Donal Lynch Network Operations Computing & Network Services 15 June 2005. State of the Network 2005: An General Overview of the York Data Network. Agenda. Current Network Design GTAnet & ORION Networks Border Network Design, Internet Connectivity & Peering
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Computing & Network Services
15 June 2005State of the Network 2005:An General Overview of the York Data Network
Current Network Design
GTAnet & ORION Networks
Border Network Design, Internet Connectivity & Peering
Internet Traffic Shaping & Security
Internet/R & E Network Bandwidth
Network Infrastructure Upgrade Project
AirYork Expansion Plans
Planned Changes to YorkNet, ResNet and AirYork
The End of IPX and ATALK at York
The Central Server Room
ISTS, Onet, CA*net, Internet
CCS Machine Room FDDI
Onet, CA*net, Internet
& Modem Pools
1994: Approx. 4000 Network Drops at York
2000: Approx. 11,200 Network Drops at York
2005: Over 25,000 Network Drops at York
Current Production Hardware:
8 Bluesocket Wireless Access Gateways
154 Cisco Wireless Access Points
3 Cisco 3000 Series VPN Concentrators
5 Cisco (Modem Pool) Access Servers (Various Types)
18 Cisco 2500 Series Routers
284+ Cisco Layer 2 Switches (Various Types), Non Blocking.
3 Cisco 5500 Series Multilayer Switches
6 Cisco 6500 Series Multilayer Switches, 256-720 Gbps Backplane
8 Cisco Firewalls (Various Types)
Other Assorted Devices (ex: server console ports ASMs, etc,)
6 DNS Servers, 5 DHCP Servers, NTP Servers
York's network uses a hierarchical, three layer design – core, distribution and access.
This design provides for a fast, reliable and stable network. It allows for easy expansion and fault isolation.
Currently York's network is physically hierarchical, but not logically hierarchical (ex: currently certain VLANs appear on more than one switch). A network core design that is both logically and physically hierarchical is often referred to as a “Layer 3 Core”.
A “Layer 3 core” design will be required if it becomes necessary deploy redundant links and/or redundant hardware or to introduce services that may require high availability, such as VoIP.
We are slowly moving towards a “Layer 3 core”.
Member Owned and Operated. York CIO, Bob Gagne is the Chair of GTAnet
York VP Stan Shapson is Chair of the Board of Directors for ORION
Traffic between York and Cogent (Commodity Internet) goes through the Traffic Shaper. Traffic between York and Cogent travels through the GTAnet and ORION network using private Layer 2 VLANs.
All other traffic does not go through the Traffic Shaper.
Research & Educational Networks (ORION, CA*Net, Internet2, etc)
Peers via torix.net
(ex: Rogers, Cogeco, Google, ACI, Q9, etc.). NOT BELL.
PoP at York
PoP at York
Intrusion Prevention System
Cogent PoP at 151 Front
TORIX at 151 Front
PoP at UofT
ORION PoP at 151 Front
traceroute to 18.104.22.168 (22.214.171.124), 30 hops max, 38 byte packets
1 ccsnoc168.gw.yorku.ca (126.96.36.199) 0.481 ms 0.261 ms 0.211 ms
2 gladiator.gw.yorku.ca (188.8.131.52) 0.275 ms 0.261 ms 0.231 ms
3 184.108.40.206 (220.127.116.11) 0.719 ms 0.326 ms 0.297 ms
4 ORION-GTANET-RNE.DIST2-TORO.IP.orion.on.ca (18.104.22.168) 0.483 ms 0.381 ms 0.393 ms
5 BRDR2-TORO-GE2-2.IP.orion.on.ca (22.214.171.124) 0.853 ms 0.901 ms 0.855 ms
6 gw-rogers.torontointernetxchange.net (126.96.36.199) 1.078 ms 1.049 ms 1.068 ms
7 gw02.wlfdle.phub.net.cable.rogers.com (188.8.131.52) 1.258 ms 1.315 ms 1.129 ms
8 gw01.ym.phub.net.cable.rogers.com (184.108.40.206) 1.897 ms 1.949 ms 2.074 ms
9 gw04.ym.phub.net.cable.rogers.com (220.127.116.11) 1.781 ms 1.872 ms 1.786 ms
10 tlgw45.ym.phub.net.cable.rogers.com (18.104.22.168) 2.953 ms 2.187 ms 2.533 ms
PING 22.214.171.124 (126.96.36.199): 56 data bytes
64 bytes from 188.8.131.52: icmp_seq=0 ttl=117 time=55.2 ms
64 bytes from 184.108.40.206: icmp_seq=1 ttl=117 time=51.2 ms
64 bytes from 220.127.116.11: icmp_seq=2 ttl=117 time=35.5 ms
64 bytes from 18.104.22.168: icmp_seq=3 ttl=117 time=118.3 ms
64 bytes from 22.214.171.124: icmp_seq=4 ttl=117 time=55.2 ms
64 bytes from 126.96.36.199: icmp_seq=5 ttl=117 time=50.9 ms
64 bytes from 188.8.131.52: icmp_seq=6 ttl=117 time=50.9 ms
traceroute to buntzen.sfu.ca (184.108.40.206), 30 hops max, 38 byte packets
1 ccsnoc168.gw.yorku.ca (220.127.116.11) 0.351 ms 0.213 ms 0.206 ms
2 gladiator.gw.yorku.ca (18.104.22.168) 0.279 ms 0.222 ms 0.214 ms
3 22.214.171.124 (126.96.36.199) 0.566 ms 0.286 ms 0.320 ms
4 ORION-GTANET-RNE.DIST2-TORO.IP.orion.on.ca (188.8.131.52) 0.457 ms 0.372 ms 0.367 ms
5 BRDR2-TORO-GE2-2.IP.orion.on.ca (184.108.40.206) 0.870 ms 0.850 ms 0.891 ms
6 c4-tor01.canet4.net (220.127.116.11) 1.207 ms 2.052 ms 4.850 ms
7 c4-cal01.canet4.net (18.104.22.168) 45.632 ms 45.916 ms 45.648 ms
8 c4-bcnet.canet4.net (22.214.171.124) 58.904 ms 58.854 ms 58.756 ms
9 R1-SFU-ORAN.BC.net (126.96.36.199) 59.142 ms 59.068 ms 58.945 ms
10 188.8.131.52 (184.108.40.206) 59.622 ms 129.551 ms 59.190 ms
11 buntzen.sfu.ca (220.127.116.11) 60.055 ms 59.343 ms 59.575 ms
traceroute to pepsi.com (18.104.22.168), 30 hops max, 38 byte packets
1 ccsnoc168.gw.yorku.ca (22.214.171.124) 0.275 ms 0.197 ms 0.204 ms
2 gladiator.gw.yorku.ca (126.96.36.199) 0.272 ms 0.218 ms 0.214 ms
3 f0-11.na01.b011027-0.yyz01.atlas.cogentco.com (188.8.131.52) 1.435 ms 1.279 ms 1.765 ms
4 g1-2.core01.yyz01.atlas.cogentco.com (184.108.40.206) 2.079 ms 3.405 ms 3.241 ms
5 p13-0.core02.ord01.atlas.cogentco.com (220.127.116.11) 16.000 ms 15.314 ms 16.541 ms
6 p12-0.core01.mci01.atlas.cogentco.com (18.104.22.168) 27.411 ms 26.474 ms 26.621 ms
7 p5-0.core02.dfw01.atlas.cogentco.com (22.214.171.124) 36.003 ms 36.114 ms 36.308 ms
8 p2-0.core01.dfw03.atlas.cogentco.com (126.96.36.199) 36.524 ms 36.398 ms 36.474 ms
9 core101.cogent-213.ext1a.dal.pnap.net (188.8.131.52) 37.379 ms 36.839 ms 36.938 ms
10 border1.ge3-1-bbnet1.ext1a.dal.pnap.net (184.108.40.206) 37.003 ms 36.852 ms 36.971 ms
11 tribalddb-4.border1.ext1a.dal.pnap.net (220.127.116.11) 37.505 ms 35.924 ms 36.277 ms
Nothing is blocked at the traffic shaper.
Traffic is blocked at the IPS.
Peer-to-Peer filesharing applications are given a low priority and a cap is placed on the total amount of commodity internet bandwidth that P2P can consume (currently 25 Mbps inbound & 10 Mbps outbound).
Traffic that is sensative to latency and jitter (ex: streaming media, telnet, ssh), are given high priorities. There are no caps or rate limits on this traffic
Everything else is given a mid level priority. There are no caps or rate limits on this traffic with a few exceptions:
http traffic to/from debian.yorku.ca is capped
skype is rate limited on a per IP basis at 56 Kbps
Network Utilization Statistics available at:
Cogent Interface – Commodity Internet: Daily Average
GTAnet Interface – R & E Networks and Internet Peers: Daily Average
In Progress Or Planned For 2005/2006 Fiscal Year:
Bookstore & York Lanes
Ross (partial, as per renovations)
The schedule on the website is not current. Glendon has been postponed until next year. Osgoode has been postponed until renovation plans are finalized.
As part of the upgrade network ports will be upgraded from 10-Base-T to 100-Base-TX.
Network cables will be upgrade to Category 6. Fibre cables will be upgraded from Multi-mode to
Building switch uplinks will be upgraded from 100-Base-FX to
The number of switches in each building will likely increase resulting in even more uplink ports.
Wall-to-wall wireless coverage in the following buildings by September:
Curtis Lecture Hall
Scott Library (with exceptions – between stacks, in the basement, etc.)
Stedman Lecture Hall
Depending on the Infrastructure Upgrade Project, building renovations, and construction, the following buildings should have wall-to-wall building coverage sometime during Fiscal 2005/2006:
We will also be deploying wireless service to the 9th floor of the Ross Building.
YorkNet to be split into three services, called YorkNet, ResNet and the new Kiosk Service
See announcement on CNS Website For More Info On the Changes.
Although “Home Routers” will be allowed on the ResNet network, hubs, switches and routers are still prohibited elsewhere on the campus network as per the Official University Network Security and Management Guidelines and Procedures. “All points of access to the University Network (including network drops and wireless access points) require authorization by the Central Computing Support Group.”
The Kiosk service will be specifically for publically accessible kiosks. This service will operate in essentially the same manner as the current YorkNet/ResNet service except kiosk admins. will be required to manually register the MAC addresses. The main users of this service will be CNS & the Library.
The new YorkNet service will now service only those red network jacks that are not part of the ResNet or the Kiosk services.
The new YorkNet will operate almost identically to the AirYork service.
With the new service, mobile computing users will have the same experience whether connecting to the wireless or wired network.
As noted in the CNS Computing Plan for 2005/2006, laptops have become a significant vector for the introduction of compromised machines onto the York network.
At the request of InfoSec we will be restricting the kinds of traffic that can pass between the AirYork and YorkNet services and the rest of the York Data Network. The restrictions will likely be similar to the restrictions at the Border Router. For example, the most common vectors for attack, Windows Networking/File Sharing, will be blocked as it is at the border.
We've been trying for 7 years and we aren't giving up. The end of IPX and ATALK on campus is coming.
Supporting IPX and ATALK is expensive, difficult to support and troubleshoot. All major vendors, including Novell and Apple are moving away from IPX and ATALK to IP.
Go to http://netops.yorku.ca
Select “Network Presentations & Papers”