1 / 13

SLAC’s Networks

SLAC’s Networks. Prepared by: Les Cottrell SLAC , for SLAC Network & Telecommunications groups Presented to Kimberley Clarke March 8 th 2011. Outline. Phone upgrade Core network & offsite connections Cell phone coverage, mobility Wireless, visitor subnet Monitoring LAN & WAN Gigamon

moe
Download Presentation

SLAC’s Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SLAC’s Networks Prepared by: LesCottrellSLAC, for SLAC Network & Telecommunications groups Presented to Kimberley Clarke March 8th 2011

  2. Outline • Phone upgrade • Core network & offsite connections • Cell phone coverage, mobility • Wireless, visitor subnet • Monitoring LAN & WAN • Gigamon • VPN upgrade • IPv6, IPAM • Conclusions

  3. Philosophy • Support getting the science done (safely) • The science is the mission • Uniformity of design (where possible) • Define standardized solutions & apply repeatedly • Limit vendors, technologies used • Leverage existing OCIO staff expertise • Engineered for robustness (e.g. redundancy) • OCIO is not staffed for 24/7 coverage • “Throwing smart (dedicated) people at issues” works as long as you do not throw them too often • Powerful, easy to use monitoring

  4. Central phone system • Designed for low cost ($15/phone/month) , high reliability (1 unscheduled system fail in 22 years – loss power) • End of life: parts are 1988 vintage, last major update 2000 • 4000 phones, ~ 50% are non user (e.g. wall, conference room, FAX, emergency …, so can stay analog) • Evolutionary upgrade phone system using existing infrastructure (phone sets, closets, UPS, cabling) where possible to reduce costs and ensure maintainability while we: • Enable VoIP • Enable unified communications • Email/vmail integration, presence, mobility, SMS …

  5. Network Scale • 70 major buildings, • Single site, but lots of worldwide collaborations • 300 layer 2 capable devices, 50 layer 3 • 15K end devices, 30K ports, • Support: • science (open high performance worldwide), • business (protected, e.g. HR, finances ..), • controls & monitoring systems (local HVAC, accelerator), • desktops with local & internet access • visitors

  6. Local Area network • Core network: highly reliable, supports 10Gbps connections for: • high performance computing clusters, offsite, and buildings (edge) switches, • Redundancy for power, routers, power supplies etc. • Most wired desktops can be/are enabled for 100Mbps connections, we are upgrading to 1Gbps to the desktop for major buildings. • Segmenting and rationalizing subnets • Private (RFC1918), Internet access, printers • Subnet set/switch, removing flat earth • Improved security, isolation of problems & performance

  7. Wide Area Network Access • Off site links: multi 10Gbps links • ESnet most production and also dedicated circuits (using MPLS) to BNL for ATLAS • Stanford and CENIC/Internet2 • One physical path down Sand Hill Rd AT&T conduits with IRU • SRCF 2nd redundant path • ACLs at borders

  8. Mobility • WiFi: most buildings covered ~ 160WAPs • Open access, not authenticated: ease of use • No privileged access to SLAC resources • Visitor subnet: no servers, block inbound connections

  9. Cell phones • Coverage outside good: on site macro sites for T-Mobile, Sprint, Metro-PCS and AT&T. Verizon going in across the street • In buildings: most are penetrated from outside. • Installed BDAs in a few heavily shielded buildings • Pico cell in one area • Pagers at end of life (atrophied ’60s technology)

  10. Monitoring • Critical enabler for network and desktop admins • LAN: lookup routers, switches, ports, hosts, hosts for person, MAC & IP addresses, VLANs, provide: • History, uilization, temp, cpu, power use, weather maps, idle ports, topology • WAN: collaborations worldwide, E2E pingER & perfSONAR (multi NRENs) • GigaMon: capture packets outside border on 10Gbps links and inspect

  11. Security • Improved security via ACLs, firewalls, • New VPN infrastructure going into place using IPSEC, • Easy to use visitor network, reasonable security • private VLANs, • blocking of in-bound sessions and outbound SMTP • Blocking of outbound SMTP

  12. Future • Developing new roadmap for service types with differing security requirements: • science; business; guest/visitors; SLAC general networks (desktops etc.); internal networks such as controls, data acquisition • being ready to address IPv6 when DoE demands it • Network equipment IPv6 capable • better IP address management with delegation, • Mobile computing and unified communications

More Related