Architecture Reseau 2
Total Page:16
File Type:pdf, Size:1020Kb
Network Architecture Case Study June 2008 Network Architecture Case Study Amal Balfoul | Amir Jafari Jean-Philippe Kakou-Marceau | Kamel Sahli | Juin 2008 1 Network Architecture Case Study Content Context Chapter 1. Network Infrastructure & Strategy Choices 1. Architecture LAN 2. Architecture WAN 3. IP Addressing Plan & allocation process 4. Security 5. Storage 6. Cabling system Chapter 2. Services 1. Toip 2. Directory 3. DNS 4. SMTP 5. Intranet & Extranet Chapter 3. Deployment and Budget 1. Deployment 2. Global Cost Conclusion | Juin 2008 2 Network Architecture Case Study Context | Juin 2008 3 Network Architecture Case Study This study case aims to describe how big company’s network infrastructure can be built. In our case, we have a headquarter building with 1000 employees, composed of 10 floors and one basement. In addition, we have 10 agencies in France with 50 employees per agency.Our aim is to define the network architecture to rely all the agencies and the headquarter. We have to define all these technology: LAN & WAN architecture IP addressing plan LAN & WAN architecture SAN/NAS LAN interconnection ToIP Security: FireWall, strategy, … Services: DNS, SMTP, Intranet/Extranet Cabling system Server & backup equipment hardware definition Global cost Deployment schedule We are going to show in three parts how we can do for managing architecture conception. In the first part, we will talk about the network infrastructure, which is composed of the LAN, the WAN, IP addressing Plan... Talk about security strategy, storage and cabling system. In the second hand, we will talk about services, how does it run? Which kind of services we can find? And finally, we will talk about deployment and global cost. How does the infrastructure cost? How many times do we need to manage this? | Juin 2008 4 Network Architecture Case Study Chapter 1 Network Infrastructure & Strategy Choices | Juin 2008 5 Network Architecture Case Study 1. Architecture LAN | Juin 2008 6 Network Architecture Case Study We started by dividing our architecture in different segments. First we turn to the sum Head Quarter. Our Head Quarter has 10 floors and a basement. On each floor there are 100 posts, with a shift of 10% over 5 years, a total of 1100 posts over 5 years. It is therefore also 100 telephones per floor and 10 more PC expected on 5 years. Either a total of 1100 posts IP telephone. We chose to set up the phone connected to the switch directly, and the PC connected to the IP phone. On the one hand we are an economy in the number of ports used on the switch and the other, as we have taken POE phones, there is an ease of installation near the PC phones. These IP phones are Cisco 7940G. The distribution takes place through 3 switches arranged in a stack on each floor, or a total of 30 interconnected switches between them GigaEthernet. The switch stack is a set of independent switches at the base that interconnects on a specific interfaces owners broadband in order to administer them as one and especially not to make only one bridge spanning tree level, as there is no spanning tree inside a stack, the forwarding table is common stack, one can not return a frame received on a port to the interior of the stack. The establishment of a stack with these connections requires that the owner switches are glued physically. In fact the setting stack allows for a switch with about 150 ports, hence a high-density concentration of stack cords are usually 1 meter maximum. We also chose the stack where a switch fails, and that this is not the master, ports remaining stack of continuous work. The first master switch is connected to the heart of the 1st switch network, which allows the distribution cascading switches on each floor. We decided to establish a switch Back-up if the switch nominal falls, the Back-up takes his place. This switch Back-up is linked to the 3rd floor of each switch. The heart switches networks are connected to Gigaethernet switches on each floor. 2 These switches are also distributed on the NAS, as before, there's the same Back-up. These switches are connected on different application servers, which themselves are connected to the hard disk. 2 These switches are connected to the firewall. We decide to put up a firewall in back to back because there is only the external interface of the external firewall contains routable IP addresses. With this architecture, the web server or publishing is used to allow traffic to access external servers in the perimeter network. Web publishing or server is also used to allow perimeter network servers to access servers on the internal network. Protocol rules are used to allow outbound traffic from either the perimeter or internal network. There is therefore 2 DMZ, an internal or we place on 2 internal DNS servers, severs TOIP, Radius, Intranet… In the DMZ external we put the Extranet 2seveurs external DNS, DHCP server…. We chose this architecture for optimal security of the LAN party. We asked a router to router for our backup if there is a blackout on the main router. | Juin 2008 7 Network Architecture Case Study For the agency we have a router with its Backup. On this router, we have the function ASA, with a firewall, and a DHCP relay for each agency. As like each floor, we have IP phones. Indeed, we have 50 IP phone and 10% more on 5year, so we have 60 IP phone. We use the same connection as like each floor of the head quarter. We have 2switch in stack, the 2sxitch are connected to the IP phone, with the technology POE, and the PC are connected to the IP Phone correctly. 2. Architecture WAN To connect our 10 agency LANs to the Headquarter, we decided to appeal to a telco. After having study the market, we chose the Neuf Cegetel offer, called 9IPNet, a VPN IP MPLS solution presented as responding to exchanging information, communicate with employees, go to internal applications and Intranet, surfing on the Internet… in safety! 9IPNet MPLS IP VPN is a last generation network offering : - A range of broadband access 100% guaranteed to connect the LAN agencies sites in France and abroad if wanted with rate up to hundred Mbps depending on the type of traffic, bandwidth needs, subject to eligibility and availability - A secure Internet access and related services if wanted (firewall, mailboxes collaborative, domain names….) - The ability to prioritize feeds, and adapt to the information system through the different Class of Service (CoS) available according to the profile of the sites - Contractual SLA - Options security adapted to the criticality of the sites with commitment to quality service : guaranteed rate, Time Warranty Delivery (GTL), Time Warranty Recovery (GTR 4 hours), Time Warranty Availability (GTD) - A solution to access secure for broadband situation mobility through 3G+, 3G, GPRS, WiFi, UMTS - The real-time monitoring of the contract via the Extranet Clients (billing, traffic reports, deployment following…) The benefits for EXAMPLE are : - A core IP network performance with a rate of annual availability of 99,995% - Commitments quality of service strengths - Management of the access router included - A service dedicated Business Clients, and technical assistance 24h/24 and 7d/7 - A single interlocutor, which manages access for employees, applications and Internet safely on site from their homes or on the move | Juin 2008 8 Network Architecture Case Study - Escort services optimized to follow the evolution of the network, establish performance reports - A network ready for a smooth migration to ToIP To connect the Headquarters to the 9Cegetel MPLS network we choice a leased line at 144Mbps, with redundancy, and also a RNIS rescue link is included, and for the LAN agencies, a SDSL link at 8Mbps. SDSL for Symmetric Digital Subscriber Line is a method of transmitting data guaranteeing a rate identical in both directions, from user post to the network infrastructure (or upstream canal) and vice versa (downstream canal). That’s why we chose SDSL technology whereas ADSL. And if the sites can’t be served by terrestrial infrastructure, it remains links by satellites, whose speed can go up to 45 Mbit/s. To connect the nomad people to EXAMPLE VPN from a distant portable PC, we have a multi-access connexion permitted via 3G+, 3G, EDGE, GPRS, UMTS, WiFi or RTC access. Those connexions are systematically secured with IPSEC. A tool kit, SIM Card, PCMCIA card or express card are provided. | Juin 2008 9 Network Architecture Case Study How does IP VPN MPLS work? MultiProtocol Label Switching (MPLS) is a mechanism for transporting data, operating on the layer of data link of the OSI model, at layer 2, therefore below protocols like IP. It was designed to provide a unified service for transporting data for customers using a commutation packets process. One of the most important applications of MPLS protocol is to create Virtual Private Networks, VPN. A VPN is a set of sites of a client that are interconnected together from a shared network infrastructure and who are not aware of the presence of any other sites, of another company client which are also connected to this infrastructure. To create customers VPNs, it is therefore necessary to isolate the flow of each client. To do that, the MPLS label consists of not more than one label (as defined for the basic MPLS use ; RFC 3031) but 2 labels: the first label (outside) identifies the path to the LSR destination, and changes each hop, the second label (interior) specifies VPN ID assigned to the VPN and is not changed between the LSR source and destination LSR.