CNaaS

Campus Network as a Service

​

per@sunet.se

Our Goal

“Share campus network operations by standardizing network architecture, tools and processes.”

Some of the challenges at the Campuses today

• Staffing
• Aging
• Retention
• Recruitment
• Jack of all trades symptom
• Very few; sick leave; parental leave; vacation…
• Lock in by vendors with really poor support
• Budget

​

​

...and at the same time the network hasn’t been more important than it is right now

​

This is a collaborative service

One of the important goals is to increase the competence level of the staff at the universities:

• Establishing a trainee program within Sunet
• Having the staff at different universities working together on reference architecture as well as solving incidents
• Regular training of the university staff participating
• The service inherently needs the local staff to work

​

Organisation

NOC

DEVOPS

Engineering

HELPDESK

1^st Line

End user support

Simple mgmt

2^nd Line

Monitoring

Documentation

Incident/Problem Mgmt

Configuration Mgmt

Escalation/(Vendor mgt)

​

​

3rd Line

Design

Development

Configuration Mgmt

Escalation/(Vendor mgt)

​

Hands and Feet

Suppliers

Contracts

University

Sunet

Reference Network Architecture SUNET CNaaS

Some networking trends

1. Less local compute, more cloud service and remote access
1. The traffic volume on the Internet has been and is moving to the SPs =>
2. Volume of equipment sold is moving from ISPs to SPs
2. Automation has been built in the large SP Data Centers from day one (more devops than networking skills)

=> Build your network topology with components used by the SPs to leverage both the way of automating but also keeping the cost down

​

Reference Network Architecture SUNET CNaaS

Utilizing best practise leaf-spine architecture

Built for fault tolerance �and expansion

Redundant design on all levels except access ports

Repeatable

​

Reference Network Architecture SUNET CNaaS

Layer 2 connectivity should be possible between any two ports in the network.

IP over layer 2 can be terminated in core using several, separate routing policies (VRF).

Layer 2 connectivity over core is implemented using overlay techniques (VXLAN or MPLS).

“Science DMZ by default” - Traffic can, when necessary, terminate in a firewall “on a stick”.

Reference Network Architecture SUNET CNaaS

Software upgrade in the redundant core and distribution layers can be done during office hours, when people are available

Access switches are upgraded outside office hours.

Standard components used and spares kept locally or in each region.

All components should be replaceable - migrating from vendor X to vendor Y “should” work

Procurement of equipment

Sourcing of networking equipment that is compliant with the �Reference network architecture

We are doing this as a competitive dialogue, evaluations and talks with bidders currently ongoing, the plan is to sign the contracts in Q1

​

​

Reference Architecture SUNET CNaaS

​

Reference Mgmt Architecture SUNET CNaaS

• Orchestrate 100%, automate 80%
• Zero-touch boot env => orchestratable state
• Orchestration based on event-driven model
• salt or equivalent
• chatops integration… (slack-based “cli”)
• Client authorization via radius
• 802.1x
• MAB with capture portal
• “IoT” in a file
• Template-driven device config
• multiple inheritance and segmentation of templates
• Separate service provisioning from device provisioning
• Important to define who owns what in the config
• Multiple monitoring and auditing options
• nav, rancid, nagios, elastic for log

Project steering of Sunet CNaaS

Steering committee consists of:�Primarily CIOs and IT-directors from universities and university colleges.

Work is communicated from the directors/CIOs themself among their peers.�Crucial to make this with common goals and not a “top managed service”

​

�

Initial production

During 2019:

Initial production at 2-3 campuses (one greenfield, 2 brownfield). We believe we can achieve full time coverage with 1 FTE or less on each physical campus.

This also fixes the competency gap, sick days, vacations etc… as stated previously.

The road forward - Collaboration!

​

• Uninett
• Nav
• Architecture
• UMich
• Architecture
• GN4-3 WP6
• To be discussed