2. NETWORK SERVICES
2.1
Campus BackboneDuring the past year the University Optical Fibre Network has been extended to the John
Radcliffe Hospital and work is in progress to provide direct optical fibre connection to clinical
departments in the Nuffield Orthopaedic, Warneford and Churchill Hospitals. A new
telecommunications room is being equipped in the Institute of Health Sciences, which will
provide network connection to the existing University groups and for the future developments
which are expected in this area.
The ducting programme being undertaken by the local cable company, ComTel, has provided
opportunities to extend the University Optical Fibre Network to locations within the city
where there is a high concentration of student accommodation. The first area to be covered is
the St Clements/north Iffley Road area. A similar exercise is proposed for north Oxford when
ComTel undertake installation of their infrastructure, which is scheduled for 1997. This work
is part of a strategy eventually to enable all graduate and undergraduate student
accommodation to have access to the University Backbone Network. Although extending the
University Optical Fibre Network must be considered as the preferred option, in areas where
geographical or financial considerations weigh against this, other methods such as connection
by ISDN and Wireless LAN are being actively pursued.
During the 1995/6 University year the only change which has been made to the Campus
Backbone Network configuration has been the addition of one Netbuilder II router. This is
temporarily located at the Warneford Hospital until the Institute of Health Sciences
Telecommunications Room is ready for service. The total number of attached Ethernet
Networks has increased from 149 to 173 during the year (see Table 1), to which are now
attached nearly 12,000 computers (see Figure 2). All colleges now have an Ethernet
connection to the Campus Backbone. In Table 1, the increases under the departmental
heading have mainly been a combination of departments requesting a second backbone
connection and movement of university staff into refurbished accommodation.
The 22 3Com Netbuilder II routers which form the basis of the Campus Backbone have been
upgraded during the year by increasing the processor memory capacity from 12 to 20 Mbytes.
A further upgrade to install Flash Memory Drives is in progress. Both these upgrades are
necessary to take advantage of the latest interface card developments for the Netbuilder II
router.
Figures 1 and 3 give, respectively, a geographic and logical representation of the University
Network. The Backbone traffic is still relatively light, but it is rising rapidly (see Figure 4). It
is estimated that we will need to plan for a faster replacement in about 1998.
2.2
Traffic continues to climb dramatically, doubling in volume in less than 12 months (see Figure
5). The volume of inwards traffic is approximately 2.5 to 3 times the outwards traffic, which
almost exactly matches the relative capacities of the inwards and outwards SMDS links
supplied by UKERNA (10 and 25 Mbps respectively). Concern is mounting that the capacity
of this link is fast approaching, and negotiations have begun with UKERNA and other bodies
to ensure that we will be able to acquire a faster link before the end of 1997. Oxford has close
to the highest amount of traffic of any university in the UK. The link to the USA has been a
matter of some concern also during the year. In the first few months of 1996, the capacity of
that link was increased from about 4Mbps to about 20 Mbps. This has had a noticeable
impact on accessing US sites, and has not yet simply been swallowed up catering for pent-up
demand.
Negotiations (with UKERNA, and also with Oxford Brookes University, Rutherford Appleton
Laboratory and other education and public-sector and research bodies in the Oxford region,
have been commenced with a view to establishing a Metropolitan Area Network (MAN) in the
region. This would speed any traffic with those bodies, act as a catalyst to upgrade the link to
Janet, and foster a greater interaction within this community.
2.3
The Gandalf usage figures show (for the first time) a slight reduction in total traffic (see Figure
6). The number of lines being disconnected (298 this year, 391 last year) is still very low, and
it is thought that a large number of unused lines remain connected, possibly as a back-up for
Ethernet connections (see Table 2). A campaign to publicise the run down of the service
(planned to close at the end of 1997) will be undertaken in Autumn 1996. It is hoped that the
move of the Library service to solely Ethernet connection will cause a noticeable decrease in
usage. 13 new lines have been connected this year, to locations where Ethernet was not
readily available.
2.4
The rapid growth in demand, and the limitations of the Gandalf dial-in system (restricted to
2000 separate usernames and speeds of 19,200 baud) led to the assessment and purchase of a
new combined dial-in and ISDN system using an Ascend MAX 4000. The main criteria for
selection were that the new system should be able to support a large number of usernames;
provide profiles for service restrictions by username; make use of an authentication server
using recognised encryption techniques; recognise and support all standard protocols
(TCP/IP, SLIP, PPP, NOVELL, ASYNC); support all standard modem protocols up to V34;
support ISDN calls.
The physical connection to the public telephone network is via a service known as "Primary
Rate ISDN". This allows for 30 Basic Rate ISDN connections per Primary channel (the
Ascend unit can accept up to 4 such feeds). The asynchronous modem sets are digital and
have 8 channels per module. The unit recognises incoming calls via the Primary Rate ISDN
connection as either genuine ISDN or digitised asynchronous and switches modes
automatically, thus hugely simplifying the incoming connectivity. The unit has a single
Ethernet connection to the University network. The incoming connection is supplied by BT,
but it is planned to install an additional feed from ComTel, to allow local users to take
advantage of the cable services currently being installed in the area.
This service was introduced in the Spring, after a significant amount of work had been done to
integrate this with the OUCS Registration service. It clearly met a demand for higher
bandwidth connectivity, and users rapidly transferred to the new service. The old service will
be terminated at the end of January, 1997. Overall, usage of dial-in has continued to climb
steeply, more than doubling over the past year (see Figure 7). However, the number of active
users of the service has only increased slowly, by 10% (see Table 2). OUCS will act as
"broker" for the national dial-in service which UKERNA announced at the end of the period.
2.5
The number of messages received by the mailer shows a 50% increase on last year, and the
volume of messages has increased by 170% (see Figure 8 and Table 3). Not only is more use
being made of email, but the size of messages is increasing rapidly (presumably through more
use of attached files). The number of messages going out from the mailers has risen even
more steeply, which is thought to be due largely to increased use of mailing list facilities.
A new, faster mailer, known as oxmail3, was brought into service in September 1995, and a
fourth is currently on order.
"Fuzzy matching" software was introduced during the year on oxmail2 and oxmail3 (but not
oxmail1 which is older technology). This checks failing destination names (in the form
firstname.lastname) against the list of known names in the database, and returns to the sender
a failure message including a list of possible similarly spelt names. This is especially useful to
callers from outside Oxford.
2.6
OUCS staff with expertise in micro networks continue to be under heavy pressure to provide
advice and assistance in the installation, operation and development of microcomputer
networks (eg Novell and WindowsNT) around the University. This includes the configuring
of microcomputers (PCs and Macs) to enable them to operate on such local networks.
A great deal of other personal computing advice is being given on communications issues,
evidence of the continually expanding reach of networking and demand for the services of
these key staff. For instance, there has been a large increase in demand for dial-in access from
PCs and Macintoshes which complements the recently upgraded Dial-in facility.
Documentation for a tried and tested set of software options has been prepared, for
implementing PPP dial-in access to the Internet for the commonly used operating systems
(Windows 3.1, Windows 95 and Mac OS).
The Novell Server Management service has continued to grow. This is a facilities
management service where, for a fee, OUCS staff will install and maintain Novell servers for
departments and colleges. The service is currently staffed by two people. Funds have been
provided to enable Humanities faculties to make use of this service free of charge.
2.7
This new service was introduced in January in response to a number of requests from
departments and colleges who were disappointed with the commercial maintenance service
available for their Ethernet-based networks. What OUCS has endeavoured to do is to provide
a much more economical service, but with a rapid response to emergency situations.
This has been accomplished by charging a small standing charge, which ensures that stocks of
most network components are held by OUCS. If a fault develops, the faulty component is
identified and replaced quickly, and then a repair undertaken. The repaired item eventually
replaces the "loaned" item, and the client is billed for the actual cost of repair. The scheme
also incorporates a degree of remote network management by OUCS, to assist in the early
detection of network faults and bottlenecks.
The scheme is working well, and 14 units had taken it up by the end of July.
2.8
The Oxford University Computer Emergency Response Team (OxCERT) continues in its
roles as guardian and educator. It has responsibility for protecting the security of university
systems and networks from both internal and external attack; for liaising with other
organizations where necessary and appropriate; for raising awareness of security and privacy
related issues within the University; for testing the security of systems on request and advising
their administrators; for providing security related tools and documentation. It has performed
in all these categories over the last year.
The team has almost the same personnel as a year ago --- four front-line staff handling
incidents as they occur, and a backup team of another nine. These 13 people are drawn from a
number of University departments. Everyone working for OxCERT does so on a part-time
basis. OxCERT itself provides cover on a best-efforts basis and, in particular, is not able to
provide a 24-hour, 7-day response.
During the year, about fifty incidents have been investigated, including: attempted break-ins
both to and from Oxford; denial of service attacks; theft of equipment (especially memory);
unauthorized usage of facilities; a steady stream of virus infections. Many of the alerts had
simple and/or innocent explanations but several were more serious and appropriate action was
taken in conjunction with the University and other authorities. In one case, OxCERT assisted
the Thames Valley Police with their enquiries; in another, information about a computer
break-in at Oxford was passed via JANET-CERT to the US FBI.
OxCERT members have contributed to the University and wider communities by presenting seminars, news articles and the like. The chairman co-authored a UKERNA-funded study into the provision of secure email for the JANET community and presented a paper about it to the Forum of Incident Response and Security Teams at their 1996 workshop in San Jose.
