Simon Lane, Network Architect, University of Southampton Friday 18 November 2022, 15:30-16:30

2. Network Refresh
Simon Lane, Network Architect
18 November 2022

3. 3
Welcome to the network refresh
• 1985 – X.25, RS232, Token Ring, mainframes
• 1989 – Chipcom, Retix, 10Mbps, repeaters, bridges, pinkbook
• 1996 – Chipcom, 3Com, 100Mbps, switches, FDDI, ATM, IP, IPX, AppleTalk
• 2003 – Extreme, 1Gbps, 10Gbps
• 2012 – Cisco, n*10Gbps, WiFi, virtualisation, IPv6
• 2022 – Another refresh already?

4. 4
Goals of last network refresh
• Academic Campuses (20122017)
– Core/Distribution capacity, availability, resilience, EoL
– Edge capacity, PoE, resilience, EoL
– Wireless pervasive, eduroam, visitors, EoL
– Fibre flexibility, scalability, diversity, EoL
– Wide Area Links capacity, dual links to priority sites
– Hub rooms racks, power, cabling as required
• Halls of Residence (20122015)
– Distribution / Edge capacity, EoL
– Wireless in-room coverage
• New Primary DataCentre (2012-2013)

5. 5
How we did in last refresh (1)
• Core Network
–  Core replacement “familiar ground”
–  Minimal previous Cisco experience
–  Integrator professional services forthcoming and extensive
–  Cisco Nexus 7K, very robust, very resilient
–  Mainly 2-tier network design overloaded core MAC tables
•  User impact relatively low
•  Replaced line cards in core chassis before proceeding
•  Insufficient TCAM for significant IPv6 rollout
–  Dual connected edge 2*10Gbps in most cases
–  Capacity and availability expectations met

6. 6
How we did in last refresh (2)
• Edge Network
–  Edge replacement “familiar ground”
–  No service change for users so deployment mostly just a scheduling and resource issue
–  Integrator professional services forthcoming and extensive
–  Capacity and availability expectations met
–  Racking and patching professionally completed using cabling specialists
–  Some edge switches were not EoL so out-of-scope and still in service today
–  750 new Cisco 2960S and 3750X switches deployed, 1G ports

7. 7
How we did in last refresh (3)
• WAN links
–  Asbestos, wayleaves, trees, roads, H&S, CDM, legal
–  Quoted lead times mean nothing
–  Communication required between multiple parties
–  Circuit notice periods, new/old overlap, termination charges
–  Using a specialist integrator eases some of the pain
–  18 new links installed

8. 8
How we did in last refresh (4)
• Fibre Network
–  Flexible blown fibre solution on 3 campuses, singlemode
–  Dual connected edge, diverse feeds and entry points, 10Gbps
–  Main routes planned to avoid future building plots
–  Project managed by Estates department
–  1 site still waiting external ducting and cable across road
–  Large NHS site still not gone to procurement
• Edge locations in University and NHS owned buildings
• Trust to manage the installation
• Development agreement required

9. 9
How we did in last refresh (5)
• Wireless Network
– In first half of project
•  Not “familiar ground”. Previously, hotspots in LT’s, seminar rooms, library, foyers
•  No quality-based standard for wireless deployment
•  Under-estimated #APs needed and consequently budget
•  In Halls, corridor deployment left many coverage holes
•  Pre- and post-install surveys were inadequate or not done
•  User expectations soared
•  No independent oversight of network integrator
–  1,600 new Cisco 3602 and 3702 APs were deployed

10. 10
How we did in last refresh (6)
• Wireless Network
– In second half of project
•  Dedicated project managers deployed
•  Create technical specification for wireless deployment
•  Re-survey previous deployments
•  Prioritise deployment for Student experience on Campus
•  Pilot in-room AP model for new/refurbished Halls
•  Develop spot-fix in-room fix for Halls (Cisco 1815W)
•  500 more APs were deployed on Campus
•  700 in-room APs are now deployed (includes new Halls)

11. 11
How we did in last refresh (7)
• Things took a long time
–  Scale of change was greater than previous experience
–  Staff resource not well scoped into projects
–  Sub-projects stalled and were restarted with dedicated project management
–  Technology and expectations moved on
• But the positive outcomes
–  Capacity on the wired network has never been a problem
–  Service availability and reliability substantially increased
–  Impact of individual failures substantially reduced

12. 12
Lessons learned
• Networks are way more complicated than they used to be
• Networks are way more critical than they used to be
• Expectations change rapidly (especially wireless)
• Focus on the outcomes as much as the technical
• Focus on quality, set standards
• Obtain independent advice and review of contracted work
• Be aware of your own limitations
• Experienced project managers are worth their weight

13. 13
Where are we now?
•  Blown fiber network is accommodating new buildings
– Footprint changes are inconvenient, not a crisis
•  Edge and Wireless keeps expanding with new and refurbished buildings
– 1,500 switches, 4,000 APs
•  A lot of wired edge ports are unused
•  Wireless coverage still not pervasive
•  Most of the network switches/APs are EoL (again)
•  Tactical solutions to mitigate hardware failures
•  CyberSecurity and CE certification

14. 14
New refresh Project - Themes for 10-year plan (from 2019)
Theme Intent
Lifecycle Plan for a sustainable cycle of replacement considering capacity requirement and technological evolution.
Automation Deliver a high level of management automation driven by the operational processes needed to support the other themes.
Quality of Experience Customise the user experience; verify the experience in real time; automatically generate both immediate and longer-term
feedback actions.
Intelligent Campus Deliver the data network needed to support the Intelligent Campus and Smart Building initiatives anticipated under the 10-
year building plan.
Architecture Identify, quantify and document the target architecture for the network; ensure modularity and repeatability; and evolve to
deliver the other themes.
Mobility & Wireless Evolve the wireless networks into reliable media to challenge traditional copper at the edge; consider the latest
technologies including 5G.
Enterprise Security Apply best practice and dynamic security controls to the enterprise networks, both internally and at the borders.
DataCentre Security Apply best practice and dynamic security controls to the Datacentre networks, taking into account agile server-based
technologies.
Cloud Connectors Deliver connectivity services to connect securely to the rapidly developing multi-cloud space, whether hosted, private,
hybrid or public cloud.
IPv6 IPv6 connectivity options delivered to all devices on the network; most client devices and all control plane interfaces
become IPv6 only.
Innovation Model Invest in ongoing communication models to fully expose client requirements and technological opportunities.

15. 15
Initiating a new Refresh Project (1)
• Project pre-concept to boards in Nov 2019
– end-of-life consequences
– schedule of dates and very rough cost of new equivalent devices
• Soft Market Test in Dec 2020, 17 responses
– Outlined a potential scope, asked for views on delivering the scope
• Skillsets and products required
• Contract form and number of contracts required. Typical budget required.
• Funding models and protecting against “boom and bust” cycle of technology change
• Availability and suitability of managed services
• Tender format – output specification or technology specification
• Cyber Requirements

16. 16
Initiating a new Refresh Project (2)
• Appointed project manager 2021
• Business Case for Phase I (Discovery Phase) approved end 2021
– “A comprehensive and quality engagement with all areas of the University to record requirements
with impacts on network-based architecture over the expected life of the overall project.”
– “An approved set of technical and business requirements for the full Tender process.”
– “A robust engagement with Procurement to deliver a compliant Tender process with quality
outcome-based network solutions.”
– “A final Business Case for the Delivery phase of the project.”
• Soft Market Test demonstrated need for consultants in this phase

17. 17
Documented outcomes of discovery phase
• Current state assessment including SWOT
– Notably weak on wireless and threats from end-of-life consequences
– Opportunities for better asset management, IoT support, CyberSecurity, IPv6, network
management
• Requirements collection after consultation with 57 stakeholders
– Many opportunities ranked for consideration within the project
• Options analysis and Strategy
– A set of principles and recommendations
– Review of procurement options
– Budget
• Operating Model

18. 18
Headlines
• WiFi first choice for students, staff and visitors – internal and external
• CyberSecurity – segmentation, user and device access, principle of least privilege
• IoT – device proliferation, security, smart buildings
• Research – capacity (25/100G) and security compliance
• Enhanced operations – visibility, telemetry, event correlation, cloud hosted
• Automation and self-service – cyber response and secure environments
• Support sustainability strategy
• Move from periodic to continuous refresh – operational budgets

19. 19
What’s next?
• Business Case for Phase II
– Selection of the procurement vehicle
– ITT specification preparation
– Tender evaluation
– Tender award towards end 2023
• Business Case for Phase III
– Refining Budget
– Design, Deployment
– Operational model
– Completion 2027/8
• Set up rolling refresh

20. YOUR QUESTIONS