Re: Residential (Dorm) Network

[Jeff Kell <jeff-kell () UTC EDU>]

Daniel Bennett wrote:
> I am interested in hearing how your University handles their
> Residential Network.  Is it isolated through Firewalls, ACLS?  Does it
> have dedicated bandwidth?  How do users access internal College
> resources?  Do they access resources through a VPN?

Our Resnet traffic was originally terminated on our core and we used
ACLs to some extent to isolate the traffic.  As their network grew, they
got their own dedicated router to terminate their traffic, and we used
ACLs on the link to the core to restrict them to "sane and expected"
traffic.  Then came an outgrowth of the "campus" network into the resnet
network -- a housing office, access panels controlled by our central
system, environmental monitoring, surveillance video, etc., that started
to complicate the ACLs, not to mention mixing "secure" traffic with
casual dorm netsurfing.  They have their own vlans, for the most part,
but they still mesh into the same routing cloud.

We're in the process of converting Resnet over to VRFs (virtual
routing), and getting the isolated cases off of the resnet instance.
The resnet side only has visibility to the campus public servers and the
internet, and nothing else.  The "campus extensions" are just that --
tied directly into the campus core with their counterparts.

For bandwidth, they have always shared outside connectivity with the
main campus.  We've used various traffic management and packet shaping
techniques to keep them from monopolizing the available bandwidth.

Jeff Kell
UT Chattanooga