WRT Documentation

  • Authoritative source of information: As-builts or documentation?
  • IU - developed tools
  • Asset tracking?
  • A few are using Pinnacle for cable documentation
  • Template verification? OpsWare (now part of HP)
  • Stanford NetDB System
  • Remedy for switch port configs

Firewall Removal Project

  • Update:
    • Researcher bought into it
    • Iptables rather than firewalls
    • today most attack vectors are permitted through existing firewall rules

Workflow for Network Operations and Maintenance

Datacenter Networks

  • Top-of-Rack v End-of-Row switches
  • Delivering 10GbE to servers
  • (fiber vs.CX4 vs. SFP+ Direct Attach)
  • VMware
    • Networking issues
    • Server admins venturing into networking
  • Cabling above or below racks
  • Aesthetics?
  • Fibre Channel over Ethernet
    • Cisco push
    • use less power?
    • cheap because one card?
    • is iSCSI still an option?
    • What about infiniband
  • 36" may not be enough for air flow below racks

Edge

  • Wired 802.1x ?
  • How many VLANs per building
  • Dynamic VLAN assignment
  • SCADA
  • UMN: Departments are given administrative control of ports assigned to department
  • E911
    • UMN: 50' radius
    • Stanford: IP in building
    • IU: Room
    • DHCP Option 82 and LLDP-MED
    • Loki ?
  • 10/100/1000 autonegotiation
    • Some switches do not check capability of wiring (ie. GigE on two pair Cat3
  • Quarantine VLAN
    • Some using several levels of quarantine
  • Few running 802.1X on wired ports
  • Few plan on doing client based health checks at network login

Core

  • MPLS
    • Workshop occured
  • VRFs
  • Core equipment
    • Most running 6500
    • SXH > SXF
    • Nexus?
  • Power
    • Most have moved to 220AC
    • Some DC

Wireless

  • 802.11n
    • Michigan: Meru
      • 40 MHz channels
    • UMN: Trapeze
      • 2.4 and 5 GHz
      • 40 MHz channels except in dense areas
      • Muni wireless: may be ~9000 APs
    • IU: HP
  • NAT
    • Address IPv4 exhaustion problem
  • 802.1X
    • idEngines
  • handhelds: scale to 30,000 MAC addresses?
  • PoE
    • Powerdsine midspan
    • Cisco 3750-E and 3650-E

Mobility

  • femtocells in our future? Do we care?
  • cell/wifi call handoff - ever actually gonna happen beyond T-Mobile?
  • VPN (who's using what that they like)

Security

  • TNC's IF-MAP
  • Windows Server 2008 integration of FW and IPSEC policies
  • NAC (in the general sense)
  • RADIUS/Policy Appliances?
  • Device isolation via category
  • IDS/IDP
  • Federated Identity
  • wireless access for .edu guests

Voice

  • VOIP/UC
  • QoS required for VOIP?
  • DAS?

Green Computing

  • Stanford: Design phase for a self cooling datacenter in Palo Alto
  • UMN: Cheaper power BUT cut usage during peak usage times
    • HPC willing to turn off processors?

IPv6 Security

  • Should there be a V6 Security track at next Joint Techs

Misc

  • Telecom closet security?
  • Federating Network access
    • federated RADIUS
    • Add Shib to RADIUS?
  • Modems
    • some still running a few lines
  • VPNs
    • L2TP over IPSec, OpenVPN, Cisco AnyConnect

Laptop count:
12 - MACs
5 - Dells
3 - Thinkpads
1 - Toshiba

  • No labels