• McMaster
  • McMaster A-Z Index
• Academics
  • Undergraduate Studies/Programs
  • Graduate Studies/Programs
  • Part-Time Studies & Continuing Education
  • Departments & Faculties
• Alumni
  • About the Alumni Association
  • Alumni Events
  • Services & Benefits
  • Programs for Alumni
  • Alumni Networking
  • Keep in Touch
  • Homecoming
  • Alumni Weekend
  • Students & Young Alumni
  • Giving to McMaster
• Discover McMaster
  • About the Campus
  • Fast Facts
  • Governance
  • History of McMaster
  • How to Get to McMaster
  • Policies, Procedures & Guidelines
  • President's Message
  • Provost & Vice-President (Academic)
  • Strategic Plan
  • Teaching and Learning at McMaster
• Future Students
  • Undergraduate
  • Graduate Studies
  • MBA Program
  • Continuing Education
  • Parents
  • Student Services
  • Virtual Tour
• Library
  • About the Libraries
  • Contact Us
  • Course Reserves
  • Library Catalogue
  • Library Services
  • My Account / Book Renewal
• Research
  • Canada Research Chairs
  • Endowed & Industrial Chairs
  • Ethics in Human Research
  • McMaster Innovation Park
  • Office of International Affairs
  • Partnership Opportunities
  • Research Centres & Institutes
  • Research Policies & Procedures
  • Science in the City
• Current Students
  • Student Affairs
  • Student Resources
    • Chaplaincy
    • Human Rights & Equity
    • Information Technology
    • Office of Academic Integrity
    • Ombuds
    • Parking & Transit
    • Registrar
    • Safety & Security
    • Student Financial Aid & Scholarships
    • Student Accounts
  • Student Government
    • Graduate Students
    • Part-time Students
    • McMaster Students Union
  • Campus Life
    • Clubs
    • Events

University Technology Services

• Networking Main Page
• Layers
• Campus Backbone
• Traffic Graphs
• UTS Home

Network infrastructure is not simply wiring, but also distributed electronic switching and routing systems, as well as ancillary networking software on separate server systems. Broadly speaking, networking support involves Unix system management & security issues, with specialised applications running both on proprietary switching and routing equipment, as well as on general-purpose ancillary servers (not just for networking, but also supporting student labs, and office LANs).

Three categories within which to describe networking services are:

Physical Connectivity

• Campus backbone optical fibre cabling linking buildings and major affinity groups (subnets) to central multiport routing switches
• Backbone cabling & switching within each building
• Wiring closet to station wiring, specifications and standards
• Campus network to off-campus Internet connectivity
• Metropolitan area network (MAN) extension of camus network to the Downtown Centre and other McMaster satellite locations
• Installation & upgrade plans and procedures

Support Infrastructure

• Domain name service (DNS)
• DHCP & static IP number registration
• Authentication (multi-purpose access & application)
• VLAN administration
• authentication for open station access (MacConnect)

Applications & Operations

• Email post-office delivery functions
• Web proxy service (authenticating off-campus web access from student labs as well as some public-area stations not part of the MacConnect service)
• Lab printing
• Statistics gathering
• Network device inventory & configuration management
• Performance monitoring & troubleshooting
• Filters on foreign traffic passed through us
• Intrusion detection on network devices & servers

Layers
With rapidly evolving technology used to implement a production system, there is a never-ending effort to meet McMaster's growing dependence on the networking infrastructure by updating and expanding segments as priorities change and funding becomes available. Clearly, these can never be completely replaced at once, and the campus network invariably contains a mixture of older and newer wiring and electronic components.

Campus Backbone
The campus network backbone is implemented using a pair of Cisco 6509 switches with routing processors, jhesw & ghsw, linked to border, another Cisco 6509 switch/router with a firewall module, which interfaces to off-campus networks. The core switches are linked by campus fibre cabling to building switches, which in turn aggregate traffic from wiring closet switches distributed throughout the buildings. Wiring closet switches have ports wired to each data jack in the neighbouring offices and labs, typically providing a 100 Mbps private connection. Recently upgraded sub networks are doubly connected to each backbone switch to provide an alternate path in case of failure.

Ancillary Servers & Network Appliances
In addition to the switches and routers providing the physical connectivity and routing, network infrastructure includes a number of essential services delivered by server system software, or by special-purpose €˜network appliance' devices. These include:

• Domain Name Service (DNS) for the McMaster name space, which uses the database of assigned IP addresses, and maps names with suffix mcmaster.ca to IP addresses with the prefix 130.113€¦)
• Dynamic Host Control Protocol (DHCP) assigns IP addresses from dynamic pools to those ports and hosts not configured to use a statically assigned IP address
• Authentication for various services (e.g. VPN service, web proxy) is provided by servers which respond to requests from specialized networking devices and interface with the central UTS authentication mechanism based on the University Person (UP) database describing members of the community
• Firewall: the general-purpose campus firewall is implemented using a firewall service module (hardware blade) with the border router. It implements general rules applicable to the majority of systems on campus, shielding them from externally-initiated traffic, while allowing them free access to initiate traffic their own traffic to external networks. The rules are described in more detail on the firewall page. Departments and individual system administrators have deployed other firewalls to implement more specific rules that protect a particular system or group of machines to a level beyond that which applies to campus systems in general.
• Packet shaper: beyond controlling the amount of bandwidth purchased for commercial Internet access, contention for this scarce resource can result in poor performance as €˜recreational applications' vie with others, such as web access. The packet shaper implements a quality of service (QoS) algorithm to give lower priority to recreational applications, only when there isn't enough Internet bandwidth to satisfy all of the concurrent demand.
• VPN concentrator: this device interacts with VPN client software on customer systems to provide a secure €˜tunnel' for traffic between the client and the campus backbone network, authenticating the user and encrypting the traffic (cf. VPN Service description)
• Monitoring & logging tools: a variety of systems are used to monitor that networks components are operational, and to look for abnormal behaviour which might indicate a problem.