OIT Networking & Monitoring Services

Princeton University Network Architecture


The University's data network is composed of three components: the physical network, the logical network, and the network services.

Physical Network

The Campus Data Network (CDN) includes internal building wiring, building electronics, fiber optic cabling, and network core electronics. The design of the campus network is an Ethernet collapsed backbone, with the network core located at 87 Prospect Avenue. Fiber optic trunk cables extend from 87 Prospect to eleven fiber hub sites on the main campus. Fiber optic cables connect campus buildings to a nearby fiber hub site. About one square mile in size, the main campus contains approximately 130 academic and administrative buildings and 50 dormitories. Leased commercial fiber connects the network core to the Forrestal campus and to several other remote University buildings. DSL running over leased commercial phone lines provides very low-bandwidth connections from the network core to several remote locations. The Network Atlas includes a record of the physical wiring and electronics, including each building's internal data wiring and the fiber plant.

The network within a typical building has Ethernet wallbox ports connected via copper to Ethernet switches located in nearby wiring closets. The Ethernet switches in these wiring closets connect via fiber to an Ethernet aggregation switch elsewhere in the building. The building's Ethernet aggregation switch connects via buried fiber to the network core at 87 Prospect; this fiber connection passes through a fiber hub site. At the network core, fiber from each building is connected to a set of high-speed Ethernet switch/routers. These core switch/routers are connected in a mesh, and act as a collapsed Ethernet backbone. This network core is attached to the Internet.

Each OIT Data Center (the HPCRC, New South, and Lewis Science Library) has its own CDN Ethernet switch to support the servers located at that data center. Each data center's CDN Ethernet switch connects back to the network core.

The University's wireless network is available inside buildings throughout the main campus, and in select University buildings off the main campus. Wireless access points within each building provide service to wireless clients; these access points uplink to Ethernet in the building.

The Princeton Private Network (PPN) is an independent parallel physical network supporting specialized devices that require wired connectivity to each other but not to the Campus Data Network (CDN) or the Internet. Such devices include proximity card readers, point of sale terminals, security cameras, and light sensors, for example. Like the Campus Data Network, this network's core is at 87 Prospect Avenue, and a PPN Ethernet switch at each data center support servers located at that data center. The Princeton Private Network shares no active (powered) components with the Campus Data Network, shares no copper links with the Campus Data Network, and only shares fiber links (between inactive components) when the data is kept separate using wave-division multiplexing.

Logical Network

The logical network defines how network data moves over the physical network infrastructure.

The wired networks within several buildings are connected logically via the core Ethernet switches to form a single virtual LAN (VLAN). A VLAN is also dedicated to each of our wireless services.

The University is allocated approximately 130,000 globally routable IPv4 addresses. These are organized into subnets of varying sizes. Each VLAN is assigned its own IP subnet.

The core switch/routers switch traffic within each VLAN, and route IPv4 traffic among the subnets. One core router is our Internet gateway, routing traffic to the Internet.

All devices attached to the Campus Data Network (CDN) or Princeton Private Network (PPN) must be registered in the University's Host Database. (This does not apply to devices using our visitor wireless service, or devices using our visitor wired service in a University guesthouse.) The Host Database allocates IP addresses as needed and records the persons responsible for each device. Information in the Host Database is used to build the data files for OIT Domain Name Service (DNS), OIT DHCP Service, OIT BootP Service, and RADIUS Service (used for admission control to some of the wireless networks). The Host Database is also used as necessary to block service to devices that disrupt or degrade network service, or pose a legal risk to the University.

Network Services

The University has two Internet Service Providers (ISPs) to provide a measure of redundancy. These provide access to the commercial Internet. We have one Internet 2 Service Provider, which can provide faster connectivity to those sites also attached to Internet 2. We have a connection to ESNET (Energy Sciences Network); access is limited to a small set of devices used by researchers. We have an Amazon Direct Connection; this provides connectivity to to destinations in the public AWS cloud within North America regions via a more direct path than our commercial Internet and/or Internet2 providers.

Network services include: OIT Domain Name Service (DNS), which translates between names and IP addresses; OIT DHCP Service and OIT BootP Service, which provides network configuration information to devices on many networks; RADIUS, which performs admission control to the wireless networks; and OIT Network Time Protocol (NTP), which allows devices on many networks to synchronize their clocks.

OIT Static IP Service is available to registered devices attached via OIT Ethernet Service; it provides an unchanging IP address and DNS name (via DHCP, BootP, or manual device configuration) to a device. OIT Mobile IP Service loans a temporary IP address and DNS name (via DHCP) to those devices roaming away from their home subnets, those using OIT Wireless Service, and those needing no static IP address.

OIT Wireless Service provides service to registered wireless devices. Temporary Visitor Wireless Network Access (TVWNA) provides service for visitors' wireless devices. Visitor IP (VIP) Service provides a temporary IP address and DNS name (via DHCP) to unregistered devices attached via Ethernet in a University guesthouse. Temporary Unregistered Dormnet (TUD) IP Address Service provides a week of on-campus access to unregistered devices attached via Ethernet in dormitories and apartments; it is intended to allow students to register their new devices more easily. All of these services leverage OIT DHCP Service.

The Static IP Recycling Facility (SIRF) reclaims those OIT Static IP Addresses that have been unused for a year; this conserves the University's finite supply of IPv4 addresses.

OIT Virtual Private Network (VPN) Services permits off-campus Internet-attached to obtain a temporary presence (IP address and DNS hostname) on the campus network. This is most-used to obtain access to resources restricted to campus IP addresses or campus DNS hostnames. A University netid and password is required to obtain OIT VPN Services.

Detailed information about the network is available at the Networking & Monitoring Services web site. Monitoring of the campus network infrastructure and of network utilization is also available at that site.

A service of OIT Networking & Monitoring Services
The Office of Information Technology,
Princeton University
Last Updated: May 9 2017