The following page was developed to assist in answering questions of a technical nature.
Please direct all additional questions to Charmine Chambers or Brad Williams at the Kan-ed offices.
The Kan-ed 2.0 network differentiates sites based upon LAN IP blocks. These blocks define which Profile your site belongs to. Here's a breakdown of the four primary profiles and the services offered to each one:
| Profile | Core Firewall | Core URL Filtering | Core Anti-Virus | Core Anti-Malware | Core Packet Inspection | Internet 1 Service | Internet 2 Service | Core Video Services |
| Profile A | No | No | No | No | No | Yes | Yes | Yes |
| Profile B | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Profile C | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
| Profile D (ie: KAP Connections) |
No | No | No | No | No | No | Yes | Yes |
NOTE: Moving from one profile to another requires LAN IP addressing changes.
My organization has multiple locations interested in connecting to the Kan-ed 2.0 network. Am I allowed to use the Kan-ed 2.0 network to replace my existing WAN.
Yes. The only caveat is that all sites must be in the same Profile (see above) for security reasons.
How should I connect my LAN to the Kan-ed 2.0 network?
Generally speaking, most sites will find that connecting a switch to the Kan-ed 2.0 router then connecting their NAT/PAT device to the switch (similar to this diagram) will provide the greatest level of flexibility.
What kind of equipment will Kan-ed place at my site?
Kan-ed will place a Juniper J-Series router at all Kan-ed 2.0 locations. Which model J-Series router is deployed depends on the number and capacity of the circuit ordered.
How much space and electricity does the site router require?
The Juniper J-Series routers require the following environmental specifications:
Additional information can be found via the Juniper website or via this PDF datasheet.
How much control and/or access will I have over the site router?
None. Sites will not have local or remote access to the Juniper site router for any reason. Additionally, the Kan-ed 2.0 network does not support configuration of site-based SNMP settings for management/monitoring purposes.
Can I continue to use my legacy Kan-ed (ie: Kan-ed 1.0) IP address assignments?
No. Moving to the new Kan-ed 2.0 network requires all nodes with public IP addresses to be reconfigured. Kan-ed does not have staff to assist with the transition of devices from one network to the other. Please plan accordingly.
Will my codec IP addresses have to change?
Yes. As stated previously ALL public IP addresses must be changed to be compatible with the Kan-ed 2.0 network.
The Kan-ed NOC has posted processes for changing IP addresses on individual video system. Please note: Users with full mesh systems are strongly advised to contact Cytek Media Systems for assistance. It is also strongly advised that sites work closely with equipment maintenance contract holders before making changes to video endpoints.
Once video endpoint IPs have been changed, please contact the Kan-ed NOC (866-984-3662) so that scheduling systems and records may be updated.
How many IP addresses will my organization be assigned?
All Kan-ed 2.0 sites will be assigned either a /28 (13 usable IPs) or a /27 (29 usable IPs) of globally routable IP addresses. The size of the assignment will be determined based upon:
NO assignments will be made larger than a /27.
My organization already uses NAT/PAT with private addressing. Are there potential compatibility issues with the Kan-ed 2.0 network and private addressing?
Yes. The Kan-ed 2.0 network utilizes private IP addressing for portions of the network including: Core (routing and firewalling), point-to-point IP networks, and router loopback addresses. These ranges are as follows:
Potential problems arise with sites that utilize these same IP networks on their internal networks. In this situation, the same IP address may appear multiple times in the output of a traceroute; thus making troubleshooting more difficult.
What DNS resolvers should I use?
The Kan-ed 2.0 Network has deployed two DNS resolvers in the network core for sites to utilize.
Sites are welcome to use external DNS servers if so desired; however, support for these systems is not provided and sites should be prepared to support those configurations. Sites that are not connected via the AVPN should be provided DNS resolvers by their KAP.
Will DNS hosting be provided or available at an additional cost?
Yes. This is a change in service offering based upon community feedback. DNS hosting services will be provided; however, some details regarding the service have yet to be worked out. Any organization wishing to host DNS services with Kan-ed should locate all of their DNS registrars (do a "whois" on all forward domains). Your organization will need to update records with these registrars when the time comes, and having that information and process worked out ahead of time will aid in insuring limited loss of service.
May I continue to host servers with my Kan-ed 2.0 connection?
Yes. Sites who currently host web, email**, DNS, etc servers may continue to do so without any interruption in servcies; however, please note the following:
**Note regarding email servers: Sites planning to host their own email server should note that MANY spam scanning systems perform reverse DNS lookups on hosts sending email. Generally speaking, if a reverse DNS entry is not found the scoring system will elevate the "spam potential" score; thus increasing the chances that it will be marked as spam, quarantined, or discarded completely. For these reasons, all sites wishing to host their own email servers are STRONGLY encouraged to request a PTR record for their email server.
Does my site HAVE to use the URL filtering?
Profile B and C sites will be filtered by default while Profile A sites will not enjoy core URL filtering.
Will web URL filtering be offered from Day 1?
Yes. Web filtering is currently configured on the Kan-ed 2.0 core. The filtering is configured for base CIPA compliance via Junper's WebSense implementation.
Will all computers have the same filtering?
All computers at Profile B sites will have the same web filtering applied. A bypass proxy server is available for users that need access without filtering.
What level of control will end sites have over the web filtering offered by the Kan-ed 2.0 core?
URL filtering offered as part of the Kan-ed 2.0 has been designed with basic CIPA compliance as its primary goal. For this reason, individual white and black lists will not be maintained. Sites wishing to add or remove URLS from blocked status should submit the URL to WebSense via this form.
What kind of capacity reporting will be available to my site?
None. Sites wishing to see capacity reports must build their own internal infrastructure for this kind of functionality.
What kind of reports will be available regarding my organization's web filtering?
None. The Kan-ed 2.0 core does not support reporting on individual users or even entire IP blocks. It is suggested that organizations requiring this level of reporting run their own web filtering solution.
What core video services does Kan-ed offer?
Kan-ed offers use of the Renovo Scheduling System, the Tandberg/Codian High-Definition MCU, the Tandberg/Codian IPVCR (streaming media)
What is a demarc?
A "demarc" refers to the point of demarcation. The term is traditionally used when referring to the location where the telephone company hands the circuit to the customer. Sites on the Kan-ed 2.0 network will have two (2) demarc points: 1) where the telco delivers the T1s, T3, or Ethernet to your site and another where your site LAN plugs into the Juniper J-Series router.
What is a demarc extension?
A demarc extension refers to the process of installing additional wiring so that site routing hardware can be located somewhere other than the telco demarc. For example: If the telco demarc is located in the basement of your building but your network core is located on the 2nd floor, a demarc extension is generally installed so that routing hardware may be located near other network infrastructure.
Generally speaking, extending demarc wiring is performed by the telco. If your site needs a demarc extension, please be sure to indicate this need on the Kan-ed 2.0 site questionnaire.
