direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Page Content

Network Concept

The network concept of TU Berlin plans that all TU buildings are bundled on 11+1 network nodes. These nodes route the network traffic, can communicate via MPLS and are conntected with more than one neighbour (see below)

Important aspects are: 

  • redundant operation of the data centre (and all provided services) - already implemented
  • moving the second internet connection in order to increase redundance - already implemented
  • improvement of all wiring centers for an increase in requirements - pending
  • setup of MPLS nodes with intermeshing - implemented as far as possible
  • connection of switches with redundant 10 Gbit connections to their MPLS nodes - implemented as available
  • supply of all network outlets with Gbit - implemented (for all buildings modernised by means of eCampus)
  • preparation for an area-wide VoIP - suspended

The subnetworks are routed between MPLS zones and distributed via VLAN within the nodes to the correspondent outlets. Node comprehensive Layer2-supply is not intended. The intermeshing ensures a supply even if a MPLS node is down.

MPLS Nodes
Nodes
Supplied Buildings
A
A, FH, HL, TEM
BIB (UB)
BIB, HF, L, MB, RDH, WF
C
C, K, KF, KWT, M, PC, SE-RH, TK, V, Z
EB
AB, BH, EB, GG, KL, ST, VWS
E-N
E, E-N, EMH, HE, HFT-CO, MS, TC
EW
AM, B, BA, HBS, ER, EW
H
H
MA
BEL, FMI (future), MA, W
(HFT-)TA
F, HFT, KT, MAR, PTZ, SG, TAP
TEL
TEL
TIB
ACK, TIB
El Gouna
El Gouna (Egypt)

Annotations:

  • Satellite departments AB, GG, KG, KL, ST are connecting via BRAIN (Berliner Wissenschaftsnetz) and are therefore partly dependent on that infrastructure
  • The following buildings are not part of the plans:

    • MHD
    • ZI (modernisation planned)

Since not all tasks can be executed in parallel, the network intermeshing differs from the planned version in some cases (e.g. satellite departments have to be temporarily connected in a different way or fibre wire cables for redundance are not yet built).

Connect a New Computer

Please contact the network administrator of your unit and inform him of: 

  • location (building and room number)
  • desired computer name (will become the DNS entry, maximum of 20 characters)
  • caption of the network outlet which you want to connect the device to

You don't know who your network administrator is? Please read here.

Moving a Computer

Please inform your network administrator about:

  • data of your computer: IP address, computer name
  • old location: building, room number
  • new location: building, room number, network outlet

Determine Network Administrator

You can find your responsible network administrator using TU Portal at IT-Dienste > Liste der Rollenverwalter und IT-Betreuer.

Further information about Liste der Rollenverwalter und IT-Betreuer

In the name of the admin

For the rare occasions where the network administrator is not reachable (illness, vacation) and your issue can not be dealt with using TU Portal, please write an e-mail with your issue to NOC and CC to the network administrator's e-mail address. This allows the admin to intervene on one hand and on the other this allows us to see if you are entitled.

New Outlet

Please send your e-mail directly to your network administrator or NOC. If you contact NOC directly: we require

  1. Building and room number
  2. Exact outlet caption
    Often we receive the caption of a double outlet. Since we can only guess which outlet you mean, we will interpret this as "one of the outlets, no matter which"
  3. If you do not care which outlet out of 2 or within the room, please write that explicetely.
  4. Subnetwork
    If you do not know the subnetwork, please contact your network administrator or tell us the IP address which should be employed for the new outlet.

Register 1 to 4 Computers (Network Administrator)

Please use the application "IP Addresses". 
If the DNS entry in partciular can not be adminstrated using the application "IP-Adresse" (alien domains, IPs from house networks, aliases from central administrated servers) please write a formless e-mail with the desired entries. In addition the e-mail has to contain the following specifications:

 

  • Your full name
  • The full name of the network administrator of your department if this is not you
  • The cost centre of your department

Register More Than 4 Computers (Network Administrators)

If possible only use the application "IP-Adresse" in TU Portal.
For initial registration of a new subnetwork or other issues requiring more than 4 new IP registrations or changes you can send a file.
This file MUST comply to these criteria 100%:

  • either spreadsheet or text file
  • spreadsheet type: OpenOffice-Calc (.sxw or .ods) or
    Microsoft Excel 97/2003 (.xls), no .xlsx !!
  • text file formats: ASCII (.txt) or "Comma Separated List"
    (.csv) -File
  • no Word (no .doc or .rtf)
  • no macros, formulas, plugins, special fonts, etc.
  • layout: at the beginning or the end of the file a text bock with explanations, empy lines and captions is allowed

For the block with IP applications applies:

  • one computer per line
  • 7-Bit-ASCII-Text, no umlauts
  • no characters which are not allowed for computers such as underline character (_), @ or similar
  • no empty lines
  • no comments
  • no colons (:)

You should read the notes for completing the form beforehand.

Neu-Anträge: Format der Rechner-Zeile

Rechnername
Domain

Aliase

MAC-Adr.

MX

Rechnertyp

OS

Gebäude

Raum

Kostenstelle

Betreuer

Telefon




Feld

Erklärung

Beispiel

Rechnername
gewünschter Name, nur Buchstaben, Zahlen oder Minus
pc2006-uni
Domain
subdomain.TU-Berlin.DE
math.TU-Berlin.DE
Aliase
(optional)
nur wenn nötig ausfüllen.
studi-pc,uebung4
MAC-Adr.
Die Hardware-Adresse des Rechners (MAC-Adresse). Weglassen der Angabe nur nach Absprache erlaubt.
a0-b1-c2-dd-ee-ff
Mail-Exchange
(optional)
mailrechner.subdomain.TU-Berlin.DE.
Nur ausfüllen, wenn Sie einen beim postmaster angemeldeten Mailserver betreiben
mail.math.TU-Berlin.DE.
Rechnertyp
PC/Mac/Laptop/Printer/Gerät
PC
OS
(optional)
Betriebssystem
Windows XP
Gebäude
TU-Gebäudekürzel
KWT-N
Raum
(optional)
Raumnummer
K030/K031
Kostenstelle
Genaue Kostenstelle, bei Instituten 4-stellig, bei Fachgebieten 8-stellig.
45678900
Betreuer
Name des Netz- bzw. Gerätebetreuers (Antragstellers), NICHT des Nutzers, keine Umlaute
Meyer-Distel
Telefon
(optional)
Telefonnr. des Zuständigen
23733

Leave those boxes empty which you can not complete. For ASCII files a colon serves as a seperator (cell1:cell2:cell3). For .csv files you can use a colon too. The values can be encased by quotation marks.

For 3 computers a txt file could look like this: 
pc2006-uni:math.TU-Berlin.DE:studi-pc,uebung4:a0-b1-c2-dd-ee-ff:mail.math.TU-Berlin.DE.:PC:Windows XP:KWT-N:45678900:Meyer-Distel:23733
obelknix:zuv.TU-Berlin.DE::::PC:MacOS:H:6107a:45678900:Meyer-Distel:
laptop15:zuv.TU-Berlin.DE:proflaptop:::Laptop:Linux:SG1::45671000:Meyer-Distel:

Änderungs-Anträge: Format der Rechner-Zeile

IP-Adr.

Rechnername

Domain

Aliase

MAC-Adr.

MX

Rechnertyp

OS

Gebäude

Raum

Kostenstelle

Betreuer

Telefon

Complete the form according to the new applications only this time you already got the IP addresses which are specified in the first column. The rest of the line has to be filled out completely. It is not sufficient to specify the changed columns only.
The line will be changed which corresponds to the IP address. Thus you can change all data except for the IP address since we need the IP address as index for finding the line which is to be changed.

Deregister a Computer (Network Administrator)

Please use the application "IP-Adresse" in TU Portal. For special DNS entries which can not be edited via web, please write a formless e-mail with the computers/IP-addresses which should be deleted.

New Admin (Network Administrator)

As network administrator you require the role dns_verwalter. You will receive that role from the role administrator of your department.

For you to be able to take care of your colleagues, please retreive all information about your subnetwork from your predecessor

You can see the subnetworks belonging to your cost centre in your personal portal and apply for new ones if necessary.

Moving a Group Of Computers (Network Administrator)

Please inform NOC in time about:

  • the planned date of your move
  • buildings and room numbers of your new location
  • all network outlet numbers in your new rooms. This is especially important if the room numbers do not accord to the original numbers (e.g. rooms were divided)
  • If your IPs are partly or completely not listed in the application "IP-Adresse" in TU Portal, we need all IP addresses which you administrate

If your IP addresses are based on a house network (or from a network with private IP addresses), you will obtain a new, own subnetwork which will make a renumbering of your computers necessary, see "Moving out of a house network".

Central Firewall (Network Administrator)

Technical requirement for the use of the central firewall / packet filter (->what's that?) is a user group - meaning an own subnetwork, no house network IPs and suitable network technology for the connection (structured wiring, VLAN capable switches).
If these requirements are met, we offer a packet filter service with the following properties:

  • all data packets are permitted/denied on a strict ruleset
  • data within your subnetwork can not be filtered
  • IP addresses are filtered not DNS names. This is no application level firewalling
  • If you do not give us any other instructions the initial ruleset will be: outgoing from your subnetwork everything will be permitted, ingoing will be denied
  • We adjust the ruleset to your needs but not on a daily basis.
  • Certain rules which are always required are not to be specified, we will take care of them automatically (such as ACK-packets, dns packets from the name server etc)

The properties which are applicable for a filtering demonstrated with 2 examples:

Action
Prot.
Src-IP
Src-Port
Dst-IP
Dst-Port
permit
TCP
any
any
130.149.254.9
22
deny
IP
130.149.4.0/24
any
130.149.5.8/29
6881

The first example allows world-wide access to the computer 130.149.254.9 via SSH (port 22). The second example denies all computers the bittorrent access to the IP addresses 130.149.5.8 to 130.149.5.15 (port 6881).

Note: Firewalling is a complex issue. If your issue is simple, an informal explanation is sufficient (such as "deny all, only WWW to our institute's server with IP address XY should be possible). Otherwise especially for complex applications we need a complete list of all rules since we usually do not know your software and a research would be too much effort.

Change applications - like all network change applications for a subnetwork - will be only accepted from the network administrator (resp. with his acknowledgement)

Change of Subnetwork Size (Network Administrator)

Usually subnetworks should be large enough for all connected computers and small enough to prevent IP addresses from being wasted (60% of all potential IP addresses are unused).
If these properties are not met, you have to move to a new, more suitable subnetwork.

For that we use the following procedure:

  1. We determine the required subnetwork size with your help.
  2. We assume that we have correct information about the rooms where your computers are located. If this is not the case, please inform us!
  3. You tell us if you want the computers to a) keep their original names or b) get new names.
    For case a) we will use the old names with the suffix "-neu" with the new IPs for the DNS.
    For case b) we will enter the new names straight away if there are no conflicts.
  4. We send you the list with the new IP addresses.
  5. We will arrange a change date. At that date we will program the network infrastructure (router, switches, network outles) and you will change the IP addresses - and in case b) the names of your computers.
  6. Until that date only the old IPs will work, after that date only the new ones.

Moving-out a House Network (or Private IP Addresses) (Network Administrator)

If your unit uses

  • IP addresses from the building's network (house network) or
  • private IP addresses

it is time to move into your own subnetwork (with firewall rulesets you can determine yourself).

The following requirements have to be met:

  1. service neutral wiring to each room of your unit (no BNC, but structured wiring = twisted pair) 
  2. switches operated by NOC with a minimum technical standard
  3. usable OrgName or InternetName - there are several cases:

    1. your unit has its own, approved Orgname -> done
    2. your unit does not need an Orgname but wants to use the Orgname of the superordinate unit. NOC will set this up for you in case the superordinate unit has no objections.

If the requirements are met, one can proceed as follows:

  1. Application for an appropriate dimensioned subnetwork by you using TU Portal (requirements for IP addresses for all existent computers and those planned for the next 1.5 years)
  2. Setup of the subnetwork by NOC
  3. Arrangement of a change date. Until that date the old IP addresses are valid, after that date only the new ones. Furthermore NOC requires:

    1. List of all currently employed IP addresses including computer names and MAC addresses
    2. List of all network outlets and room numbers
    3. List of all firewall forwardings

  4. You configure all computers for DHCP at the change date.

You can administrate the new subnetwork yourself using TU Portal.

Network Connection (Network Administrator)

The physical connection to the network is realised using network outlets. Only for modernised buildings each outlet is switched otherwise you will need to contact NOC if you want to use an outlet which was unused before. The connection can also be established using TUB-WLAN which will result in lower speed and due to increased security demands to the requirement of a tubIT user account and an encryption software - see WLAN.

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

Auxiliary Functions