HEAnet & The Schools Network Presentation to HEAnet National Networking Conference by Ronan Byrne & Tim Maher 10 th November 2005
Presentation Structure Schools Network OverviewRonan Byrne Network Design Tim Maher Network ServicesTim Maher Support ServicesRonan Byrne Project UpdateRonan Byrne
Schools Network Overview Responsibility Areas Access Tender & Broadband Technologies Project Management Approach
Schools Network Overview Free ‘always on’ broadband connectivity to Schools 3 Year Agreement –Dept of Education/Dept of Communication/TIF 3,925+ Schools 6 Access Providers HEAnet backbone network Onward connectivity to Internet & Educational Networks HEAnet Managed Services: Network; Security; 1 st Line NCTE Service Desk & 2 nd Line HEAnet Schools NOC
Responsibility Areas
Dept of Education Access Tender Evaluation HEAnet Technical Advisors to DES/DCMNR Strong response to Call for Tender Evaluation by Evaluation Team over Sept-Dec 2004 Evaluation of 100+ broadband service offerings Evaluation of 80+ different router offerings Report to Ministers - Christmas 2004 Decision by Ministers – 5 th January 2005
Schools Network Bandwidth
Phased Availability of Services INITIAL SERVICES IP Connectivity between Schools IP Connectivity to the general Internet Educational/Research Networks Access Network Security Content Filtering Web-based DNS 2 nd Line Support to NCTE Service Desk LATER SERVICES Web Hosting Personal disk space Video Conferencing Video Streaming Video Lecture E-Schoolbag Content Hosting
Project Management Approach
Project Planning – dependent on Access Tender Project Financials – dependent on Access Tender Project Initiation Document –(scope, constraints & exclusions) Risk Register Resource Planning: –Dedicated Schools Team –Cross-HEAnet Consultancy –External Consultancy Project Organisation
HEAnet Project Organisation
HEAnet Schools Team Ronan ByrneSenior Project Manager Tim MaherTechnical Project Manager Donal O’CearbhaillSystems Administrator Brian ScanlanSystems Administrator Liam KennedyNOC Engineer (2 nd Line) Rachael HoltNOC Engineer (2 nd Line)
Network Design Network Topology Access Network POP Layout Layout and Routing IP Scheme
Schools Network Topology
Access Network Principles Layer 2 service from Access Providers PPPoE over L2TP, VLANs & ATM VC’s RADIUS authentication Managed Router in schools (Cisco 871) Public (HEAnet) IP addresses IPv6 & Multicast (later services)
Access Provider Aggregation Overview
Sample ADSL Service
Sample Satellite Service
Schools’ PoP Layout
Layout and Routing Only links and loopbacks go into OSPF Everything else is redistributed straight into BGP Each PoP provides the other with transit over the National Backbone Extension Onward connectivity provided by BGP connection to HEAnet core
Very Large Post-Primary (>1000)/23 (510) Large Post-Primary ( )/24 (254) Medium Post-Primary ( )/25 (126) Small Post-Primary (<100)/26 (62) Large Primary ( )/24 (254) Medium Primary ( )/25 (126) Small Primary (50-99)/27 (30) Very Small Primary (<50)/27 (30) IP Addressing
Network Management Systems
HEAnet: Centralised Network Services Monitor schools’ connectivity Generation of intelligent alerts Monitor services Graph network usage Capacity planning Access Provider measurements vs. SLAs: –Latency (RTTs) –Packet loss –Network availability
SmokePing Nagios Cricket
Geographical Network Map
Provisioning Systems
Provisioning system - overview Required to generate school specific configurations for CPE router, monitoring, etc. Dynamically provision services Database backend with schools’ information Informational web front-end
Provisioning System – services provisioned CPE router config Nagios Radius Cricket Cisco ACS Smokeping Fortinet Maps DNS
Provisioning System Structure
Security Design
Schools Network Security Design
Centralised Content Filtering DES Requirement Fortinet solution Security node at each PoP 500Mbps capable “in-line checking” High Availability & ASIC technology Content filtering capability: –In-Line Anti-Virus blocking –White List –Black List –56 Categories –Database of 28 million rated URLs –24x7 Managed Service Intrusion Detection/Protection System (IDS/IPS) “Security Profiles” set by Dept of Education
Kilcarbery Centralised Security
Services
Schools Service DES Requirement Award to Sonas Innovation Web front end Opensource components LDAP foundation Anti-Spam & Anti-Virus blocking Calendar & Address list facility Autonomy at school level to administrate some services (e.g. new mailboxes) Scalable to accommodate all staff & pupils Dept of Education set policy
Scalability of Network Design /12 IP Address Space = over 1 million public IP addresses solution can accommodate 200,000 mailboxes, scalable up to 800,000 mailboxes Security solution scalable up to 4Gbps Cisco 871 new generation router
School Support Services
HEAnet Schools NOC Separate to main HEAnet NOC Different customer needs Separate processes 2 nd Line role Shared ticketing system with NCTE Separate contact channels
Support to NCTE 1 st Line Service Desk Acceptance Test Tools –Lot 1 (SmokePing) –Lot 2 (Bespoke Acceptance Script) Front-end Service Provisioning –Automated Network Monitoring on Lot 2 Acceptance –Enable Security Policy Documentation (Wiki) –Installation & Troubleshooting Guidelines –Technical Advice –School LAN Connection Guidelines –FAQs Training
Schools Support Escalation Channel
Project Update
HEAnet Schools Project Status HEAnet ‘Schools’ backbone network built HEAnet interconnectivity with all Access Providers HEAnet Schools NOC in place Network monitoring live Provisioning systems live Router configurations released to Eircom Security services live Schools connecting (LANs enabled) HEAnet delivering to project deadlines HEAnet delivering to project budget
Broadband Roll-Out Status Lot 1 (Broadband):2,000 complete Target completion: end 2005 Lot 2 (Routers) :1,000 complete Target completion: end Q1 2006
Questions & Answers