KEMBAR78
Advanced Network Solutions Guide | PDF | Computer Network | Computer Security
0% found this document useful (0 votes)
86 views24 pages

Advanced Network Solutions Guide

The document proposes a redesign of the network infrastructure for Read & Learn Publishing to address issues with the current design. The new design implements a complex IT infrastructure with centralized resources, upgraded internet connectivity, VPN connections between sites, network segmentation, and monitoring tools. Methodologies for the redesigned network include designs for scalability, a hierarchical network structure, and redundancy.

Uploaded by

mucherebrian
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
86 views24 pages

Advanced Network Solutions Guide

The document proposes a redesign of the network infrastructure for Read & Learn Publishing to address issues with the current design. The new design implements a complex IT infrastructure with centralized resources, upgraded internet connectivity, VPN connections between sites, network segmentation, and monitoring tools. Methodologies for the redesigned network include designs for scalability, a hierarchical network structure, and redundancy.

Uploaded by

mucherebrian
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 24

ADVANCED NETWORK SOLUTIONS DOCUMENTATION.

Student name:

University:

Course:

Prof:

Date:

1
Table of Contents
LIST OF FIGURES...................................................................................................................................2
1. INTRODUCTION.............................................................................................................................4
2. NETWORK PROBLEMS ASSOCIATED WITH THE CURRENT DESIGN............................4
3. NEW DESIGN PROPOSAL AND METHODOLOGIES..............................................................5
3.1. Appropriate design models and expansion capacity of the proposed Design......................11
3.2. Installation and configuration of the proposed design..........................................................12
3.3. Implications of using private IP addressing on the new Design...........................................12
3.4. The proposed Necessary routing infrastructure....................................................................12
4. ANALYSIS OF THE EFFECTIVENESS OF THE PROPOSED NETWORK SOLUTION....13
5. TEST SOLUTION CONFIGURATIONS.....................................................................................14
6. ISSUES AND GOTCHA’S..............................................................................................................15
7. RECOMMENDATIONS.................................................................................................................16
REFERENCES........................................................................................................................................17
APPENDIX..............................................................................................................................................19

2
LIST OF FIGURES.
Figure 1: A Diagram of the new proposed design network infrastructure...........................................7
Figure 2: A CISCO diagram illustrating network scalability................................................................9
Figure 3: A CISCO diagram illustrating a hierarchical design...........................................................10
Figure 4:Spanning tree protocol for implementing network redundancy...........................................11
Figure 5: Proposed design demonstrating redundancy........................................................................11
Figure 6: link aggregation used in switched networks..........................................................................12

Appendix 1: successful ping between a PC in Manchester and the main router in Cambridge data
center........................................................................................................................................................19
Appendix 2: successful re-routing attempt from the HR branch office to the Manchester office.....20
Appendix 3:demonstrates configuring the access control list for the Cambridge router...................21
Appendix 4:shows redundancy and failover test...................................................................................22
Appendix 5:network redundancy test between the redundant links...................................................23

3
1. INTRODUCTION.
In the contemporary digital landscape, the vitality of a strong and streamlined network
infrastructure cannot be overstated for organizational triumph. Outmoded or inadequately
constructed network frameworks pose risks to productivity, compromise security measures, and
curtail scalability potential (Johnson, A., 2017). This document endeavors to confront these
obstacles head-on through advocating a thorough overhaul of the network infrastructure tailored
for our client, Read & Learn Publishing. By harnessing contemporary technologies and adhering
to industry best practices, our objective is to elevate performance, fortify security measures, and
amplify scalability while ensuring the network remains adaptable to future growth and
innovation.

2. NETWORK PROBLEMS ASSOCIATED WITH THE


CURRENT DESIGN.
Read and Learn Publishing’s current network infrastructure suffers several design and network
issues that impact the performance of and suitability of the network, such as redundancy,
scalability and security of the Network. The problems include:

i. Single Point of Failure


If there’s a single central switch or router that connects all devices, it becomes a critical
point. If it fails, the entire network could be disrupted. Redundancy and failover
mechanisms should be implemented to mitigate this risk.
ii. Lack of Segmentation
The network infrastructure doesn’t have any network segmentation. All devices seem to
be in the same flat network. Without proper VLANs or subnets, security and performance
issues may arise. Separating devices into logical segments can enhance security and
manageability.
iii. No Redundancy

4
There’s no indication of redundant links or devices. In case of link failure, there’s no
backup path. Implementing redundant links (such as using Spanning Tree Protocol)
ensures network availability.
iv. Inadequate Security Measures
The absence of firewalls, intrusion detection systems, or access control lists (ACLs)
raises security concerns. Proper security measures are essential to protect against
unauthorized access and attacks.
v. Scalability Challenges
The design doesn’t account for future growth. As the network expands, adding new
devices might become cumbersome. A scalable architecture should be considered.
vi. Placement of Servers
Servers are directly connected to switches without any dedicated server farm or DMZ.
Isolating servers from user traffic and placing them in a secure zone is advisable.
vii. IP Address Management
The diagram lacks IP address details. Proper IP address planning and management are
crucial for efficient network operations.
viii. No Monitoring or Management Tools
There’s no mention of network monitoring tools, SNMP, or centralized management
systems. These are essential for troubleshooting and maintaining network health.
ix. Physical Security
The physical placement of devices (e.g., servers, switches) isn’t specified. Ensuring
physical security (e.g., locked server rooms, restricted access) is vital.

5
3. NEW DESIGN PROPOSAL AND METHODOLOGIES.
The image below shows a screenshot of the simulated design for the proposed design that will replace
the current design.

6
Figure 1: A Diagram of the new proposed design network infrastructure
The new design implements a complex IT Infrastructure. A Complex IT infrastructure requires
very careful and consistent planning and the design to meet the diverse needs of the
contemporary organization which are ever growing, and their needs expand. The proposed
redesign of Read & Learn Publishing’s network infrastructure is focused on solving all the
problems that the current design is facing. Also, the proposed IT infrastructure includes
centralizing resources in the Cambridge Data Center, upgrading Internet connectivity,
implementing VPN connections between sites, segmenting the network, and deploying network
monitoring tools. These changes will address current issues and support future expansion. The
redesign includes the following methodologies and best practices:

i. Design for Scalability.


Our new design will be able to accommodate an increase or a decrease in size of the
network needs. To ensure network scalability, the new design has put the following into
considerations:
a. The new design will use expandable, modular equipment or clustered devices that
can be easily upgraded to increase capabilities. Device modules will be added to
the existing equipment to support new features and devices without requiring
major equipment upgrades (Johnson, A., 2017). Some devices will be integrated
in a cluster to act as one device to simplify management and configuration.
b. The new Design will be a hierarchical network to include modules that can be
added, upgraded, and modified as necessary, without affecting the design of the
other functional areas of the network. For example, you might create a separate
access layer that can be expanded without affecting the distribution and core
layers of the campus network (Johnson, A., 2017).
Create an IPv4 or IPv6 address strategy that is hierarchical. It will include a
careful address planning to eliminate the need to re-address the network to
support additional users and services (Johnson, A., 2017).
The diagram below shows a plan for scalability.

7
Figure 2: A CISCO diagram illustrating network scalability.

ii. Hierarchical Network Design.


The proposed network architecture involves organizing devices into core, distributions
and access layers to improve scalability, security and manageability (Johnson, A., 2017).
A hierarchical LAN design consists of the following three layers, as shown in Figure
below:
 Access layer
 Distribution layer
 Core layer

8
Figure 3: A CISCO diagram illustrating a hierarchical design.

Each layer is designed to meet specific functions.

The access layer provides endpoints and users direct access to the network. The
distribution layer aggregates access layers and provides connectivity to services
(Johnson, A., 2017). Finally, the core layer provides connectivity between
distribution layers for large LAN environments (Johnson, A., 2017). User traffic is
initiated at the access layer and passes through the other layers if the functionality of
those layers is required.

iii. Planning for Redundancy and Resilience.


Redundancy is an important part of network design for preventing disruption of network
services by minimizing the possibility of a single point of failure. The new design will
implement redundancy by installing duplicate equipment and provide failover services
for critical devices. The proposed system will implement redundant components, links,
and failover mechanisms to ensure high availability and fault tolerance. The figure below
shows a spanning tree protocol for implementing network redundancy.

9
Figure 4:Spanning tree protocol for implementing network redundancy.

The diagram below is part of the proposed design that demonstrates redundancy.

Figure 5: Proposed design demonstrating redundancy


iv. Increasing Bandwidth.
The current design is experiencing network down times because of low bandwidth in
some cases, some links between access and distribution switches may need to process a

10
greater amount of traffic than other links. As traffic from multiple links converges onto a
single, outgoing link, it is possible for that link to become a bottleneck.
Link aggregation allows an administrator to increase the amount of bandwidth
between devices by creating one logical link by grouping several physical links
together (Johnson, A., 2017). EtherChannel is a form of link aggregation used in
switched networks, as
shown in the figure below.

Figure 6: link aggregation used in switched networks.

v. Designing for Failure Domains.


A well-designed network not only controls traffic but also limits the size of failure
domains. A failure domain is the area of a network that is impacted when a critical device
or network service experiences problems (Johnson, A., 2017). The new design aims in
the use of redundant links and reliable enterprise-class equipment minimizes the chance
of disruption in a network.

3.1. Appropriate design models and expansion capacity of the proposed


Design.
The proposal incorporates industry-standard design models, including the hierarchical network
architecture and virtualization technologies. These models provide a scalable and flexible
framework for building the network infrastructure, allowing for future expansion high
availability and fault tolerance, further enhancing the network’s capacity to accommodate
increasing demands.

11
3.2. Installation and configuration of the proposed design.
The installation and configuration process involves deploying network devices, configuring
settings and testing connectivity to ensure proper operation. Configuration tasks include setting
VLANs, routing protocols, security policies, and virtualization settings. Documentation and
labelling of devices and cable facilitate troubleshooting and maintenance efforts. Additionally,
regular backups and updates ensure the reliability and security of the network infrastructure.

3.3. Implications of using private IP addressing on the new Design.


Utilizing private IP addressing offers several benefits for read & learn publishing’s network
infrastructure, including:

i. Enhancing Security – Private IP addresses are not routable on the internet, providing a
level of obscurity and protection against external threats.
ii. Conservation of Public IP address space – By using private IP address internally, the
organization can conserve public IP address space for external-facing services and
devices.
iii. Simplified network management – Private IP addressing simplifies network
administration by reducing the complexity of address allocation and routing
configurations.

3.4. The proposed Necessary routing infrastructure


The routing infrastructure for read & learn publishing’s network consist of routers and routing
protocols that facilitate communication between different network segments and destinations.
Key considerations for the routing infrastructure include:

i. Dynamic routing protocols


Using dynamic routing protocols such as OSPF, EIGRP, or BGP enables automatic
route selection and adaptation to network changes, improving efficiency and
reliability.
ii. Redundancy and Failover
Implementing redundant routers and links, along with mechanisms such as HSRP or
VRRP, ensures high availability and fault tolerance.
iii. QoS and traffic engineering

12
Implementing Quality of Service mechanisms prioritizes critical traffic types, such as
voice or video, ensuring optimal performance and user experience.
iv. Route summarization
Aggregation routes reduces the size of routing tables and improves scalability,
particularly in large networks in multiple subnets.

4. ANALYSIS OF THE EFFECTIVENESS OF THE


PROPOSED NETWORK SOLUTION.
The proposed network design addresses the key requirements and challenges of the
current design. The key aspects of the effectiveness of the solution are:
i. Connectivity and Communication.
The solution ensures seamless communication between all locations, including
branch offices and the main office in Cambridge. This is achieved through the
implementation of MPLS circuits for branch connectivity and a DSL broadband
connection for internet access. Ping tests between devices in different locations
demonstrate low latency and high reliability, indicating successful
communication.
ii. Redundancy and High Availability
The use of redundant links and failover mechanisms enhances network reliability
and minimizes downtime in the event of link failures. For instance, if a primary
MPLS link fails, traffic can automatically reroute through an alternative link. This
is done by simulating a link failure between main router at Cambridge and router
2. The network quickly and seamlessly switches to router 3 without disrupting
services.
iii. Security
The deployment of several Cisco ASA firewalls and the configuration of Access
control lists (ACLs) provides the security and protect the network from
unauthorized access and cyber threats. The firewall rules restrict access to
sensitive resources. ACLs on the other hand filters traffic based on predefined
criteria. The firewall logs reveal any unauthorized access attempts or intrusion
attempts, which demonstrates the effectiveness of security measures in place.

13
iv. Scalability
The recommended design accommodates future growth and expansion by
utilizing scalable technologies and modular configurations. Therefore, new
devices or new branch offices can be easily integrated into the network without
requiring major redesigns.

5. TEST SOLUTION CONFIGURATIONS


The proposed design is implemented and tested in a simulated environment using Cisco Packet
Tracer. Configuration files are fully annotated, detailing each step of the setup process and
rationale behind specific decisions. Testing encompasses various test plans.

A detailed test plan that demonstrates the recommended solution outlines specific test cases,
expected results, and actual outcomes is used to validate the new design model. Operational
results demonstrate successful implementation of the proposed solution, highlighting
improvements in network performance, security and manageability. Below is a table that
demonstrates the test plan.

Test Description & Operation Expected Actual Result Evidence


Reference Result
NM-1 Ping Test between a PC in Successful ping Successful ping See
Manchester and the Router in communication communication Appendix 1
Cambridge devices in the between all between all devices
network devices
NM-3 Performed Routing Test from Test routing Devices in different See
the router in the HR branch to between subnets can Appendix 2
the router of the Manchester different subnets communicate via
branch routing
NM-4 Firewall Test and access Verify firewall Only permitted traffic See
control list access to the rules and is allowed through the appendix 3
Cambridge server from an security policies firewall, and denied
external IP address traffic is blocked
NM-5 Performed Redundancy Test Shut down one Traffic rerouted See

14
by shutting down a link to on MLPS circuit successfully no appendix 4
router that connects the between interruption and
Cambridge data center and all Cambridge and appendix 5
the branches. The other Manchester
second router picked up and branch
there was no network
downtime.
NM-6 File Transfer Test. I carried File Transfer Successful file transfer
out a file transfer test between Test all devices
all devices in the network in the network

6. ISSUES AND GOTCHA’S


i. Routing Misconfigurations

Issue - Incorrect routing configurations between the main office in Cambridge and branch offices
in Manchester, Edinburgh, and Peterborough can lead to routing loops or suboptimal traffic
routing.

Gotcha - Human error during router configuration or failure to update routing protocols after
network changes can result in routing misconfigurations.

ii. VLAN Configuration Errors

Issue - Incorrect VLAN configurations on switches can prevent devices within the same VLAN
or across VLANs from communicating effectively.

Gotcha - Lack of understanding of VLAN tagging, trunking, and VLAN membership may result
in VLAN configuration errors, impacting network connectivity and performance.

iii. Security Vulnerabilities in Internet Connectivity

Issue - Inadequate security measures in the DSL Broadband connection to the internet can
expose the network to external threats, such as malware or unauthorized access.

15
Gotcha - Insufficient firewall rules or intrusion prevention systems (IPS) may leave the network
vulnerable to cyber-attacks or data breaches, compromising sensitive information.

iv. Insufficient Monitoring and Management Tools

Issue - Inadequate network monitoring and management tools can hinder visibility into network
performance, making it challenging to identify and address issues promptly.

Gotcha - Failure to deploy comprehensive monitoring solutions or conduct regular audits may
result in undetected network problems, leading to decreased productivity and user satisfaction.

7. RECOMMENDATIONS.
Implement regular testing procedures to ensure the continued effectiveness of the network
solution. Conduct periodic audits, vulnerability assessments, and penetration tests to identify and
address potential security vulnerabilities.

Invest in employee training programs to educate staff on best practices for network security, data
protection, and incident response. Foster a culture of cybersecurity awareness and empower
employees to recognize and report suspicious activities or potential threats.

Continuously monitor network traffic patterns, device usage, and resource utilization to
anticipate future growth and expansion requirements. Develop a scalable network architecture
that can easily accommodate additional users, devices, and services without compromising
performance or security.

Review and update disaster recovery plans regularly to ensure they remain effective in mitigating
the impact of potential disruptions or disasters. Conduct regular drills and simulations to test the
effectiveness of disaster recovery procedures and identify areas for improvement.

Deploy comprehensive network monitoring tools and security analytics platforms to


continuously monitor network traffic, detect anomalies, and identify potential security threats.
Implement automated alerting mechanisms to notify administrators of suspicious activities or
deviations from normal behavior.

16
CONCLUSION.
In conclusion, the proposed network solution offers a robust and effective infrastructure for Read
& Learn Publishing Company to address their current challenges and support future growth and
innovation. By implementing scalable technologies, redundancy mechanisms, and stringent
security measures, the network solution ensures seamless communication, high availability, and
data protection across all locations. However, the effectiveness of the network solution
ultimately depends on the organization's commitment to ongoing maintenance, training, and
security best practices. By adhering to the recommendations outlined above and continuously
monitoring and optimizing the network infrastructure, Read & Learn Publishing Company can
mitigate risks, enhance operational efficiency, and ensure the long-term success of their IT
environment. Overall, the proposed network solution provides a solid foundation for Read &
Learn Publishing Company to achieve their strategic objectives and maintain a competitive edge
in today's digital landscape.

17
REFERENCES.
1. Milanović, J.V. and Zhu, W., 2017. Modeling of interconnected critical infrastructure
systems using complex network theory. IEEE Transactions on Smart Grid, 9(5), pp.4637-
4648.
2. Johnson, A., 2017. Scaling Networks v6 Companion Guide and Lab ValuePack.
3. Rashid, N.A., bin Othman, Z., bin Johan, R. and Sidek, S.B.H., 2019. Cisco packet tracer
simulation as effective pedagogy in Computer Networking course.

18
APPENDIX
The screenshot below shows a successful ping between a PC in Manchester and the main router
in Cambridge data center. It also shows a ping from the same PC to another PC in the Consulting
branch.

19
Appendix 1: successful ping between a PC in Manchester and the main router in Cambridge
data center.

20
The screenshot below shows a successful re-routing attempt from the HR branch office to the
Manchester office.

Appendix 2: successful re-routing attempt from the HR branch office to the Manchester
office.

21
The screenshot below demonstrates configuring the access control list for the Cambridge router. After
setting the ACLs, no IP address from the external is accepted to make a request or access the servers.

Appendix 3:demonstrates configuring the access control list for the Cambridge router.

22
The screenshot below shows redundancy and failover test. One link of the router is shutdown.
After the shutdown, the traffic is rerouted to the next router without any failover and no
downtime is experienced.

Appendix 4:shows redundancy and failover test

23
The screenshot below demonstrates the network redundancy test between the redundant links
within the network.

Appendix 5:network redundancy test between the redundant links

24

You might also like