Dept of Info Svcs is tasked to install a Virtual Private Network capable of advertising customer networks using reverse route injection between our firewalls and VPN concentrators and the remote customer networks. The project objectives included designing a scalable network secured by internal and external firewalls, purchasing redundant routers to support the new OSPF network, and installing new VPN concentrators to support wider deployment of our VPN service. The key project deliverables are the successful installation of hardware and deployment of the new service. The project was a success.
DIS must open a fifth node site to support disaster recovery. The objectives are to identify routing and firewall platforms and add Dept of Health to the new node. Deliverables are implementation of an MPLS router capable of supporting multiple MPLS customers and to provide access to common recourses such as email, mainframe, and dedicated use Spokane's Internet connection while maintaining proactive network security practices. A large part of the design included developing a new BGP transport strategy that gave priority to Spokane traffic through our Spokane ISP. The project meant we had to redesign four BGP connection in Olympia and two in Spokane. The project was implemented with equipment that was unscalable at the new node site and the node site had to be reprovisioned with more powerful hardware. The project was successful after completing the necessary hardware upgrades.
DIS operations must replace three core network management devices that are at the manufacture's end of support. Two devices are Cisco 7513 routers used to import customer network devices into the state's management and monitoring system, the other device is a network management layer-3 switch. Important risks include removal of MPLS Ethernet over MPLS connections between an unused backup system in Spokane and Olympia. Migration of the Import/Export process off of the 7513 onto a new platform, redesign of the BGP connections between the 7513s and the Layer-3 switch. Key objectives of the project are to are to replace Layer-3 switch and 7500 routers with devices with greater port density, fault tolerant processors and power supplies, and minimize impact to monitoring systems. Key deliverables are installation of new OSPF connections into the core network, redesign routed connections, migration of servers onto the new device, and deactivation of the EOL equipment. The project encountered several delays do to unforeseen technical challenges. Removal of the Ethernet over MPLS required an outage. Although we verified the capabilities of the metro Ethernet switch with the vendor, it was unable to support all of our routing tables. The power supplies in the Metro switch failed three times before we identified a power issue in the cabinet. The project was eventually successful.
DIS has an opportunity to sell unprotected SONET bandwidth to its customers. The objectives are to design point to point (P2P) MPLS Traffic Engineering circuits for bandwidth hungry customers. Deliverables are P2P circuits to isolate customer traffic, purchase P2P SONET hardware, build network and add customers to the service. The project encountered delays when the original design was incompatible with our OSPF infrastructure. The project was successful after a design change. The Flatten OSPF project was begun to resolve these issues.
DIS must transform it's DR site from a simple T-3 connection into a state mainframe service in Philadelphia to a model supporting full MPLS node site connecting to multiple customer owned mainframe connections in Philadelphia The new MPLS connection would use MPLS virtual routing and forwarding tables. The objectives are implementation of MPLS at the DR site, reprovisioning the DS3 as an MPLS Transport Circuit, and to support MPLS connections from customer mainframes. Deliverables include, a turn-key MPLS DR site, training NCC staff to bring the DR site on line, a firewall, and customer connections at the DR site. The project was designed and implemented successfully.
DIS offers VPN services using the common transport network. High risk customers require VPN tunnels into their MPLS VPN. The objective is to design a network connection into the VPN service infrastructure dedicated to tunnels into the customer's network. The deliverables are install redundant VPN firewalls and MPLS routers, and to migrate existing VPN customers onto the new service. The design was developed, tested, and migration strategies were accepted. The project was successful.
DIS's route reflectors are at end of life must be replaced. The objective of the project is to identify and procure a router platform capable of supporting route reflection for the statewide MPLS network, install the devices, and migrate route calculation onto them without service disruption. Key deliverables include transitioning the route reflector responsibilities onto the new platform without impacting network performance or network up time. The project was difficult to sell. The project was implemented successfully.
DIS has security constraints that limit access to shared resources. As agencies develop and share common services the traditional MPLS design prevents these services from being shared without additional security and operational concerns. The most common solution is to import and export traffic between customer routing tables. This solution is not easily documented and poses security risks in the event of misconfigurations. The Fusion Network was designed to overcome these challenges. The project objectives are to redesign the resource delivery network using a dedicated virtual routing table and transparent firewall. The design should eliminate superfluous firewalls. The key deliverables are a working BGP/MPLS design that is validated through testing. The design should offer templates that can be easily applied and administered while addressing security concerns. The project was completed and successful. The production design will be implemented in a future project.
/// --- Edited up to this point.
DIS has a business need to prepare the MPLS network for Traffic Engineering. The objective is to recon figure the network to remove OSPF area 1 and to use only OSPF area 0. The key deliverables are to design and test the new network, reconfigure node site connections into OSPF area 0 without impacting service to our customers. After the changes were complete we were affected by an IOS bug and had to reload our Node Routers impacting service to our customers. The project was completed and a single area 0 now exists. It was successful.
The network control center is required to convert its management network onto a secure platform. The objective of the project is to secure management protocols within an MPLS network, and replace Telnet with Secure Shell. The deliverables for the project is the creation of a secure vrf for connections to node sites, a secure entry point into vrf to isolate the NCC, adoption of a new management vty application. The project is fully designed, network devices are being upgraded as a part of the project plan, and the project is on schedule.