1 NETWORK PLANNING TASK FORCE November 01, FALL FY 2005 MEETINGS “OPERATIONAL DISCUSSIONS”
Feb 10, 2016
1
NETWORK PLANNING TASK FORCE
November 01, 2004
FALL FY 2005 MEETINGS
“OPERATIONAL DISCUSSIONS”
2
MEETING SCHEDULE – FY ‘05■ Summer Focus Groups
■ July 19■ August 2■ August 16
■ Fall Meetings■ September 20 Operational Briefing (Non-financial)■ October 18 Strategic Discussions (Security)■ November 01 Operational Discussions ■ November 15 Strategic Discussions ■ November 29 Financial Discussions■ December 6 Consensus/Prioritization/Rate Setting
3
NPTF FALL ’05 MEMBERS■ Mary Alice Annecharico / Rod MacNeil,
SOM■ Robin Beck, ISC■ Chris Bradie/Dave Carrol, Business
Services■ Cathy DiBonaventura, School of Design■ Geoff Filinuk, ISC■ Bonnie Gibson, Office of Provost■ Roy Heinz / John Keane/ Grover
McKenzie , Library■ John Irwin, GSE■ Marilyn Jost, ISC■ Deke Kassabian / Melissa Muth, ISC■ Doug Berger/ Manuel Pena, Housing and
Conference Services■ Mike Weaver, Budget Mgmt. Analysis■ Dominic Pasqualino, OAC
■ Kayann McDonnell, Law■ Donna Milici, Nursing■ Dave Millar, ISC■ Michael Palladino, ISC (Chair)■ Dan Shapiro, Dental■ Mary Spada, VPUL■ Marilyn Spicer, College Houses■ Steve Stines / Jeff Linso, Div. of Finance■ Andrew Selden*, PCBI■ Ira Winston / Helen Anderson, SEAS,
SAS, School of Design■ Mark Aseltine/ Mike Lazenka, ISC■ Eric Snyder*, Vet School■ Brian Doherty*/John Yates*, SAS■ Richard Cardona*, Annenberg■ Dan Margolis, SEAS(student)■ David Seidell, Wharton■ Ryan Nunes, (student)
* New Members in FY’05
4
NPTF FY ’05 Progress to Date■ Challenged and reaffirmed NPTF process.■ Refreshed NPTF principles.■ Updated FY ’05 – ’09 planning assumptions.■ Prepared 5 year N&T budget. (Summer Submission)■ Held 3 summer focus groups and many 1-1
meetings with schools/center computing directors to gather customer feedback.
■ Set the Fall Agenda.■ Operational Briefing■ Security Briefing
5
Remaining NPTF FY’05 Activities■ Strategic Discussions (11/15)
■ PennKey■ PennCommunity■ On-Line Directory■ Security■ Anything we missed?
■ Financial Discussions (11/29)■ Prioritization/Consensus/Rate Setting (12/6)■ Benchmarking (Spring ’05)
6
Today’s NPTF Agenda:Operational Briefing■ Domain Names (MP)■ MAGPI/Internet2 (MP)■ College House Services (MP)■ Wireless (MW)■ Network Management (DK)■ Security (DK)■ Network Operation Center (NOC) Tour (MW)
7
Domain Names■ 2001 Domain Names Policy states that domain names existing before
2001 are exempt from meeting policy standards. A $300 yearly fee should be charged for those out of compliance.
■ In FY 2003, we reviewed compliance of all 3rd level domain names with 2001 policy to determine fee exempt status.
■ ISC found that:■ Administrative costs exceed revenue generated by few non-exempt
“grandfathered” domain names.■ These domain names are an intrinsic part of each group’s organization. They
were not willing to bring them into compliance to avoid the fee.■ ISC N&T has decided to declare all non-compliant, pre-existing domain
names exempt from the yearly domain name fee.■ The yearly fee will still be charged for new 3rd level domain names.■ Domain Name pages:
www.upenn.edu/computing/pennnet/domainnames/
8
MAGPI■ A multi-state regional GigaPoP (Gigabit Point of Presence) ,
involving institutions from New Jersey, Pennsylvania and Delaware
■ Penn’s regional connection to Internet2, the research network.■ Promotes applications for the region's research and education
communities through high performance network technology.■ Offers wide range of services to support research activities,
including:■ Regional, national, and international high speed connectivity■ Applications development■ Advanced services (e.g., Multicast, IPv6)■ Digital video support
9
MAGPI/Internet2 Planning Assumptions■ Penn needs Internet2 to remain competitive.■ MAGPI helps lower Penn’s total costs.■ The central service fee would increase by 5% ($250k) without
MAGPI.■ MAGPI is soon moving to an OC48 to support the growing
subscriber base.■ Penn will probably need to connect to the National Lamda Rail in
the next 1-2 years to support high-end research.■ The OC48 infrastructure upgrade and other activities would
increase the potential for NLR at much lower costs to Penn■ More info – http://www.magpi.net
10
National Lambda RailThought of as the next version of Internet2, The National Lambda Rail is gaining momentum throughout the United States.■Key Features:
■ Requires fiber optic connections■ Dense Wave Division Multiplexing, (DWDM)■ Lambdas in increments of 10 Gigabits per second■ With the Internet2 project, HOPI, this will establish a global
Optical/Packet infrastructure■Benefits
■ To maintain Penn’s competitive edge for the research community.
11
I2/MAGPI Involvement at Penn■ Engineering School - remote course delivery as part of Nanotechnology Institute's
outreach to 7 community colleges in PA, NJ, DE, and MD and educational outreach to high schools.
■ International Student Interviews (SEAS, SAS Grad Students)■ Grad Ed's Penn Literacy Network International Programs with pre-service teachers in
Dublin. ■ Collaboration Opportunities for Lauder Faculty with France, China, etc.■ School of Medicine Faculty Participation in COPD Virtual Conference hosted by Prous
Science in Barcelona ■ National Teleimmerison Initiative http://www.cis.upenn.edu/teleimmersion■ National Digital Mammography Archive
http://www-306.ibm.com/e-business/doc/content/growingsuccess/univofpa.html■ Schoenberg Center for Electronic Text and Image http://dewey.library.upenn.edu/sceti/■ English Renaissance In Context http://dewey.library.upenn.edu/sceti/furness/eric■ Wharton West http://www.upenn.edu/pip/?pip=whartonwest■ The French Project (Lauder and Universite of Grenoble) and EUMAX Project (multi-state,
multi-country International Business and Computer Science education)http://www.scienceblog.com/community/older/2001/E/200115536.html
■ Penn Museum of Archeology and Anthropology's Interactive Virtual Museum Education for K12s
12
MAGPI Connected Sites■ Universities
■ Princeton■ Thomas Jefferson University■ Arcadia University■ Lehigh University■ Seton Hall University■ St Francis University■ Temple University■ Villanova University■ Widener University■ Rutgers■ University of Delaware■ Stevens Institute of Technology■ University of Medicine and Dentistry New Jersey■ New Jersey Institute of Technology
■ Hospitals ■ CHOP■ Fox Chase Cancer Center■ Lehigh Valley Hospital
■ Research Facilities■ Johnson and Johnson
■ State Networks ■ New Jersey
■ K12 institutions – 32■ The Franklin Institute
13
College House Services■ Focus Groups■ Wireless■ New Financial Model
14
College House N&T Service Focus Groups■ Conducted two focus groups last week
regarding data, voice and video services■ Goal is to get direction for preparing student
survey■ Strong desire for wireless throughout college
houses■ Rejection of PAC codes on phone lines■ Bandwidth cap not noticed
15
College House Wireless■ Working on various strategies for wireless
networking in the dorms.■ Cost Effective vs. Performance Coverage■ Supplemental vs. Replacement for Wired■ Insourced vs. Outsourced Service.
■ Working on a proposal for College House wireless costs (end of January ’05).
■ Strategy could be expanded to rest of campus.
16
Proposed College House Service & Funding Models■ We already have a separate network SLA for the
College Houses■ Differential hours of support since “home use” is off hours■ Differential Internet Bandwidth■ Special Support for College House Servers
■ We are exploring a new funding model for future services
■ Is it time to have a separate cost model?■ Wallplate fee■ Central service fee
17
Wireless■ Current status■ Subsidized Wireless IP Addresses■ Future Plans
18
Wireless – Current Status■ Locations: 32 Wireless LANs on Campus
■ 14 Public Wireless Locations■ 16 Private Wireless Locations
■ 197 Managed Access Points■ Blue Socket Gateways Installed in 4
locations. ■ User Based Authentication for all but three
Wireless LANs
19
Wireless LAN’s on Campus
20
Wireless - Subsidized Wireless IP Addresses■ NPTF voted to allow up to 400 IP addresses
for public wireless locations if FY2005■ 14 Public Wireless Locations are being
monitored for usage statistics■ Private Wireless LANs can get some
subsidies (10% for large LANs, up to 20% for small LANs)
■ Defining Public vs. Private Wireless LANs
21
Wireless RangesBuilding DHCP range
# of Ip Addresses Domain (new) # of APs
U-S quare (1 AP in GRT CRC) 128.91.24.33- 128.91.24.62 30 wireless-p ennnet.upenn.edu 3SFR-VPUL 128.91.134.12- 128.91.134.21 10 wlan.vpul.upenn.edu 1Museum Library 128.91.27.11- 128.91.27.62 52 wireless-p ennnet.upenn.edu 1M EY 128.91.28.11- 128.91.28.62 52 wlan.design.upenn.edu 1M EL 128.91.59.150- 128.91.59.210 9 wlan.ora.upenn.edu 3LUW 128.91.58.76- 128.91.58.126 51 wireless-p ennnet.upenn.edu 1
LCT-3601-Locust 128.91.59.11- 128.91.59.20 10 wlan.vpul.upenn.edu 1JS N-Biomed Lib 128.91.27.76- 128.91.27.126 51 wireless-p ennnet.upenn.edu 3HRN 165.123.93.11- 165.123.93.107 97 wireless-p ennnet.upenn.edu 5Houston-Hall 128.91.25.51- 128.91.25.100 50 wireless-p ennnet.upenn.edu 4HNW (Harnwell) 128.91.24.95- 128.91.24.126 32 wireless-p ennnet.upenn.edu 1HIL 128.91.24.191- 128.91.24.254 64 wireless-p ennnet.upenn.edu 4Furness-wireless - 1 AP is on 4th floor con fe re nce room ou tside l ibrary are a 128.91.26.139- 128.91.26.190
52
wireless-p ennnet.upenn.edu 6College-green-wireless 128.91.25.161- 128.91.25.235 75 wireless-p ennnet.upenn.edu 3Castor-wireless 128.91.26.75- 128.91.26.94 20 wlan.ssw.upenn.edu 1Bookstore-wireless 128.91.26.11- 128.91.26.50 40 wireless-p ennnet.upenn.edu 13401- Wireless 165.123.94.21- 165.123.94.80 60 wlan.isc-net.upenn.edu 5
10 wireless-p ennnet.upenn.edu5 wlan.admin.up enn.eduEIS 8
22
Wireless RangesBuilding DHCP range
# of Ip Addresses Domain (new) # of APs
HNT-Wireless 128.91.92.61- 128.91.93.254 275 wlan.wharton.upenn.edu 25SDH-Wireless
-SDH(22)-VAN(6)-SCC(2)-LFR(1)-MCN(1)-CPN(2)
LSW (Kelly Writer’s House) 128.91.58.140- 128.91.58.19051
wlan.lsw.greeknet.group.upenn.edu 1GEB 128.91.27.145- 128.91.27.195 51 wlan.gse.upenn.edu 8EVN 128.91.61.30- 128.91.61.55 26 wlan.dental.upenn.edu 7 (1AP in lib)HRS-Wireless 165.123.95.11- 165.123.95.107 97 wireless-pennnet.upenn.edu 2PIN 128.91.26.203 128.91.26.214 12 wlan.vpul.upenn.edu 2GYM 128.91.138.11- 128.91.138.50 20 Wlan.dria.upenn.edu 2Law-Wireless 130.91.208.61-130.91.209.174 370 wlan.law.upenn.edu 37
150 – DHCP
65 - StaticVPL Wireless 128.91.128.40- 128.91.128.254 wireless-pennnet.upenn.edu 21
128.91.80.254- 128.91.81.72
75
wlan.wharton.upenn.edu 34
23
Wireless – Future Plans■ Improvement on user authentication – 802.1x■ Improving efficiency of wLAN installation■ Using New Wireless Tools
■ Air Magnet Laptop Analyzer - troubleshooting■ Air Magnet Surveyor – survey and updating AP’s
■ Evaluating New Tools■ Centralized wireless management tools
■ Cisco Works Wireless LAN Solution Engine (WLSE)■ Airwave Management Platform■ Air Magnet Enterprise
24
Network Management Tools
25
26
27
28
29
30
31
Network Management: PUMA
32
33
34
35
36
Security■ Wired Authentication■ Intrusion Detection■ VPNs
37
Security – Wired Authentication ■ Pilot underway in ISC since June■ Plan to expand pilot externally in December■ Pilots will require client (web intercept
unavailable) until Q1CY2005
38
Intrusion Detection■ A new tool, Arbor Peakflow, allows us to collect and
analyze network "flow" info from Penn routers. ■ This helps us to see lists of
■ top talkers, ■ traffic by protocol (web vs email vs p2p vs voice vs video,
etc), ■ traffic by destination service provider (Cogent vs Qwest vs
Abilene/Internet2), ■ and much more.
39
Intrusion Detection■ Peakflow also allows us to identify denial of service
(DoS, DDoS) attacks in progress, including sources and protocols, and possible filtering options.
■ In this role, the Arbor Peakflow tools act as a very sophisticated distributed IDS, helping us to do targeting filtering during major network-based attacks.
■ No dedicated IDS systems needed to be put inline into the network. Netflow data from the routers is used.
40
Security - VPNs ■ Beginning investigation of generic solution■ Goal: allow specific ports to be used that are
otherwise blocked by ISPs (e.g. for Windows file sharing and MS Exchange)
■ Expect to have proof-of-concept in March■ Targeting deployment for Fall 2005