1. Advanced Computer Networks
Individual Assignment
Network Design Proposal for a SME
H.M.V.T.W BANDARA
DEPARTMENT OF PHYSICAL SCIENCES & TECHNOLOGY
FACULTY OF APPLIED SCIENCES
SABARAGAMUWA UNIVERSITY OF SRI LANKA
2. 2
Table of Contents
Chapter 1 – Project Introduction................................................................................................... 4
Introduction...................................................................................................................................... 4
Problem in Brief............................................................................................................................... 4
Goals and Objectives of the Project ............................................................................................... 5
Network Designing Criteria............................................................................................................ 6
Chapter 2 – Network Design.......................................................................................................... 7
Network Diagram of the Main Office premises of SmartBuildings Limited Company ............ 7
Assumptions made on designing the Network............................................................................... 9
Chapter 3 - Key Areas of Networking.......................................................................................... 10
Core Area........................................................................................................................................ 10
Server Area..................................................................................................................................... 10
Storage Area................................................................................................................................... 10
VLAN Description ......................................................................................................................... 11
IP Addressing in the network design............................................................................................ 13
IP Address Scheme used in the network Design ......................................................................... 14
Chapter 4 - Network Protocols used in the Network Design......................................................... 15
Routing Protocols........................................................................................................................... 15
DNS (Domain Name System) ........................................................................................................ 15
DHCP (Dynamic Host Configuration Protocol).......................................................................... 16
STP (Spanning Tree Protocol)...................................................................................................... 16
NAT (Network Address Translation)........................................................................................... 16
VLAN (Virtual Local Area Network) .......................................................................................... 17
RADIUS (Remote Authentication Dial-In User Service) ........................................................... 17
FTP (File Transfer Protocol) ........................................................................................................ 17
SMTP (Simple Mail Transfer Protocol)....................................................................................... 17
Other Techniques used.................................................................................................................. 18
Chapter 5 - Cost Analysis ............................................................................................................ 19
Chapter 6 – Conclusion................................................................................................................ 20
References ................................................................................................................................... 21
3. 3
Table of Figures
Figure 1: Network Diagram for the Main office premises......................................................7
Figure 2: High Level Network Diagram for SmartBuildings Limited Company.................8
4. 4
Chapter 1 – Project Introduction
Introduction
This specific report will be intended in providing the basic network design document for
SmartBuildings Limited Company which is one of the suppliers of energy efficient sensor based
solutions for smart buildings in South Asia. The document will be comprising of the proposed
technologies, proposed network architecture and diagrams, security mechanisms, required
network services, IP addressing schemes, routing protocols, types of devices, software types, cost
analysis of the proposed network solution, problems and issues that will have to be faced while
maintaining the network, future enhancements etc. This project will be exclusively involved with
planning, designing and implementation of the network for the current four storied building that
SmartBuildings Limited Company is currently operating at and future expansions that have been
planned with opening a new branch in different location from the headquarters.
Problem in Brief
SmartBuidlings Limited Company have recently identified a threat from a recognized competitor
in the industry that will eventually affect their business operations. If they do not adapt to a new
technological solution to challenge the competitor, it may lead putting SamrtBuldings out of
Business. In identification of this key issue, upper level management have thought of upgrading
the computer systems and network system to have a better efficiency in the company operations.
The company have planned on investing a substantial sum of money in redesigning and
upgrading the current computer network system with planning on implementing a new
interconnected network such that the company’s headquarters and a new branch that is scheduled
to be opened in the near future should have uninterrupted, highly secured, 99.9% available,
highly reliable, fast and robust computer network system. This document will be intended on
providing the technical documentation for the proposed network solution.
5. 5
Goals and Objectives of the Project
As the key design goals and business objectives the project, designing, developing and
implementation of a network system with following key functional characteristics can be
identified.
Providing a high rate of performance in providing connection to existing legacy systems.
24/7 operation capability at a 99.9% highest level of availability
Providing adequate storage capabilities and providing high data transfer rates
Proving the maximum possible security, integrity and confidentiality for the company’s
operations
Future scalability should be manageable such that network should cope with the future
expansions of the company
Easy serviceability and manageability
Interoperability between different vendors and platforms should be supported
Easy recoverability from network failures, device malfunctions, crashes of the computer
system etc.
Capacity or the network bandwidth should be enough for the existing network operations,
future enhancements and should be providing a maximum amount of simultaneous user
load.
Total Cost of Ownership (TCO) which covers, design costs, development costs,
implementation costs, costs of the network resources and devices, maintenance costs,
power supply costs and future implementation costs should be at a minimum level.
6. 6
Network Designing Criteria
Consists of 300 staff members (will expand in the future) and will be in 4 different
departments (Should have four different vlans named Sales, Marketing, Engineering and
Operations mainly and some other vlans for other functions).
The building consists of 4 floors with different requirements as follows
Top most floor of the building will be used for the Engineering and Operations
Department with 50 wired host machines each (100 wired machines)
The third floor will be used as the basic work place for the CEO (Chief
Executive Officer) and meeting rooms will be situated in this floor. (Total 12
wired hosts)
Also in the third floor itself datacenter with servers (FTP server, Mail server,
Web server, Database, Storage and Backup server), firewall, core switch, router
and other infrastructure will be placed.
Second floor will be used as for Sales and Marketing departments with 60 hosts
each.
First floor will be used as the housing space for the reception office and the
basic customer handling requirements (10 wired hosts)
For the whole building a total of 100 wireless devices will be incorporated with
three different vlans (360 guest users, 40 operational users, 20 for higher
management functions)
7. 7
Chapter 2 – Network Design
Network Diagram of the Main Office premises of SmartBuildings Limited Company
Figure 1: Network Diagram for the Main office premises
8. 8
High Level Network Diagram for SmartBuildings Limited Company
Figure 2: High Level Network Diagram for SmartBuildings Limited Company
9. 9
Assumptions made on designing the Network
Actual VLAN architecture will be different such that each of the floors will devices which
belongs to different VLANs
The total building complex will be covered with wireless LAN and three different VLAN
schemes will be used
VPN over Internet can be used for establishing a secured communication link between
the main office and the remote office
Remote Workers can work remotely by using VPN over Internet.
For security purposes CCTV will be used in each of the floor.
Cloud based services and storage will be used frequently through the network for
different operations.
IP Telephones and IPTV will be used over the network connection and separate VLANs
will be used for those.
10. 10
Chapter 3 - Key Areas of Networking
In this network design in order to meet the given requirements in the specification, Cisco SAFE
Architecture or three-tier architecture was followed. This model consists of three layers namely,
core layer, distributed layer and access layer. Accordingly following key areas of the network
can be discussed.
Core Area
The center of the proposed network is consisting of the following components which are essential
is delivering the exact functionality from the network. They are
1. External connection to the network
2. Connection to the inner server area
3. Enterprise Intranet
4. DC network
5. Disaster Recovery Centre
Server Area
Server Area of the network will be used for the purpose of deployment of servers along with the
applications which run on these servers that are basically related to the operations of the
company. In this case it is proposed to dedicated server for functions such as DNS, DHCP, Web,
Mail and Proxy server. Other than that file servers, IPTV servers and other required storage
facilities will be directed here. An internal firewall will be used for security purposes.
Storage Area
High speed San and IPSAN are proposed for the network. For this purpose a dedicated high speed
access consolidated, block level architecture for the network is required. Then it will facilitate
interconnection of shared pools of storage devices to multiple server and different applications
that users are engaged with. Also at user level external storage facilities are also proposed.
11. 11
VLAN Description
Virtual Local area Networks or VLANs can be defined as groups of devices on one or more
LANs that are configured to communicate as if they were attached to the same wire. But these
VLANs are located on a number of different LAN segments inside a network. As VLANs are
based on logical connections instead of physical connections, it is extremely flexible to manage
VLANs. Also VLANs are capable of providing a layer of network security and cost reduction
option as they are helpful in logically separating hosts which are connected to the same switch,
so no need of additional switches for each LAN segment. Although in the network diagrams that
has been used in this document represent VLANs as physical LANs within the floors, it is not
so. Those VLANs are drawn in such manner only for easy recognition purpose. When further
explaining, in this network there different hosts which are in the same floor, adjacent to each
other may be not belonging to the same VLAN.
VLAN Number Name of the VLAN Description
VLAN 20 Engineering This VLAN will be used in grouping 50
wired hosts for Engineering department.
VLAN 30 Operations This VLAN will be used in grouping 50
wired hosts for Operations department.
VLAN 40 CEO_Office This VLAN will be used in grouping 12
wired hosts which belongs to CEO Office &
Meeting Rooms
VLAN 50 DMZ This VLAN will be used in grouping 20
wired hosts for severs and other
infrastructure.
VLAN 60 Sales This VLAN will be used in grouping 70
wired hosts for Sales department. (60 hosts
in the 2nd
floor and 10 hosts reception
office)
VLAN 70 Marketing This VLAN will be used in grouping 60
wired hosts for Marketing department.
VLAN 80 Wireless_guests This VLAN will be used in grouping 360
wireless hosts for guest users. Normally
12. 12
anyone in the building including customers
and staff members, will be allowed to use
this wireless connection for connecting to
the internet.
VLAN 90 Wireless_Operational This VLAN will be used in grouping 40
wireless hosts for Operations staff.
(IT/Systems/Networking)
VLAN 100 Wireless_Exclusive This VLAN will be used in grouping 20
wireless hosts for higher level management
including CEO.
VLAN 110 IP_Telephones This VLAN will be used in grouping, 30
host ids for IP telephone functions
VLAN 120 IP_TV This VLAN will be used in grouping 8 host
ids for IP TV functions
VLAN 130 CCTV This VLAN will be used for all the CCTV
related functions in the building (30 hosts)
VLAN 140 Remote This VLAN will be used in grouping hosts
for remote access functions(254 hosts for
VPN over Internet)
VLAN 95 Management This VLAN will be used in grouping hosts
for System Administration purposes (254
hosts)
VLAN 96 Disaster_Recovery This VLAN will be used in grouping hosts
for Disaster Recovery purposes (254 hosts)
13. 13
IP Addressing in the network design
In networks IP addresses are used for uniquely identifying the hosts or devices which are
connected to networks. . As a mechanism of increasing the number of hosts without much
lengthening the address, all IP addresses are divided into portions. One part pinpoints the network
(the network number) and the other part recognizes the specific machine or host within the
network (the host number). Subnet masks and prefixes identify the range of IP addresses that
make up a subnet, or group of IP addresses on the same network. For example, a subnet can be
used to detect all the machines in a building, department, geographic location, or on the same
local area network (LAN).Dividing an organization's network into subnets permits it to be
connected to the Internet with a single shared network address. Subnet masks and prefixes are
used when a host is attempting to communicate with another system. If the system is on the same
network or subnet, it attempts to find that address on the local link. If the system is on a different
network, the packet is sent to a gateway that then routes the packet to the correct IP address. This
routing is called Classless-Inter-Domain Routing (CIDR).
In this network as the mechanisms of transition between IPV4 & IPV6 which will be used
simultaneously, we will be using the techniques such as NAT44, LSN, NAT64 for address
translation and for tunneling following techniques will be utilized.
6to4 (RFC 3056)
6rd – IPv6 Rapid Deployment (RFC 5569)
Teredo – NAT traversal (RFC 4380)
MPLS - 6PE (RFC 4798) and 6VPE (RFC 4659)
IPv6 over IPv4 (RFC 2893) ,
IPv6 over GRE (RFC 2473)
IPv4-compatible addresses (RFC 2893) - IPv6 address is calculated from
IPv4 address (:: 192.168.100.1)
ISATAP (RFC 5214)
In networking tunneling is the process known as port forwarding which involves transmission of
data intended for use only within a private or corporate network through a pblic network.
Therefore the routing nodes in the public network are unaware of the fact that transmission is
part of the private network. This will be done by using the encapsulation technique and in this
network it will be very much useful.
15. 15
Chapter 4 - Network Protocols used in the Network Design
Routing Protocols
Dynamic Routing – OSPF v2 (Open Shortest Path First) protocol which is based on RFC
2328 standards is proposed to be used as the routing protocol to route inside network
traffic to outside of the network. This protocol can be considered as the key alternative to
EIGRP in most LAN routing deployments and unlike in EIGRP, OSPF is always an open
standard protocol for any modern enterprise network architecture. In OSPF the metric is
to calculate the cost to traverse router links to get to the destination, taking the bandwidth
of the links into account. It develops adjacencies with its neighbors when the link status
changes and sends updates to neighbors in every 30 minutes of time after link state
changes happen. As this protocol consists with some advantages when compared with
other types of protocols, like converging quickly compared to distance vector protocols,
not prone to routing loops, supporting VLSM or CIDR, small size of the routing packets,
matching for any kind of network ranging from small to very large it is the ideal type of
routing protocol for this network.
Default routing – This type of routing will be configured on the core router to route traffic
from inside of the network to ISP router for unknown traffic (to outside networks).
Inter VLAN Routing – Core router will be configured to route traffic between different
VLANs in the network. Traffic will reach the core router from the core switch which will
be connected via a trunk link. Here sub interfaces will be configured and all VLAN
networks will be shown as directly connected routes in the core router’s routing table
DNS (Domain Name System)
DNS will be configured in the DNS server, which will be placed in the server room in the 3rd
floor. All the hosts in this network are assumed to be connected to domain. So, each hosts
(workstations & other devices) have their unique domain name. So,users can use the specific
domain name to connect to each host remotely. But computers cannot understand the name. It
should be converted to numbers called IP address. So, DNS server maintain the map of domain
name of each host to its corresponding IP address. Thus with DNS, management will be more
easy and complexity of network can be reduced.
16. 16
DHCP (Dynamic Host Configuration Protocol)
DHCP service will be installed in the DHCP server which resides in the server room. IP address
pool for different VLAN will be created in DHCP server. So DHCP server dynamically assign
the IP address to the hosts in the network. Static IP address that will be used with in the VLAN
can be removed from the IP address pool (excluded address) in DHCP server. Main advantage
of using this protocol is reliability associated in IP address configuration to hosts. That is
configuration error caused by manual IP assignment can be reduced and tasks of network
administration are simplified.
STP (Spanning Tree Protocol)
The redundant link connection is provided between the switches in each floor to the core switch
located in the server room. Also redundant links will be added in between the 2 distribution
switch and the access switches and again there exists two links from the core switch to the
distribution switch. Purpose of having these extra links is that if one link goes down, there will
be no issue for the communication between the devices and less downtime in the network. But
when extra links are added between network switches, it will create a broadcast storm or loop.
In avoiding this issue, STP protocol can be used with the switches in the network. So, at a time
one active link will be present and another link will be in blocked mode. Once the active link
fails, the redundant link come into active mode from blocked mode.
NAT (Network Address Translation)
In this network design a class B IP address range is being used. But the hosts are not capable
communicating with private IP addresses over the internet as private IP addresses are not routable
in internet. Hence it is needed to convert them to public IP addresses to communicate over the
internet. So NAT takes an important part in this network design and PAT (Port Address
Translation) will be used in the core router to map one or two public IP addresses provided by
ISP to map the private IP address used inside the network. By using PAT, we can save the number
of public IP address used for the translation. Static NAT will be used for the communication of
web server over the Internet as the web server should be visible and accessible from the Internet.
By using NAT, public IPv4 address can be saved and internal IP plan of this network can be
hidden from the outside world.
17. 17
VLAN (Virtual Local Area Network)
In this network design 16 different VLANs are proposed. Each VLANs are for different user
levels and different user groups. For wireless access or WiFi connection also three different
VLANs are proposed to remove uncontrolled broadcast traffic reaching the network in and out.
VLANs also helpful in providing a layer of network security and cost reduction option by
logically separating hosts which are connected to the same switch (no need for additional
switches). Here each VLAN is assigned with different IP address subnet. VTP (VLAN Trunking
Protocol) is used here to manage VLANs and maintain consistency throughout the network. VTP
can manage the addition, renaming, deletion of VLANs from a centralized point without manual
intervention thus it reduces the overhead of network administration.
RADIUS (Remote Authentication Dial-In User Service)
RADIUS server is implemented in the server room in 3rd floor. It provides centralized
authentication, authorization and accounting (AAA) services for users who connect and use the
network service. It is mainly used to authenticate the users attached to wireless network in CEO
office & meeting room in the same floor. Reporting and tracking based on the client usernames
becomes easy with this deployment.
FTP (File Transfer Protocol)
FTP server will be also installed in the server room of 3rd floor. This is used for the file transfer
within the network. The files that needs to be shared, will have to be uploaded to the FTP server.
So, the clients can access the shared files using a specialized program called FTP client. The key
motive behind suggesting a FTP server for file transferring purposes within the network is that
efficient bulk transferring of data is possible with FTP server. It will be possible to send not only
multiple files but multiple directories at the same time.
SMTP (Simple Mail Transfer Protocol)
SMTP Mail server will be placed in the server room in the 3rd
floor. SMTP servers are more
reliable when sending mails to clients. They deliver mail to recipients quickly, they offer
reliability in sending email messages (SMTP server will always try to re-send the same email
until the transmission becomes successful), spam messages can be controlled in the central
location and mailbox capacity is limited to hardware capacity.
18. 18
Other Techniques used
ACL – Access control lists are used in firewall to filter traffic from outside, reaching the internal
network. This will provide security from intruders and will avoid suspicious traffic entering the
network.
VPN – Virtual private network is used for the communication between main site and the mobile
worker. VPN is using an encrypted tunnel for the data transfer over the existing Internet
infrastructure. Thus, provide secure and cheap communication for data transfer.
19. 19
Chapter 5 - Cost Analysis
Based on the above design criteria following cost analysis was done which will describe the total
cost involved in the project.
Item No of
Units
Unit Cost Total Cost URL (Click to view)
Workstations 250 Rs.99,500 Rs.3,980,000 Workstations
Monitors 250 Rs.27,500 Rs.6,875,000 Monitors
Other Peripherals(Keyboard,
Mouse)
250 Rs.2,000 Rs.50,000 -
Laptop Computers 40 Rs.295,000 Rs.11,800,000 Laptop Computers
Server 1 Rs.344,800 Rs.344,800 Server
Cabling - - Rs.250,000 Cabling
Core Router 1 Rs.1,190,460 Rs.1,190,460 Core Router
Cisco 8 Port Layer 3 Switch
(Core Switch)
1 Rs.163,700 Rs.163,700 Cisco 8 Port Layer 3
Switch
Cisco 12 Port Layer 2 Switch
(Distribution Switch)
2 Rs.136,900 Rs.273,800 Cisco 12 Port Layer 2
Switch
Cisco 24 Port Layer 2 Switch
(Access Switch)
1 Rs.217,300 Rs.217,300 Cisco 24 Port Layer 2
Switch
Cisco 48 Port Layer 2 Switch
(Access Switch)
7 Rs.300,000 Rs.2,100,000 Cisco 48 Port Layer 2
Switch
External Firewall (IPS
Enabled)
1 Rs.388,940 Rs.388,940 External Firewall
Internal Firewall 1 Rs.181,650 Rs.181,650 Internal Firewall
Wireless Access Points 4 Rs.104190 Rs.416760 Wireless Access Points
IP TV 5 Rs.180,000 Rs.900000 IP TV
IP Telephones 12 Rs.13500 Rs.162000 IP Telephones
Storage (NAS) 1 Rs.161,750 Rs.161,750 Storage (NAS)
Online UPS (Backup Power) 6 Rs.217,580 Rs.1305480 Online UPS
Total Rs.30,761,640
20. 20
Chapter 6 – Conclusion
This report will be providing the basic information related to the network design for
SmartBuildings Limited Company which is one of the suppliers of energy efficient sensor based
solutions for smart buildings in South Asia. In the document the proposed network architecture
with diagrams, tools & technologies, security mechanisms, network services, IP Addressing &
routing protocols, VLAN structure, Cost analysis for the network etc. have been described in
detail. So as the conclusion of the proposed document it is recommended to carry out the project
by referring to the information given in the proposed solution.
21. 21
References
(n.d.). Retrieved 02 16, 2020, from www.lapzone.lk: https://www.lapzone.lk/product-category/servers/
(n.d.). Retrieved 02 16, 2020, from www.router-switch.com: https://www.router-switch.com/
Babalola, L. A. (2012). BASIC DESIGN OF A LOCAL AREA NETWORK FOR SMALL BUSINESSES.
Bachelor's Thesis, CENTRAL OSTROBOTHNIA UNIVERSITY OF APPLIED SCIENCES.
Retrieved 02 14, 2020
Coleman, N. (2012). Network Soluions, Inc. - Statement of Work. Happy Haven Daycare Center.
Retrieved 02 14, 2020
Hernandez, Leonel , VIllanueva,Humberto , Estrada, Sandra. (2018). Proposal for the Design of a New
Technological Infrastructure for the Efficient Management of Network Services and
Applications in a High Complexity Clinic in Columbia. Advances in Intelligent Systems and
COmputing. doi:DOI: 10.1007/978-3-319-67621-0_7
Kugathasan, J. (2017). Network Design Report. Sri Lanka Institue Information of Technology.
Retrieved 02 12, 2020, from
https://www.researchgate.net/publication/322049839_Network_Design_Report?enrichId=rgreq-
b91cca1eb783451dc094d2a00cd35184-
XXX&enrichSource=Y292ZXJQYWdlOzMyMjA0OTgzOTtBUzo2MDg1MDkxMjEwMDM1
MjBAMTUyMjA5MTI4ODY4MA%3D%3D&el=1_x_2&_esc=publicationCoverPdf
Understanding and Configuring VLANs. (2018, 02 15). Retrieved 02 13, 2020, from www.cisco.com:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-
2/25ew/configuration/guide/conf/vlans.html