CAN, MAN, and WAN, which represent one pattern are extensions of the networking capabilities performed by the LAN over a wider geographic distance. A CAN is used to network buildings within a campus, essentially providing a backbone capability that is accessible directly (not through a carrier) from each building. A MAN evolved from LAN designs, but is optimized for longer distances (i.e., up to 30 miles), greater speeds (i.e., more than 100 megabits per second) and diverse forms of information (e.g., voice, data, image and video). MANs generally cover an entire metropolitan area, such as a large city and its suburbs. A WAN covers a much larger area such as a city, state or country, and generally performs the same functions as a MAN, but tends to rely more on carriers to provide connectivity between sites.
A CAN is used at the main NIH campus to connect campus users in the various buildings onto NIH’s network, NIHnet. A MAN is used to connect the main NIH campus to other NIH locations within the metropolitan area and the WAN is used to connect locations outside the metropolitan area. In-house fiber is used for the CAN and commercial carrier services are used for the MAN and WAN.
The majority of CAN/MAN and WAN services are centralized at NIH, with CIT taking the lead role in managing the core backbone network infrastructure. All ICs share the core backbone network. The core backbone network supplies connectivity between the ICs, as well as supplying access to the Internet.
The backbone is being migrated from ATM to Gigabit Ethernet. Design is hierarchically based with an access layer, a distribution layer and a core layer. The core layer provides access to servers, farm networks and data centers. The distribution layer provides traffic flow control, high-level access and control and filtering. The access layer provides granular access and control and filtering.
The logical design pattern for CAN/MAN/WAN shows how the network layers in the LAN patterns actually connect different sites within and to NIHnet. The core network at the center of this picture is the backbone of NIHnet. The WAN and distribution routers shown here correspond to the distribution routers shown in the LAN Minimum Configuration and LAN High Availability Configuration patterns . The access routers in the remote building network and the campus building network were shown in the access layer of the LAN patterns. Internet connectivity is accomplished through the distribution or core layers. Please see the Security Architecture for guidance about implementing boundaries and protective services between or within layers. Other HHS Operating Divisions can connect to NIH resources through dedicated circuits to HHSnet which are connected to the distribution or core layers. Note that business partners will use the extranet capabilities of NIH to access NIH resources through the Internet; direct connection to NIHnet can occur only after complying with security procedures, policies and architecture standards.