Engineering designs and manages the core network equipment including routers, switches, firewalls, encrypted tunnels (VPN) and remote site connectivity. They support all aspects of the OSU Wireless network. The team also provides up/down monitoring, network and system performance monitoring, and utilization graphing.
Engineering manages OSU's IP allocation, including IPv4 and IPv6. They provide tier 2 and tier 3 support to departmental IT staff at OSU.
Contact Us / 7-HELP
ONID, Computer & Printing
Techs are on call 24/7 so please reserve after-hours help requests for urgent phone and network issues only.
Consulting & Tier 3 Requests
ONID, Computer & Printing
Departmental Computing Administrators (DCAs) can contact the IT Consultants for Windows networking, Active Directory, Exchange questions.
Jason Appah, Gaylon DeGeer, Cary Shufelt
Email: itconsult (@) oregonstate.edu
Departmental Computing Administrators (DCAs) can email the Network Engineering staff for other tier three issues and requests noted below.
Email: net (at) oregonstate.edu
Domain Name Requests
General Email Issues
Jason Appah, Cary Shufelt, Gaylon DeGeer, Kirsten Petersen
Mailman Email Lists
Alec Dhuse, Kirsten Petersen
Maintain, DNS and DHCP
Kirsten Petersen, Steve Heitmeyer
SQL Database Hosting
Jason Appah, Cary Shufelt, Gaylon DeGeer
Network Operations Center (NOC)
Steve Heitmeyer, Joel Burks, Michael Gromek, Tony Brock, Ian Downie
Network Security: Incident Response, Vulnerability Scanning, Firewalls
Alec Dhuse, Mark Keppinger, Kirsten Petersen
ONID Class Groups
Cary Shufelt, Jason Appah
Alec Dhuse, Kirsten Petersen
Server Monitoring with OpenNMS, Paging
Joel Burks, Michael Gromek
Alec Dhuse, Gaylon DeGeer, Tony Brock
Network Engineering has implemented a firewall design with the following goals in mind:
Our current strategy is to configure a separate services firewall context for each department. Machines in a "services" network are those that need to provide services to off-campus or non-firewalled hosts. Rulesets for each departmental services subnet are then managed by the department.
Workstations are placed behind the Enterprise Firewall, which denies all inbound connections. No outbound connections are restricted. Some access to workstations behind the firewall will be enabled via the VPN for services such as RDP or SSH.
Q: Will I be able to access my workstation from home via Remote Desktop or SSH after it has been moved behind the firewall?
A: Yes, you will be able to use the VPN to access your workstation remotely.
Q: For servers behind the firewall, if I don't want to allow outbound port 80 access, how do I use proxy?
A: Most applications support a proxy server and are easy to configure. For those that don't, you may be able to use an environment variable to specify the proxy server. For example, in bash, do: export http_proxy='http://proxy.oregonstate.edu:3128'
Q: For servers behind the firewall, if I block outbound access, how can I do SVN via Proxy?
A: SVN supports proxy and our proxy servers are configured to allow the needed methods. Instructions for SVN are here: http://subversion.tigris.org/faq.html#proxy
The following groups and departments have moved all or part of their systems behind the campus firewall:
|Authoritative Name Servers||ns1.oregonstate.edu, ns2.oregonstate.edu|
|Caching Name Servers for OSU||22.214.171.124, 126.96.36.199|
|Policies||Domain Name Policy|
|DNS/DHCP Registration System||Maintain|
|DNS Information||List of OSU Domains|
DNS stands for "domain name service". In essence, it is a directory of names that point to services on the local network or the Internet. Computers communicate with each other over the Internet via IP addresses (e.g. 188.8.131.52). DNS provides human-friendly names for these IP addresses. For example: the DNS name www.oregonstate.edu points to the IP address 184.108.40.206.
The Dynamic Host Configuration Protocol (DHCP) is an Internet protocol for automating the configuration of computers on a network. DHCP can be used to automatically assign IP addresses, to deliver TCP/IP stack configuration parameters such as the subnet mask and default router, and to provide other configuration information such as the addresses for DNS servers.
Most OSU network registration is done via Maintain, an open source application developed at OSU. For general help with Maintain, network registration, or activating your ONID account, please contact the OSU Computer Helpdesk.
As of August 3rd, 2013 Oregon State University's authoritative name servers ns1 and ns2 no longer answer recursive requests from outside of our network. This change was made to prevent our name servers from being used in DDoS attacks against other Internet hosts.
On March 22nd 2014, Network Services will replace Maintain with Cyder as our central IP address management solution. This new software will bring a revamped web interface, and more robust and extendable back-end design. This will allow us to deploy new functionality like IPv6 allocation/support, a RESTful API, DNS views, and more.
We're in the final stages of development and focused on feature parity between Maintain and Cyder. However, some functionality will be lacking at release. Additional features beyond what Maintain offered will have lower priority until we've matched Maintain. Included below is a list of major features and their estimated completion schedule.
Anticipated ready by release:
-New wireless self-registration system
-Bulk interface move
End of Summer:
-Other bulk operations (container moves, user permissions cloning)
-CSV mail/export from web interface
Changes since inital preview release:
-Related interface list now excludes interfaces with blank MAC addresses
-Range lists now include type column (static/dynamic)
-Range names migrated/shown
-Added combined static/dynamic interface view to System section called 'Interfaces'
-Properly migrate Interfaces to Legacy VRF, Campus site
-Overhauled inventory attribute creation/editing/storage
-Range usage displayed, and updated correctly now
-MAC address field on forms no longer mangles entries
-VRF/Site/VLAN/Network detail views show more related data
-Numerous bug fixes and UI tweaks/enhancements
Note: this list is not exhaustive and has been truncated to only include changes relevant to DCAs.
Internet2 is a consortium of universities working in partnership with industry and government to develop and deploy advanced network applications and technologies. OSU has been an Internet2 partner since 1999.
Internet2 members enjoy high speed connections to each other, enabling improved performance for bandwidth-intensive applications such as digital video, distributed learning, remote instrumentation and tele-immersion (virtual reality).
When you communicate with another institution that is an Internet2 member, your network traffic will flow over the faster Internet2 connection. Much of OSU's commodity traffic (i.e. traffic to commercial sites) is now over I2 through the Commercial Peering Service.
As of July 2012, there are 221 higher education members of Internet2, as well as corporate, governmental and international members. See the following for more information about the I2 community:
Learn more at http://www.internet2.edu
Talk to your Department Computing Administrator (DCA), or contact Network Engineering for more information.
Important: The following are network policies developed and managed by Information Services. It is your responsibility to understand any other applicable policies developed by departments and colleges, as well as all university-wide OSU IT policies.
Network Services uses OpenNMS to monitor servers for several groups on campus.
Please visit the server monitoring page for more information on OpenNMS and Testutil.
OREGON STATE UNIVERSITY: APPROPRIATE USE POLICY FOR OSU INTERNET DOMAIN NAMES
Access the Domain Name Request Form to acquire a new domain.
1. OSU assigned Internet Address and Domain Name space
Oregon State University has been assigned the Class B block of IP addresses 220.127.116.11 - 18.104.22.168 by the American Registry for Internet Numbers (ARIN). In addition Oregon State University has registered the following Internet Domain Names with the InterNIC:
As of January 1, 2002, our preferred Domain Name is OREGONSTATE.EDU.
Technical: Kirsten Petersen, IT Manager
Managerial: Jon Dolan, Director, Network Services
Business: Jon Dolan, Director, Network Services
Oregon State University is responsible for managing all of these assignments. There is no association between our assigned block of IP addresses and our registered domain names other than associations that we make using Domain Name Service.
2. Domain Name Service
The Network Engineering Team (NET) is responsible for implementing and/or delegating Domain Name Service (DNS) for ALL systems connected to the campus network, and for coordinating this service with other campus units. DNS provides mapping between domain names and their IP addresses used for routing of network traffic to all destinations.
3. 3rd Level Domain Names
A 3rd level domain name is that portion of the name immediately preceding OSU's registered domain name. OSU departments, programs and approved activities are eligible to use OREGONSTATE.EDU domain names upon request to the Network Engineering Team. This request must be from a dean or department head and will either be approved by the IS OSU Domain Name Review Committee or forwarded to the Associate Provost for Information Services for consideration. REQUESTS should be made to Network Engineering.
Typically, a department or organization would apply for a 3rd level domain name which implies its name or function as in the examples below.
In general, workstations and server names should be at the 4th level, behind a 3rd level domain name, in which case consultation with NET is unnecessary. To be considered for a 3rd level name a server would need to be of global interest to the Oregon State University community. Example: ftp.OREGONSTATE.EDU
Network administrators may assign/create additional subdomains, aliases (using CNAMES), or machine names behind their own 3rd level domain name, again without the need to consult NET. For example:
4. Non-OSU registered Domain Names
All domain names pointing to OSU network addresses (IP space) must be approved by the IS Domain Name Committee and maintained by Network Engineering. To be considered, a "non-OSU registered" domain name must be requested by a dean or department head, be consistent with the OSU Acceptable Use Policy (OSU AUP), and it must be demonstrated why the requested name should not be within OSU registered domain name space (i.e. OREGONSTATE.EDU).
Domain names used as aliases to content provided entirely by OSU may be approved only on the condition that the URL is rewritten to reflect an OREGONSTATE.EDU domain name. For example, a hostname like project.org might be approved on the condition that when visitors put http://project.org into their browser, the URL is rewritten to http://oregonstate.edu/project
Requests should be sent to Network Engineering and will either be approved by said committee or forwarded to the Vice Provost for Information Services for consideration.
In all cases, departmental workstations and servers on OSU's network will be registered in the department's domain. This is reflected in the DNS registration of the IP address, otherwise known as a DNS "A Record". This assures that network administrators can always determine at least what organization/department claims responsibility for that machine. These machines may then be assigned approved aliases using CNAMES, as in the following examples.
Alias Machine name (CNAME) Responsible Group
5. No Fees for Assignment of Domain Names
The creation of domain names by NET is done free of charge. However, other services associated with a name, such as web server or web page hosting, may not be free. These services are available on a cost recovery basis from IS (Central Web Services) and possibly other departments.
6. Naming Conflicts and Priority
Domain names are generally available on a first-come, first-served basis. In cases where a desired name or alias/CNAME is already taken, NET can explain the options. NET surveys the database regularly to avoid naming conflicts and preserve the OSU AUP and otherwise protect the interests of Oregon State University.
7. Unacceptable Domain Names
The Oregon State University network is for instruction and research use only, as indicated by the OREGONSTATE.EDU domain name suffix. In general, other suffixes such as ".com", ".net", etc., are not acceptable for OSU domain names. Requests for inappropriate domain names - names that are not consistent with OSU's mission and the OSU AUP - will be not be approved.
Reasons for rejecting applications for 3rd level domain names include but are not limited to the following.
If in the opinion of the Domain Name Review Committee:
Individuals and groups wishing to host servers, websites or networks that are outside the scope of the OSU acceptable use policy will be required to obtain Internet service and Domain Name Service from a local or national Internet Service Provider (ISP).
Unusual name requests, circumstances, and issues will be referred to the Director of Network Engineering and/or the IS Management Group for further consideration, as appropriate. Final determination will be subject to the approval of the Associate Provost for Information Services. Decisions of the Domain Name Review Committee may be appealed to the Vice Provost for Information Services.
9. Problem Resolution
In cases where faculty and staff are involved in creating or hosting an unacceptable domain name on a system that uses an OSU IP address, NET will first contact the individual and attempt to resolve the issue directly.
If this fails, the Department head and the Director of Network Engineering will be notified. When undergraduate or graduate students are involved, whether on the residence halls network or elsewhere, the responsible manager will contact the student first to attempt to resolve the issue. Failing this, the student will be referred to the office of Student Affairs and the Director of Network Engineering (Shay Dakan) will be notified.
11. OSU Recourse
If issues are not resolved in a timely fashion, NET is authorized to
a) remove the inappropriate domain name or alias/CNAME
b) filter the system's IP address or
c) disconnect the system from the network,
depending upon the nature and severity of the problem. Notice of any such action will be provided to the responsible parties and units, as well as to the Information Services Management Group.
Our standard Outage windows are as follows:
NOTE: These are general outage windows. For some services, these outage windows may not be appropriate, and another time may be chosen. Network Engineering will work with affected units to minimize outage impact on their operations.
Maintenance that does not cause service interruption may be performed at other times, depending on the scope and potential impact of the change.
All planned outages will be announced no later than two (2) business days before the outage. Emergency outages may need to be performed at other times and will be announced as soon as possible.
All outages will be announced on the Outages mailing list and will be posted to the Outages Log here: http://intranet.nws.oregonstate.edu/blog/archives/category/enterprise-network/outage-announcements
Maintenance work that is non service-impacting will be announced to the Maintenance Log, posted here: http://intranet.nws.oregonstate.edu/blog/archives/category/enterprise-network/maintenance
Oregon State University Network Security Policy
May 26, 2000
OSU's network shall be run in a secure manner, with reasonable steps taken to protect electronic data assets owned and/or managed by Oregon State University, and the transmission of them.
Information Services is the appropriate agency to manage and register data networks and their connection to other data networks for Oregon State University. Network Engineering is responsible for the design, maintenance, and operation of the overall OSU network. Each department has the responsibility to run their sub networks in a manner consistent with University Policies and consistent with the University Mission and Goals.
All computers connected to OSU's network must have the appropriate authorization from a recognized representative of OSU. All such authorized computers will be allowed to use an Internet Protocol (IP) address within the 22.214.171.124 class B address space owned and managed by OSU in addition to other communications protocols as appropriate. All computers connected directly to OSU's network are subject to this policy.
Actions to be taken by Network Engineering Team (NET) personnel for various Network Security Events as defined later in this document:
1. Monitoring. NET will take reasonable steps to monitor the campus network in a way that will detect common network attacks originating either on or off campus.
2. Reporting of Security Events. Security Events are to be reported to the email alias email@example.com and to the node and or network administrator originating the event. Reports made by phone must be followed up with an email report. In addition to log files showing dates, times, and specific host information regarding the event, the report must include the name and contact information for:
3. Response. Once NET has determined the nature of the Event, and has an understanding of who is doing what to whom, the following actions may be taken by NET personnel:
Both of these actions will usually be done at the campus border router in which case, email will be sent to the following aliases informing them of the block:
Assuming there is no evidence that the system has been compromised, the following aliases will also be informed:
In some cases, it may be appropriate to disable access to a node at a point closer to the node than the border router.
For single user workstations it may only be possible to notify the Network administrator.
4. Re-enabling of blocked hosts. Hosts that have had their access to the network blocked by NET will be re-enabled once NET Security personnel have a reasonable belief that the system is no longer a security risk.
Information Services fully supports the use of the University's computing and networking resources by the OSU community. Information Services has a responsibility to ensure these resources are being used responsibly, and must be in a position to take corrective action should a problem occur.
OSU Mailing lists are currently hosted on Mailman. Information about this service can be found here: http://lists.oregonstate.edu
IS will support mailing lists that meet the following guidelines:
The IS OOB network is intended for out-of-band access to systems in the Milne and Kerr data centers. To connect a system to the OOB network, please contact firstname.lastname@example.org for assistance.
Users of the OOB network are subject to the following use policy:
Network Services uses OpenNMS to monitor servers for several groups on campus.
Service or node outages can be configured to send email or generate pages, or both. The web interface allows you to view past and current outages, and acknowledge outage notifications.
If your department has servers that need to be monitored, please email us for more information.
Full access to OpenNMS requires an account. Contact us to request a user account. Please include your first and last name, department, and preferred username if you do not want one generated for you.
Once you get your account you should be able to login at the OpenNMS login page.
Testutil is a utility for Linux and Solaris servers that will monitor cpu, memory, disk utilization and mail queue size and send traps to OpenNMS. Download the utility here and contact us to configure notifications.
The campus firewall is designed with the following goals in mind:
Please see the Campus Firewall page for more information.
Information Services uses the Security Administrator's Integrated Network Tool (SAINT) for vulnerability assessment. Scans are available upon request. We are also evaluating the Nessus security scanner.
Helpdocs has information on client-side solutions such as SSH and key encryption.
|126.96.36.199 - 188.8.131.52||/16||OSU public netblock|
|10.0.0.0 - 10.255.255.255||/8||OSU private netblock|
|184.108.40.206 - 220.127.116.11||/24||Oregon University System|
|18.104.22.168 - 22.214.171.124||/24||OSU|
|126.96.36.199 - 188.8.131.52||/24||County Extension, Ag Experiment Stations|
|184.108.40.206 - 220.127.116.11||/24||County Extension, Ag Experiment Stations|
|18.104.22.168 - 22.214.171.124||/23||OSL|
|126.96.36.199 - 188.8.131.52||/20||County Extension, Ag Experiment Stations|
Information Services provides consolidated wireless network access through the OSU Wireless Network. Hundreds of dual-band (2.4 GHz and 5 GHz) access points give students, faculty, and staff access to the high-speed 802.11n network throughout the campus.
Please note that some laptops and most phones are not equipped to access the higher (5 GHz) band. Laptops require a "dual band adapter" and only the very newest, top-end Android phones include a 5 GHz adapter. Please consult the OSU Computer Helpdesk if you have questions about purchasing equipment that lets you access the high-speed network.
Anyone who has a valid ONID or OUS account will have access to our networks. Your computer or mobile device should be registered with Maintain so that you don't have to manually sign in to the network. For more information, please see the Wireless helpdoc page.
Visitors to OSU may be granted wireless access via departments that are sponsoring them. Departments have several options to grant wireless access to visitors. Please see the Wireless Helpdoc for more information.
Wireless conference accounts are ideal for a group of visitors who need access to OSU's wireless network infrequently for periods up to 14 days. The cost is $15 per wireless conference account, billed to a department index.
After registration, you will receive an email with a username and password that can be shared with conference attendees to login to the OSU_Access or OSU_Secure wireless networks during your event.
Request a wireless conference account (login with ONID).