Cisco Aironet 1130 AG Series

In addition to its reputation for academic excellence, five Nobel Prize winners, and top research centers, the University of California at Santa Barbara (UCSB) is considered one of the most beautiful campuses in the United States and the most popular for students who surf and ski. The number of applicants has doubled in the past decade and enrollment has increased to 19,799 students in 2004-2005. With 998 faculty members, UCSB offers more than 200 majors, degrees, and credentials through five schools and its graduate degree programs.

Students have access to many of the computing networks that link departments, administrative offices, professors' Websites, as well as to dedicated Internet connections in the on-campus residence halls. In 2001, approximately 3800 students resided on campus. Internet access was provided by the University's Housing and Residential Services (H&RS) Network, or RESNET. At the time, UCSB had a 20 Mbps Internet connection and it was apparent that more bandwidth was going to be needed - soon.

Daxter Gulje, UCSB's manager of H&RS Network Services, had just joined the university, inheriting a mixed-vendor network infrastructure that needed upgrading. With a goal of providing residence hall students with "one port per pillow" over RESNET, he set about upgrading the existing network and simplifying its management. The network already included Cisco® Catalyst® 6009, Catalyst 5009, and Catalyst 4006 switches, but Gulje decided to eliminate other vendors' switches and replace them with Cisco Catalyst 3550 switches.

"When I started here, we had an excellent relationship with Cisco and the Cisco account team," says Gulje. "When it was time to upgrade the network and increase the bandwidth available to students, the obvious choice was to expand with technology from Cisco Systems® and simplify network management and administration. Our Cisco sales team was extremely helpful, which made the choice to stay with Cisco easy."

Gulje continued to adapt RESNET to meet new demands as Internet traffic volume grew and peer-to-peer application traffic, frequently used to download music and other media, began to appear in the network. Today, RESNET is built on a one-gigabit network backbone, with an OC-12C/STM-4 (622-Mbps) link to the Internet through two major carriers. Dual Cisco Catalyst 6506 switches are connected with a one-gigabit Ethernet connection, providing a high-capacity switched backbone. The Cisco Catalyst 6506 Switch is one of the Cisco Catalyst 6500 Series of switches, which offer the highest levels of availability and integrated services capabilities for a broad range of deployments. For UCSB, the Catalyst 6506 Switch provides increased port densities to handle high traffic volumes and diverse types of traffic. Rapid failover capabilities ensure that the network is always available to students.

Gulje initially equipped each switch with dual Cisco Catalyst 6500 Series Supervisor Engine 2 modules. The Supervisor Engine 2 offers Layer 3-7 services, such as server switching, multiprotocol routing, and quality of service (QoS), as well as two gigabit uplink ports, full Internet routing table support, and Hot Standby Routing Protocol (HSRP) for high availability and load balancing. He plans to upgrade these to Cisco Catalyst 6500 Series Supervisor Engine 720 modules for additional resiliency, even higher switch efficiency, and the ability to support hardware-accelerated features such as IPv6.

One port on each Catalyst 6506 Switch is dedicated to traffic bound for the main campus backbone, which is also based on Catalyst 6500 Series switches. In addition, dual Cisco PIX® 515 security appliances provide firewall services for administrative applications and other Layer 3 traffic remaining within the Housing and Residential Services administrative network, which is physically and logically separate from RESNET. This network serves 300 users who predominantly rely on e-mail, although reporting and facilities management applications are also used. Administrative traffic is aggregated through the Catalyst 6506 switches and routed to users over a Cisco 2601 Multiservice Platform. UCSB also uses Cisco Catalyst 6500 Series switches to provide 1-Gbps and 10-Gbps edge routing connections to the National LambdaRail network, which is used by research institutions around the world for sharing bandwidth-intensive research data, such as that generated in physics research.

RESNET's distribution layer is comprised of Cisco Catalyst 3550 switches. From one to three switches are deployed in each residence hall, depending on the number of students housed. The Cisco Catalyst 3550 Switch is a stackable, multilayer switch for campuswide access. UCSB can deploy industry-leading intelligent services, such as advanced QoS features, rate limiting, and high-performance IP routing, while maintaining the simplicity of traditional LAN switching.

Cisco Catalyst 2950 Series switches provide edge aggregation for Layer 3 activity and are connected to the Catalyst 3550 switches with one-gigabit Ethernet links. The Cisco Catalyst 2950 Series Switch is a fixed-configuration, stackable standalone switch that delivers wire-speed Gigabit Ethernet connectivity and can support data, voice, and video services. The Catalyst 2950 switches are deployed differently in each residence hall, depending on the building configuration. In some cases, one switch per wing is deployed; in others, one switch per floor.

"Our network is certainly capable of handling quite a bit," says Gulje. "However, while each user has a 100-Mbps full-duplex port available, if a dedicated denial-of-service (DDoS) attack occurred, it could quickly disable RESNET. We rate-limit every end-user port to 10 Mbps full duplex to mitigate that possibility." Another challenge is peer-to-peer application traffic, which is increasingly commanding bandwidth at the expense of other applications. The University does not forbid users from running these kinds of applications, but Gulje limits the bandwidth available to it to 128 kbps per connection.

In 2003, Gulje deployed a wireless LAN to provide wireless access for residence hall students. Comprised of 30 Cisco Aironet® 1200 Series wireless access points, the wireless network is powered using the Catalyst 6506 Switch's Power over Ethernet (PoE) capability.

Gulje uses CiscoWorks LAN Management Solution (LMS), a suite of powerful management tools, for simplifying switch configuration, administration, monitoring, and troubleshooting. Using CiscoWorks LMS, he can quickly and easily shut down all ports on a switch or router if necessary. Cisco Clean Access software enables the network to automatically detect, isolate, and clean infected or vulnerable devices that attempt to access RESNET. The software also identifies whether networked devices such as laptops, personal digital assistants (PDAs), and even game consoles are compliant with UCSB's network security policies. It can then block noncompliant machines, a feature that is convenient for helping Gulje and the University reduce risk to the networks from potential Internet-based threats.

The "one port per pillow" goal has long been exceeded, according to Gulje. Today RESNET supports almost 7500 broadband connections, serves 5800 students, and accommodates devices ranging from desktop and laptop computers to Xboxes, PlayStations, and PDAs.

"Even as the network has grown, the ease of administration is unparalleled," says Gulje. "Standardizing on one vendor and a minimal number of platforms makes network management so much easier." Gulje says the quality of service he is able to deliver to students has also improved. By streamlining all Layer 3 activity and switching over one-gigabit links, he eliminates multiple hand-offs in the network, improving access performance and bandwidth utilization.

The network has also provided Gulje with options for dealing with the growing problem of peer-to-peer traffic. Approximately 85 percent of the UCSB residence hall traffic can be attributed to peer-to-peer file sharing, games, and Web browsing. The remaining 15 percent is Instant Messaging, e-mail, File Transfer protocol (FTP), Internet Relay Chat (IRC), and occasionally, voice-over-IP (VoIP) traffic. Because he can now limit available bandwidth and identify devices and users that do not comply with system management policy or the U.S. Digital Millennium Copyright Act, Gulje is also able to limit the University's liability for users who break the law. In 2003, the University received almost 300 complaints from music and movie production studios and industry organizations, and UCSB's experience is not unusual, as many colleges and universities struggle with the same problem. However, with Cisco Clean Access and other built-in security features, Gulje can identify the user and the University terminates his or her Internet connection for 30 days. In 2005, the number of complaints dropped to approximately 30.

Overall user satisfaction is high - and Gulje has proof. In an annual survey of students that seeks feedback on the quality of residence hall life, Gulje included questions about network services. On a scale of one to five, with five being the best, over 3000 students across all of the residence halls rated network services at least a four.

Gulje plans to expand the UCSB residence hall wireless deployment, increasing the number of access points from 30 to 90. Thanks to the scalable Cisco Catalyst 6506 switches, he can power these new access points from the same chassis - increasing the University's return on investment.

In the 2005-2006 school year, students' computing devices will be required to meet a certain minimum level of security. Using Cisco Clean Access, the network will identify infected traffic, tag it, and install a "no route" for that particular IP address. The affected student can type a URL in a Web browser and check to see if he or she is in fact "no routed" or if there is another problem. If they're "no routed," students must bring their computers to a campus service center to be cleaned up and made compliant.

Gulje says he can judge how well the network is functioning by asking himself, "How busy is my staff? Do they constantly have to monitor things? Are they being called late at night? Are there weekend crises that bring people back to the office? Are administrators or residential students unhappy?" With the new Cisco solutions deployed over the past two years, managing such a diverse network has never been easier.

To learn more about Cisco switching solutions, visit: http://www.cisco.com/go/switching.

To learn more about Cisco routing solutions, visit: http://www.cisco.com/go/routing.

To learn more about Cisco wireless solutions, visit: http://www.cisco.com/go/wireless.

To learn more about Cisco security solutions, visit: http://www.cisco.com/go/security.

To learn more about the University of California at Santa Barbara, visit: http://www.ucsb.edu.