Enterprise Architecture and InfrastructureProgress Report for Committee on Technology and ArchitectureMarch 2012

Mark DayDept. of Radiology & Biomedical ImagingTu LuuDell Healthcare Consulting

March 20, 2012

2

2012 Priority Projects

• MPLS / UCSF “One Network”• DNS / DHCP• Enterprise backups - Crash Plan pilot to be

presented at a future meeting

SECTION HEADING

Brief Acronym Glossary

• MPLS – Multiprotocol label switching – the underlying technology used to label and segregate logical networks on shared physical equipment

• VRF – Virtual Routing and Forwarding – the separate network instances

• PE – Provider Edge (PE router)• CE – Customer Edge (CE router)• QoS – Quality of Service – tagging of network

traffic to allow different classes to be treated according to different business rules

3

MPLS - Goals

• Highly redundant enterprise MPLS core shared between Campus and Medical Center

• Capability to provision multiple segregated networks on shared equipment.

• Communication between segregated networks enforced by security policy

• End-to-End QoS• Unified support for Multicast• Ability to provision layer two between any two

points on the network (borderless data center)

4

MPLS Benefits• Simplified and consolidated routing and security

infrastructure with ability to delegate separate control

• Leverage MAN upgrade projects from both Campus and Medical center

• Ability to logically group devices of similar use regardless of physical location

• Reduce operational expenses through shared infrastructure and simplified management

• High availability and capability to achieve sub-second convergence in the core

• Ability to meet Medical Center’s need for resiliency, and campus research community’s need for speed

5

6

Separate Distribution and Access Infrastructure

7

Shared Distribution But Separate Access

8

Shared Distribution and Access

9

Security Layer at Inter-VRF Routing

Project Status• Meetings held regularly between MCIT and ITS

network staff, vendors, and interested observers • Medical Center proposal is to use

heterogeneous Cisco ASR 9000 class routers for all PE Devices

• Campus would like to re-use Cisco Catalyst 6500 class routers due to budgetary constraints

• Cisco’s recommendation is to build MPLS core with ASR equipment, but also state 6500 product line has necessary features

10

Equipment Comparison• Case for ASR 9000 everywhere

– Equipment designed for aggregation services

– IOS XR software streamlines common service provider operations compared to IOS

– Single software version and configuration to be used everywhere

– Higher throughput – support 100 Gbps ports

• Case for Catalyst 6500– Upgrades necessary for MPLS project modest

compared to replacement of routers

– Configuration is different, but not expected to change much in core

– Equipment is from same vendor and contains necessary feature set

– Additional speed of ASR not immediately needed11

Immediate Next Steps• Cisco to re-evaluate design and present options

for re-purposing 6500s• Better define requirements to help in evaluation

of 6500 vs. ASR 9000 for PE routers at some locations

• Medical Center and Campus to explore ‘creative’ options to make homogeneous ASR 9000 design more affordable

– Repurpose Catalyst 6500s in MC?

– OE funding available for a consolidated network?

– Additional pricing relief from Cisco?

• Evaluate best way to use 6500s in design– As a PE router

– Only as CE routers (fewer PEs?)

12

Future Items• Flesh out PE/CE design• Define details of security model• Agree on connection of MPLS core to internet• Agree on schedule• Decide on shared distribution / shared access

layers• Governance aspect – threshold for defining

additional VRFs• Define shared management responsibilities and

structure• …

13

15

MPLS Network