31246 - network designmembers.iinet.net.au/~andre91/uni/31246 network de… · web viewout of band...

31246 - Network Design

October 10

2011Andre Cioban – 11019445 Jarred Trainor – 11000282 Sumeet Chandra – 11014610

Assignment 2: Architecture and

Logical Design

31246 Network Design

Contents:Introduction..........................................................................................................................................................4

Assumptions, Interpretations and Definitions.......................................................................................................5

Reference Architecture.........................................................................................................................................6

Initial Topology..................................................................................................................................................6

Sydney...............................................................................................................................................................7

First Floor......................................................................................................................................................7

Second Floor..................................................................................................................................................8

Third Floor.....................................................................................................................................................8

Brisbane Office..................................................................................................................................................9

First Floor......................................................................................................................................................9

Second Floor................................................................................................................................................10

Brisbane R&D..................................................................................................................................................11

Ground Floor...............................................................................................................................................11

First Floor....................................................................................................................................................12

Second Floor................................................................................................................................................12

Melbourne Office............................................................................................................................................13

30th Floor.....................................................................................................................................................13

31st Floor......................................................................................................................................................14

Shanghai Office...............................................................................................................................................15

Level 21.......................................................................................................................................................15

Level 22.......................................................................................................................................................16

Topology Model..............................................................................................................................................17

Relationships...................................................................................................................................................18

Addressing and Routing......................................................................................................................................19

Addressing.......................................................................................................................................................19

Sydney.........................................................................................................................................................20

Brisbane Office............................................................................................................................................20

Brisbane R&D..............................................................................................................................................21

Melbourne..................................................................................................................................................21

Shanghai......................................................................................................................................................21

Functional Areas..............................................................................................................................................22

Routing............................................................................................................................................................23


Network Management........................................................................................................................................24

Management Protocols...................................................................................................................................24

Monitoring Mechanisms and Configuration....................................................................................................25

Monitoring for Event Notification...............................................................................................................25

Monitoring for Trend analysis and Planning................................................................................................26

Instrumentation Mechanisms.........................................................................................................................27

Configuration Mechanisms.........................................................................................................................27

Network Management Architecture...........................................................................................................27

In-band and Out-of-band Management..........................................................................................................28

Centralised, Distributed or Hierarchical Management................................................................................29

Measures to manage Network Management Data.....................................................................................29

Recommendation............................................................................................................................................30

References..........................................................................................................................................................31

Appendix.............................................................................................................................................................32

Assignment 1 – Andre.....................................................................................................................................32


IntroductionAdvanNets Pty Ltd. is a medium-sized consulting and software development business with three major divisions situated on the east coast of Australia alongside a newly established business arm in Shanghai, China. AdvanNets requires a new telecommunications infrastructure to support both existing systems and expected growth in the future. The main goals of the project are to improve connectivity between each office and accommodate growth while maintaining the necessary functionality for business operations.

This report addresses the needs of the company and aims to accommodate the core business activities and demands, both currently and into the future, from a wide range of user perspectives. It looks specifically at both the telecommunications requirements and data flows within the network and defines architectures, metrics and specifications to measure both the performance of the network and how accurately it meets the company’s needs.


Assumptions, Interpretations and Definitions

This report assumes the following points when making recommendations, analysing requirements or documenting the physical/logical network topology:

20 percent growth year-on-year over 4 years which will account for 100 percent growth on current employment figures, except in the case of the China office where employee numbers are expected to grow 500% over 3 years.

All staff will use RDP for remote access, with limited terminal access to real time embedded prototypes and simulation applications housed in the R&D labs.

It is assumed that the AdvanNets technical staff prefer Cisco networking equipment and as such, each router in the network is a Cisco 2811 Integrated Services Router with Ethernet and serial connectivity. All switches are Cisco Catalyst 2960 series 24-port switches.

Due to the move from circuit switched telephones, VoIP phones will be provisioned for each current employee, with space allocated for future growth.

AdvanNets’ ISP has allocated the public IP 203.33.45.0/24 for external use within the company where required.

AdvanNets has a maximum of 4 routers, 3 within Australia and 1 within China in keeping with their agreement with the corresponding telecom agreements.


Reference ArchitectureReference Architecture is combining component architectures, which are a set of network functions consisting of a set of mechanisms and relationships between them.

Initial Topology


Sydney

First FloorConsists of a number offices and cubicles for software developers, management and administrative staff.

Function Description Example of mechanisms used to achieve capability

Addressing/Routing A moderate amount of allocated size needed to accommodate for the equipment needed to run the developers, management and administrative staff.

Addressing: allocated size of 126Routing: Routers, routing protocols, manipulate flows

Network Management

Monitoring, configuration, troubleshooting

Protocols, devices

Performance Would be crucial as software is being developed and there must be guaranteed performance

QoS, SLA, Policies

Security Security is important because the software developed would be confidential and they would not want it stolen

Firewalls, Security policies, ACLs


Second FloorConsists of three seminar rooms, which are used to conduct trainings and presentations.


Addressing/Routing Consisting of 100 desktops addressing will have to account for desktops and video conferencing


Network Management


Protocols, devices

Performance Reliable connections would be necessary to keep up with video conferencing

QoS, SLA, Policies

Security Some security may be necessary for video conferencing


Third FloorIs the data centre, which consists of a number of server rooms and office for internal technical staff.


Addressing/Routing Necessary addressing to manage sever room and internal staff requirements

Addressing: allocated size of 60 (30 for servers, 30 for internal staff)Routing: Routers, routing protocols, manipulate flows

Network Management


Protocols, devices

Performance Of upmost importance as this is the data centre and the backbone to the company

QoS, SLA, Policies

Security Also of upmost importance as this would hold the whole companies backups and projects



Brisbane Office

First FloorIs used by the technical staff.


Addressing/Routing Providing connectivity for technical staff


Network Management


Protocols, devices

Performance Must be adequate enough to meet the technical staff’s needs

QoS, SLA, Policies

Security Reasonable security to ensure no information is leaked



Second FloorIs used for administration and management staff.


Addressing/Routing Providing connectivity for admin and management staff


Network Management


Protocols, devices

Performance Must be adequate enough to meet staff’s needs

QoS, SLA, Policies

Security Restricts access, usage and visibility from threats



Brisbane R&D

Ground FloorIs used by the admin and management staff.


Addressing/Routing Providing connectivity for admin and management staff


Network Management


Protocols, devices


QoS, SLA, Policies

Security Restricts access, usage and visibility from threats



First FloorIs used by the research staff.


Addressing/Routing Providing connectivity for research staff


Network Management


Protocols, devices

Performance As R&D is vital to the company’s future growth performance would be imperative

QoS, SLA, Policies

Security Security would also be important as their projects could be very valuable


Second FloorIs used for experimentation and housing of specialised server for research purposes.


Addressing/Routing Providing connectivity for company experimentations and specialised servers


Network Management


Protocols, devices

Performance As this is specialised equipment smooth operation is vital

QoS, SLA, Policies

Security Due to the nature of operations security is critical



Melbourne OfficeConsists of the 30th and 31st floor of a building in the Melbourne CBD.

30th FloorConsists of a number of software developers and a management team.


Addressing/Routing Providing connectivity for software developers and the management team


Network Management


Protocols, devices


QoS, SLA, Policies

Security Security would also be key as their projects could be confidential



31st FloorConsists of a meeting room, a training/seminar room and a server room.


Addressing/Routing Providing connectivity for a meeting room, a training/seminar room and a server room

Addressing: allocated size of 34 (14 training, 14 servers & 6 networking)Routing: Routers, routing protocols, manipulate flows

Network Management


Protocols, devices

Performance Must be adequate enough to meet staff’s needs and enough to provide quick access to the servers

QoS, SLA, Policies

Security Security would also be key as their projects/training could be confidential



Shanghai OfficeConsists of three floors 21-23 (Level 23 is currently unoccupied with plans for future use):

Level 21Is used for sales and administration purposes.


Addressing/Routing Providing connectivity for sales and admin staff


Network Management


Protocols, devices


QoS, SLA, Policies

Security Security would also be key as their projects could be confidential with sales information



Level 22Is used for trainings and meetings.


Addressing/Routing Providing connectivity for trainings and meetings


Network Management


Protocols, devices


QoS, SLA, Policies

Security Security would also be key as their training/meetings could be confidential



Topology Model


RelationshipsThrough comparing these diagrams and reference architectures to both the logical design and network management infrastructure, the relationships between these three areas is made evident.

With such a hierarchically separated architecture, through using contiguous address spaces per division/level the management is simplified and applying security policies and QoS rules is considerably straightforward. Switching, routing policies and broadcast domains are separated and easily identifiable.

Other network-related processes such as troubleshooting and configuration are made clearer. Security concerns are also addressed through easier isolation of LAN segments. Network boundaries and aggregation points are highlighted which allows for easier implementation of IDS systems and rules.


Addressing and Routing

AddressingWhen developing the AdvanNets network, it is crucial to consider it from a logical perspective due to the required complexity.

The AdvanNets corporation currently uses a combination of publicly listed IP addresses and private IP addresses. This existing strategy is not scalable or robust enough to meet the company’s changing needs, and as such a new addressing strategy has been developed. This will enable future growth, increased security and transparency between divisions. The scheme was designed with a number of factors in mind such as security, suitability and flexbility.

To meet the security needs of the company, each block of addresses has been allocated according to workgroups within each functional area. This allows for the hierarchical separation of traffic, as well as prioritisation and easy application of security policies depending on the client’s department or job function.

Public addresses have been used sparingly to preserve address space as well as enhance security and functionality. Each internal device accesses the internet via Network Address Translation (NAT). Access to the servers which require external interaction will be only allowed via a VPN, except in special cases such as the real-time embedded systems housed in the Sydney datacenter, where public IP addresses have been used to circumvent the need for a VPN tunnel. Public addresses are also assigned to the WAN-facing interfaces of routers. This heightens security as access is controllable and monitorable at both the underlying connection and user levels. A small block of addresses has been reserved in the Sydney LAN to allow for VPN clients and external parties who connect to the AdvanNets network via the seminar rooms as documented in the given requirements.

Each of the servers will have persistent IPs with static routes advertised to ensure efficient routing of packets as well as the availability of redundant paths should there be a fault within the network. Each client will also receive a static IP address, except in the case of those connecting their laptops who will receive an address from a given DHCP pool, 10.0.2.0/25.


The full addressing strategy as developed for AdvanNets is outlined in tabular form below:

Sydney

Name Allocated Size

Address Assignable Range

Phones 254 10.0.0.0/24 10.0.0.1 - 10.0.0.254

Dev / Admin / Management 126 10.0.1.0/25 10.0.1.1 - 10.0.1.126

Seminar Room 126 10.0.0.128/25 10.0.1.129 - 10.0.1.254

DHCP (Wireless clients, External VPN)

126 10.0.2.0/25 10.0.2.1 - 10.0.2.126

Servers (Internal) 30 10.0.2.128/27 10.0.2.129 - 10.0.2.158

Technical Staff 30 10.0.2.160/27 10.0.2.161 - 10.0.2.190

Networking equipment (switches, routers)

14 10.0.2.192/28 10.0.2.193 - 10.0.2.206

Unallocated - - 10.0.2.208 - 10.0.2.254

External-facing devices (WAN interfaces, servers, firewalls)

30 203.33.45.0/27 203.33.45.1 - 203.33.45.30

Brisbane Office

Name Allocated Size

Address Assignable Range

Phones 62 10.0.3.0/26 10.0.3.1 - 10.0.3.62

Technical Staff 30 10.0.3.64/27 10.0.3.65 - 10.0.3.94

Admin / Management 30 10.0.3.96/27 10.0.3.97 - 10.0.3.126

Networking equipment 6 10.0.3.128/29 10.0.3.129 - 10.0.3.134

External-facing devices 30 203.33.45.32/27 203.33.45.33 - 203.33.45.62


Brisbane R&DName Allocated

SizeAddress Assignable Range

Admin / Management 30 10.0.3.136/27 10.0.3.137 - 10.0.3.166

Phones 30 10.0.3.168/27 10.0.3.169 - 10.0.3.198

Servers (internal) 30 10.0.3.200/27 10.0.3.201 -10.0.3.230

Research team 14 10.0.3.232/28 10.0.3.233 - 10.0.3.246



Melbourne

Name Allocated Size Address Assignable Range

Phones 62 10.0.4.0/26 10.0.4.1 - 10.0.4.62

Dev / Management / Admin 62 10.0.4.64/26 10.0.4.65 - 10.0.4.126

Training staff 14 10.0.4.128/28 10.0.4.129 - 10.0.4.142

Servers 14 10.0.4.144/28 10.0.4.145 - 10.0.4.158


Unallocated - - 10.0.4.169 - 10.0.4.254


Shanghai

Name Allocated Size Address Assignable Range

Phones 126 10.0.5.0/25 10.0.5.1 - 10.0.5.126

Sales / Admin 62 10.0.5.128/26 10.0.5.129 - 10.0.5.190

Training staff 62 10.0.5.192/26 10.0.5.193 - 10.0.5.254

Networking equipment

14 10.0.6.0/28 10.0.6.1 - 10.0.6.14

Unallocated - - 10.0.6.17 - 10.0.6.254



8


Functional AreasHierarchically, the network can be separated into 4 clear geographical locations, with each location further refined into departments and logical groupings in the form of functional areas and workgroups, depending on job function or seating location within the building. This is displayed in the figure below:


Routing

Routing is another issue which must be considering when designing any network. Due to the critical nature of the network communications at AdvanNets, the EIGRP routing protocol has been selected for a number of reasons. It has a number of distinct advantages over older legacy protocols such as RIPv1 and RIPv2 such as no hop limits and its classless nature. As it is a distance-vector routing protocol, it can make smarter routing decisions based on numerous factors which will benefit the delivery of packets. It offers faster adjancency forming and convergence in the event of topology changes and as it only sends periodic routing updates upon a topology change, it keeps overheads to a minimum and network performance at a maximum. Overall, the addressing and routing requirements of AdvanNets are catered for by EIGRP and the logical design outlined above in the addressing tables and figures.


Network ManagementAs AdvanNets’ has a large network spanning across several geographical regions, it is important to implement adequate network management protocols, instrumentation and architecture. In order to apply a successful network management scheme, it is prudent to regard the five layers of network management:

Business Management - this layer looks at the available budget for the network and any resources or agreements required for the network. In AdvanNets case this will consist of a budget which accounts for at most 4 routers as well as negotiating agreements between Telstra and China Telecom to manage their routers.

Service Management - at this layer it is prudent to set bandwidth restrictions and access restriction on differing applications and services. Based off of the previous flow analysis done for AdvanNets this will consist of:

o Limiting emails to a 2GB download limit per day

o Allocating a large amount of bandwidth for Skype and teleconferencing applications (72-75GB); as well as increasing the QoS priority for video to allow for minimal latency.

o Limiting remote access uploads and downloads to 10GB a day for normal users, those in need of more bandwidth for remote access will be provided with adequate bandwidth needs.

Network management - it is at this layer that network management protocols, monitoring tools and policies will be applied to the various network elements within AdvanNets network.

Management ProtocolsIn order to ensure optimal performance, it is necessary to implement a network management protocol which suits AdvanNets needs. As such the Simple Network Management Protocol (SNMP) was chosen.

SNMP has several advantages, some of which are:

SNMP facilitates the collection and configuration of network devices - allowing AdvanNets to know the configuration of any network device within their network as well as to configure the network according to specific needs

Allows for the implementation of traps; which will be used to stop unsolicited events that may pass through the network. This allows the network to function at an optimal state without being bogged down by numerous unnecessary traffic.

Simple to configure and includes a number of authentication methods as well as providing a mechanism to monitor and configure netwrok devices.


Monitoring Mechanisms and ConfigurationTo adequately manage the network, measures need to be put into place to allow for the monitoring of the network. As SNMP has been chosen to be the network management protocol for AdvanNets, this process becomes fairly simple as the protocol has inbuilt monitoring processes. SNMP may be used to monitor the network for event notifications or for trend analysis and planning.

Monitoring for Event NotificationEvents, in regards to the AdvanNets network can be considered as either problems or failures within the network or an application exceeding a bandwidth threshold. These events will be good indicators for managers and administrators as to whether or not upgrades are required. This information can be gathered by polling the various network devices using SNMP and gathering management data from them. However, care must be taken when doing so as this process can cause a certain amount of network traffic, for example:

Consider polling the Sydney office for a day to obtain management data. As per the logical design mentioned previously, assume that Sydney consists of 736 network devices each with an average of 4 interfaces per network device. This would mean that each polling session would produce:

(736 network devices)*(4 interfaces)*(5 characteristics per interface) = 14720 characteristics

If each of these characteristics generates approximately 10 bytes of data, with an additional 40 bytes of protocol overhead, this would amount to:

(14720 characteristics)*(10+40 bytes) = 736 Kb or 7.36Mb of traffic per polling session.

Assuming each polling session took place every 10 seconds, this would amount to:

(7.36MB polling traffic)*(360 polls per hour)*(24 hours) = 63.59GB of traffic a day

By this example, it is clear that the traffic for just one of AdvanNets branches when polling for management data is quite high. To circumvent these issues, it is advised to either poll less frequently or on days where the network use is low, such as weekends.


Monitoring for Trend analysis and PlanningIn addition to monitoring for events within the network, using SNMP, AdvanNets can gather information on network trends as well as forming a basis for future planning. This will be most useful in regards to the Shanghai office, which is expected to increase in staff over the following years.

Whilst this process is usually carried out over a period of time ranging from weeks to months, it is possible to determine certain trends currently within the system and then extrapolate further based on these results. For example if AdvanNets were to begin trending capacity within the Shanghai system, through the use of simple metrics measuring capacity within the system with 20 users, this result can then be used to estimate the delay expected when the number increases to 100 users, thus giving forewarning to administrators as to whether or not the network will need upgrading.

Capacity Requirement for 20 users (Shanghai office)

Estimated Requirement for 100 users (Shanghai Office)

Email: 200Mb Email: 2GB

Skype: 7.2GB Skype: 7.2GB

Remote Access: 9.2GB Remote Access: 9.2GB

The original figures mentioned above are taken directly from the flow analysis undertaken for AdvanNets previously. It is apparent that since Skype and Remote access usage will be consistent regardless of the number of users (as it was calculated as a sum of all division usage) the only major characteristic of concern to AdvanNets Shanghai administrators would be to provide adequate measures to allow for the increase in email traffic.


Instrumentation MechanismsOne of the many advantages in using SNMP as a network management protocol is that is comes with its own instrumentation mechanisms. SNMP provides access to the management information base (MIB) variables, which when combined with monitoring tools such as ping, Traceroute and direct access methods such as telnet, FTP and TFTP allows for the complete management of AdvanNets network. Using the MIB variables within SNMP administrators can determine delay, availability, monitor short term events and perform long term trend analysis, for example through the use of the ifOperStatus command, administrators can determine the availability of a certain interface.

Melbourne Brisbane Sydney Shanghai

Melbourne

n/a 60-75ms 30-40ms 165-175ms

Brisbane 60-75ms n/a 30-40ms 130-145ms

Sydney 30-40ms 30-40ms n/a 140-150ms

Shanghai 165-175ms 130-145ms 140-150ms n/a

Ping output for various endpoints within the network.

Configuration MechanismsTo ensure that the network runs correctly, mechanisms must be put into place to allow AdvanNets administrators to configure the network devices. This is achieved through one of several ways:

SNMP set command

Administrators are given Telnet and command line interface access to allow them to configure the devices

Administrators/Managers can use FTP/TFTP to download configuration files to ensure that the devices are correctly configured

As mentioned previously AdvanNets will use EIGRP as its routing protocol as it allows for a faster formation of adjacency and convergence within the network; and as such all routers will be configured to use this protocol.

Network Management ArchitectureBefore implementing a network management architecture it is important to examine all aspects that may affect this decision. These include whether to use in-band or out-of-band management, centralised/distributed or hierarchical management, measures to manage network management data and tradeoffs between these methods.


In-band and Out-of-band ManagementAdvanNets has a possible choice between the use of In-band or Out-band or a combination of both. The main advantages of these are:

In band simplifies the overall architecture as all flows follow the same paths

Out-of-band allows management system to continue to monitor AdvanNets even in the event of a network failure.

These advantages come with certain tradeoffs:

In in-band management the flow of management data can be affected by user data flows which may cause a delay in the receipt of management information.

Out of band management creates more complexity and is more expensive to implement within the network.

Hence the main consideration is whether to AdvanNet is willing to adopt a simplified system which may affect the management data receivedin the event of a failure, or to adopt an architecture which is redundant from the network whilst adding more overall complexity to the already large network. The major constraint affecting this decision for AdvanNets will be the available budget, as the adoption of out-of-band management will increase costs.


Centralised, Distributed or Hierarchical ManagementAs with In-band and out-of-band consideration it is important to examine the advantages and disadvantages of centralised, distributed or hierarchical management.

Advantages Centralised management will only require a single management system, thus providing a simple

architecture with low costs

Distributed management allows for the greater management of network management data, as all data is stored locally, reducing the flow of management data within the network

Heirarchical systems consist of independent and redundant components, allowing for the constant monitoring of the system even in the event of failures, similarly to out-of-band management

Disadvantages Centralised systems are non-redundant as there is a single point of failure

Costs within distributed systems will increase as the number of monitoring devices and systems increase

Hierarchical systems are costly to implement and are complex

Again the major consideration for AdvanNets is the costs associated with each management system. Whilst each will accomplish AdvanNets desired goal of achieving successful management; it is most likely that Centralised management systems will not be prudent as non-redundancy will cause major issues. Thus, decisions will need to be made between hierarchical management or distributed, taking into consideration the future predicted expansion of AdvanNets users.

Measures to manage Network Management DataAs mentioned previously, the flow of management data within AdvanNets network will be a substantial amount (for example management data flows were 63.59GB of traffic a day within just the Sydney office). Thus it is recommended that AdvanNets:

Adopts a method of local storage of management data. This not only reduces network traffic but also makes it easier to quickly retrieve management data for the corresponding office. Mechanisms will need to be put into place, such as a dedicated management system which will store this data at each office. This process of locally storing data ties in with the second recommendation.

Migrate data between offices back into the Sydney data stores when network traffic is low such as on weekends.

This will ensure that the flow of management data within AdvanNets network will not impede on the business operations and user flows.


RecommendationIt is recommended that AdvanNets implements a combination of in-band and out-of-band management systems to cater for their network management needs. This approach allows AdvanNets to have a high performance in-band management system; which is typically the high capacity component of network management whilst still allowing the use of out-of-band management in the even of network failures.

Whilst this combination creates a redundant system which will be able to manage the data even when critical components fail, it comes with increased costs and complexity in implementation. These issues will need to be considered by AdvanNets administrators when making their decision.

In addition to this, the adoption of the recommendation mentioned above in regards to controlling the flow of management data, will ensure that AdvanNets network can be continually monitored without impeding on the flow of user data and activities.


References- McCabe, James D., 2007, Network Analysis, Architecture and Design, 3rd edition

- Oppenheimer, Priscilla, 2004, Top-Down Network Design, 2nd edition, Cisco Press


Appendix

Assignment 1 – Andre

31246 - network designmembers.iinet.net.au/~andre91/uni/31246 network de… · web viewout of band...

Documents