 |
|
|
|
|
|
|
 |
 |
|||||
 |
 |
 |
 |
 |
 |
|
techmasters > technology > the network at andover
The Network at Andover
The Phillips Academy network, which has been around for a few years now, spans across all student dorms as well as most other buildings on campus. IP addresses for the internal network are assigned from the 172.16.0.0/12 internal block. The internal network is further divided into different levels of virtual-lans. Access between each vlan is controlled by an access control list. Each vlan uses a 255.255.248.0 subnet, providing more then enough ips for each segment. The vlans are organized by quadrant of the campus, and then by network type. The four quantrants are defined as Draper, Stevens, Morse, and Rockwell. The different networks are the admin, academic, and student.
Each dorm has a Cisco 10/100 switch located in the basement. All ports in the student rooms are connected to this switch at, currently, 10 megabits/s half duplex. Each port on the switch can easily be remotely configured. The port can therefor easily be disabled if the administration wishes to take away a student's connection. The switches in the dorms are connected to one of four main Cisco gigabit switches, one in each quadrant. This connection is via multi-mode fiber going at 100 megabits/s. Each gigabit switch is connected to every other gigabit switch on the student network via single mode fiber. This network is also connected to Draper Hall, home of Technology and Telecommunications. Draper Hall holds most of the academy servers, and the academy's connection to the internet.
A few servers include:
Titan: The school's DNS server used for domain lookups as well as hosting
the andover.edu domain zone. Three backup servers at the school's ISP
exist for serving the andover.edu zone only, not for domain lookups, in
case Titan fails. In addition, Titan serves as the network registration
manager for the student network. This registration service is running
on Lucent Technology's QIP package.
Colossus: A second DNS server which provides DNS/DHCP services
for the admin and acadmic networks.
Goliath: A third DNS server which provides redundancy for Colossus.
Hermes: The school's web server for www.andover.edu
Owl: The OWL library web catalog server.
Athena: The school's server for PAnet. In addition, it is the school's
mail server. Every member of the PA community gets an email account on
this server, however, there is no backup MTA server for when Athena goes
down.
Student: The Techmaster server for use of the techmasters. It runs
as this web site's server, a mail server, internal news server, DNS server,
and a few others.
Our connection to the internet is via a tri-T1 connection from Genuity, a tier 1 ISP. This connection serves about 1000 people. Students wishing to access an internet address get routed first through Allot Communication's NetEnforcer to control their bandwidth usage. This device places traffic in certain queues to limit flow of individual connections. This is a necessary addition to our network because of the very limited bandwidth. Traffic then gets routed through our Cisco Pix firewall. For each packet that leaves the Pix, a hash of data including source and destination ip addresses, ports, etc., is created. All packets coming into the Pix are dropped unless a hash can be created with the incoming packet that matches a previously stored hash. Additionally, the Pix randomizes initial sequence numbers (ISNs) for all tcp/udp connections. This help some ugly tcp stacks (mainly those found in windows 95/98) that don't do this on their own. The Cisco Pix also does NAT (network address translation), translating the internal 172.16.0.0/12 addresses to our actual internet ip blocks. The school currently has access to three Class C blocks: 207.93.4.0/24, 207.93.5.0/24, and 207.93.6.0/24. This gives us 768 ip addresses in total. The subnet for the academy's servers takes up 64 of these addresses, leaving roughly 700 for the Phillips community. After traffic leaves the Cisco Pix, it goes on to our router, down the tri-T1 connection, to our ISP Genuity, and out to the internet.
Students wishing to connect to the network can do so providing they have their own computer with a network card. Once you connect your computer to the network, a temporary DHCP lease is given which gives you enough time to register your connection at studentipreg.andover.edu (a CNAME to Titan). This registration stores your MAC address and assigns you an internal IP address. Once you get this IP address, you can renew your DHCP lease and be on your way. Your DHCP lease will give you: your IP address with a domain of andover.edu, two IPs for DNS, and the default gateway of your particular quadrant. Microsoft file sharing is not blocked from the network, however, it is not supported either. This means that there is no WINS server. Due to the many switches and segments on the student network and the fact that Microsoft File Sharing's quasi DNS protocol works using a multitude of broadcast packets, it can be quite annoying and slow browsing the student workgroups for computers.
Students should be aware that all data going through the firewall is quite loggable, and since Phillips Academy has filed under the Digital Millennium Copyright Act, they periodically perform spot checks on student connections. Make sure you read through the school's AUP which can be found in the Technology Hand Book which comes with the Blue Books.
The Phillips community also has access to the computers located at all computer centers on campus. All of these computers have access to the internet and provide access to resources on the academic network including file servers and remote printing.
