1

State of the Network

1 May 2007

Computing Support Meeting

Terry Gray

Assoc VP, Technology & Architecture

C&C

1997 --> 2007

Recent Changes

Expansion, both wired & wireless initiative Router upgrades (Foundry -> Cisco)

Core/Backbone: Layer 2 -> Layer 3, 10Gbps

Network Information & Security Tool portals (Beta)

Spanning Tree deployment (just beginning)

Tipping Point & Packeteer upgrades Building & Outside Plant upgrades Metropolitan Ethernet transport system First 10GE connections (HDTV & Imaging)

Growth... (except for modems!)

2006 2007

140K-Normalized 100K 125K-Daily (Typical) 60K 75K

38K-P172 Hosts 25K

30K (?) 73KActive DHCP leases 37K

Wireless (registered) users 35K 40K (Per Day) 4K 7K Users registering >1 device 14K

Campus phones 32KDial-in modems 1848 816

Attacks Blocked by IPS 68 Million (Per Day) 185K

DEVICE COUNTS Incl. printers, visitors, etc!!-Total MAC addresses (seen since 1/1)

-Wireless Hosts (seen since 1/1)

-DHCP-enabled Hosts (last 30days)

Modem Users -a dying breed

Devices Seen on Network (adjusted)

Campus Backbone Traffic >40TB/d

Perimeter Security

Firewalls DIY Logical FWs ( >70 on campus) Managed subnet FWs (new svc, using Cisco FWSMs)

P172 (private addresses plus NAT) IDS/IPS

Tipping Points Homebrew, based on Netflow data Dark net monitoring

Also, supporting host security: Vulnerability scanning Managed host service (Nebula) Security tools portal UW Policies: computer & data security standards

Trends... Growth continues (speed, capacity) Higher availability expectations More wireless/mobility More convergence (e.g. VoIP, video) More TDAs (Traffic Disruption Appliances) More “gated communities” (aka “Balkanization”) Backlash/Consequences

Complexity/MTTR challenges –harder to diagnose More tunneling & encryption

FutureNet = local nets linked together by Port 443 More “personal lambda” & “bypass” nets More SSL VPNs to get around security

Immediate Focus Areas

Wireless Initiative, year 3 (remaining 40%)

Stability: router upgrades, spanning tree

Improving diagnostic & management capability

Self-service tools

Improved security visibility and reporting

Next-Gen network requirements gathering

Future Needs / Requests More and fewer security/admin perimeters Abandoning traditional geographic topologies More/faster wireless; 802.11n, UWB, etc Building upgrades (40-50 need it) More visibility into traffic, incl. trend analysis Perimeter defense bypass MAC Registration (at least wireless) Network Admission Control (wired) Traffic shaping, by application Separate and/or faster nets Jumbo Frames Dynamic DNS IPv6

Questions/Comments

At the break.... or via email:

gray@washington.edu

13

Wireless DeploymentSeattle Campus only (excluding Auxiliaries) Sept. 2005 – Present

~3.43m Additional ASF covered Total Seattle Main covered ~4.45m ASF

56 Additional buildings fully covered Also numerous partial deployments

3 Major Outdoor Areas HUB Lawn, Quad, Red Square

2573 Access Points installed Total APs Seattle Main only ~2945 Total APs All areas ~3360

193 General Assignment Classrooms (8751 seats) Overall GAC covered - 266 of 327

total, or 82%

~248 Departmental Classrooms (~7721 seats)

12 Department/Branch Libraries

Seattle Main Campus - Overall Wireless Coverage (ASF)(Excluding Auxiliaries)

6%

46%

7%2%

39%

Pre-UWI - Aruba (approx.)

UWI + Non-UWI Completed

Pilot & Other Cisco sites(approx)

Wireless coverage not required(proposed)

No or Minimal Wireless

Seattle