Anda di halaman 1dari 17

Computer Networking and Internet Technology Graded Unit

DG0H 35
Image from ikipedia!org" u#er $att %ritt" licensed under Creative Commons Attribution 2.5 License
Dark &lue' net" ca" u# ( Green' com" org ( )ed' mil" go*" edu ( +ellow' ,p" cn" tw" au" de ( $agenta' uk" it" pl" fr ( Gold' &r" kr" nl
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
-ndrew .hilp HDCN/0
Content#
1y#tem 2*er*iew!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3
-##e##ing u#er3# need#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3
Domain pro&lem# which may &e encountered!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4
Topologie#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5
TI-56I-75897%" Three tier de#ign method!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8
.ro,ect .lan :!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!;
-N Connection#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!;
/unction of )outer#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!;
)outing .rotocol#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9
)edundancy!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9
1ecurity!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<
Choo#ing appropriate e=uipment!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:0
Connecting the network!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:0
Te#ting the network!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:0
-d*anced I. De#ign!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!::
>?1$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!::
)oute -ggregation!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:0
-d*anced )outing .rotocol#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:0
De*eloping a 1witched De#ign!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:3
6*aluation!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:3
1cala&ility of de#ign!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:4
6ffect on &andwidth!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:4
6ffect on colli#ion domain#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:4
6ffect on &roadca#t domain#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:4
6ffecti*e u#e of addre## #pace!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:5
6ffect of #ecurity mea#ure#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:5
6ffect of redundancy mea#ure#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:5
-N connecti*ity!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:5
6a#e of admini#tration and management!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:8
-ppropriatene## of e=uipment!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:8
De#igning the pro,ect conducted within allocated time#cale!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:8
6*aluating the effecti*ene## of the pro,ect!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:8
$odification# to the pro,ect!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:8
Impro*ement# which could &e made!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:8
)ecommendation# for the future!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:;
0
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
1y#tem 2*er*iew
-t the moment" the network i# running on =uite an old #y#tem! There are no #eparate
u#er account#" a #ingle network con#i#ting of a colli#ion domain of 054 node#" :0m&p#
&andwidth and routed through a #ingle router! The protocol# u#ed are TC.5I."
Net%eui" and -ppleTalk! 2n the -N #ide" with a :0m&p# link to a local Uni*er#ity
there i# a pro@y #er*er which hang#" and al#o no re#triction# in place on which
we&#ite#5content will &e filtered! Hu&# are u#ed when needed to connect to the
&ack&one" and each la& u#e# a workgroup with a print #er*er!
There are #ome point# which the organi#ation would like enforced'
Internet -cce## to all work#tation#
1ticking to the &udget and al#o &eing on time
The de#ign mu#t la#t at lea#t :0 year#
?-N throughput will increa#e :00 fold in the :0 year period
-N throughput will increa#e :0 fold in the :0 year period
:m&p# to the de#ktop and :00m&p# on the &ack&one mu#t &e pro*ided or
higher
2ne routed protocol ATC.5I.B
-##e##ing u#er3# need#
ith no di#tinction &etween #taff and #tudent#" there i# a ma,or #ecurity pro&lem! The
new network will #ort thi# pro&lem out &y pro*iding #eparate domain# which will
enhance #ecurity while pro*iding granular control! 1oftware i# manually in#talled onto
machine# C an inefficient way of rolling out update# and #oftware!
-# #een a&o*e" there will &e a ma##i*e increa#e in the num&er of u#er# and therefore
&andwidth will al#o increa#e! U#er# need to ha*e a fa#t" up to date #y#tem a# they will
&e u#ed to a #low and old #y#tem! -n accepta&le performance le*el would &e low
latency and high" #u#tained &andwidth" without &ottleneck# at &oth the -N and
?-N #ide#!
/or the &e#t &alance &etween co#t and #peed" I would u#e at thi# point in the pro,ect
Cat8 twi#ted pair at :g&p# to the work#tation# and :0g&p# fi&re on the &ack&one! Thi#
i# futureproof a# it i# e@pected to #upport future #peed# #uch a# :0G%-167T A:0
giga&it# per #econd or :00 time# the normal :00%-167T" :00m&p#B
Compari#on of different media
Name ?ength 1peed $edia Introduced /utureproof
:0%-160 5 5 0' 000m
5' 500m
%oth :0m&p# Coa@ial :<93 No
:0%-167T D:00m :0m&p# Twi#ted .air :<<0 -rgua&ly
:00%-167TE D:00m :00m&p# Twi#ted .air :<<5 +e#
:000%-167T D:00m
:000m&p#5:g&p#
Twi#ted .air :<<< +e#
:00%-167/E 400m :00m&p# /i&re :<<5 +e#
:000%-167?E 550m
:000m&p#5:g&p#
/i&re :<<9 +e#
:0G%-167) 300m :0g&p# /i&re 0003 +e#
3
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
The rea#on I would cho#e :g&p# to the work#tation i# that if ?-N throughput i# to
increa#e :00@ the :m&p# which i# the #malle#t amount that can &e deployed" that
would mean :00m&p# would &e fully #aturated! Thi# mean# that there i# plenty of
re#er*e left in Giga&it 6thernet! /or the &ack&one link# I ha*e cho#en :0g&p# fi&re a#
the minimum i# :00m&p# and that i# e@pected to grow &y :0@" which i# :g&p#! :0g&p#
like the :g&p# a&o*e" will lea*e plenty &andwidth in re#er*e" a# well a# allowing it to
&e #hared &etween many work#tation# without compromi#ing performance!
Domain pro&lem# which may &e encountered
Colli#ion Domain
- colli#ion domain i# a portion of the network where packet# can FcollideG
with each other" meaning that while only one packet can &e #ent on any one
#hared network medium" two computer# may #end packet# at the #ame time
which would then collide on the medium! Thi# would cau#e too high a *oltage
on the medium which the computer# would pick up on and &ack off for a
random amount of time &efore trying to #end again! Thi# proce## i# a re#ult of
a protocol called C1$-5CD ACarrier 1en#e $ultiple -cce## with Colli#ion
DetectionB! C1$-5CD doe# NOT run on full duple@ A#ending and recei*ing at
the #ame timeB 6thernet link#" #o colli#ion# are impo##i&le a# each #egment i#
connected to a #witch! It i# not al#o u#ed in :0 Giga&it 6thernet a# there i# a
re=uirement to only u#e #witche# in the #tandard! Therefore to eliminate
colli#ion# I will &e u#ing #witche# e@clu#i*ely along with router#! Hu&# #end
data recei*ed out of all port# e@cluding the one it wa# recei*ed on" which
increa#e# un7needed &andwidth and al#o increa#e# the ri#k of colli#ion#!
%roadca#t Domain
- &roadca#t domain i# a portion of the network where node# can talk to each
other &y F&roadca#tingG A#ending a me##age to a $-C addre##
H//'//'//'//'//'// C layer twoI or I. -ddre## H055!055!055!055 C layer
threeI which all other node# will re#pond toB! - &roadca#t domain cannot &e
#plit &y a layer two de*ice #uch a# a #witch &ut can &e #plit &y a layer three
de*ice #uch a# a router! ?ayer# are meaning layer# of the 21I layer" namely :7
.hy#ical" 07Data ?ink A1witche#B" 37Network A)outer#B! To concentrate a
&roadca#t domain to one portion of the network" a router will &e u#ed to di*ide
different portion# a# a node &roadca#ting o*er the whole network would lead
to a ma,or #lowdown and increa#e conge#tion!
4
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
Topologie#
To #ol*e the a&o*e pro&lem# a #uita&le network topology mu#t &e #elected! There are
#i@ &a#ic network topologie#'
:! %u#
0! 1tar56@tended #tar
3! )ing
4! $e#h5/ully connected me#h
5! Tree
Image courte#y of ikipedia!org u#er foo&aJ" relea#ed into pu&lic domain!
/rom the li#t a&o*e I ha*e cho#en an e@tended #tar topology! Thi# will pro*ide a fa#t
connection &etween #witche#" howe*er ha# not much in the way of redundancy!
%etween the IC# AIntermediate Cro## ConnectB I will in#tall redundant link#" which
will help fault tolerance!
5
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
TI-56I-75897%" Three tier de#ign method
TI-56I-75897% i# a #tandard which define# how #tructured ca&ling i# phy#ically
in#talled in a network in a hierarchical way!
$ain Cro## Connect
Thi# i# connected to Intermediate Cro## Connect# and HoriJontal Cro##
Connect# and can al#o &e known a# the old name" $D/ or $ain Di#tri&ution
/rame! Thi# may &e where the .2. or point of pre#ence i#" with the -N
Awide area networkB connection! Thi# i# the Core layer" which will contain the
core router# and #witche#" a# well a# #er*er#!
Intermediate Cro## Connect
Thi# i# the #econd layer of the hierarchical #tructure" going from $CC to the
HCC# AHoriJontal Cro## ConnectB! The older name for thi# wa# ID/"
Intermediate Di#tri&ution /rame! Thi# i# a di#tri&ution frame to the HCC"
where all the node# on one floor will &e connected! Thi# i# the Di#tri&ution
layer" which will contain #witche# and #er*er#!
HoriJontal Cro## Connect
The HCC can &e a patch panel" clo#e#t to where the node# will &e! It i# the la#t
layer of the hierarchical de#ign model! It i# the -cce## layer" which may not
ha*e any e=uipment apart from an acce## #witch!

The e@tended #tar network I ha*e cho#en" u#ing the three layer de#ign method" along
with indu#try #tandard# i# #cala&le! $ore computer# can &e added if needed ea#ily ,u#t
&y connecting them to the acce## #witche#" which will ha*e trunking along the work
#pace already in#talled! The I. addre##ing #cheme will al#o include pro*i#ion for more
computer# to &e added! Node# can al#o &e remo*ed without any di#ruption of #er*ice!
If more acce## #witche# are to &e added" thi# can &e done without too much ha##le if
for e@ample a new &uilding i# introduced to the network! Colli#ion and %roadca#t
domain# are controlled &y the router# and #witche#" reducing domain pro&lem#! The
modular de#ign al#o aid# in trou&le#hooting" a# if there i# a pro&lem with #er*er# it
will &e at the di#tri&ution layer" a -N pro&lem will &e at the core layer and acce##
8
Core router, MCC
Distribution Switch, ICC
Access switch, HCC
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
pro&lem# will &e at the HCC! -t the moment the de#ign currently in u#e i#
unaccepta&le a# hu&# are introduced into the network when re=uired" which will
reduce &andwidth on the :0m&p# link e*en lower and #low the #y#tem down! In #ome
ca#e#" a hu& may &e connected to another two hu&#" which mean# there will &e a lot of
&roadca#t and data flooding out onto the network!
.ro,ect .lan :
-# can &e #een in my phy#ical de#ign" I ha*e opted for a router in the .2.5$CC" with
a firewall to filter traffic! I ha*e al#o included 4 #er*er#" the#e are $ail A1taffB" $ail
A1tudentB" $ail A%ackupB and a pro@y #er*er! I then ha*e another router" routing
traffic to four main ICC#" one for each two floor# of the &uilding! -fter the ICC#" I
ha*e then put a #witch for each floor" which will then ha*e a #eparate #witch for each
room and where needed if it i# o*er the ma@imum length!
-N Connection#
There are *ariou# -N Aide -rea NetworkB connection# a*aila&le" to connect the
organi#ation to the 1uper Kanet II network! Thi# will ha*e to ha*e enough capacity to
meet current and future re=uirement#! The current &andwidth i# e@pected to increa#e
ten7fold in the ne@t ten year#" which i# :0m&p# @ :0 which would &e :00m&p#! /or a
:00m&p# #er*ice to the organi#ation you would re=uire a lea#ed line" which could &e
u#ing the 2C73 optical #tandard at :55m&p# or a #tandard /a#t 6thernet lea#ed line at
:00m&p#!
/unction of )outer#
)outer# are a #pecial type of computer" engineered to do *ery #pecific ta#k#! They
calculate the &e#t path for data and forward it out a port configured &y the
admini#trator! They make &roadca#t domain# #maller &y #egmenting network#! In the
a&o*e network" the core router will take the -N connection #upplied &y the
C1U5D1U and &e the main point of connection to the lea#ed line! The organi#ation
may choo#e to ha*e another core router for redundancy" with a #eparate lower
&andwidth -N link like -D1? for &ackup in ca#e the main lea#ed line goe# down
for whate*er rea#on!
The three tier model" Core L Di#tri&ution L -cce## can in*ol*e router# at any #tage!
Di#tri&ution #witche# or router# con#olidate the connection# originating from core
router#! -cce## layer #witche# or router# connect work#tation# to the di#tri&ution
layer! - core router will &e one of the mo#t e@pen#i*e router# a# all -N traffic will
pa## through it" along with enforcing Mo1 AMuality of 1er*iceB which mean# there will
alway# &e a certain performance le*el a# it will filter traffic and gi*e greater
importance to thing# #uch a# >oI. A>oice o*er I.B which need to ha*e low latency
and low ,itter to en#ure a good con*er#ation =uality! - di#tri&ution router will ha*e
-N aggregation capa&ilitie# and enforce -cce## Control ?i#t# or *ariou# other
#ecurity implementation#! It will &e le## e@pen#i*e than a core router" &ut may &e
more e@pen#i*e than an acce## router or #witch! -cce## layer router#5#witche# will &e
a lot cheaper and ha*e &a#ic Mo1 #etting#! They will al#o ha*e #ome monitoring tool#!
;
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
)outing .rotocol#
There are many routing protocol# which can &e con#idered for the large network
which will &e con#tructed! -mong the#e are'
IG). AInterior Gateway )outing .rotocolB C Di#tance *ector
6IG). A6nhanced Interior Gateway )outing .rotocolB C hy&rid
21./ A2pen 1horte#t .ath /ir#tB C link #tate
)I. A)outing Information .rotocolB C di#tance *ector
I17I1 AIntermediate 1y#tem to Intermediate 1y#temB
There are two main type# of routing protocol" link #tate and di#tance *ector! There are
al#o hy&rid protocol# #uch a# 6IG).!
- link #tate protocol u#e# link #tate ad*erti#ement# and each node &uild# a map of the
network! If a topology change i# found then a link #tate ad*erti#ement i# &roadca#t
o*er the network and each node update# their map of the network! Thi# i# in contra#t
to a di#tance *ector routing protocol in which node# #hare their routing ta&le# in order
to learn a&out change# in the topology periodically Ahowe*er 6IG). doe# thi# only
when neededB! There are two main protocol# to decide &etween in a network thi#
large" 21./ or 6IG).! )I. i# an older protocol and #o i# IG).! They do not #upport
>aria&le ?ength 1u&net $a#king" a nece##ity in thi# network! %oth 21./ and 6IG).
#upport >?1$ a# well a# other ad*ance# in routing technology!
-d*antage# and Di#ad*antage# of 21./56IG).
-d*antage# Di#ad*antage#
21./ 2pen #o work# on many
platform#
Comple@ configuration
/a#t con*ergence )ecalculation u#e# a lot of
C.U5memory
6IG). Update# ta&le# when
needed
Ci#co proprietary
/a#t con*ergence No area# like 21./
21./ will &e the network protocol u#ed in my network! I may wi#h to u#e other
*endor# rather than Ci#co and 21./ will lend it#elf &etter to the large network &eing
con#tructed!
)edundancy
To enhance redundancy on the network Ain ca#e a fi&re i# cut or a port goe# down on a
routerB I will in#tall an e@tra fi&re link &etween each which ha# &een planned! I will
al#o in#tall an e@tra link &etween the Core and Di#tri&ution router# and the
Di#tri&ution and -cce## router#! Thi# will increa#e the co#t &ut decrea#e the ri#k of the
network going down or a #ection &ecoming unu#a&le! -# #tated earlier there will &e an
-D1? link for redundancy in ca#e the :00m&p# lea#ed line goe# down! There will &e
a #mall la& with a num&er of computer# a# well a# router# and #witche# to te#t any
change# &efore they are made to the whole network!
9
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
1ecurity
1ecurity i# certainly a *ery important part of the network! To #tart at the -N link"
we will ha*e a firewall after the D$N and al#o &efore it Afront7end and &ack7end
firewall# C #ee &elow diagramB! There will &e -cce## Control ?i#t# implemented at
the di#tri&ution layer to a*oid unwanted acti*ity from u#er#" which #hould &e
#egmented from other part# of the network! /or the te#ting la&" they will re=uire lower
#ecurity in order to te#t thing#" howe*er it will #till need to &e *ery #ecure #o that
nothing can #pread onto the whole network! - De$ilitari#ed None will &e
implemented for the #er*er#" which will &e a# #hown'
The fir#t firewall will ha*e rela@ed #etting# for port# a##ociated with DN1 and email"
&ut the &ack end firewall will &e more #ecure #o e*en if a hacker gain# acce## to the
front end firewall" the internal network will not &e affected! ?og# from the firewall# a#
well a# #er*er# will &e monitored for #u#piciou# acti*ity" a honeypot may &e put in
place which i# a #acrificial" i#olated #er*er which would &e monitored the mo#t for
any du&iou# acti*ity! It would al#o ha*e to &e firewalled off!
<
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
Choo#ing appropriate e=uipment
>ariou# *endor# can &e con#idered a# I am u#ing 21./" an open #tandard #upported
&y many manufacturer#! The main manufacturer# con#idered are Ci#co and H.!
I will re=uire Core router#" Di#tri&ution router# and -cce## router# a# well a# Core"
Di#tri&ution and -cce## #witche#! I will re=uire patch panel# and ca&inet# to put the
e=uipment in!
Name .rice >endor
Core )outer
Ci#co ;000 1erie#
OD5000 Ci#co
Di#tri&ution )outer
Ci#co 3900 1erie#
OD;000 Ci#co
-cce## )outer
Ci#co 0900 1erie#
OD0000 Ci#co
Core 1witch
Ci#co 3;50 1erie# 1witch
OD:0000 Ci#co
Di#tri&ution 1witch
Cataly#t 35806749TD
O;000 Ci#co
-cce## 1witch
.roCur*e 1witch 0904
O:300 H.
.atch .anel OD90 %elkin
1er*er OD:000 Dell
ork#tation OD300 Dell
Ca&inet
40U Ca&inet
OD500 )ack1olution#
Connecting the network
The -N connection will ha*e a :00m&p# lea#ed line" with an 9m&p# -D1? line for
&ackup! The connection &etween firewall and #er*er will &e giga&it 6thernet" and to
the core router will &e giga&it al#o! /rom the core router going out to the di#tri&ution
router#5#witche# #ituated in the ID/# will &e :0g&p# fi&re" and from the ID/
Adi#tri&utionB to acce## #witche# will &e al#o :0g&p# fi&re! Ca&ling from the acce##
#witche# to patch panel# #ituated in the HC# on each floor will &e :g&p# cat8 6thernet!
Te#ting the network
There will &e a #mall amount of computer# on each floor running to te#t! The #er*er#
and firewall# will &e running a# they would in a production en*ironment" and each
floor will &e te#ted to #ee if it can ping other floor#" and #er*er#! -cce## li#t# will &e
te#ted to en#ure they do not allow traffic which i# denied! Tracert ATrace )outeB will
&e u#ed to count how many hop# are needed to reach a de#tination" and thi# will al#o
&e done o*er all floor# a# well a# through the -N connection! ire#hark or another
tool #imilar to thi# would #how all protocol# running on the network" including
#howing router update# and DN1 update#!
:0
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
-d*anced I. De#ign
The main pro&lem I ha*e with the I. addre##e# allocated i# that I need to u#e >?1$
A*aria&le length #u&net ma#kingB and #u&netting #o that addre##e# are not wa#ted! I
ha*e four I. addre## range# gi*en to me'
I. -ddre##e# 1tandard 1u&net $a#k Num&er of ho#t# AdefaultB
008!05!:5<!0 055!055!055!0 054
008!05!:80!0 055!055!055!0 054
008!05!:8:!0 055!055!055!0 054
:<0!50!0!0 055!055!0!0 85534
-# you can #ee a&o*e" there would &e a ma##i*e wa#te of addre##e# if #u&netting or
>?1$ i# not implemented! /or e@ample" imagine we u#ed the :<0!50!0!0 in a room
with 30 computer#" 85500 addre##e# would &e wa#tedP Thi# can &e remedied &y u#ing
#u&netting" again a# an e@ample we could u#e the addre## :<0!50!0!0 with a #u&net
ma#k of 055!055!055!:<0" gi*ing a range from :<0!50!0!: 7 :<0!50!0!80! Thi# mean#
le## wa#te of I. addre##e# and more left in re#er*e for growth!
-ll together there are o*er 950 network de*ice#! The#e will ha*e to &e allocated I.
addre##e# in a hierarchical fa#hion #o that it i# ea#ier to admini#ter the network! DHC.
#er*er# will ha*e to &e u#ed on the network" #o that network addre##e# are configured
automatically!
>?1$
I am going to u#e #eparate network# for #taff" #tudent# and #er*er#! .rinter# will &e on
the #tudent network!
1tudent Network
/loor -ddre## )ange 1u&net $a#k Ho#t# )e=uired
Ground :<0!50!0!: 7
:<0!50!0!054
055!055!055!0 :05
:
#t
:<0!50!:!: 7
:<0!50!:!054
055!055!055!0 00:
0
nd
:<0!50!0!: 7
:<0!50!0!054
055!055!055!0 :4:
3
rd
:<0!50!3: 7
:<0!50!3!054
055!055!055!0 0:3
4
th
:<0!50!4!: 7
:<0!50!4!054
055!055!055!0 90
5
th
:<0!50!5!: 7
:<0!50!5!054
055!055!055!0 0:
8
th
:<0!50!8!: 7
:<0!50!8!054
055!055!055!0 3:
;
th
:<0!50!;!: 7
:<0!50!;!054
055!055!055!0 09
9
th
:<0!50!9!: 7
:<0!50!9!054
055!055!055!0 3
::
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
The a&o*e addre## #cheme help# #implify admini#trati*e trou&le#hooting and make# it
ea#y to connect new hardware to the 1tudent network" a# there i# plenty room left for
growth! It i# al#o ea#y to tell where network traffic i# coming from" due to the third
octet of the I. addre## &eing the floor num&er!
1taff Network
/loor -ddre## )ange 1u&net $a#k Ho#t# )e=uired
Ground 008!05!:8:!0730 055!055!055!004 00
:
#t
008!05!:8:!30780 055!055!055!004 :8
0
nd
008!05!:8:!847;9 055!055!055!040 9
3
rd
008!05!:8:!907<4 055!055!055!040 8
4
th
008!05!:8:!<87::0 055!055!055!040 8
5
th
008!05!:8:!::07:08 055!055!055!040 8
8
th
008!05!:8:!:097:40 055!055!055!040 9
;
th
008!05!:8:!:447:59 055!055!055!040 9
9
th
008!05!:8:!:807:;4 055!055!055!040 8
The a&o*e addre## #cheme u#e# one cla## C addre##" 008!05!:8:!0" and #plit# it u#ing
>aria&le ?ength 1u&net $a#k# to allow it to not wa#te too many addre##e#! There i#
#till growth a*aila&le howe*er 7 if the organi#ation wanted to add more de*ice# to the
#taff network they could!
The other I. addre##e#" 008!05!:80!0 and 008!05!:5<!0" can &e u#ed for router to
router communication and #er*er addre##ing!
)oute -ggregation
)oute -ggregation i# a method of making #ure the routing ta&le of a router doe#n3t get
too large! -ddre##e# of #u&network# #uch a# :<0!:89!<9!0" :<0!:89!<<!0 and
:<0!:89!:00!0 could ha*e #eparate entrie# in the routing ta&le! Howe*er" with route
aggregation on" they would &oth &e repre#ented a# :<0!:89!<9!0500" with a #u&net
ma#k of 055!055!040!0! Thi# i# &ecau#e in &inary" all the digit# match like #o'
Image courte#y of ikipedia!org
-d*anced )outing .rotocol#
21./ i# a dynamic routing protocol! Thi# mean# it recei*e# link #tate ad*erti#ement#
which update a dynamic routing ta&le" wherea# a #tatic routing protocol i# only
configured manually! Thi# mean# the network i# more ro&u#t if a link goe# down and
al#o le## likely to &e admini#tered incorrectly! It i# an open #tandard and u#ed &y
many manufacturer#" unlike 6IG). which i# proprietary to Ci#co!
:0
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
De*eloping a 1witched De#ign
- #witched de#ign would u#e high #peed &ack&one link# &etween the main #witche#!
The#e could &e I1? AInter 1witch ?inkB trunk#" &etween >?-N# A>irtual ?-N#B!
>?-N# pro*ide a *irtual ?-N in#tead of wiring up a #eparate network! In my
network I would #eparate the 1taff from the 1tudent network#" and would ha*e to u#e
a layer 3 #witch or a router to route &etween >?-N#! >?-N# pro*ide increa#ed
#ecurity" a# they do not allow communication &etween them without routing!
1panning Tree .rotocol A1T.B #top# loop# occurring &etween #witche#! It allow#
redundant link# &etween #witche# and can #witch &ackup link# online automatically!
6*aluation
$y e*aluation will co*er all #tage# of the pro,ect' -naly#i# of the ta#k" my planning
and organi#ation of the pro,ect" carrying the plan out to completion and al#o the
outcome! The main point# are &elow'
1cala&ility of de#ign
6ffect on &andwidth
6ffect on colli#ion domain#
6ffect on &roadca#t domain#
6ffecti*e u#e of addre## #pace
6ffect of #ecurity mea#ure#
6ffect of redundancy mea#ure#
-N connecti*ity
6a#e of admini#tration and management
-ppropriatene## of e=uipment
De#igning the pro,ect conducted within allocated time#cale
:3
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
1cala&ility of de#ign
$y network de#ign which I ha*e cho#en for thi# pro,ect i# *ery #cala&le" a# I ha*e
cho#en to in#tall e@tra wiring in the trunking at the work#tation#! $odular hardware
Arouter# and #witche#B ha*e &een cho#en to allow upgrading in the future" a# more
computer# may &e re=uired in the future! The #u&netting method I ha*e u#ed al#o
allow# for more computer# to &e added in at a later date" and DHC. make# thi# ea#ier
&ecau#e they do not ha*e to &e configured manually" it #hould &e F.lug and .layG!
Network de*ice# can al#o &e remo*ed when re=uired without di#ruption of #er*ice"
unle## they are core or di#tri&ution layer de*ice#! There i# al#o a large amount of
&andwidth left in re#er*e for any upgrade# due in the future! The three layer
hierarchical de#ign of Core L Di#tri&ution L -cce## help# with trou&le#hooting a# well
&ecau#e any pro&lem# at the core le*el will &e to do with -N acce##" any pro&lem#
at the Di#tri&ution layer will &e with #er*er# or the router#5#witche# at that le*el and at
the -cce## layer will &e with the acce## #witche# or work#tation#! There i# plenty
room for growth left in at all three le*el#" with e@tra #witch port# left empty and new
module# which could &e purcha#ed! It i# a fully #witched network #o will &e high
&andwidth and low latency! I am happy with the #cala&ility of my pro,ect I ha*e
undertaken! I would #ay it adhere# to the three tier hierarchical model and 6I-5TI-
589558< #tandard#!
6ffect on &andwidth
The network media I ha*e cho#en i# high &andwidth low latency fi&re optic ca&ling
and giga&it fa#t 6thernet! The#e are two popular option# for network# at the current
moment in time! They will pro*ide #ufficient &andwidth for the #pecified :0 year#!
Network load &alancing can &e enforced on &oth type# of media on the #er*er# and
network de*ice#! 6@clu#i*e u#e of #witche# mean that no &roadca#t #torm# can occur"
howe*er #witching loop# may! Thi# can &e remedied &y the u#e of 1panning Tree
.rotocol! The implementation I ha*e cho#en will pro*ide a good Mo1 AMuality of
1er*iceB to each u#er a# there i# plenty of &andwidth a*aila&le" e*en if there i# a lot of
traffic on the network!
6ffect on colli#ion domain#
-# I ha*e cho#en a #witched network" colli#ion domain# are increa#ed in num&er and
decrea#ed in #iJe! Thi# #hould mean that colli#ion# are impo##i&le or a *ery rare
occurrence! %roadca#t domain# are howe*er untouched a# they re=uire router# to #plit
them up! - #witch will gi*e a dedicated connection &etween the work#tation and
where the traffic i# going" wherea# a hu& or other de*ice would increa#e the #iJe of the
colli#ion domain!
6ffect on &roadca#t domain#
U#ing router#" &roadca#t domain# are made #maller and increa#ed in =uantity which
mean# le## traffic o*er the network! Thi# mean# le## chance of colli#ion# and a fa#ter
connection! The router# and #er*er# are placed in #trategic location# to a*oid &eing
detrimental to network performance &ecau#e there are #ome network protocol# #uch a#
-). and DHC. that re=uire &roadca#t#! >?-N# will al#o reduce &roadca#t# a# they
:4
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
re=uire a router to route &etween them" and a router would #eparate the &roadca#t
domain#!
6ffecti*e u#e of addre## #pace
Network -ddre## Tran#lation i# u#ed to reduce the amount of e@ternal I. addre##e#
re=uired from the internet naming authoritie#! 1u&netting i# u#ed to make the range
gi*en the mo#t effecti*e with minimal wa#tage of I. addre##e#! - cla## C network can
only ha*e 053 ho#t# on it" #o I #u&netted the cla## % addre## to pro*ide enough for the
#tudent network! I u#ed a cla## C network for the #taff network a# a lot le## addre##e#
were needed! There i# #ufficient growth in my I. addre##ing #cheme to #ati#fy the
re=uirement#! DHC. i# going to &e u#ed which #implifie# admini#tration a# only one
or two #er*er# need to &e configured in#tead of e*ery #ingle work#tation which would
ha*e &een what happen# if DHC. wa# not going to &e u#ed! +ou can al#o configure
DHC. to u#e #u&net#!
6ffect of #ecurity mea#ure#
1ecurity i# a# I pointed out earlier in the pro,ect a *ery important i##ue! I feel that the
#ecurity mea#ure# I ha*e put in place are ade=uate for the network! There are two
firewall# from the point of pre#ence" one for the Demilitari#ed None Afor email #er*er#
and any other #er*er# which re=uire out#ide acce##B and a #tronger firewall after tho#e
for the internal network! N-T i# &eing u#ed which help# pre*ent hacking attempt#
&ecau#e the internal network appear# to &e a #ingle I. addre##! If a hacker attempt# to
get in" there i# a firewall which will #top them! The router# and firewall# will ha*e
appropriate -cce## Control ?i#t# which #top unauthori#ed traffic! There i# al#o a ?-N
which can &e u#ed for te#ting update# fir#t which will help clo#e any #ecurity hole#
which may appear! There may al#o &e a FhoneypotG which i# u#ed to entice a hacker
and record log# for pro#ecution!
6ffect of redundancy mea#ure#
)edundancy wa# achie*ed &y including e@tra link# &etween the #witche# to act a#
failproof link#! If the main one went down" a #eparate one would come online thank#
to 1panning Tree .rotocol! -N redundancy wa# achie*ed &y adding a D1?
connection which would come online if for any rea#on 1uper Kanet III went down!
-N connecti*ity
The -N link I had cho#en A:00m&p# ?ea#ed ?ine to 1uper Kanet IIIB i# a good
choice a# 1uper Kanet i# pro*ided to in#titution# for a low co#t! It al#o cater# for the
#pecification of ha*ing :0 time# the &andwidth in the :0 year#! It will &e fa#t for any
u#er#! The D1? link I pro*ided a# redundancy i# o&*iou#ly not a good idea for
multiple u#er# all the time &ut if the main link went down" at lea#t the email #er*er#
and #uch would #till &e a&le to operate! The lea#ed line would &e a ... link!
:5
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
6a#e of admini#tration and management
DHC. make# managing I. addre##e# a lot ea#ier than manually doing it! The network
can &e managed from a central point through we& admini#tration" or there could &e
remote acce## from the technician# la& to the #er*er#! T/T. could &e u#ed to upload
configuration# to the router# to a*oid ha*ing to configure each one line &y line" #a*ing
time! I think the network would &e relati*ely ea#y to manage &y admini#trator#!
-ppropriatene## of e=uipment
The e=uipment I ha*e cho#en i# modular and I feel appropriate for the network! There
i# plenty of room for growth if it i# needed" and &andwidth i# more than ade=uate!
-dmini#trator# would &e a&le to cho#e what e=uipment maintenance agreement# they
would want" pro&a&ly with the e=uipment manufacturer! /utureproofing i# taken care
of &y the added ca&le# in the trunking and the high #peed of the network! The price of
the e=uipment i# rather high" howe*er for the fa#te#t network you ha*e to #pend more!
1a*ing# could pro&a&ly &e made &y going direct to the manufacturer and making a
deal for &ulk &uying of #witche# etc!
De#igning the pro,ect conducted within allocated time#cale
The pro,ect wa# completed in time and on &udget!
6*aluating the effecti*ene## of the pro,ect
The pro,ect wa# #ucce##ful and effecti*e a# the cu#tomer# need# were met in regard#
to the #pecification# laid out &y the cu#tomer! There i# to &e a ma##i*e increa#e in the
num&er of u#er#" taken care of &y the #cala&ility of the de#ign! %andwidth wa# to &e
:0 time# more in the ten year# on the -N link and :00 time# more on the ?-N link!
Thi# wa# taken care of &y making #ure there wa# #ufficient &andwidth! The I.
addre##e# allocated to the pro,ect were #egmented and #u&netted effecti*ely to gi*e
the &e#t &alance of u#e with minimal wa#te &ut #till lea*ing #ome for growth!
$odification# to the pro,ect
In the future wirele## could &e implemented for #ome la&# or an in#titution wide
wirele## network! The e@tra #witchport# left open and trunking with ca&le# already
in#talled could &e u#ed to connect the acce## point to the network! -part from adding
more computer# in the future" there are no real change# I would make to the pro,ect!
irele## #ecurity A.-B would ha*e to &e implemented howe*er!
Impro*ement# which could &e made
I feel there are no real impro*ement# which could &e made" howe*er there could &e
#ome which could &e made to the I. addre## #cheme #uch a# u#ing re#er*ed addre##e#
in#tead of one# gi*en &y the internet authoritie# #uch a# :;0!:8!0!0 and :<0!:89!0!0! I
am howe*er happy with how the pro,ect ha# turned out!
:8
-ndrew .hilp Computer Networking and Internet Technology
Graded Unit DG0H 35
)ecommendation# for the future
6merging technologie# may warrant an upgrade" &ut the #y#tem which ha# &een &uilt
would &e a&le to take the#e upgrade# with no ha##le! irele## encryption if wirele##
wa# added would ha*e to &e implemented" a >.N could &e u#ed for the -N
connection" Cat 8 ca&ling i# u#ed #o emerging #tandard# can &e integrated #uch a#
:0g&it 6thernet! >2I. would not &e hard to implement either a# the capacity i#
already there! Mo1 would ha*e to &e u#ed there a# it re=uire# low latency and low
,itter" #o would take precedence o*er computer data traffic!
:;