Cnaas in Noreway gn4.3 Workshop Oct 2019-Uninett-3222

Download as pdf or txt
Download as pdf or txt
You are on page 1of 18

Campus Network as a Service (CNaaS)

in Norway - where are we now?

Vidar Faltinsen, director of department, UNINETT


GÉANT workshop on network management and monitoring
Copenhagen, October 21 2019
 NREN in Norway
 Owned by the Ministry of
Education and Research
 90 employees
 140 customers
 300.000 users
Norwegian
CNaaS

Service development and pilot in 2019


Operational from 2020

Extending the research network to the researcher, student and lecturer

3
Why such a service?
ICT departments are overloaded with tasks

• little time to focus on network

ICT departments are vulnerable

• only one person on network in many cases

Trend to outsource “bread and butter”

• In order to strengthen focus on supporting ICT for


research and IT for education

Improve security

Improve overall quality

• Improvements for ICT for research and education etc Life on campus

4
New digitalization
strategy from the
Ministry of Education
2017 - 2021

Drive for common ICT services in the


HE sector when there is a clear benefit

5
The CNaaS service package
Included Will / can offer
Operations of wired and wireless network Firewall management
DHCP service DNS firewall
NAT 44 service
IDS
Radius (for eduroam)

VPN (eduVPN)

24/7 monitoring of critical components


(daytime monitoring for the rest)

6
Number of customers

2019: One (pilot)


2020: at least two new (moderate ambition)
2021 ->: sky is the limit 

7
CEO Uninett as of Jan 1 2019

Organizational setup Business


support
Techology and
strategy

Customer Research Campus Service


Security
department Network Network Plattform

Dedicated department in Uninett for campus network

We are recruiting more network engineers

Total MY for CNaaS in 2020 will be 2.7 (service will have a deficit first years)

Close collaboration with research network department

Will use our NOC for operations

Collaboration with Sunet important (next slide)

8
Joint Swedish and Norwegian high level CNaaS NMS architecture
Customer A

NAV
(monitor)
SNMP read

NAV
1st line config
Campus
(KIND in Norway Customer network
NI in Sweden) and Asset
Database
Netconf

CNaaS-NMS oxidized
(2nd and 3rd line
Uninett config) (tracking
changes)
SUNET Nornir/NAPALM

9
Formal relation

We set up a contract that defines:


• Services that is included (and what is not included)

• Obligations for the customer

• Service and support level (SLA)

• Ownership of equipment (Uninett owns, maintains


and reinvests)

• Price (fixed annual cost)

10
Lessons learned so far
Close interaction with customer is key
• Technical staff at customer need to work WITH us
• SLA/mutual expectations – both Uninett and customer
• Clear demarcation line – who is responsible for what
• Day to day low level changes must be done by the customer

• access switch port config


• firewall detailed rules (need better tools)

CNaaS reference architecture can influence/change campus design for all campuses
Automation is a continuous improvement process.
• Focus on the most repetitive processes first
• 100% automation too expensive (?)

11
Extra material follows…
From help-with-self-help to help-with-everything

GigaCampus 2009 CNaaS 2019

13
CNaaS high level objectives

No vendor lock-in
High availability ( => fully redundant design)
Flexible traffic engineering ( routing in underlay beats SPT any day – also easier to debug)

Focus on security – must be implemented through a set of initiatives


Users & devices should be able to connect from anywhere on campus

14
Overlay/underlay architecture with EVPN and VXLAN

ISIS routing in underlay


MP-BGP routes mac addresses
VXLAN encapsulation
Underlay
dot1X and MAB authentication

Map VXLAN to Vlans for access layer


VXLAN all the way to expensive

15
How can we make security management scalable?

NOC cannot do all change requests


Local staff can not be given all privileges
ACL text editor management - RIP
Are there any good tools out there?

??? ???

16
Why must wired and wifi be well integrated?

User experience •User expect same functionality and same level of security
•Multicast, Bonjour, mDNS (BUM)

Wired and wifi must • Lab microscope on wire where wireless iPad is used as monitor
• Apple-TV/Chromecast/Miracast on cable and users on wifi

play well together • Hearing aid devices on wired and user on wifi
• Screen sharing equipment for visually impaired in lecture hall – user on wifi

Same management, •Not so vulnerable


•Better overview
monitoring and security •Easier to spread knowledge among network admins

Simpler overall •Fault monitoring the same for wired and wireless
network topology
Thanks for your attention

@Uninett @Uninett Uninett uninettnorge

www.uninett.no

You might also like