OIT Upgrades Interface to the Internet

border router

Border Router

OIT used the holiday break as an opportunity to upgrade the border router and campus firewall, improving network performance and reliability.  The timing  was chosen to minimize the impact on the campus community who rely on UCInet Internet connectivity.

Prior to this project, UCI had a single system providing the link between UCInet and the Internet, and this device was also responsible for providing the campus firewall service.  This represented a vulnerability, in that hardware failure could result in loss of connectivity.

The border router was also aging, having been put into service in August of 2003, and Cisco had announced the end of maintenance for this model later this year.

The project replaced the components within the border router, added a second border router, distributed Internet services between them, and isolated the firewall service to its own redundant systems.  Tests have demonstrated a significant increase in network bandwidth as well.  Now if one of the two routers should go down, connectivity will be sustained by the redundant architecture of the new system.

The current arrangement also makes use of Cisco’s Virtual Switching System technology, allowing the two routers to be managed as a single service.

An upcoming goal is to house the two border routers in different buildings.  One will remain in Central Plant, and the other will be housed in OIT’s SSPA network vault.  This geographic distribution will further reduce the risk that loss of power or other facilities to a single building could interrupt UCI’s connection to the Internet.

Border Router

UCI now has a versatile border router providing a more configurable and secure connection to the Internet.

The border router is a Cisco Catalyst 6509 with a crossbar-fabric switch. The router currently features 32 ports, each running at one gigabit per second (1 Gbit/s) bidirectionally, and is expandable to 180 ports as campus needs grow. It replaces a router with a total bandwidth of 2.4 Gbit/s and represents a substantial upgrade in network capacity.

The border router now aggregates formerly separate circuits to CalREN, the Internet, and Internet2 (Abilene), allowing a single set of policies and security measures to protect the campus across all our links to the rest of the world.

The router is a sophisticated device that allows network administrators to build circuits into, out of, and even back into the router. This permits a virtual path from the Internet to the router, through the campus firewall, back through the router, and on to UCInet. The border router also will support an “intrusion detection system”, presently being designed and implemented, which will complement and enhance the campus firewall.

The intrusion detection system will be able to spot subtle patterns in campus network traffic which represent a network-based attack. It will alert campus network staff when an attack begins, and allow the creation of precise rule sets for network traffic, which will allow UCInet to remain open to legitimate network uses while filtering out many kinds of hostile traffic.