Campus Networking

This area deals with the campus network itself with the routers and switches as its basic building block. Requirements both to layer 2 and layer 3 are covered. Recommendations for a redundant design are given. There is a particular emphasis on guidelines for implementing IPv6 on campus. Light paths on campus are also dealt with.

MPLS connectivity services to the campus edge Within the Funet network, Layer 2 and Layer 3 MPLS (Multi-Protocol Label Switching) connectivity services – generally known as "MPLS VPN" services – can be used to interconnect the campus networks of a member organisation, or to interconnect to another member organisation [RFC 4364]. These can be implemented for all access links connected to Funet IP core network, using the same router ports through which Internet access is provided
Campus network: IPv6 and firewalling This document is a collection of issues to be taken into consideration when planning and implementing filtering for IPv6 traffic, and practical instructions. Furthermore, the document describes some functions that work differently in IPv6 than in IPv4. You should also keep in mind that a firewall is not the only or even the best solution for all information security risks.
IXP implementation in the academic network of the University of Montenegro The document summarises necessary steps carried out for establishing the Internet eXchange Point,hereinafter referred to as IXP in Montenegro, from planning and design, through realisation, including fulfilment of requirements of the relevant bodies, configuring devices, and necessary software.
Physical Infrastructure for Digital Assessment This document contains recommendation for physical infrastructure in permanent and temporary halls used for holding digital exams.
Logging and monitoring for digital assessment This document contains recommendations for logging and monitoring in connection with digital assessment. It forms part of a series of documents recommending solutions for holding digital assessments.
Design and specification for data storage centre for Bulgarian schools This document presents the centralised datacencenter where we can concentrate and technologically refine three pillars of the Bulgarian electronic education.
An Intelligent Resilient Framework at a University campus Intelligent Resilient Framework (IRF) is a network virtualization technology developed by HP (originally by 3Com) and it is available on current models of HP Ethernet switches and routers based on comware software. The document describes a way of how to migrate a traditional STP-based campus network to an IRF virtual chassis using long-range fibre between four distant locations.
Architecture for Digital Assessment This document describes a shared ICT architecture for digital examinations, with an emphasis on the requirements of digital written exams with restrictions of the use of notes or unauthorised aides. The presentation provides a common description, across institutional boundaries in the HE sector, of the elements required in order to specify a digital exam solution for higher education. This offers a basis for avoiding silo thinking about IT solutions for digital exams, through shared understanding and clear descriptions.
IPv6 Deployments within RCTS This document provides a view about IPv6 deployment at RCTS, the Science Technology & Society Network which is the Portuguese National Research and Education Network (NREN). This document can be used for example, by organisations that have not started their IPv6 deployment.
Open Source Routers The document handles the use of open source routers in the campus networks. The benefits and disadvantages are discussed. Suitable network architectures are introduced with real-world examples.
Clients for Digital Assessment The focus of this BPD is on digital assessments that replace traditional paper-based, written in-class assessment. It covers assessment with and without aids. This BPD will focus on what is required of clients for digital assessment. Digital assessment workflows and infrastructure requirements are dealt with in separate BPDs. The document aims to support several different digital-assessment solutions, and hence does not discuss details of software, servers, virtualisation solutions, firewalls and surveillance solutions.
Setting up an Identity Repository This document suggests an approach for setting up the identity repository for a Research and Education (R&E) institution.
NAT44 Address Translation Until recently, the HE sector has had good access to IPv4 addresses. Today, however, the HE sector is also running out of addresses. We therefore make a recommendation on how Network Address Translation (NAT) can be used in a simple but effective way. We recommend using a Linux server for NAT44. It has been shown that a virtual server is easily capable of being the NAT44 gw for a /20 network (~4000 clients). One important security aspect is the continued traceability of online clients. Logging via Netflow/IPFIX is used for this purpose. We expect organisations to start using IPv6 as soon as possible, and therefore also include information on how NAT44 can be used in conjunction with IPv6.
Integration of Office 365 with existing faculty SSO How to integrate Office 365 with your local SSO (Single Sign-On)? This question and all steps that are necessary to integrate this solution are described in this document. The idea for this integration derives from the problem with multiple accounts. The document shows step-by-step the whole integration process – what you need to implement and to install in order to provide this service.
Access Control and Monitoring for Campus Computer Labs This document should be considered as a reference and guide to possible simple solutions that can be used for computer lab set up at universities for practical demonstrations, individual work by students on projects and conducting exams. The scenarios are based on many years of trials at computing departments within the Ss. Cyril and Methodius University, Skopje, Macedonia. The work is based on ideas from the current implementations at the Computer Labs of the Faculty of Computer Science and Engineering.
Requirements for the e-learning Platform for Bulgarian Education This document provides a complete overview of the key requirements for the e-learning platform.
Dynamic Routing Protocols for Campuses Numerous documents about dynamic routing protocols from several different sources can nowadays be easily found. This document tries to provide a campus-oriented perspective, based on the experience of several campus networks' managers. The content of this document is designed to be light enough to be used as a quick reference in terms of dynamic routing protocols' usage, by any (even unexperienced) network administrator. Sample configurations for Cisco IOS and Open Source software Quagga – which can run over simple servers – are the main focus of this work.
Guidelines for Deploying DNSSEC This document contains guidelines and best practices for deployment, administration and monitoring of DNSSEC. These guidelines and recommendations are based on publicly available documentation (such as RFC documents) and CSC/Funet’s own experiences and observations. However, it should be noted that not all of these recommendations are necessarily suitable for every environment. Each environment’s particular technical limitations must always be taken into consideration, as should practices relating to individual operating models.
Reference Data and Large-Scale Network Management Automation This document describes a process, based on a network information system, to bring as much automation as possible to the operation of a set of network equipment.
Virtual Switching The increase in the use of virtual machines in our campuses has forced the network to adapt. It must meet the same standards for access to the virtual machines as those required for access to physical servers: security, reliability, performance.
Deployment of Services on IPv6 There are already numerous best practice documents about the deployment of IPv6 on both client workstations and a network infrastructure, however, the deployment of IPv6 on servers and services has rarely been covered. This document is aimed at overcoming this deficiency. The scope of best practice discussed here includes network services (web, mail, DNS) and the servers on which these services run.
Recommendations for a Redundant Campus Network For a campus core network, a structure consisting of two equipment rooms with completely separate electrical and cooling systems is recommended. The fibre-optic structure should be redundant. The core network should consist of at least two core switches, configured with redundant BGP connection to the NREN. There should also be redundant connections to distribution and/or edge switches. In the distribution network, the use of Rapid Spanning Tree (IEEE 802.1w) is recommended. Servers should be connected redundantly to the network using two different switches.
Recommended Resilient Campus Network Design This document describes how to set up a fully resilient network within a campus. The recommendation for standards and proprietary technologies are discussed. Descriptions of resilient network parts, including the core network, distribution switches and resilient server connections are described in this document. A testbed setup, using HP equipment is also provided.
Requirements for EDGE Devices in a Campus Network This document presents a compilation of issues that should be taken into consideration when purchasing an EDGE device for a campus network and connecting it to the country or regional network. Pros and cons of topology alternatives are discussed.
Recommended Configuration of Switches in Campus Networks This document presents a recommendation regarding the configuration of switches in campus networks. Layer 2 and Layer 2+ functions are covered, but not Layer 3 (routing). The recommendation is generic. A number of configurations intended for supplier-specific implementations will support the recommendation. Note that this document does not deal with the design of campus networks, but focuses on the individual components and their configuration.
Configuration of HP ProCurve Devices in a Campus Environment This document describes the basic configuration of HP switches in a campus environment. Switches have a large number of configuration options, of which only a subset is used for an ordinary configuration. This document attempts to summarise the most common settings of the ProCurve switches, as they are used in campus networks. The individual configuration examples are arranged for cutting and pasting while configuring a real switch.
Evaluating the Progress Towards IPv6 Implementation This document establishes a means of evaluating the level of readiness for IPv6 traffic that is demonstrated by a campus network. The implementation of IPv6 can be evaluated by a number of approaches, none of which are fully objective. The chosen method is based on a classification of used services and the complexity of the subnets. Several levels of IPv6 readiness are defined. This method is used by CESNET as a means of ranking the various Czech campus networks. Other NRENs should also consider adopting the same methodology.
IPv6 Address Space The initial motivation to create the IPv6 protocol was the need to extend the IP address space. The hierarchisation of addresses has the potential to enable much more effective management of routing information at a global level, which has been disrupted by the concept of provider-independent address allocation. At the end-user network level, IPv6 offers completely new possibilities for creating addresses in end-user systems. The document describes network structure, the ways of creating IPv6 addresses in end-user networks, and the methods used to connect home, corporate and campus networks.
IPv6 Autoconfiguration IPv6 autoconfiguration represents perhaps the most difficult story in the whole IPv6 standardisation process. Ambiguities and delays in the inclusion of recursive DNS servers into mechanisms of stateless configuration have led to many alternative solutions. It is not clear what type of autoconfiguration will eventually dominate. This creates complications for hardware and software manufacturers, who do not know what standard to implement in their products. The document details the options for autoconfiguration in current operating systems and gives an overview of deployment of these options in IPv6 networks.
IPv6 Configuration on HP ProCurve Switches This document presents a detailed look at the implementation of IPv6 support in HP ProCurve switches. In November 2010, HP introduced IPv6 support for their ProCurve switches. IPv6 routing is carried out in hardware, and the OSPVv3 routing protocol is supported. The document also gives examples of IPv6 configuration, which is not a very complicated process.
IPv6 Migration Guide This document contains a high-level description of procedures that enable a controlled migration to IPv6 in an organisation currently using IPv4. The working order suggested in this document can be used, for example, as a framework for an IPv6 project plan, or otherwise as support in the planning of IPv6 migration. The starting point of this document was that the IPv4 protocol will be eventually phased out completely.
Support for the operation of IPv6 multicast and anycast Multicast support under the IPv6 protocol is, in many ways, similar to multicast under IPv4. However, the additional address length has enabled the integration of some improvements. This document examines IPv6 multicasting in detail.
Use of Lightpaths in Campus Networks One of the most common and popular applications for lightpaths is to connect remote offices to the main campus network. As the lightpath is a secure end-to-end connection, the remote office can be connected to be part of the main campus intranet. This document provides a description of lightpaths, and a checklist for lightpath implementation is also included.
Light Path Deployment, Guide for IT Support The purpose of this document is to support IT personnel who are implementing a light path connection in the Funet network. This document contains a step-by-step description on what should be taken into consideration in the deployment of a light path. A light path is a dedicated data transfer channel between two endpoints. Light paths are separately priced additional services provided by Funet.
Virtualisation of critical network services This document describes a way to virtualise network servers that are required for the operation of a large campus network. This includes DHCP, DNS, VPN, email, network monitoring, and radius. The document is focused on the requirements to be considered when choosing the appropriate hardware for the job, with emphasis on the price/performance ratio, while maintaining all the benefits of the Vmware vSphere virtualisation platform. Configuration of network devices, iSCSI storage, and VMware vSphere hypervisors is covered. Practical experience and pitfalls are discussed. The benefits of virtualisation are emphasized.
The Technical Infrastructure of Data Centres The purpose of a data centre is to provide operational, network, server, computing, and storage infrastructure for IT services, with sufficient, scalable capacity to operate these services using converged network technology, virtualisation of servers, and shared physical infrastructures. Data centre technology is currently developing at a rapid pace and many old rules no longer apply. The document describes various options that should be considered when designing and operating a data centre, in order to provide an optimal environment for upgrades and expansion of capacity.
IPv4 Multicast Setup in Campus Networks This document gives a recommendation for multicast setup at the campus level for higher education institutions in Norway. A general introduction to multicast is given. Both Any Source Multicast (ASM) and Source Specific Multicast (SSM) with typical deployment scenarios are covered. Layer 3 and Layer 2 challenges are discussed. Security issues are taken into consideration. Configuration examples for Cisco, Juniper and HP are provided. An overview of web-based and command line troubleshooting tools is included.
Recommendations for IPv6 Addressing Plan for the HE Sector Based on best practice in the higher education community in Norway, this document gives a very specific recommendation on how you should allocate your IPv6 address space in your campus environment. Emphasis is on simplicity and readability. The plan considers the recommended campus network security architecture. Prefix allocations within the same security zones crossing multiple campuses should facilitate summarised expressions in respective filtering rules. The document recommends static addresses for routers, switches and servers according to a proposed numbering scheme. Clients should rely on DHCPv6. An example of an IPv6 addressing plan is included.

MPLS connectivity services to the campus edge

Within the Funet network, Layer 2 and Layer 3 MPLS (Multi-Protocol Label Switching) connectivity services – generally known as "MPLS VPN" services – can be used to interconnect the campus networks of a member organisation, or to interconnect to another member organisation [RFC 4364]. These can be implemented for all access links connected to Funet IP core network, using the same router ports through which Internet access is provided

Campus network: IPv6 and firewalling

This document is a collection of issues to be taken into consideration when planning and implementing filtering for IPv6 traffic, and practical instructions. Furthermore, the document describes some functions that work differently in IPv6 than in IPv4. You should also keep in mind that a firewall is not the only or even the best solution for all information security risks.

IXP implementation in the academic network of the University of Montenegro

The document summarises necessary steps carried out for establishing the Internet eXchange Point,hereinafter referred to as IXP in Montenegro, from planning and design, through realisation, including fulfilment of requirements of the relevant bodies, configuring devices, and necessary software.

Physical Infrastructure for Digital Assessment

This document contains recommendation for physical infrastructure in permanent and temporary halls used for holding digital exams.

Logging and monitoring for digital assessment

This document contains recommendations for logging and monitoring in connection with digital assessment. It forms part of a series of documents recommending solutions for holding digital assessments.

Design and specification for data storage centre for Bulgarian schools

This document presents the centralised datacencenter where we can concentrate and technologically refine three pillars of the Bulgarian electronic education.

An Intelligent Resilient Framework at a University campus

Intelligent Resilient Framework (IRF) is a network virtualization technology developed by HP (originally by 3Com) and it is available on

current models of HP Ethernet switches and routers based on comware software.

The document describes a way of how to migrate a traditional STP-based campus network to an IRF virtual chassis using long-range fibre between four distant locations.

Architecture for Digital Assessment
This document describes a shared ICT architecture for digital examinations, with an emphasis on the requirements of digital written exams with restrictions of the use of notes or unauthorised aides. The presentation provides a common description, across institutional boundaries in the HE sector, of the elements required in order to specify a digital exam solution for higher education. This offers a basis for avoiding silo thinking about IT solutions for digital exams, through shared understanding and clear descriptions.

IPv6 Deployments within RCTS
This document provides a view about IPv6 deployment at RCTS, the Science Technology & Society Network which is the Portuguese National Research and Education Network (NREN). This document can be used for example, by organisations that have not started their IPv6 deployment.

Open Source Routers
The document handles the use of open source routers in the campus networks. The benefits and disadvantages are discussed. Suitable network architectures are introduced with real-world examples.

Clients for Digital Assessment

The focus of this BPD is on digital assessments that replace traditional paper-based, written in-class assessment. It covers assessment with and without aids. This BPD will focus on what is required of clients for digital assessment. Digital assessment workflows and infrastructure requirements are dealt with in separate BPDs. The document aims to support several different digital-assessment solutions, and hence does not discuss details of software, servers, virtualisation solutions, firewalls and surveillance solutions.

Setting up an Identity Repository

This document suggests an approach for setting up the identity repository for a Research and Education (R&E) institution.

NAT44 Address Translation

Until recently, the HE sector has had good access to IPv4 addresses. Today, however, the HE sector is also running out of addresses. We therefore make a recommendation on how Network Address Translation (NAT) can be used in a simple but effective way. We recommend using a Linux server for NAT44. It has been shown that a virtual server is easily capable of being the NAT44 gw for a /20 network (~4000 clients). One important security aspect is the continued traceability of online clients. Logging via Netflow/IPFIX is used for this purpose. We expect organisations to start using IPv6 as soon as possible, and therefore also include information on how NAT44 can be used in conjunction with IPv6.

Integration of Office 365 with existing faculty SSO

How to integrate Office 365 with your local SSO (Single Sign-On)? This question and all steps that are necessary to integrate this solution are described in this document. The idea for this integration derives from the problem with multiple accounts. The document shows step-by-step the whole integration process – what you need to implement and to install in order to provide this service.

Access Control and Monitoring for Campus Computer Labs

This document should be considered as a reference and guide to possible simple solutions that can be used for computer lab set up at universities for practical demonstrations, individual work by students on projects and conducting exams. The scenarios are based on many years of trials at computing departments within the Ss. Cyril and Methodius University, Skopje, Macedonia. The work is based on ideas from the current implementations at the Computer Labs of the Faculty of Computer Science and Engineering.

Requirements for the e-learning Platform for Bulgarian Education

This document provides a complete overview of the key requirements for the e-learning platform.

Dynamic Routing Protocols for Campuses

Numerous documents about dynamic routing protocols from several different sources can nowadays be easily found. This document tries to provide a campus-oriented perspective, based on the experience of several campus networks' managers. The content of this document is designed to be light enough to be used as a quick reference in terms of dynamic routing protocols' usage, by any (even unexperienced) network administrator. Sample configurations for Cisco IOS and Open Source software Quagga – which can run over simple servers – are the main focus of this work.

Guidelines for Deploying DNSSEC

This document contains guidelines and best practices for deployment, administration and monitoring of DNSSEC. These guidelines and recommendations are based on publicly available documentation (such as RFC documents) and CSC/Funet’s own experiences and observations. However, it should be noted that not all of these recommendations are necessarily suitable for every environment. Each environment’s particular technical limitations must always be taken into consideration, as should practices relating to individual operating models.

Reference Data and Large-Scale Network Management Automation

This document describes a process, based on a network information system, to bring as much automation as possible to the operation of a set of network equipment.

Virtual Switching

The increase in the use of virtual machines in our campuses has forced the network to adapt. It must meet the same standards for access to the virtual machines as those required for access to physical servers: security, reliability, performance.

Deployment of Services on IPv6

There are already numerous best practice documents about the deployment of IPv6 on both client workstations and a network infrastructure, however, the deployment of IPv6 on servers and services has rarely been covered. This document is aimed at overcoming this deficiency. The scope of best practice discussed here includes network services (web, mail, DNS) and the servers on which these services run.

Recommendations for a Redundant Campus Network

For a campus core network, a structure consisting of two equipment rooms with completely separate electrical and cooling systems is recommended. The fibre-optic structure should be redundant. The core network should consist of at least two core switches, configured with redundant BGP connection to the NREN. There should also be redundant connections to distribution and/or edge switches. In the distribution network, the use of Rapid Spanning Tree (IEEE 802.1w) is recommended. Servers should be connected redundantly to the network using two different switches.

This document describes how to set up a fully resilient network within a campus. The recommendation for standards and proprietary technologies are discussed. Descriptions of resilient network parts, including the core network, distribution switches and resilient server connections are described in this document. A testbed setup, using HP equipment is also provided.

Requirements for EDGE Devices in a Campus Network

This document presents a compilation of issues that should be taken into consideration when purchasing an EDGE device for a campus network and connecting it to the country or regional network. Pros and cons of topology alternatives are discussed.

This document presents a recommendation regarding the configuration of switches in campus networks. Layer 2 and Layer 2+ functions are covered, but not Layer 3 (routing). The recommendation is generic. A number of configurations intended for supplier-specific implementations will support the recommendation. Note that this document does not deal with the design of campus networks, but focuses on the individual components and their configuration.

Configuration of HP ProCurve Devices in a Campus Environment

This document describes the basic configuration of HP switches in a campus environment. Switches have a large number of configuration options, of which only a subset is used for an ordinary configuration. This document attempts to summarise the most common settings of the ProCurve switches, as they are used in campus networks. The individual configuration examples are arranged for cutting and pasting while configuring a real switch.

Evaluating the Progress Towards IPv6 Implementation

This document establishes a means of evaluating the level of readiness for IPv6 traffic that is demonstrated by a campus network. The implementation of IPv6 can be evaluated by a number of approaches, none of which are fully objective. The chosen method is based on a classification of used services and the complexity of the subnets. Several levels of IPv6 readiness are defined. This method is used by CESNET as a means of ranking the various Czech campus networks. Other NRENs should also consider adopting the same methodology.

IPv6 Address Space

The initial motivation to create the IPv6 protocol was the need to extend the IP address space. The hierarchisation of addresses has the potential to enable much more effective management of routing information at a global level, which has been disrupted by the concept of provider-independent address allocation. At the end-user network level, IPv6 offers completely new possibilities for creating addresses in end-user systems. The document describes network structure, the ways of creating IPv6 addresses in end-user networks, and the methods used to connect home, corporate and campus networks.

IPv6 Autoconfiguration

IPv6 autoconfiguration represents perhaps the most difficult story in the whole IPv6 standardisation process. Ambiguities and delays in the inclusion of recursive DNS servers into mechanisms of stateless configuration have led to many alternative solutions. It is not clear what type of autoconfiguration will eventually dominate. This creates complications for hardware and software manufacturers, who do not know what standard to implement in their products. The document details the options for autoconfiguration in current operating systems and gives an overview of deployment of these options in IPv6 networks.

IPv6 Configuration on HP ProCurve Switches

This document presents a detailed look at the implementation of IPv6 support in HP ProCurve switches. In November 2010, HP introduced IPv6 support for their ProCurve switches. IPv6 routing is carried out in hardware, and the OSPVv3 routing protocol is supported. The document also gives examples of IPv6 configuration, which is not a very complicated process.

IPv6 Migration Guide

This document contains a high-level description of procedures that enable a controlled migration to IPv6 in an organisation currently using IPv4. The working order suggested in this document can be used, for example, as a framework for an IPv6 project plan, or otherwise as support in the planning of IPv6 migration. The starting point of this document was that the IPv4 protocol will be eventually phased out completely.

Support for the operation of IPv6 multicast and anycast

Multicast support under the IPv6 protocol is, in many ways, similar to multicast under IPv4. However, the additional address length has enabled the integration of some improvements. This document examines IPv6 multicasting in detail.

Use of Lightpaths in Campus Networks

One of the most common and popular applications for lightpaths is to connect remote offices to the main campus network. As the lightpath is a secure end-to-end connection, the remote office can be connected to be part of the main campus intranet. This document provides a description of lightpaths, and a checklist for lightpath implementation is also included.

Light Path Deployment, Guide for IT Support

The purpose of this document is to support IT personnel who are implementing a light path connection in the Funet network. This document contains a step-by-step description on what should be taken into consideration in the deployment of a light path. A light path is a dedicated data transfer channel between two endpoints. Light paths are separately priced additional services provided by Funet.

Virtualisation of critical network services

This document describes a way to virtualise network servers that are required for the operation of a large campus network. This includes DHCP, DNS, VPN, email, network monitoring, and radius. The document is focused on the requirements to be considered when choosing the appropriate hardware for the job, with emphasis on the price/performance ratio, while maintaining all the benefits of the Vmware vSphere virtualisation platform. Configuration of network devices, iSCSI storage, and VMware vSphere hypervisors is covered. Practical experience and pitfalls are discussed. The benefits of virtualisation are emphasized.

The Technical Infrastructure of Data Centres

The purpose of a data centre is to provide operational, network, server, computing, and storage infrastructure for IT services, with sufficient, scalable capacity to operate these services using converged network technology, virtualisation of servers, and shared physical infrastructures. Data centre technology is currently developing at a rapid pace and many old rules no longer apply. The document describes various options that should be considered when designing and operating a data centre, in order to provide an optimal environment for upgrades and expansion of capacity.

IPv4 Multicast Setup in Campus Networks

This document gives a recommendation for multicast setup at the campus level for higher education institutions in Norway. A general introduction to multicast is given. Both Any Source Multicast (ASM) and Source Specific Multicast (SSM) with typical deployment scenarios are covered. Layer 3 and Layer 2 challenges are discussed. Security issues are taken into consideration. Configuration examples for Cisco, Juniper and HP are provided. An overview of web-based and command line troubleshooting tools is included.

Recommendations for IPv6 Addressing Plan for the HE Sector

Based on best practice in the higher education community in Norway, this document gives a very specific recommendation on how you should allocate your IPv6 address space in your campus environment. Emphasis is on simplicity and readability. The plan considers the recommended campus network security architecture. Prefix allocations within the same security zones crossing multiple campuses should facilitate summarised expressions in respective filtering rules. The document recommends static addresses for routers, switches and servers according to a proposed numbering scheme. Clients should rely on DHCPv6. An example of an IPv6 addressing plan is included.