1 state of the network 1 may 2007 computing support meeting terry gray assoc vp, technology &...
Post on 21-Dec-2015
213 views
TRANSCRIPT
1
State of the Network
1 May 2007
Computing Support Meeting
Terry Gray
Assoc VP, Technology & Architecture
C&C
1997 --> 2007
Recent Changes
Expansion, both wired & wireless initiative Router upgrades (Foundry -> Cisco)
Core/Backbone: Layer 2 -> Layer 3, 10Gbps
Network Information & Security Tool portals (Beta)
Spanning Tree deployment (just beginning)
Tipping Point & Packeteer upgrades Building & Outside Plant upgrades Metropolitan Ethernet transport system First 10GE connections (HDTV & Imaging)
Growth... (except for modems!)
2006 2007
140K-Normalized 100K 125K-Daily (Typical) 60K 75K
38K-P172 Hosts 25K
30K (?) 73KActive DHCP leases 37K
Wireless (registered) users 35K 40K (Per Day) 4K 7K Users registering >1 device 14K
Campus phones 32KDial-in modems 1848 816
Attacks Blocked by IPS 68 Million (Per Day) 185K
DEVICE COUNTS Incl. printers, visitors, etc!!-Total MAC addresses (seen since 1/1)
-Wireless Hosts (seen since 1/1)
-DHCP-enabled Hosts (last 30days)
Modem Users -a dying breed
Devices Seen on Network (adjusted)
Campus Backbone Traffic >40TB/d
Perimeter Security
Firewalls DIY Logical FWs ( >70 on campus) Managed subnet FWs (new svc, using Cisco FWSMs)
P172 (private addresses plus NAT) IDS/IPS
Tipping Points Homebrew, based on Netflow data Dark net monitoring
Also, supporting host security: Vulnerability scanning Managed host service (Nebula) Security tools portal UW Policies: computer & data security standards
Trends... Growth continues (speed, capacity) Higher availability expectations More wireless/mobility More convergence (e.g. VoIP, video) More TDAs (Traffic Disruption Appliances) More “gated communities” (aka “Balkanization”) Backlash/Consequences
Complexity/MTTR challenges –harder to diagnose More tunneling & encryption
FutureNet = local nets linked together by Port 443 More “personal lambda” & “bypass” nets More SSL VPNs to get around security
Immediate Focus Areas
Wireless Initiative, year 3 (remaining 40%)
Stability: router upgrades, spanning tree
Improving diagnostic & management capability
Self-service tools
Improved security visibility and reporting
Next-Gen network requirements gathering
Future Needs / Requests More and fewer security/admin perimeters Abandoning traditional geographic topologies More/faster wireless; 802.11n, UWB, etc Building upgrades (40-50 need it) More visibility into traffic, incl. trend analysis Perimeter defense bypass MAC Registration (at least wireless) Network Admission Control (wired) Traffic shaping, by application Separate and/or faster nets Jumbo Frames Dynamic DNS IPv6
13
Wireless DeploymentSeattle Campus only (excluding Auxiliaries) Sept. 2005 – Present
~3.43m Additional ASF covered Total Seattle Main covered ~4.45m ASF
56 Additional buildings fully covered Also numerous partial deployments
3 Major Outdoor Areas HUB Lawn, Quad, Red Square
2573 Access Points installed Total APs Seattle Main only ~2945 Total APs All areas ~3360
193 General Assignment Classrooms (8751 seats) Overall GAC covered - 266 of 327
total, or 82%
~248 Departmental Classrooms (~7721 seats)
12 Department/Branch Libraries
Seattle Main Campus - Overall Wireless Coverage (ASF)(Excluding Auxiliaries)
6%
46%
7%2%
39%
Pre-UWI - Aruba (approx.)
UWI + Non-UWI Completed
Pilot & Other Cisco sites(approx)
Wireless coverage not required(proposed)
No or Minimal Wireless
Seattle