NETWORK PLANNING TASK FORCE

1

NETWORK PLANNING TASK FORCE

November 01, 2004

FALL FY 2005 MEETINGS

“OPERATIONAL DISCUSSIONS”

2

MEETING SCHEDULE – FY ‘05■ Summer Focus Groups

■ July 19■ August 2■ August 16

■ Fall Meetings■ September 20 Operational Briefing (Non-financial)■ October 18 Strategic Discussions (Security)■ November 01 Operational Discussions ■ November 15 Strategic Discussions ■ November 29 Financial Discussions■ December 6 Consensus/Prioritization/Rate Setting

3

NPTF FALL ’05 MEMBERS■ Mary Alice Annecharico / Rod MacNeil,

SOM■ Robin Beck, ISC■ Chris Bradie/Dave Carrol, Business

Services■ Cathy DiBonaventura, School of Design■ Geoff Filinuk, ISC■ Bonnie Gibson, Office of Provost■ Roy Heinz / John Keane/ Grover

McKenzie , Library■ John Irwin, GSE■ Marilyn Jost, ISC■ Deke Kassabian / Melissa Muth, ISC■ Doug Berger/ Manuel Pena, Housing and

Conference Services■ Mike Weaver, Budget Mgmt. Analysis■ Dominic Pasqualino, OAC

■ Kayann McDonnell, Law■ Donna Milici, Nursing■ Dave Millar, ISC■ Michael Palladino, ISC (Chair)■ Dan Shapiro, Dental■ Mary Spada, VPUL■ Marilyn Spicer, College Houses■ Steve Stines / Jeff Linso, Div. of Finance■ Andrew Selden*, PCBI■ Ira Winston / Helen Anderson, SEAS,

SAS, School of Design■ Mark Aseltine/ Mike Lazenka, ISC■ Eric Snyder*, Vet School■ Brian Doherty*/John Yates*, SAS■ Richard Cardona*, Annenberg■ Dan Margolis, SEAS(student)■ David Seidell, Wharton■ Ryan Nunes, (student)

* New Members in FY’05

4

NPTF FY ’05 Progress to Date■ Challenged and reaffirmed NPTF process.■ Refreshed NPTF principles.■ Updated FY ’05 – ’09 planning assumptions.■ Prepared 5 year N&T budget. (Summer Submission)■ Held 3 summer focus groups and many 1-1

meetings with schools/center computing directors to gather customer feedback.

■ Set the Fall Agenda.■ Operational Briefing■ Security Briefing

5

Remaining NPTF FY’05 Activities■ Strategic Discussions (11/15)

■ PennKey■ PennCommunity■ On-Line Directory■ Security■ Anything we missed?

■ Financial Discussions (11/29)■ Prioritization/Consensus/Rate Setting (12/6)■ Benchmarking (Spring ’05)

6

Today’s NPTF Agenda:Operational Briefing■ Domain Names (MP)■ MAGPI/Internet2 (MP)■ College House Services (MP)■ Wireless (MW)■ Network Management (DK)■ Security (DK)■ Network Operation Center (NOC) Tour (MW)

7

Domain Names■ 2001 Domain Names Policy states that domain names existing before

2001 are exempt from meeting policy standards. A $300 yearly fee should be charged for those out of compliance.

■ In FY 2003, we reviewed compliance of all 3rd level domain names with 2001 policy to determine fee exempt status.

■ ISC found that:■ Administrative costs exceed revenue generated by few non-exempt

“grandfathered” domain names.■ These domain names are an intrinsic part of each group’s organization. They

were not willing to bring them into compliance to avoid the fee.■ ISC N&T has decided to declare all non-compliant, pre-existing domain

names exempt from the yearly domain name fee.■ The yearly fee will still be charged for new 3rd level domain names.■ Domain Name pages:

www.upenn.edu/computing/pennnet/domainnames/

8

MAGPI■ A multi-state regional GigaPoP (Gigabit Point of Presence) ,

involving institutions from New Jersey, Pennsylvania and Delaware

■ Penn’s regional connection to Internet2, the research network.■ Promotes applications for the region's research and education

communities through high performance network technology.■ Offers wide range of services to support research activities,

including:■ Regional, national, and international high speed connectivity■ Applications development■ Advanced services (e.g., Multicast, IPv6)■ Digital video support

9

MAGPI/Internet2 Planning Assumptions■ Penn needs Internet2 to remain competitive.■ MAGPI helps lower Penn’s total costs.■ The central service fee would increase by 5% ($250k) without

MAGPI.■ MAGPI is soon moving to an OC48 to support the growing

subscriber base.■ Penn will probably need to connect to the National Lamda Rail in

the next 1-2 years to support high-end research.■ The OC48 infrastructure upgrade and other activities would

increase the potential for NLR at much lower costs to Penn■ More info – http://www.magpi.net

10

National Lambda RailThought of as the next version of Internet2, The National Lambda Rail is gaining momentum throughout the United States.■Key Features:

■ Requires fiber optic connections■ Dense Wave Division Multiplexing, (DWDM)■ Lambdas in increments of 10 Gigabits per second■ With the Internet2 project, HOPI, this will establish a global

Optical/Packet infrastructure■Benefits

■ To maintain Penn’s competitive edge for the research community.

11

I2/MAGPI Involvement at Penn■ Engineering School - remote course delivery as part of Nanotechnology Institute's

outreach to 7 community colleges in PA, NJ, DE, and MD  and educational outreach to high schools.

■ International Student Interviews (SEAS, SAS Grad Students)■ Grad Ed's Penn Literacy Network International Programs with pre-service teachers in

Dublin. ■ Collaboration Opportunities for Lauder Faculty with France, China, etc.■ School of Medicine Faculty Participation in COPD Virtual Conference hosted by Prous

Science in Barcelona ■ National Teleimmerison Initiative    http://www.cis.upenn.edu/teleimmersion■ National Digital Mammography Archive

http://www-306.ibm.com/e-business/doc/content/growingsuccess/univofpa.html■ Schoenberg Center for Electronic Text and Image http://dewey.library.upenn.edu/sceti/■ English Renaissance In Context http://dewey.library.upenn.edu/sceti/furness/eric■ Wharton West http://www.upenn.edu/pip/?pip=whartonwest■ The French Project (Lauder and Universite of Grenoble) and EUMAX Project (multi-state,

multi-country International Business and Computer Science education)http://www.scienceblog.com/community/older/2001/E/200115536.html

■ Penn Museum of Archeology and Anthropology's Interactive Virtual Museum Education for K12s

12

MAGPI Connected Sites■ Universities

■ Princeton■ Thomas Jefferson University■ Arcadia University■ Lehigh University■ Seton Hall University■ St Francis University■ Temple University■ Villanova University■ Widener University■ Rutgers■ University of Delaware■ Stevens Institute of Technology■ University of Medicine and Dentistry New Jersey■ New Jersey Institute of Technology

■ Hospitals ■ CHOP■ Fox Chase Cancer Center■ Lehigh Valley Hospital

■ Research Facilities■ Johnson and Johnson

■ State Networks ■ New Jersey

■ K12 institutions – 32■ The Franklin Institute

13

College House Services■ Focus Groups■ Wireless■ New Financial Model

14

College House N&T Service Focus Groups■ Conducted two focus groups last week

regarding data, voice and video services■ Goal is to get direction for preparing student

survey■ Strong desire for wireless throughout college

houses■ Rejection of PAC codes on phone lines■ Bandwidth cap not noticed

15

College House Wireless■ Working on various strategies for wireless

networking in the dorms.■ Cost Effective vs. Performance Coverage■ Supplemental vs. Replacement for Wired■ Insourced vs. Outsourced Service.

■ Working on a proposal for College House wireless costs (end of January ’05).

■ Strategy could be expanded to rest of campus.

16

Proposed College House Service & Funding Models■ We already have a separate network SLA for the

College Houses■ Differential hours of support since “home use” is off hours■ Differential Internet Bandwidth■ Special Support for College House Servers

■ We are exploring a new funding model for future services

■ Is it time to have a separate cost model?■ Wallplate fee■ Central service fee

17

Wireless■ Current status■ Subsidized Wireless IP Addresses■ Future Plans

18

Wireless – Current Status■ Locations: 32 Wireless LANs on Campus

■ 14 Public Wireless Locations■ 16 Private Wireless Locations

■ 197 Managed Access Points■ Blue Socket Gateways Installed in 4

locations. ■ User Based Authentication for all but three

Wireless LANs

19

Wireless LAN’s on Campus

20

Wireless - Subsidized Wireless IP Addresses■ NPTF voted to allow up to 400 IP addresses

for public wireless locations if FY2005■ 14 Public Wireless Locations are being

monitored for usage statistics■ Private Wireless LANs can get some

subsidies (10% for large LANs, up to 20% for small LANs)

■ Defining Public vs. Private Wireless LANs

21

Wireless RangesBuilding DHCP range

# of Ip Addresses Domain (new) # of APs

U-S quare (1 AP in GRT CRC) 128.91.24.33- 128.91.24.62 30 wireless-p ennnet.upenn.edu 3SFR-VPUL 128.91.134.12- 128.91.134.21 10 wlan.vpul.upenn.edu 1Museum Library 128.91.27.11- 128.91.27.62 52 wireless-p ennnet.upenn.edu 1M EY 128.91.28.11- 128.91.28.62 52 wlan.design.upenn.edu 1M EL 128.91.59.150- 128.91.59.210 9 wlan.ora.upenn.edu 3LUW 128.91.58.76- 128.91.58.126 51 wireless-p ennnet.upenn.edu 1

LCT-3601-Locust 128.91.59.11- 128.91.59.20 10 wlan.vpul.upenn.edu 1JS N-Biomed Lib 128.91.27.76- 128.91.27.126 51 wireless-p ennnet.upenn.edu 3HRN 165.123.93.11- 165.123.93.107 97 wireless-p ennnet.upenn.edu 5Houston-Hall 128.91.25.51- 128.91.25.100 50 wireless-p ennnet.upenn.edu 4HNW (Harnwell) 128.91.24.95- 128.91.24.126 32 wireless-p ennnet.upenn.edu 1HIL 128.91.24.191- 128.91.24.254 64 wireless-p ennnet.upenn.edu 4Furness-wireless - 1 AP is on 4th floor con fe re nce room ou tside l ibrary are a 128.91.26.139- 128.91.26.190

52

wireless-p ennnet.upenn.edu 6College-green-wireless 128.91.25.161- 128.91.25.235 75 wireless-p ennnet.upenn.edu 3Castor-wireless 128.91.26.75- 128.91.26.94 20 wlan.ssw.upenn.edu 1Bookstore-wireless 128.91.26.11- 128.91.26.50 40 wireless-p ennnet.upenn.edu 13401- Wireless 165.123.94.21- 165.123.94.80 60 wlan.isc-net.upenn.edu 5

10 wireless-p ennnet.upenn.edu5 wlan.admin.up enn.eduEIS 8

22

Wireless RangesBuilding DHCP range

# of Ip Addresses Domain (new) # of APs

HNT-Wireless 128.91.92.61- 128.91.93.254 275 wlan.wharton.upenn.edu 25SDH-Wireless

-SDH(22)-VAN(6)-SCC(2)-LFR(1)-MCN(1)-CPN(2)

LSW (Kelly Writer’s House) 128.91.58.140- 128.91.58.19051

wlan.lsw.greeknet.group.upenn.edu 1GEB 128.91.27.145- 128.91.27.195 51 wlan.gse.upenn.edu 8EVN 128.91.61.30- 128.91.61.55 26 wlan.dental.upenn.edu 7 (1AP in lib)HRS-Wireless 165.123.95.11- 165.123.95.107 97 wireless-pennnet.upenn.edu 2PIN 128.91.26.203 128.91.26.214 12 wlan.vpul.upenn.edu 2GYM 128.91.138.11- 128.91.138.50 20 Wlan.dria.upenn.edu 2Law-Wireless 130.91.208.61-130.91.209.174 370 wlan.law.upenn.edu 37

150 – DHCP

65 - StaticVPL Wireless 128.91.128.40- 128.91.128.254 wireless-pennnet.upenn.edu 21

128.91.80.254- 128.91.81.72

75

wlan.wharton.upenn.edu 34

23

Wireless – Future Plans■ Improvement on user authentication – 802.1x■ Improving efficiency of wLAN installation■ Using New Wireless Tools

■ Air Magnet Laptop Analyzer - troubleshooting■ Air Magnet Surveyor – survey and updating AP’s

■ Evaluating New Tools■ Centralized wireless management tools

■ Cisco Works Wireless LAN Solution Engine (WLSE)■ Airwave Management Platform■ Air Magnet Enterprise

24

Network Management Tools

25

26

27

28

29

30

31

Network Management: PUMA

32

33

34

35

36

Security■ Wired Authentication■ Intrusion Detection■ VPNs

37

Security – Wired Authentication ■ Pilot underway in ISC since June■ Plan to expand pilot externally in December■ Pilots will require client (web intercept

unavailable) until Q1CY2005

38

Intrusion Detection■ A new tool, Arbor Peakflow, allows us to collect and

analyze network "flow" info from Penn routers. ■ This helps us to see lists of

■ top talkers, ■ traffic by protocol (web vs email vs p2p vs voice vs video,

etc), ■ traffic by destination service provider (Cogent vs Qwest vs

Abilene/Internet2), ■ and much more.

39

Intrusion Detection■ Peakflow also allows us to identify denial of service

(DoS, DDoS) attacks in progress, including sources and protocols, and possible filtering options.

■ In this role, the Arbor Peakflow tools act as a very sophisticated distributed IDS, helping us to do targeting filtering during major network-based attacks.

■ No dedicated IDS systems needed to be put inline into the network. Netflow data from the routers is used.

40

Security - VPNs ■ Beginning investigation of generic solution■ Goal: allow specific ports to be used that are

otherwise blocked by ISPs (e.g. for Windows file sharing and MS Exchange)

■ Expect to have proof-of-concept in March■ Targeting deployment for Fall 2005