Introduction
In today’s world, computer and data communication networks are evolving every day with a vast step. Considering this, networks should be very adaptable, resilient and scalable, while in the same time they should have good performance with the lowest cost possible. To have a successful network with these attributes, the design and architecture planning is the most crucial phase [1]. This report will analyze the requirements and objectives of UOS University for expanding their network. All requirements will be inspected in detail and will provide the recommended solution for the overall network design following the TCP/IP model, bottom-up approach. Therefore, the aim of this report is to provide a detailed network planning and design specification for the new part of the network of UOS University. This will include cabling details, network devices details, topology, IP address sub-networking scheme, IP usage and distribution, and scalability. Moreover, it will describe the supportability of the recommended solution. Besides this, the report will include graphical diagrams of the network design as well as some abstract routing tables for each router.
Case study details
UOS University started operating from 1999, and since then the student’s number was growing very quickly. Nowadays, this university has 3 schools and 10 departments. After they were having a large number of students, they decided to offer them convenient student housing. Therefore, they prepared 5 buildings with 245 rooms in total and potentially adding 20 more rooms later. Consequently, they need to implement a new network that will satisfy all the students in the new resident facilities with network connection. The network planning and design was taken over by NT Design, an information systems designing company.
Requirements Analysis
Overall requirements
For the new residential facilities the UOS University required to have both wired and wireless network connection. For each room there should be a wall socket for network cable connection, while wireless connectivity should be available on each building and on the outdoor area as well. These requirements will be part of the access layer on the network.
Considering the fact that the university was being developed and expanded very fast, the network should be very scalable and resilient. From the importance aspect, these will be the fundamental requirements. All the servers and other central network devices should be placed on the office built in the same area near the residential buildings. Apart from this, UOS require to offer web and file transfer services for students. The requirement for services is considered secondary from the timeline perspective, since that will be implemented as soon as the network infrastructure will be operational. The university network operation center assigned 44.33.22.0/23 as IP address space to be used on the new network with the aim of not using private IP addresses on the wired network. Since the wired network should use only real addresses, the network addressing scheme will be designed by creating sub-networks to make better use of IP address space and better organize the network. Finally, they also acclaimed that they should keep a low cost for the whole implementation. Perceived from experience, only 20% of the life cycle total cost of a system applies to the development and implementation, the other employ the operation and support cost [2]. In consequence, the network design should take into account supportability as a very important factor.
Recommendations
Aside from the UOS requirements, seeing that there will be leased a lot of public IP addresses, we recommend them to have more robust flow control and security by using secure detection and prevention systems on the network edge. Moreover to have a better management and control over the wireless network, we suggest to implement the wireless connectivity as roamed wireless distributed system (WDS with Roaming), secured with user authentication. WDS will reduce implementation cost by not connecting with cable every access point. At the same time, Roaming functionality will make the wireless network more resilient by making possible to users to preserve their connection while moving through the area.
By analyzing the overall requirement’s, we suggest that the whole network design should follow the “Cisco three layer hierarchy” model, which consist of access, distribution and core layers. By using this model we can facilitate the effort of making a reliable and scalable network by having a reasonable cost. Each layer includes specific devices and serves for specific requirements. The access layer is the lower layer which handles the end user connectivity. All devices like workstations, handheld devices, network printers etc. are connected through the access layer, even though they are not part of the network design itself. The distribution layer will make sure to properly deliver and route all packets to specific networks, while the core layer will handle network interconnectivity by providing high-speed communication channels. [3]
Network Design & Architecture Approach
Interface Layer (Physical and Data-link)
Wing Buildings
For each room on Wing buildings will be installed one Ethernet wall sockets. All sockets will connect with UTP Cat5/e cables to a patch panel on the same floor with the room. This type of cable is very suitable for the end user connectivity since it meets their requirements by supporting up to 1 Gigabit/second (1000 Base-T), having low cross talk since the cables are twisted, and it is very durable [4].
Seeing that the number of rooms per floor was not provided, and assuming the room distribution per floor is approximately equal, we suggest to have 24 port patch panels and 24 port Fast Ethernet layer 2 switches per floor on each Wing building. The number of ports will be enough for the current users, while in the same time it is scalable by having some extra unused ports. All sockets connected to patch panels should be connected to the switch as well, with the appropriate labeling for each port with the room number. All floor switches will be connected to a central multi-layer switch, installed on each building. The central switches should have 8 Gigabit Ethernet ports since that would be necessary to support all floor switches. These switches on each Wing building will be connected to the main distribution switch on central office with STP Cat6/a cable. The connection between each Wing building central switch with the distribution switch on the central office, will be configured to be on the same Virtual LAN (VLAN), while the building hosts will be each on their Wing VLAN.
Wireless connectivity & Outdoor area
Depending on the building floor organization, for each floor at least one wireless access point will be installed by operating on 802.11n protocol and providing up to 150Mbps bit-rate. Simultaneously, there will be access points deployed on the outdoor area. The end point of wireless connectivity will be handled by the main wireless router which will be placed in the central office and will be connected to the main distribution switch with a UTP Cat6/a cable. All access points will be connected to each other wirelessly with mesh topology. Wireless interconnection of access points can be achieved by configuring them to operate as a Wireless Distributed System (WDS) [5] [6]. With proper configuration, there will be shown only one wireless network to the end users, even though there are multiple access points. While the users are moving on different areas and their currently connected access point does not cover that distance, they will be automatically switched from that access point to another by roaming the signal and keeping the connection to network. Different Access point models may be used with different specifications like number of antennas, antenna types and distance range support, depending on the area which they will be placed. Therefore in the whole area, a wireless signal analysis should take place first. This will certainly guide us also for choosing the best channel to use on wireless access points to not overlap with any other access point in the same area, thus achieving the best performance.
Central Office
Depending on the building organization to the central office, there should be installed and distributed at least 50 Ethernet wall sockets, by reserving 20 sockets for the server room. After that, a main distribution switch will be deployed, and it will be a multi-layer switch having 24 Gigabit Ethernet ports. All incoming and office connections will be done through patch panels by using UTP Cat6/a cables, which can reach up to 10 Gigabit/second (10000 Base-T) bit-rate and it is backward compatible [7]. The distribution switch will be connected to the firewall with Cat6/a cable.
Additionally, a main router and firewall will also be deployed in the office. Since the main router will be in the network edge, it should have an optical interface for connecting to the campus and internet with fiber optic cable. Besides that, another Gigabit Ethernet interface is needed to connect with the firewall. The firewall, will have two additional Gigabit Ethernet ports except the one connected to the main router. One port will be used to connect the distribution switch and the other port will be used to connect with the servers switch, hence creating a demilitarized zone (DMZ) for servers. The DMZ will be configured to operate as a VLAN. Although, in the same time the firewall will also be serving as Intrusion Prevention and Detection System (IPS/IDS).
The servers switch or DMZ switch will be a multi-layer switch with at least 16 Gigabit Ethernet ports which will connect all the servers. As a start there will be at least four servers connected with Cat6/a cable. Two of them will be to fulfill the user requirements, one by serving to host the student’s private web pages, and the other to be serving file transfer. Besides them, there will be a RADIUS server for wireless user authentication and management, and a database server. Potentially, there will be more servers added after making a decent information systems analysis and design by the Information System Engineers. Also by having public IP addresses on servers and with some additional firewall rules, servers can be easily configured to be accessible from internet if that would be part of further requirements.
Network Layer
Sub-networks, IP addressing & DHCP
For better utilization of IP addresses, the specified network block of 44.33.22.0/23 will be used to create sub-networks by using Variable Length Subnet Masking (VLSM) [8]. There will be a separated network for each Wing building, for distribution switches, the demilitarized zone, and for each router-to-router (or multi-layer switch) connection. For all created sub-networks we used the closest mask-bits available on VLSM to fulfill the number of host’s requirement while also considering the scalability. The Wing I building require a minimum of 65 host, while Wing II and IV require a minimum of 70 hosts. For these buildings, we created sub-networks that support 126 hosts. Wing III and Wing V require a minimum of 40 and 20 hosts. So, for Wing III we created a sub-network of 62 hosts, while for Wing V a sub-network of 30 hosts. For each Wing building, their central multi-layer switch will also act as a DHCP server by providing IP addresses to their hosts. Meanwhile, since the wireless network will be using only private IP addresses, the 172.16.0.0/22 network block will be configured to use, by supporting a total of 1022 available hosts. For wireless connectivity the main wireless router will perform as DHCP server. Besides that, the Network Address Translation (NAT) protocol should be enabled and configured on the main Wireless Router for a proper private-to-public IP address translation and vice versa. For distribution and DMZ, sub-networks of 6 hosts were created. And after all, four other networks were created which support only 2 hosts for router-to-router (or multi-layer switch) connections.
The following table and graph illustrate the details of created sub-networks and IP addresses.
| Network name | Network and Broadcast IP address | Subnet Mask | Mask bits | Hosts number |
|---|---|---|---|---|
| W1: Wing I | 44.33.22.0 – 44.33.22.127 | 255.255.255.128 | 25 | 126 |
| W2: Wing II | 44.33.22.128 – 44.33.22.255 | 255.255.255.128 | 25 | 126 |
| W3: Wing III | 44.33.23.128 – 44.33.23.191 | 255.255.255.192 | 26 | 62 |
| W4: Wing IV | 44.33.23.0 – 44.33.23.127 | 255.255.255.128 | 25 | 126 |
| W5: Wing V | 44.33.23.192 – 44.33.23.223 | 255.255.255.224 | 27 | 30 |
| Wireless | 172.16.0.0 – 172.16.3.255 | 255.255.255.252 | 22 | 1022 |
| Distribution | 44.33.23.224 – 44.33.23.231 | 255.255.255.248 | 29 | 6 |
| DMZ | 44.33.23.232 – 44.33.23.239 | 255.255.255.248 | 29 | 6 |
| N1: Distribution-Firewall | 44.33.23.240 – 44.33.23.243 | 255.255.255.252 | 30 | 2 |
| N2: Distribution- Wireless | 44.33.23.244 – 44.33.23.247 | 255.255.255.252 | 30 | 2 |
| N3: Firewall-Edge Router | 44.33.23.248 – 44.33.23.251 | 255.255.255.252 | 30 | 2 |
| N4: Edge Router | 44.33.23.252 – 44.33.23.255 | 255.255.255.252 | 30 | 2 |
Table 1 – IP addresses of created Sub-Networks
Figure 1 – Networks by number of hosts
Multi-Layer Switch Routing
In this designed network scheme, we mostly used multi-layer switches instead of routers. This decision is made because the multi-layer switches offer features that are more suitable to be used on large local area networks (LAN’s) like this one. These switches offer the functionality to work on both data-link and network layer, even that they do not support Wide Area Network interfaces (WAN). Seeing the fact for supporting routing functionality while not supporting WAN interfaces, means that these switches are intended to be used for large Ethernet networks that need to be divided into sub-networks. The routing mechanism operates by considering the sub-networks as VLAN’s. Furthermore, one of the main advantages is that multi-layer switches perform routing faster than routers. The faster routing operation is a result of the ASIC hardware chips usages, which are dedicated for routing, instead of using software like routers do. [9]
The table below represents an abstract routing table for each multi-layer switch and router. Default route (gateway) express any network including Internet which is not specified in the routing table. That is represented with the IP address of 0.0.0.0 and subnet mask 0.0.0.0. Meanwhile, the directly connected networks are ignored and not shown on the table.
| Router Device | Destination | Subnet Mask | Interface IP Address |
|---|---|---|---|
| Wing I Central Switch | 0.0.0.0 | 0.0.0.0 | 44.33.23.226 |
| Wing II Central Switch | 0.0.0.0 | 0.0.0.0 | 44.33.23.227 |
| Wing III Central Switch | 0.0.0.0 | 0.0.0.0 | 44.33.23.228 |
| Wing IV Central Switch | 0.0.0.0 | 0.0.0.0 | 44.33.23.229 |
| Wing V Central Switch | 0.0.0.0 | 0.0.0.0 | 44.33.23.230 |
| Wireless router | 0.0.0.0 | 0.0.0.0 | 44.33.23.246 |
| Distribution Switch | 44.33.22.0 | 255.255.255.128 | VLAN: Wing 1 Interface: 144.33.23.225 |
| 44.33.22.128 | 255.255.255.128 | VLAN: Wing 2 Interface: 2 44.33.23.225 | |
| 44.33.23.128 | 255.255.255.192 | VLAN: Wing 3 Interface: 3 44.33.23.225 | |
| 44.33.23.0 | 255.255.255.128 | VLAN: Wing 4 Interface: 4 44.33.23.225 | |
| 44.33.23.192 | 255.255.255.224 | VLAN: Wing 5 Interface: 5 44.33.23.225 | |
| 0.0.0.0 | 0.0.0.0 | 44.33.23.241 | |
| Edge router | 44.33.22.0 | 255.255.255.128 | 44.33.23.250 |
| 44.33.22.128 | 255.255.255.128 | 44.33.23.250 | |
| 44.33.23.128 | 255.255.255.192 | 44.33.23.250 | |
| 44.33.23.0 | 255.255.255.128 | 44.33.23.250 | |
| 44.33.23.192 | 255.255.255.224 | 44.33.23.250 | |
| 44.33.23.224 | 255.255.255.248 | 44.33.23.250 | |
| 44.33.23.232 | 255.255.255.248 | 44.33.23.250 | |
| 44.33.23.240 | 255.255.255.252 | 44.33.23.250 | |
| 44.33.23.244 | 255.255.255.252 | 44.33.23.250 | |
| 0.0.0.0 | 0.0.0.0 | 44.33.23.253 |
Table 2 – Abstract routing table for each routing device
Application Layer
As using public IP addresses for the wired network was a requirement, then the usage of a firewall is empowered even more. Subsequently, the network administrators may easily set any different rule for all the incoming and outgoing traffic defined by further UOS University requirements. Moreover, we recommend configuring the firewall to operate as an Intrusion Prevention and Detection System as well. That will protect the network from intrusions and malicious activities by even preventing and/or detecting suspicious network activity. Whereas, the web hosting and file transfer servers can be configured to use server virtualization technology by highly utilizing hardware resources and potentially use any other application to accomplish load balancing.
Different applications are available to setup the RADIUS server. RADIUS will serve for securing, controlling and managing user’s activity on the wireless network. By taking profit of this protocol many functionalities can be achieved, like controlling sessions per user, bandwidth and flow control, guest mode control, or using limitation by date & time [10]. With this way, wireless user authentication can be handled even easier by using the same student’s credentials which may be provided by University for other usages (like university email or the learning management system). Moreover, these credentials can also be used simultaneously by the web hosting and file sharing servers.
Another important application-layer protocol is Simple Network Management Protocol (SNMP). This protocol will alleviate the network administrator’s job by simplifying the management and monitoring of all network devices. Taking advantage of SNMP will increase the supportability of the network, like so keeping a low life cycle cost. SNMP works by setting a central entity to act as a manager, while all the network devices will be as agents. After that, the SNMP manager can send different variables to all agents and get responses from them. [11]
Graphical Network Design
The following images will display the network design diagram from different views. It will start by showing the overall geographical network design. That also represents how the network is separated by the “Cisco three layer hierarchy”. After that, the following images will zoom in for each layer on different perspective.
Figure 2 – Geographical Network Design separated by “Cisco three layer hierarchy”
Figure 3 – The network in one of the Wing buildings & Wireless Inter-connectivity
Figure 4 – The Wireless network focused outdoor and configured with “Mesh Topology”
Figure 5 – Distribution Layer and VLAN, including the Wireless connection
Figure 6 – Central Office focused on Core Layer, including the DMZ
References
| [1] | C. Long, “TechTarget,” November 2006. [Online]. Available: http://searchitchannel.techtarget.com/tip/The-importance-of-a-network-design-plan. |
| [2] | D. J. McCabe, “Network Analysis, Architecture and Design, 2nd Edition,” in Network Analysis, Architecture and Design, 2nd Edition, San Francisco, The Morgan Kaufmann, 2003, p. 45. |
| [3] | Techtarget, “The Cisco three-layered hierarchical model,” July 2004. [Online]. Available: http://searchnetworking.techtarget.com/tutorial/The-Cisco-three-layered-hierarchical-model. |
| [4] | Axis Data & VoIP Network Cabling, “Axis Network Cabling,” [Online]. Available: http://www.axisnetworkcabling.com/voice-data-cabling-installers-company.html. |
| [5] | Mikrotik, “Wireless WDS Mesh,” 12 April 2013. [Online]. Available: http://wiki.mikrotik.com/wiki/Wireless_WDS_Mesh. |
| [6] | Cisco, “Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services,” [Online]. Available: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_7_JA/configuration/guide/i1237sc/s37roamg.pdf. |
| [7] | T. Casazza, “Lan Shack,” [Online]. Available: http://www.lanshack.com/cat6a.aspx. |
| [8] | M. Rouse, “Variable-Length Subnet Mask (VLSM) definition,” [Online]. Available: http://searchnetworking.techtarget.com/definition/variable-length-subnet-mask. |
| [9] | D. Davis, “Layer 3 Switches Explained,” April 2006. [Online]. Available: http://searchnetworking.techtarget.com/tip/Layer-3-switches-explained. |
| [10] | Network Radius, “Why use a RADIUS Server,” [Online]. Available: http://networkradius.com/why-use-radius-server/index.html. |
| [11] | Cisco, “Configuring SNMP Support,” [Online]. Available: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.html. |