Deutsch
English
Druckansicht
  Hans-Dickmann Kolleg (HaDiKo)  Offers  Network  Hardware Overview

Hardware

Hardware is consisting of everything you can touch. Hardware needs a power supply, flashes quite nicely and sits in 19'' network-racks, which are allocated in the whole of HaDiKo.
Starting with the rack in H-wing, there are multimode-optical fibre connection to every other house. As main switch there is a Extreme Networks Summit 1i, for user-junction there are Cajun P330 and Cisco 2950 switches. The interconnection of the different switches is shown here. The actual load can be retrieved here.

VLANs

Virtual Lans (short VLANs) make it possible to different separated network on one piece of hardware. How this works in detail can be seen for example on Wikipedia. In HaDiNet there are VLANs for normal use and those for infected computers, DUKATH, network-management and the color-lase printer in the computer-room. The distinctive features of VLANs are explained in the following.

HaDiNet V-Lan

In the HaDiNet VLAN there are alle user-connections (as long as they are not quarantined), the HaDiNet servers and the router. The used address-range is 172.20.32.0/19. The subnet 172.20.32.0/24 is used for the HaDiNet servers, 172.20.33.0/24 for networking components (so, these are mainly accessible through the network-management VLAN) and 172.20.34.0/24 for other self-administration computers. The addresses used for the users are listed in the <link 126>IP-adresslist</link>. Because the address range is assigned by the university the  DNSVS of the datacenter is used. Via the DNSVS there are only DNS-entrys of the type hadi????.hadiko.uni-karlsruhe.de available.
Therefore there is the domain hadiko.de.
The router is in principle a ordinary pc with linux os and located in the network-rack on I3. The router is connected via a optical fibre connection, which leads to building 50.31 and is the connection to the outer-world. The ip-addresses used in HaDiKo are private addresses with respect to RFC 1918 and therefore only available from inside the campus-network. If you want to reach your computer from the internet you have depending on what protocol you use, use other services of the datacenter. For e-mail you have to use the mail-realy of the datacenter and http is only available through proxy. If you are using other protocols (for example irc,ssh or icq) there is NAT used.

Quarantine VLAN

To prevent further spread of worms and anyhow enable the user to use the network to download anti-virus software or patches there are the quarantine-VLANs.
Beside the infected computers there are also the servers nce10 and nce8 inside this VLAN, so you can reach DNS, proxy and the enhealthing-webpage. To remind the user of the ban the proxy is only usable for 15 minutes followed by a 15 minutes lasting redirection to a reminder-webpage. The ban procedure is normally the following: First there is a tutor which detects unusual networking activity which might be caused by a worm. Then a script is called which redirects the user-port into the VLAN, sets routing to nce8 and nce10 and last but not least sets the connection marked "quarantined" in the user database.

DUKATH

Inside wireless networks there is an authentication necessary. Thanks to bridging and VLANs this is also possible in HaDiKo. So DUKATH is accessible in HaDiKo. This saves a lot of work and enable the users to use the same environment like from inside the university.

Hadinet

General

Move in/out

Support

Blog

Hardware Overview

Configuration

Services

Last changed: 09.05.2009, 10:48

Copyright © 2010 HaDiKo

Login | Seite drucken | W3C CSS 2.0| Impressum