Science DMZ Design

At the core of computing at UW is a campus network built around high speed architecture supported by fast switches and routers, this network is refered to as the UW Enterprise Network (UWEN). The UWEN is a secured network dedicated to the day to day operations of UW including student computer labs, administration, financial transactions, etc. However, to make the UWEN secure all data to/from campus passes through the campus exit processing, in particular firewalls. It is the processing time required by the campus firewalls and exit architecture which can significantly slow down traffic to off-campus sites — particularly when there is a large quantity of data being transferred, as is frequently the case for high end research networking.

In order to provide high-speed, high-volume network access to off-campus locations across Internet2, the UWSN bypasses the campus firewalls while the core network handles the research data within the campus.

The UWSN will utilize a new NSF funded 100Gbps link between UW and the I2 access at the Front Range Gigapop (FRGP) in Denver. This link will provide the necessary high performance bandwidth to transmit large volume data sets to other I2 connected sites. Data transfers to/from non-I2 sites will utilize the commonly accessible 10Gbs links UW has to commodity internet along with all other data from the non-UWSN UW network users.
Latency is the time delay between when a source computer sends data and when a target system receives it. High latency can adversely affect time-sensitive applications ranging from videoconferencing to remotely monitored surgical procedures. In addition high latency can cause significant apparent loss of bandwidth due to network timeout packets that cause retransmission.

By strategically connecting the UWSN outside the campus firewalls and exit architecture, research network traffic undergoes far less processing between its source on campus and the Internet. This reduction in campus edge based processing significantly reduces latency between UWSN users and other I2 sites.
In addition by utilizing 9000-byte sized packets, a standard in science networks, and without the restrictions of the more common 1500 byte packets utilized by firewalls and traditional campus exit architecture, science network participants can transmit a much greater volume of data at higher speeds than would be possible from the standard campus network.

This is a diagram of the physical layout of the DMZ: