Levy
HOU
Houston Hall
3
CHNR – Gig
None
Optimal 2
ICA
Institute of Cont. Art
4
GRT – gig
None
Primary link goes through SPE router
IST
Vagelos
2
Vag – Gig
None
Optimal link to HNT
JAF
Jaffee
3
Vag – Gig
None
LOG
Logan Hall
2
Vag – Gig
None
None
Remote Campus Location.
Optimal 2nd link to Levy
Optimal 2
nd
nd
link to Vagelos
Link to HNT
Gig Connected Buildings (Single
Feed)
15
Building
Code
Description
Building
Classificatio
n (Model)
Primary NAP
(Uplink)
Second
ary NAP
(Uplink)
Comments
LFR
Lauder Fischer
3
SDH Router – Gig
None
LUK/LUS
3706 Locust Walk
4
HNT – Gig
None
MCA
McNeil Center for Early
American 3355 N 34st
3
Vag – Gig
None
MCP/MPY
Mod 7 Facility/Muphy
4
Modv – Gig
None
MEY
Meyerson Hall
2
Vag – Gig
None
Optimal 2nd link to HNT
MSC
Music Building
4
Vag – Gig
None
Optimal 2
NEB
Nursing
2
Modv – Gig
None
Optimal 2nd link to LEV
OVH
Old Vet Hosp
4
Vet Hospital
Router – Gig
None
BE Device not a Routing Device
PSY
Psychology Labs
2
HNT - Gig
Quad
Quad Complex
3
HNT - Gig
None
Optimal 1 link ModV, 2nd link to Levy
ROS
Rosenthal
4
Vet Hospital
Router - Gig
None
BE Device not a Routing Device
WTM
Weightman Hall
4
Vag - Gig
None
Optimal 2nd link to ModV
Optimal link to HNT or Vance Router
Optimal 2nd link to HIL
nd
link to Mey
st
Gig Connected Buildings (Dual Feed)
16
Building
Code
Description
Building
Classification
(Model)
Primary NAP
(Uplink)
Secondary NAP
(Uplink)
Comments
ANB/ACC
Annenberg Center & School
2
BLK
Blockley Hall
2
ModV - Gig
CHNR 100mbps
Optimal 2nd link to Levy
BRB
Bio-Medical Research Building #1
2
Modv - Gig
HNT - Gig
Optimal 2nd link to Levy
BRC
Bio-Medical Research Building #2
2
Modv - Gig
HNT - Gig
Optimal 2nd link to Levy
CHM
Chemistry Labs
2
Vag - Gig
Modv - Gig
COL
College Hall
1
Vag - Gig
Modv - Gig
Optimal 2nd link to HNT
CRB
Clinical Research Building
2
Modv - Gig
HNT - Gig
Optimal 2nd link to Levy
ENG/KIN
English House/King’s Court
2
NIC - Gig
HNT - Gig
FKB/FBA
Franklin Building/ Annex
1
NIC – Gig
Vag - Gig
GYM
Gimbel Gym
2
NIC – Gig
HNT - Gig
HNT
Huntsman Hall
3
HNT - Gig
Vance - Gig
HNW
Harnwell House
2
LEV - Gig
Modv- Gig
HRN
High Rise North (Rhodin)
2
LEV - Gig
Modv- Gig
HRS
High Rise South (Harrison)
2
LEV - Gig
Modv- Gig
JSN
Johnson Pavilion (Med School)
2
ModV - Gig
HNT - Gig
LDY
Leidy Labs
2
ModV - Gig
HNT - Gig
MKT
3440 Market St
3
NIC - Gig
Vag - Gig
NEB
Nursing Education Building
2
ModV - Gig
HNT - Gig
2nd link goes thru Vance
router
Optimal 2nd link to Levy
Optimal 2nd link to Levy
Gig Connected Buildings (Dual Feed)
17
Building
Code
Description
Building
Classification
(Model)
Primary NAP
(Uplink)
Secondary NAP
(Uplink)
Comments
SCC
Steinberg Conference Center
3
Huntsman Router Gig
Vance - Gig
Both uplinks go through
Wharton Routers
SDH
Steinberg Hall-Dietrich Hall
3
Huntsman Router Gig
Vance - Gig
Both uplinks go through
Wharton Routers
SEAS/GRW
Graduate Research Wing (Moore
School)
2
Vag - Gig
NIC - Gig
SPE
Sansom Place East (Nichols)
2
NIC - Gig
HNT - Gig
SPW
Sansom Place West (Grad Tower)
2
NIC – Gig
HNT - Gig
VAN
Vance Hall
3
ModV – Gig
Huntsman Rtr – Gig
VHP
Vet Hospital
3
VRB Router - Gig
LEV - Gig
VPL
Van Pelt Library
1
Vag – Gig
Huntsman Rtr - Gig
VRB
Veterinary Medicine Teaching &
Research Building
3
ModV – Gig
Vet Hospital Rtr –
Gig
modv2.router Gi 3/13
vhp1.router Gi 3/2
WAL
3401 Walnut St.
1
NIC - Gig
Vag - Gig
Diverse Feeds/Pathway
WAL/ SEO
3401 Walnut St.
1
NIC - Gig
Vag - Gig
Diverse Feeds/Pathway
WMS
Williams Hall
2
Vag - Gig
HNT - Gig
Optimal 2nd link to
HNT
Dual Connected Buildings
(100/Gig or 100)
18
Building
Code
Description
Building
Classification
(Model)
Primary NAP
(Uplink)
Secondary NAP
(Uplink)
Comments
CHP
Public Safety 4040
1
HNT100mbps
CHNR 100mbps
Both Links at 100mb
FUR
Furness Building
2
Vag - Gig
CHNR 100mbps
Optimal 2nd link to HNT
GEO
Left Bank
1
Vag100mbps
CHNR 100mbps
Both Links at 100mb
HOL
Hollenback
3
Lev - Gig
Vag100mbps
MCN
McNeil Building
2
HNT – Gig
CHNR 100mbps
Optimal 2nd link to Vagelos
MKC
Market 3624
2
NIC – Gig
CHNR 100mbps
Optimal 2nd link to Vagelos
RCB
Richards
2
Modv - Gig
CHNR 100mbps
Optimal 2nd link to Lev
Upgrade Schedule
19

http://www.upenn.edu/computing/pennnet/maintsc
hedule.html
Redundancy (UPS)
20
■ As we move towards data, voice and video IP-based systems
and services that all rely on electrical power, how much
protection should we do and can we afford?
■ We have back up generators and UPS in the 5 NAPs. So theoretically
they should not go down.
■ Building power is not 99.999 from Peco/Facilities.
■ While we do not have solid historical data, we began recording data on
power outages beginning in March 2007.
■ Since March 21,2007 the campus has had 52 hours of outage due to
power loss in 36 buildings. (Not including a 64 hour outage to Nursing
LIFE)
■ Generally, outages are either very short (blip) or 1+ hours.
Redundancy (UPS)
21
■ It costs about $2700 per location to install UPS (assuming the
UPS has 25 minutes of battery time and no other wiring closet
work need to be done).
■ Cost of $1100.00 per 15 minutes additional battery time
■ Rough ongoing costs would be approximately $900/yr per
location.
■ N&T manages over 600 wiring closets on campus
■ Annual cost would be about $540K
Redundancy (UPS)
22
■ Alternatively, we could just do UPS on the building routers.
■ There are only 100 of these locations.
■ Without UPS, a short electrical blink causes them to reboot, forcing a
5-10 minute outage.
■ This would mean for that duration, there would be no services that
require the network including phones.
■ Annual cost $90k
■ Are you interested in this? Is it worth spending this much to
protect against 25 minutes of outage?
Integrated Communications (IC)
23
■ IC involves integrating several communications
applications toward improved productivity for staff,
faculty and students:
■ PennNet Phone and Voicemail
■ Instant messaging
■ Desktop video
■ Linking these applications together, and to University
information (online directory, calendars, etc) puts more
control in the hands of our user community
■ It also allows user communication preferences to be taken
into account.
PennNet Phone
24
■ Goals
■ To convert 25,000 analog voice customers to Integrated
Communications (VoIP, Voicemail, etc.) over the converged IP
network with added functionality and lower costs in 5 years
or less.
■ Status
■ We currently have about 1400 PennNet Phone users.
■ Redundant servers and gateways
■ Full service monitoring 24x7
■ New feature releases about twice a year
■ New phone equipment being rolled out by early 2008.
PennNet Phone
25
■ Issues
■ We have had some long-term problems with the PRIs from
Verizon and the Cisco gateways that have caused known
problems with transferring some calls, some caller ID, etc.
■ Next steps
■ We believe we have the PRI problems resolved.
■ We tested the new gateway code yesterday.
■ The new code release comes out in late October.
■ If all goes well, we could have improved call transfers in
production in November.
Instant Messaging
26
■ Goals
■ Users at Penn report that they are using Instant Messaging
(AIM, Yahoo Messenger, Skype and Google Talk) today for
business purposes.
■ Our goal was to provide them with an alternative that
■ Provides improved privacy and security
■ Is able to make use of Penn identity information
■ Can be integrated with other Penn communications elements
Instant Messaging
27
■ Status
■ The same open standard, open source technology used by Google Talk,
"jabber" (based on the XMPP protocol family) is being deployed and used in a
pilot mode at Penn today
■ It provides controlled data path (need not leave campus when two on campus users
chat)
■ It provides identity assurance (uses Penn's authentication system, and Penn's naming
scheme)
■ It has so far proven to be low cost to operate and highly reliable.
■ Next steps
■ Pilot to a larger audience over the next 3-4 months
■ Full rollout at no cost to current PennNet phone and email customers by end of
FY’08.
Voice mail
28
■ Goals
■ Roll out version 1.0 of new voicemail in early 2008 (possible late January).
■ Key reasons for change
■ Today’s Octel Voicemail system is old and expensive to support (vendor
EOL/EOS)
■ It does not have good disaster recovery capabilities
■ In a failure, we could be out for at least 12 hours
■ Message recovery would be incomplete.
■ The new system can recover rapidly with very complete data
■ The new system is designed for the new PennNet Phone service to be
used throughout Penn in the next few years
■ A migration by all users to the new voice mail system now brings us back to
"one voice mail community"
Voice mail Differences
29
■ There will be differences in features and functionality
■ In some cases, the new voice mail system will be less feature
rich
■ But it will allow PennNet Phone users some very advanced
online access to messages and features
■ Web access to settings
■ Both telephone and email access to messages
Voice mail Timing
30
■ New voicemail is in production use now for 1400 PennNet
Phone users
■ New voicemail is in pilot now for 100 campus users of
traditional phones
■ For most traditional phone users, rollout is being targeted for
early 2008 (possibly late January)
■ For advanced voicemail applications, migration will take place
in late spring or early summer CY2008
■ eg., Menus, Transfer Mailboxes, Listen-only mailboxes
Desktop Video
31
■ Goals
■ Easy, low cost desktop video conferencing for when audio or
IM is insufficient
■ Status
■ No work being done towards a Penn service. But desktop
client tools are maturing.
■ Issues
■ Maturity, complexity, cost
■ Next steps
■ Wait a little longer
Intrusion Detection
(Perimeter & PennNet Core)
32
■ We deployed Arbor Networks peakflow in 2005
■ A network management tool that provides some ID functionality for PennNet
perimeter and core.
■ We use it for a wide range of analysis, including attack signatures, but also
traffic characterization and ISP peering analysis.
■ We are able to share info across institutions so that we can recognize an
attack before it reaches Penn.
■ Upgrades are mostly software which is covered by our current contract.
Intrusion Detection
(Local level/subnet)
33
■ Host-based intrusion detection is available today for every major
operating system
■ ISC is committed to having a strategy for local intrusion detection
systems, as well as recommendations and product offerings before
network-based IDS becomes required in any security policy.
■ It is likely that this would be in FY’09.
■ We are currently looking at a few products
■ Tipping point (meeting with them tomorrow)
■ Arbor - Peakflow x
■ Snort-widely deployed open source IDS
■ Bro-open source IDS developed at LBNL by Dr. Vern Paxson, a noted TCP/IP
researcher.
■ A local IDS could be deployed alongside, and access “mirrored” traffic from, a
building entrance device.
Download