Campus Wireless Network kitenet

1
Campus Wireless Network kitenet

• Koji OKAMURA
• Research Institute for Information Technology,
  Kyushu University

2
Overview of Kyushu Univ.

• is located in Fukuoka City of Fukuoka Prefecture.
• Population of Fukuoka City is 1.3M.
• Population of Fukuoka Pref. is 5.0M.
• has
• 20,000 students and 10,000 staffs (faculties and
  etc.).
• and two main big campus (hakozaki and ito) and
  several satellite campus (hospital, chikushi and
  oohashi ).
• every campus are connected 10G.
• uses
• AS2508 and one Class B address (133.5.0.0/16).

3
Campus of Kyushu Univ.
4
Why Campus Wireless Network is necessary ?

• Everyone of Kyushu Univ. want to use Internet
  when they come to University.
• Everyone had bought and set-upped their own
  Wireless AP.
• Only owner can use his Wireless AP even there are
  so many Wireless APs in campus.
• Policies for Member of Kyushu Univ. and guests
  should be different.
• Computer Center had decide to introduce Campus
  wide wireless network in 2006.

5
The 1st Version (20032007)

• Mobile IP based.
• Non Standard.
• 228APs
• Special Driver (Software) is necessary.
• The product becomes Dis-Continue.
• No Windows Vista support.

6
The 2nd Version (2006

• 802.1x Base
• 591 APs
• APs are installed with core network when the new
  building is build.

7
Infrastructure
Campus Network of Kyushu Univ. (KITE)
Authentication Server
Commercial Network
Ether Switch
8
Authentication
Campus Network of Kyushu Univ. (KITE)
Authentication Server
Commercial Network
Ether Switch
9
Connecting
Campus Network of Kyushu Univ. (KITE)
Authentication Server
Commercial Network
Dynamic VLAN
Ether Switch
10
Policy for each user can be supported.
Campus Network of Kyushu Univ. (KITE)
133.5.11.0/24
133.5.22.0/24
Authentication Server
133.5.7.0/24
Commercial Network
Commercial ISP
Tohoku Univ.
Kyoto Univ.
Ether Switch
11
System Design

• Functions
• Authentication
• 802.1x ? Mandatory
• Web ? Option
• Dynamic VLAN
• Wired
• AX (MAC VLAN)
• 802.1 1X
• SW or Wireless AP which can pass EAP packets can
  be cascaded.
• Web
• Wireless
• Allied Tetesis (Tagged VLAN)
• 802.1X
• Web(not supported)

Radius Server
Core SW
AX
SW which can not pass EAP packets
Port which is set of Authentication
Wireless AP by Allied Telesis
SW or Wireless AP which can pass EAP packets
Center Network
AX-630x
User Network
AT-TQ2403
12
Dynamic VLAN
Wireless AP
Wired SW
Wireless AP
Wired SW
Wireless AP
VIDxxx
VIDyyy
VIDzzz
Radius
13
kitenet (IPv4)
Wireless AP
Wired SW
Wireless AP
Wired SW
Wireless AP
VIDxxx
10.1.0.0/16
VIDyyy
10.2.0.0/16
NAT
NAT
Internet
Kyushu Univ.
ISP
14
kitenet (IPv6)
Wireless AP
Wired SW
Wireless AP
Wired SW
Wireless AP
VIDxxx
10.1.0.0/16
200120090515f1/64
VIDyyy
10.2.0.0/16
200120090515f2/64
QGPOP IPv6
NAT
NAT
Internet
Kyushu Univ.
ISP
15
The current situation

• every one can use Internet using Windows, Mac,
  iPhone, Windows Mobile.
• even guests can use Internet when they come to
  Kyushu Univ. based on security policy of Kyushu
  Univ.
• Conference at Kyushu Univ.

16
Future Works

• Big segment across whole campus

management/authentication
Kyushu University
Guest
17
Future Works

• They should be segmented.
• IPv4 is used for each segment.
• Virtual Router will support the routing.

Authentication Management
Kyushu Univ.
Guest
18
Thank you very much!