Wednesday, July 23, 2009

307 Campus Center
Indiana University-Purdue University Indianapolis Campus
Indianapolis, IN

Dynamic Circits in Production

  • UNL: Yes
    • pull fiber from location to border router
  • LSU: Yes
    • LONI

DR/BC

  • UMN: Iron Mountain
  • Build data center versus commercial provider
  • Have VM ready, use it when needed
  • Is 18 hours DR or BC?
  • DR versus BC
  • Weather event/pandemic/attack
  • Generator failures
    • power outages due to generator testing

DNSSEC

  • LSU
  • GT: moving to Blue Socket
  • x.gov didn't validate - NSEC3
    • upgrade bind to correct

IPv6

  • IU: production on both campuses
  • Why? Because we can
  • Netflow: v9
  • DHCP: v4 easy, v6 hard
  • Security tools
    • block at port level with MAC rather than black hole route in router
    • change NAC from DHCP to MAC filter at port
    • dynamic roaming and VLAN assignment
    • product: Colubris (sp?)
    • block rogue RA and block rogue DHCPv6
  • Network done, now time for applications to catch up
    • go native
    • squid proxy in front of load balancer
    • WUNC radio is streaming via IPv6

Inline Security Appliance at 10G

  • Use PBR to divert large known flows around appliance
  • Shaping at 10G: Procera device
    • sound architecture but expensive
  • LSU: Netenforcer and Juniper ISG2000
  • USF: Red Lambda
  • USC Med: TippingPoint
  • UMass: Arbor Networks

Wireless

  • Cisco
    • Most using Cisco
    • Most going to reevaluate with migration to 802.11n
  • UMN: Trapeze
  • Aruba
    • Two migrating from Cisco and MUCH happier
    • Fix in days weeks rather than months with Cisco
    • Now owns AMP
  • Meru
    • one channel make sense with 802.11n
  • Design philosophy
    • 40 users per AP with a/b/g
    • 20 to 25 with n
  • Injectors or PoE switches
  • CMU: XIRRIX
  • PSU: May allow students to bring APs into dorm rooms
  • Visitor Wireless
    • PSU: AT&T
    • fac/staff sponsor accounts for visitors
    • still wide open
  • More SNMP traffic than broadcast on wireless?
  • Are wireless management integrated with Ethernet tools?

ARIN - Legacy RSA

  • Sign or not
    • ARIN will attest to your address space
    • contract with ARIN to do whois for your documented space
    • future policy cannot change - advisory council
    • might not be offered after December 31, 2009
    • PPML - need your voice

Centralized VM Service

  • IU: Yes
  • LSU: Yes
  • PSU: Yes

Email

  • Exchange
  • Zimbra
  • IE
  • Google/Microsoft hosted

Campus Architecture

  • UMN: MPLS
    • routed, not L2, across core
    • VRFs
  • Stanford
    • Independent zones
    • BGP with the core
    • MPLS in a multi AS environment
  • IU: VRFs
    • MPLS, not MPLS lite

Thursday, July 24, 2009

Kerberos

  • IU turned off MIT KDCs, AD only now
  • UMN: Save money and end Microsoft Site License?

Data Center

  • Top of rack switch
  • VMs - save machine room space
    • VMWare virtual switch
  • 10G: copper or fibre
  • Spread the failure domain

Change Management

  • Wiki
  • Maillists
  • Pre-defined maintenance windows
  • High Availability
  • Coordination between groups

40/100G

  • IU: researching and researchers
  • Design the optical system today to be ready for 40/100G
  • Pull cable versus CDWM
  • 1000BASE-BX

Data Center

  • Leaking L2 outside data center
  • L2VPN
  • VMotion
  • TRILL
  • MAC routing... ISIS
  • Leverage departmental firewall but virtual server in data center

VPN

  • Juniper SSL VPN
    • Client based, no static tunnels
  • Cisco IPSec
  • Telecommuting
  • Use VPN to move traffic around firewall

Layer 1

  • Rewire or go wireless
  • IU: rewire

Cellular

  • DAS
  • No labels