Task 1: Proposed Design and Shortcomings of the Existed Network
This report is focused around Beyond 4G which is a young company and specialist in the development of next generation wireless communication devices and application. Currently, they are planning to extend their business by reaching to number of countries. Most of their existed headquarters are located in the US which are connected via high speed fibre based broadband. Their second division is located in India which is a software development centre where most of the post R&D software developments occur. B4G also has a division within New Delhi office focusing on sales into the Indian market. They want to open two major head office in different countries in order to begin marketing and sales operation in those countries. The executives committee has identified the need of a new IT infrastructure which would be capable of meeting the future and current demands. They want an IT infrastructure with high security, scalable functionality.
Beyond 4g has already extended their business to number of countries. In different countries they have also several head offices. Majority of the headquarters are located in the US in the California, San Jose, Silicon Valley. B4G also has a division within New Delhi office focusing on sales into the Indian market. Now, they want to extend their business in Sydney and Beijing as they are planning to introduce new offices in these areas. Now an enterprise campus area network is designed which will be adopted in every head office in order to enable high performance, manage accounting process, configure management and proper fault management technologies.
Figure 1: Network Design
The proposed design showcase the connection and configuration among R&D building and head office through distribution switches. The head office of the Beyond 4G is mainly consist of three different layer as access layer, aggregation/distribution layer and core layer. Internet service provider internet connection through a weird router which is connected to a firewall for security. Firewall provides basic security to prevent unwanted application from the network devices. The firewall is configured with the head office distribution switch. The core layer is composed of Dcentre-SW which is a data centre switch. This switch is connected with four server to store information which are generated from several department. The distribution layer is consist of a multilayer switch DSW-IT-Infra which is connected to a multilayer switch situated in the R&D building via underground high speed fibre. There are five floors in which several departments are consisted. In order to communicating with every department, wireless controllers are placed in every floor which are connected with respective switches. This switches are act as a bridge between the core layer and access layer. Several departments such as management, engineering, sales, HR, account, contactor are connected through this switch to enable data flow. In the above design, two typesof switches are used. Level 3 switches are distribution switch and the floor switches are level 2 switch. Level 3 switches are capable of packet filtering and also supports complex policy implementation such as quality of service.
Task 2: Technologies and Methodologies to be used in the Proposed Design
An optimal campus area must comprised with enhanced security and have the capability to manage issues and configuration in order to provide better performance. Even though their current system is capable functioning the requited operation, some vulnerability is found associated with security concerns which are followed.
- The network is designed in star topology for controlling every host effectively which also requires less managing concern. However, star topology has several drawback and centric connection is one of the most vital one. In the proposed design, DSW_IT_infra act as a parent device and every other network is connected with it as it controls the whole network. If technical faults occurs in the switch, the whole system will fails as other devices would not be able to communicate with each other.
- Even though the current network is capable of providing required communication effectively, it lacks to provide nonstop communication. These cannot be achieved from the above network. To gain such flexibility, Beyond 4G must develop a new infrastructure which capable of offering operational manageability, integrated security, application intelligence and nonstop communication.
- Interference and overlapping degrades overall performance of the network. Optimal communication among different network devices and data centre is interrupted.
- Moreover, overlapping and interference of data packets might take place while routing data packets.
- The proposed network is comprised with just a firewall which provide basic security, the R&D building is also open and unprotected without any firewall. The lack of required firewall and other security measures can lead to serious damage in their business.
The new architecture must be designed with optimal redundant devices which are capable of providing high security and scalable performance as well. As Beyond 4G does not provide any budget limit for implementing the infrastructure, high and scalable devices can be integrated in order to develop a high available network. Hierarchical network order can be used to build the new infrastructure to construct a high performance network. The core layers must composed with multiple high performance nodes which are capable of offering high bandwidth along with optimal capacity os services. It is always better to use two centre core node as if one of them fails for any reason, the whole network will not fail totally. Some functions can still use by re configuring the connection with other layers. Distribution layer must comprised with two-distribution switch which must capable of support every distribution block.
In order to achieve the system-level redundancy, redundant supervisor engines can be utilized along with the redundant power supplies. This approach can enable high availability and optimal performance. Dual connection can be used in distribution layer switches in order to redundant the default gateway. VRRP and GLBP can be used to achieve this goal.
Figure 2: network design to improve redundancy
Layer 4 devices must be kept superior to layer 2 devices in order to enhance the scalability of the core network. Reducing the serviceability and determinism can decrease the availability while utilizing few redundancy links as shown in the above figure. This approach can be useful to keep redundancy simple in order to achieve high availability. Sometime, one extra switch can be used as instance for the existing switch to achieve the redundancy as it behaves as spanning tree protocol root.
For designing the network solution for B4G is created the requirement of the organization is analysed and a campus network solution is created. The services that are needed for the management of the different operation are analysed for the development of the network solution. The main criteria of the development of the network solution is the security, scalability and reliability of the network framework. For the improvement of the flow of data traffic in the network the network is divided into different subnet and each of the department is connected using different vlan (Teare, Vachon and Graziani 2013). A framework of the network solution is created following the floor plan and the number of users using the system. The design solution is proposed after the identification of the positive and negative effects of the selection of the network configuration methodology and the best methodology is suggested for the development of the network. For the development of the network with vlan the selection of the vlan methodology is important and it can act as a factor for the success of the network. The selection of the appropriate technology is important and it both the technology is evaluated based on the needs of the organization.
Task 3: Threat Analysis and Asset Protection Strategy
The End to End VLAN are created and distributed on multiple switches installed in the network and it allows the user to be connected in the same VLAN assigned to them when the user plugs in to any of the switch. This model is not suitable for the large enterprise network as it generates broadcast message for the multiple switch and with the increase in switch more number of broadcast message are generated which causes more number of network traffic.
The creation of the local VLAN a core switch is used that manages the distribution of the network. The local VLAN is created based on different geographical location and the routing configuration is done on the core switch. It is an appropriate solution for the campus area network for the distribution of the network. For delivering the data packet to the destination address the data traffic is transferred to the local VLAN and distribution via the core switch. The core switch is configured with VTP server and the other local switch are configured with VTP client for automatically fetching the VLAN information from the core switch. With the implementation of the model the generation of broadcast message is reduced and as the traffic flows through a certain path and the switch ports are allowed to access the defined VLAN.
The campus network is designed for increasing the availability of the network and optimizing the access layer. The VLANs are limited for a single closet and the STP/RSTP convergence should be avoided for increasing the reliability of the framework. The switch ports should be configured with trunk protocol and no negotiate such that DTP protocol negotiation is disabled. For increasing the redundancy of the network the layer two switches are connected with each other using different links and for the configuration of the network with spanning tree protocol PVST+ protocol is used for resolving the convergence issues of the network. For the configuration of the interconnection link between the switches and enabling the channel to carry multiple information of the vlan the DTP should be set to on/on and no negotiate such that it avoids the DTP protocol negotiation. The restoration time of a failed link can be decreased with this configuration and save seconds during the network outrage (Kuliesius
and Ousinskis 2013). The vlans that are not in use currently should be pruned manually such that the broadcast messages are not generated and the security of the network is maintained. Connection between the end node and the core switch should be done using a L2 connection and the risk of multiple convergence is eliminated for a single point of failure in the network. The application of the MTBF can reduce the mean time between the failures and applied as a fault tolerance mechanism for increasing the redundancy and availability of the network.
The port aggregation is used for the aggregation of the Ethernet switch ports and ether channel command is used for the configuration of the network. The PaGP helps in creation of an automated fast ethernet channel link and sending PAgP packets for the negotiation of the forming of the channel.
Task 4: Technical Specifications of Layer 3 and Layer 2 devices
For the deployment of the network the current loads and the allocated bandwidth for each of the data channels should be analysed for the optimization of the link. A hierarchical network framework is created and steps should be taken for tuning the ether channel and utilizing the link fully. For the use of Ether Channel interconnection L3 and L4 information should be used for the achievement of the utilization (Froom and Frahim 2015). When L3 routing cost is used redundant paths are used for the improvement of the distribution of the loads on the network. The application of load balancing and tuning of the HSRP times can decrease the response time of the network.
For maintaining redundancy in the network different VLANs are created and fibre optics cables are used for interconnecting the network device. The misconfiguration in the network should be avoided with debugging the errors in the network and increasing the usability of the network. The network should be tuned such that the unused VLAN should be restored and pruned manually for the avoidance of the propagation of the broadcast message. HSRP and GLBP should be implemented for the management of the convergence for the proposed hierarchical design (Carapola 2016). The deployment of the Quality of service for the end to end channel can help in mitigation of the risk associated with the development of the network framework. For increasing the scalability of the network framework the VLANs should be created for the access layer switch and the redundancy should be kept simple. Some protection plan should be created and the switches should be configured with spanning tree protocol for optimizing the current network framework.
Mitigation of Threats based on Failure of Networks
The failure of networks during the connection of systems is a major form of problem. Hence there should be some form of ways in which the failure of networks during the times of connection could be resolved. This form of alternate networking path would be majorly be helpful for dealing with the failure of network connection issues. These different kinds of alternate paths would be helpful for reducing the rate of failure. The alternate paths could be provided based on the using of instances of devices that would be covered in layer 2 and layer 3 within the network (Behl, Gardiner and Finke 2016). In the particular case of Beyond 4G, there would be one distribution switch, which would be mainly used for the routing of data packets to the intended users. There would be an entire breakdown of network whenever the switch of distribution would fail. Hence, the instances of distribution should primarily be installed based on the new form of infrastructure. They would be able to provide network connection based on certain features based on the technology of Artificial Intelligence (AI). With the use of redundant form of links and aggregation of different ports, there would be non-stop mode of communication between the different devices connected within the network and the users. The network of Beyond 4G would primarily consist of one gateway that would serve as a bridge between the internet service provider (ISP) and the different interconnected devices such as switches and routers that are comprised within the network. There could be some form of situations in which there might be a kind of failure. Hence, first hop redundancy should be mainly used based on the prevention of various different kinds of unforeseen outcomes.
In the recent times, there have been different kinds of hacker groups who would wish to gain control over the entire network. The most common form of threats that could be faced by Beyond 4G include the unauthorized for of access based on hacking activities based within the web centres and data centres. With the rise of the technological period there have been major form of malicious activities that have penetrated within the network that includes Denial-of-Service, spoofing, Man-in-the-Middle attacks, Trojan horses and viruses. It has been reported that in many of the vital cases of hacking, the hacker would mainly target a particular computer that would serve as the main hub for the injecting of worms within the host computing system (Adesemowo and Kende 2015). These worms have the capability of halting the different kinds of performable operations and then would transfer information to a bot. in such of manner, the worm would thus be able to spread to the different parts of the network such as the routers, servers and other parts of the network. With the spread of the worm within the system, it would thus lead to tremendous forms of impacts on the system. Hence it would thus lead to the breakdown of the entire computing systems, which would eventually lead to destruction of data or might also lead to different forms of impact on the affected users.
Based on the review of the processes and the facts based on the system, it could be discussed that Beyond 4G should implement some kinds of measures for the protection of the systems based on the malicious activities:
- The ISPs should be able to improve the quality of their services, which could be very much vital for the protection of the networks based on internet worms and other forms of attacks.
- There should also be a proper form of usage based on firewalls. These devices should be installed at each of the access points. The default kind of gateway based within Beyond 4G would be able to prevent the worms from entering into the network (Balik et al. 2014).
- The networks within the organisation should be able to make use of Dynamic ARP Inspection, port security, DHCP snooping, IP source guard and various IEEE 802.1x tools.
- Whenever an unauthorized switch would be connected within the network, the BDPU guard tool would require the intervention of the operator. The root guard tool would also be able to protect the convergence of STP within the switch.
- Different kinds of strong form of antivirus software should primarily be installed within the servers and within the computing systems. They would hence be able to fight against the Trojans and different malicious viruses.
Conclusion:
From the above discussion, it is identified that beyond 4G new infrastructure requires high quality of redundancy and performance, high availability and strong security. This report also identified some threats associated with the current network as redundancy. The new infrastructure must able to provide optimal service while addressing the threats. The new infrastructure must consist of firewall which provides basic security to prevent unwanted application from the network devices. They want to open two major head office in different countries in order to begin marketing and sales operation in those countries. The executives committee has identified the need of a new IT infrastructure which would be capable of meeting the future and current demands. They want an IT infrastructure with high security, scalable functionality. The new infrastructure should have additionally unified network services, improved performance and so on.
References:
Adesemowo, A.K. and Kende, N., 2015. Students’ Learning Experience of ICT Networking via Simulated Platform at a South African University. In IICE-2015 Proceedings (pp. 65-75).
Balik, L., Horalek, J., Sobeslav, V. and Hornig, O., 2014, August. Remote laboratory for computer networks. In Data Communication Networking (DCNET), 2014 5th International Conference on (pp. 1-7). IEEE.
Behl, A., Gardiner, B. and Finke, J.S., 2016. Implementing Cisco IP Telephony and Video, Part 1 (CIPTV1) Foundation Learning Guide (CCNP Collaboration Exam 300-070 CIPTV1). Cisco Press.
Carapola, S., 2016. The Complete CCNP Wireless: IAUWS Guide.
Froom, R. and Frahim, E., 2015. Implementing Cisco IP switched networks (SWITCH) foundation learning guide:(CCNP SWITCH 300-115). Cisco Press.
Gheorghe, D., Browning, P. and Barinic, D.D., 2014. CompTIA Network+ Simplified: Your Complete Guide to Passing the Network+ N10-005 Exam. Reality Press Ltd.
Gordieiev, O., Lobur, T. and Kozak, R., 2016. Integrating Cisco Systems’ Educational Programs in ICT Security Academic Curricula. Information & Security: An International Journal, 35, pp.151-163.
Kuliesius, F. and Ousinskis, E., 2013. Development of a networking laboratory complex. International Journal of Digital Information and Wireless Communications, pp.335-340.
Nigatu, T.S., 2014. Maritime Transit Services Enterprise networking architecture.
Ranjbar, A., 2014. Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide:(CCNP TSHOOT 300-135). Cisco Press.
Smith, A., 2016. Teaching by Twitter: Extending the classroom via Social Media?.
Teare, D., Vachon, B. and Graziani, R., 2014. Implementing Cisco IP routing (ROUTE) foundation learning guide:(CCNP ROUTE 300-101). Cisco Press.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
