KITnet User Guidelines
Translated with DeepL.com
Preliminary remarks
The KITnet (KIT data network) is the basis for the IT supply in the KIT including the connected external offices. It comprises the entire network infrastructure (hardware and software) from the connection points for end devices, such as junction boxes, access points of the wireless LAN and Ethernet ports for servers, to the Internet connection.
The KITnet is a routed network based on TCP/IP. This structure makes it possible to keep malfunctions of end devices local as far as possible and to limit an impact on the entire KITnet. Intelligent, manageable network components (VLAN-capable layer-2 switches) are used in the building distributors to distribute the data streams.
An organizational unit (OU) is any institution identified in the KIT organization chart as well as the third-party institutions legally independent of KIT that operate terminal equipment on KITnet. IT officers are the central contact persons in each OU for network operation issues. The IT officers are responsible for implementing SCC specifications in their OU. Each OU appoints at least one IT officer.
Principles
The operation of KITnet is subject to the aspects of
- Security
- Availability
- Performance
- cost efficiency
and
- legality.
The SCC is responsible for the operation of KITnet. The OU to which the terminal is assigned is responsible for the operation of a terminal. The operation of a terminal device shall not negatively impact the operation of KITnet.
The IT officers are responsible to the OU staff and the network operator for clarifying network issues and for distributing information, i.e. they are the interface between the network operator and the end device user.
Interventions in the KITnet (changing the cabling in the fixed network, removing components of the SCC) on the part of the OUs constitute misuse.
The "Regulations for Digital Information Processing and Communication (IuK) at Karlsruhe Institute of Technology (KIT) [IuK Regulations]" apply in their currently valid form.
Operation and expansion of the network
The SCC is responsible for the operation of the network and the planning for further expansion. For this purpose, the SCC maintains documentation on the entire KITnet (e.g., cable routing inside and outside the buildings, devices with central tasks, and switched connections). This documentation - together with additional user requirements - forms the basis for planning the further expansion of KITnet.
The SCC monitors all components of the KITnet throughout the day. Occurring events lead to an automatic notification of the responsible maintenance personnel. Furthermore, the SCC continuously carries out load measurements in order to be able to react to impending problems in good time.
The planning of the further expansion of KITnet is carried out in close cooperation between the SCC and the respective responsible construction administration. In order for the SCC to be able to fulfill its tasks as a network operator, extensions of the network may only be carried out after prior approval by the NET department of the SCC.
Interventions in the network
Unauthorized interventions in the form of extensions or changes to the existing network structure are generally not permitted and may lead to the forced decommissioning of the corresponding area. This shutdown is carried out by the network operator in order to exclude impairments of other users as far as possible.
Financing
The respective construction administration is responsible for financing the further expansion of the passive network infrastructure. Applications for the installation of data connections must be submitted in writing (informally) to the SCC.
Active components are procured by the SCC from central funds.
Procedure in the event of a fault
Faults in KITnet are usually detected by the automatic network monitoring system and immediately corrected by the maintenance staff. Since the connected end devices (PCs or workstations) are not automatically monitored, defects in the connections between these devices (end devices) and the active network components may not be detected centrally. If your computer cannot communicate with others, please contact your responsible IT representative and first check whether
- the connection cables are undamaged and correctly plugged in
- the configuration corresponds to the specifications of the IT representative (see "Connecting terminal devices")
- the target system can be reached from other systems.
In case of doubt, please contact the SCC ServiceDesk.
Network administration
The network operator is responsible for the administration of all central network components. These components include, for example, the routers in the backbone area and the switches in the secondary and tertiary areas. These are housed in technical operating rooms. Access to these rooms is only permitted to the responsible operating personnel. Access for institute employees is generally not possible.
Monitoring and corrective measures
The SCC monitors the operation of KITnet and eliminates faults as quickly as possible.
Monitoring is subject to the provisions of the Telecommunications Act and the Telecommunications Data Protection Ordinance, as well as, with regard to KIT, to the relevant service agreements and, with regard to affiliated third-party institutions, to any bilateral agreements that may exist.
Terminal equipment which (causally or indirectly) impairs or interferes with network operation or which does not meet the conditions for the operation of terminal equipment may be disconnected from KITnet by the SCC. This also applies to entire LAN areas if the end device in question cannot be identified or located in time.
Allocation of network addresses
The administration of the connected end devices includes the allocation of worldwide unique network addresses for the identification of the participants. For this purpose, KIT has public address ranges (for IPv4 129.13.0.0/16, 141.3.0.0/16 and 141.52.0.0/16, for IPv6 2a00:1398::0/32 ). Private network addresses are also used. The IP addresses are assigned and coordinated centrally by the network operator. The use of other addresses is generally not permitted. Names are assigned to addresses via DNS (Domain Name Service).
Without assignment of a DNS name, operation of systems on the network is not permitted.
Approved/supported protocols
In KITnet, only Internet protocols (TCP/IP) are permitted and supported for communication between the network segments. In the area networks (VLANs), other protocols may also be used, provided that they do not interfere with other areas of the network.
Rules for operating devices on KITnet
OUs may operate terminal equipment on the KITnet under the following conditions:
- The configuration must comply with the SCC specifications (IP subnet and mask, gateway or use of DHCP).
- The end device, its equipment and its configuration must meet the conditions set by the SCC regarding network security and compatibility in or with the KITnet.
- The transmission protocol of the backbone routers is the Internet protocol (IPv4 or IPv6).
The operation of OU-owned network components on the KITnet is not permitted. An exception are Ethernet switches for setting up room networks (mini switches) to increase the number of available network connections. However, these switches are not allowed to propagate link layer protocols (e.g. Spanning Tree BPDUs).
The operation of OU-owned WLAN solutions for accessing the OU network is also not permitted. WLAN access points that are not known to the SCC compete for the available WLAN radio channel bandwidth and also represent a potential security risk.