• McMaster
  • McMaster A-Z Index
• Academics
  • Undergraduate Studies/Programs
  • Graduate Studies/Programs
  • Part-Time Studies & Continuing Education
  • Departments & Faculties
• Alumni
  • About the Alumni Association
  • Alumni Events
  • Services & Benefits
  • Programs for Alumni
  • Alumni Networking
  • Keep in Touch
  • Homecoming
  • Alumni Weekend
  • Students & Young Alumni
  • Giving to McMaster
• Discover McMaster
  • About the Campus
  • Fast Facts
  • Governance
  • History of McMaster
  • How to Get to McMaster
  • Policies, Procedures & Guidelines
  • President's Message
  • Provost & Vice-President (Academic)
  • Strategic Plan
  • Teaching and Learning at McMaster
• Future Students
  • Undergraduate
  • Graduate Studies
  • MBA Program
  • Continuing Education
  • Parents
  • Student Services
  • Virtual Tour
• Library
  • About the Libraries
  • Contact Us
  • Course Reserves
  • Library Catalogue
  • Library Services
  • My Account / Book Renewal
• Research
  • Canada Research Chairs
  • Endowed & Industrial Chairs
  • Ethics in Human Research
  • McMaster Innovation Park
  • Office of International Affairs
  • Partnership Opportunities
  • Research Centres & Institutes
  • Research Policies & Procedures
  • Science in the City
• Current Students
  • Student Affairs
  • Student Resources
    • Chaplaincy
    • Human Rights & Equity
    • Information Technology
    • Office of Academic Integrity
    • Ombuds
    • Parking & Transit
    • Registrar
    • Safety & Security
    • Student Financial Aid & Scholarships
    • Student Accounts
  • Student Government
    • Graduate Students
    • Part-time Students
    • McMaster Students Union
  • Campus Life
    • Clubs
    • Events

University Technology Services

• Routing
• Access
• DHCP
• Network Security
• UTS Home

Distribution Layer Routing

Network virtualization - providing multiple groups with access to the same physical network while keeping them logically separate so that they have no visibility to other groups - is a requirement that has challenged network design for many years. In the 1990s, Layer 2 switching predominated on campus LANs, and VLANs were widely used to divide the LAN into separate workgroups within a common infrastructure. The solution was effective and secure, but did not scale well, nor was it easy to manage as campus LANs grew and spanned buildings.

The introduction of Layer 3 switching within core & distribution layers helped reduce problems with scalability, performance, and troubleshooting associated with the VLAN-based approach. Layer 3-based campus networks have proven to be scalable and robust and offer high performance. A routed configuration provides a more resilient network and better problem isolation.

The transition from our current `collapsed core' design to distribution layer routing (OSPF) requires adding routing processors to those building switches that don't have the required capability, and while progress depends on funding, work can proceed subnet by subnet as switches are upgraded. MDCL, GSB (level 2), BSB (renovated phases 1 & 2), DBAC, HH (CSB, ADL & REF downstream) and ABB have been completed, as well as off-campus sites requiring multiple networks such as DTC. New buildings and major renovation projects will include routing switches as part of their infrastructure renewal. Maconline is also complete following phase 2 of the network refresh project which added routing modules to building distribution switches in ssummer 2007.

Network Access Control

• Extend NAC (Cisco Clean Access) to include remote access to McMaster systems from off-campus via VPN

DHCP & DDNS

• Strategy to replace static IP assignment with DHCP self-registration and automated management process almost everywhere
• The system will endeavour to allow client machines to maintain a unique hostname to IP address mapping using a DHCP dynamic update mechanism.
• DNS security extensions & secure dynamic update

Central Network Security Design & Controlled Access

• UTS-Internal, Development, Public-Facing, Customer and other segregated networks with separate VFW rule sets for the data-centre subnet
• Review, categorize & clean-up of the server exception list (workstations visible to traffic requests initiated from off-campus)
• Assess provision of a few separate rule sets with general applicability to common server categories (e.g. web server - only ports 80, 443 visible from off-campus)
• Departments with requirements for more specific rule sets (e.g. Student Health Services) may be served with a separate VFW rule set specific to the department provided requirements are static enough to minimize configuration maintenance