Slashdot Mirror
Harvard Offers Sneak Peek Into Their Network
Bob Brown writes "Harvard University doesn't usually talk much about its internal network, but here, the guy overseeing it opens up about the homegrown and commercial tools used to manage the massive system." From the article: "Harvard, as of late, has been exhibiting another telco trait - considering the network as part of the university's critical infrastructure. As such, its construction is considered during the initial planning phases of building renovation, new construction and campus expansion projects. The data networks that are being built today, at Harvard and similar institutions, are being built to host a variety of IP-based traffic. Most every physical-plant control device, whether it be security cameras, chilled water-valve actuators or parking garage card readers, are being designed to work with the IP network"
Wait till MIT hears about it !! :P
"Most every physical-plant control device, whether it be security cameras, chilled water-valve actuators or parking garage card readers, are being designed to work with the IP network" Won't somebody please think of the toasters! If they can't turn on and off their toast so they can arrive at their office and breakfast is hot and ready, then what good is all this IP based technology?
Oh You POS
I'd like to work in that size of environment.
*sigh*
[goes back to fixing another spyware ridden windows box]
we solicit advice from all connecting members to solidify customer demarcs, network ownership and funding models.
What exactly does this mean? It sounds frighteningly like Cisco sales speak. Is this really how people speak or am I just too stupid to go to Harvard?
All that, and they still don't know how to set up DNS properly.
-----------
$ host harvard.edu
harvard.edu A record currently not present
-----------
I notified them about this months ago, but they didn't seem to care. Most web browsers automatically try the "www" prefix when you type, say, "harvard.edu" into your address bar, so you don't notice this problem generally. However, if you try wget, you can see it fail.
-----------
$ wget harvard.edu
--14:38:45-- http://harvard.edu/
=> `index.html'
Resolving harvard.edu... failed: Host not found.
-----------
Pretty sloppy if you ask me.
http://cltracker.net -- powerful craigslist multi-city search
My favorite piece of network technology at Harvard is their system to shut off a student's WiFi network access when they have a scheduled class. :) Been in use for a while now, and it sure cut down on the kids at the back of the class yelling "PWNED YOU!" during a lecture.
100 goats in the President's swimming pool will be so passe now!
Crimson brags about its class B address -- MIT has a class A! And if you look at the physical connection, last I heard the Harvard campus was served by a fiber strung along the MBTA Red Line tunnels -- straight from an MIT router!
--- Often in error; never in doubt!
...reads post as I sit within range of MIT and Harvard WiFi at the 4th largest pharma company on the planet. Yet I still connect to my cripple (nothing the "game" in the URL ) internet access. That routinely downloads at 7mbps. Oh well, I have my EVDO phone for games.slashdot.org :(
Am the only one sitting here thinking "ewww, cogent"?
Honestly, I was under the impression they had some sort of a robust setup, and then I see their main link is cogent and I'm left wondering how they can talk about robustness. I suppose, at least they have a qwest fallback.
they seem to be missing some firewalls !
k .gif
https://public.noc.harvard.edu/images/core_networ
What's the point of being able to control a cold water valve actuator through the internet? Wiring everything into their internet servers just creates a lot more problems when something goes down.
If a server goes down you would expect that internet access would not work. But now if a server goes down you can't access the internet and you can't get water either. Considering the fact that most networks are poorly configured anyway, the amount of problems that could be generated from something like this far outweigh the ability to actuate a cold water valve through the network,
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
So a couple questions first a) what makes harvard so special? seriously I mean its a generally well regarded college, but not nessecarily in the area of IT b) putting everything on the IP network, is probably a bad idea.
Does Harvard have a nuclear reactor? That would be a "not so good" technology to have on the public network. just seems that the current trend to give everything an IP address is a step in the wrong direction.
I worked for the network and telecommunications department for a smaller university for a few years. Building the infrastructure in place like this is critical. We constantly found ourselves working out awkward solutions to providing access to older buildings. A couple of the buildings are running ethernet over phone wires and served by hubs that are 20 years old because they are the only thing with a strong enough signal for the quality of the wires. Two of the dorms are using Cisco's LRE DSL technology. Locating IDF's when we did major upgrades was a pain in the butt. Sometimes we would spend most of a day adding a couple drops to a single office that needed more space, but rewiring that wing wasn't in the budget. In the long run, the costs add up, as do the frustrations.
In contrast, our newest building is thoroughly wired (with the perplexing and random exception of two small labs that I spent several days running cable to last summer). Even the closets have multiple ports, just in case, and that has been important several times.
Documentation is equally important, and someplace where we currently lag. Currently, what goes where is stored in our heads, and gets lost every time someone leaves. The mix of old and new standards, as well non-standard crap has made the documenting process difficult. Also, it is impossible if there isn't a method in place for ensuring that changes made as documentation is being built up aren't recorded.
Another challenge is correctly anticipating what your future needs are and building in expandability. Our athletic center was built right before the networking became standard, and while it has plenty of phone lines, the distance is too far to run ethernet in some cases, and the routing makes spot-upgrades close to impossible.
He he
Oh, its all the people anonymously donating to Tor.
Their head SysAdmin seems to be a drunk, circa 1989.
huh, interesting. i take the t every day between harvard and central and i've always thought, as i stand in the car... looking at those bundles of cables, "what if i chopped through them?"
so... if that is right... i could, theoritcally, break the intarweb for all of harvard?
oh, did i just say that outloud? i mean come on! what do you think when you see large bundles of cable?
sad robot making broken music
We run PacketFence and it works nicely. We use it to register students and it can automatically block worm infections. Good to see open source getting a bit of press.
so... if that is right... i could, theoritcally, break the intarweb for all of harvard? +5 Interesting? Only on slashdot.
Obviously you raise some geniune questions about Internet access in the classroom, however...
Having been to a school where we all had laptops and Internet access during classes, the reality is a bit different for the majority. During lectures, if you sat in the back, pretty much all you would see was people browsing hobby websites on their machines. Some of them playing with SNES emulators (for Final Fantasy mostly).
Of course it's different during actual classwork, as access to the Web is an amazing tool, but some teachers decided to start policies whereas we had to close our laptop screens or unplug our network cables (no wifi) during lectures because nobody would pay any attention.
It used to be a microwave link to MIT. When whether was bad (and remember this is Boston), we had massive packet loss.
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
And remove the "games." from all "games.slahsdot.org" links.
/. is referencable from any section other section's domain or even from the "no section" section.
Any article on
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
Is it me or does that number seem a bit high? If a 100mbit line will push only 30TB in a month. And yea I know they are probably not running a flat network.
Harvard doesn't have a reactor, but MIT does - and just outside Central Square.
Who says that was the interesting part of the post besides you?
I personally thought it was the topology here that was interesting.
I used to work there, Harvard's is nothing compared to what they have at MIT.
Dweebs who can't stomach a little truth and don't know how to properly format a post..
Only on Slashdot, is how the cliche goes, I believe.
http://archives.seul.org/or/talk/Mar-2005/msg00018 .html
I agree. This Life Partner and Significant Other stuff is junk. Man.
Charles Wyble System Engineer
Ummm, check with dig -- harvard.edu is not a "hostname" and only has SOA, NS, and MX records associated with it -- neither CNAME nor A.
It's not nearly as rosy a picture as is painted in the article. I've been working in IT at Harvard for quite a few years and until recently we've had too small of a budget with priorities on gadgets for VIPs and not regular infrastructure replacement. We're still in the dark ages in many ways.
Those custom apps he brags about? They break, are poorly documented, and we're in fact trying to move away from them as much as possible. Testing of major network changes is so poorly done as to be nonexistant in many cases. And let's not even get into the uptime of critical systems like email and webspace (those have been down for hours at a time, days in a row for week son end).
And those staff numbers? Inflated. We are really short-staffed.
hmmm... now if /. had a +/-5 for "snarky" then maybe it could have been modded properly... but interesting? not so much. i'm not that interesting.
sad robot making broken music
***They have the money to do everything properly!***
Our network has been in the shit-can for the last few weeks. Sometimes emails get stuck in server-land and don't show up for three or four days after they're sent. My thesis advisor and I weren't on speaking terms because he thought I hadn't sent my first chapter. That and because my first chapter was generated on www.lipsum.com.
Ohh. Mmm.
I've lived with and carried on a monogamous sexual/romantic relationship with a person of opposite gender for close to a decade. We're not married. 'Significant Other' and 'Life Partner' seem like perfectly apt terms for this arrangement, but then I'm not a homophobe so I guess I don't get the stigma you seem to believe is attached to them. You have some alternatives to suggest, or is your post in fact a pointless troll as indicated by moderation?
Crimson brags about its class B address -- MIT has a class A!
Furthermore, most dorms at MIT each have their own class B all to themselves.
and all these connections need that many public addresses why?? MIT knucklehead....
Most every physical-plant control device, whether it be security cameras, chilled water-valve actuators or parking garage card readers, are being designed to work with the IP network"
Sounds like they're introducing a single point of vulnerability. In one fell swoop you could take out a lot of important systems.
Harvard University is more than just Harvard College. There's more address space than mentioned in the article. In addition, as also mentioned in the article, the UIS NOC also maintains the NoX -- and guess how MIT gets its I2 connectivity?
And the purported T-opology is laughably clueless.
Informative? Not!
The parent comment is clearly referring to the Faculty of Arts and Sciences (FAS) network.
The topic article was about the core network run by the University Information Systems (UIS) NOC.
MIT has much more than a Class A./ ip.html /28. The email that I got back said, basically, 'Ok, the 18.68.0.0/16 network is now under your control. This should take care of all your problems.' I was pretty much dumbfounded. Where else but MIT would you get this at 25?
http://macfadden.mit.edu/colserv/digital/ordering
When I worked at MIT, I was aware of the size of their IP space (larger than China), but I didn't realized the full extent of how much they really had until we needed some address space for our subdomain, csbi.mit.edu. The planned subdomain spanned a half dozen buildings spread out over a distance of four square kilometers, with dedicated fiber links between all the buildings.
After I send network-ops a detailed email explaining our planned network, I sat back and waited for their reply. I was thinking we could get access to a Class C, or maybe a
In terms of a solution, though, the Class B was the best possibile option. MIT only had to make a quick change to their OSPF routing table, and we were able to subdivide the Class B as we needed.
Do you see the sig? Do you have it in your sights? Why yes, Miss Moneypenny...
Twice, actually. Once for the design/architecture area. Nice gentelman interviewed me, and I was delighted to see that he was also into printing things. I was bombarded with recruiters at the time.
The other person I interviewed with was an asshole, insulting me in the interview. It was a Solaris shop, and at the time, the guy said that E10Ks were 'small', and that I needed experience with something bigger before I 'wasted any more' of his time. I scratched my head, and wondered what part of Sun's product line he was thinking of.
After repeatedly trying to get the position of someone I *knew* who's slot was now open, I gave up on Harvard, and worked at MIT's media lab as a volunteer. Besides, MIT had more interesting coffee machines, and lots of legos.
Disclaimer: I have only a GED.
Zhrodague.net - I do projects and stuff too.
I am available, and in the Boston area right now! In fact, I could stop by this week, if you are hiring people. Send me an email, and I'll drop by, we can talk about it. Four weeks *paid* vacation sounds nice for a change...
Zhrodague.net - I do projects and stuff too.
posting right now from a harvard ip, i can't host wc3 custom maps. stupid port blocking. i can't ping shit and the latency is terrible. :(
When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
This is what I remember about Harvard's network reliability from my college days: http://www.thecrimson.com/article.aspx?ref=348114
:p
There's nothing quite like watching a whole computer lab full of overstressed students freak out when the network goes down a few hours before a term paper deadline.
we don't hear about the outfits that do it right because they simply don't generate bad news big enough to make the mass media.
Tech Public Policy stuff
Wait, isn't /16 only about 2^16 addresses? Or am I forgetting something.
Sounds like another unhappy camper from the FAS network -- "i can't ping shit" gives it away.
The article was about the core network run by the UIS NOC, not the FAS network.
We have long polled network interfaces using SNMP to count the octets crossing interfaces from which we create real-time bandwidth-capacity graphs as a baseline to measure our overall network use.
Or as net arch would say: We use MRTG.
The problem of course is that IP protocols aren't ment for time sensitive loops. If I need that water valve off NOW! then IP isn't going to give me that guarentee. A dedicated serial line does. 99% of the time IP is "good enough", but sometimes it's that 1% that gets you.
"Let me begin by pointing out the facts that most, if not all of the new industrial controls are trying to get on the IP based networking already. It is far cheaper to convert all different wiring and protocols (RS-232, RS-485, serial communication in general and Common and proprietery protocols like Modbus, ControlNet, etc.) and have them run over the TCP/IP network than having dedicated networks on all of those devices across a plant, or in this case, across the campus (and possibly multiple "plants.""
That's because of market effects, rather than weither IP protocals are the best solution to the problem.
"Running multiple networks on dedicated medium requires more wiring than single TCP/IP network."
The I2C in your computer works just fine on the two wires it uses, and more devices can be added (most MB's have an I2C connector even if most people don't use it).
"In addition, there are usually limitations on the physical length of the wiring on the medium. Most protocols not based of TCP/IP model tends to be limited on the length on its own, requiring a repeater if it needs to travel longer distance (we're only talking about more than 250 ft)"
That's really an "analog vs digital", more than it is the merits of TCP/IP. Plus one can run analog over fiber by using PWM.
"To have dedicated control networks on those devices, which are not necessarily on the same protocols, especially not at one location, only add cost to the control system."
Cost should never be used as a reason to lower safety.
i take the t every day between harvard and central
How lazy are you? It's barely a 10-minute walk.
wow... you really added quite a lot of value now didn't you?
its always nice to see knuckleheads make wild ass assumptions about people they don't know anything about.
you can go now.
sad robot making broken music
Let me guess, this is part of your own personal green program?
I know anyone who takes a subway instead of walking ten minutes is lazy. Then again, the shift key seems to be a bit of a reach for you too.