Research and Education: Trends, Case Studies and Solutions. · Case Study – WAN Acceleration...
Transcript of Research and Education: Trends, Case Studies and Solutions. · Case Study – WAN Acceleration...
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Research and Education:
Trends, Case Studies and Solutions.
Mark [email protected]
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.netCopyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2
R&E Industry Trends• Campus LAN Refresh• MPLS on Campus• Access Control
Case Studies• APAC Schools Network – Access Control• APAC Schools Network – WAN Acceleration• APAC Campus Network – Resource Access
New Solutions• MPLS Campus Network
2
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Industry Trends – LAN RefreshCampus LAN is now typically well over 15 years oldOriginally built with pure connectivity in mind• Cheap closet switches for access• Vertical cabling leading to distribution switch per building• QoS capability outside core very poor• POE? Probably not on much of the campus• No 802.1x capability• 100M access, 1G distribution, sometimes 10G core.• Oversubscribed 80:1 and upwards!!!
• 20:1 up to 48:1 on access to distribution links• 4:1 and higher on distribution to core links
3
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Time For a New Campus LAN!Requirements• VOIP and other real-time media driving the need for QoS in the
access layer• PoE is becoming a mainstream requirement• Network Access Control is one of the hottest topics on Campus
today. 802.1x!• Podcasting of teaching materials, streaming media, etc. driving the
average peak-hour traffic per port higher• 100BaseT/1G/1G/1G 1000BaseT/10G/10G
The Result• Wholesale replacement of LAN switches is underway and will
continue for some time
4
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
The Campus LAN OpportunityHow Big is it?• A campus LAN refresh can be anything up to $5M, usually over
multiple years.Can it be won with Juniper?• Yes. We think so• Cisco has a bad name in some quarters for milking the opportunity
without providing great improvements• Combined with MPLS core upgrade, we can change the game
somewhat to mitigate Cisco encumbency• Good opportunity to replace aging Enterasys, Alcatel, Extreme,
3Com infrastructure
5
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
MPLS on Campus – Why?
6
Virtualization
Scaling
LAN/WAN Convergence
LAN Refresh
Energy and Space Efficiency
High A
vailability and Performance
Security and Com
pliance
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Access Control – Still DabblingNetwork Access Control has been a hot topic at all the R&E conferences the last couple of yearsThe functionality on offer has been what Campus network managers have been wanting for many years due to the open nature of university campusesOfferings from Juniper competitors have been too complex to deploy for most universities up to nowJuniper’s UAC offering gives the opportunity to start with L3 agentless deployment and move to L2 deployment later
7
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.netCopyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 8
R&E Industry Trends• Campus LAN Refresh• MPLS on Campus• Access Control
Case Studies• APAC Schools Network – Access Control• APAC Schools Network – WAN Acceleration• APAC Campus Network – Resource Access
New Solutions• MPLS Campus Network
8
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Case Study – Network Access ControlManaged service provided by local service provider10,000 schoolsLayer 3 agentless enforcement at Day 1To enforce endpoint integrity checking prior access to internet – running antivirus software & patch management applicationEnforcement is done at the gatewaysProposed 6 x ISG2000 + 6 x IC6000 30,000 – 50,000 concurrent users for a start100,000 user in 3 years timeWill upgrade to agent mode and L2 in the future
9
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Overall Network Architecture
10
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Deployment Scenario
11
Infranet Controller(IC6000)
Students
L2 V1-TrustL2 V1-UnTrust
Secured VLAN1 Communication IP to Infranet Controller for transparent Policy Provisioning upon security host check
ISG Management
Management Network IC
Management
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Case Study – WAN AccelerationSchool System in Asia PacificWas experiencing terrible WAN congestion from MySuite Application. (Provides access to educational content)Also problems with CIFS and Internet accessHow to get the required performance out of ADSL connections?
12
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Schools Network in Asia Pacific
13
Carrier 1
Carrier 2
62 Schools
332 SchoolsData Centre
14 AreaOffices HQ
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 14
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
SRC
Case Study - Resource Access System
Internet
3rd Party Billing System
Students and
Staff
Portal
Campus or
Corporate
LAN/WAN
Active Directory
E-Directory
LDAP
Future Content
Podcasts
Streaming Video
CCTV
Shared Services
Juniper Networks Footprint
Communicates with multiple directories
Control Centre
Router dynamically
controls user access to
resources as directed by the control Centre
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Service Gateway Operation
32
2
1
1. User Sends First Packet2. Service Gateway dynamically
creates interface, notifies GW manager, redirects packet to web portal
3. User Authenticates via Web Portal
Web PortalAuth Base(SRB)
Accounting Base
Gateway Manager(SRC)
Border Router
WideWorld
Internal Net
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Service Gateway Operation
5
5
4
6
4. Portal Notifies GW MGR of successful login and user class
5. GW MGR initiates accountngsession and applies correct policy to user’s interface
6. User can talk to Wide World, MGR and GW periodically exchange session statistics, MGR updates Accounting Base
Web PortalAuth Base(SRB)
Accounting Base
Gateway Manager(SRC)
Border Router
WideWorld
Internal Net
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.netCopyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 18
R&E Industry Trends• Campus LAN Refresh• MPLS on Campus• Access Control
Case Studies• APAC Schools Network – Access Control• APAC Schools Network – WAN Acceleration• APAC Campus Network – Resource Access
New Solutions• MPLS Campus Network
18
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Improved Campus Network ArchitectureRight now it is a 4-layer Architecture• Access switch/router• Distribution switch/router• Core Switch/router• WAN
Tier 1 campuses are finding that VLAN overload is taking its tollVOIP and other QoS – requiring apps require full config management of access switches• How do you manage moves, adds and changes across thousands
of access switches?Distribution switch has become a bottleneck
19
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Legacy LAN-WAN Architecture
20
WAN
Core
Distribution Layer
WiringCloset
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Juniper QOS-Enabled LAN-WAN Architecture
21
MPLSCore
WiringCloset
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.netCopyright © 2008 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 22