NETW208 Week7 Final Project - WIDGET CORPORATION

Overview

Widget Corporation is a leading architectural firm headquartered in Toronto, Canada, with a global presence. The company employs approximately 300 people across 10 sites, ranging from a single part-time person in a small office/home office (SOHO) to 150 regular office staff. The headquarters houses four major departments: Design, Human Resources, Marketing, and Sales. Given the increasing demand for the company’s products, there is a critical need to tighten the integration of its customers and partners into the information infrastructure. This expansion and upgrade of the network are vital to maintaining Widget Corporation’s position as an industry leader.

Current Situation

The current network setup of Widget Corporation lacks the necessary redundancy and backup mechanisms, which could lead to significant operational issues in the event of a network failure. The absence of a robust IP addressing scheme also hampers scalability, making it difficult to manage and expand the network efficiently.

1. Redundancy: The lack of redundancy in the network is a major concern. Redundancy involves having multiple pathways or backups for power and communication within the network. Without redundancy, a single point of failure can disrupt the entire network, leading to downtime and potential data loss.
2. IP Addressing: The existing IP addressing scheme is inefficient and not scalable. This limitation could pose a challenge as the company continues to expand. An optimized IP addressing scheme is essential for reducing routing table complexity and improving overall network performance.
3. Scalability and Security: The company aims to expand its market presence, which requires a scalable and secure network infrastructure. The current setup does not adequately separate the four departments, which could lead to data security concerns. Implementing VLANs and deploying security policies will be crucial in addressing these issues.

Headquarters Campus Redesign

The proposed redesign focuses on maintaining the current Cisco 6500 Catalyst Switches while implementing Ether-channels on its interfaces. Ether-channel is a technology that allows multiple physical Ethernet links to be combined into one logical link for increased bandwidth and redundancy. This setup will enable fast switching capabilities, which is crucial for the user experience.

1. Implementation of VLANs: VLANs (Virtual Local Area Networks) will be implemented to separate the four departments within the headquarters. VLANs improve network security by segmenting traffic, ensuring that data flows only within designated segments. This segmentation reduces the risk of data breaches and improves overall network efficiency.
2. Quality of Service (QoS): QoS will be configured to prioritize real-time communication traffic, such as VoIP (Voice over IP). VoIP traffic is sensitive to delays and packet loss, so ensuring its timely delivery is critical. QoS will help manage bandwidth allocation, giving priority to VoIP traffic over less critical data.
3. Wireless Capabilities: The redesign will also include the wiring of all routers and the addition of wireless capabilities. This upgrade will allow both employees and visitors to connect to the network via portable devices, improving flexibility and connectivity.

WAN Backup Design

The current Wide Area Network (WAN) configuration lacks redundancy and is not cost-effective. The proposed solution involves moving from serial leased lines to Dynamic Multiprotocol Label Switching (MPLS). MPLS is a scalable protocol-independent transport mechanism that directs data from one network node to the next based on short path labels rather than long network addresses.

1. Dynamic MPLS: Dynamic MPLS redundancy is achieved through link aggregation, which allows for the simultaneous use of multiple links. If one link fails, traffic is automatically rerouted through the remaining links, ensuring continuous network availability. This “install and forget” technology reduces the burden on IT staff and improves network reliability.
2. Cost Efficiency: MPLS is also more cost-effective than traditional leased lines. By aggregating multiple connections, MPLS reduces the need for expensive dedicated lines, providing a scalable solution that can grow with the company.

IP Address Redesign

The IP address redesign will involve route summarization, which reduces the number of routes that must be maintained in routing tables. Route summarization aggregates multiple IP addresses into a single address, simplifying routing and reducing the burden on network resources.

1. Hierarchical Design: The new IP addressing scheme will follow a hierarchical design, which organizes IP addresses into a structured format that aligns with the network’s physical layout. This structure simplifies network management and supports future growth.
2. Static IP Configuration: All servers will be configured with static IP addresses to ensure stability and reliability. Static IP addresses do not change, making them ideal for servers that host websites, email services, and other critical applications.

Routing Campus Redesign

The current routing protocol, Enhanced Interior Gateway Routing Protocol (EIGRP), will be retained due to its compatibility with VoIP expansions and its efficiency in using network resources. EIGRP is a distance-vector routing protocol that provides fast convergence and supports equal-cost and unequal-cost load balancing.

1. Diffusing Update Algorithm (DUAL): EIGRP uses the DUAL algorithm to prevent routing loops, a critical feature for maintaining network stability. Routing loops can cause significant network congestion and downtime, so DUAL’s ability to ensure loop-free paths is a major advantage.
2. IPv6 Compatibility: As the company grows, transitioning to IPv6 will become necessary. EIGRP’s support for IPv6 makes it a future-proof solution that can adapt to new technologies and address the limitations of IPv4.

American Client WAN Connection Design

The American client connection will be established using a Site-to-Site IPSec VPN. IPSec (Internet Protocol Security) is a suite of protocols that secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a communication session.

1. Cisco ASA Devices: The Cisco Adaptive Security Appliance (ASA) will be used to create the VPN gateway. Cisco ASA devices combine firewall, VPN concentrator, and intrusion prevention capabilities into a single device, providing a comprehensive security solution.
2. Two-Factor Authentication: To enhance security, two-factor authentication (2FA) will be implemented for remote access. 2FA requires users to provide two forms of identification—such as a password and a security token—before gaining access to the network, reducing the risk of unauthorized access.

Remote Users

Remote users will also connect to the network via VPN, with two-factor authentication providing an additional layer of security. VPN software will be pre-installed on remote devices, and certificates will be used for authentication.

1. SSL VPN: For remote users who need to connect to the network via a web browser, Secure Socket Layer (SSL) VPN will be available. SSL VPNs are convenient because they do not require special client software, but they are less secure than IPsec VPNs. A hybrid approach, using both SSL and IPsec, is recommended for different use cases.

Monitoring the Network

Syslog will be implemented for network monitoring. Syslog is a standard for message logging that allows network devices to send event messages to a logging server. These messages can include information about login attempts, port-security alerts, and other critical events.

1. Troubleshooting: Syslog is invaluable for troubleshooting network issues. By analyzing Syslog messages, IT staff can identify the root cause of problems, such as network congestion or security breaches, and take corrective action.

Conclusion

The proposed network redesign for Widget Corporation will significantly improve the reliability, scalability, and security of its information infrastructure. By implementing redundancy, optimizing IP addressing, and enhancing network monitoring, the company will be better equipped to meet the demands of its growing business. The transition to VoIP, the integration of American clients, and the provision of secure remote access will further support the company’s expansion and modernization efforts.

References

• Leskiw, A. (2018). Understanding Syslog: Servers, Messages & Security - Network Management Software - Reviews & Network Monitoring Tools. Retrieved from http://www.networkmanagementsoftware.com/what-is-syslog/
• MPLS Redundancy | Dynamic MPLS Redundancy | WAN Redundancy.org. (2018). Retrieved from http://www.wanredundancy.org/mpls-redundancy
• RCR Wireless News. (2018). MPLS vs VPN vs Leased Line: Five Factors to Consider. Retrieved from https://www.rcrwireless.com/20140513/wireless/mpls-vs-vpn
• Cisco Systems. (2018). Enhanced Interior Gateway Routing Protocol (EIGRP). Retrieved from https://www.cisco.com/c/en/us/products/ios-nx-os-software/enhanced-interior-gatewayrouting-protocol-eigrp/index.html
• Palo Alto Networks. (2018). Remote Access VPN with Two-Factor Authentication. Retrieved from https://www.paloaltonetworks.com/documentation/70/globalprotect/globalprotect-admin-guide/globalprotect-quick-configs/remote-access-vpn-with-two-factor-authentication