Data Network Standard

Title

University of North Carolina at Chapel Hill Data Network Standard

Introduction

Purpose

This standard explains how to operate data networks under the University of North Carolina at Chapel Hill's ("University" or "UNC-Chapel Hill") Data Network Policy. 

The University assigned Information Technology Services (ITS) to manage University networks. By managing network traffic and activities, ITS ensures the University’s data networks: 

  • are reliable and trustworthy;
  • support the University missions of teaching, research, and public service;
  • follow U.S. Federal Communications Commission (FCC) and other regulatory requirements;
  • do not disrupt statewide or national networks; and
  • maintain good connectivity for everyone at the University.

Scope

Every person or University unit using devices or services that connect to a University network.  

Standard

Data Network Management

The University relies on fast and reliable data network services. It would not be possible for each department or school to provide their own as effectively as the University can provide them. The University cannot meet its goals or mission with uncoordinated pieces of data network. That method of service would also cost a lot more.

ITS provides equipment, services, and makes rules for the whole University to ensure fast network services that reliably work and provide the level of quality needed.

ITS must consider how buildings connect to the campus fiber architecture to maximize reliability, security, and efficient use of limited resources. The architecture consists of all campus buildings designated as hubs or spurs. This relies on the path of the fiber cables and distance to other buildings.

ITS must design, put in place, and maintain the campus networking framework to optimize:

  • compatibility,
  • mobility,
  • bandwidth, and
  • security.

To ensure compatibility and high performance, ITS must maintain campus Internet connections. The service requires a single campus entity to manage it.

To ensure security, only specific ITS staff members monitor network traffic through network protocol analyzers. Only the head of ITS Communications Technology or the Chief Information Security Officer may authorize staff to do that. The design of the campus network does not allow random, unauthorized traffic or eavesdropping on network traffic.

Device Management

Only ITS may install and maintain switches and routers on the campus data network. ITS must approve devices with multiple network interfaces (such as VPN gateways, firewalls, and servers) before those devices are connected to the network. Submit a Help Request to get that approval. Without approval, devices of this kind will be isolated from the network. Mark the request as "Critical" so someone will see it immediately if the connection of a device is an emergency nature or an existing device is being replaced.

Local Departmental Technical Liaisons

Any unit connected to UNC-Chapel Hill's Communications Network needs to have a technical liaison registered with ITS. When problems happen with a particular segment of the network, the liaison will be contacted. The liaison must respond and act with appropriate priority and authority. The liaison should also be reachable during normal business hours. The departmental contacts for nights and weekends need to be shared with the ITS Operations Center.

The department's technical liaison needs to cooperate with and respond to ITS requests. When problems happen, ITS will advise and work with the technical liaison. If the liaison can't be reached, ITS will work to restore the Network for most campus users. This could include disconnecting a department or building from the network if necessary. In all cases, ITS will notify the technical liaison of any actions taken. ITS will work with the technical liaisons to correct any problems.

TCP/IP Subnet Assignments

Any network device intended to connect to the internet must have a registered IP address within the 152.2.0.0, 152.19.0.0, or 152.23.0.0 Class B Internet networks assigned to UNC-Chapel Hill. ITS assigns subnet number ranges (both IPv4 and IPv6). Technical liaisons must send requests for new assignments via a Help Request. ITS is ready to provide help to meet departmental business needs. Help Requests should include the current need and subnet ranges of an appropriate size to meet growth you expect. Departments are encouraged to use campus DHCP whenever possible.

ITS manages all routers on the UNC-Chapel Hill networks. The role of routers in a campus network environment relates to the issue of IP subnets. ITS must authorize any routers that need to deploy for either broadcast/multicast containment or security reasons that cannot be met by virtual LAN configurations. IP routers are more complex than switches. If they are configured badly they can hurt networks through routing protocol problems.

IPv6

The ITS Networking IP Services group at UNC-Chapel Hill will only register globally unique, routable IPv6 addresses in campus DNS (Domain Name Server). ITS reserves the right to refuse any non-global or non-native (i.e. tunneled) IPv6 address. ITS encourages clients to request ITS-distributed IPv6 addresses for their assigned VLAN to register in campus DNS. As with IPv4, registration in DNS makes a system visible on the network.

IPv6 addresses registered on the campus DNS servers should be from an existing campus IPv6 network or approved external IPv6 network.

Please submit any IPv6 address that was not distributed by ITS Communications Technology to the ITS staff for review by submitting a Help Request specifying the following information:

  • the IPv6 address,
  • the source of the address, and
  • the reason that a campus network based IPv6 address is not an acceptable option.

UNC Domain Names

Requests for "[name].unc.edu" domains must come from a department level. Each request should include the following: 

  • desired "unc.edu" domain name,
  • requesting department,
  • department contact person for that domain name,
  • a description of the purpose for the domain (what is the University purpose?), and
  • a completed memo of understanding (MOU) for the domain requested.

This information must go to ITS-IP Services via Help Request. The MOU form can be initiated online. The MOU explains the conditions of ownership for the domain. A copy of the approved MOU will be returned to the requestor as the official notice of registration.  

The department should contact ITS if there are any changes in the information provided on an original "unc.edu" domain application. 

Non-UNC Domain Names

ITS provides guidance for the registration of non-"unc.edu" domains for official University business purposes. University DNS may list these domains if they are handled using best practices and if it is in the interest of the University. Only faculty or staff may use UNC-Chapel Hill DNS services for non-UNC-Chapel Hill domain names. Personal use is not acceptable. Use of non-"unc.edu" domain names on the UNC-Chapel Hill network for commercial or personal business will result in loss of network access.  

Faculty and staff members may apply to register a non-"unc.edu" domain name (usually .com or .org or .net) on a system using UNC-Chapel Hill DNS services. To apply to register a non-"unc.edu" domain name, submit a Help Request and ITS will determine if the use of University DNS is appropriate. 

Domain names for services accepting online payments

UNC-Chapel Hill is under constant attack by bad actors trying to compromise University systems. These people try to get unauthorized access to University data, such as credit card information used for online payments. Websites that accept online payments within the "unc.edu" namespace should not use a name that exposes their function. This helps cut the threat of a credit card compromise. It also helps to avoid the wrong kind of attention to those sites.

Words to avoid when naming a website include "payment", "donation", or "credit card." Consult the University CERTIFI committee (certifi@unc.edu) to get approval for any payment-related site.

IP/Host Registration

ITS assigns IP subnets. A department's technical liaison assigns the IP addresses for their network devices. Assigned addresses and corresponding hostnames must be registered with ITS or with a configured departmental DNS that is recognized by ITS. Send host registration information via a Help Request.

If a host name or address isn’t registered correctly, it may be blocked at the nearest network switch.

Network Use Standards

The University Communications Network enforces policies from our suppliers of Internet connectivity. ITS supports the elements of Internet policy that demand network etiquette and consideration for user's rights to privacy. ITS also endorses the policies and responsibilities for host and network managers contained in Internet RFC 1173. In particular, the policy that "Internet sites should not have 'general use' accounts, or 'open' (without password) terminal servers that can access the rest of the Internet."

Exceptions

Exceptions to applying this standard may be made by the following people and need to be documented: 

  • Vice Chancellor for Information Technology (Chief Information Officer)
  • Head of ITS Communications

Definitions

  • DHCP: Dynamic Host Configuration Protocol. This is a way to assign IP addresses to devices when they need them.
  • DNS: Domain Name System. The system that Internet domain names and addresses are tracked and regulated.
  • Tunneled: Technology enabling one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.

Related Requirements

External Regulations and Consequences

University Policies, Standards, and Procedures

Contact Information

ITS Policy Office

  • Phone: 919-962-HELP/4357
  • Email: its_policy@unc.edu
  • Web: help.unc.edu

ITS Communications Technology

  • Phone: 919-962-HELP/4357
  • Web: help.unc.edu

Important Dates

  • Effective Date and title of Approver: Effective 5/2/2017. Deputy Chief Information Officer.
  • Revision and Review Dates, Change notes, title of Reviewer or Approver: Standard derived from superseded Data Network Infrastructure Policy dated 5/29/2014
100% helpful - 2 reviews

Details

Article ID: 131241
Created
Thu 4/8/21 9:04 PM
Modified
Thu 12/14/23 11:58 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
12/15/2020 10:51 AM
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Vice Chancellor for Information Technology and Chief Information Officer
Last Review
Date on which the most recent document review was completed.
12/13/2023 12:00 AM
Last Revised
Date on which the most recent changes to this document were approved.
11/04/2019 1:01 PM
Next Review
Date on which the next document review is due.
12/13/2026 12:00 AM
Origination
Date on which the original version of this document was first made official.
05/29/2014 12:00 AM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Information Technology Services

Related Articles (2)

Data Network Policy
Requirements for all data network activities at the University. Central coordination of data networks supports the University mission of education, service, and research. It is the responsibility of ITS to coordinate, monitor, and manage University network traffic and activities. Compliance with this policy and related Standard helps our campus facilities adhere to FCC and other regulatory requirements, not disrupt statewide or larger networks, and provide robust and reliable services..
Wireless Standard
The Wireless Standard provides a structure for managing the shared resource of wireless communications spectrum on the UNC-Chapel Hill campus. The UNC-Chapel Hill technology infrastructure is provided to support University operations and its mission of education, service, and research.