KAREN public VLAN

KAREN utilises 802.1Q VLAN tagging to deliver services within the core.  The KAREN backbone is split into two logical networks which are known as VLAN East and VLAN West.  The network has been architectured this way to create a fully protected network within New Zealand.  This has the effect of providing a 20Gbps core network for use by the research and education community.

In the event of the failure of one of the paths, both VLAN’s are transported on the remaining path ensuring the continued availability of the network.

It is possible to be connected to both VLAN’s however this means that consideration should be given to changes to the BGP configuration.  This would only be necessary if the West VLAN provided a more efficient path because of the members location(s), or if the West VLAN needed to be used for capacity management.

Private VLAN option

Members can request a private VLAN where they have multiple sites connected to KAREN.  This would usually mean that the organisation would receive traffic tagged for VLAN East, VLAN West if required, and the private VLAN ID. Associate members and partners would not generally be able allocated a private VLAN.

The private VLAN ID is then tagged only on switch ports that directly face the organisation's sites.  This provides a layer 2 private network that can be used for intra site transmission.  Members considering this option should also consider:

• A layer 3 boundary (routed) should be placed between each site and KAREN
• Any commonly used, standards based, routing protocol can be used over the private VLAN
• IP addressing of the layer 3 devices can be selected by the organisation for the private VLAN (KAREN VLAN IP addresses are assigned by REANNZ)
• Sites can be tagged with the private VLAN ID only, allowing organisations to concentrate resources for international and national connectivity at a single site
• KAREN should still be treated as an untrusted network and organisations should familiarise themselves with the KAREN security policy