Difference between revisions of "Network Infrastructure and Services"

From Gobblerpedia
Jump to: navigation, search
imported>Matthazinski
(Page created)
 
imported>Matthazinski
(Added network policies, UC info)
Line 2: Line 2:
  
 
=== Network Topology ===
 
=== Network Topology ===
CNS has about 4 Gbps aggregate bandwidth of commodity Internet from its Cogent uplink in the [[Andrews Information Systems Building]], which is fed to campus via redundant fiber connections to both Burruss Hall and Cassell Colliseum. Owens Hall, Hillcrest Hall, and Shanks Hall also serve as routers for some buildings. Additional connections for [[Network Virginia]], [[National Lamba Rail]], and [[Internet2]] exist at AISB. The vast majority of campus IPv4s come from two directly-allocated blocks (128.173.0.0/16 and 198.82.0.0/16).
+
CNS has about 4 Gbps aggregate bandwidth of commodity Internet from its Cogent uplink in the [[Andrews Information Systems Building]], which is fed to campus via redundant fiber connections to both Burruss Hall and Cassell Colliseum. Owens Hall, Hillcrest Hall, and Shanks Hall also serve as routers for some buildings. Additional connections for [[Network Virginia]], [[National LambaRail]], [[Mid-Atlantic Terascale Partnership]], and [[Internet2]] exist at AISB. Nearly all ethernet portals on campus are capable of 100 Mbps or Gigabit speeds, due to fiber interconnects between buildings; however, intrabuilding wiring varies in age and may not support high speeds. The vast majority of campus IPv4s come from two directly-allocated blocks (128.173.0.0/16 and 198.82.0.0/16).
  
 
CNS is a leader in the transition to IPv6, as their [[w:Autonomous System|ASN]] consistently ranks in the top 5 in terms of percentage of IPv6 traffic, according to [http://www.worldipv6launch.org/measurements/ World IPv6 Launch Measurements]. A dual-stack topology exists for the entirety of campus, with the notable exception of the main university website. However, Virginia Tech does not currently have its own IPv6 block; the addresses used are from a /48 sub-allocated from [[w:University of Maryland|UMD]].
 
CNS is a leader in the transition to IPv6, as their [[w:Autonomous System|ASN]] consistently ranks in the top 5 in terms of percentage of IPv6 traffic, according to [http://www.worldipv6launch.org/measurements/ World IPv6 Launch Measurements]. A dual-stack topology exists for the entirety of campus, with the notable exception of the main university website. However, Virginia Tech does not currently have its own IPv6 block; the addresses used are from a /48 sub-allocated from [[w:University of Maryland|UMD]].
 +
 +
In December 2011, CNS announced that a contract had been awarded to IBM and Avaya for ''Unified Communications'', a project to both replace the aging ROLM phone system with SIP phones and upgrade the network infrastructure in each building. This has also somewhat reduced monthly rates of common telephone and ethernet services for departments. While most buildings will be undergoing upgrades through 2014, it is unknown whether or not each will have full gigabit speeds at actual user ports. It is also unknown whether users will be able to use SIP softphones in conjunction with this.
 +
 +
=== Network Policies ===
 +
Contrary to popular belief, CNS does not actively monitor users for torrenting activity; however, they are obligated to forward DMCA notifications to the relevant parties. Residential users that engage in peer-to-peer filesharing are often throttled (according to policy) if their daily upload average exceeds 4.9 GB. Campus-wide intrusion detection systems are deployed through cooperation with the [[IT Security Lab]].
 +
 +
Port security is enabled, meaning that users are not permitted to attach a switch to the network and must pay for new connections for all devices. While the $20/month fee for gigabit connectivity is generally thought to be reasonable, many department networks require them to evade this restriction through the use of NAT routing, ARP proxies, and/or NDP proxies. For most public portals, MAC address registration is often required, although some department ports are known to not carry this restriction.
 +
 +
NAT routers are officially banned, largely due to dorm residents bringing their own NAT router, plugging it in backwards, and sending DHCP leases to their entire building. While the ban is generally unenforced unless a problem arises, users are encouraged to purchase additional connections through CNS instead.
  
 
=== Controversies ===
 
=== Controversies ===
* CNS maintains a 4.9 GB/day upload cap for residential users, after which connections will be throttled.
+
In addition to the network policies stated above, the following controversial activities have arisen:
* Port security is enabled, meaning that users are not permitted to attach a switch to the network and must pay for new connections for all devices.
+
* CNS has begun deploying [[w:Network Address Translation | NAT]] to dorm buildings, starting with [[Ambler Johnston Hall]], as it has done in the past with wireless access points. This causes issues for students that need to forward ports for services such as SSH. IPv6 addresses, however, are global. It is unknown whether CNS has applied for additional addresses from ARIN.
* CNS has begun deploying [[w:Network Address Translation | NAT]] to dorm buildings, starting with [[Ambler Johnston Hall]]. This causes issues for students that need to forward ports for services such as SSH. IPv6 addresses, however, are global.
 
 
* In January 2013, emergency maintenance was done at Virginia Tech's uplink in Ashburn, but users were not informed in advance of the potential downtime. This initially took out VT's edge IPv4 access for several hours, and later resulted in intermittent routing issues at the BGP level until the next morning.
 
* In January 2013, emergency maintenance was done at Virginia Tech's uplink in Ashburn, but users were not informed in advance of the potential downtime. This initially took out VT's edge IPv4 access for several hours, and later resulted in intermittent routing issues at the BGP level until the next morning.
 +
* Like most administrative university offices, CNS is often regarded as having much bureaucracy. For example, the processes for obtaining SSL certificates or a DNS entry directly under "vt.edu" are especially tedious.
 +
* CNS services such as VPN and VT-Wireless (the secure wireless network) require use of MS-CHAPv2, which is proven to be very insecure.
  
 
[[Category:Blacksburg ISPs]]
 
[[Category:Blacksburg ISPs]]

Revision as of 23:22, 18 January 2013

Communications Network Services (CNS) is a division of the Office of the Vice President for Information Technology, which provides ISP services including telephone and Internet to the university. Unlike most departments, CNS operates as an auxillary service, and therefore recieves funding through cost-recovery rather than university budgets. Individual departments and students must pay a per-port charge for each IP or phone device attached to the network.

Network Topology

CNS has about 4 Gbps aggregate bandwidth of commodity Internet from its Cogent uplink in the Andrews Information Systems Building, which is fed to campus via redundant fiber connections to both Burruss Hall and Cassell Colliseum. Owens Hall, Hillcrest Hall, and Shanks Hall also serve as routers for some buildings. Additional connections for Network Virginia, National LambaRail, Mid-Atlantic Terascale Partnership, and Internet2 exist at AISB. Nearly all ethernet portals on campus are capable of 100 Mbps or Gigabit speeds, due to fiber interconnects between buildings; however, intrabuilding wiring varies in age and may not support high speeds. The vast majority of campus IPv4s come from two directly-allocated blocks (128.173.0.0/16 and 198.82.0.0/16).

CNS is a leader in the transition to IPv6, as their ASN consistently ranks in the top 5 in terms of percentage of IPv6 traffic, according to World IPv6 Launch Measurements. A dual-stack topology exists for the entirety of campus, with the notable exception of the main university website. However, Virginia Tech does not currently have its own IPv6 block; the addresses used are from a /48 sub-allocated from UMD.

In December 2011, CNS announced that a contract had been awarded to IBM and Avaya for Unified Communications, a project to both replace the aging ROLM phone system with SIP phones and upgrade the network infrastructure in each building. This has also somewhat reduced monthly rates of common telephone and ethernet services for departments. While most buildings will be undergoing upgrades through 2014, it is unknown whether or not each will have full gigabit speeds at actual user ports. It is also unknown whether users will be able to use SIP softphones in conjunction with this.

Network Policies

Contrary to popular belief, CNS does not actively monitor users for torrenting activity; however, they are obligated to forward DMCA notifications to the relevant parties. Residential users that engage in peer-to-peer filesharing are often throttled (according to policy) if their daily upload average exceeds 4.9 GB. Campus-wide intrusion detection systems are deployed through cooperation with the IT Security Lab.

Port security is enabled, meaning that users are not permitted to attach a switch to the network and must pay for new connections for all devices. While the $20/month fee for gigabit connectivity is generally thought to be reasonable, many department networks require them to evade this restriction through the use of NAT routing, ARP proxies, and/or NDP proxies. For most public portals, MAC address registration is often required, although some department ports are known to not carry this restriction.

NAT routers are officially banned, largely due to dorm residents bringing their own NAT router, plugging it in backwards, and sending DHCP leases to their entire building. While the ban is generally unenforced unless a problem arises, users are encouraged to purchase additional connections through CNS instead.

Controversies

In addition to the network policies stated above, the following controversial activities have arisen:

  • CNS has begun deploying NAT to dorm buildings, starting with Ambler Johnston Hall, as it has done in the past with wireless access points. This causes issues for students that need to forward ports for services such as SSH. IPv6 addresses, however, are global. It is unknown whether CNS has applied for additional addresses from ARIN.
  • In January 2013, emergency maintenance was done at Virginia Tech's uplink in Ashburn, but users were not informed in advance of the potential downtime. This initially took out VT's edge IPv4 access for several hours, and later resulted in intermittent routing issues at the BGP level until the next morning.
  • Like most administrative university offices, CNS is often regarded as having much bureaucracy. For example, the processes for obtaining SSL certificates or a DNS entry directly under "vt.edu" are especially tedious.
  • CNS services such as VPN and VT-Wireless (the secure wireless network) require use of MS-CHAPv2, which is proven to be very insecure.