campus wireless network kitenet koji okamura research institute for information technology, kyushu...

Campus Wireless Network kitenet

Koji OKAMURAResearch Institute for Information Technology, Kyushu University

Overview of Kyushu Univ.• is located in Fukuoka City of Fukuoka

Prefecture.– Population of Fukuoka City is 1.3M.– Population of Fukuoka Pref. is 5.0M.

• has– 20,000 students and 10,000 staffs

(faculties and etc.).– and two main big campus (hakozaki and

ito) and several satellite campus (hospital, chikushi and oohashi ).

– every campus are connected 10G.• uses

– AS2508 and one Class B address (133.5.0.0/16).

Campus of Kyushu Univ.

New Main

Main

Hospital

Art

Material, Energy etc

15km

Why Campus Wireless Network is necessary ?

• Everyone of Kyushu Univ. want to use Internet when they come to University.

• Everyone had bought and set-upped their own Wireless AP.– Only owner can use his Wireless AP even there are so

many Wireless APs in campus.– Policies for Member of Kyushu Univ. and guests should be

different.

• Computer Center had decide to introduce Campus wide wireless network in 2006.

The 1st Version (2003~2007)• Mobile IP based.

– Non Standard.

• 228APs• Special Driver (Software) is necessary.• The product becomes “Dis-Continue”.• No Windows Vista support.

The 2nd Version (2006~

• 802.1x Base• 591 APs• APs are installed with

core network when the new building is build.

Infrastructure

Campus Network of Kyushu Univ.(KITE)

Campus Network of Kyushu Univ.(KITE)

Commercial Network

Commercial Network

Ether Switch

Authentication Server

Authentication

Campus Network of Kyushu Univ.(KITE)

Campus Network of Kyushu Univ.(KITE)

Commercial Network

Commercial Network

Ether Switch

Authentication Server

Connecting

Dynamic VLANDynamic VLAN

Campus Network of Kyushu Univ.(KITE)

Campus Network of Kyushu Univ.(KITE)

Commercial Network

Commercial Network

Ether Switch

Authentication Server

Campus Network of Kyushu Univ.(KITE)

Campus Network of Kyushu Univ.(KITE)

Commercial Network

Commercial Network

Ether Switch

Authentication Server

Policy for each user can be supported.

Commercial ISPCommercial ISP

Kyoto Univ.Kyoto Univ.

Tohoku Univ.Tohoku Univ.

133.5.7.0/24133.5.7.0/24133.5.22.0/24133.5.22.0/24

133.5.11.0/24133.5.11.0/24

System Design• Functions

– Authentication• 802.1x → Mandatory• Web → Option

– Dynamic VLAN • Wired

– ＡＸ　 (MAC VLAN)• 802.1 1X

– SW or Wireless AP which can pass EAP packets can be cascaded.

• Web

• Wireless– Allied Tetesis (Tagged VLAN)

• 802.1X• Web(not supported)

ＡＸ

Wireless AP by Allied Telesis

SW or Wireless APwhich can pass

EAP packets

Port which is set ofAuthentication

RadiusServer

Core SW

Center Network

User Network

SWwhich can not

pass EAP packets

AT-TQ2403

AX-630x

Dynamic VLAN

WirelessAP

WiredSW

WirelessAP

WiredSW

WirelessAP

VID=xxx

VID=yyy

VID=zzz

Radius

kitenet (IPv4)

WirelessAP

WiredSW

WirelessAP

WiredSW

WirelessAP

VID=xxx

VID=yyy

NAT NAT

InternetInternetKyushu Univ.

Kyushu Univ.

ISPISP

10.1.0.0/16

10.2.0.0/16

kitenet (IPv6)

WirelessAP

WiredSW

WirelessAP

WiredSW

WirelessAP

VID=xxx

VID=yyy

NAT NAT

InternetInternetKyushu Univ.

Kyushu Univ.

ISPISP

10.1.0.0/16

10.2.0.0/16

QGPOPIPv6

QGPOPIPv6

2001:200:905:15f1::/64

2001:200:905:15f2::/64

The current situation• every one can use Internet using Windows, Mac,

iPhone, Windows Mobile….• even guests can use Internet when they come to

Kyushu Univ. based on security policy of Kyushu Univ.– Conference at Kyushu Univ.

New

Main

Hospital

Art

Material, Energy etc

15km

Future Works• Big segment across whole campus

management/authentication

Kyushu University

Guest

Future Works• They should be segmented.

• IPv4 is used for each segment.– Virtual Router will support the routing.

AuthenticationManagement

Kyushu Univ.

Guest

Thank you very much!