I don’t get what the Professor is asking me to do on A.) Background Information for the Campus Network Design Project, B.) Business Goals, and D.) Improved Performance and Security for the Edge of the
STUCK with your assignment? When is it due? Hire our professional essay experts who are available online 24/7 for an essay paper written to a high standard at a reasonable price.
Order a Similar Paper Order a Different Paper
I don’t get what the Professor is asking me to do on A.) Background Information for the Campus Network Design Project, B.) Business Goals, and D.) Improved Performance and Security for the Edge of the Network? I don’t know what I’m supposed to be doing for these three sections?
I don’t get what the Professor is asking me to do on A.) Background Information for the Campus Network Design Project, B.) Business Goals, and D.) Improved Performance and Security for the Edge of the
ITE 410: Advanced Computer Networks Case Study: A Real Campus Network Design The goal of this case study is to present a campus network design. The example is based on a real network design. Problem Specification Background Information for the Campus Network Design Project Wandering Valley Community College (WVCC) is a small college in the western United States that is attended by about 600 full- and part-time students. The students do not live on campus. Approximately 50 professors teach courses in the fields of arts and humanities, business, social sciences, mathematics, computer science, the physical sciences, and health sciences. Many of the professors also have other jobs in the business community, and only about half of them have an office on campus. Approximately 25 administration personnel handle admissions, student records, and other operational functions. Enrollment at WVCC has doubled in the past few years. The faculty and administration staff has also doubled in size, with the exception of the IT department, which is still quite small. The IT department consists of one manager, one server administrator, two network administrators, and two part-time student assistants. Because of the increase in enrollment and other factors covered in the next three sections, the current network has performance and reliability problems. The administration has told the IT department that both student and faculty complaints about the network have increased. Faculty members claim that, due to network problems, they cannot efficiently submit grades, maintain contact with colleagues at other colleges, or keep up with research. Students say they have handed in homework late due to network problems. The late submissions have impacted their grades. Despite the complaints about the network, faculty, staff, and student use of the network has doubled in the past few years. Wireless access has become a point of contention between the IT department and other departments. Students often place wireless access points in the Computing Center and the Math and Sciences building without permission from the IT department. The IT manager is concerned about network security and has assigned part-time students to roam the network to locate and remove unauthorized access points. The part-time students resent this task because in many instances the rogue access points were installed by peers and associates. Also, they think that wireless access should be allowed. Many students, faculty, and staff members agree. Business Goals The college still wants to attract and retain more students. The college board of trustees believes that the best way to remain fiscally sound is to continue to increase enrollment and reduce attrition. The college administration and board of trustees identified the following business goals: Increase the enrollment from 600 to 1000 students in the next 3 years. Reduce the attrition rate from 30 to 15 percent in the next 3 years. Improve faculty efficiency and allow faculty to participate in more research projects with colleagues at other colleges. Improve student efficiency and eliminate problems with homework submission. Allow students to access the campus network and the Internet wirelessly using their notebook computers. Allow visitors to the campus to access the Internet wirelessly using their notebook computers. Protect the network from intruders. Spend a grant that the state government issued for upgrading the campus network. The money must be spent by the end of the fiscal year. Technical Goals The IT department developed the following list of technical goals, based on research about the causes of network problems, which is covered in more detail in the “The Current Network at WVCC” section: Redesign the IP addressing scheme. Increase the bandwidth of the Internet connection to support new applications and the expanded use of current applications. Provide a secure, private wireless network for students to access the campus network and the Internet. Provide an open wireless network for visitors to the campus to access the Internet. Provide a network that offers a response time of approximately 1/10th of a second or less for interactive applications. Provide a campus network that is available approximately 99.90 percent of the time and offers an MTBF of 3000 hours (about 4 months) and an MTTR of 3 hours (with a low standard deviation from these average numbers). Provide security to protect the Internet connection and internal network from intruders. Use network management tools that can increase the efficiency and effectiveness of the IT department. Provide a network that can scale to support future expanded usage of multimedia applications. Network Applications Students, faculty, and staff use the WVCC network for the following purposes: Application 1, homework: Students use the network to write papers and other documents. They save their work to file servers in the Computing Center and print their work on printers in the Computing Center and other buildings. Application 2, email: Students, faculty, and administrative staff make extensive use of email. Application 3, web research: Students, faculty, and administrative staff use Mozilla Firefox or Microsoft Internet Explorer to access information, participate in chat rooms, play games, and use other typical web services. Application 4, library card catalog: Students and faculty access the online card catalog. Application 5, weather modeling: Meteorology students and faculty participate in a project to model weather patterns in conjunction with other colleges and universities in the state. Application 6, telescope monitoring: Astronomy students and faculty continually download graphical images from a telescope located at the state university. Application 7, graphics upload: The Art department uploads large graphics files to an off-campus print shop that can print large-scale images on a high-speed laser printer. The print shop prints artwork that is file-transferred to the shop via the Internet. Application 8, distance learning: The Computer Science department participates in a distance- learning project with the state university. The state university lets WVCC students sign up to receive streaming video of a computer science lecture course that is offered at the state university. The students can also participate in a real-time “chat room” while attending the class. Application 9, college management system: The college administration personnel use the college management system to keep track of class registrations and student records. User Communities Table 1 shows the user communities at WVCC. The expected growth of the communities is also included. Growth is expected for two reasons: New PCs and Macintoshes will be purchased. Wireless access will allow more students and visitors to access the network with their personal laptop computers. Table 1: User Communities at WVCC Data Stores (Servers) Table 2 shows the major data stores (servers) at WVCC. Table 2: Data Servers Current Network at WVCC A few years ago, the college buildings were not even interconnected. Internet access was not centralized, and each department handled its own network and server management. Much progress has been made since that time, and today a Layer 2 switched, hierarchical network design is in place. A single router that also acts as a firewall provides Internet access. The logical topology of the current campus-backbone network at WVCC consists of a hierarchical, mesh architecture with redundant links between buildings. Figure 1 shows the logical topology of the campus backbone. Figure 1: Current Campus Design (Backbone Design) The campus network design has the following features: The network uses switched Ethernet. A high-end switch in each building is redundantly connected to two high-end switches in the Computing Center. Figure 2 shows these switches. Within each building, a 24- or 48-port Ethernet switch on each floor connects end user systems. Figure 3 shows the building network architecture. The switches run the IEEE 802.1D Spanning Tree Protocol. The switches support SNMP and RMON. A Windows-based network management software package monitors the switches. The software runs on a server in the server farm module of the network design. All devices are part of the same broadcast domain. All devices (except two public servers) are part of the 192.168.1.0 subnet using a subnet mask of 255.255.255.0. Figure 2: Building network design Addressing for end-user PCs and Macs is accomplished with DHCP. A Windows server in the server farm acts as the DHCP server. The email and web servers use public addresses that the state community college network system assigned to the college. The system also provides a DNS server that the college uses. The router acts as a firewall using packet filtering. The router also implements NAT. The router has a default route to the Internet and does not run a routing protocol. The WAN link to the Internet is a 1.544-Mbps T1 link. The physical design of the current network has the following features: Buildings are connected via full-duplex 100BASE-FX Ethernet. Within buildings, 100-Mbps Ethernet switches are used. Every building is equipped with Category 5e cabling and wall plates in the various offices, classrooms, and labs. The router in the Computing Center supports two 100BASE-TX ports and one T1 port with a built-in CSU/DSU unit. The router has a redundant power supply. A centralized (star) physical topology is used for the campus cabling. Underground cable conduits hold multimode fiber-optic cabling. The cabling is off-the-shelf cabling that consists of 30 strands of fiber with a 62.5-micron core and 125-micron cladding, protected by a plastic sheath suitable for outdoor wear and tear. Figure 3 shows the cabling design of the campus network. Figure 3: Campus Cabling Design (and Building Network Architecture) Traffic Characteristics of Network Applications The student assistants in the IT department conducted an analysis of the traffic characteristics of applications. The analysis methods included capturing typical application sessions with a protocol analyzer, interviewing users about their current and planned uses of applications, and estimating the size of network objects transferred on the network. The students determined that the homework, email, web research, library card catalog, and college management system applications have nominal bandwidth requirements and are not delay sensitive. The other applications, however, use a significant amount of bandwidth, in particular a high percentage of the WAN bandwidth to the Internet. The distance-learning application is also delay sensitive. The users of the weather-modeling and telescope-monitoring applications want to expand their use of these applications but are currently hindered by the amount of bandwidth available to the Internet. The graphics-upload application users are also hindered from sending large files in a timely fashion by the shortage of bandwidth to the Internet. The distance-learning application is an asymmetric (one-way) streaming-video application. The state university uses digital video equipment to film the class lectures in real time and send the video stream over the Internet, using the Real-Time Streaming Protocol (RTSP) and the Real-Time Transport Protocol (RTP). The remote students do not send any audio or video data; they simply have the ability to send text questions while the class is happening, using a chat room web page. A user subscribes to the distance-learning class by accessing a web server at the state university, entering a username and password, and specifying how much bandwidth the user has available. The web page currently does not let a user specify more than 56 Kbps of available bandwidth. At this time, the distance-learning service is a point-to-point system. Each user receives a unique 56- Kbps video stream from the video system at the state university. For this reason, WVCC limits the number of users who can access the distance-learning system to ten students who are located in the Math and Sciences building. In the future, the distance-learning system will support IP multicast technologies. In the meantime, however, students and IT staff agree that a solution must be found for allowing more than ten students to use the distance-learning system at one time. Summary of Traffic Flows The student assistants used their research about user communities, data stores, and application traffic characteristics to analyze traffic flows. They represented cross-campus traffic flows in a graphical form, which Figure 4 shows. Figure 4: Cross Campus Traffic Flow on WVCC Networks In addition to the cross-campus traffic flows, the students documented traffic flows inside the library and Computing Center and traffic flows to and from the Internet. Inside the library and Computing Center, traffic travels to and from the various servers at about the following rates: Traffic travels to and from the router that connects the campus network to the Internet at about the following rates: Performance Characteristics of the Current Network From the analysis conducted by the student assistants and from switch, router, and server logs, the IT department determined that bandwidth on the Ethernet campus network is lightly used. However, three major problems are likely the cause of the difficulties that users are experiencing: The IP addressing scheme supports just one IP subnet with a subnet mask of 255.255.255.0. In other words, only 254 addresses are allowed. A few years ago, the IT department assumed that only a small subset of students and faculty would use the network at one time. This is no longer the case. As use of the network grows and students place wireless laptops on the network, the number of addresses has become insufficient. Users who join the network midmorning after many other users have joined often fail to receive an IP address from the DHCP server. The 1.544-Mbps connection to the Internet is overloaded. Average network utilization of the serial WAN link, measured in a 10-minute window, is 95 percent. The router drops about 5 percent of packets due to utilization peaks of 100 percent. The router itself is overloaded. The student assistants wrote a script to periodically collect the output of the show processes CPU command. The assistants discovered that the 5-minute CPU utilization is often as high as 90 percent and the 5-second CPU utilization often peaks at 99 percent, with a large portion of the CPU power being consumed by CPU interrupts. Using a lab network, the assistants simulated actual network traffic going through a similar router with and without access lists and NAT enabled. The assistants determined that the Internet router CPU is overused not just because of the large amount of traffic but also because of the access lists and NAT tasks. Solution Design Network Redesign of WVCC Using a modular approach, the network administrators and student assistants designed the following enhancements to the campus network: Optimized routing and addressing for the campus backbone that interconnects buildings provides access to the server farm and routes traffic to the Internet Wireless access in all buildings, both for visitors and users of the private campus network (students, faculty, and administrative staff) Improved performance and security on the edge of the network where traffic is routed to and from the Internet Optimized IP Addressing and Routing for the Campus Backbone The network administrators and student assistants decided to keep the hierarchical, mesh logical topology that their predecessors so wisely chose. However, to fix the IP addressing problems, a routing module was added to each of the building high-end switches, essentially turning the switches into fast routers. With this new approach, the administrators were able to subdivide the network logically into multiple subnets. The administrators decided to stay with private addresses. They assigned the following address ranges to the campus network: Server farm:192.168.1.1–192.168.1.254 Library:192.168.2.1–192.168.2.254 Computing Center:192.168.3.1–192.168.3.254 Administration:192.168.4.1–192.168.4.254 Business and Social Sciences:192.168.5.1–192.168.5.254 Math and Sciences:192.168.6.1–192.168.6.254 Arts and Humanities:192.168.7.1–192.168.7.254 Users of the secure, private wireless network: 192.168.8.1–192.168.8.254 (This is a campus wide subnet that spans all buildings and outside grounds.) Users of the open, public wireless network: 192.168.9.1–192.168.9.254 (This is a campus wide subnet that spans all buildings and outside grounds.) The email and web servers use public addresses that the state community college network system assigned to the college. Instead of relying on the Layer 2 Spanning Tree Protocol for loop avoidance, the designers chose a Layer 3 routing protocol. They chose Open Shortest Path First (OSPF) because it is not proprietary and runs on many vendors’ routers, converge ports load sharing, and is moderately easy to configure and troubleshoot. Wireless Network The wireless enhancements to the network represented the biggest challenge due to biases and other Layer 8 (nontechnical) issues. The IT department preferred a single solution that was extremely secure. Many students and faculty wanted secure access to the campus network and support for visitors using the wireless network to access the Internet. The solution was to provide two access points in each building, with different security policies implemented on them. An open access point in each building provides access for visitors, while a secure access point in each building provides secure access for students, faculty, and staff. The open access points are on a different channel from the other access points to avoid interference and boost performance. The access points support IEEE 802.11n and each provides a nominal bandwidth of 600 Mbps. From an IP addressing point of view, two separate subnets were used, as mentioned in the “Optimized IP Addressing and Routing for the Campus Backbone” section—one for the secure, private wireless LAN (WLAN) and one for the open, public WLAN. Each of these subnets is a campus-wide subnet. With this solution, a wireless user can roam the entire campus and never require the lease of a new address from the DHCP server. In each building, a switch port on the routing switch connects the access point that supports the open network. A different switch port connects the access point that supports the secure, private network. Each of these switch ports is in its own VLAN. Another VLAN is used for the ports that connect wired switches and users within the building. The open access points are not configured for WEP or MAC address authentication, and the SSID is announced in beacon frames so that users can easily associate with the WLAN. To protect the campus network from users of the open WLAN, the routing switches are configured with access lists that forward only a few protocols. Packets sent from users of the open WLAN to TCP ports 80 (HTTP), 25 (SMTP), and 110 (POP), and UDP ports 53 (DNS) and 67 (DHCP) are permitted. All other traffic is denied. Some students and faculty wanted to support more protocols, but the IT department insisted that, at least for now, these are the only supported protocols. This protects the network from security problems and avoids visitors using too much bandwidth for other applications. The private access points implement many more security features. The SSID is hidden and not announced in beacon frames. Although a determined user could still discover the SSID, removing it from beacon packets hides it from the casual user and avoids confusing visitors, who see only the public SSID. Students, faculty, and staff who want to use the private WLAN must know the private SSID and type it into the configuration tool for their wireless adapters. To protect the privacy of data that travels across the private WLAN, access points and clients will use Wi- Fi Protected Access (WPA) and the Temporal Key Integrity Protocol (TKIP). The private access points are also configured to use 802.1X and Lightweight Extensible Authentication Protocol (LEAP). Users of the private WLAN must have a valid user ID and password. To accomplish user authentication, the IT department will purchase a dedicated one-rack-unit (one-RU) hardened appliance that operates as a centralized Remote Authentication Dial-In User Service (RADIUS) server for user authentication. They chose an appliance rather than software for a generic PC platform to avoid security vulnerabilities found in typical industry-standard operating systems. The appliance must be reliable and easy to configure and troubleshoot. Improved Performance and Security for the Edge of the Network To fix the problems with high CPU utilization on the Internet router, the designers chose to break apart the network functions of security and traffic forwarding. The Internet router will now focus on traffic forwarding. The administrators reconfigured the router with a simpler list of access filters that provide initial protection from intruders, and they removed NAT functionality from the router. Instead, a dedicated firewall was placed into the topology between the router and the campus network. The firewall provides security and NAT. The IT department chose a one-RU appliance firewall with a hardened operating system that supports OSPF routing, NAT, URL filtering, and content filtering. For now, four interfaces on the firewall will be used. The outside interface will connect the Internet router; two inside interfaces will connect the campus network; and the demilitarized zone (DMZ) interface will connect the email and web servers. To fix the problem of high utilization on the WAN link to the Internet and the high incidence of packet dropping, the WAN link was replaced with a 10-Mbps Metro Ethernet link. The IT department discovered that a few service providers in the area were willing to bring in a single-mode fiber-optic link and support Ethernet rather than a WAN protocol. The IT department ordered a 10/100BASE-FX interface for the router and chose a service provider that offers a reasonable monthly charge and has a good reputation for reliability. In addition, the provider makes it easy for its customers to upgrade to more bandwidth. For example, if the college decides it needs a 100-Mbps Ethernet link, the college can make a single phone call to the provider and the provider guarantees to make the change that day. The IT department also factored into the choice of provider the experience level and knowledge of the installation and support staff. In particular, the provider’s network engineers had many practical ideas for addressing redundancy for future network designs. Figure 5 shows the new design for the WVCC campus network. Although the network design in the example is simple, and some decisions were more obvious than they would be for a more complex design, the example demonstrated the use of the following top-down network design steps: Step 1. Analyze requirements, including both business and technical goals, and any “workplace politics” that are relevant to technology choices. Step 2. Characterize the existing network. Step 3. Identify network applications and analyze bandwidth and QoS requirements for the applications. Step 4. Analyze traffic flows. Step 5. Choose a logical topology. Step 6. Select building access technologies. Step 7. Select campus-backbone technologies. Step 8. Select Internet connectivity technologies. Step 9. Select security solutions. Figure 5: Enhanced Network Topology References Pricilla Openheimer, “Top-Down Network Design: A system analysis approach to design enterprise networks,” Cisco Press, Third Edition, August 2010.
Everyone needs a little help with academic work from time to time. Hire the best essay writing professionals working for us today!
Get a 15% discount for your first order
Order a Similar Paper Order a Different Paper