We have considered the number of services required at the core of the network and streamlined these to provide essential services only. This has been carefully balanced, so as not to degrade the integrity of the network, whilst keeping it secure and enabling a greater user experience. The core network is on a 10Gb backbone and all the core Cisco switches are being refreshed for the start of the BLN4 contract.
At the core of the network we have 2 Palo Alto 5050 firewalls with 10Gb throughput (5Gb in and 5Gb out). These are in place to protect the core of the network from potential harmful traffic coming into the BLN network from the world wide web. They are managed by Virgin Media and are housed in a Bradford located data centre. The 2 firewalls work in active / passive mode for resilience. All BLN schools must connect through our core firewalls as agreed by the Technical Reference Group. There is no charge should schools need to make changes to their core firewall rules.
There are 2 Infoblox DNS servers at the core of the network that manage all BLN internal DNS queries. Infoblox is a product developed by Nebulas. Virgin Media managed service provide the first and second line support on these products. Schools can have access to a DNS portal to manage their own DNS changes or these can be made by the E-ICT helpdesk at no additional charge.
The DNS servers also protect the network from external threats, such as DDOS attacks. A list of other threats that the servers protect against are as follows:-
- DNS reflection/DrDOS
- DNS Amplification
- DNS-based exploits
- TCP/UDP/ICMP floods
- DNS cache poisoning
- Protocol anomalies
- DNS Tunneling
All schools should still ensure all local devices are protected with anti virus/anti spam software.
Connections out to the Internet
We have a 4Gb Virgin Media connection (MIA), out to the internet from the core of the network. This is monitored to make sure that it is providing optimum throughput traffic volumes. There is also a 4Gb failover connection should a fault occur on the MIA.
All schools are given a unique public IP address out to the internet from the BLN range. If you require an additional IP address for a particular service this will be provided at no extra charge.
BLN Simplified Topology