As of January 2004, UCSD’s data network has approximately 50,000 connections. The majority of the switches on the network are from Cisco, and most were installed within the past four years. The network’s backbone links are Gigabit ethernet, as are most of the connections to the edge switches. Some smaller buildings are connected at 100 mbps, and we are still phasing out the last ATM links to edge switches which were installed before ethernet replaced ATM as our standard. Our backbone is made up of four Cisco Catalyst 6509 gigabit ethernet switches with routing engines, and a smaller number of Catalyst 5500 switches. We monitor the network with tools from Cisco, and are pro-active in upgrading bandwidth where necessary. All of our backbone links provide enough bandwidth for present requirements, although we expect new demands ahead which will require 10 Gbps circuits in certain sections of our network.

The backbone network supports a total of approximately 870 edge switches. Most of these are in campus buildings, but there are 26 remote sites which access the network through leased T1 and DSL links. We now use dark fiber links, obtained through CENIC, to connect some of the newer and larger off-campus sites back to the campus, and we use gigabit ethernet on those links.

Our connections to CENIC (for internet connectivity and high speed wide area networking) are controlled by a Juniper T320 router that is installed at the San Diego Supercomputer Center, and a Juniper M20 also at SDSC provides fault tolerance for these links.

The network that ACT and ACS run for the campus is part of the Next Generation Network (NGN) and is designed to carry all campus traffic with the exception of specialized, extremely high-speed experimental networking. Those research applications are usually run on parallel networks, controlled by the departments, such as Cal(IT)2. We provide fiber, node room space and other support as part of our mission to help UCSD attain its academic and research goals. When appropriate we partner with the research departments and share equipment which benefits both networks. An example of this is the Juniper T320 router, which was purchased jointly by the Next Generation Network, Jacobs School of Engineering and SDSC.

Redundancy and reliability are critical. We are taking steps to get the best environmental conditions possible in our node rooms, with Inergen fire suppression systems, UPSs and backup generators. Some backbone equipment failures can be mitigated by reconfiguring the affected area quickly, and we use Cisco’s HSRP for this in mission critical areas of our network. In campus buildings we sometimes have to install edge equipment in closets which are dirty, too small and/ or too hot. In the worst cases we have to install our equipment in utility cores. The salt air at SIO also causes problems. The equipment in bad closets fails more often than equipment in better locations, but in general the Cisco equipment is proving to be adequately reliable. Cisco’s power supplies fail more often than any other component, and we install dual power supplies in chassis wherever possible.

Campus growth is a recurring issue in this strategic planning document, and we estimate that we will have to support another 15,000 connections in the coming years. This is partly a result of the new buildings under construction, but also due to the facts that network density is increasing on campus, the wireless network is expanding, we will be transitioning some voice services to the IP network, and people are relying more on the network as a critical business tool.

There is a new and rapidly increasing demand for gigabit ethernet to the desktop in all campus departments and not just those who are using it for research. Gigabit ethernet is useful for servers, especially those used for backups, but these backups can only be done at the highest speeds if the desktop machines are also connected to gigabit ethernet ports. The price of gigabit ethernet interface cards has dropped and fortunately so has the price of 10/100/1000 switches. In early 2004 we started installing 10/100/1000 ports in NGN upgrade projects, and all new buildings.

Security is a major concern for UCSD’s network. We must ensure that we have the right tools, policies and resources to continue to protect our network. Firewalls are run on machines in departments and other locations at the center of the network. With new technology we can install security blades in our backbone switches and routers, allowing us to control access to resources at the network levels as well as the application levels. We are installing two of these security blades, and we will continue to install them, as needed, to provide the best level of protection possible.

10 Gbps networking standards are being developed. At present this is still mostly used in specialized high speed research networks, but we anticipate that we will need to upgrade many of our backbone links to this speed in the next few years. One of the factors driving this shift toward extremely high speeds is a paradigm shift within networking. Until recently we designed networks with a certain traffic throughput capacity. Now we're moving toward distributed processing and a requirement for a network to provide the best possible burst mode speeds. UCSD is at the forefront of this new emphasis, and we need to gear up our networks in a way that a few years ago would have been described as ‘over-engineering’.

What is the best policy to protect data for remote users? We presently have a VPN used by about 60 people on a regular basis for remote connectivity. This was set up to provide more secure connections, but there is still the possibility that VPN will be attacked. ACS’s security experts are reviewing other data protection techniques which may be just as secure.

Should we make it easier to integrate non-Cisco equipment into our network? This will give us a choice of vendors, and will also allow us to support some campus research activities which either use or would like to use products from companies such as Extreme and Juniper. At present our network relies on Cisco’s network management protocols, and also Cisco’s proprietary EIGRP routing protocol. We could replace this with the open OSPF protocol, but first need to ensure that we identify all of the issues and potential problems with this transition.

We will soon need to start deploying IPV6. Among other benefits IPV6 allows for more addressing space, and this is necessary for some research projects which want to assign extremely large numbers of IP addresses. IPV6 will require hardware upgrades to our core routers, and it may be better to deploy it gradually to different parts of the network rather than all at once. Node B, which serves the Engineering buildings, may be the first place that we deploy IPV6. We will also extend IPV6 connectivity to the CENIC network later this year, and we can extend the protocol from CENIC to various campus buildings through logical pipes. We anticipate some problems during the integration period, especially if users try to enable IPV6 on their machines when they are in part of the campus still using IPV4.

Our Internet connections and other external pipes, which we get through CENIC, have the potential to grow dramatically and the cost of internet bandwidth has come down to a very low level. Researchers could set up high-speed links through CENIC, and we need to be able to extend these high-speed pipes through the campus network to the research departments. The equipment to fund these 10Gbps and higher links is expensive, and although the NGN may be able to contribute some funds to these links, the research community will need to provide the major portion.

We are considering peering UCSD’s network with the public high speed networks such as Time Warner RoadRunner and Cox@Home. This is not always easy to set up, or particularly cost effective. CENIC is now working to peer its networks with public carriers on a much wider basis, and it looks as if the campus will be able to connect to these public carriers at high speeds through CENIC. We will therefore concentrate less on setting up these connections ourselves.

We will be using the network for VOIP traffic, testing applications from both Cisco and Ericsson. Quality of Service (QoS) needs to be addressed in the context of VOIP, and while this could be provided easily for Cisco’s solution, the situation may be more challenging for the Ericsson VOIP. Our core network has enough bandwidth available, and voice traffic is not very traffic intensive, so QoS may not be that important, unless the number of IP phones grows dramatically or the network is under an attack which clogs up transmissions. Another impact of the QoS protocol will be that users may want to use it to select a premium level of service for themselves. This can be controlled on the campus, but may be a more complicated issue if off-campus applications require specific QoS levels.

Campus expectations of network support are growing, and we need to consider increasing helpdesk, technical support and repair hours, possibly to 7/24. At present we do not have a specific Service Level Agreement for the NGN. On the installation side we concentrate on doing whatever our users ask us to, irrespective of if it’s at night or weekends. We try to offer the best service possible, and this "all carrot and no stick" approach seems to work well at UCSD. We can only increase our support hours if we have the funding, and this will need to be considered when we cast the next five-year cycle of the NGN. In the meantime we should prepare an internal document which more clearly sets out what support we should offer in certain situations, so we can respond consistently to customer's requests.

We will start using more power over ethernet, especially for VOIP and wireless access pints. We can buy switches which provide power over ethernet, but for most installations it may be more cost effective to continue to use external power injectors.

Mobile IP is a new technology that assigns users the same IP address wherever they are. Hopefully as it becomes more prevalent and built into laptops, it will be easier to provide services to mobile users.

There are currently several separate databases of network customers, including TMS and ones administered by ACS. ACS is trying to unify their various databases, and perhaps we should also integrate some of the TMS information. The goal is to be able to tie every IP address to a specific customer. This would be a great benefit, but a major project, and complicated because customers often swap ethernet cards and computers without notifying anyone.

• Expand the HSRP function in our network, so we can reconfigure our network quickly if part of the backbone fails

• Reduce the life cycle of edge equipment when we prepare the proposal for the next five-year cycle of the NGN

  We find that the NGN’s six-year replacement cycle for edge equipment is too long, and that within six years we sometimes need to upgrade switches with new processor or other cards so we can continue to support them.

• Adopt 10/100/1000 ports as our standard for new buildings, and for buildings that are upgraded as part of the NGN program, effective immediately

• Strive to improve staffing levels in ACT’s data networking group so we can handle the network growth, allow for more training and cross-training, and have time for more research and development activities

• Install security at the network levels of our network to complement the application level security, upgrade backbone switches, and install Cisco’s security blades where necessary to ensure protection

• Start deploying IPV6 in parts of our network, and eventually make the protocol available throughout the network

• Work with the research community to get funding for 10Gbps interfaces, and start installing 10Gbps circuits to CENIC and our backbone network; extend high-speed pipes throughout the campus when these are required by research groups

• Take part in the trials of Voice Over IP service, and examine the implications of using QoS for this application

• Develop H.323 audio and video services in our network with the goal of transitioning some or all of these video services from the Broadband network to our IP network

• Consider moving some backup servers to different locations, and possibly have further redundancy in an off-site building

  Today, critical network servers such as DNS and DHCP are backed up on multiple machines, but sometimes the backup servers are in the same physical location as the primary servers.

• Pursue getting a dark fiber connection between the campus and Hillcrest through CENIC

  At present the main data connection between campus and the Medical Center at Hillcrest is a DS3, operated by MCI using a fiber link that was installed in the late 1980s. MCI wants to decommission this link, so we need to identify the best alternative. Using CENIC will be more cost effective in the long run than leasing a service such as Pacific Bell’s Gigaman. The installation costs of the dark fiber will be expensive, and we will try to integrate the project with other proposals to get dark fiber for research projects to SPAWAR and Marine Point Loma.

We will soon start work on the proposal for the next five-year phase of the NGN. We need to consider several data-related factors into account, such as the faster than expected growth of the data network, the need for longer support hours, the benefits of a shorter edge equipment cycle, and the installation and operation of the wireless network. Also, we need to recognize that the campus’s networks are growing faster than the number of Communication Users, and a portion of our funding comes directly from state funds, which have been cut.

We need to make sure that we have the right tools for administering and managing our network, as well as the right number of staff, and we should evaluate the financial impact of this.

If we begin providing support for multiple vendor switches there will be extra costs in training, spares, management and maintenance equipment.

Many of our remote sites are served by DSL or T1 lines. New products and pricing structures will be available for serving these locations over the coming years, and we will track these new products and install them where appropriate. Our goal is to provide good connections to all off-site locations without cross-subsidizing them by spending more money than the number of Communication Users at the sites justifies.