Wednesday, July 13, 2011

Wood Campus Center: Room E/F
University of Alaska Fairbanks
Fairbanks, AK

Wireless

  • eduroam
  • Captive portal
  • Authentication without a client
  • Shibboleth authentication
  • CALEA
  • Accessibility issues with captive portals
    • screen readers don't work
  • Authenticate with CAS?
  • Authenticate with TLS/certificates
  • ChromeOS and WPA2

IPv6

  • Terado
  • 6to4 Relay
  • Join IPv6 WG to help with best practices documents
  • DHCPv6 vs SLAAC
  • DNS - if SLAAC
  • DHCP INFORM message
  • No RAs on server networks
  • 802.1X with IPv6
  • The Pv4 world is this big, the IPv6 world is THIS big, where do you want to go?
  • RA guard
  • Scrape the neighbor table

OpenFlow

  • Software defined networking
  • VLAN through the switch
  • OpenFlow switchs
  • OpenFlow APs
  • Juniper/HP/Pronto
  • Production?

Phones in ALL Wireless Areas

  • Phone per suite
  • Phone per floor
  • e911 for wireless VoIP
  • PSAP
  • RedSky
  • Cisco Emergency Responder
  • Requirements vary by state
  • Cellular vs WiFi
  • Risk management

100G Ethernet

  • Brocade MLX-16
  • Skip 40 and go to 100?
  • Expensive
  • MLX-16e: 16 slots of full duplex 100G
  • Oversubscribe, port density, power, cooling
  • Cisco ASR900 40G
  • Cisco CRS 40G
  • Quanta / Pronto 3980 - 40G 16 ports QSFP
  • Broadcom Trident Chips

10G Servers

  • Nexus 7K and 5K
  • Juniper EX4500
  • Arista
  • Force 10 - too new
  • Nexus 5010 / 5020
  • Fibre extenders back to core
  • 5500 series L3, 5000 L2 only, 7000 L3

Next Gen Core

  • Juniper MPLS
  • Nexus - fabric path
  • 6500s with SUP2Ts
  • MX960
  • Cisco e chassis 80G
  • Converged
  • Future must be 100G

Security

  • RSA Compromised
  • Firewalls
  • Departments maintain rule set; Central implements it
  • Nessus scans
  • Firewall rules
    • reviewed by network engineer?
    • prevetted rules?
    • security override?

Switch Upgrades

  • MACSec
  • 802.1X
  • v4 security features implemented for v6
  • Control plane protection

NetFlow Analysis

  • LANCope
  • inMon
  • Bro

Thursday, July 14, 2011

IPv6 IPAM

  • Infoblox
    • v5 and about understands IPv6
    • v6 supports DHCPv6
  • Bluecat Proteus
    • Some IPv6 support

Cell Carrier Hot Spots

  • AT&T
  • DAS

Remove Connectivity

  • Cable/DSL - tunnel back to campus
  • Psuedo wire connection

Guests

  • Get RFC1918 IPs
  • NAT
  • 1:1 NAT vs 1:many NAT
  • Logs: huge
  • SPLUNK
    • Correlate events
  • Route RFC1918 addresses internally
  • Split DNS?

SIP Trunks

  • PRIs
  • SIP
  • Acme Packets - session border controller
  • Cisco 3945
  • ASR1004
  • Cisco Callmanager
  • Nortel Avaya Communication Server 2100
  • No labels