Wednesday, February 4, 2009
292B Memorial Student Union
Texas A&M Campus
College State, TX
DCN Survey
- Yes: UNL, Stanford, TAMU, UMN, and Umich
- OpenFlow to facilitate DCN?
DNS
- What production DNS software are folks using or planning to deploy.
- Stanford: NetDB: opensource, v6 this possibly summmer, Oracle DB only, WebUI
- integrated with bind and ISC DHCP
- UMN: Infoblox, bluecat
- GT: No longer using Infoblox
- UNL: QIP - Lucent bought
- Stanford: NetDB: opensource, v6 this possibly summmer, Oracle DB only, WebUI
OpenFlow
- Lambda Station
- DCN
- IDC controller
- get into Sienna core somehow
- Router based for right bandwidth flows or disaster recovery
- L2 VLAN from desktop to endpoint
- L3 to border router and DCN out
- L2 vs L3 in Cisco 6500, slightly more latency in L3
- latency vs speed of light
DNSSEC
- Microsoft support in Windows 7 and Server 2008 R2 but poorly documented
- BCP/SPF - open relay/SPAM
- Use ISC's DLV Registry <https://www.isc.org/solutions/dlv>?
IPv6
- H train on 6500 netflow
- netflow not sampled but watch cpu load
- 3750 code with feature parity
- UMN: dual stack everywhere
- IU: last 5 years all VLANs except wireless
- native better than tunneled, no visibility into traffic
- IU: black hole routes
- for 1 hour
- for the time between now and DHCP lease expires
- snap, open source, gather interface/port stats
- NAT
- IPv4 exhaustion
- Go to ARIN or not... global/local
- IPv4 addreses used by iPhones in pockets or by wireless cards on wired connected laptops
- highway near campus, phones sucking up addresses
- IU: 12 /16s
- 1/2 /16 just for wireless
- NCP to TCP/IP
- sorta same today, IPv6 not so good, but comfortable with IPv4
- Cable companies
- could NAT IPv4 and customer would loose public IPv4 address
- carrot? get real a IPv6 address or /64
Project Process
- How much people are required to do peer group analysis before decisions about new technologies or policies can be instituted?
- How to find out what your peers are doing?
- CIC
- Use NetGURU list as a peer bounce/sounding board
- edunog@puck.nether.net mailing list, <https://puck.nether.net/mailman/listinfo/ednog>
- CSG, <http://www.stonesoup.org/>
Datacenter Network Design
- Converged data/storage "network" devices
- Density per rack
- VoIP
- analog gateways at NCSU
- convergence will happen but not ready today
- no less than 6 new *oE RFCs, not fully baked, Q4 earliest
- VMWare
- Cisco virtual switch
- Intended for L2 flat network
- VMotion: EoMPLS / VPLS
- Pods in data center
- about 100 machines in a pod
- redundant L2 pods in two different data centers
- multiple pods per data center
- top of rack
- UMN: cable trays overhead
- IU: HP ProCurve 6600
- GT: Cisco 4948s
- Umich: 3750e, 10 gig uplink, 1 primary and 1 redundant
Distributed Antenna Systems
- TAMU
- 3u in building, media converter between coax and fiber
- antenna on roof
- ate up a lot of fiber
Thursday, February 5, 2009
Femtocells
- Verizon: voice only
- at&t: unclear
- Sprint: Locked down to 5 phones on the same account
- Let students supplement cell coverage in dorm rooms or apartments?
Wireless
- CIC: no Cisco
- Minnisota: city using bellaire
- UNL: non-students pay $6/month flat rate
- most: common good
Endpoint Integrity Checking
- Stanford: only on first registration, reset once a year
- IU: students only for wireless, only in dorms, reset once a year
- IU students: 85% laptops / 42% laptops
- UMN: use DHCP as control plane; if address not from DHCP, traffic will be blocked at gateway
- RADIUS assign VLANs
- GT: MySQL front end with FreeRADIUS
- one quarentine VLAN same across campus
- a VLAN per dorm
- GT: MySQL front end with FreeRADIUS
- UMN: one quarantine vlan
- filters to prevent talking among device, may only talk to patch servers via ACLs
Data Intensive Networks
- could create an unlevel playing field
- have a convoluted 10G network of clusters and specialized machines
- the problem is the network:
- less devices to check
- get to solution quicker
- define abilities rather than defining architecture and technologies
- more likely DCN would happen?
Firewall
- campus perimeter firewall
- some yes, most no
- firewall between backbone and buildings
- firewall between backbone and LANs
- Products:
- Juniper Netscreen
- Cisco FWSM
- Cisco ASA
- I2 not filtering routes
- Spamhaus Project - DROP
- <http://www.spamhaus.org/drop/>
Packetshapers
- Packeteer
- rate limit outgoing dorm traffic to I1 commodity
- packetstrangler?
IDS
- Argus
- Snort, Sourcefire
- Endace Card and a fiber tap
- IDS like: detection from server log
- Netflow
- Lancope
- RSPAN
- homegrown NetFlow anomoly tools
- Internet Motion Sensor
- Arbor Networks' Peakflow
- sFlow
- inMon
WiMax
- Mobile WiMax
- data to vehicle
- Wimax to bus ... 802.11 in the bus
- 4G versus WiMax
Communication
- UNL: Tactical Meeting
- all units send a representative
- talk about what is going
- projects that might affect others
- forum for discussion
- mostly senior engineer folks
Whitespace
- FCC openning bands between TV channels (54MHz - 698Mhz)
- Dell laptops coming soon
Multicast on Wireless
- Anouk IPTV?
Server Virtualization and networks
Converged Communication (voice, video, text)
- VoIP
- unencrypted VoIP traffic
- specs for uptime
- guaranteed runtime to endure power outage
SSL VPN
- IPv6 support?
- Most deploying Juniper/Cisco
- License costs
Future meetings
- Drop back to once per year?
- No
- Is remote dial-in good or bad?
- Ok
- Could one per year be virtual via dial-in (video only?)
- Continue with face-to-face twice a year
GENI
- Stanford: OpenFlow
- IU: Grant to study operational concerns
L2TPv3 Tunneling
- extend network
- supports 802.1Q
Business Models
- head tax
- IT fee
- space/population equation