Related News

Network and Infrastructure

Planned Network Upgrade

by C Y Kwok
 

The CSC (the Computing Services Centre) will conduct the 3rd major upgrade to the campus network within the coming 3 years.  A tendering exercise has been started for a total network upgrade solution which included a comprehensive network upgrade plan, plus the supply, installation, testing and commissioning of all the networking hardware and software required for the upgrade.

The existing campus network of the CityU (CTNET) is built using all Cisco Catalyst switches based on the standard three-layer architecture (core, distribution and access).  It is a converged network which uses IP to transport data, video and voice concurrently. The core layer consists of a layer-3 core as well as a layer-2 core.  The layer-3 core consists of 2 Catalyst 6513 switches linking to 12 Catalyst 6509 switches (divided into 6 distribution groups) at the distribution layer as well as 2 Catalyst 6509 switches for the server farm. The layer-2 core consists of a single Catalyst 6006 switch which connects to only one of the Catalyst 6509 switches in each distribution group. The main purpose of the layer-2 core is to interconnect VLANs spanning across multiple distribution groups. At the access layer, 41 Catalyst 6000 switches are deployed for the large wiring closets, while another 40+ Catalyst 3524/3548/2950 workgroup switches are deployed for the small wiring closets. Gigabit Ethernet uplinks are used between the core and distribution layers, and also between distribution and access layers.

The last network upgrade was carried out between 2001 and 2003.  Over 90% of the network equipment acquired during the last network upgrade has already passed their end-of-sale life-cycle and will soon reach their end-of-support state.  As such, it is considered necessary to start another network upgrade cycle, not only to replace the obsolete network devices, but also to enrich the network with advanced features such as 10G Ethernet, Native IPv6, Enhanced QoS and Security Control, Network Virtualization, Network Access Control, etc. The upgrade will be able to cater for gigabit to the desktop for all the network users anywhere in campus as long as there is a demand so that we don’t have to worry about running out of bandwidth in the next 3 to 5 years.

The planned network upgrade consists of the following 2 phases:

  1. Phase I will commence as soon as it is feasible and will last for 6-9 months.  The CityU’s initial plan for the Phase I network upgrade is to replace/upgrade the switches at the core and distribution layers and to implement all selected new features in these two layers.

  2. Phase II will commence following the completion of Phase I and will last for 12 – 18 months. The Phase II network upgrade is to replace/upgrade switches at the access layer and to implement all selected new features in this layer.

As the campus network upgrade is expected to take 2 to 3 years to complete, therefore it is important that any new equipment introduced must work seamlessly with the existing ones throughout the upgrade exercise.  

Because hierarchical campus network design is still the rule, the CSC will stick to the current 3-layer model for its campus network architecture unless there are other better alternatives.

Core layer with Layer 2/3/4 switches at the network core

Distribution layer with Layer 2/3/4 switches in the data centers and wiring closets

Access layer with Layer 2/3 switches in the wiring closets for provisioning desktop connectivity

The layer-3 core and the distribution switches together will continue to provide a pure layer-3 switched backbone using OSPF for routing and load-balancing.  MPLS will be supported after the upgrade in order to support network virtualization in the future should such need arise.  Native IPv6 will be configured with OSPF routing enabled on all the core and distribution switches so that the global IPv6 community will be reachable to the whole network via the university’s Internet2 link.

The layer-2 core and the distribution switches will continue to link up those VLANs spanning across distribution groups. Redundancy will be introduced for the layer-2 core after the upgrade, because complexity of bridge spanning trees can be greatly reduced by making use of advanced features such as Cross-stack Ether-channel, Flex-link, etc. However, the layer-2 core will be eliminated eventually in the long run.

A new distribution group will be created using 2 Catalyst 3750 switches.  The 3 Internet routers (2 Cisco 7603 routers and 1 Cisco 7513 router) as well as the security and bandwidth management tools in use for perimeter protection will be moved over to this new distribution group from the server farm switches to which they are connected.

The Access-layer switches are required to be able to support Cisco Voice VLANs and provide at least 3 hardware queues on their interface ports used for desktop connections in order to guarantee end-to-end QoS for multimedia applications.

In addition to performance enhancement, enhancing network security, reliability and availability of the campus network are also our major goals of this upgrade.  The new campus network will support all the features in use on the existing network as well as additional features such as Network Access Control to deny network access by insecure devices at the network edge, Scavenger traffic suppression, etc.