HEAnet & The Schools Network Presentation to HEAnet National Networking Conference by Ronan Byrne & Tim Maher 10 th November 2005

Presentation Structure  Schools Network OverviewRonan Byrne  Network Design Tim Maher  Network ServicesTim Maher  Support ServicesRonan Byrne  Project UpdateRonan Byrne

Schools Network Overview  Responsibility Areas  Access Tender & Broadband Technologies  Project Management Approach

Schools Network Overview Free ‘always on’ broadband connectivity to Schools 3 Year Agreement –Dept of Education/Dept of Communication/TIF 3,925+ Schools 6 Access Providers HEAnet backbone network Onward connectivity to Internet & Educational Networks HEAnet Managed Services: Network; Security; 1 st Line NCTE Service Desk & 2 nd Line HEAnet Schools NOC

Responsibility Areas

Dept of Education Access Tender Evaluation HEAnet Technical Advisors to DES/DCMNR Strong response to Call for Tender Evaluation by Evaluation Team over Sept-Dec 2004 Evaluation of 100+ broadband service offerings Evaluation of 80+ different router offerings Report to Ministers - Christmas 2004 Decision by Ministers – 5 th January 2005

Schools Network Bandwidth

Phased Availability of Services INITIAL SERVICES IP Connectivity between Schools IP Connectivity to the general Internet Educational/Research Networks Access Network Security Content Filtering Web-based DNS 2 nd Line Support to NCTE Service Desk LATER SERVICES Web Hosting Personal disk space Video Conferencing Video Streaming Video Lecture E-Schoolbag Content Hosting

Project Management Approach

Project Planning – dependent on Access Tender Project Financials – dependent on Access Tender Project Initiation Document –(scope, constraints & exclusions) Risk Register Resource Planning: –Dedicated Schools Team –Cross-HEAnet Consultancy –External Consultancy Project Organisation

HEAnet Project Organisation

HEAnet Schools Team Ronan ByrneSenior Project Manager Tim MaherTechnical Project Manager Donal O’CearbhaillSystems Administrator Brian ScanlanSystems Administrator Liam KennedyNOC Engineer (2 nd Line) Rachael HoltNOC Engineer (2 nd Line)

Network Design Network Topology Access Network POP Layout Layout and Routing IP Scheme

Schools Network Topology

Access Network Principles Layer 2 service from Access Providers PPPoE over L2TP, VLANs & ATM VC’s RADIUS authentication Managed Router in schools (Cisco 871) Public (HEAnet) IP addresses IPv6 & Multicast (later services)

Access Provider Aggregation Overview

Sample ADSL Service

Sample Satellite Service

Schools’ PoP Layout

Layout and Routing Only links and loopbacks go into OSPF Everything else is redistributed straight into BGP Each PoP provides the other with transit over the National Backbone Extension Onward connectivity provided by BGP connection to HEAnet core

Very Large Post-Primary (>1000)/23 (510) Large Post-Primary ( )/24 (254) Medium Post-Primary ( )/25 (126) Small Post-Primary (<100)/26 (62) Large Primary ( )/24 (254) Medium Primary ( )/25 (126) Small Primary (50-99)/27 (30) Very Small Primary (<50)/27 (30) IP Addressing

Network Management Systems

HEAnet: Centralised Network Services  Monitor schools’ connectivity  Generation of intelligent alerts  Monitor services  Graph network usage  Capacity planning  Access Provider measurements vs. SLAs: –Latency (RTTs) –Packet loss –Network availability

SmokePing Nagios Cricket

Geographical Network Map

Provisioning Systems

Provisioning system - overview Required to generate school specific configurations for CPE router, monitoring, etc. Dynamically provision services Database backend with schools’ information Informational web front-end

Provisioning System – services provisioned CPE router config Nagios Radius Cricket Cisco ACS Smokeping Fortinet Maps DNS

Provisioning System Structure

Security Design

Schools Network Security Design

Centralised Content Filtering DES Requirement Fortinet solution Security node at each PoP 500Mbps capable “in-line checking” High Availability & ASIC technology Content filtering capability: –In-Line Anti-Virus blocking –White List –Black List –56 Categories –Database of 28 million rated URLs –24x7 Managed Service Intrusion Detection/Protection System (IDS/IPS) “Security Profiles” set by Dept of Education

Kilcarbery Centralised Security

Services

Schools Service DES Requirement Award to Sonas Innovation Web front end Opensource components LDAP foundation Anti-Spam & Anti-Virus blocking Calendar & Address list facility Autonomy at school level to administrate some services (e.g. new mailboxes) Scalable to accommodate all staff & pupils Dept of Education set policy

Scalability of Network Design /12 IP Address Space = over 1 million public IP addresses solution can accommodate 200,000 mailboxes, scalable up to 800,000 mailboxes Security solution scalable up to 4Gbps Cisco 871 new generation router

School Support Services

HEAnet Schools NOC Separate to main HEAnet NOC Different customer needs Separate processes 2 nd Line role Shared ticketing system with NCTE Separate contact channels

Support to NCTE 1 st Line Service Desk Acceptance Test Tools –Lot 1 (SmokePing) –Lot 2 (Bespoke Acceptance Script) Front-end Service Provisioning –Automated Network Monitoring on Lot 2 Acceptance –Enable Security Policy Documentation (Wiki) –Installation & Troubleshooting Guidelines –Technical Advice –School LAN Connection Guidelines –FAQs Training

Schools Support Escalation Channel

Project Update

HEAnet Schools Project Status HEAnet ‘Schools’ backbone network built HEAnet interconnectivity with all Access Providers HEAnet Schools NOC in place Network monitoring live Provisioning systems live Router configurations released to Eircom Security services live Schools connecting (LANs enabled) HEAnet delivering to project deadlines HEAnet delivering to project budget

Broadband Roll-Out Status  Lot 1 (Broadband):2,000 complete Target completion: end 2005  Lot 2 (Routers) :1,000 complete Target completion: end Q1 2006

Questions & Answers