|
|
| Line 1: |
Line 1: |
| − | ==CA - Network design for high availability==
| |
| − | [[:File:Network_design_for_high_availability-CA_description.pdf]]
| |
| | | | |
| − | [[:File:Network_design_for_high_availability-PacketTracerFile.zip]]
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | ===Group justification report===
| |
| − | [[:File:Network_design_for_high_availability-GroupJustificationReport.pdf]]
| |
| − |
| |
| − |
| |
| − | To make the decision of the more suitable network design for the new data center of Dublin Computer School (DCS), we consider the following specification provided in the description of the project:
| |
| − |
| |
| − | *The fact that the business is home grown in Dublin and the organization is expanding rapidly both in Dublin and in many sites around Ireland,
| |
| − | *The growth expected by the Infrastructure Manager,
| |
| − | *The need of a new Moodle system and a CRM system for the Marketing department,
| |
| − |
| |
| − |
| |
| − | We can see that Dublin Computer School (DCS) is, without any doubt, expecting a significant growth for the next years. Therefore, based on this fact, and after evaluating the budget, we decided to go for an ambitious design that ensure not only availability and reliability but also scalability of the network. We have to take into consideration that this data center is going to be used for all the sites around Ireland, where the company is also expecting growing.
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | ====Dublin====
| |
| − | As we have already mentioned, in the Dublin LAN we are going to place the new data center; but also, this network have to be designed to provided end user devices communication (Wired and Wireless).
| |
| − |
| |
| − |
| |
| − | In general, our design is based on the concepts described in the «Campus LAN and Wireless LAN Design Guide» of Cisco [\cite]. We built a hierarchical Three-Tier Design: Core, Distribution and Access layers.
| |
| − |
| |
| − | At the beginning of the project, we though a Two-Tier Design was the most suitable option, but after consider many factors, the expected growing of the network tipped the scale in favor of the Three-Tier Design (See Figure \ref).
| |
| − |
| |
| − |
| |
| − | In Figure see we show the design for the Dublin network. Our design is composed by:
| |
| − |
| |
| − | *A layer 3 switch in the core.
| |
| − | *Two layer 3 distribution switches.
| |
| − | *Four access switches.
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | =====VLANs=====
| |
| − | We created 4 VLANs:
| |
| − |
| |
| − | *VLAN10 (Student)
| |
| − | *VLAN20 (Marketing)
| |
| − | *VLAN30 (HR)
| |
| − | *VLAN40 (Finance)
| |
| − | *VLAN99 (Management)
| |
| − |
| |
| − |
| |
| − | We perform the following settings:
| |
| − |
| |
| − | *We configure the management interface (VLAN99) in every switch with an IP address
| |
| − | *802.1Q Trunk Between the Switches (Manually configuration)
| |
| − | *In the access switches, we configured access ports for the end user devices and server and assigned VLANs to the correct switch interfaces (See Figure XX). The servers interfaces were assigned to the Management VLAN99.
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | =====Rapid spanning tree between switches=====
| |
| − | In our implementation, we made sure root bridge is in a suitable position. To do so, we manually configuring priority to influence the root election:
| |
| − |
| |
| − | *We placed the root bridge in to core of our design for all VLANs
| |
| − | *We placed the root secondary in the distribution level of the network and configure Load Balancing sharing the root secondary between the 2 distribution switches.
| |
| − |
| |
| − | <syntaxhighlight>
| |
| − | MS1(config)#spanning-tree vlan 1,10,20,30,40,99 root primary
| |
| − |
| |
| − | MS2(config)#spanning-tree vlan 1,10,20 root secondary
| |
| − | MS3(config)#spanning-tree vlan 30,40,99 root secondary
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | With this configuration, RSTP is avoiding redundant by blocking port mostly in the access layer.
| |
| − |
| |
| − | Because we did load balancing sharing the root secondary between the 2 distribution switches, and because we are doing «Per-Vlan rapid spanning tree mode», the port blocked would depend on the VLAN. For example, if we consider '''S4'''. The rapid spanning tree protocol is blocking the '''F0/18''' port for the VLANs where the '''root secondary''' is '''MS2'''. However, for the VLANs where the '''root secondary''' is '''MS3''', rapid spanning is blocking the '''Fa0/14''' port. That is why all the ports are shown in green in our network (none of the port in blocked for all VLANs) (See Figure XX).
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | =====Configuring 802 1Q trunk-based inter-VLAN routing=====
| |
| − | No key decisions had to be taken in this part, we just configure 802 1Q trunk-based inter-VLAN routing to provide routing for our multiple VLANs. You can verified all IP addresses and interfaces configured in the Addressing table.
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | =====Wireless access for a GUEST wifi network=====
| |
| − | The GUEST wifi network was configured using a wireless rourters attached to one of the access switches. In Figure XX we show the configuration performed. We attached the wireless router to VLAN10 and created a new wifi network. A DHCP server was also enable in the wireless router so the devices were are able to request an IP via DHCP (Figure xx)
| |
| − |
| |
| − | Some security configurations were also performed:
| |
| − | * We configured a passphrase for the GUEST network: duboffice2019
| |
| − | * Enable encryption.
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | ====WAN====
| |
| − | We created a WAN network connecting a total of 5 sites: Dublin, Galway, Limerick, Cork and Sligo. You can see the IP addresses in the Addressing table. They corespondent to the 10.0.0.0 network.
| |
| − |
| |
| − |
| |
| − | We make sure to include redundant paths between Dublin and Galway, which is the main concern of our WAN.
| |
| − |
| |
| − |
| |
| − | We configured OSPF Routing Protocol. OSPF is a widely used protocols with one of the lower Administrative Distance (110). That is why, in case of multiple routing protocols configured in a router (such as RIP or IS-IS), OSPF would be the defauld one and used to route packets. OSPF is able to determine the shortest path to a destination by adding the costs of each path to reach a destination.
| |
| − |
| |
| − |
| |
| − | <br />
| |
| − | ====Addressing table====
| |
| − | {| class="wikitable" style="margin: 0 auto;"
| |
| − | |+
| |
| − | !
| |
| − | !Device
| |
| − | !Interface
| |
| − | !IP Address
| |
| − | !Subnet Mask
| |
| − | !Default Gateway
| |
| − | !Comments
| |
| − | |-
| |
| − | | rowspan="28" |'''Dublin'''
| |
| − | | rowspan="9" |'''R1'''
| |
| − | |G0/1.1
| |
| − | |172.16.1.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/1.10
| |
| − | |172.16.10.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/1.20
| |
| − | |172.16.20.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/1.30
| |
| − | |172.16.30.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/1.40
| |
| − | |172.16.40.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/.1.99
| |
| − | |172.16.99.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |S0/0/0
| |
| − | DCE
| |
| − | |10.16.1.1
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |S0/0/1
| |
| − | |10.16.2.1
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |S0/1/0
| |
| − | DCE
| |
| − | |10.16.3.1
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''MS1'''
| |
| − | |VLAN 99
| |
| − | |172.16.99.11
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |Root primary for all VLANs
| |
| − | |-
| |
| − | |'''MS2'''
| |
| − | |VLAN 99
| |
| − | |172.16.99.12
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |Root secondary for VLAN 1, 10, 20
| |
| − | |-
| |
| − | |'''MS3'''
| |
| − | |VLAN 99
| |
| − | |172.16.99.13
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |Root secondary for VLAN 30, 40, 99
| |
| − | |-
| |
| − | |'''S1'''
| |
| − | |VLAN 99
| |
| − | |172.16.99.21
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''S2'''
| |
| − | |VLAN 99
| |
| − | |172.16.99.22
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''S3'''
| |
| − | |VLAN 99
| |
| − | |172.16.99.23
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''S4'''
| |
| − | |VLAN 99
| |
| − | |172.16.99.24
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''Server1'''
| |
| − | |G0
| |
| − |
| |
| − | (vlan99)
| |
| − | |172.16.99.80
| |
| − | |255.255.255.0
| |
| − | |172.16.99.1
| |
| − | |
| |
| − | |-
| |
| − | |
| |
| − | |G1
| |
| − |
| |
| − | (vlan99)
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''Server2'''
| |
| − | |G0
| |
| − | (vlan99)
| |
| − | |172.16.99.82
| |
| − | |255.255.255.0
| |
| − | |172.16.99.1
| |
| − | |
| |
| − | |-
| |
| − | |
| |
| − | |G1
| |
| − | (vlan99)
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''PC1'''
| |
| − | |NIC
| |
| − | (vlan10)
| |
| − | |172.16.10.51
| |
| − | |255.255.255.0
| |
| − | |172.16.10.1
| |
| − | |
| |
| − | |-
| |
| − | |'''PC2'''
| |
| − | |NIC
| |
| − | (vlan20)
| |
| − | |172.16.20.52
| |
| − | |255.255.255.0
| |
| − | |172.16.20.1
| |
| − | |
| |
| − | |-
| |
| − | |'''PC3'''
| |
| − | |NIC
| |
| − | (vlan30)
| |
| − | |172.16.30.53
| |
| − | |255.255.255.0
| |
| − | |172.16.30.1
| |
| − | |
| |
| − | |-
| |
| − | |'''PC4'''
| |
| − | |NIC
| |
| − | (vlan40)
| |
| − | |172.16.40.54
| |
| − | |255.255.255.0
| |
| − | |172.16.40.1
| |
| − | |
| |
| − | |-
| |
| − | | rowspan="2" |'''Wireless router0'''
| |
| − | |Internet setup
| |
| − | |172.16.10.101
| |
| − | |255.255.255.0
| |
| − | |172.16.10.1
| |
| − | |
| |
| − | |-
| |
| − | |Network setup
| |
| − | |172.16.50.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''Laptop1'''
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''Laptop2'''
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | | colspan="7" | -
| |
| − | |-
| |
| − | | rowspan="4" |'''Limerik'''
| |
| − | | rowspan="3" |'''R2'''
| |
| − | |S/0/0/0
| |
| − | |10.16.1.2
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |S/0/0/1
| |
| − | DCE
| |
| − | |10.16.4.1
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/0
| |
| − | |172.18.1.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''PC7'''
| |
| − | |NIC
| |
| − | |172.18.1.57
| |
| − | |255.255.255.0
| |
| − | |172.18.1.1
| |
| − | |
| |
| − | |-
| |
| − | | colspan="7" | -
| |
| − | |-
| |
| − | | rowspan="9" |'''Galway'''
| |
| − | | rowspan="3" |'''R3'''
| |
| − | |S0/0/1
| |
| − | |10.16.4.2
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | | rowspan="3" |'''Standby router in HSRP'''
| |
| − | Slow path
| |
| − | |-
| |
| − | |S0/1/1
| |
| − | |10.16.5.1
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |-
| |
| − | |G0/1
| |
| − | |172.17.1.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |-
| |
| − | | rowspan="2" |'''R4'''
| |
| − | |S0/0/0
| |
| − | DCE
| |
| − | |10.16.6.1
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | | rowspan="2" |'''Active router in HSRP'''
| |
| − | (Because the other path is slow)
| |
| − | |-
| |
| − | |G0/0
| |
| − | |172.17.1.2
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |-
| |
| − | |'''Switch0'''
| |
| − | |VLAN 1
| |
| − | |172.17.1.6
| |
| − | |255.255.255.0
| |
| − | |<code>172.17.1.254</code> (virtual IP for <code>HSRP</code>) <s>172.17.1.1</s>
| |
| − | |
| |
| − | |-
| |
| − | |'''Switch1'''
| |
| − | |VLAN 1
| |
| − | |172.17.1.7
| |
| − | |255.255.255.0
| |
| − | |<code>172.17.1.254</code> (virtual IP for <code>HSRP</code>) <s>172.17.1.2</s>
| |
| − | |
| |
| − | |-
| |
| − | |'''PC5'''
| |
| − | |NIC
| |
| − | |172.17.1.55
| |
| − | |255.255.255.0
| |
| − | |<code>172.17.1.254</code> (virtual IP for <code>HSRP</code>) <s>172.17.1.1</s>
| |
| − | |
| |
| − | |-
| |
| − | |'''PC6'''
| |
| − | |NIC
| |
| − | |172.17.1.56
| |
| − | |255.255.255.0
| |
| − | |<code>172.17.1.254</code> (virtual IP for <code>HSRP</code>) <s>172.17.1.2</s>
| |
| − | |
| |
| − | |-
| |
| − | | colspan="7" | -
| |
| − | |-
| |
| − | | rowspan="4" |'''Cork'''
| |
| − | | rowspan="3" |'''R5'''
| |
| − | |S0/0/0
| |
| − | |10.16.6.2
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |S0/0/1
| |
| − | DCE
| |
| − | |10.16.2.2
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/0
| |
| − | |172.19.1.1
| |
| − | |255.255.255.0
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |'''PC8'''
| |
| − | |NIC
| |
| − | |172.19.1.58
| |
| − | |255.255.255.0
| |
| − | |172.19.1.1
| |
| − | |
| |
| − | |-
| |
| − | | colspan="7" | -
| |
| − | |-
| |
| − | | rowspan="4" |'''Sligo'''
| |
| − | | rowspan="3" |'''R6'''
| |
| − | |S0/1/0
| |
| − | |10.16.3.2
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |S0/1/1
| |
| − | DCE
| |
| − | |10.16.5.2
| |
| − | |255.255.255.252
| |
| − | |
| |
| − | |
| |
| − | |-
| |
| − | |G0/0
| |
| − | |172.20.1.1
| |
| − | |255.255.255.0
| |
| − | |c
| |
| − | |
| |
| − | |-
| |
| − | |'''PC9'''
| |
| − | |NIC
| |
| − | |172.20.1.59
| |
| − | |255.255.255.0
| |
| − | |172.20.1.1
| |
| − | |
| |
| − | |}
| |
