GENI CIO Workshop STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES

GENI CIO Workshop STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Current State Open. Flow Core • 6 40/10 Gb Core switches deployed • 4 Building switches connected • Working with IT groups to integrate HPC clusters Submitted NSF proposal (Campus Cyberinfrastructure) STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Motivation and Benefits Flexibility • Change the network topology or data path at will • Apply policies anywhere in the network Simplicity • Decrease the number of devices and appliances • Common policy store for many devices • One management interface Ease of Troubleshooting (user problems) • Easier to track devices, users, and applications STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Motivation and Benefits Innovation • • • Continue improving the user experience Deliver new services and do it faster Specialized services Financial • • Decrease cost of maintaining the network Larger vendor selection Cheaper commodity hardware Reduced support costs STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Use Case – Call Recording Call recording services required by: • • Life-Flight Stanford Hospital and Clinics Lucile Packard Children’s Hospital Operator Services Vo. IP Calls recorded by replicating entire VLANs Limited number of replication sessions available All traffic is replicated, not just calls of interest Too much complexity in network switch configurations, filters, topology STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Use Case – Call Recording • Selectively send calls to the recorder • Only interesting traffic sent to recorders • Greatly reduces complexity of the network STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Use Case – ISO Traffic Monitoring Information Security Office needs to be able to monitor all inbound and outbound campus traffic. • Taps in different locations across campus • Need multiple switches to feed multiple collection servers STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Use Case – ISO Traffic Monitoring • More granularity when slicing and dicing traffic • Pick and choose traffic to send to servers • Greater flexibility in organizing what type of traffic goes to which collection server STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Use Case – Stanford Network Self Registration Any new device on the Stanford network must be registered with the central Net. DB application • Security through obscurity • Policy routing adds complexity • Bottle-neck STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Use Case – Stanford Network Self Registration • Force unregistered users to the captive portal at the switches closest to the users • Registration and guest network services load distributed across multiple edge switches • Simplification of network topology • Policy routing no longer needed STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2

Deployment Strategy • Build Open. Flow network in parallel to production network, limiting any potential impact on production traffic • Focus on quick wins where we can simplify, innovate and automate • Focus on opportunities where end to end Open. Flow network is not needed to realize benefits • Gain experience STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES C o m m u n i c a t i o n S e r v i c e s • July 12, 2 0 1 2