0% found this document useful (0 votes)
63 views142 pages

Wide Area Nework: Niraj Yadav

This document discusses wide area networks (WANs). It covers various WAN technologies including dial-up, ADSL, broadband, frame relay, ISDN, MPLS, routing protocols, and more. It also discusses quality of service management in WANs including DSCP, IP precedence, queues, congestion management, and how QoS is needed for VOIP and media streaming. Additional sections cover WAN security topics such as authentication protocols, firewalls, and access controls. The document concludes with a case study of designing and implementing a WAN for a company with multiple branch offices.

Uploaded by

Manish Mahaseth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
63 views142 pages

Wide Area Nework: Niraj Yadav

This document discusses wide area networks (WANs). It covers various WAN technologies including dial-up, ADSL, broadband, frame relay, ISDN, MPLS, routing protocols, and more. It also discusses quality of service management in WANs including DSCP, IP precedence, queues, congestion management, and how QoS is needed for VOIP and media streaming. Additional sections cover WAN security topics such as authentication protocols, firewalls, and access controls. The document concludes with a case study of designing and implementing a WAN for a company with multiple branch offices.

Uploaded by

Manish Mahaseth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 142

WIDE AREA NEWORK

Niraj Yadav
ISMT COLLEGE THIRD SEMESTER | TINKUNE, GAIRIGAU
P a g e 0 | 141
WIDE AREA NEWORK

Contents

Task 1 ....................................................................................................................................... 10

1.1 Introduction: ........................................................................................................................ 10

1.2 Wan Technology Device: .................................................................................................... 11

1.3 Wan Technologies connection option: ................................................................................. 14

1.4 WAN Technologies ............................................................................................................. 15

1. Dial Up: ............................................................................................................................ 15

2. ADSL (Asymmetric Digital Subscriber Line) ................................................................ 16

3. Broadband: ...................................................................................................................... 18

4. Frame relay: .................................................................................................................... 19

5. ISDN (Integrated Services Digital Network): ................................................................. 20

6. MPLS (Multiprotocol Layer Switching): ....................................................................... 21

7. Interior Routing Protocols: ............................................................................................. 22

8. Exterior Routing Protocol ............................................................................................... 23

9. Static Routing .................................................................................................................. 24


P a g e 1 | 141
WIDE AREA NEWORK

1.5 Recommendation: ............................................................................................................... 25

1.6 Conclusion: ......................................................................................................................... 26

Task 2 ....................................................................................................................................... 26

2.1 Introductiom........................................................................................................................ 27

2.2 Quality of Service Management .................................................................................... 27

2.2.1 DSCP (Differentiated Service Code Point) ............................................................ 30

2.2.2 IP Precedence: ........................................................................................................ 32

2.2.3 Queues ..................................................................................................................... 34

2.2.4 Base rules: ............................................................................................................... 34

2.2.5 Congestion management: ....................................................................................... 36

2.3 Quality of service need: ................................................................................................. 38

2.3.1 Voice over internet protocol: .................................................................................. 38

2.3.2 Media streaming (video and audio streaming): ..................................................... 39

2.4 Conclusion: ......................................................................................................................... 41

Task 3 ....................................................................................................................................... 41
P a g e 2 | 141
WIDE AREA NEWORK

3.1 Introduction ......................................................................................................................... 42

3.2 MD5 (Message Digest algorithm 5):.............................................................................. 42

3.3 CHAP (Challenge Handshake Authentication Protocol) ............................................. 43

3.4 PAP (Password Authentication Protocol) ..................................................................... 44

3.5 Broadcast Reduction ..................................................................................................... 44

3.6 Firewalls ......................................................................................................................... 45

3.6.1 Software firewalls: .................................................................................................. 46

3.6.2 Hardware firewalls: ................................................................................................ 46

3.7 Access Controls .............................................................................................................. 47

3.8 Conclusion .......................................................................................................................... 48

Task 4 ....................................................................................................................................... 48

4.1 Introduction ......................................................................................................................... 49

4.2 Trust of intermediary system: .............................................................................................. 49

4.3 Trust of remote systems:...................................................................................................... 50

4.4 Trust of networks on WAN: ................................................................................................ 50


P a g e 3 | 141
WIDE AREA NEWORK

4.4.1 Point-to-point authentication on routing: .................................................................. 51

4.4.2 VPN Trust: .................................................................................................................. 51

4.4.3 Certificate trust: ......................................................................................................... 51

4.4.4 Active Directory Domain and Trust: ......................................................................... 51

Task 5 ....................................................................................................................................... 52

5.1 Introduction : ....................................................................................................................... 53

5.2 Head Office Kathmandu ...................................................................................................... 53

5.3 Bhaktpur Branch ................................................................................................................. 55

5.4 Kavre Branch ...................................................................................................................... 56

5.5 Banepa Branch .................................................................................................................... 57

5.6 Dhulikhel Branch: ............................................................................................................... 58

5.6 IP Addressing In Head Office .............................................................................................. 58

Domain controller ................................................................................................................. 58

DNS server............................................................................................................................ 59

DHCP ................................................................................................................................... 59
P a g e 4 | 141
WIDE AREA NEWORK

WEB & FTP server ............................................................................................................... 59

Database................................................................................................................................ 59

Application ........................................................................................................................... 60

Email .................................................................................................................................... 60

Departments in Solution network main office ........................................................................ 60

IP address for departments of Solution network ..................................................................... 61

Different subnets and ip address range assigned in different department ................................ 61

1. Sales and marketing .................................................................................................... 61

2. Account ........................................................................................................................ 61

3. Human Resource Management ................................................................................... 62

4. Customer support ........................................................................................................ 62

5.8.2 Product Specifications ...................................................................................................... 63

5.8 Drawback of Frame Relay ................................................................................................... 78

5.9 Basic Connectivity .............................................................................................................. 80

Task 6 ....................................................................................................................................... 80
P a g e 5 | 141
WIDE AREA NEWORK

6.1 WAN Configuration Solution Network................................................................................ 81

6.1.1Router Configuration of Head Office at Kathmandu ................................................ 81

6.1.2 Router Configuration of Bhaktpur................................................................................. 85

6.1.3 Router Configuration of Kavre .................................................................................. 89

6.1.4 Router Configuration of Banepa ................................................................................ 90

6.1.5 Router Configuration in Dhulikhel ............................................................................ 92

6.1.6 IP Addressing in Router Fast Ethernet Port ......................................................... 94

6.1.7 IP Addressing in Router Serial Port Connected to Public IP ............................... 94

6.1.8 IP Addressing in Router Serial Port Not Connected to Public IP ........................ 95

6.1.9 Setting Static IP to Client and Server Computer ...................................................... 95

6.1.10 Configuring Wi-Fi Hotspot ...................................................................................... 96

6.1.10. Test Lab of Solution Network ............................................................................... 100

Task 7 ..................................................................................................................................... 100

7.2 Above Testing can be shown in Tabular format as given below ......................................... 110

7.3 Test Lab of Solution Network............................................................................................ 111


P a g e 6 | 141
WIDE AREA NEWORK

7.4 Test Result ........................................................................................................................ 113

Task 8 ..................................................................................................................................... 113

8.1 Introduction: ...................................................................................................................... 114

8.2 We monitor to provide: ............................................................................................... 115

8.3 Reason for making monitoring so crucial: ................................................................. 115

8.4. Monitoring network performance using Spiceworks:............................................... 116

8.5 Packet loss monitoring: ............................................................................................... 117

8.6 Monitoring Antivirus: ........................................................................................................ 118

8.7 Monitoring network application and their setting: .............................................................. 119

8.8 Enterprise network map: .................................................................................................... 120

8.9 VM monitoring: ............................................................................................................... 121

8.10 Wireless monitoring: ....................................................................................................... 122

8.11 NMP by top 10: ............................................................................................................... 123

8.12 Network Monitoring using Veeam: .................................................................................. 124

8.12.1 Traffic monitoring: ................................................................................................. 124


P a g e 7 | 141
WIDE AREA NEWORK

8.12.2 Bandwidth monitoring: .......................................................................................... 124

8.12.3 Monitoring threat and warning: ............................................................................ 125

8.12.4 Monitoring for VMware Infrastructure ................................................................ 126

8.12.5 Monitoring free edition: ......................................................................................... 127

8.12.6 Monitoring the networking: ................................................................................... 128

8.12.7 Monitoring the server: ............................................................................................ 129

8.12.8 Monitoring the performance management: ........................................................... 129

8.12.9 Monitoring the devices of the system: ....................................................................... 130

8.12.10 Monitoring the configuration-electro intro websites. .......................................... 131

8.13 Monitoring Network using Cisco Configuration Assistant Tool ....................................... 132

8.13.1 Cisco provides the automatic configuration assistant: .......................................... 132

8.13.2 Cisco monitoring the router management: ............................................................ 133

8.13.3 Cross-Launching Cisco SDM ................................................................................. 134

8.13.4 Power usage by IP Phones and Wireless Access Points ......................................... 134

8.14 Benefits of above monitoring tools: ................................................................................. 135


P a g e 8 | 141
WIDE AREA NEWORK

15. Conclusion: ....................................................................................................................... 136

Task 9 ..................................................................................................................................... 137

9.1 Introduction ....................................................................................................................... 137

9.2 Evaluating WAN Performance .......................................................................................... 137

9.2.1 User Access ................................................................................................................ 137

9.2.2 Traffic Analysis .......................................................................................................... 138

9.2.3 Bandwidth Monitoring ................................................................................................ 139

9.2.4 Checking Configuration .............................................................................................. 140

P a g e 9 | 141
WIDE AREA NEWORK

Task 1

Critically evaluate different WAN technologies. [1.1, M1]

Consider: Dial Up, ADSL (Asymmetric Digital Subscriber Line) and all derivatives, Broadband,
Frame relay, ISDN (Integrated Services Digital Network), MPLS (Multiprotocol Layer
Switching), Interior Routing Protocols, Exterior Routing, and Static Routing.

In order to achieve M1, you must make sure that an effective judgment have been made against
the presentation of your idea. Your ideas need to be justified with necessary evidences and
appropriate reasons and examples.

1.1 Introduction:

A wide area network (WAN) is a geographically distributed private


telecommunications network that interconnects multiple local area networks (LANs). In an
enterprise, a WAN may consist of connections to a company's headquarters, branch
offices, colocation facilities, cloud services and other facilities. Typically, a router or other
multifunction device is used to connect a LAN to a WAN. Enterprise WANs allow users to share
access to applications, services and other centrally located resources. This eliminates the need to
install the same application server, firewall or other resource in multiple locations, for example. A
virtual private network (VPN) facilitates connectivity between WAN sites. An IPsec VPN is more
commonly used in continuously open site-to-site connections, such as those between branch
offices and headquarters locations. An SSL VPN is often the preferred choice for enabling remote
access for individual users because the data transmitted from users across the WAN is encrypted.
Direct fiber optic links are also used to connect sites on a WAN – and they almost always offer
greater performance, reliability and security than VPNs, but they are cost-prohibitive for most
enterprises to procure and operate.

P a g e 10 | 141
WIDE AREA NEWORK

1.2 Wan Technology Device:

An connections can include wired and wireless technologies. Wired WAN services can
include multiprotocol label switching, T1s, Carrier Ethernet and commercial broadband internet
links. Wireless WAN technologies can include cellular data networks like 4G LTE, as well as
public Wi-Fi or satellite networks.

WANs over wired network connections remain the preferred medium for most enterprises, but
wireless WAN technologies, based on the 4G LTE standard, are gaining traction.

WAN infrastructure may be privately owned or leased as a service from a third-party service
provider, such as a telecommunications carrier, internet service provider, private IP network
operator or cable company. The service itself may operate over a dedicated, private connection --
often backed by a service-level agreement -- or over a shared, public medium like the
internet. Hybrid WANs employ a combination of private and public network services.

P a g e 11 | 141
WIDE AREA NEWORK

Software-defined WAN (SD-WAN) is designed to make hybrid WAN architectures easier for
enterprises to deploy, operate and manage. Using a combination of virtualization, application-
level policies and network overlays, on-site SD-WAN devices, software platforms or customer
premises equipment (CPE) perform two functions:

1. They aggregate multiple public and private WAN links.

2. They automatically select the most optimal path for traffic, based on real-time conditions.

The latter function has historically required network managers to manually reconfigure their
networks any time they wanted to shape the direction of traffic over multiple routes.

P a g e 12 | 141
WIDE AREA NEWORK

There are specially designed network devices that are used to interconnect LANs. Configuring,
installing and maintenance of this devices requires expert skills by skilled technicians for the
management of the organization's network. These devices are specific to WAN environment, and
they are:

 Modems:

Modems enables digital data to be sent over an analogue medium during transmission and
receiving of information. A voice band modem converts the digital signals produced by a
computer – the 1s and 0s- into voice frequencies that can be transmitted over the analogue lines
of the telephone network. On the other side of the connection, another modem converts the
sounds back into a digital signal for input to a computer or network connection

 CSU/DSU:

Channel Service Unit / Data Service Unit CSU/DSU are combined piece of equipment used
for monitoring clocking and frame synchronization on a line. It also performs error detection
at the physical layer, It could be called a Modem sort .

 Access server:

Concentrates dial-in and dial-out user communications. An access server may have a mixture
of analogue and digital interfaces and support hundreds of simultaneous users.

 WAN Switch:

P a g e 13 | 141
WIDE AREA NEWORK

A multi-port internetworking device used in carrier networks. These devices typically switch
traffic such as ATM, and operate at the Data Link layer of the OSI reference model. Public
switched telephone network switches may also be used within the cloud for circuit-switched
connections like Integrated Services Digital Network (ISDN) or analogue dialup.

 Router

A Router Provides internetworking between the LANs, and WAN access interface ports that
are used to connect to the service provider network. These interfaces may be serial connections
or other WAN interfaces. With some types of WAN interfaces, an external device such as a
DSU/CSU or modem (Analogue, Cable, or DSL) is required to connect the router to the local
point of presence (POP) of the service provider.

 Core Router

A router that resides within the middle or backbone of the WAN rather than at its periphery.
To fulfil this role, a router must be able to support multiple telecommunications interfaces of
the highest speed in use in the WAN core, and it must have the ability to forward IP packets at
full speed on all of those interfaces. The router must also support the routing protocols being
used in the core (Orbit-computer-solutions.com, 2015).

1.3 Wan Technologies connection option:

 Leased Lines:

This Lines are typically referred to as a point-to-point connection or dedicated connection. It


is a pre-established WAN communications path from the CPE, through the DCE switch, to the
CPE of the remote site, allowing DTE networks to communicate at any time with no setup
procedures before transmitting date. It uses synchronous serial lines up to 45Mbps.

P a g e 14 | 141
WIDE AREA NEWORK

 Circuit Switching:
It sets up like a phone call. No data can transfer before the end-to-end connection is
established. It uses dial-up modems and ISDN. It is used for low-bandwidth data transfers.
 Packet Switching:
Packet WAN switching method allows you to share bandwidth with other companies to save
money. As long as you are not constantly transmitting data and are instead using burst data
transfers, packet switching can save you a lot of money. However, if you have a constant data
transfers, you will need to use a leased line. Frame Relay and X.25 are packet switching
technologies. Speeds can vary from 56Kbps to 2.048Mbps. (Tripod, n.d)

1.4 WAN Technologies

1. Dial Up:

It is a networking technology generally implemented to the PC and other networking devices.


It uses the standard telephone line to access the LAN or WAN to the devices for the users. For
the connection the modem is linked to the telephone. The user chooses the username and the
password. Since the modem dials the phone number given by the Internet service provider
(ISP), the connection is made that allows user to exchange the information between the modem
and remote server. Username and password chosen for the modem allows user to access the
dial-up gateway to the internet.

Dialup services offer cost-effective methods for connectivity across WANs. Two popular
dialup implementations are dial-on-demand routing (DDR) and dial Backup.

DDR is a technique whereby a router can dynamically initiate and close a circuit switched
session as transmitting end station demand. A router is configured to consider certain traffic
interesting (such as traffic from a particular protocol) and other traffic uninteresting. DDR can
be used to replace point-to point links and switched multi-access WAN services.

P a g e 15 | 141
WIDE AREA NEWORK

Dial backup is a service that activates a backup serial line under certain conditions. The
secondary serial line can act as a backup link that is used when the primary link fails or as a
source of additional bandwidth when the load on the primary link reaches a certain threshold.

Advantages of Dial up connection:

 It offers cheapest method for connectivity over WAN.


 It requires no infrastructure other than the telephone line.
 Because of the rotation of the IP address, assigned to the user, it is safer than the other
technologies.
 User can connect to the internet even in rural and remote area

Disadvantages of Dial up connection:

 It is impossible without the telephone line.


 It requires the time for the telephone connection depending on the location.
 Networking is relatively slow and poor due to traditional modem technology. V.90 dial-up
modem supports less than 56 Kbps bandwidth

2. ADSL (Asymmetric Digital Subscriber Line)

Stands for "Asymmetric Digital Subscriber Line." ADSL is a type of DSL, which is a method
of transferring data over copper telephone lines. While symmetrical DSL
(SDSL) uploads and downloads data at the same speed, ADSL has different maximum data
transfer rates for uploading and downloading data.For example, an ADSL connection may
allow download rates of 1.5Mbps, while upload speeds may only reach 256Kbps. Since most
users download much more data than they upload, this difference usually does not make a
noticeable impact on Internet access speeds. However, for Web servers or other computers that
send a lot of data upstream, ADSL would be an inefficient choice (Techterms.com, 2015).

P a g e 16 | 141
WIDE AREA NEWORK

Fig ADSL connections

Advantages of ADSL

• High-speed access which enables easy net surfing and fast streaming contents access

• Unlimited Internet access under a flat-rate price. The price in Nepal is NRS 1000 per month
for unlimited access.

• Real-time information access through always-on connection

Disadvantages of ADSL

• ADSL connection works better the closer we are to the telephone exchange in the location.

• The connection is faster to download (receive data) but is slower to send information.

• This service is not available in all locations.

P a g e 17 | 141
WIDE AREA NEWORK

3. Broadband:

A high-speed, high-capacity transmission medium that can carry signals from multiple
independent network carriers is Broadband. This is done on a single coaxial or fiber-optic cable
by establishing different bandwidth channels. Broadband technology can support a wide range
of frequencies. It is used to transmit data, voice and video over long distances simultaneously.
The term commonly refers to Internet access via a variety of high-speed networks, including
cable, DSL, Fi-OS, Wi-Fi, Wi-MAX, 3G, 4G and satellite, all of which are considerably faster
than analog dial-up in some cases by a huge magnitude. The term has always referred to a
higher speed connection, but the speed threshold varies with the times. Widely employed in
companies, the 1.5 Mbps T1 line was often considered the starting point for broadband speeds,
while the FCC had defined broadband as a minimum upload speed of 200 Kbps.

Fig: Broadband connections

Advantages of Broadband

 It has incredible speed. It is 100 times faster than dial-up connection.

P a g e 18 | 141
WIDE AREA NEWORK

 It is independent of weather.
 It provides the better service delivery.
 It is quite easy to use.
 It is always connected to the internet.

Disadvantages of Broadband:

 It opens the door to the viruses and spywares.


 It is costlier than the dial-up.
 It needs the network interface card (NIC).
 Due to flexibility and availability, it can be easily hacked.

4. Frame relay:

Frame relay is a telecommunication service designed for cost-efficient data transmission for
intermittent traffic between local area networks (LANs) and between end-points in a wide area
network (WAN). Frame relay puts data in a variable-size unit called a frame and leaves any
necessary error correction (retransmission of data) up to the end-points, which speeds up
overall data transmission. Frame relay is based on the older X.25 packet-switching technology
which was designed for transmitting analog data such as voice conversations. Unlike X.25
which was designed for analog signals, frame relay is a fast packet technology, which means
that the protocol does not attempt to correct errors.

P a g e 19 | 141
WIDE AREA NEWORK

Fig: Frame Relay

Advantages of Frame Relay

 It provides the similar performance as that of leased line.


 It cost less than the leased line.

Disadvantages of Frame Relay

 Due to congestion network, the performance may slow down.


 There is no guarantee in the quality of service.

5. ISDN (Integrated Services Digital Network):

ISDN is a data transfer technology, created in 1984, that can transfer data significantly faster than
a dial-up modem. ISDN enables wide-bandwidth digital transmission over the public telephone
network, which means more data can be sent at one time. A typical ISDN connection can support
transfer rates of 64K or 128K of data per second. it is a digital telecommunication system that
converts the analogue signals into digital signals for computer to understand and process the
information (SearchEnterpriseWAN, 2015).
P a g e 20 | 141
WIDE AREA NEWORK

Fig: ISDN Access

Advantages of ISDN

 It takes about 2 second to connect for user to be used.


 It provides multiple services like fax, telephone, video, conferencing etc.
It provide the faster performance.

Disadvantages of ISDN

 The cost is higher than the regular landline telephone system.


 It is slower than the DSL.

6. MPLS (Multiprotocol Layer Switching):

Multiprotocol label switching (MPLS) is a mechanism used within computer network


infrastructures to speed up the time it takes a data packet to flow from one node to another. It
enables computer networks to be faster and easier to manage by using short path labels instead of
long network addresses for routing network packets.

P a g e 21 | 141
WIDE AREA NEWORK

MPLS primarily implements and uses labels for making routing decisions. The label-based
switching mechanism enables the network packets to flow on any protocol. MPLS operates by
assigning a unique label or identifier to each network packet. The label consists of the routing table
information, such as the destination IP address, bandwidth and other factors as well as source IP
and socket information. The router can refer only to the label to make the routing decision rather
than looking into the packet. MPLS supports IP, Asynchronous Transfer Mode (ATM), frame
relay, Synchronous Opital Networking (SONET) and Ethernet-based networks. MPLS is designed
to be used on both packet-switched networks and circuit-switched networks.

Advantages of MPLS

 MPLS is more secure than other technologies.


 It is more reliable and less falsification.
 Cost is less in comparison to others.

Disadvantages of MPLS

 There may be occurrence of miscommunication of networks.


 Problems may arise in hardware.
 Security concerns should be implemented in addition

7. Interior Routing Protocols:

An interior protocol is a routing protocol used inside an independent network system. In


TCP/IP terminology, these independent network systems are called autonomous systems.
Within an autonomous system (AS), routing information is exchanged using an interior
protocol chosen by the autonomous system's administration.

P a g e 22 | 141
WIDE AREA NEWORK

It is also known as the Interior Gateway Protocol (IGP). It was developed by the Cisco which
is also known as the proprietary distance vector routing protocol. It is deployed within a
routing domain controlled by the single administrative entity. It is used to communicate the
routing information within a host network. It manages a routing table with the most optimal
path to respective nodes and to networks within the parent network.

Advantages of Interior Routing Protocols:

 It is an autonomous designed system.

 It manages the routing table and information.

 It increases the scalability and supports multiple paths.

Disadvantages of Interior Routing Protocols:

 It cannot support VLSMs.

8. Exterior Routing Protocol

To get from place to place outside our network(s), i.e. on the Internet, we must use an Exterior
Gateway Protocol. Exterior Gateway Protocols handle routing outside an Autonomous
System and get us from our network, through our Internet provider's network and onto any
other network. BGP is used by companies with more than one Internet provider to allow them
to have redundancy and load balancing of their data transported to and from the Internet.

Advantages of Exterior Routing Protocol:

 It is based on arbitrary policies.

P a g e 23 | 141
WIDE AREA NEWORK

 It provides the features like neighbor acquisition.

 Peers periodically exchange the routing tables.

Disadvantage of Exterior Routing protocol:

 It is not good for network having single connection.

 Routing policies is of no concern to the network.

 Low bandwidth between the Asses.

9. Static Routing

In static routing an administrator specifies all the routes to reach the destination. Static routing
occurs when you manually add routes in each router’s routing table. By default, Static routes
have an Administrative Distance. In this static routing technique, once the routes are
configured, it cannot be changed. Thus it is a static route.

Advantages of Static Routing:

 Minimal CPU/Memory overhead.

 Updates are not shared between routers.

 Granular control on how traffic is routed

 They are simple and easy to configure.

P a g e 24 | 141
WIDE AREA NEWORK

Disadvantage of static Routing:

 Impractical on large network.

 Infrastructure changes must be manually adjusted.

 Static routes require extensive planning and have high management overhead

1.5 Recommendation:

WAN services have become increasingly relevant to businesses in large part because of the
proliferation of branch offices, remote workers, and the need for access to centrally provided data
and applications As services like MPLS, Ethernet, and Internet become more critical, so does the
need for more reliable WAN connections.

Nepal has many ISP Company that runs and provides broadband connection to its customers.
World-link, Subisu are some of broadband connections. Large company like IBSS Nepal provides
the widest wireless coverage in the country according to the level of preferences. It provides
following types of broadband connection:

 Consumer Broadband: it is the most affordable Home Wireless Broadband. It is much


faster than dial up.

 SOHO broadband: it is provided to the clients with limited budget with the high speed.
It uses wireless of fiber for connection according to the availability.

 Corporate Broadband: such connection is given to small and medium sized clients or
company.

P a g e 25 | 141
WIDE AREA NEWORK

It is more supportive to users that are fond of gaming and supports the faster data download.
Various users can connect to the internet via broadband according to the usage as explained above.
It is more reliable as it provides qualitative network speed facilities in response to the paid budgets
for the ISP. It is easily available as the connection can be given either in wireless or fiber form.
Overall, it is more powerful and easy to surf over the internet.

1.6 Conclusion:

WAN technologies have helped a lot in today’s day for the betterment of human’s activities. It has
intensified our quality of the work. It has made our work more effective and efficient. Today,
communication is possible because of the WAN and its technologies which are playing the vital
role in our lives. Therefore, A Wide Area Network is a data communications network that operates
beyond the geographic scope of a LAN.WANs generally connect devices that are separated by a
broader geographic area than can be served by a LAN. WANs use the services of carries, such as
telephone companies, cable companies, satellite systems, and network providers.

Although, it has helping our progress various problems like threat to security is overgrowing.
Cyber-terrorism has made our privacy unsecure. Email-spasm, software hacking, viruses are some
of the major problem.

Thus, WAN technologies have both advantages and disadvantages. We should be more cautious
to prevent the upcoming problems.

Task 2

Critically analyze intensive services and their performance. [1.2]

P a g e 26 | 141
WIDE AREA NEWORK

Consider: Quality of Service Management e.g. DSCP (Differentiated Service Code Point), IP
precedence, queues, base rules, congestion management Quality of Service need e.g. Voice over
IP, video streaming, audio streaming.

2.1 Introductiom

The Cisco WAN Access Performance Management System is a unique solution for service
providers wishing to raise overall service quality while reducing the cost of delivering high
performance value-added services to their enterprise customers. The Cisco WAN Access
Performance Management System enables rapid rollout of robust managed services by
providing advanced, real-time, and historical performance information that providers can use
for highly cost-effective operational support of the managed network. (Cisco, n.d).

The WAN Optimization Assessment and Design Service reviews the current environment and
helps to customize the WAN optimization solution architecture. The service documents the
current network infrastructure and measures LAN/WAN traffic, helping to gain insight into
the new Riverbed WAN optimization deployment. WAN optimization is supposed to be a
highly granular and dynamic way of organizing network traffic to ensure the most important
data items are always given network priority in full support of the business and its users. But
it is important for companies to realize that WAN optimization cannot be simply delivered
through quality of service levels they may have agreed with their WAN provider.

2.2 Quality of Service Management

A communications network forms the backbone of any successful organization. These


networks transport a multitude of applications and data, including high-quality video and
delay-sensitive data such as real-time voice. The bandwidth-intensive applications stretch
network capabilities and resources, but also complement, add value, and enhance every
business process. Networks must provide secure, predictable, measurable, and sometimes
guaranteed services. Achieving the required Quality of Service by managing the delay, delay

P a g e 27 | 141
WIDE AREA NEWORK

variation (jitter), bandwidth, and packet loss parameters on a network becomes the secret to a
successful end-to-end business solution. Thus, QoS is the set of techniques to manage network
resources (Cisco, 2015).

QoS architecture:

 QoS features are configured throughout the network to provide the end-to-end QoS
delivery. QoS architectures promote a systems approach to quality of service management
in distributed systems. QoS architecture includes these three components:
 QoS within a single network element: it includes queuing, scheduling, and traffic shaping
features.
 QoS signaling techniques: it is for coordination of QoS for end-to-end delivery between
network elements.
 QoS policing and management functions: it is used to control and administer end-to-end
traffic across a network.

Principle of QoS:

 Integration: states that quality of service must be configurable, predictable and


maintainable over all architectural layers to meet end-to-end quality of service
 Separation: states that media transfer, control and management are functionally distinct
architectural activities.
 Transparency: states that applications should be shielded from the complexity of
underlying QoS specification and QoS management functions such as QoS monitoring and
maintenance.
 Asynchronous Resource Management Principle: it guides the division of functionality
between architectural modules and pertains to the modeling of control and management
mechanisms.
 Performance: it evaluates a number of widely agreed rules for QoS driven communications
design and implementation.
P a g e 28 | 141
WIDE AREA NEWORK

Why do we need QoS?

QoS helps to understand that the network is sustainable and maintained. It identify which
network traffic is critical

Traffic and allocate appropriate resources to support those traffic streams. The application
of the QoS policies allows us to prioritize the resources according to need. It ensures that
those important packets get through even when the IP network is busy. It overlooks the
packet contents through interface all over the network infrastructure. Configured QoS
provides requirements for telephony that are more stringent than the ones for VoIP
(Baumann and Fiedler, 2005).

Benefits of QoS:

 Control over resources.


 More efficient use of network resources
 Tailored services
 Coexistence of mission-critical applications
 Foundation for a fully integrated network in the future
 It helps to evaluate and set the policies.

Qos can be divided into following body:

1. Quality of service management


2. Quality of service need

Quality of Service management:

P a g e 29 | 141
WIDE AREA NEWORK

It allows Communication Service Providers to focus on front-burner issues and forecast


the Qos provided to the users. The information is provided by the information portal. It
helps to manage the network traffic.

QoS includes:

1. DSCP (Differentiated Service Code Point)


2. IP precedence
3. Queues
4. Base Rules
5. Congestion management

2.2.1 DSCP (Differentiated Service Code Point)

Differentiated Services Code Point (DSCP) is a field in an IP packet that enables different
levels of service to be assigned to network traffic. This is achieved by marking each packet
on the network with a DSCP code and appropriating to it the corresponding level of
service.

DSCP is the combination of IP Precedence and Type of Service fields. In order to work
with legacy routers that only support IP Precedence, DSCP values are used because they
are compatible with IP Precedence fields. For more information, see RFC 2474 at the
RFC Editor Web site (Erg.abdn.ac.uk, 2014).

How DSCP works?

P a g e 30 | 141
WIDE AREA NEWORK

Quality of Service (QoS)-enabled programs request a specific service type for a traffic
flow through the generic QoS (GQoS) application programming interface (API). The
available service types are:

• Guaranteed service: Guaranteed service provides high quality, quantifiable


guarantees with bounded (guaranteed minimum) latency.

• Controlled load service: Controlled load service provides high quality,


quantifiable guarantees without bounded latency.

DSCP is a six-bit field carrying the default values that are displayed in the following table.

The equivalent IP Precedence and IEEE 802.1p values are shown in separate columns.

Service Type DSCP IP IEEE


Precedence 802.1p

Network 30 6 7
control

Guaranteed 28 5 5

Controlled load 18 3 3

All other traffic 0 0 0

P a g e 31 | 141
WIDE AREA NEWORK

Strength and weakness of DSCP:

Strength Weakness

 It is a sort of newer way for ToS (type of  Non-authenticated outer DSCP


service). can be easily attacked to create
 We have more level to define than that of the DoS that are difficult to
IP Precedence. Instead of 8 possible values mitigate.
like that of IP Precedence, it has 64
possible values.
 DSCP can be generated by copying the
DSCP value received in the clear text
packet.

2.2.2 IP Precedence:

It is one of the key components of the QoS. It was originally defined in RFC 791 that has a feature
like mechanism to assign the priority to each IP packet as well as ask for the specific treatment
like high throughput, high reliability or low latency. IP precedence has IP packet headers consists
of the ToS field where the field has three bits. It consists of 8 classes where 0 is the highest and 7
is the lowest priority.

P a g e 32 | 141
WIDE AREA NEWORK

Fig: Overview of IP precedence

Router is used to set the precedence that tells other routers about the level of QoS the packet
requires. It is the best effort Quality of Service at layer 3 that provides the ability to classify
network packets. While in layer 2 it provides analogous functionality of the 802.1P protocol.

Benefits of IP precedence on QoS:

It helps to classify the class of service of a packet using the three precedence bits in the ToS field.
Differentiated service can be created by setting the precedence level on incoming traffic. Features
like policy based routing and CAR to set the precedence based on application or user, Or by
destination and source subnet work.

Strength and weakness

Strength Weakness

 Better network utilization.  It is a old way


 Meeting Qos requirements of the
flows better

P a g e 33 | 141
WIDE AREA NEWORK

 Instability in the routes that may


lead to race conditions.

2.2.3 Queues

Network queuing is a very important application of queuing theory. The term 'network of
queues' describes a situation where the input from one queue is the output from one or
more others. This is true in many situations from telecommunications to a PC.

A simple example of network queuing is the central server network. This consists of a
CPU (Central Processing Unit), storage units it can access and input devices to access it.
The task the CPU performs is queued on different criteria. Also, the storage units could
have their own individual queues. Queues tend to be ordered in a number of ways. They
can also be executed either on a one by one serial basis or bit by bit by Time Sharing. It
is not always necessary to treat customers in a queue equally. A priority queuing system
may often be used to give some jobs preferential treatment (Janssen, 2014).

Strength and weakness

Strength Weakness

 It acts as a buffer  It doesn’t have specific characteristics


for its operation.

2.2.4 Base rules:

Base rule is mainly used for the security propose. It is a condition where computer server acts as a
firewall. It is a set of rule that are implement to filter the packets in order to allow the packets pass

P a g e 34 | 141
WIDE AREA NEWORK

through the firewalls .They are the configured and implemented rules for the organizational
security policies. They usually function on the top-down principle in which the first rule listed acts
firstly so that traffic allowed by the first rule is not affected by the remaining rules. They have the
format of SOURCE/ DESTINATION/ SERVICE/ ACTION.

Ways to apply base rules:

 Desktop security: this enables user to specify the level of access that remote users have as
they log into the internet.
 QoS: base level of functionality can be maintained by enabling the firewall by setting the
rules for organizational security policy.
 NAT: it conceals the internal name and IP address from the outside network users.
 Tracking: it includes procedure for notification so that user can follow response
procedures in case of intrusions.
 Logging and auditing: it includes methods for detection of intrusions and other security
problems like viruses.

This allows you to scan for the open ports and apply the set of base rules to prevent the undesired
applications. Base rules have mainly three options:

 Allow: it allows application to access the internet at any time


 Block: prevent application from accessing the internet.
 Ask or prompt: the user is asked to allow the application of access the internet or not
(Weaver et al, 2014).

2.6.4.2 Strength and weakness

Strength Weakness

P a g e 35 | 141
WIDE AREA NEWORK

 Dynamic traffic filtration can be set  It can only stop the intrusions from
up as desired. the traffic that actually passes through
 It provides proxy authentication. them.
 Enforce security and safety policies  As long as transaction has been
of an organization. permitted, a firewall has no ability to
 Restriction access to specified protect the system against it.
services.

2.2.5 Congestion management:

Congestion is the phenomenon where the quality of services deteriorates when the node is
carrying the overload of data causing the buffer on devices like switch and routers. This
results in queuing delay, frame or data packet loss and the blocking of new connections. It
limits the networking resources, slowing the router processing and link throughput.

Fig: congestion Management


P a g e 36 | 141
WIDE AREA NEWORK

Congestion management is a systematic strategy in order to effectively manage the storage


capacity on a node in the intermittently communicating networks. It is used to maximize the
network utilization. It includes the method that controls traffic entry into a telecommunication
networks. It is done by avoiding the oversubscription of any processing such as reducing the rate
of sending packets (Zhang, 2008).

Basic technique to manage congestion:

 End-system flow control: it controls packet flow which prevents the sender from over-
running the buffers of the receiver.
 Network congestion control: the congestion is reducing in the network rather than the
receiver. The mechanism is done by the ending the systems that throttle back.
 Network based congestion avoidance: here, routers detect the threat to the congestion. It
attempts to slow down the senders before the queues become full.
 Resource allocation: physical circuits are scheduled for a specific time period. Resources
are allocated by building a virtual circuit across the switches with a guaranteed bandwidth.
It avoids the congestion by blocking the traffic that is excess of the network capacity.

Weakness and strength:

Strength weakness

 It tries to discover the bandwidth  Unpredictable increasing demand


available and adjust its send rate to which causes lack of monitoring
an appropriate level. capabilities
 It seeks to maintain a constant  Good quality service control
number of packets in queues cannot be gain in real time like
throughout the network. video conference.

P a g e 37 | 141
WIDE AREA NEWORK

2.3 Quality of service need:

We need various applications in our daily routine. There is a need to control the network resources
to fulfill the requirements of each service. For instance, telephony, email, multimedia are some of
our daily activities. It tells what they are, what user needs and how it works to provide us Quality
of Services. Some of the QoS needs are:

 Voice over IP
 Video streaming
 Audio streaming

2.3.1 Voice over internet protocol:

It is a hardware or software technology that facilitates telephone calls over the computer
network like internet. It was first introduced in 1995 by the small company called Vocaltec.
The transmission of voice data is in IP rather than the PSTN which is traditional circuit
transmissions. Thus VOIP converts the analog signals (voices) into digital information in
the form of IP packets. The main advantage of VOIP is that, the calls are cost saving while
disadvantage is that there is high chance for of dropping the calls degrading the voice
quality when there is heavy load to the link network (Cisco, 2011).it supports real-time
and two-way transmission of conversations using IP.

Strength and weakness:

Strength Weakness

 It is cheaper than the regular  VoIP shares the Internet bandwidth


telephony for both user and operators with other applications, which may
reduce sound quality or cause lags.

P a g e 38 | 141
WIDE AREA NEWORK

 The actual location of a VoIP caller  VoIP uses the Internet, in the case
cannot be traced of a power outage, VoIP services
 .laptops can be used as the computer may be unavailable.
to computer connection. Thus, it is  Data is transmitted over the Internet
portable. so the risk of it being intercepted is
significantly higher than with a
regular phone line

2.3.2 Media streaming (video and audio streaming):

In general, we understand online video as media streaming. In fact, it is an audio or the video
content which are compressed and sent over the internet and played immediately. We don’t have
to download to play the file. Thus the multimedia is based on Internet Protocol over the internet
that is usually streamed from prerecorded files. The file can be retrieved and played by remote
viewers in real time with embedded players. The video we watch over the YouTube is the best
example. A flash player is its embedded player (Rayburn, 2007).

P a g e 39 | 141
WIDE AREA NEWORK

Fig: 7 Architecture for media


streaming

It consists of following architecture:

 Video compression: raw video is compressed to achieve efficiency.


 Application layer QoS control: various application layer QoS control techniques is
proposed that include the congestion control and error control.
1. Congestion control: it is employed to prevent packet loss and reduce delay.
2. Error control: it is used to improve the quality of video in the presence of quality loss
 Continuous media distribution services: Built on top of the Internet, continuous media
distribution services are able to achieve QoS and efficiency for streaming video/audio over
the best effort Internet. Service may include filtering, content replication and application-
level multicast.
 Streaming servers: Streaming servers are required to process multi-media data under
timing constraints and support interactive control operations such as pause/resume, fast

P a g e 40 | 141
WIDE AREA NEWORK

forward and fast backward. Further streaming servers need to retrieve media components
in a synchronous fashion.
 Media synchronization mechanism: it major features is to separate the multimedia
application from other data application. This allows application at the receiver side to
present various media stream in the original way.
 Protocols for streaming media: it is designed for communication between clients and
streaming servers. Protocols for streaming media provide such services as network
addressing, transport, and session control.

2.4 Conclusion:

QoS management and QoS need has help us to enable more efficient use of the network. It has
provided preferential treatment to certain data, enabling the data to transverse intranet with higher
quality transmission. This has encourages the emergence of heterogeneous networks to provide
cost-performance while taking into account the less expensive and resource-constrained scalar
sensors and high power superior elements such as multimedia sensors.

Task 3

Discuss WAN concerns and make recommendations to sustain network security, reliability and
performance. [1.3]

Consider: WAN security e.g. MD5 (Message Digest algorithm 5), CHAP and PAP, Broadcast
reduction, Filters, traffic rules, Firewalls, Access control lists, Directed updates and tunneling.

P a g e 41 | 141
WIDE AREA NEWORK

3.1 Introduction

WAN services have become increasingly relevant to businesses in large part because of the
proliferation of branch offices, remote workers, and the need for access to centrally provided data
and applications As services like MPLS, Ethernet, and Internet become more critical, so does the
need for more reliable WAN connections.

The various concerns for an organization when it comes to WAN are security, infrastructure,
continuity etc. Here are the various concerns that the organization considers while implementing
WAN for a secure network are described below WAN Concerns.The WAN concerns usually
overviews are:

 Security
 Reliability
 Performance

3.2 MD5 (Message Digest algorithm 5):

MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with


a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in
a wide variety of security applications, and is also commonly used to check the integrity
of files. An MD5 hash is typically a 32-character hexadecimal number.

It was developed by the Ronald Rivest in 1991. It is a Cryptographic Hash Function. It


produces the 168 bit hash value that is expressed in the text format of 32 digital
hexadecimal numbers. It is used in various cryptographic applications and is commonly
used in the data integrity for the verification secured related application. It verifies the
files by comparing the checksums created after running the algorithm on two seemingly
identical files. It provides the compact way to store the files for use during periodic
integrity checks of those files (Encrypt.ro, 2015).
P a g e 42 | 141
WIDE AREA NEWORK

Connection between computer and the modem can be established by dialing into the
ISP’s modem that negotiates in modem protocol. There are basically two methods for
logging onto a server:

1. CHAP
2. PAP

3.3 CHAP (Challenge Handshake Authentication Protocol)

Challenge Handshake Authentication Protocol is a type of authentication in which the


authentication agent (typically a network server) sends the client program a random value
that is used only once and an ID value. Both the sender and peer share a predefined secret.
The peer concatenates the random value (or nonce), the ID and the secret and calculates a
one-way hash using MD5 (Jansen, 2014). The hash value is sent to the authenticator, which
in turn builds that same string on its side, calculates the MD5 sum itself and compares the
result with the value received from the peer. If the values match, the peer is authenticated.
By transmitting only the hash, the secret can't be reverse-engineered. The ID value is
increased with each CHAP dialogue to protect against replay attacks. We can limit access
to all server targets at once or set permissions for each targets separately. If we want limit
access to certain targets only and remain other targets shared for all, we need to set
permissions for those targets only. Otherwise we may limit access for all targets by setting
permissions for connection.

P a g e 43 | 141
WIDE AREA NEWORK

3.4 PAP (Password Authentication Protocol)

Password-based authentication is the protocol that two entities share a password


in advance and use the password as the basic of authentication. Existing password
authentication scheme can be categorized into two types: weak-password
authentication schemes and strong password authentication schemes. In general,
strong-password authentication protocols have the advantages over the weak-
password authentication schemes in that their computational overhead are lighter,
designs are simpler, and implementation are easier, and therefore are especially
suitable for some constrained environments.

3.5 Broadcast Reduction

Network broadcasts are each Administrator's bad dream as they surge the system
with, by and large, unnecessary activity, expending profitable transfer speed and at
times, bringing on bottlenecks in very used connections (Partsenidis, 2014).

Wellsprings of these shows are system supplies, for example, switches, switches,
system printers, workstations, servers and numerous more. While having a 'show

P a g e 44 | 141
WIDE AREA NEWORK

free' system is unthinkable, there are sure steps one can take to guarantee shows are
minimized

3.6 Firewalls

A firewall is a system designed to prevent unauthorized access to or from a private


network. Firewalls can be implemented in both hardware and software, or a combination
of both. Firewalls are frequently used to prevent unauthorized Internet users from
accessing private networks connected to the Internet, especially intranets (Rouse, 2007).
All messages entering or leaving the intranet pass through the firewall, which examines
each message and blocks those that do not meet the specified security criteria. Usually
there are two types of firewalls:

P a g e 45 | 141
WIDE AREA NEWORK

3.6.1 Software firewalls:

It is also known as the personal firewall. They are the programs designed to
monitor and control the flow of the traffic between the computers and the
network. They are installed in the PC, notebook or the group server.

It provides permission, restriction, encrypt or proxy computer traffic according


to the setting and definition made on the application. Avast, McAfee etc. are
some of its example.

Fig: 1 home page of avast (software firewall).

3.6.2 Hardware firewalls:

It a host tools that provides the security against the threat at the periphery of the
network. They are usually needed to be configured for the security activities. They

P a g e 46 | 141
WIDE AREA NEWORK

are more expensive and provide better performance than that of the software
firewall.

Fig: hardware firewall

3.7 Access Controls

Access control refers to security features that control who can access resources in
the operating system. Applications call access control functions to set who can
access specific resources or control access to resources provided by the
application.

It describes the security model for controlling access to Windows objects, such as
files, and for controlling access to administrative functions, such as setting the
system time or auditing user actions (Cisco, n.d.).

P a g e 47 | 141
WIDE AREA NEWORK

3.8 Conclusion

WAN security alternatives are found in quantities of rundown. It is vital to be considered


in the WAN. Security alternative is a standout amongst the most concentrated in systems
administration. WAN securities deal with the protected system for the systems. It gives
the security to the system layer.

For making more secure WAN Md5 is discovered to be utilized most which is hash
capacity with 128 bit esteem. It is profoundly dependable finger impression that can be
utilized verity the uprightness of the document content. It checks for discriminating
framework, information documents, and application gives a reduced approach to store
data for utilization amid occasional honesty. There is an alternate choice that is utilized
most as a part of WAN yet is consider being less secure contrast with different
alternatives. PAP is basic confirmation convention. It dishearten in light of the fact that
passwords are effortlessly comprehensible from the point to point convention.

Task 4

Critically evaluate different trust systems on a WAN. [1.4]

P a g e 48 | 141
WIDE AREA NEWORK

Consider: Trust of intermediary system, Trust of remote systems, Trust of networks on WAN.

Note: In order to critically evaluate your work you are required to give an opinion of the issue
which should be supported with relevant evidence.

4.1 Introduction

Security is the biggest issue for WAN. Normally, organizations consists some technology in order
to secure resources of networks in its different branch offices. In order to control and manage the
flow of data which is sent to each remote location, huge security solutions is applied. The
components of the network will only communicate with each other if there exists a trust between
remote users or client is authenticated. Without authorizing remote system or client accessing the
network resources is impossible.

Trust can be defined as the process or the mechanism involved in the networking technologies
which is used by one network in order to identify the access of other network to the resources of
first network. The trust is required between the connections in order to communicate between the
two different Networks. Trust provide the extra layer of security.

There are mainly two types of trust:

One way trust: only one network can access the resources of other network.

Two Way trust: Both the network can access the resources of each other network.

4.2 Trust of intermediary system:

It is a trust system specially used in the field of E-commerce where two parties is offered a
intermediated services from the third party. It uses the routing protocol known as DECnet Phase

P a g e 49 | 141
WIDE AREA NEWORK

V routing where a routing is determined through data exchange system by using single metric
intermediate. It is the most flexible trust system for the internet as it is inspired by the browser
trust list and trust intermediary. Trust information forms the trust record that assigns the
registrant’s security policies.

4.3 Trust of remote systems:

This trust is applied to the secure embedded file. It ensures the changing in the remote embedded
device preventing the unauthorized access. This changing in the file may occur via
internet/Ethernet or wire/wireless. This trust system consists of public key encryption to prove the
product is from the trusted organization. Software companies uses the technologies like hypervisor
to indicate if software is changed or tempered.

4.4 Trust of networks on WAN:

It is trust system link with the secure connection of internet over the server. It looks upon the CA
certificate of the IPS to verify the CA signature on the certificate of the server to prevent the
malicious party for the secure connection.

Public key and owner of the system has the authenticate relation that decentralize the trust model
for the public key structure. Public key relies on the centralized trust model where the third party
has certificate of subject to rely on for the trust. These trust system includes following manual
trust:

• Point-to-point authentication VPN trust

• Certificate trust

• Active Directory Domain and Trust

P a g e 50 | 141
WIDE AREA NEWORK

4.4.1 Point-to-point authentication on routing:

It is an encapsulated data link protocol used to establish the connection between two nodes directly.
Via point-to-point links, transportation of IP traffic is done. It is used for physical networks
activities like serial cable, phone line, cellular telephone etc. Internet Service Providers used it for
internet access connections and dial up access. It ensures PPP link in the endpoint is a valid device
(Gredler et al , 2005).

4.4.2 VPN Trust:

Virtual extends the private network across the public network that helps to allow the exchange of
data across the public networks. VPN trust relies on security of a single provider’s network to
protect the traffic. It delivers the network unless the trusted delivery network runs among
physically secure sites only and helps configuring the tunnel groups, group policies and users’
policies. In result it helps to manage the security over VPN.

4.4.3 Certificate trust:

It is a system to ensure best practice among all publicly trusted Certification Authorities and
Delegated Third Parties. Its guideline seeks to address the various attacks on trusted providers by
setting a number of requirements. This ensures a tight security around CA networks and systems
where the guidelines is provided in the areas including General Protections for the Network and
Supporting Systems; Trusted Roles, Delegated Third Parties, and System Accounts; Logging,
Monitoring and Alerting; as well as Vulnerability Detection and Patch Management.

4.4.4 Active Directory Domain and Trust:

It is a service developed by the Microsoft for windows domain networks. It is included in most
windows server operating systems as a set of processes and services. The main function of the AC
Domain is to provide the controller over authentication and authorizes all users and computers in
P a g e 51 | 141
WIDE AREA NEWORK

a Windows domain type network—assigning and enforcing security policies for all computers and
installing or updating software. The single domain grows in infrastructure to develop the trust
relationship (Lowe, 2009). It allows domain and forest to trust one another for authentication to
access the resources.

Task 5

Design a WAN infrastructure to meet the given requirements of Solution Networks and critically
evaluate the suitability of WAN components. [2.1, 2.2, M2]

Consider: DHCP, VLANs, availability of routing concepts, IP addressing plan, appropriate device
selection, Cable connection, Speed and Bandwidth utilization, WAN module and routing solution
for the Solution Networks.

In order to achieve 2.2 Consider: Devices, Bandwidth, Users, Applications, Communications


etc.

In order to achieve M2, you must make sure that the selection of methods and techniques /
sources has been justified which may be evidenced through your work you have presented.

P a g e 52 | 141
WIDE AREA NEWORK

5.1 Introduction :

Solution Network Pvt. Ltd is a networking company that provides internet service to the clients.
In the following task the design of the networks of different branches including the head office are
provides. As per the requirement of scenario Solution Network Pvt. Ltd, various considerations
has been done with core and network infrastructure. In the designed network infrastructure of a
Solution Network Pvt. Ltd devices has been selected and connection has been made.

5.2 Head Office Kathmandu

P a g e 53 | 141
WIDE AREA NEWORK

P a g e 54 | 141
WIDE AREA NEWORK

5.3 Bhaktpur Branch

P a g e 55 | 141
WIDE AREA NEWORK

5.4 Kavre Branch

P a g e 56 | 141
WIDE AREA NEWORK

5.5 Banepa Branch

P a g e 57 | 141
WIDE AREA NEWORK

5.6 Dhulikhel Branch:

5.6 IP Addressing In Head Office

Domain controller

IP address: 192.168.1.10/24

DNS IP address: 192.168.1.5/24

P a g e 58 | 141
WIDE AREA NEWORK

Default gateway: 192.168.1.1/24

DNS server

IP address: 192.168.1.102/24

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

DHCP

IP address: 192.168.1.105/24

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

WEB & FTP server

IP address: 192.168.1.106/24

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

Database

IP address: 192.168.1.107/24
P a g e 59 | 141
WIDE AREA NEWORK

DNS IP address: 192.168.1.101/24

Default gateway: 192.168.1.101/24

Application

IP address: 192.168.1.108/24

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

Email

IP address: 192.168.1.109/24

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

Router IP address: 192.168.1.1

Departments in Solution network main office

• Sales & marketing

• Account
P a g e 60 | 141
WIDE AREA NEWORK

• HRM

• Customer support

IP address for departments of Solution network

In Solution network we have used the public IP of range of class C. Subnetting technology has
been used in order to provide smooth administration and traffic management. Subnetting is
basically just a way of splitting a TCP/IP network into smaller, more manageable pieces.

Different subnets and ip address range assigned in different department

1. Sales and marketing

IP address: 192.168.1.120/24 to 192.168.1.130/24

Subnet mask: 255.255.255.0

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

2. Account

IP address: 192.168.1.131/24 to 192.168.1.140/24

Subnet mask: 255.255.255.0

DNS IP address: 192.168.1.102/24


P a g e 61 | 141
WIDE AREA NEWORK

Default gateway: 192.168.1.101/24

3. Human Resource Management

IP address: 192.168.1.141/24 to 192.168.1.150/24

Subnet mask: 255.255.255.0

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

4. Customer support

IP address: 192.168.1.141/24 to 192.168.1.150/24

Subnet mask: 255.255.255.0

DNS IP address: 192.168.1.102/24

Default gateway: 192.168.1.101/24

5.7 Introduction to Solution Network

Solution Network (Solution Net) is an emerging network service provider in Nepal. The
organization provides various network supports, sells networking devices and consumer access.
The company provides fast internet services of upto maximum capacity of 15 Mbps to corporate
client organizations and end users with maximum capacity of 2 Mbps. Branch Network of
Bhaktpur, Kavre, Banepa and Dhulikhel provides the Wi-Fi access to end users.
P a g e 62 | 141
WIDE AREA NEWORK

5.8 Cisco RV320 Dual Gigabit WAN VPN Router

Network connectivity is at the heart of every small business, and secure access, firewall protection,
and high performance are the cornerstones of every Cisco Small Business RV Series Router. The
Cisco RV320 Dual Gigabit WAN VPN Router, now with web filtering, is no exception. With an
intuitive user interface, the Cisco RV320 enables you to be up and running in minutes. The Cisco
RV320 provides reliable, highly secure access connectivity for you and your employees that is so
transparent you will not know it is there.

5.8.1 Features and Capabilities

Dual Gigabit Ethernet WAN ports for load balancing and business continuity

Built-in 4-port Gigabit Ethernet switch

Strong security with proven stateful packet inspection (SPI) firewall and hardware encryption

High-capacity, high-performance, SSL, IP Security (IPsec) VPN capabilities

Intuitive, browser-based device manager and setup wizards

5.8.2 Product Specifications

Product Specifications

Table 1. Product Specifications

P a g e 63 | 141
WIDE AREA NEWORK

Description Specification

● Dual Gigabit Ethernet Ports

● Failover

Dual WAN ● Load balancing

● 802.3, 802.3u

● IPv4 (RFC 791)

Standards ● IPv6 (RFC 2460)

● Dynamic Host Configuration Protocol (DHCP) server, DHCP client,


DHCP relay agent

● Static IP

● Point-to-Point Protocol over Ethernet (PPPoE)

● Point-to-Point Tunneling Protocol (PPTP)

WAN connectivity ● Transparent bridge

P a g e 64 | 141
WIDE AREA NEWORK

Description Specification

● DNS relay, Dynamic DNS (DynDNS.org, 3322.org), DNS local


database

● IPv6

● Routing Information Protocol (RIP) v1 and v2, and RIP for IPv6
(RIPng)

● Inter-VLAN routing

● Static routing

Routing protocols ● VLANs supported: 7

● Port Address Translation (PAT)

● One-to-one NAT

Network Address
Translation (NAT) ● NAT traversal

Protocols can be bound to a specific WAN port for load-balancing


Protocol binding purposes

P a g e 65 | 141
WIDE AREA NEWORK

Description Specification

● DMZ port

Network edge (DMZ) ● DMZ host

Dual USB 2.0 ports Storage and 3G/4G modem support

Security

● SPI firewall

● Denial-of-service (DoS) prevention: ping of death, SYN flood, IP


Firewall spoofing, WinNuke

● Schedule-based access rules

Access rules ● Up to 50 entries

Port forwarding Up to 30 entries

Port triggering Up to 30 entries

P a g e 66 | 141
WIDE AREA NEWORK

Description Specification

Blocking Java, cookies, ActiveX, HTTP proxy

Content filtering Static URL blocking or keyword blocking

● HTTPS web access to device manager

Secure management ● Username/password complexity enforcement

802.1Q VLAN

VLAN 7 VLANs supported

Web filtering Content filtering covering 27+ billion URLs

VPN

● 25 IPsec site-to-site tunnels for branch office connectivity

● 25 IPsec VPN tunnels via Cisco VPN client and third-party clients
IP Security (IPsec) such as “The GreenBow” for remote- access VPN connectivity

P a g e 67 | 141
WIDE AREA NEWORK

Description Specification

SSL VPN 10 SSL VPN tunnels for remote client access

PPTP 10 PPTP tunnels for remote access

● Data Encryption Standard (DES)

● Triple Data Encryption Standard (3DES)

● Advanced Encryption Standard (AES) encryption: AES-128, AES-


Encryption 192, AES-256

Authentication MD5/SHA1

IPsec NAT traversal Supported for gateway-to-gateway and client-to-gateway tunnels

VPN pass-through PPTP, Layer 2 Tunneling Protocol (L2TP), IPsec

● Dead peer detection (DPD)

Advanced VPN ● Split DNS

P a g e 68 | 141
WIDE AREA NEWORK

Description Specification

● VPN backup

● Internet Key Exchange (IKE) with certificate

Quality of Service (QoS)

Service-based QoS Rate control or priority

Rate control Upstream/downstream bandwidth per service

Prioritization types Application-based priority on WAN port

Priority Services mapped to one of two priority levels

Performance

IPsec VPN
throughput 100 Mbps

SSL VPN throughput 20 Mbps

P a g e 69 | 141
WIDE AREA NEWORK

Description Specification

Concurrent
connections 20,000

Configuration

Web user interface Browser-based device manager (HTTP/HTTPS)

Management

● Web browser (HTTP/HTTPS)

● Simple Network Management Protocol (SNMP) v1, v2c, and v3

Management
protocols ● Bonjour

● Local log

● Syslog

● Email alert

Event logging ● Short Message Service (SMS)

P a g e 70 | 141
WIDE AREA NEWORK

Description Specification

● Firmware upgradable through the web browser

Upgradability ● Import or export configuration filesfrom or to a USB flash drive

System Specifications

Table 2. System Specifications

Description Specification

Product dimensions (W x H
x D) 206 x 132 x 44 mm (8.1 x 5.2 x 1.7 in)

Four 10/100/1000 Gigabit Ethernet RJ-45 ports

One 10/100/1000 Gigabit Ethernet RJ-45 Internet (WAN)


port

One 10/100/1000 Gigabit Ethernet RJ-45 DMZ/Internet


Ports (WAN) port

Power supply 12V 1.5A

P a g e 71 | 141
WIDE AREA NEWORK

FCC Class B, CE Class B, UL, cUL, CB, CCC, BSMI, KC,


Certification Anatel

Operating temperature 0° to 40°C (32° to 104°F)

Storage temperature 0° to 70°C (32° to 158°F)

Operating humidity 10% to 85% noncondensing

Storage humidity 5% to 90% noncondensing

5.9 Normal router for Access Point

5.9.1 450Mbps Wireless N Gigabit Router TL-WR1043ND

450Mbps Wireless N Gigabit Router TL-WR1043ND is a combined wired/wireless network


connection device integrated with internet-sharing router and 4-port switch. It creates wireless
network with incredibly high speeds of up to 300Mbps, which ensures that you are free to
simultaneously enjoy multiple high-bandwidth consuming and interruption sensitive applications
such as streaming HD video, making VoIP calls, sharing large files and playing online games.
Specially, it is equipped with a USB storage port on the back of the router, via which you can
easily share printers, files or media with your friends or family locally or over the Internet.

P a g e 72 | 141
WIDE AREA NEWORK

HARDWARE FEATURES

4 10/100/1000Mbps LAN Ports


Interface 1 10/100/1000Mbps WAN Port
1 USB 2.0 Port

WPS/Reset Button
Button Power Button
Wi-Fi Button

Antenna 5dBi*3 Detachable Omni Directional (RP-SMA)

External Power Supply 12VDC / 1.5A

Wireless Standards IEEE 802.11n, IEEE 802.11g, IEEE 802.11b

Dimensions ( W x D x H ) 8.9 x 5.6 x 1.2in. (225 x 141 x 30mm)

WIRELESS FEATURES

Frequency 2.4-2.4835GHz

P a g e 73 | 141
WIDE AREA NEWORK

WIRELESS FEATURES

11n: Up to 450Mbps(dynamic)
Signal Rate 11g: Up to 54Mbps(dynamic)
11b: Up to 11Mbps(dynamic)

270M: -68dBm@10% PER


130M: -68dBm@10% PER
108M: -68dBm@10% PER
Reception Sensitivity 54M: -68dBm@10% PER
11M: -85dBm@8% PER
6M: -88dBm@10% PER
1M: -90dBm@8% PER

CE:
<20dBm(2.4GHz)
Transmit Power
FCC:
<30dBm

Enable/Disable Wireless Radio, WDS Bridge,


Wireless Functions
WMM, Wireless Statistics

Wireless Security 64/128/152-bit WEP / WPA / WPA2,WPA-PSK /

P a g e 74 | 141
WIDE AREA NEWORK

WIRELESS FEATURES

WPA2-PSK

64/128/152-bit WEP, WPA / WPA2,WPA-PSK /


Wireless
WPA2-PSK

SOFTWARE FEATURES

Quality of Service WMM, Bandwidth Control

Dynamic IP/Static IP/PPPoE/


PPTP(Dual Access)/
WAN Type

L2TP(Dual Access)/BigPond

Access Control
Management Local Management
Remote Management

DHCP Server, Client, DHCP Client List,

P a g e 75 | 141
WIDE AREA NEWORK

SOFTWARE FEATURES

Address Reservation

Port Forwarding Virtual Server,Port Triggering, UPnP, DMZ

Dynamic DNS DynDns, Comexe, NO-IP

VPN Pass-Through PPTP, L2TP, IPSec (ESP Head)

Parental Control, Local Management Control,


Access Control
Host List, Access Scheule, Rule Management

DoS, SPI Firewall


IP Address Filter/MAC Address
Firewall Security
Filter/Domain Filter
IP and MAC Address Binding

Protocols Support IPv4 and IPv6

P a g e 76 | 141
WIDE AREA NEWORK

SOFTWARE FEATURES

Guest Network 2.4GHz Guest Network×1

OTHERS

Certification CE, FCC, RoHS

- 450Mbps Wireless N Gigabit Router TL-WR1043ND


- 3 detachable Omni directional antennas
Package Contents - Power supply unit
- Resource CD
- Quick Installation Guide

Microsoft Windows 8/7/Vista/XP/2000, MAC OS, NetWare,


System Requirements
UNIX or Linux.

Operating Temperature: 0℃~40℃ (32℉~104℉)


Storage Temperature: -40℃~70℃ (-40℉~158℉)
Environment
Operating Humidity: 10%~90% non-condensing
Storage Humidity: 5%~90% non-condensing

P a g e 77 | 141
WIDE AREA NEWORK

5.10 Design Justification

One of the main requirement of the Solution net is the needs to connect to its various branches and
provide the internet facilities to their clients. So, in order to meet this requirement Solution net has
chosen frame relay in order to communicate with their branches. Solution net has purchased the
frame relay services from its telecom provider.

5.10.1 Reason to choose Frame Relay

The main advantage of Frame Relay over point-to-point leased lines is cost. Frame Relay can
provide performance similar to that of a leased line, but with significantly less cost over long
distances. The reason is because the customer only has to make a dedicated point-to-point
connection to the provider's nearest frame switch. From there the data travels over the provider's
shared network. The price of leased lines generally increases based on distance. So, this short haul
point-to-point connection is significantly less expensive than making a dedicated point-to point
connection over a long distance.

Lower cost over distance makes Frame Relay is a good choice for Solution net since it has offices
located across the country. However, if Solution net only needed to send data between it’s
headquarter and the branches manufacturing it might make sense to consider a dedicated circuit
since the two locations are in the same metropolitan area.

5.8 Drawback of Frame Relay

The two main disadvantages of Frame Relay are slowdowns due to network congestion and
difficulty ensuring Quality of Service (QoS).Because all of a provider's Frame Relay customers
use a common network there can be times when data transmission exceeds network capacity. The
difficulty ensuring QoS is due to the fact that Frame Relay uses variable-length packets. It is easier
to guarantee QoS when using a fixed-length packet. Solution net needs to decide how significant
these disadvantages are to the needs of their network and how to mitigate against them.
P a g e 78 | 141
WIDE AREA NEWORK

To address the issue of potential congestion, Solution net should be sure that FatData Pipe's
Committed Information Rate (CIR) is sufficient to meet the needs of their network. CIR is the
minimum level of through put that the provider guarantees and FDP should be delivering at least
this amount of through put even in times of heavy network load. Solution net should also carefully
examine their present and future quality of service needs. Is voice or video conferencing between
sites is something on the horizon? If so, Solution net may want to examine the ways in which
Frame Relay equipment can prioritize traffic and determine if these mechanisms are sufficient for
to meet their needs. If not, Solution net want to consider an alternative like ATM.

Switch 3560: This is a core switch which is used on the core network for defining multiple subnets
and distribute communication for internal branches and intranet access along with department wise
communication for the admin purpose the VLAN (subnets-network segment) has been configured
on this core switch.

Switch 2960: This is a distribution switch which is used to create a LAN environment for different
subnet (department wise network).

Wireless Access point (outdoor AP): This is a wireless network distribution point to provide
internet access and connectivity to end user customer and employee network as well. The main AP
which is connected to the LAN environment with cable connection acts as a wireless distribution
main router but other outdoor AP’s will act as a wireless distribution service client mode. This
WDS client will be responsible for providing the internet access to all the end user clients who
subscribe internet access subscription from Solution net.

Router 8141: This gateway router will provide connectivity between the different private virtual
circuits from frame-relay cloud provider. It also provides static IP routing service for all branch
networks. The router uses static IP route to minimize loop free routing into the framerelay
environment.

Choosing the Topology

P a g e 79 | 141
WIDE AREA NEWORK

Since Solution net will be connecting more than two sites we have chosen to use a star topology.
In this topology all the devices are connected to the intermediary devices. In Solution net it would
be either the switch or the router. But in case there is a problem in the intermediary device a whole
network is interrupted. Hence to provide some redundancy in communications links, redundant
arrangement can be either full-mesh, where every site has a connection to every other site.

Connecting the Sites

Solution net needs to decide how much redundancy, if any, is needed between site and how to best
set this up.

5.9 Basic Connectivity

Solution net headquarters is located in Kathmandu, and is the central clearinghouse for all of the
company's data. Given this fact, the WAN design can start as a simple hub and-spoke network
with the Kathmandu HQ in the center. Each supply office and manufacturing site will have a
virtual circuit connected to Kathmandu. Additionally there is a virtual circuit between Solution
net headquarters and Banepa branch. This simple design solves the basic connectivity issue. All
sites can communicate with headquarters and all sites may also communicate with each other by
Routing layer-3 data through headquarters.

Task 6

Build and configure a WAN (including services) to meet the given requirements of the Solution
Networks implementing the network security on a WAN. [3.1, 3.2]

P a g e 80 | 141
WIDE AREA NEWORK

Consider: Devices: e.g. installation of communication devices allocation of networks,


communication, and device configuration. Services: DNS (Domain Name Service), email, web,
video, application. Specialised:

configuration: e.g. routing protocol, interfaces, network address allocation, and security features

Note: Your teacher will complete a witness statement to confirm that you have completed the task
successfully and you need to submit the Lab report.

6.1 WAN Configuration Solution Network

6.1.1Router Configuration of Head Office at Kathmandu

Kathmandu>en

Kathmandu#sh run

Building
configuration...

hostname
Kathmandu

P a g e 81 | 141
WIDE AREA NEWORK

interface
FastEthernet0/0

ip address
192.168.1.1
255.255.255.0

duplex auto

speed auto

interface

interface
Serial0/0/0

ip address
110.0.0.1 255.0.0.0

clock rate 64000

interface
Serial0/0/1

P a g e 82 | 141
WIDE AREA NEWORK

ip address
120.0.0.1 255.0.0.0

clock rate 64000

interface
Serial0/1/0

ip address 90.0.0.1
255.0.0.0

clock rate 64000

interface
Serial0/1/1

ip address
100.0.0.1 255.0.0.0

router eigrp 200

P a g e 83 | 141
WIDE AREA NEWORK

redistribute eigrp
100

network 90.0.0.0

network 120.0.0.0

network
192.168.1.0

auto-summary

router eigrp 100

redistribute eigrp
200

network 100.0.0.0

network 110.0.0.0

auto-summary

P a g e 84 | 141
WIDE AREA NEWORK

ip classless

line con 0

line vty 0 4

login

6.2 VLAN Configuration at Head Office Kathmandu

6.1.2 Router Configuration of Bhaktpur

Bhaktpur>en

P a g e 85 | 141
WIDE AREA NEWORK

Bhaktpur#sh run

Building configuration...

Current configuration : 739 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Bhaktpur

interface FastEthernet0/0

ip address 192.168.2.1 255.255.255.0

duplex auto

P a g e 86 | 141
WIDE AREA NEWORK

speed auto

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

interface Serial0/0/0

no ip address

shutdown

interface Serial0/0/1

no ip address

P a g e 87 | 141
WIDE AREA NEWORK

shutdown

interface Serial0/1/0

ip address 90.0.0.2 255.0.0.0

router eigrp 200

network 90.0.0.0

network 192.168.2.0

auto-summary

line con 0

line vty 0 4

login

P a g e 88 | 141
WIDE AREA NEWORK

6.1.3 Router Configuration of Kavre

Kavre>en

Kavre#sh run

Building configuration...

hostname Kavre

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

duplex auto

speed auto

interface Serial0/1/0

ip address 100.0.0.2 255.0.0.0

P a g e 89 | 141
WIDE AREA NEWORK

router eigrp 100

network 100.0.0.0

network 192.168.3.0

auto-summary

line con 0

line vty 0 4

login

6.1.4 Router Configuration of Banepa

Banepa>en

Banepa#sh run

Building configuration...

P a g e 90 | 141
WIDE AREA NEWORK

Current configuration : 739 bytes

hostname Banepa

interface FastEthernet0/0

ip address 192.168.4.1 255.255.255.0

duplex auto

speed auto

interface Serial0/1/0

ip address 110.0.0.2 255.0.0.0

router eigrp 100

P a g e 91 | 141
WIDE AREA NEWORK

network 110.0.0.0

network 192.168.4.0

auto-summary

line con 0

line vty 0 4

login

6.1.5 Router Configuration in Dhulikhel

Dhulikhel>en

Dhulikhel#sh run

Building configuration...

P a g e 92 | 141
WIDE AREA NEWORK

hostname Dhulikhel

interface FastEthernet0/0

ip address 192.168.5.1 255.255.255.0

duplex auto

speed auto

interface Serial0/1/0

ip address 120.0.0.2 255.0.0.0

router eigrp 200

network 120.0.0.0

network 192.168.5.0

auto-summary

P a g e 93 | 141
WIDE AREA NEWORK

line con 0

line vty 0 4

login

end

6.1.6 IP Addressing in Router Fast Ethernet Port

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

6.1.7 IP Addressing in Router Serial Port Connected to Public IP

interface Serial0/1/0

ip address 90.0.0.1 255.0.0.0

P a g e 94 | 141
WIDE AREA NEWORK

clock rate 64000

6.1.8 IP Addressing in Router Serial Port Not Connected to Public IP

interface Serial0/1/0

ip address 90.0.0.2 255.0.0.0

6.1.9 Setting Static IP to Client and Server Computer

P a g e 95 | 141
WIDE AREA NEWORK

6.1.10 Configuring Wi-Fi Hotspot

Fig:1 Basic Setup of WIFI

P a g e 96 | 141
WIDE AREA NEWORK

Fig: 2 Wireless Setting of Solution Network

P a g e 97 | 141
WIDE AREA NEWORK

Fig: 3 Wireless Security of Solution Network

According to configuration of Wi-Fi, we have used Solution Network SSID and password is
hello@123. The Security mode is WPA 2 Personal. In this security mode password can be
encrypted by either AES or TKIP or both algorithm but we have used AES encryption It is clear
that WEP encryption does not provide sufficient wireless network security and can only be used
with higher-level encryption solutions (such as VPNs). WPA is a secure solution for upgradable
equipment not supporting WPA2, but WPA2 will soon be the standard for wireless security.

P a g e 98 | 141
WIDE AREA NEWORK

According above scenario we have used EIGRP routing protocol because some reasons are
below:

Enhanced Interior Gateway Routing Protocol (EIGRP) is a unique Cisco innovation. Highly
valued for its ease of deployment and fast convergence, EIGRP is commonly used in many large
Enterprise networks. EIGRP maintains all of the advantages of distance-vector protocols, while
avoiding the concurrent disadvantages.

EIGRP is a simple protocol to understand and deploy. It's IPv6-ready, scales effectively in a
well-designed network, and provides extremely quick convergence times. Other EIGRP
advantages include:

 Easy transition to IPv6 with multi-address family support for both IPv4 and IPv6 networks.

 Superior scaling of Interior Gateway Protocol (IGP) for large dynamic multipoint (DM)
VPN deployments

 Very fast rapid convergence times for changes in the network topology

 Only routing table changes, not the entire routing table, are propagated, when a change
occurs

 More efficient use of links, through equal cost multipath (ECMP) and unequal cost load
sharing

EIGRP is an enhanced distance-vector protocol, relying on the Diffused Update Algorithm


(DUAL) to calculate the shortest path to a network.

P a g e 99 | 141
WIDE AREA NEWORK

6.1.10. Test Lab of Solution Network

Task 7

Critically review and test the WAN technologies components in the previous task. [3.3, M3]

Note: Evidence will be provided by a test plan and subsequent test results. Screen shots may be
relevant.

Any test failures should be explained, with reasons.

Test Number Test Description Intended Results Actual Result with screen shot Actions

P a g e 100 | 141
WIDE AREA NEWORK

In order to obtain M3, you must make sure that the communication has taken place in familiar
and unfamiliar contexts. Your answer should sound technical as well as should be suitable for
non-technical audiences also you need to submit the slides and presentation observation report.

7.1 Introduction:

Solution Net is being an emerging network service provider is interested to upgrade its current
Network System. The current Network systems provides various network supports, sells network
devices and provide fast internet for the corporate and end users. But now with the increasing
competition and aim of expanding its business to the whole country, they have planned to expand
the business to major cities namely, Bhaktpur, Kavre, Banepa and Dhulikhel. Further that the
organization has planned to increase the productivity of the company and increase the security.

The new proposed system of Solution Net involves, significant changes and addition of devices.
It has planned to provide cable internet and Wi-Fi access to its clients from all the branch offices.
The new basic physical network architecture will require several upgrades in hardware that
address these incompatibilities and older technologies. The result will be higher speeds, more
reliability, and easier maintenance of network components. The upgraded hardware will use upto-
date, compatible technologies that will greatly facilitate troubleshooting and maintenance as well
as resolve the slow access times that are currently being reported.

P a g e 101 | 141
WIDE AREA NEWORK

Test Test Intended Actual Result Action


Number Description Result

1 Testing Show all 1.1.Test in Kathmandu Router>en


Routing the
Strategy and routing Router>sh ip
neighbor strategy
Discovery and
route
neighbor
Discove
ry

1.2.Test in Bhaktpur

P a g e 102 | 141
WIDE AREA NEWORK

1.3.Test in Kavre

P a g e 103 | 141
WIDE AREA NEWORK

1.4.Test in Banepa

P a g e 104 | 141
WIDE AREA NEWORK

1.5.Test in Dhulikhel

P a g e 105 | 141
WIDE AREA NEWORK

2 Neighbor Should 2.1. Test in Kathmandu Router>en


discovery discover
all Router>sh cdp ne
neighbor
network

2.2. Test in Bhaktpur

P a g e 106 | 141
WIDE AREA NEWORK

2.3. Test in Kavre

2.4. Test in Banepa

2.5 Test in Dhulikhel

3 Communica Should 3.1. Test from Bhaktpur Router>en


tion Test successf

P a g e 107 | 141
WIDE AREA NEWORK

from Head ully ping Router>ping


Office to from Destination ip
Branch head address
Office office to
branch 3.3. Test from Kavre
office

3.4. Test from Banepa

3.5 Test from Dhulikhel

4 Communica 4.1. Test from Bhaktpur Router>ping


tion Test Destination ip
from Branch address
Office to
Head Office

4.2. Test from Kavre

P a g e 108 | 141
WIDE AREA NEWORK

4.3. Test from Banepa

4.4. Test from Dhulikhel

P a g e 109 | 141
WIDE AREA NEWORK

5 Internet Should From browser we


Access to show the have given a
Clients web www.solutionnetw
page ork.com link.

7.2 Above Testing can be shown in Tabular format as given below

Testing Date What was Tested Remarks

1/5/2018 Routing Strategy in head office with Neighbor Device Detection Success
and communication Test with ping Tool.

1/5/2018 Routing Strategy in branch office Bhaktpur with Ping tool. Success

1/5/2018 Routing strategy in Branch office Kavre with Ping toll. Success

1/5/2018 Routing strategy in Branch office Banepa with Ping toll. Success

1/5/2018 Routing strategy in Branch office Dhulikhel with Ping toll. Success

1/5/2018 Communication Test from Kathmandu to all Branch. Success

P a g e 110 | 141
WIDE AREA NEWORK

1/5/2018 Communication Test from Branch offices to Head office. Success

1/5/2018 Internet access in client. Success

7.3 Test Lab of Solution Network

Following is the screen shot of a test lab prepared for a Solution Network as per requirement which
are connected to public IP.

P a g e 111 | 141
WIDE AREA NEWORK

P a g e 112 | 141
WIDE AREA NEWORK

7.4 Test Result

On testing and evaluating the various test results, devices and protocols are adequate in order to
meet the requirement of the Solution Net. But in case there comes to be a problem in any one
intermediary devices, than there would be the interruption in the network attached to that devices.
Currently we have been implementing the switch and spoke mechanism in order to have the
communication between the various branches. This has a disadvantages that the communication
becomes very slow, as each branch have to first communicate with the headquarter before
communicating with any other branches.

Similarly, it was found that there was no security implemented in any of the devices. The device
could be accessed without having any authentication criteria. This may cause to have a loophole
in the network security.

Currently, we are using Eigrp as a routing protocol, but once the company expand then it is not
suitable to use EIGRP. So, it would be better to use OSPF. EIGRP is not a good choice for a big
network. This is also a restriction of distance-vector routing protocol (like RIP, RIPII). If EIGRP
be a routing protocol for a big network, we can separate the network into different EIGRP domain,
then import routing table to each other, but it is not a optimal network design, and very few
network has been designed like this.

Task 8

Monitor and troubleshoot the WAN and Resolve WAN issues to improve security, reliability and
performance [4.1, 4.2]

Consider: Monitoring tools, traffic, bandwidth, methodology etc.

P a g e 113 | 141
WIDE AREA NEWORK

Note: using any suitable tools, any troubleshooting methodology you need to present your answer
with the support of every actions you have performed. Different monitoring tools and techniques
and you need to recommend best practice and troubleshoot steps for issues found too.

8.1 Introduction:

Solution Networks Pvt. consists of the vast networking that needs to be managed for the
proper functioning that provides the effective and productive services to the customers.
Monitoring and troubleshooting are the ways to keep WAN over-viewing the
performance. It helps to analyze and evaluate the ISP infrastructure. It allows us to use
different tools to determine the cause of problems in different application, carrier
network infrastructure and network devices (Gareiss, n.d.). While an intrusion detection
system monitors a network for threats from the outside, a network monitoring system
monitors the network for problems caused by overloaded or crashed servers, network
connections or other devices.

For example, to determine the status of a web server, monitoring software may
periodically send an HTTP request to fetch a page. For email servers, a test message
might be sent through SMTP and retrieved by IMAP or POP3.

Commonly measured metrics are response time, availability and uptime, although both
consistency and reliability metrics are starting to gain popularity. The widespread
addition of WAN optimization devices is having an adverse effect on most network
monitoring tools, especially when it comes to measuring accurate end-to-end response
time because they limit round trip visibility.

P a g e 114 | 141
WIDE AREA NEWORK

Status request failures, such as when a connection cannot be established, it times-out, or


the document or message cannot be retrieved, usually produce an action from the
monitoring system. These actions vary, an alarm may be sent (via SMS, email, etc.) to
the resident sysadmin, automatic failover systems may be activated to remove the
troubled server from duty until it can be repaired, etc.

8.2 We monitor to provide:

 Performance tuning: improve service by balance overload, tunes and optimize system,
Improving QoS, over utilizing resources etc.
 Trouble shooting: prevent crisis mode, availability, maximize productivity
 Planning: performance trends are understood
 Expectations : Distributed System are set for expectations
 Security: secure network against unauthorized access
 Accounting: Solar winds, Cisco network assistant tools, Observium are used for
monitoring the network performances.

8.3 Reason for making monitoring so crucial:

1. Distributed environment (Clients/server):


 It critically relies on network function
 It is different from central environment
2. Network growth:
 Exponential increment of the devices
 Traffic doubling
 Increment of network coverage
3. Complexity:

P a g e 115 | 141
WIDE AREA NEWORK

Results Reasons

 Various configurable devices like  QoS is decreased


routers, switch etc  Application are not supported
 Various network management  Support effectiveness are decreased
applications like probe management,
NMS etc.
 9 server platforms like WNT, VMS,
MacOS etc.
 Vendor MIB are of 9 types

Reduced resources:
 budgets increasingly constrained
 Lack of experienced personnel

Various troubleshooting methodologies are used for monitoring the WAN using the various tools:

8.4. Monitoring network performance using Spiceworks:

Spiceworks is a monitoring tools that formed in early 2006 by Scott Abel, Jay Hallberg,
Greg Kattawar, and Francis Sullivan to provide a Facebook-like community integrated with
a free ad-supported. It headquarters is in Austin, Texas. It monitors the network and alert
admins about the changing environment.

P a g e 116 | 141
WIDE AREA NEWORK

8.5 Packet loss monitoring:

Fig: 1 Packet loss monitoring

P a g e 117 | 141
WIDE AREA NEWORK

8.6 Monitoring Antivirus:

Fig: 2 Monitoring Antivirus

P a g e 118 | 141
WIDE AREA NEWORK

8.7 Monitoring network application and their setting:

Fig: 3 Monitoring network application and their setting

P a g e 119 | 141
WIDE AREA NEWORK

8.8 Enterprise network map:

Fig: 4 Enterprise network map

P a g e 120 | 141
WIDE AREA NEWORK

8.9 VM monitoring:

Fig: 5 VM monitoring

P a g e 121 | 141
WIDE AREA NEWORK

8.10 Wireless monitoring:

Fig: 6 Wireless monitoring

P a g e 122 | 141
WIDE AREA NEWORK

8.11 NMP by top 10:

Fig: 7 NMP by top 10

P a g e 123 | 141
WIDE AREA NEWORK

8.12 Network Monitoring using Veeam:

8.12.1 Traffic monitoring:

Fig: 8 Traffic monitoring

8.12.2 Bandwidth monitoring:

P a g e 124 | 141
WIDE AREA NEWORK

Fig: 9 Bandwidth monitoring

8.12.3 Monitoring threat and warning:

Fig: 10 Monitoring threat and warning

P a g e 125 | 141
WIDE AREA NEWORK

8.12.4 Monitoring for VMware Infrastructure

Fig: 11 Monitoring for VMware Infrastructure

P a g e 126 | 141
WIDE AREA NEWORK

8.12.5 Monitoring free edition:

Fig: 12 Monitoring free edition

P a g e 127 | 141
WIDE AREA NEWORK

8.12.6 Monitoring the networking:

Fig: 13 Monitoring the networking

P a g e 128 | 141
WIDE AREA NEWORK

8.12.7 Monitoring the server:

Fig: 14 Monitoring the server

8.12.8 Monitoring the performance management:

Fig: 15 Monitoring the performance management

P a g e 129 | 141
WIDE AREA NEWORK

8.12.9 Monitoring the devices of the system:

Fig: 16 Monitoring the devices of the system

P a g e 130 | 141
WIDE AREA NEWORK

8.12.10 Monitoring the configuration-electro intro websites.

Fig: 17 Monitoring the configuration-electro intro websites.

P a g e 131 | 141
WIDE AREA NEWORK

8.13 Monitoring Network using Cisco Configuration Assistant Tool

8.13.1 Cisco provides the automatic configuration assistant:

Fig: 18 Automatic configuration assistant

P a g e 132 | 141
WIDE AREA NEWORK

8.13.2 Cisco monitoring the router management:

Fig: 19 Cisco monitoring the router management

P a g e 133 | 141
WIDE AREA NEWORK

8.13.3 Cross-Launching Cisco SDM

Fig: Cross Launching Cisco SDM

8.13.4 Power usage by IP Phones and Wireless Access Points

Fig: 21 Power usage by IP Phones and Wireless Access Points

P a g e 134 | 141
WIDE AREA NEWORK

8.14 Benefits of above monitoring tools:

Spiceworks

Benefits:  It helps in detection, diagnosis & resolution of network issues before


outages occur.
 Tracks response time, availability & uptime of routers, switched & other
SNMP-enabled devices.
 Automatically discovers SNMP-enabled network devices and deploys
them.

Purpose : To test network performance of different networking devices

Veeam

benifits  Real time interface traffic graphing.


 Monitoring CPU, Memory and Storage statistics.
 Interface traffic, packet and detailed error statistics.
 Temperature, Fan Speed, Voltage, Amperage, Power, Humidity and
Frequency sensors are shown.

P a g e 135 | 141
WIDE AREA NEWORK

 VMware virtual machine tracking.

Purpose: To view statistics of different networking devices.

Cisco Network Assistant Tool

Benefits  Discovered network are shown in map in form of topology.


 Information to lifecycle can be directly access using Cisco Active
Advisor.
 Network errors and alarm thresholds are notified.
 Common network issues are trouble-shooted.
 Inventory reports and health monitoring

Purpose: To configure different cisco networking devices via. Remote telnet access.

15. Conclusion:

Thus above tools have helped to study the network and devices status and its performance. The
problem can be easily detected and maintained according to the requirements. This has helped to
increase the efficiency effectively in the network structure.

P a g e 136 | 141
WIDE AREA NEWORK

Task 9

Critically evaluate the performance of the WAN. [4.3]

Consider: network monitoring tools, user access, traffic analysis, bandwidth monitoring, checking
configuration and checking rules.

9.1 Introduction

WAN performance estimation and general outline are as a rule altogether affected by the
relentless climb in the quantity of portable laborers and remote areas, particularly among
organizations that contend universally. The requirement for development in these regions
was at first determined by two contemplations: The yearning to bring store network assets
closer to clients in the field, and a push to cut expenses by offloading a portion of the
system figuring assets to remote areas.

9.2 Evaluating WAN Performance

9.2.1 User Access

With the use of user access control, we can protect our PC from hackers/attackers and
malicious software. User access control facilitates us by seeking permissions at the time
of making any major changes to our computer. In Windows 7, UAC is currently less

P a g e 137 | 141
WIDE AREA NEWORK

meddling and more adaptable. Less Windows 7 projects and errands oblige your assent.
In the event that you have director benefits on your PC, you can likewise calibrate UAC's
warning settings in Control Panel.

9.2.2 Traffic Analysis

Traffic analysis is a special type of inference attack technique that looks at communication
patterns between entities in a system. "Traffic analysis is the process of intercepting and
examining messages in order to deduce information from patterns in communication. It
can be performed even when the messages are encrypted and cannot be decrypted. In
general, the greater the number of messages observed, or even intercepted and stored, the
more can be inferred from the traffic. Traffic analysis can be performed in the context of
military intelligence or counter-intelligence, and is a concern in computer security."
Knowing who's talking to whom, when, and for how long, can sometimes clue an attacker
in to information of which you'd rather she not be aware. The size of packets being
exchanged between two hosts can also be valuable information for an attacker, even if
they aren't able to view the contents of the traffic (being encrypted or otherwise
unavailable). Seeing a short flurry of single-byte payload packets with consistent pauses
between each packet might indicate an interactive session between two hosts, where each
packet indicates a single keystroke. Large packets sustained over time tend to indicate file
transfers between hosts, also indicating which host is sending and which host is receiving
the file. By itself, this information might not be terribly damaging to the security of the
network, but a creative attacker will be able to combine this information with other
information to bypass intended security mechanisms.

P a g e 138 | 141
WIDE AREA NEWORK

9.2.3 Bandwidth Monitoring

Bandwidth is the communication capacity of a network. When you use the Internet, you
are using bandwidth. Bandwidth is used in both directions, i.e. for uploads and downloads.

Data flows quickly and smoothly when the amount of traffic on the network is small
relative to its capacity When the amount of traffic nears the capacity of the network, the
speed at which data travels begins to drop. When students on the residence hall network
share large amounts of data, which could include music and movie files, the speed of the
network decreases for everyone in the residence halls. Similarly, very large data transfers
using the campus network affect availability for everyone on the campus network. For
this reason, UCSC has some bandwidth limitations.

Network administrators pay attention to network traffic as one method to manage the
resource and ensure that bandwidth is available for academic, research and administrative
uses in alignment with the University’s mission. At UCSC, we take privacy very
P a g e 139 | 141
WIDE AREA NEWORK

seriously. ITS monitor the quantity of our usage, not the content of our usage. We monitor
network traffic/bandwidth strictly to protect the quality of the network service.

9.2.4 Checking Configuration

In computing, configuration files, or config documents design the beginning settings for
some machine programs. They are utilized for client applications, server techniques and
working framework settings. The records are regularly composed in ASCII (once in a
while UTF-8) and line-arranged, with lines ended by a newline or carriage return/line
food pair, contingent upon the working framework. They may be viewed as a
straightforward database. A few applications give apparatuses to make, change, and check
the sentence structure of their setup documents; these occasionally have graphical
interfaces. For different projects, framework heads may be relied upon to make and alter
documents by hand utilizing a content tool.

P a g e 140 | 141
WIDE AREA NEWORK

P a g e 141 | 141

You might also like