Principles and rules for the operation of the LAN in KIT
Preliminary remarks
The KITnet (KIT data network) is the basis for the IT supply in the KIT including the connected branches. It comprises the entire network infrastructure (hardware and software) from the connection points for end devices, such as connection sockets, access points of the wireless LAN and Ethernet ports for servers, to the Internet connection.
The KITnet is a routed network based on TCP/IP. This structure makes it possible to keep malfunctions of end devices local as far as possible and to limit an impact on the entire KITnet. Intelligent, manageable network components (VLAN-capable layer-2 switches) are used in the building distributors to distribute the data streams.
An organizational unit (OU) is any institution identified in the KIT organigram as well as the third-party institutions legally independent from the KIT that operate terminal devices on KITnet. IT representatives are the central contact persons in each OU for network operation issues. The IT representatives are responsible for implementing SCC specifications in their OU. Each OU appoints at least one IT representative.
Principles
The operation of KITnet is subject to the aspects of
- Security
- Availability
- Performance
- cost efficiency
and
- legality.
The SCC is responsible for the operation of KITnet. The OU to which the terminal is assigned is responsible for the operation of a terminal. The operation of a terminal device shall not negatively impact the operation of KITnet.
The IT officers are responsible to the OU employees and the network operator for clarifying network issues and for distributing information, i.e. they are the interface between the network operator and the end device user.
Interventions in the KITnet (changing the cabling in the fixed network, removing components of the SCC) on the part of the OUs constitute misuse.
The "Regulations for Digital Information Processing and Communication (IuK) at Karlsruhe Institute of Technology (KIT) [IuK Regulations]" apply in their currently valid form.
Operation and expansion of the network
The SCC is responsible for the operation of the network and the planning for further expansion. For this purpose, the SCC maintains documentation on the entire KITnet (e.g., cable routing inside and outside the buildings, devices with central tasks, and switched connections). This documentation - together with additional user requirements - are the basis for planning the further expansion of KITnet.
The SCC monitors all components of the KITnet throughout the day. Occurring events lead to an automatic notification of the responsible maintenance personnel. Furthermore, the SCC continuously carries out load measurements in order to be able to react to impending problems in good time.
The planning of the further expansion of KITnet is carried out in close cooperation between the SCC and the respective responsible construction administration. In order for the SCC to be able to do justice to its tasks as network operator, expansion of the networks are only allowed after permission from the NET department of the SCC.
Interventions in the network
Unauthorized interventions in the form of extensions or changes to the existing network structure are generally not permitted and may lead to the forced decommissioning of the corresponding area. This shutdown is carried out by the network operator in order to exclude impairments of other users as far as possible.
Financing
For the financing of the further expansion of the passive network infrastructure are the respective building administrations responsible. Requests for the installation of data connections have to be made in written form (informally) to the SCC. Active components are procured from central funds by the SCC.
Procedure in the event of a fault
Distrubances in KITnet are usually detected by the automatic network monitoring system and immediately corrected by the maintenance staff. Since the connected end devices (PCs or workstations) are not automatically monitored, defects in the connections between these devices (end devices) and the active network components may not be detected centrally. If your computer cannot communicate with others, please get in touch with your IT representative and check beforehand, if
- the connection cables are undamaged and correctly plugged in
- the configuration corresponds to the specifications of the IT representative (see "Connecting terminal devices")
- the target system can be reached from other systems.
In case of doubt, please contact the SCC ServiceDesk.
Network administration
The network operator is responsible for the administration of all central network components. These components include, for example, the routers in the backbone area and the switches in the secondary and tertiary areas. These are housed in technical operating rooms. Access to these rooms is only permitted to the responsible operating personnel. Access for institute employees is generally not possible.
Monitoring and corrective measures
The SCC monitors the operation of KITnet and eliminates disturbances as quickly as possible.
The monitoring is under the rules of the telecommunication laws and the telecommunication data protection laws, as well as the relevant service agreements with regard to KIT and any bilateral agreements that may exist with regard to affiliated external institutions.
Terminal devices that disturb (causally or indirectly) the network operation or that do not meet the conditions for the operation of terminal devices can be disconnected from KITnet by the SCC. This also applies to entire LAN areas, if the end device in question can’t be identified or localized in good time.
Allocation of network addresses
The administration of the connected end devices includes the allocation of worldwide unique network addresses for the identification of the participants. For this purpose, KIT has public address ranges (for IPv4 129.13.0.0/16, 141.3.0.0/16 and 141.52.0.0/16, for IPv6 2a00:1398::0/32 ). Private network addresses are also used. The IP addresses are assigned and coordinated centrally by the network operator. The use of other addresses is generally not permitted. Names are assigned to addresses via DNS (Domain Name Service).
Approved/supported protocols
In KITnet, only Internet protocols (TCP/IP) are permitted and supported for communication between the network segments. In the area networks (VLANs), other protocols may also be used, provided that they do not interfere with other areas of the network.
Rules for operating devices on KITnet
OUs may operate terminal equipment on the KITnet under the following conditions:
- The configuration must correspond to the guidelines of SCC (IP subnet and mask, gateway or use of DHCP).
- The end device, its equipment and its configuration must meet the conditions set by the SCC regarding network security and compatibility in or with the KITnet.
- The transmission protocol of the backbone routers is the Internet protocol (IPv4 or IPv6).
The operation of OU-owned network components on the KITnet is not permitted. An exception are Ethernet switches for setting up room networks (mini switches) to increase the number of available network connections. However, these switches are not allowed to propagate link layer protocols (e.g. Spanning Tree BPDUs).
The operation of OU-owned WLAN solutions for accessing the OU network is also not permitted. WLAN access points that are not known to the SCC compete for the available WLAN radio channel bandwidth and also represent a potential security risk.