Netw208 WEEK8 Course Project Final - NETWORK DESIGN PROPOSAL

Introduction

Over the past eight weeks, our team of network administrators has been tasked with researching and prescribing methods to improve the speed and reliability of the Widget Corporation’s network infrastructure. Widget Corporation, a leading architectural firm, employs 300 people across 10 global sites, each varying in size and network requirements. The key objectives of this project include seamlessly integrating consumers and partners into the company’s information infrastructure, ensuring network reliability through redundancy, and upgrading the Local Area Network (LAN) infrastructure to support the growing demands of the business.

Our Plan

The proposed plan includes a full campus redesign, WAN backup design, IP addressing scheme rework, VLAN implementation, and network security enhancements. Each of these components is critical to ensuring that Widget Corporation’s network infrastructure can meet current demands and accommodate future growth.

Campus Redesign

The redesign of the Widget Corporation campus network will focus on enhancing redundancy and implementing VLANs to segment the network. The existing Cisco 6500 Catalyst Switches will be retained, but Ether-channels will be implemented on their interfaces to combine multiple physical links into a single logical link. This setup not only increases bandwidth but also adds redundancy, ensuring that the network remains operational even if one link fails.

1. Ether-Channel Implementation: Ether-channel technology combines multiple Ethernet links into one logical link, which provides increased bandwidth and redundancy. This setup ensures that if one link fails, the traffic is automatically rerouted through the remaining links, minimizing downtime and maintaining network performance.
2. VLAN Configuration: VLANs will be configured to segment the network into different sections based on the department—such as Design, Human Resources, Sales, and Marketing. This segmentation improves security by isolating sensitive data and reducing the risk of data breaches. Additionally, VLANs help manage network traffic more efficiently, preventing congestion and improving overall performance.
3. Quality of Service (QoS): QoS will be configured to prioritize VoIP traffic, which is sensitive to delays and packet loss. Ensuring that VoIP traffic is given priority over other types of data traffic will help maintain clear and uninterrupted communication across the network.

WAN Backup Design

The current WAN configuration at Widget Corporation does not support redundancy, making the network vulnerable to outages. To address this, the proposal includes moving from serial leased lines to MPLS or mesh technology, which offers greater reliability and scalability.

1. MPLS Implementation: MPLS (Multiprotocol Label Switching) is a scalable, protocol-independent transport mechanism that directs data from one network node to the next based on short path labels rather than long network addresses. By implementing MPLS, Widget Corporation can achieve greater redundancy and improve network reliability. MPLS allows for the simultaneous use of multiple links, providing a backup in case of failure and ensuring continuous network availability.
2. Stand-by ISDN Modem and Site Router: Each site will also be equipped with a stand-by ISDN modem and site router, providing a secondary interface in case of ISP network failure on the local loop. This backup setup will be configured to automatically failover in the event of a local WAN failure, minimizing downtime and maintaining network operations.

IP Addressing Scheme Rework

The existing IP addressing scheme at Widget Corporation is inefficient and does not support the company’s growth. The proposed rework will involve the use of CIDR (Classless Inter-Domain Routing) and hierarchical design to reduce routing overhead and improve network management.

1. CIDR Implementation: CIDR allows for the efficient allocation of IP addresses by aggregating multiple IP addresses into a single route, which reduces the size of routing tables and improves network efficiency. By implementing CIDR, Widget Corporation can ensure that its network is scalable and capable of supporting future growth.
2. VLAN Configuration: The network will be divided using VLAN configurations at each level, which will allow for the segregation of corporate data, VoIP, and guest usage. VLANs provide an additional layer of security by isolating different types of network traffic and ensuring that sensitive data is protected.
3. Guest Network and DMZ Setup: A guest network will be configured using a DMZ (Demilitarized Zone) subnet, which will be outside the protection of the firewall. This setup allows guests to access the internet without compromising the security of the internal network.

American Site Connection

To connect the American site to the Widget Corporation headquarters network, a Site-to-Site VPN (Virtual Private Network) using IPsec (Internet Protocol Security) is recommended. IPsec provides a secure connection between the two sites by encrypting data and ensuring that it cannot be intercepted or tampered with.

1. VPN Gateway Setup: A VPN gateway, such as a Cisco Adaptive Security Appliance (ASA), will be used to create the secure connection. The Cisco ASA device combines firewall, VPN concentrator, and intrusion prevention capabilities into a single device, providing comprehensive security for the connection.
2. Encryption and Authentication: The VPN will use Advanced Encryption Standard (AES) with 128-bit encryption or higher to secure the data. Additionally, the VPN will be configured with a pre-shared key (PSK) for authentication, ensuring that only authorized devices can access the network.
3. SSL VPN for Remote Access: For remote users, SSL VPN will be available, allowing them to connect to the network using a web browser without the need for special client software. While SSL VPN is convenient, it is less secure than IPsec VPN, so a hybrid approach is recommended for different use cases.

Network Monitoring and Security

Monitoring the network is critical for maintaining security and performance. Syslog, a standard for message logging, will be implemented to monitor network devices and log events such as login attempts and port-security alerts.

1. Syslog Implementation: Syslog provides real-time monitoring of network events, allowing IT staff to quickly identify and respond to issues. Syslog messages can be analyzed to troubleshoot problems, such as network congestion or security breaches, and take corrective action.
2. Two-Factor Authentication (2FA): Two-factor authentication will be implemented for remote access to enhance security. 2FA requires users to provide two forms of identification, such as a password and a security token, before gaining access to the network. This additional layer of security reduces the risk of unauthorized access and helps protect sensitive data.

Conclusion

The proposed network redesign for Widget Corporation will significantly improve the reliability, scalability, and security of its information infrastructure. By implementing redundancy, optimizing IP addressing, and enhancing network monitoring, the company will be better equipped to meet the demands of its growing business. The transition to VoIP, the integration of American clients, and the provision of secure remote access will further support the company’s expansion and modernization efforts.