National Education Network. KAREN School Cluster High-level Design



Similar documents
NEN Community REANNZ. Design Statement: NEN Edge Device

Understanding Virtual Router and Virtual Systems

Campus Network Best Practices: Core and Edge Networks

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

HP Networking BGP and MPLS technology training

Designing Cisco Network Service Architectures ARCH v2.1; 5 Days, Instructor-led

Campus Network Best Practices: Core and Edge Networks

ISP Case Study. UUNET UK (1997) ISP/IXP Workshops. ISP/IXP Workshops. 1999, Cisco Systems, Inc.

Troubleshooting and Maintaining Cisco IP Networks Volume 1

How To Make A Network Secure

Examination. IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

BGP as an IGP for Carrier/Enterprise Networks

Methods of interconnecting MPLS Networks

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Demonstrating the high performance and feature richness of the compact MX Series

Introduction to MPLS-based VPNs

BGP Routing. Course Description. Students Will Learn. Target Audience. Hands-On

Exterior Gateway Protocols (BGP)

Address Scheme Planning for an ISP backbone Network

How to Configure BGP Tech Note

Juniper Exam JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version: 10.1 [ Total Questions: 498 ]

BGP Best Path Selection Algorithm

IPv6 over IPv4/MPLS Networks: The 6PE approach

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

RFC 2547bis: BGP/MPLS VPN Fundamentals

APNIC elearning: BGP Basics. Contact: erou03_v1.0

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

APNIC elearning: BGP Attributes

White Paper. Solutions to VoIP (Voice over IP) Recording Deployment

NAT Using Source Routing through BGP Gateways

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

Introduction to Routing

Campus IPv6 connection Campus IPv6 deployment

Network Level Multihoming and BGP Challenges

nexvortex Setup Template

Border Gateway Protocol (BGP)

Peering in Hong Kong. Che-Hoo CHENG CUHK/HKIX

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Fireware How To Dynamic Routing

Inter-domain Routing Basics. Border Gateway Protocol. Inter-domain Routing Basics. Inter-domain Routing Basics. Exterior routing protocols created to:

Network Virtualization Network Admission Control Deployment Guide

Quidway MPLS VPN Solution for Financial Networks

BGP (Border Gateway Protocol)

Understanding Route Redistribution & Filtering

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

BGP1 Multihoming and Traffic Engineering

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Supporting Document PPP

Service Definition. Internet Service. Introduction. Product Overview. Service Specification

Simple Multihoming. ISP Workshops. Last updated 30 th March 2015

S ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006

SSVVP SIP School VVoIP Professional Certification

Module 12 Multihoming to the Same ISP

How To Build A Lightpath Network For Multiple Lightpath Projects

Document No. FO1004 Issue Date: Draft: Work Group: FibreOP Technical Team July 23, 2013 Final: Single Static IP Customer Owned LAN Router Support

MPLS-based Layer 3 VPNs

ICTNPL5071A Develop planning strategies for core network design

Cisco Certified Network Professional - Routing & Switching

Simple Multihoming. ISP/IXP Workshops

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

NEFSIS DEDICATED SERVER

Advanced Higher Computing. Computer Networks. Homework Sheets

RESILIENT NETWORK DESIGN

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

Course Contents CCNP (CISco certified network professional)

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking

Internet Resiliency and Recovery

Elfiq Link Load Balancer Frequently Asked Questions (FAQ)

How To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

Doing Don ts: Modifying BGP Attributes within an Autonomous System

Understanding Route Aggregation in BGP

Cisco Networking Professional-6Months Project Based Training

BGP Basics. BGP Uses TCP 179 ibgp - BGP Peers in the same AS ebgp - BGP Peers in different AS's Private BGP ASN. BGP Router Processes

Understanding Large Internet Service Provider Backbone Networks

Networking 4 Voice and Video over IP (VVoIP)

How To Understand Bg

Network System Design Lesson Objectives

Border Gateway Protocol Best Practices

MPLS VPN Implementation

Layer 3 Network + Dedicated Internet Connectivity

Building Trusted VPNs with Multi-VRF

Campus LAN at NKN Member Institutions

IXP Member connection Best Practice. Kittinan Sriprasert BKNIX

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

Group Member Access LCH.Clearnet Ltd Network Connectivity Guide (BT Radianz)

Internet Routing Protocols Lecture 04 BGP Continued

Polycom. RealPresence Ready Firewall Traversal Tips

Transcription:

National Education Network KAREN School Cluster High-level Design

Contents 1 Audience... 3 2 Reference Documents... 3 3 Version control... 3 4 Review and Approval... 3 5 Distribution... 3 6 Background... 4 6.1 Introduction...4 6.2 Regional School Clusters/Loops...4 6.3 School Cluster/Loop Trusts...5 6.4 Network Services Functions...5 6.4.1 School Cluster Border Router...5 6.4.2 School Cluster Internet Service Provider...5 6.4.3 Physical Last Mile Connectivity...5 6.4.4 School Edge Router/Firewall...6 6.4.5 School Cluster IT Support...6 7 KAREN School Cluster Design Principles... 7 7.1 School Cluster Border Router...7 7.2 School Edge Router/Firewall...7 7.3 Diagram Examples...8 7.3.1 KAREN School Cluster as a single Autonomous System...8 7.3.2 KAREN School Cluster by Function....9 2 OF 9

1 Audience The intended audience for this document are: REANNZ Staff members REANNZ Board members External Interested Parties 2 Reference Documents National Education Network Trial Documentation IP Address Allocation policy Aggregators Policy KAREN Service Portability for the Education Sector Connectivity Standards 3 Version control VERSION DATE REASON FOR UPDATE AUTHOR 0.1 05/08/2011 Document Creation Andrew McKegg 0.2 05/08/2011 Updated Draft Andrew McKegg 0.3 08/08/2011 Second Draft Andrew McKegg 1.0 09/08/2011 Updated & Approved Andrew McKegg 4 Review and Approval This document has been approved for release by the following: NAME ROLE ORGANISATION DATE Mark Cordy Interim Chief Executive REANNZ 09/08/2011 5 Distribution This document has been distributed to the following persons or parties: NAME ROLE ORGANISATION Staff Review REANNZ 3 OF 9

6 Background 6.1 Introduction The National Education Network (NEN) Trial aimed to provide highperformance network access to a range of learning resources for up to 200 schools, using the backbone infrastructure provided by KAREN (Kiwi Advanced Research and Education Network). School Clusters already connected to open access fibre networks were invited to join the Phase III trial with priority being given to the established loop Clusters in the Manawatu, in Wellington, Nelson-Marlborough, Christchurch and Ashburton. Implementation plans were developed for each geographic Cluster to clarify the actions required and respective responsibilities of the parties involved. This document covers the development of a simple and repeatable KAREN School Cluster high-level design, based on the learnings made as a result of the NEN Trial, in support of the fundamental principles of KAREN, and on designs agreed with the Ministry of Education. The design concept involves considering the KAREN School Cluster as the distributed campus of a single logical entity for the purpose of delivering shared IT services from a variety of Suppliers. 6.2 Regional School Clusters/Loops The rationale behind Regional approach for IP Address allocation is covered in the IP Address Allocation Policy, and also discussed in KAREN Service Portability for the Education Sector. IP address/service Portability is a key design principle; Schools should not be constrained in any way from moving Internet Service Providers. IP addresses that are assigned to the institution will become a unique identifier that does not change when that institution chooses to change Internet Service Provider. The assumption is Schools will move from independently sourcing services, like Internet access, by aggregating their demand on a Local/Regional basis and possibly even a National basis over time. One of the primary goals of the IP Address Allocation policy is to preserve service portability options. 4 OF 9

6.3 School Cluster/Loop Trusts Local School Clusters (or loops) are encouraged to form a Trust as a Legal Entity capable of providing the governance, procurement and management of shared resources and services to the constituent members of the Cluster. The formation of a Trust is a straight forward exercise and is critical to the success of local School Clusters realising the full benefit of participation in the School Cluster, National Education Network, and KAREN. Support for this process is available upon request. A School Cluster Trust can be given the authority to enter into commercial arrangements with suppliers to procure Internet connectivity and other services, on the School Cluster s behalf. It is also a prerequisite for the allocation of IP address space and Autonomous System Numbers (ASNs) by REANNZ. 6.4 Network Services Functions The scope of Network Services for the delivery of a KAREN School Cluster can be broken down as follows: 6.4.1 School Cluster Border Router The KAREN Distribution Layer has been designed to deliver School Cluster border router functionality. This is to relieve the School Cluster of the administrative burden and cost of delivering a complex routing function. This Service is provided by KAREN, to School Clusters/Loops. 6.4.2 School Cluster Internet Service Provider The School Cluster Internet Service Provider is procured by the School Cluster Trust. This allows the Cluster to aggregate the individual School s Internet demand/budget, achieve cost savings, and/or other operational benefits. 6.4.3 Physical Last Mile Connectivity Schools will access KAREN through an Ethernet (preferably optical) connection, delivered by local last mile network service providers. Ideally, each local last mile network service provider will deliver a single shared School Cluster VLAN to both the School Cluster Border Router and 5 OF 9

Edge Firewall/Router. The delivery of Ethernet (Layer 2, as oppossed to dark fibre) services by a local last mile network service provider will minimise the number of physical connections required on the School Cluster Border Router. All connections to KAREN must comply meet the KAREN connectivity standards, as described on www.karen.net.nz. Local Loop Unbundling (LLU), ADSL, and ADSL2+ present an opportunity to explore alternative last mile connectivity options with the network service provider community, and has not been part of any trials to date. Physical Last Mile connectivity is to be procured by the School Cluster/Loop. 6.4.4 School Edge Router/Firewall REANNZ RFPs were completed for the bulk procurement of: Compliant edge devices Management of School edge router/firewall This does not preclude the use of alternative compliant edge devices, nor alternative router/firewall management service providers. These Services are to be procured by the School Clusters/Loops either independently, or by contacting REANNZ with regards to the above RFPs. 6.4.5 School Cluster IT Support Local School Cluster professional IT Support services are expected to be the interface between the KAREN School Cluster and other Service Providers (e.g. KAREN, ISP, Network Device Managers). This would also provide the opportunity to deliver shared services (e.g. Content Filtering, Proxy Servers, Remote Access, SANs, Authentication etc). These Services are to be procured by the School Clusters/Loops. 6 OF 9

7 KAREN School Cluster Design Principles 7.1 School Cluster Border Router The School Cluster Border Router is to be delivered via a Virtual Router Instance on the KAREN Distribution Layer MX80. This Virtual Router Instance will be configured for the exclusive purpose of delivering the border router functionality and associated routing policy for the KAREN School Cluster. School Cluster Border Router key design principles: Connected to both the Local Access Service provider and the Internet Service Provider. ibgp peered with each School in the Cluster as a Route Reflector with the KAREN School Cluster ASN. School s private IP prefixes will be redistributed internally. ebgp peered with KAREN, local preference configured in favour of these prefixes. ebgp peered with the ISP, receiving default routes and redistributing them internally. ASN prepending will be configured to prevent asymmetric routing. Management and support provided by the KAREN Help Desk, via the School Cluster IT Support/Wranglers (not end users). 7.2 School Edge Router/Firewall The School edge device key design principles: Ideally connected to a common VLAN to allow direct inter-cluster member connectivity, and in support of BGP 3 rd party next hop (switching as opposed to routing where possible). The School edge router provides the firewalling on behalf of the school. Firewall policy schould be setup on the edge router to ensure all traffic is compliant with the KAREN School Cluster s security & acceptable use policies (e.g. Content Filtering/Proxy Services). Edge router will provide Network Address Translation (NAT) on behalf of the school as an exception only. Kawahiko IP Address allocations used in support of NAT sensitive applications like Video Conferencing etc. 7 OF 9

IPv6 allocations to be configured and routed in anticipation of future widespread utilisation. 7.3 Diagram Examples 7.3.1 KAREN School Cluster as a single Autonomous System. 8 OF 9

7.3.2 KAREN School Cluster by Function. 9 OF 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information