AD-Campus Network

Background

With the development and application of cloud computing, big data, IoT, mobile Internet, and other new technologies, the informationization construction of colleges and universities is currently undergoing the transition from a digital campus to a smart campus. In the stage of the smart campus, a ubiquitous network environment needs to meet the basic requirements of a traditional campus network including sufficient bandwidth resources, full wired and wireless coverage, stability and reliability, convenient billing, and convenient O&M. Besides, it raises higher requirements on the campus network that widely serves teaching, management, and scientific research. It needs to make great progress on flexible network services, IoT management and control, and intelligent O&M.

Rigid traditional network: network permissions are fixed and network resources cannot be dynamically adjusted, so the network configuration must be manually adjusted for location changes of people and objects. All-purpose card, finance, educational administration, and other systems use their respective physical networks rather than a multi-purpose network. The logical isolation of the networks leads to poor security.

Difficult control of multiple dumb terminals: smart water meters, electricity meters, cameras, and other dumb terminals can only have access to the network by default, lacking security admission control or requiring inefficient manual control. Dumb terminals are vulnerable to attacks, easily counterfeited, and become zombie computers that cause the spread of viruses. These security problems result in unstable campus networks.

Complex O&M: Each device requires manual configuration. Simplifying the way through traditional switch networking, BRAS, or QinQ always results in complex O&M and difficult troubleshooting, which requires manual management and control on each device. In the past, the campus network failed to make timely responses to the complex demands including fault location and processing, network changes, and new services launching.

Solution overview

H3C Application-Driven Campus (AD-Campus) solution combines the mature and reliable VXLAN technology and the Software-Defined Networking (SDN) architecture to create a multi-functional and smart network with full-process optimization by bringing in the feedback system, network analysis, and AI guarantee model through the network. It lays a solid network foundation for building a smart campus. AD-Campus adopts an Overlay network that enables the decoupling of functions and locations in the network. Network policies can be deployed based on services and roles. The control plane is separated from the forwarding plane, so the forwarding plane requires no attention from users. They only need to define the network resources and rules in the controller that automatically drives the network, understands the service application, and controls the network. The intelligent analysis engine implements the collection, storage, analysis, and prediction of network data with big data and AI technologies.

SNA architecture

Solution highlights

Flexible network for service adjustment

Based on SDN and VXLAN technologies, users can easily customize virtual networks for service isolation with the physical network, including networks for office services, teaching works, and multi-purpose cards. This achieves complete decoupling of network functions and access locations so that teachers and students can have access to the network with the same IP address. The access rights of the network segment, authentication and billing policies can change in real time with the locations, solving network problems caused by the relocation and personnel changes of teachers and students, ensuring that new terminals in any location require no on-site operation, and reducing the workload of O&M personnel.

Logical network of Overlay

Smart IoT for reliable and secure access

Admission control is enabled for different service subnets. Smart water meters, electricity meters, cameras, and other dumb terminals can only have access to the network after approval. A reliable automatic sorting engine is used to actively identify information including the manufacturer, model, operating system, and version. It automatically classifies the accessed terminals according to the rules and logically isolates them based on services. They are isolated once having access to the network. The accessed terminals that are planned in a unified manner can automatically come online and establish an account. The accessed terminals that are newly added have to undergo customized and decentralized approval and management. After approval, the IP address, MAC address, device manufacturer, access location, recent online time, and other information are directly displayed, which is convenient for teachers to conduct O&M and greatly reduces the security risks of the terminals.

IoT lifecycle management

Self-optimized network with no need for command lines

Based on the plane separation of SDN, all the devices have a high degree of automation in coming online, deployment, and replacement. The devices support the Plug-and-Play technology. Services are visually planned and deployed and take on matrix management. SDN has better performance in understanding user services, focusing on services, and masking the underlying network configuration and command lines.

AI algorithm-based status baseline and anomaly detection can be used in, for example, authentication process, DHCP process, gateway connectivity, DNS connectivity, and web experience. Then, the historical network states and tracks of teachers and students are displayed, and abnormal events are archived, which can quickly reproduce the fault scenario. This optimizes the network service quality in terms of the operation status, teacher-student connection experience, and application service quality in real time.

Practices

Through the introduction of the H3C AD-Campus and the adoption of new SDN architecture, the International Campus of the South China University of Technology has deployed high-density IoT nodes, communication nodes, and a powerful data center, which enable the campus to collect, store, and process the data of IoT, campus network, service systems, scientific research, and teaching activities. The comprehensive campus data has been used for complex applications with data correlation analysis and service collaboration among various systems, including emergency response, smart classrooms, and personalized guidance for students.

Some issues impede the construction of the unified bearer network in the Qingdao Campus of Shandong University. The first issue is the contradiction between improving the bearer network services and decreasing the O&M complexity. The second is the contradiction between the simultaneous operating of multiple new devices and the O&M understaffing, and the third is the contradiction between the access from a large number of terminals to IoT and the implementation of fine-grained service management. Campus networks must innovate the bearing mode to achieve secure and stable bearing of services and flexibly meet new service demands, providing automated services and meeting the O&M requirements of "easy configuration, management, and maintenance". After comparison and verification of multiple solutions, the Qingdao Campus finally chose H3C's application-driven campus network solution AD-Campus to build a secure, flexible, innovative, and smart bearer network.