ENTC 425 Project

IP Network Design

Due Dates:
Part 1: Project Proposal

Nov 4th

Part 2: Check-off

Dec 2nd

Project Report:

Turn in during the scheduled

final exam period. (first 15 minutes)

IP Network Design
Objective:
This challenging lab was designed to allow groups of students to design and implement a
small IP network from a real world set of requirements with limited assistance. Upon
completion of this laboratory project, students should have the skills necessary to
efficiently design and implement small corporate networks. This exercise will require
extensive reading and planning outside class hours. A thorough understanding of design
principles and implementation (equipment specific) techniques are necessary to
adequately complete this exercise.
Overview:
You are to design a small corporate network including: an IP Address Scheme, a network
layout, equipment list, and a set of equipment configuration tables. As a network
designer, you will be tasked with providing service that is highly available, secure and
meets the corporations current and future needs.
Problem Statement: Design a corporate network using private IP addresses, for a small
company with at least four subnets for the following major areas: Management,
Engineering, Support Staff, and Common Services. The network must be able to
maintain service in the event of a single router failure with minimal downtime (the less
downtime the better your grade!).
Currently the company employs:
Management:
Engineering:
Support Staff:

6
15
7

The company will most likely grow to three times this size in the near future. The
common services include Mail, DSN, Internet access, File servers and other common
applications shared between the three divisions.
Currently, you must limit your equipment to the following items already purchased by the
small company.
Cisco Switches
Security Products
Cisco Routers
3640 Router (2)
Netgear Switch (3)
VPN concentrator (2)
2622 Router (1)
4003 L3 Switch (1)
PIX Firewall

Evaluation:
One objective of this design project is to produce the best network with the least
resources. A metric of comparison between performance and cost will be dollars, with
low performance costing the corporation money for outage time. Finally, the cost of
implementation will also be included in this report as you must track your efforts on this
project and report an honest number of implementation hours.
Performance Costs In the case of a single router failure, the outage time
necessary for a self-heal >1 minute will be $100/minute. For failures that
require human intervention to complete, the cost will be $5000 + $100/minute for
each minute it takes the team to fix the failure.
Engineering Costs The design engineer should bill himself (internally) at a rate
of $50/hour. This is implementation cost only, design is free as we want you to
spend as much time as necessary designing the system. NOTE: looking up
commands and configuration information (specific to your design) is considered
implementation time as it deals with specific hardware.
Note:
Cables are free, but need to be included in the list of materials.
Cost is only one variable in the overall report evaluation. Special effort should
be made to present your design and complete all requirements of this lab.

IP Network Design Information:

Top-down network design is a good method for producing high quality networks with
appropriate scope and performance. This technique examines a set of needs and produces
an adequate network to fulfill those needs employing good engineering practices. The
basic formula is the following:
1. Understand the business needs of a network. What applications should the
network support? What level of security is required? What is the real cost of a
network failure? What is the network budget? What is the timeframe?
2. Understand the technical wants and needs. Most companies would like the
network to perform well under every possible application, however most of the
desires are wants and not needs. It is very important to understand the
companys needs and wants and to be able to distinguish between them. Will the
network need to scale in the future (by how much)? What is the desired
throughput between each group (within each group)? How much delay is
acceptable? What are the perceived security risks? How adaptable is the
network?
3. Develop a Logical Design. Using the technical and business information, design
a logical network including IP addressing, IP routing, switching/bridging, security
pieces. The logical design uses boxes representing the form and function of a

typical device (router, switch, firewall) but does not contain the detailed
information on performance of each box.
4. Choose appropriate equipment. Choose equipment that will perform the desired
functions specified in the logical design. This is the step in which you order
equipment and specify things like Network Interface Cards (Ethernet, Token-ring,
FDDI, ATM, serial), number of ports, performance enhancements, and
software configurations.
A good reference for network design philosophy is
Top-Down Network Design, Priscilla Oppenhimer, Macmillan Technical Publishing
1999
In the first part of this laboratory, you will take the network design principles outlined in
the above reference and produce a logical network design. For the second part, you will
implement the logical design with available equipment. The third part of this laboratory
will be a critical examination of your logical design after learning from the
implementation phase.

Part 1
Logical Network Design
Objective:
This is the first phase of the IP Network Design Module. In this phase, students will
study and employ good design guidelines to produce a logical network design for a small
company. The pre-lab assignment will address technologies, protocols and networking
techniques discussed in the background. External resources are necessary to adequately
answer the following questions.

Background:
Logical network design begins only after the goals and business needs are fully
developed. Assume the company has performed this very important exercise and has
come to the following conclusions concerning the desired network:
Business Needs
Network will be used for internal distribution of material, it is not intended to
generate revenue.
Sensitive information will be kept within the network in all subnets. Shared files
will be in the Common Services subnet.
Security should address both internal and external threats.
Resources Available
The company has purchased the equipment outlined in the module introduction.
Any additional devices can be used, as long as you can procure (and donate) them
for the laboratory.
Use a private class B address for the entire network.
The ONLY public IP address allowed for this project are the following:

128.119.194.226 128.194.119.233
Timeframe
Part one must be completed by March 22nd.
Supported Applications
The network should support the following applications: Mail, FTP (for allowed
traffic flow), Web browsing, Video conferencing, Hosting, VoIP (H.323).
In addition to the above work, the company has provided some guidance for how it would
like to implement the above goals and needs. The network designer traditionally
performs this work, but for the purpose of this project it has already been decided.

Network designs can vary from the suggestions below, but MUST meet the desires of the
company.
Subnets
There must be at least 4 subnets: Management, Engineering, Support Staff, and
Common Services.
More subnets are acceptable (and encouraged if appropriate).
Permissions for traffic flow
Allow Internet access from all areas.
Do not allow un-solicited requests from the Internet to pass into any portion of the
company.
Management should be able to access all subnets.
Engineering should not be able to access Management
Support staff should not be able to access Management or Engineering subnets.
Since the business needs and network goals have already been discovered, the logical
network design can begin. This is the most important phase within an IP Network Design
effort as decisions are made concerning the network topology, routing protocols, subnet
structure, supported switching protocols, and security policies. A good place to begin the
logical network design is to choose a network topology.
Network topology is the organization of layer three devices within a network (routers).
Some common network topologies include: flat, star, ring, mesh, partial mesh, two-tier,
three-tier. For additional information on network topologies, reference the CCDP: Cisco
Internetwork Design Study Guide.
After choosing a network topology, the IP addressing and routing protocols must be
decided. The most common IP routing protocols are RIP, IGRP, OSPF, BGP, IS-IS,
eBGP, EIGRP, and RIP2. One of the above protocols (eBGP) is designated for external
routes and is aptly defined as the routing protocol of the Internet. The other routing
protocols are used inside the external router. The interior routing protocols can be
compared using the following set of criteria.
Interior Routing Protocol Criteria
Standards based (open standard)
Support for variable-length subnet masks (VLSM)
Support for discontiguous subnets
Scalability
Bandwidth usage (update rates and update size)
Adaptability (automatic) to changes in the network
Host connection access to router information: gateway, proxy ARP, ICMP
Router Discovery Protocol (IRDP), GDP, HSRP (Cisco specific).
Information on routing protocols can be found in your textbook & CCDP: Cisco
Internetwork Design Study Guide, CCNA.

Once the routing protocol has been selected for the internal network, an IP addressing
scheme must be adopted. For this network, the company has chosen to use private
addresses (class B) and also requires Internet access. This requires the use of Network
Address Translation (NAT) whereby a gateway maps internal addresses to a small pool
of public addresses. Therefore an internal client may send a request to the gateway for an
external site. The gateway augments the outgoing IP packet, by replacing the senders
IP address with a public address from an address pool. Packets returning from the
requested site to the public address (the shared one) will be augmented with the original
(internal) source address and passed to the internal network. By using a private address,
the company will allow you to luxury of using a very large number of IP addresses.
Important concepts to understand when deciding on an IP addressing scheme are classful
routing, classless routing, subnet masks, VLSM, discontiguous subnets and secondaries.
Note, no DHCP server has been provided, so one must be obtained if a design calls for it.
After the network topology and IP addressing and routing are chosen, the network layout
can be drawn. In this phase, logical symbols should be used and actual device
characteristics should be ignored (for the most part). Ideally, for example, you would not
concern yourself with the fact that the Cisco 3640 router contains only two Ethernet
ports, if it needs to be connected to four subnets, just draw the connections for this phase.
The details of device specific design will be addressed later. Since the equipment is
already provided in this project, you should consider physical limitations, but do not
allow them to limit your design.
The network layout should undergo iterations as additional IP technology and protocols
are introduced to overcome device-related constraints. It would be nice to have a router
for each subnet, but this is very impractical for small subnets thus different subnets can
share a single router. The following IP protocols should be reviewed in order to achieve
an efficient design.
IP Network Technologies and Protocols
Spanning Tree when and how it should be used
Virtual LAN VLANs
ISL Trunking
Access List Controls (ALC)
Point-to-Point Protocol (PPP)
Security is a very important piece of the logical network design. For experienced
network designers, high-level security issues are the first step in a logical network design.
Since this lab is intended as in introduction to network design, security is considered after
an initial network layout has been decided.
IP network security is a hot button for todays network designers and should be touted
as one of the prime focuses for any corporate network design. Some items which will aid
in your security approach are listed below.

Security Items
Access Control Lists Routers can block access for IP addresses
Device Access Securing administrative interface
Switch access Ethernet switch port and access security
Dial up access AAA Servers (Authentication, authorization and accounting)
Perimeter Security Routers, Bastion Hosts, DMZ, Firewalls
Encryption CET, MD5, DSS, IPSec
Host Password pollicies, software firewalls, VPN accounts
A good reference for security related issues is Ciscos Managing Cisco Network Security
text. Another good reference is Ciscos website www.cisco.com which contains
information on Cisco safe.
Network Features
You must include at least four of the following features in your implemented network
design. For each additional feature implemented, you will gain an additional 5 bonuspoints on the final project grade.
Apache Web Server must include content for the business and allow submission
of comments, and be implemented on LINUX
VPN Use the Cisco 3000 to implement a VPN connect from a lab terminal
around the firewall to access a machine within the Management group.
DNS Configure BIND on a LINUX box. Test by connecting to a web site from
inside the corporate network.
DHCP Configure a DHCP server (or as many as needed) within the network.
Confirm operation through the use of a Windows OS machine.
PIX Firewall Perform network security through the use of the Cisco 515 PIX
firewall (instead of using the LINUX firewall).
Company File Server Setup a file server with any available software/freeware
and make sure it works with Windows OS. Also, make the file server an FTP
server. There should be at least group level authentication.
Mail Server Configure a mail server (many share-ware software packages
available for limited e-mail addresses) and confirm operation. Basic UNIX mail
does not count!!!! You must implement a well known software package.
VoIP Implement a basic VoIP service within the network between sections and
prove it works. Must be a centrally managed solution.

PROJECT PROPOSAL
1.

Compete a logical network design for the small company. Be sure to include the
following items.

Network Design Overview: Re-state goals and desires. Explain your approach to
network design and the type of network topology chosen. Make sure to defend
your choice of network topology. (>2 pages)
IP Addressing and Routing: Explain the choice of routing protocol and provide
an overview of the IP addressing scheme you chose. Make sure to defend your
choices. (>1 page)
Logical Network Design: Show your detailed logical network design. This will
include discussions on networking issues involving redundancy, performance,
security and how the design meets the business goals and needs. Include a
professional diagram of the network with logical symbols (Router, switch,) and
IP addresses for appropriate interfaces, label subnets and show IP addresses
assigned to each. (>4 pages)
Security: Explain your approach to security and discuss how you will secure the
perimeter and enforce internal permissions. (>1 page)

2.

Explain the Network Features you plan to implement and provide detail on what
software packages you plan to use and how you will procure them.

3.

Prepare a 10-minute group presentation to be given in class on Nov 4th.

Part 2
IP Network Implementation
Objective:
The IP Network Implementation phase of the IP design project will require students to
transform the logical network design into a functional IP network. Students must
perform tradeoffs between the logical design and the available hardware configurations.
During this process, students will gain insight into the benefit of certain protocols, in
addition to gaining valuable equipment-specific configuration knowledge. The
conclusion of this section will be a functional network that fulfills the business needs and
goals outlined earlier in this model.
Background:
The implementation phase begins with a Physical Network Design stage. This is the
design stage where network interface connection types and device-specific constraints are
addressed. It will be beneficial for groups to understand the available equipment
explicitly. A brief list of important attributes when choosing network components is
shown below.
Equipment Attributes

Number and types of network interfaces (Ethernet, serial, Token-ring, FDDI, etc)
Speed of each network interface
Processing Speed
Latency
Auto-sensing technology (dont have to set speed on all ports)
Ease of configuration
Manageability
Cost
Technical Support
Device specific attributes
o Bridges: Bridging technologies, WAN technologies, number of MAC addresses
that a learning bridge can learn, filtering speed
o Switches: Throughput in packets per second, support cut-through switching,
auto-detection of half and full duplex, VLAN support, amount of memory
available, and the availability of a routing module.
o Routers: Network-layer protocols supported, routing protocols supported,
support of multi-media applications, support of advanced queuing, compression,
encryption, and packet filtering.

After appropriate devices have been selected, the next phase is the actual implementation
of the IP network. All of the devices used in this exercise are Cisco devices, making
integration a very easy task. In an actual implementation, this is rarely the case and
issues involving compatibility must be addressed between dissimilar devices.
Information on Cisco device configuration can be obtained in Interconnecting Cisco Network Devices and
www.cisco.com.

NETWORK IMPLEMENTATION
Implement your logical network design. Have your TA check-off the implementation.
Connect terminal devices to the network and test if all the subnet rules have been applied.
Attempt to ping the terminal from outside the network. Access the Internet from each of
the four required subnets. Attempt to FTP to a subnet terminal from outside the network.
The final stage of this module is a critical design review. After completing the
implementation, revisit your design and comment on your design choices and how you
would alter your approach, implementation and record keeping on future designs.
The final report for this module should have the following format:
1. Design Project Overview (>2 pages):
Describe the design philosophy and the important goals of the network design
(make sure you address the successfulness of each goal in the conclusion).
2. Logical Network Design (>10 pages):
Update the PROJECT PROPOSAL to reflect the actual implemented network.
Make sure to describe the differences between the original design and the
implemented design.
3. Implementation Notes and Lessens Learned (>4 pages):
Describe specific problems encountered during implementation and discuss in
detail the solutions you found. Please focus on the tougher problems (dont dwell
on cabling issues). Describe how this project, and specifically the
implementation of the network design, will alter your DESIGN of future
networks.
4. IP Design Cost (>2 pages)
List the cost of implementing your design including all implementation manhours ($50/hr per person). Note all hours spent in front of the equipment is
considered implementation hours, any work performed away from the laboratory
is considered training and does not apply to the project costs. Explain methods of
reducing this cost for future designs.
5. Suggestions
Make helpful suggestions on how this module can be improved.
6. Equipment Configurations
Include the configuration for all equipment used during your check-off.