As well as the regular routed IP data network connection, the CUDN (Cambridge University Data Network — the backbone data network of the Collegiate University) supports some layer 2 (switched) services.
- Additional routed VLAN
- Local PoP VLAN service
- Inter-site VLAN service
- Other VLAN services
More information on these is given below.
As part of the PoP switch service, institutions get a routed data VLAN with the CUDN (which can have multiple IP ranges). If an institution requires an additional VLAN (e.g. for an administratively separate part of their institution), they can request one is set up, either with new addresses or by moving some of their existing addresses across.
Institutions can have one additional VLAN (i.e. up to a total of two) as part of the standard PoP charge. Any VLANs beyond this are charged for.
Each VLAN can be configured according to a different model for routing (e.g. edge connection / directly-routed or statically routed). Full information about available options is on the 'IP routing on institutional connections' page.
Infrastructure service VLANs provided for a specific service (e.g. voice, wireless access points, BMS, etc.) are paid for by the service itself and do not count against this limit.
An institution with a PoP switch may wish to have a local VLAN which is used to provide internal connectivity between ports on the PoP, not uplinked directly to the CUDN. For example, the institutional may loop a firewall through the PoP, with the "outside" linked to the regular CUDN data VLAN and an "inside" fed down to internal switches and hosts.
This service is described in details on the PoP equipment page.
An institution may wish to extend a VLAN across separate sites, fed through different PoPs, as part of a private, internal network (much like a local VLAN, but across PoPs). The CUDN inter-site VLAN service provides this using a redundant path across the backbone, via both of the upstream routers.
There are, however, a number of caveats to this service:
- The inter-site VLAN is presented as an additional VLAN on the PoPs at each end — it cannot be an extension of one of the existing VLANs (e.g. the main data VLAN). However, an institution can loop a connection from their internal network into the inter-site VLAN to extend it (this can be done by a simple cable between the two VLANs).
- The 802.1Q tag to be used will be selected by the UIS from the range of global VLANs in the CUDN numbering scheme.
- The service is limited to a point-to-point connection between two PoPs: it cannot be expanded to support three or more sites: more sites will require separate VLANs. For multiple sites, the MPLS VPN service is more suitable.
- The VLAN will not transport Spanning Tree Protocol (STP) BPDUs. Although the service itself is redundant, the link cannot be used as part of a redundant layer 2 structure within an institutional network.
- This service is not available into the hosted portion of the UIS server network in UIS-managed data centres from elsewhere on the CUDN.
The inter-site VLAN service is a charged-for service.
There are two different technologies used to provide this service; which is used depends on the routers used by the interconnected sites and sometimes a mix of the two technologies is used. The most common technology is EoMPLS (Ethernet over MPLS) and, because of this, the inter-site VLAN service as a whole can sometimes be referred to by UIS Networks as the EoMPLS service. Which technology is used has no effect on the service as seen by the institution.
The inter-site VLAN service is also available to institutions with a directly-routed BGP connection and no PoP switch.
However, as PoP switch is used to manage the redundancy across the two upstream router connections, the service is provided as a single (non-redundant) virtual circuit between two router interfaces as an 802.1Q tagged VLAN. An institution will typically receive a pair of these circuits to provide a redundant service.
There are some complications with this arrangement which may make it unavailable, in some cases. These will be determined when the service is requested and the particular situation analysed.
Institutions with router connections are strongly advised to use the MPLS VPN Service instead (perhaps using internal eBGP peerings): this scales better, provides better separation to limit the scope of faults to an individual site and performs better.
In addition to the layer 2 VLAN services themselves, the CUDN can supply other VLANs to institutions through their PoP, in addition to their main data VLAN. These include MPLS site VLANs for other institutions and infrastructure service network VLANs.
Last updated: 5 August 2016