WRT Documentation
- Authoritative source of information: As-builts or documentation?
- IU - developed tools
- Asset tracking?
- A few are using Pinnacle for cable documentation
- Template verification? OpsWare (now part of HP)
- Stanford NetDB System
- Remedy for switch port configs
Firewall Removal Project
- Update:
- Researcher bought into it
- Iptables rather than firewalls
- today most attack vectors are permitted through existing firewall rules
Workflow for Network Operations and Maintenance
Datacenter Networks
- Top-of-Rack v End-of-Row switches
- Delivering 10GbE to servers
- (fiber vs.CX4 vs. SFP+ Direct Attach)
- VMware
- Networking issues
- Server admins venturing into networking
- Cabling above or below racks
- Aesthetics?
- Fibre Channel over Ethernet
- Cisco push
- use less power?
- cheap because one card?
- is iSCSI still an option?
- What about infiniband
- 36" may not be enough for air flow below racks
Edge
- Wired 802.1x ?
- How many VLANs per building
- Dynamic VLAN assignment
- SCADA
- UMN: Departments are given administrative control of ports assigned to department
- E911
- UMN: 50' radius
- Stanford: IP in building
- IU: Room
- DHCP Option 82 and LLDP-MED
- Loki ?
- 10/100/1000 autonegotiation
- Some switches do not check capability of wiring (ie. GigE on two pair Cat3
- Quarantine VLAN
- Some using several levels of quarantine
- Few running 802.1X on wired ports
- Few plan on doing client based health checks at network login
Core
- MPLS
- Workshop occured
- VRFs
- Core equipment
- Most running 6500
- SXH > SXF
- Nexus?
- Power
- Most have moved to 220AC
- Some DC
Wireless
- 802.11n
- Michigan: Meru
- 40 MHz channels
- UMN: Trapeze
- 2.4 and 5 GHz
- 40 MHz channels except in dense areas
- Muni wireless: may be ~9000 APs
- IU: HP
- Michigan: Meru
- NAT
- Address IPv4 exhaustion problem
- 802.1X
- idEngines
- handhelds: scale to 30,000 MAC addresses?
- PoE
- Powerdsine midspan
- Cisco 3750-E and 3650-E
Mobility
- femtocells in our future? Do we care?
- cell/wifi call handoff - ever actually gonna happen beyond T-Mobile?
- VPN (who's using what that they like)
Security
- TNC's IF-MAP
- Windows Server 2008 integration of FW and IPSEC policies
- NAC (in the general sense)
- RADIUS/Policy Appliances?
- Device isolation via category
- IDS/IDP
- Federated Identity
- wireless access for .edu guests
Voice
- VOIP/UC
- QoS required for VOIP?
- DAS?
Green Computing
- Stanford: Design phase for a self cooling datacenter in Palo Alto
- UMN: Cheaper power BUT cut usage during peak usage times
- HPC willing to turn off processors?
IPv6 Security
- Should there be a V6 Security track at next Joint Techs
Misc
- Telecom closet security?
- Federating Network access
- federated RADIUS
- Add Shib to RADIUS?
- Modems
- some still running a few lines
- VPNs
- L2TP over IPSec, OpenVPN, Cisco AnyConnect
Laptop count:
12 - MACs
5 - Dells
3 - Thinkpads
1 - Toshiba