Post on 26-Dec-2015
transcript
The Operator Neutral Access At KistaIP
KistaIP ?
• Is a student dorm with 144 apartments.
KistaIP ?
• Is a student dorm with 144 apartments.
• Each apartment have a fiber connection to the router room at KistaIP.
KistaIP ?
• Is a student dorm with 144 apartments.
• Each apartment have a fiber connection to the router room at KistaIP.
• The student obtains a fiber-to-Ethernet converter which is used to connect the fiber to a computer.
The Network Infrastructure
• Each room is connected by a multimode fiber to one of the Dynarc 1124 routers.
The Network Infrastructure
• Each room is connected by a multimode fiber to one of the Dynarc 1124 routers.
• There are 6 Dynarc 1124 routers with 24 ports providing 6*24=144 connections.
Workstation
Laptop computerPC
Dynarc 1124
Dynarc 1124
Dynarc 1124
Dynarc 1124
Dynarc 1124
SD
Media C
onverter
LINK
PW
RLIN
K
5VD
C. 1A
_ __ __ +
UP
LINK
RX
TX
SD
Media Converter
LINK PWR LINK
5VDC. 1A_ __ __ +
UP LINK
RX
TX
SD
Media C
onverter
LINK
PW
RLIN
K
5VD
C. 1A
_ __ __ +
UP
LINK
RX
TXSD
Media C
onverter
LINK
PW
RLIN
K
5VD
C. 1A
_ __ __ +
UP
LINK
RX
TX
SD
Media C
onverter
LINK
PW
RLIN
K
5VD
C. 1A
_ __ __ +
UP
LINK
RX
TX
SD
Media Converter
LINKPWRLINK
5VDC. 1A _ __ __ +
UP LINK
RX
TXFiber
144Converters
Single mode Fiber
Apartment
Router room at KistaIP
24 ports
24 ports
24 ports
24 ports
24 ports
Mul
ti m
ode
Fib
erM
ulti
mod
e F
iber
5116 Router
Dual DTM RingInternet
IX Room
SM to MM converter
Dynarc 1124
24 ports
The Network Infrastructure
• Each room is connected by a multimode fiber to one of the Dynarc 1124 routers.
• There are 6 Dynarc 1124 routers with 24 ports providing 6*24=144 connections.
• The 6 routers are connected to the Dynarc 5116 router at Electrum by a singlemode fiber.
The Network Infrastructure
• Each room is connected by a multimode fiber to one of the Dynarc 1124 routers.
• There are 6 Dynarc 1124 routers with 24 ports providing 6*24=144 connections.
• The 6 routers are connected to the Dynarc 5116 router at Electrum by a singlemode fiber.
• The 7 routers build together a dual DTM (Dynamic synchronous Transfer Mode) ring.
The Network Infrastructure
Dynarc 1124
Dynarc 1124
Dynarc 1124
Dynarc 1124Dynarc 1124
Dynarc 1124
Dynarc 5116
Dual Ring
Electrum
KistaIP
Problems & solutions?
• How to provide operator neutral access.
Problems & solutions?
• How to provide operator neutral access.
• Introduce the use of VLANs.
Problems & solutions?
• How to provide operator neutral access.
• To provide an easy way to change between the providers.
• Introduce the use of VLANs.
Problems & solutions?
• How to provide operator neutral access.
• To provide an easy way to change between the providers.
• Introduce the use of VLANs.
• Provide server side software.
Problems & solutions?
• How to provide operator neutral access.
• To provide an easy way to change between the providers.
• Software free from the client side.
• Introduce the use of VLANs.
• Provide server side software.
Problems & solutions?
• How to provide operator neutral access.
• To provide an easy way to change between the providers.
• Software free from the client side.
• Introduce the use of VLANs.
• Provide server side software.
• Use a form of web based login and control
VLAN ?
• Virtual Local Area Network (VLAN) .
VLAN ?
• Virtual Local Area Network (VLAN) .• Devices on different LANs that joins the same VLAN
have the ability to communicate with each other as if they were at the same broadcast domain.
VLAN ?
• Virtual Local Area Network (VLAN) .• Devices on different LANs that joins the same VLAN
have the ability to communicate with each other as if they were at the same broadcast domain.
• Can be used to divide a LAN to different small LANs (VLANs), limiting the broadcast traffic and making the network more manageable.
Method
• Each provider belongs to a VLAN.
Method
• Each provider belongs to a VLAN.
• Users connect to a “VLAN changer” to switch between ISPs.
Method
• Each provider belongs to a VLAN.
• Users connect to a “VLAN changer” to switch between ISPs.
• A server side software called vpch is used to change VLANs on each port on the Dynarc 1124 routers.
Method
• Each provider belongs to a VLAN.
• Users connect to a “VLAN changer” to switch between ISPs.
• A server side software called vpch is used to change VLANs on each port on the Dynarc 1124 routers.
• The “VLAN changer” provides vpch with the information necessary.
Method
• Each provider belongs to a VLAN.
• Users connect to a “VLAN changer” to switch between ISPs.
• A server side software called vpch is used to change VLANs on each port on the Dynarc 1124 routers.
• The “VLAN changer” provides vpch with the information necessary.
• The oasis software is used to authenticate and open the firewall on the providers side.
Same Machine
Dynarc 1124
Dynarc 1124
Dynarc 1124
Dynarc 1124Dynarc 1124
Dynarc 1124
mdtm0VLAN (1,2,10,100)
Dynarc 5116
DHCP Server
Auth & Vlan Changer
Vlan 1
Vlan 2
Vlan (10,100)
Vlan 1
Vlan 2
DHCP Server & Auth
DHCP Server & Auth
SSVL
KTH
Firewall
Firewall
Electrum
KistaIP
The main components of the KistaIP neutral network
• Auth and VLAN changer.
• DHCP and Auth machine on the providers side
Auth and VLAN changer
• DHCP to provide a private network (VLAN 100) for the students where they are able to use to change ISPs.
Auth and VLAN changer
• DHCP to provide a private network (VLAN 100) for the students where they are able to use to change ISPs.
• A database to provide the vpch with information on each user, as well as for security reasons.
[Password, lgh, building, room, MAC, router (IP), interface, oldvlan]
Auth and VLAN changer
• DHCP to provide a private network (VLAN 100) for the students where they are able to use to change ISPs.
• A database to provide the vpch with information on each user, as well as for security reasons.
[Password, lgh, building, room, MAC, router (IP), interface, oldvlan]
• A second database with information about the ISPs.
[isp (name), vlan, ip (redirection page)]
Auth and VLAN changer
• DHCP to provide a private network (VLAN 100) for the students where they are able to use to change ISPs.
• A database to provide the vpch with information on each user, as well as for security reasons.
[Password, lgh, building, room, MAC, router (IP), interface, oldvlan]
• A second database with information about the ISPs.
[isp (name), vlan, ip (redirection page)]
• The vpch application, which connects to the routers and changes the VLAN on users port.
Auth and VLAN changer
• DHCP to provide a private network (VLAN 100) for the students where they are able to use to change ISPs.
• A database to provide the vpch with information on each user, as well as for security reasons.
[Password, lgh, building, room, MAC, router (IP), interface, oldvlan]
• A second database with information about the ISPs.
[isp (name), vlan, ip (redirection page)]
• The vpch application, which connects to the routers and changes the VLAN on users port.
• An Authentication mechanism.
Auth and VLAN changer
• DHCP to provide a private network (VLAN 100) for the students where they are able to use to change ISPs.
• A database to provide the vpch with information on each user, as well as for security reasons.
[Password, lgh, building, room, MAC, router (IP), interface, oldvlan]
• A second database with information about the ISPs.
[isp (name), vlan, ip (redirection page)]
• The vpch application, which connects to the routers and changes the VLAN on users port.
• An Authentication mechanism.
• A registration form to register new users.
ISP side configuration
• An authentication protocol (e.g. kerberos, radius).
ISP side configuration
• An authentication protocol (e.g. kerberos, radius).
• Web based authentication forms.
ISP side configuration
• An authentication protocol (e.g. kerberos, radius).
• Web based authentication forms.• The Oasis software package:
Provides a mechanism for authentication.
Opens and closes firewall rules.
Ability to detect inactive users.
Support many kinds of authentication protocols by using PAM (Pluggable Authentication Modules).
Same Machine
Dynarc 1124
Dynarc 1124
Dynarc 1124
Dynarc 1124Dynarc 1124
Dynarc 1124
mdtm0VLAN (1,2,10,100)
Dynarc 5116
DHCP Server
Auth & Vlan Changer
Vlan 1
Vlan 2
Vlan (10,100)
Vlan 1
Vlan 2
DHCP Server & Auth
DHCP Server & Auth
SSVL
KTH
Firewall
Firewall
Electrum
KistaIP