Task – Advanced Network Design Assessment

Introduction
Here Big Oil had bought the university building where, we don’t have any existence of IT
infrastructure setup. Also, all wiring and cabling was removed when the University moving their
infra setup to online education platform on cloud. Now, Big Oil is shifting to this new building
where we need to build and provide a designed proposal for new Network topology for infra
part. Here, we have 1000 office locally and supportive staff will locate in the building, so we
need to setup Internet based services with enabling some private VLANs and VoIP services will
be enabled. Also, wireless solutions also included. So, we have to provide all the possible
solutions as per the requirement and follow the “CCDA 200- 310 Official Certification Guide” for
design and implementation guidelines.

A. Identifying Customer Design Requirements

As, per the case study given, we have 1000 office and support staff, and one office will be
having 5 to 15 staff members. All members will be get access of Internet through LAN
connectivity and some staff will have restricted network access over the VLANs.
Apart from that, wireless network solutions also include with VoIP services. Coming to Data
Centre setup, their will be 5 physical rack servers with running 100 virtual machines including
wide range of application services with maximum down time per year they need to committed
is 99.99%.
So, here we need to provide good solution for best fault tolerant network infra design to Big Oil
company. Now, let move to CCDA 200-301 official guidelines, there are 5 steps to implement
these solutions where some information already we discuss in the case study but some more
assumption and solutions we will provide in the below sections.
Figure: Identify the Customer Requirement Model
So, in the above figure we have 5 steps to follow and provide network design solutions for new
office setup to Big Oil company.
So, in below section we discuss it in details:
1. Identify network applications and services
Here, we need to implement Network connection which compromise with wired and wireless
connection as combined as stats in case study. So, here we will implement some application-
based services to management of network infrastructure.

 Servers implementation with high end CPU performance

 Implement SNMP protocol for monitor performance of network devices and link
utilization
 Here, we can implement CDP and LLDP to interconnect network devices in the provided
environment
 We can implement NBAR – Network-Based Application Recognition as an Intelligent
engine
 Use some monitoring application and real time monitoring tools
 For VoIP, wireless we can use AirMagnet Analyzer Pro or OptEngine pro software’s
 LanGuard software for network security level solutions.
 2. Defining Organization Goals
Here, we already get idea from case study for what kind of network performance-based
solutions needed for new site location migration. Need to be fully fault tolerance network
infrastructure needed.

 Need 99.99% downtime commitment

 Need VoIP and wireless services in the building
 Need good power and cooling system for physical servers
 Some private Network for limited staff access over the full network topology we designs
 Here, we also implement some security solutions
 Provide security level standard monitoring system with real-time protection solutions.
 Some characteristics should have in the core layer of network topology we will provide:
o Fast transport and high reliable network reach
o Redundant and fault tolerance
o Low latency, QoS and good management with Disaster recovery solutions
present
 Working on costing management and improve customer support

3. Defining Organization Constraints

Here, we need to include budget, policy and schedule part of the organization needed to
implement and setup the network topology. As, company have their own timeframe in which
we need to provide all the implementation and deliverables for new infrastructure designs.

4. Defining Technical Goals

Here, we would look up on the organization’s supportive application goals. Some are below as
stated:

 Need to improve the network’s response time and latency

 Need to work on downtime and network failure to improve customer services
 We need to implement a simplify network management
 Enhanced network security and provide reliable mission-critical applications control
 Improve the present network topology with new techniques and methods

5. Defining Technical Constraints

Here, we need to work on the parameters and limit the present solution. So, that we working
new technology with already existence solutions.
  Need to check the new bandwidth requirement with current supported new application
 Check the network must support the legacy equipment’s
 Present software and applications should support new upgrades and updates
 Modernize the outdated technologies and improve the network scalability.

As per the 5 steps we follow with CCDA guidelines, here some assumption we will take for
security and wireless network design setup. As, in the case study it is not stat about the security
parameters and standard policies we need to work out. So, here some below process we will
work on security parameters.

 Implementing the VPN solutions over the building and provide site-to-site VPN solutions
with company branches
 Working on LDAP solutions if the full working on Linux server platform or we can go with
Active Directory solutions over Windows Server environment platform.
 Centralized Security operation system will be implemented and provide DMZ solutions
for server security
 Admin room will be allocated at safe site in the building and only authorized persons
only allowed
 Need to implement physical level security and check-ups while entering into building
 Camera security solutions is also good approach to provide 24*7 hrs continuous
monitoring solutions.

 Approach to Network Design

Here we following the CCDA 200-310 official guidelines to implement network design process.
Here we following Top-Down Approach and referring OSI model to implement network design
process.
Figure: Top-down Design process model for Big Oil company

Above deign model process provide a deep big picture requirement of the current organization
case study we got. Here we check the current requirement and future needs for new
implementation on design model. Yes, we confirm its time taking process but once it done we
don’t need to go back in future for any issue arises as we already have some alternative
solutions.

B. Physical Network Design

In the above section as we discuss we would follow the Top-down network design process to
provide the physical network design solutions, as company requirement needed by the Big Oil
company.
Figure: Propose Design Sample as per case study requirement – Ground Floor Plan

Figure: Network devices setup on Ground Floor Plan platform

1. Location part
a. Server Room will be setup under the building at Basement ground, as their
temperature we can maintain and security will be more in the building aspect
 b. IT Support staff room, here we can setup at three side ground floor, mid floor
and upper most floor in the building. As, the building we assuming atleast 15
floors, so we need to provide all resources to staff members as easy convinces
2. Wiring planning and setup
a. Here wiring will be done under the side floor and upper side of rooms. As, it’s
the easies way to manage and destruction of wired will be less.
b. Also, we need to setup fire detection and water detection sensor to protect from
short circuit and fire.
3. Number of access points
a. Here we assuming, as we don’t have proper information given in case study. So,
if we take 15 floor building then we can go with 30 Access points, 2 access point
each floor to provide best connectivity of network access
b. Position will be opposite with covering all the possible range in that floor
4. Rack numbers and its specification
a. As in case study given, we have to setup 5 physical server, and each server have
2 rack each.
b. As they handling 100 virtual machines, so we required high End CPU
configuration with later SSD storage and graphic services for running High end
applications and software for the company.
5. Cabling setup
a. As Internet speed is not that much required, as its stat they can have home-
based ISP internet access speed.
b. Here, we can good to go with 100 Mbps Fast Ethernet design rules for cabling
c. 100Base-TX fast ethernet cable we will use.
i. As its transmission will goes over CAT-5 or CAT-6 UTP wire
ii. RJ-45 connector will be used as both end port connection
iii. Punch down blocks in the wiring close will be CAT5 certified
iv. 4B5B coding
6. Location and Number of Patch Panels and wall sockets
a. Here we can provide exact information that how many numbers of requirement.
b. So, here as we assuming with 15 floors, so on each floor if we take 5 rooms that
means, at each room we required 2 wall sockets and patch panel at each office
chair.
c. So, calculation will be around assumption:
i. 15*5*2 = 150 sockets
d. Also, on each floor we need to setup Switch device setup on each floor, so that
cabling and power supply will be provided.
7. Considerations for Expansion
a. Off-course we need to provide solution with better expansion network topology
will be provide to Big Oil company.
b. In term of Network devices, wiring and cabling system and Security systems.
Table for devices and costing part for the requirements.

Sr. No. Product Name Number of Vendor Costing

equipment estimation
required
1. Access Point – 15*2=30 Cisco Embedded 63,164.4$ USD
wireless routers Access points Wireless
Controller on
C9130AX Access
Point
2. Rack server 5 physical Cisco – LZCSA- 81187.92$ USD *
servers VM250 5 = 4,05,939.6$
USD
3. Cabling CAB-ETHERNET- Cisco Ethernet 65$ USD per 5-
5MSH 2KM Cable Shielded 5M meter length
meter length
just assumption
4. Wall sockets 150 sockets Legrand vendor 10$ per room

Note: Prices we have taken from this site https://itprice.com/ as on assumption based.

C. Enterprise Campus and Internet Access Design

1. Location for switches and routers will be setup on server rooms to provide server
connection. Later on, each floor we can setup 2nd layer switch so that we can manage IP
address management and VLANs setup.
a. Firewall will be setup on DMZ zones.
b. Access point will be on each floor.
c. Routers will setup to connect with ISP internet access and then Wireless Router
setup needed
Figure: LAN Device comparison
2. Power Consumption per rack
The above calculation is done from Rack consumption calculator. Here, we need atleast 2.40
kW consumption.
3. Routing and Switch protocols, we will enable for better fault tolerance process
a. Limit VLANs to a solitary storeroom when conceivable to give the most
b. deterministic and profoundly accessible geography.
c. Use RPVST+ assuming that STP is required. It gives the best convergence.
d. Set trunks to ON and ON with no-arrange.
e. Physically prune unused VLANs to keep away from broadcast engendering.
f. Use VTP Transparent mode, on the grounds that there is little requirement for a
typical
g. VLAN information base in various levelled networks.
h. Incapacitate trunking on have ports, since it isn't required. Doing as such
i. gives greater security and velocities up PortFast.
j. Consider carrying out steering in the entrance layer to give quick
k. Intermingling and Layer 3 burden adjusting.
l. Use Cisco STP Toolkit, which gives PortFast, Loop Guard, Root
m. Gatekeeper, and BPDU Guard

4. Logical and Physical Network Design topologies

 a. Logical one room design connectivity

Figure: logical view of network topology

b. Physical network topology design
5. Network Security Design
Figure: Security Design view

Table for Items and Costing on devices:

Sr. No, Product Name Vendor Costing

1. Routers Cisco ISR4331 and 5999$ USD
WRT300N routers
2. Switches 3560-24PS multilayer 10000$ USD
switch and 2960-
24TT 2n layer switch
by Cisco
3. Internet Connectivity Wired cabling – 2000$ USD per 5 KM
ethernet cabling and lenght
wired
 D. Management and Monitoring Implementation and Deployment Planning

 Network Security and Management

Here are some key security objectives to contemplate when incorporating security into the
organization:
■ High accessibility and flexibility of the framework
■ Forestalling unapproved access, interruptions, network misuse, information holes, burglary,
and extortion
■ Ensuring the end clients and framework
■ Guaranteeing information classification and uprightness
Network security likewise should be straightforward to the end clients and ought to likewise be
planned
to forestall assaults by
■ Hindering outside aggressors from getting to the organization
■ Allowing admittance to just approved clients
■ Keeping assaults from obtaining inside
■ Supporting various degrees of client access
■ Protecting information from altering or abuse
Security Legislation for Standard and Policy need to follow:

 Suggestion for Security Design

Figure: Confidentiality and Integrity should be followed

 Continuous Security Implementation
Follow the below steps:
Stage 1. Secure: Identification, confirmation, ACLs, stateful parcel review (SPI),
encryption, and VPNs
Stage 2. Screen: Intrusion and content-based discovery and reaction
Stage 3. Test: Assessments, weakness examining, and security reviewing
Stage 4. Improve: Data investigation, revealing, and insightful organization security

Figure: Continuous Security Integration for Network topology design

 Some Infrastructure Security practices:

Here are some suggested prescribed procedures for framework insurance:
■ Utilize an out-of-band (OOB) the executives organization to isolate the board related traffic
from creation network traffic.
■ Access network gear from a distance with SSH rather than with Telnet.
■ In network exchanging foundation, use BPDU Guard, Root Guard, and VLAN Trunking
Convention (VTP) with mode Transparent.
■ In network exchanging foundation, use ARP examination and DHCP sneaking around.
■ In network exchanging foundation, use Control Plane Policing (CoPP).
■ Use AAA for validating managerial access, approving privileges, and logging all
client meetings. Various AAA servers can likewise be utilized to build adaptation to non-critical
failure of AAA
administrations.
■ Empower syslog assortment; audit the logs for additional examination.
■ Utilize Simple Network Management Protocol Version 3 (SNMPv3) for its security and privacy
highlights.
■ Debilitate unused organization administrations, for example, tcp-little servers and udp-little
servers.
■ Use SFTP rather than TFTP to oversee pictures.
■ Use access classes to confine admittance to the board and the order line interface
(CLI).
■ Empower directing convention verification when accessible, like Enhanced Interior
Passage Routing Protocol (EIGRP), Open Shortest Path First (OSPF) convention,
Halfway System-to-Intermediate System (IS-IS), and Border Gateway Protocol (BGP).
■ Utilize unused VLANs for the local VLAN on trunk ports. Try not to utilize VLAN1.