John O'Keefe - Director, Academic Technology and Network Services
Michael Costello - Network Engineer

Abstract

Lafayette College completed a radical redesign of its legacy network infrastructure, using MPLS VPNs to enable role-based access to the network rather than more traditional solutions based on Layer 2/3. This presentation will describe the design, implementation, and operation of this network as well as future applications for virtualized networks.

Introduction

• Format of presentation
• About Lafayette
• Pre-existing network design
• Why is role-based security important?
• Problems with existing NAC solutions

Technical Background

• Traditional Layer 2 design
• Traditional Layer 3 design
• Layer 3 Virtualization

Layer 3 Virtualization

• GRE Tunnels
  - easy to configure
  - good for provisioning a few roles
  - does not scale (tunnels must be manually built to all routers)
• VRF-lite
  - easy to configure
  - good for provisioning a few roles
  - does not scale (each Layer 3 hop must be configured with all VRFs)
• MPLS
  - difficult to configure
  - can be used for many roles
  - scales to networks of any size

Implementation

• Network Redesign Project: a Conceptual Overview
• Budget approvals and institutional support
• Selecting a vendor and partner
• Phase I - converted core infrastructure, firewalls, Internet edge, and network monitoring
• Phase II - converted the old Nortel edge equipment to new Cisco switches (see schedule)
  - See pictures of our old Nortel gear being recycled and destroyed
  - See pictures of our Network Closets
• Phase III - implementing Network Admission Control

Current Lafayette Data Network

• Physical Layer
• Fusion VRF
• View of STUDENT and FACSTAFF VRFs
• By The Numbers
• Fusion VRF Graphs
• Common Services Context Interface Graphs

Related Information

• Network Upgrade Homepage
• Frequently Asked Questions