|
|
|
|
|
|
|
|
|
|
|
|
Concurrent with recabling, each computer is usually delivered a dedicated 10-Mbps of bandwidth via a dedicated Ethernet packet-switch port. Such dedicated-port access offers substantial networking performance improvement over shared-media Ethernet access. By the end of FY1998, dedicated-port access had now been made available to almost all UCAR computers.
JEFNIC took approximately a year to complete from the beginning of the planning phase until the last cable was plugged in.
As a part of this retrofit project, approximately 80% of the computers at FL1-FL3 were connected to their own dedicated Ethernet packet-switch ports to provide LAN access.
Service to dedicated Ethernet packet-switch ports was provided as a part of this upgrade. Tower B users are gradually moving their computers from shared-media connections to dedicated-port connections.
Information about MRTG can be found at: http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/
NETS's MRTG statistics can be viewed at: http://netserver.ucar.edu/nets/stats/
NETS will also be installing Cisco NetFlow statistics systems to obtain extremely detailed information about IP traffic flows through UCAR's most critical routers. Two Sun Ultra 10 computers are in the process of being configured to support the NetFlow data gathering and analysis software.
Additional performance monitors have also been installed at the request of two national network measuring organizations. An OC3mon ATM OC3 vBNS monitor (also called a Coral monitor) has been installed at the request of SDSC's Measurement and Operations Analysis Team (MOAT). Information about MOAT and Coral are available at: http://moat.nlanr.net/ The MOAT OC3mon is in addition to the OC3mon that MCI/vBNS maintains at NCAR to gather vBNS statistics. NETS has also obtained its own OC3mon to use as a mobile ATM statistics tool.
UCAID's Internet2 in conjunction with Advanced Network and Services, Inc. installed one of their national Surveyor network monitors. Information about the Surveyor project is available at: http://www.advanced.org/surveyor/
First, and probably most important, very large numbers of user-computers were converted from shared-media Ethernet to dedicated-media Ethernet, where each computer has its own dedicated Ethernet packet-switch port. By the end of FY1998, almost all user-computers had the opportuntity to convert to dedicated-media connections.
NETS made big progress in installing 100BaseT and 100BaseF port cards in various Cisco Ethernet packet-switches, making Fast Ethernet more readily available. Divisional servers are now usually connected to Fast Ethernet, and many specialized desktops connect to Fast Ethernet as well.
Twenty-nine Cisco 5000 Ethernet packet-switches were upgraded to Cisco 5500 switches. The Cisco 5500s have three times the number of board slots and three times the backplane bandwidth as the Cisco 5000s. This upgrade was a massive undertaking due to the amount of mechanical work required and because the work had to be done with minimal impact on the users.
The routing engines in the Cisco 7507 routers were upgraded to RSP-4 router engines to provide the power necessary to handle the increased loads due to increased network traffic and the large routing filters required for the new security firewall.
An ATM LANE subnetwork was defined as an inter-router backbone, replacing the FDDI rings as the primary inter-router backbone. The FDDI rings can now be utilized as host-connect networks only.
A Cisco 7000 router was added to the backbone to help properly route outbound traffic to either the Commodity Internet or the vBNS network. Prior to this installation, traffic destined for the Commodity Internet frequently, and inappropriately, was sent to the vBNS. This Cisco 7000 router will shortly be upgraded with a Cisco 7507 router that contains a faster routing engine and an advanced ATM card.
Substantial re-engineering has taken place and is still in progress to better define the router boundary with the external world. Heretofore, internal and external routing functions were mixed together on a variety of routers. The goal of this re-engineering is to end up with a subset of gateway routers that perform only external routing functions, and a subset that perform only internal routing functions. This separation simplifies a variety of configuration issues, including security filters.
One ancient serial switch, the Gandalf PACX, was finally fully decommissioned in FY1998. The dozen remaining serial connections were moved to an existing Annex terminal server.
Prior to the advent of LANs, the Gandalf PACX served as many as 1000 serial connections at UCAR, providing switched connection of office-based serial terminals to the serial cards of multiple UNIX servers.
NETS has been involved with CSAC because almost all security plans use various types of network-connected devices located between the networks belonging to the external world and the institutional networks that are being protected from the external world. These network-attached devices can operate as filters and/or authentication devices operating at one or more OSI (Open Systems Interconnection) layers, usually at the Network Layer (Layer 3) and higher.
Based upon CSAC recommendations, NETS recently implemented significant new gateway router filters to greatly improve network security for UCAR. Extensive testing and extensive coordination throughout UCAR were required to implement the recommended security filters.
After installation of the filters, most computers at NCAR now have externally initiated access completely blocked, and they can only be contacted through a firewall computer that requires authentication of the users. Non-essential network functions for all UCAR computers have also been blocked.
Preparations and installation of these filters was highly opportune because hacker probes of UCAR computer defenses had been swelling in prior weeks, and some started causing some problems. Most of the problems ceased after the installation of the security filters.
Three major improvements were made to multicast networking support at UCAR.
The network feed for global multicast network access was changed from the Commodity Internet link to the vBNS, thus providing much more wide area bandwidth for multicast applications.
Internally, UCAR now utilizes a native, router-based multicast implementation. Heretofore, so-called tunneling was used, requiring a host-based computer on each UCAR network segment, where each such host would have to establish a unicast "uplink" tunnel in and out of the segment, with this host in turn acting as a repeater to perform the hardware multicast function on the segment. With native, router-based multicast, routers automatically handle the multicasting functions for all network segments, with no other special equipment being required on the segments. Multicasting therefore becomes simpler and cheaper to implement and better performance can be provided as well.
The Cisco 5500 Ethernet packet-switches have built-in hardware and software multicast support features. This hardware and software acts to multicast packets only to the ports that need them. Configuration work was done to activate and take advantage of these multicast support features.
All functions of MASnet have now been replaced except for Mass Storage System media Import/Export requests. It is expected that a replacement for this remaining function will be in full production by the end of January 1999. At that time, the remaining MASnet software and hardware can be decommissioned.
To access the rest of the NETS FY1998 Annual Scientific Report:
|
|
|
|
|
|