ACE Network Design - Essay Example

?ACE Network Design Computer networks provide the fundamental structure for corporate communications within and beyond organization. The importance of networks has increased leaps and bounds in last two decades and organizations have to design and maintain networks that best suit their corporate requirements. Secondly, the extensive use of e-commerce by corporations in their business operations has instigated a heightened requirement for connectivity of businesses with rest of the world through internet. Local area networks have to be hooked with internet while ensuring maximum security. Emphasizing the interaction of Local Area Networks with internet, Comer (2006, p.3) states, “From a user’s point view, the internet appears to consist of a set of application programs that use the underlying network to carry out useful communication tasks.” The increased dependence of organizational operations on computer networks has prompted detailed planning and management of network designs. Szczuka, Daniel and Dominik (p. 269) observes, “There has been an explosive growth in internet systems since the 1990s. Network design problems are one of the important issues in the building and expansion of computer networks and have attracted many related researchers’ attention.” Advance Concepts Engineering (ACE) is a medium sized enterprise that deals with development and commercialization of products. Adoption and application of state-of-the-art technologies is a core business value at ACE. Although, presently ACE is operating is small setup but in the enterprise is in the phase of switching its business to a more specious building in an industrial park. This has generated a reasonably serious challenge of designing and implementing a network infrastructure that can meet the business requirement while keeping the core value of technological advancement intact. The network design and implementation is a challenging task in multistory building with a dozen of other design limitations. These limitations have given birth to a range from logical to physical issues in network implementation. These issues include the issues of network scalability, convergence, security, high availability, stability and network traffic management. ACE would require carefully designed network architecture to achieve these corporate objectives. This report will present a detailed network infrastructure design to accommodate all business and technological needs of the network. The report will present also present a diagrammatic overview of the topological layout of network infrastructure devices. Moreover, to streamline the process of network design and management a number of requirements will be formulated and finalized. These requirements may include the number and type of components like user machines, switches, routers and servers, network availability details, addressing scheme, media to be used in the network and mechanisms to eradicate network and mechanical noise. Network Media The selection of network media is an important decision in network design and management. The decision of media can directly affect the network speed, sustainability and maintenance. The selection of media is topology dependent. Topology is the physical layout of network devices, (Ciccarelli & Faulkne, 2004, p.88) and the decision once made on topology and network media is seldom changed or it might be very expensive to change this decision at a later stage to cater network management or optimization issues. The selection of media for a network environment also depends on the user speed requirements, available resources and future network expansion plans. The ACE network will use a mix of unshielded Twisted Pair (UTP) and fiber optic cables. Drop cables or patch cables that run from wall fixed faceplates to computers, printers, scanners, IP Phones and other user end devices will use CAT6 UTP cables, CAT6 UTP standard support the gigabit speed for network traffic. Faceplates will further connect these devices to switches placed in a separate switch rooms. Faceplates to switch connections will also use CAT6 UTP cables. The network traffic from switch rooms to network server room and back will use thin multimode fiber optic cable and a thick multimode fiber optic cable will run to the company maintained facility where IP server is deployed. Logical and physical structure The ACE network will use a logical star topology. In a logical star topology devices are connect to a switch or hub, which routes the traffic to network servers directly, or through some other switches in the network. Moreover, the network will be divided into VLANs for ease of management and security. ACE Engineering Office, Prototyping Workshop, Administration and Staff Department, Mechanical Engineering Department, Software Engineering Department, Boardroom and server rooms will be kept in separate VLANs. Because the infrastructure is designed with Layer-III switches, which supports VLANs, and routing, these logical divisions can be easily handled and maintained. Moreover, at each floor network traffic will be aggregated through an aggregate switch this will help to load balance the network and will provide enhance optimization in case of a future expansion. Physical structure of the ACE network will also be designed with minimum interdependence of various network segments. In case of network failure in one segment, its traffic will be routed through alternate physical and logical routes. Moreover, the servers room will be separate room at the Engineering Office floor. All the servers will be placed in this room and a dedicated network engineers’ team will operate this server room on round the clock basis. This separate physical setup for servers will improve network management task and will provide better maintainability. Secondly, the placement of network server room at Engineering Office floor will help to reduce network cabling requirement as most of the internal offices are present at this floor. The lower floor at which Prototyping Workshop is situated will be connected with this server room using a dedicated fiber optic line. Because the network is designed in such a way that the network traffic will be aggregated at each floor before it can be routed to server room and beyond, there will be fair amount of network traffic passing through these fiber optic media. Moreover, to ensure wireless connectivity in boardroom a Wireless Access Point (WAP) will also be connected to the wired network segment at Engineering Office Floor. The physical structure will be available for the wireless users to access limited network resources, if required. However, this access will require wireless users to pass through proper authentication mechanism of the network. In order to support these operations at boardroom, this segment of the network will be kept isolated from the rest of the network physically and logically. Network components There will be a small switch rack with Uninterruptable Power Supply (UPS) system for each switch at both floors of the new building to enhance the physical security and network availability. Keeping in view the scalability requirement the ACE Engineering Office, Prototyping Workshop, Administration and Staff Department, Mechanical Engineering Department, Software Engineering Department, Boardroom will be provided a dedicated 24-Port Layer-III switch. The server room will have special arrangement for network availability, security, maintainability and ease of management. All traffic routed to the server room from within the company intranet will pass through a hardware firewall. The firewall will ensure immunity from Internet Protocol (IP) based attacks. Next in line will be an Intrusion Protection System (IPS) that can look for threats beyond IP, based on traffic patterns, scripts and viruses through its pattern matching engines and virus signatures. The server room will implement a Demilitarized Zone (DMZ). “A network DMZ resides between public networks, typically the Internet and a company’s private network.” (Komar, Ronald & Joern,2003, p. 179). Demilitarized Zone is actually a buffer zone that will contain ACE machines and servers to respond external clients of a system. Secondly, DMZ keeps the internal LAN setup of the ACE protected from the threats that are common to the Internet. A DMZ is commonly implemented through two hardware firewalls, one facing the Internet and the other facing private intranet. The server room will have a dedicated router to interface with rest of the world through internet. The company intranet users can also communicate with corporate partners, suppliers and contractor using this router. A detailed network structure diagram placed at appendix A to this report will further elaborate this concept. Addressing scheme The addressing scheme is an important consideration for any network. ACE is provided with a single class C address to access IP server placed in a separate building. The internal network of the company is planned to use Private Network address range of class A (10.0.0.0 to 10.255.255.255 with subnet mask of 255.0.0.0). Private network address ranges are not routable at public internet and thus provide a protocol based security to internal network. “It is a common practice for a company to have only a handful of registered IP addresses and to configure the internal, private network by using one of the private addressing schemes.” (Harwood, 2009, p.207). Moreover, ACE Engineering Office, Prototyping Workshop, Administration and Staff Department, Mechanical Engineering Department, Software Engineering Department, Boardroom and Server Room will have different subnets. This addressing scheme is possible only in Layer-III switching environment. Port-level IP based security will be provided to each machine in the network. This means better security because no devise can be directly plugged into company’s switch to access network resources. Each device will have to be authenticated on 802.1x standard and unauthenticated devices will be dropped into a restricted VLAN, where they cannot access any network resources. Task B Fault Finding Approaches Today, networks have grown complex in communication mechanisms and fault isolation is becoming an increasingly involved process. Although, the advent and deployment of new technologies in real world networks is accompanied with the employment of cutting-edge diagnostic tools and equipments; the core problem solving capability remains a hard to master technique. Network troubleshooting require solid theoretical background knowledge of network technologies, hardware and software installation, customization and configuration, training on vendor specific equipment and above all reasonable network troubleshooting experience. Special network troubleshooting certifications have become inevitably important to become domain expert. OSI Model and Troubleshooting One major aspect of the network troubleshooting is the understanding of basic communication process. The knowledge and expertise of this process are vitally important to troubleshoot any network. The Open Systems Interconnection model (OSI model) provides the foundations required to understand bits and pieces of the big network picture. The OSI model is also important source of understanding international standards of communication because almost every communication process follows this model in a way or other. However, it is important to understand that the OSI model provides only a conceptual foundation and various functionalities of network cannot be mapped on OSI model directly. Appendix B to this report provides a basic understanding of this model. Open System Interconnection Model and Network Troubleshooting OSI Model Layers Fact Finding Tips 7 Application Layer Better understanding of these layers can help in isolating software problems at session and application levels. These layers establish session between user and application and presents data to various applications in an understandable format and finally applications displays the information to the users. All these functions are performed at users computer and physical network are not involved at this level of OSI Model 6 Presentation Layer 5 Session Layer 4 Transport Layer The next three layer are the core network troubleshooting area. Problem solving and troubleshooting in switching, routing and NATing is rapid and systematic only with a better understanding of functionalities at these layers. The main complexity of data communication occurs in these layers. These three layers ensure data integrity, security, accuracy and many other functions. Various devices such as hubs, switches, routers, Wireless Access Points (WAPs) come into play in these layers of OSI Model. These layers are responsible for end-to-end data transfer. 3 Network Layer 2 Datalink Layer 1 Physical Layer The first layer of OSI model deals with physical connectivity in networks. Data is received and sent in bits only. This layer also ensures bit level data accuracy. Understanding Bigger Picture The rapid and over whelming advancement of computer networks in last two decades have posed serious challenges to network engineers and they have to know the minute details of configurations at device level and big communication picture at the same time to isolate problems that may occur in a network. This big picture includes the detail knowledge and understanding of LANs, WANs, VPNs, routing, switching, protocols that may be applied at various layers of the network along with structural and logical problems that may cause network congestions or communication bottlenecks etc. In the given scenario, the network troubleshooting also involves knowledge of LAN, WAN and routing. We know that Right Hand LAN is operational and it does not have any communication issue with its desired destinations. It can communicate with the adjacent Left Hand Network as well as to the outside world through local router. On the other hand Left Hand Network can communicate with the Right Hand Network but its users are unable to communicate with rest of the world through router placed at the top of given LANs. In the given scenario, we can easily rule out any physical layer problem with Left Hand Network because its users can communicate with each other and with the adjacent Right Hand Network. Second most important observation is that the issue is not with a particular user or machine but every user and machine on Left Hand Network is unable to access the Internet. Therefore, the problem has to be trace at a higher level in the network. Presumably, both networks are configured with different subnets. However, the inter communication between two LANs rules out the possible issues of switching. The next possible issue is the routing; as Right Hand Network is functioning properly there are not issues with leased line being used for the internet connectivity. This brings us to the conclusion that there is some problem in routing configuration of Left Hand Network at the given router. Either a route is not configured at all for the Left Hand Network or it may be configured with some wrong parameters, like a wrong IP or Subnet Mask. There may a mismatch of protocols being used for the communication at this level or a protocol may not be configured properly to allow communication. The network engineer is required to check the router interface of Left Hand Network for correct IP and subnet address, protocol match and protocols configurations. The correction of routing configuration for Left Hand Network at router interface will most probably resolve the communication issues. References Ciccarelli, Patrick & Christina Faulkner 2004, Networking foundations, John Wiley & Sons, USA. Comer, Douglus E 2006, Internetworking with TCP/IP: Principals, Protocols and Architecture. 5th eds, Pearson Printice Hall, USA. Harwood, Mike 2009, Comptia Network+ N10-004 Exam Prep, Pearson Education, USA. Komar, Brian, Ronald Beekelaar & Joern Wettern 2003, Firewalls for dummies, 2nd eds, John Wiley & Sons, USA. Szczuka, Marcin S., Daniel Howard & Dominik Slezak 2006, ‘Advances in hybrid information technology’, Proceedings of the first international conference, ICHIT, Jeju Island, Korea, Springer, USA. Read More