CO6023 Network Infrastructure and Management Assignment 2011

uSave Ltd. A corporate Planning Document

 

In this document is an outline of the uSave Ltd. corporate network, a discussion of network convergence and the advantages of virtualization and wireless technology implementation.

 

Assessment Number E15003

3/16/2011

 


 

Table of Contents

Table of Tables. 1

Table of Figures. 1

Describe a networking infrastructure that supports the head office site, communications between retail branches and the head office, and remote access by consultants and on-call support staff. 3

Network Infrastructure Diagrams. 3

Physical network diagrams. 3

Logical network diagrams. 11

Network configuration documentation. 13

IP addressing. 14

Secure data communications across the internal networks and to the Internet. 18

Remote and dial-up networking. 18

Bandwidth issues. 18

Create four VLANS for the Head Office Building. 19

Cisco 3 Layer Model of Network Design. 20

The Core Layer. 20

The Distribution Layer. 20

The Access Layer. 20

Discuss the potential for converging data, voice and video traffic over the head office network. 21

Discuss how the use of virtualisation and wireless technology could be used to increase efficiency and ease of access within the company’s headquarters. 22

Virtualisation. 22

Wireless Technology. 23

Works Cited. 24

Bibliography. 25

 

Table of Tables

Table 1 List of subnet-works for the Public IP address space of 200.150.15.0. 14

Table 4 Private IP address ranges. 15

Table 2 List of VLANS Names. 19

Table 3 VLAN IP Addresses and Subnet Masks. 19

 

Table of Figures

Figure 1 Physical Communications Links for uSave Ltd. 3

Figure 2 Ground Floor of the Headquarters Building: Training & Consultancy. 4

Figure 3 First Floor Headquarters Building: Administration Department. 5

Figure 4 Headquarters Building Second Floor: Systems Development. 6

Figure 5 Headquarters Building Third Floor: Technical Services. 7

Figure 6 Chester Campus Commercial Offices. 8

Figure 7 Chester Campus Warehousing. 9

Figure 8 Retail Branch. 10

Figure 9 uSave Ltd. Domain Architecture. 11

Figure 10 Replication Traffic Outline. 13

Figure 11 Pictorial representation of sub netting. 15

Figure 12 Network Address Translation (NAT). 16

Figure 13 Dynamic Host Configuration Protocol (DHCP). 17

Figure 14 De-Militarised Zone (DMZ). 18

Figure 15 Four VLANS for the Head Office Building. 19

Figure 16 Cisco 3 Layer Model 20

Figure 17 VoIP overview.. 21

Figure 18 The creation and implementation of a virtual port. 22

 


 

Describe a networking infrastructure that supports the head office site, communications between retail branches and the head office, and remote access by consultants and on-call support staff.

Network Infrastructure Diagrams

Physical network diagrams

Physical communication links

Figure 1 Physical Communications Links for uSave Ltd.

The physical site links are shown in Figure 1: they are fibre optic cable linking the three buildings at the Chester Headquarters Campus with T1 leased lines connecting the Retail Branches to the Head Office building and Virtual Private Network (VPN) connections being made on an ad-hoc basis for the on call support staff and the firms’ consultants.


Location of devices

Figure 2 Ground Floor of the Headquarters Building: Training & Consultancy

Figure 3 First Floor Headquarters Building: Administration Department

Figure 4 Headquarters Building Second Floor: Systems Development

Figure 5 Headquarters Building Third Floor: Technical Services


 

Figure 6 Chester Campus Commercial Offices

Figure 7 Chester Campus Warehousing


 

Figure 8 Retail Branch

 


Logical network diagrams

Domain architecture

Figure 9 uSave Ltd. Domain Architecture

The implementation of the domain architecture outlined in Figure 9 facilitates a strongly managed domain, where policies are set at the organizational unit level for: software deployment, anti-virus and user access controls. The top down nature of this organizational unit structure allows for policy inheritance and the delegation of management responsibility for organizational units.

Administration of Policies in relation to Organisation Units and Groups of Users

Group Policy is the central component of the Change and Configuration Management features of the Microsoft Windows operating system. Group Policy specifies settings for groups of users and of computers, including registry-based policy settings, security settings, software installation, scripts (computer start up and shutdown, and log on and log off), and folder redirection. The policy information is stored in Group Policy objects (GPOs), which are linked to selected Active Directory containers: sites, domains, and organizational units (OUs).

·         Administrative templates

·         Security settings

·         Software installation

·         Scripts

·         Remote Installation Services

·         Folder redirection

(Microsoft, 2011)

In an Active Directory environment, you assign Group Policy settings by linking GPOs to sites, domains, or organizational units (OUs). Typically, most GPOs are assigned at the organizational unit level (Microsoft, 2011)

Server roles

There are a number of Server roles in uSave Ltd. and they form the Network Access Layer of the three tiered Cisco architecture, see Figure 14, these roles comprise:

·         Dynamic Host Configuration Protocol, (DHCP)

·         Domain Name Service/System, (DNS)

·         Domain Controller

·         VPN

·         Remote Access Dial in User Service, (RADIUS)

·         World Wide Web, (WWW)

·         File Transfer Protocol, (FTP)

·         Database

·         E-Commerce

·         Applications

·         Content management

·         E-Mail

·         File and Print

Trust relationships

Because, as we can see from Figure 9, uSave Ltd. operate a single tree in a single forest structure to its’ domain architecture there are no trust relationships issues.

Figure 10 Replication Traffic Outline

Network configuration documentation

Name resolution

Name resolution for uSave Ltd. is provided by DNS servers, located on the third floor of the headquarters building, the IP addresses for these DNS servers is through DHCP with the routers passing DHCP and Bootstrap Protocol, (BOOTP), requests between subnets to provide the IP address of the DNS servers. Retail branches also have DHCP and DNS servers as redundancy.


 

IP addressing

Create Subnet works of the Public IP space

We start by splitting the Public IP space of 200.150.15.0 into 4 Subnet-works with the subnet mask of 255.255.255.192 or 200.150.15.0/26

Subnet Number

Subnet Name

Network

From

To

Broadcast Address

00

Organisation

200.150.15.0

200.150.15.1

200.150.15.62

200.150.15.63

01

Operations

200.150.15.64

200.150.15.65

200.150.15.126

200.150.15.127

02

Administration

200.150.15.128

200.150.15.129

200.150.15.190

200.150.15.191

03

Development Teams

200.150.15.192

200.150.15.193

200.150.15.254

200.150.15.255

Table 1 List of subnet-works for the Public IP address space of 200.150.15.0

This network configuration will provide 4 Networks with space for 64 Hosts per network.

Binary Explanation of sub netting the 200.15.15.0 address space

For the 200.150.15.0 network with the subnet mask 255.255.255.192

Take 200.150.15.0 with subnet mask 255.255.255.192 listed in binary:

          ip address: 11001000.10010110.00001111.00000000

         subnet mask: 11111111.11111111.11111111.11000000

If you do a binary AND between these two numbers, you get the network address:

          ip address: 11001000.10010110.00001111.00000000

         subnet mask: 11111111.11111111.11111111.11000000

                     -----------------------------------AND

     network address: 11001000.10010110.00001111.00000000

which translated back to dotted decimal notation is 200.150.15.0

To get the host portion, invert the subnet mask and again perform a binary AND with the ip address:

          ip address: 11001000.10010110.00001111.00000000

inverted subnet mask: 00000000.00000000.00000000.00111111

                     -----------------------------------AND

        host portion: 00000000.00000000.00000000.00000000

which translated back to dotted decimal notation is 0.0.0.0

To obtain the broadcast address, again it is simplest to look at it in binary. Take the inverted subnet mask and perform a binary XOR with the network address:

     network address: 11001000.10010110.00001111.00000000

inverted subnet mask: 00000000.00000000.00000000.00111111

                     -----------------------------------XOR

   broadcast address: 11001000.10010110.00001111.00111111

which translated back to dotted decimal notation is 200.150.15.63

Figure 11 Pictorial representation of sub netting

Private IP Address space planning

Internally we will be using the Class A IP Private Network Address space: 10.0.0.0/16

“The difference between a private IP address and a public IP address then, is that private IP addresses are reserved for private networks, and public IP addresses are reserved for the Internet.” (Wise Geek, 2011)

Private IP addresses: found in the following ranges:

From

To

Class

10.0.0.0

10.255.255.255

A

169.254.0.0

169.254.255.255 (APIPA only)

B

172.16.0.0

172.31.255.255

B

192.168.0.0

192.168.255.255

C

Table 4 Private IP address ranges

Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. Instead, access to such devices must be brokered by a router or similar device that supports Network Address Translation (Mitchell, 2011)

Network Address Translation

Figure 12 Network Address Translation (NAT)

A serious Problem facing the IP Internet is IP address depletion and scaling in routing. (Egevang & Francis, 1994)

Network Address Translation allows a single device to act as an agent between the Internet (or "public network") and a local (or "private") network. NAT is the mapping of an unregistered IP address to a registered IP address on a one-to-one basis. Overloading – A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. (Cisco, 2006)

Network segmentation and subnet planning

Historically, prior to the advent of fully switched networks, the main consideration to breaking a network into subnets had to do with limiting the number of nodes in a single collision domain. Today, the main reasons for sub netting a network has much more to do with organizational, administrative and security boundary considerations.

IP Address leasing and Name Resolution

TCP/IP, 32-bit addresses are used to identify each node in the network. This means that every interface on every device has its own address. There are two types of authorized addresses: public authorized addresses and private authorized addresses. (Microsoft, 2011)

Use the 80/20 design rule for balancing scope distribution of addresses where multiple DHCP servers are deployed to service the same scope.

Using more than one DHCP server on the same subnet provides increased fault tolerance for servicing DHCP clients located on it. Because there is no fixed limit to the maximum number of clients a DHCP server can service or to the number of scopes you can create on a DHCP server, the primary factors to consider when you determine the number of DHCP servers to use are network architecture and server hardware. (Microsoft, 2011)

For routed networks, either use relay agents or set appropriate timers to prevent undesired forwarding and relay of BOOTP and DHCP message traffic. The routers must be capable of relaying BOOTP and DHCP traffic. (Microsoft, 2011)

Figure 13 Dynamic Host Configuration Protocol (DHCP)

Secure data communications across the internal networks and to the Internet

Figure 14 De-Militarised Zone (DMZ)

Remote and dial-up networking

VPN access is provided for the Consultants and the On Call Support Staff via their own Internet Service Provider, (ISP), to the companies VPN and RADIUS servers. To ensure that the communications are secure a combination of protocols will be used: Internet Protocol Security, (IPSec.) over Point to Point Tunneling Protocol, (PPTP) and Layer Two Tunneling Protocol, (L2TP)

Bandwidth issues

There are no significant bandwidth issues as the network design allows for future expansion in the businesses corporate activities as well as being able to handle the implementation of Voice over Internet Protocol, (VoIP), and video traffic.

Create four VLANS for the Head Office Building

Figure 15 Four VLANS for the Head Office Building

 

VLAN Number

VLAN Name

00

 

01

Training and Consultancy

02

Administration

03

Systems Development

04

Technical Services

Table 2 List of VLANS Names

 

VLAN

Network Address

Subnet Mask

No Hosts

VLAN 01 Training & Consultancy

10.2.1.0

255.255.0.0/16

65534

VLAN 02 Administration

10.3.1.0

255.255.0.0/16

65534

VLAN 03 Systems Development

10.4.1.0

255.255.0.0/16

65534

VLAN 04 Technical Services

10.5.1.0

255.255.0.0/16

65534

Table 3 VLAN IP Addresses and Subnet Masks

Cisco 3 Layer Model of Network Design

Figure 16 Cisco 3 Layer Model

The Core Layer

The core layer is the corporate backbone. The core layer is the mechanism for transporting large amounts of traffic both reliably and quickly. The only purpose of the network's core layer is to switch traffic as fast as possible, speed is of the essence. The core should have very little latency and contain redundancy to ensure uninterrupted service.

The Distribution Layer

The distribution layer is also known as the workgroup layer and is the major communication point between the access layer and the core. The primary function of the distribution layer is to provide fast reliable: routing, filtering, and WAN access and to resolve how data packets can access the core.

The Access Layer

The access layer controls user and workgroup access to internetwork resources. The access layer is often referred to as the desktop layer. The network resources most users need are available locally.

(TopBits.com, 2011)

Hierarchical network design aids to make networks more reliable and their performance predictable. Each layer plays a role and has specific responsibilities with each assigned to these three logical layers. Many devices can be used in a single layer and a single device to perform functions at two layers. (TopBits.com, 2011)

Discuss the potential for converging data, voice and video traffic over the head office network.

The telecommunications industry is on a course to converge voice, data, and video services onto a single packet based network. The convergence of these previously distinct media into common interfaces on a single device date back to the 1920’s when AT&T proposed the concept. The use of these mixed modes of communications on a single network provides a flexibility and opportuneness not achievable with distinct infrastructures.

Figure 17 VoIP overview

It would be straight forwards and make considerably corporate sense for uSave Ltd. to implement VoIP and Video services over their network; it would, in simple terms require the installation of VoIP and Video servers together with the supporting IP phones and desktop software.

There are however a number of considerations in this converged network, they include: Quality of Service, (QoS), security and network availability.

Quality of Service

Security

Network Availability

(Cisco, 2011)

Discuss how the use of virtualisation and wireless technology could be used to increase efficiency and ease of access within the company’s headquarters.

Virtualisation

Virtualisation is the practice of creating virtual services on physical hardware, and it would benefit uSave Ltd. In number of ways: reducing costs, creating redundancy and facilitating simplified management. It, virtualisation, can also be used as a planning tools for proposed network changes, such as the implementation of VoIP and video services. uSave Ltd. are already using virtualisation in the form of VLANs which utilities a virtual network based on the use of physical ports, see Figure 18

Figure 18 The creation and implementation of a virtual port

uSave Ltd. could use this technology further by implanting virtual servers to augment the physical servers already in place. The use of these virtual servers provides additional redundancy at little or no extra cost; products such as VMWare allow for the creation of systems from a single desktop through to entire networks and would prove to be an idle tool for uSave Ltd.

Wireless Technology

In today’s world the trend is towards the mobilisation of information systems and access to these systems from portable devices: today’s smart phone has more capability than yesterday’s laptop. In the network shown in section 1, wireless access points have been implemented to provide a degree of freedom and mobility to the staff and consultants.


 

Works Cited

Cisco. (2006, Jan 24). IP Addressing Services: How NAT works. Retrieved 03 03, 2011, from Cisco: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

Cisco. (2011, 03 03). Voice and Video Enabled IPSec VPN Solution Overview. Retrieved 03 03, 2011, from Cisco: http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/ns461/net_brochure09186a00800b0da5.html

Egevang, K. B., & Francis, P. (1994, May). The IP Network Address Translator (NAT). Retrieved 03 03, 2011, from www.faq.org: http://www.faqs.org/rfcs/rfc1631.html

Microsoft. (2011, 03 03). Configuring IP Addressing and Name Resolution. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/bb457118.aspx

Microsoft. (2011, 03 03). Designing an OU Structure that Supports Group Policy. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc783140(WS.10).aspx

Microsoft. (2011, 03 03). DHCP Best Practices. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc780311%28WS.10%29.aspx

Microsoft. (2011, 03 03). Planning DHCP networks. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc786002(WS.10).aspx

Microsoft. (2011, 03 03). Step-by-Step Guide to Understanding the Group Policy Feature Set . Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/bb742376.aspx

Mitchell, B. (2011, 03 03). What Is a Private IP Address? Retrieved 03 03, 2011, from About.com: http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm

TopBits.com. (2011, 03 04). Cisco Three Layer Hierarchical Model vs OSI Model. Retrieved 03 04, 2011, from TopBits.com: http://www.tech-faq.com/cisco-three-layer-hierarchical-model-vs-osi-model.html

TopBits.com. (2011, 03 04). Understanding the Cisco Three-Layer Hierarchical Model. Retrieved 03 04, 2011, from TopBits.com: http://www.tech-faq.com/understanding-the-cisco-three-layer-hierarchical-model.html

Wise Geek. (2011, 02 10). What is the Difference Between Public and Private IP Addresses? Retrieved 03 03, 2011, from Wise Geek: http://www.wisegeek.com/what-is-the-difference-between-public-and-private-ip-addresses.htm

 

Bibliography

Cisco. (2006, Jan 24). IP Addressing Services: How NAT works. Retrieved 03 03, 2011, from Cisco: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

Cisco. (2011, 03 03). Voice and Video Enabled IPSec VPN Solution Overview. Retrieved 03 03, 2011, from Cisco: http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/ns461/net_brochure09186a00800b0da5.html

Egevang, K. B., & Francis, P. (1994, May). The IP Network Address Translator (NAT). Retrieved 03 03, 2011, from www.faq.org: http://www.faqs.org/rfcs/rfc1631.html

Microsoft. (2011, 03 03). Configuring IP Addressing and Name Resolution. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/bb457118.aspx

Microsoft. (2011, 03 03). Designing an OU Structure that Supports Group Policy. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc783140(WS.10).aspx

Microsoft. (2011, 03 03). DHCP Best Practices. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc780311%28WS.10%29.aspx

Microsoft. (2011, 03 03). Planning DHCP networks. Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc786002(WS.10).aspx

Microsoft. (2011, 03 03). Step-by-Step Guide to Understanding the Group Policy Feature Set . Retrieved 03 03, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/bb742376.aspx

Mitchell, B. (2011, 03 03). What Is a Private IP Address? Retrieved 03 03, 2011, from About.com: http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm

TopBits.com. (2011, 03 04). Cisco Three Layer Hierarchical Model vs OSI Model. Retrieved 03 04, 2011, from TopBits.com: http://www.tech-faq.com/cisco-three-layer-hierarchical-model-vs-osi-model.html

TopBits.com. (2011, 03 04). Understanding the Cisco Three-Layer Hierarchical Model. Retrieved 03 04, 2011, from TopBits.com: http://www.tech-faq.com/understanding-the-cisco-three-layer-hierarchical-model.html

Wise Geek. (2011, 02 10). What is the Difference Between Public and Private IP Addresses? Retrieved 03 03, 2011, from Wise Geek: http://www.wisegeek.com/what-is-the-difference-between-public-and-private-ip-addresses.htm