The Gathering has almost come to an end and it’s about time we posted some details about our network design.
Our network is designed in the traditional three-layered hierarchical model with the core, distribution and access layer where L3 is terminated at our distribution.
The core L3 switches consists of 2x Juniper QFX5100 in a virtual chassis, which is Junipers stacking technology. In addition to provide our distribution with uplinks, the core switch also connects our 80Gig backbone ring with our stand and border router.
Between our border router the internet we have an inline Juniper SRX5800 which is capable of pushing 2Tbps worth of firewall throughput(!). This is where we terminate our BGP peering with Telenor and do route redistribution to OSPF, making the SRX our OSPF ASBR.
The L3 distribution switches consists of 3x Juniper EX3300 in a virtual chassis per distribution. It connects to the core using 2x 10Gbps singel-mode transceivers patched into our MPO cassettes pulled from the ceiling. The distro redistributes its connected routes into the OSPF area and advertises it to the core.
The L2 access switches consists of 144+ Juniper EX2200 with a 3x 1Gbps connection to our distribution. To protect our network at the edge, we run a series of security features collectively called first-hop security. This takes care of a lot of potential issues such as loops, spoofing and ARP-poisoning.
One of the design choices this year was to turn our backbone ring, which traverses the entire arena, into a virtual chassis instead of separate routers. This effectively means that it becomes a distribution switch for our crew network. This makes it easy for us to provision edge/access switches to our sponsors and crew areas. As a result we have for the first time ever provisioned our entire access network. Not a single access switch has been configured manually this year!
TL;DR – 40Gbps…
At TG16 we suffered several DDoS attacks towards our network and even our website (gathering.org). In order to be able to handle a potential DDoS attack this year we decided to upgrade our internet capacity from 40Gbps to 40Gbps + 10Gbps, where the newly added 10Gbps-link would be reserved for our production environment. Instead of dedicating a single physical interface, we decided to include the interface in our aggregated interface and rate-limit our participants network to 40Gbps. This way we keep our production network alive when our participants network gets lit up.
All your base are belong to us!
We will have a slightly higher access point density this year compared to TG16. While it might make sense on paper to introduce more APs we seem to forget how much work it actually is to prepare them in such large quantities…
Earlier today we unboxed 276(!) base stations/access points and prepared them for for their journey to Vikingskipet, Hamar.
A big thank you to Avantis for lending us their facilities!
The beacons are lit!
We are happy to report that the internet connection for TG17 is up and running.
Tech:Net decided to take the “pre-TG” preparations one step further this year by building our backbone network and installing our DHCP/DNS servers a week before schedule! This gives us the opportunity to tweak and polish all the nuts and bolts of our most critical infrastructure without being on site.
What does this mean for us? It means that we’re able to deploy and provision our edge switches from day 1 without waiting for internet access or the DHCP/DNS-servers to be installed on the first day.
Stay tuned – we will post details about our network design later on..
To help you get started on your lab environment, we built the IPv4 topology implemented at The Gathering in GNS3 for you to play with!
We did not include MPLS, VRFs and multicast in this lab configuration because it is not relevant to the CCNA objectives. The physical topology is already set up and cabled, so feel free to configure this on your own! We will upload our configs at http://ftp.gathering.org after TG13 if you want some reference.
These are the steps you need to follow in order to get this up and running on windows:
Download GNS3 from sourceforge
- After the installation is complete, get a hold of the Cisco images. In this project, the following images were used:
- c7200-advipservicesk9-mz.124-15.T10.image (ISP)
- c3725-adventerprisek9-mz.124-15.T14.image (everything else)
Unfortunately we cannot provide these images on our website due to licensing issues.
Download the GNS3 project from our FTP server, extract it and place it on your C:\ drive
Place the Cisco IOS images in C:\GNS3\IOS\
Start GNS3 and make sure that you idle PC values are set. You do this by right-clicking the router after it has been powered on, and then click “idle pc”. This will make GNS3 calculate the values for you. Read more about how to do this on [http://www.gns3.net/gns3-simplest-topology/
- Click file->open and select “C:\GNS3\The Gathering 2013\topology.net”
This should get you up and running. Have fun – and don’t be afraid to ask questions!
The :Net crew have received a lot of questions regarding certifications over the past few years, so we have decided to create a dedicated category to help you on your way to become certified!
The CCNA is a great first step into the world of networking. When it comes to certifications within networking, a Cisco cert is no doubt the better choice. Not only does it teach you how to configure Cisco equipment, but it also give you a solid understanding on how networks work!
You can achieve the CCNA certification by choosing one of two ways:
- Take the ICND1 (CCENT) and ICND2 exam
- Take the CCNA exam
To learn more about the CCNA, we encourage you to create an account on Ciscos learning network. This site is packed with useful information to help you on your way to become Cisco Certified. https://learningnetwork.cisco.com/community/certifications/ccna
If there is anything you would like to know more about, or any particular subject you would like us to discuss, post your questions in the comment field and it may be the topic for our next post!