OIT Network Systems

Princeton University Network Architecture

Introduction

The University's data network is composed of three components: the physical network, the logical network, and the network services.

Physical Network

The Campus Data Network (CDN) includes internal building wiring, building electronics, fiber optic cabling, and network core electronics. The design of the campus network is an Ethernet collapsed backbone, with the network core located at 87 Prospect Avenue. Fiber optic trunk cables extend from 87 Prospect to eleven fiber hub sites on the main campus. Fiber optic cables connect campus buildings to a nearby fiber hub site. About one square mile in size, the main campus contains approximately 130 academic and administrative buildings and 50 dormitories. Leased commercial fiber connects the network core to the Forrestal campus and to several other remote University buildings. DSL running over leased commercial phone lines provides very low-bandwidth connections from the network core to several remote locations. The Network Atlas includes a record of the physical wiring and electronics, including each building's internal data wiring and the fiber plant.

The network within a typical building has Ethernet wallbox ports connected via copper to Ethernet switches located in nearby wiring closets. The Ethernet switches in these wiring closets connect via fiber to an Ethernet aggregation switch elsewhere in the building. The building's Ethernet aggregation switch connects via buried fiber to the network core at 87 Prospect; this fiber connection passes through a fiber hub site. At the network core, fiber from each building is connected to a set of high-speed Ethernet switch/routers. These core switch/routers are connected in a mesh, and act as a collapsed Ethernet backbone. This network core is attached to the Internet.

Each OIT Data Center (87 Prospect and New South) has its own CDN Ethernet switch to support the servers located at that data center. Each data center's CDN Ethernet switch connects back to the network core.

The University's wireless network is available inside buildings throughout the main campus, and in select University buildings off the main campus. Wireless access points within each building provide service to wireless clients; these access points uplink to Ethernet in the building.

The Princeton Private Network (PPN) is an independent parallel physical network supporting specialized devices that require wired connectivity to each other but not to the Campus Data Network (CDN) or the Internet. Such devices include proximity card readers, point of sale terminals, security cameras, and light sensors, for example. Like the Campus Data Network, this network's core is at 87 Prospect Avenue, and a PPN Ethernet switch at each data center support servers located at that data center. With few exceptions, the Princeton Private Network uses Ethernet switches and fiber cabling separate from the Campus Data Network.

Logical Network

The logical network defines how network data moves over the physical network infrastructure.

The wired networks within several buildings are connected logically via the core Ethernet switches to form a single virtual LAN (VLAN). A VLAN is also dedicated to each of our wireless services.

The University is allocated approximately 130,000 globally routable IPv4 addresses. These are organized into subnets of varying sizes. Each VLAN is assigned its own IP subnet.

The core switch/routers switch traffic within each VLAN, and route IPv4 traffic among the subnets. One core router is our Internet gateway, routing traffic to the Internet.

Native IPv6 is available within the campus and via Internet2 for support of specific campus research initiatives. Campus support for IPv6 functionality is limited to the needs of the specific research projects and the protocol should be considered experimental at this time.

All devices attached to the Campus Data Network (CDN) or Princeton Private Network (PPN) must be registered in the University's Host Database. (This does not apply to devices using our visitor wireless service, or devices using our visitor wired service in a University guesthouse.) The Host Database allocates IP addresses as needed and records the persons responsible for each device. Information in the Host Database is used to build the data files for Domain Name Service (DNS), DHCP/BootP Services, and RADIUS Service (used for admission control to the wireless networks). The Host Database is also used as necessary to block service to devices that disrupt or degrade network service, or pose a legal risk to the University.

Network Services

The University has two Internet Service Providers (ISPs) to provide a measure of redundancy. These provide access to the commercial Internet. We have one Internet 2 Service Provider, which can provide faster connectivity to those sites also attached to Internet 2. We have a connection to ESNET (Energy Sciences Network); access is limited to a small set of devices used by researchers.

Network services include: Domain Name Service (DNS), which translates between names and IP addresses; DHCP and BootP Services, which provides network configuration information to devices; RADIUS, which performs admission control to the wireless networks; and Network Time Protocol (NTP), which allows devices to synchronize their clocks.

OIT Static IP Service is available to registered devices attached via OIT Ethernet Service; it provides an unchanging IP address and DNS name (via DHCP, BootP, or manual device configuration) to a device. OIT Mobile IP Service loans a temporary IP address and DNS name (via DHCP) to those devices roaming away from their home subnets, those using OIT Wireless Service, and those needing no static IP address.

OIT Wireless Service provides service to registered wireless devices. Temporary Visitor Wireless Network Access (TVWNA) provides service for up to seven days per calendar month to unregistered wireless devices; it is intended for use by short-term visitors. Visitor IP (VIP) Service provides a temporary IP address and DNS name (via DHCP) to unregistered devices attached via Ethernet in a University guesthouse. Temporary Unregistered Dormnet (TUD) IP Address Service provides a week of on-campus access to unregistered devices attached via Ethernet in dormitories and apartments; it is intended to allow students to register their new devices more easily. All of these services leverage OIT DHCP Service.

The Static IP Recycling Facility (SIRF) reclaims those OIT Static IP Addresses that have been unused for a year; this conserves the University's finite supply of IPv4 addresses.

OIT PPTP Virtual Private Network (VPN) Service permits off-campus Internet-attached to obtain a temporary presence (IP address and DNS hostname) on the campus network. This is most-used to obtain access to resources restricted to campus IP addresses or campus DNS hostnames. A University netid and password is required to obtain OIT PPTP VPN Service.

Detailed information about the network is available at the Network Systems web site. Monitoring of the campus network infrastructure and of network utilization is also available at that site.


A service of OIT Network Systems
The Office of Information Technology,
Princeton University
Last Updated: April 17 2014