Connecting the Tsukuba campus and Tokyo campus with a layer 2 VPN
The Academic Computing & Communications Center (ACCC) at the University of Tsukuba has used a SINET3 network to establish a layer 2 (L2) VPN connection between the Tsukuba campus and the Tokyo campus. To find out about this link’s purpose and benefits, we spoke to Akira Sato of the ACCC research and development department.
(Interview date: April 9, 2010)
The ACCC comprises three departments.
What sort of work do they do?
Sato: First, the Distributed Information Systems R&D Department administers and operates the university’s computer resources and terminals. Specifically, its work includes developing unified specifications for servers in each faculty apart from the IT faculties, and constructing a thin client environment where students can access their own environments from any terminal in the university. The e-Learning and Media R&D Department supports the preparation of educational content for use in the university, and is also responsible for video delivery, the creation of multimedia content, and so on. I work in the Network R&D Department, where we take care of the operational management and security of the university’s backbone network while researching the latest network and security technologies.
It seems that networks have recently been playing a much more important role in the running of the university.
Sato: Yes, that’s true. Modern networks provide crucial lifelines, so it’s really important to keep them running smoothly. At the Network R&D Department, we are working to ensure the reliability of our network on various different layers. At the same time, it is also important to give due consideration to the security and convenience of the network. Although it’s essential to maintain the safety and security of the network, we also need to provide the university with an infrastructure that students can access freely from anywhere and at any time. For this reason, we are also working on the construction of a wireless LAN environment.
In the fall of 2009, the Tsukuba and Tokyo campuses were connected by a SINET3 layer 2 VPN service.
What motivated this development?
Sato: The campuses at Tsukuba and at Otsuka in Tokyo already had their own individual connections to SINET, with firewalls and other modules individually installed at each location. As a result, to enable traffic to flow between Tsukuba and Tokyo, we had to individually configure the firewalls at each location. There were also security concerns due to the fact that traffic was routed via the Internet between the two locations.
We had wanted to remedy this situation for some time, but then the decision was made to introduce a SINET3 node at the new Akihabara campus. That’s when our attention was drawn to the SINET3 layer 2 VPN service. If we could connect both campuses with a VPN, then we would be able to place the network at the Tokyo campus under the control of the firewall installed at Tsukuba. There were major benefits to operating the entire university network with a single integrated firewall, so that’s why we decided to go ahead with this network modification.
What sort of effect did the introduction of the L2 VPN service have?
Sato: I was very pleased that we were finally able to perform integrated network management. This was something that we had wanted to do for a long time. Previously, we had had to spend a great deal on the administration of each separate network, so we also benefited from the improved efficiency. All the traffic of the Tokyo campus is now routed via Tsukuba, but this hasn’t caused any particular problems.
Were you impressed by the capabilities of SINET?
Sato: It helped us in terms of reduced costs and ease of consultation, and I think it also made the technical aspects of our network configuration easier to understand. For example, with an ordinary communications carrier, you only get to see the communications interface from the outside, and users have no knowledge of the networks’ internal workings. Since SINET lets you access this technical information, it provides a very strong sense of security. In particular, since the University of Tsukuba is a nodal school, it’s possible to see how the network is implemented by looking at the equipment.
How would you rate it in terms of quality and reliability?
Sato: We’ve had no problems whatsoever. The network response times are all fine, including accesses from the Tokyo campus. Recently, the amount of data flowing through the network has grown rapidly, but I’m happy to say that the network is handling it without difficulty.
I understand that major changes were also made to the university’s backbone network.
Can you describe these?
Sato: In the new campus information network system which went into operation in September 2007, the configuration of the backbone network was completely revised. Previously, we employed a three-layer configuration comprising a core layer, an aggregation layer and a distribution layer, but the new configuration only has two layers — a core layer and a distribution layer. Getting rid of the aggregation layer enabled us to reduce the amount of network equipment, resulting in lower equipment costs and lower maintenance costs. Also, when we want to create a closed network within the campus, we only need to make a minimal number of configuration settings because there are fewer paths to worry about.
When we were making these changes, one thing that really helped was the fact that the University of Tsukuba is well equipped with utility conduits that made it much easier to install the optical fibers. Of course, there were still costs associated with the fiber installation, but in terms of the long-term operating and administration costs, it was cheaper than installing expensive switches in the aggregation layer. I think we were able to implement a highly operational network environment at low cost.
Are you working on anything else, such as IPv6 compatibility?
Sato: So far, two organizations in the university that have applied for IPv6 connectivity, and we are currently preparing the way for full-scale IPv6 operations. We need to thoroughly consider the most effective way of introducing IPv6 into the university network in order to achieve the optimal balance of security and convenience. There are many other new technologies besides IPv6 that we will need to consider in the future, so I’ll do my best to keep up with the latest developments.
A big difference between the university network and a corporate network is that the students that use the network are also its customers. For the improvement of CS, it’s important to enable research and study activities to be carried out more comfortably over the network. In this sense, it will always be necessary to continue making efforts to produce a better, more resilient network environment.
In particular, since the University of Tsukuba used SINET and the Tsukuba WAN for external connections, we have great expectations for the future development of SINET. In particular, I hear SINET4 will be addressing many new challenges so I’ll be looking forward to using it.