Hello Guys. I am a uni student that is on a networking course. Now I am having a few problems with an assignment.
- We have to design a WAN that spans across Europe.
- With each country having at least 1 major hub of about 1200+ desktops and offices located elsewhere having 70+ desktops.
- We have not been told anything about what services that are required or anything about traffic loads.
- No mention of a budget but usage of the word “cost effective”
- As for the internet, it will be coming in at one site (we’ve been given .64/27 - .128/27) so I’m using one IP address to enter the company and that’s it, since we don’t know about services, this leaves space to give them IPs later on. (My decision, assignments says nothing about this)

So I plan on doing an ideal network that is reliable and responsive with capacity for future growth. The thing that is bothering me the most is the following

What sort of connection should I be using to linking all of these?
Would ATM be a wise choice to link the remote sites to a central site(where I’m thinking of placing all services such as storage and email here), would an ATM link work coming out of the UK into France countries like Germany?
From what I understand, the assignment looks like it wants dedicated lines and no VPN’s on an internet connection.

How would I put a VLAN in place? Do I give each site it’s own VLAN?
So the remote sites each have it’s own VLAN while the major hubs get so many VLANS, with a switch mode set to VLAN server (one for every major hub)
Would having so many different VLANS servers at each location conflict? Or would it be possible to have all VLAN information at one location and send it across the WAN? (VTP is it?) I take it giving each VLAN it’s own range of IPS a good idea. As we have no idea of company structure, I can only design VLANS based on location.

Also with those two questions mixed. I understand that for VLANS to talk to each other they require some form of Layer 3 routing (so a router or layer 3 switch)
I am undecided about which one to go for, at the moment there is no redundancy. So it’s looking like layer 3 switch. With redundancy I’m thinking of routing as this will allow me to choose some routing protocols(something like OSPF) The router may slow things down, but at least it has the intelligence to route more(or can layer 3 switching provide this facility?)

I am sorry for these beginner questions, but we have not been taught much on how to design a network of this size.

Also any programs that will allow me to produce network diagrams? I’ve got OPNET and Packet Tracer. At the moment it looks like I’m using OPNET to show this.

I hope you guys can help me! I’m sure I can do everything else myself, it’s just these things I have no experience in deciding on.

One word-

MPLS


As for software that does network drawings, MS Visio is very good for that.

DIA if you're a linux user

_________________
I don't need luck... I've got skills

I wouldnt try to NAT thousands of work stations off of one IP address.



VLAN are used only within a sites LAN. Everything on the WAN should be Layer 3.

So does this mean I need to have divide up where I want internet access in my WAN. So I have multiple entry points. Where different segments of a WAN has an internet connection, which will provide internet access to so many work stations (what would you say is a maxium?)

So as for VLANs, each site has it's own VLAN's(200 work stations max per VLAN?) So would this require each site to have it's own VLAN server? again what about conflicts?

You say everything on the WAN should be layer 3, could you please explain?
At the moment it's looking like the workstations will all connect to layer 2 switch, which then go up to a layer 3 switch to do the routing. Or do you mean every switch has to be layer 3?

Also for MPLS, any indications of the speeds it offers? I know price will be a pain to nail down, but I'm trying to find some rough prices as well so I can factor that in to a costing.

1) In a standard corporate WAN there can be 2-4 of the major sites that have a direct internet connection. All the other sites get to the internet by going through the MPLS cloud back to one of those sites. You can split the traffic or have them in strict failover mode.

2) There is no such thing as a VLAN server, only routers and L3 switches. Sites with less than 100 work stations can be one subnet range. I don't know what you mean about conflicts.

3)On an MPLS WAN all the sites are connected to the cloud by a router (a layer 3 device) running BGP.

4)MPLS comes in any speed you can get with a dedicated line. To connect to the MPLS cloud in a large corporate WAN, the main sites might have OC3's, the medium size sites get full or partial DS3's, and the small sites get 1 or 2 T1's. Pricing costs about the same as having as the dedicated line does. So if you have 5 sites connected to the MPLS cloud on T1's, the service will cost the same (or very close) as having 5 DIA T1's.

Thanks for that, which has been very useful. Sorry about the confusion over the VLAN server stuff. I thought that one switch could be set to server mode so that it can dish out all of the VLAN information. Where as other switches can be set to client so it receives this information. Thinking about it some more, it's looking like I do not have to worry about this, instead each port on a switch will have a VLAN assigned to it. So no need to dynamically assign VLANS

So as for connecting my workstations together should they now directly connect to a layer 3 switch which then connect to my router

Workstation < -- > Layer 3 Switch < -- > Router < -- > MPLS Cloud

So my workstation comes under a VLAN, with the switch defining a port to a specific VLAN. With my Router allowing me to route everything to my major sites via the MPLS

Is that correct?

Sorry if I'm giving you a headache

There are servers that can tell a switch what vlan to put a port on, but I have never seen one used before. It would be a serious management nightmare.

Smaller sites (under 100 computers) wont need a Layer 3 switch. They can all be plugged into layer 2 switches and then connected to the router.

Great! So little sites are sorted.

So this means for my big massive sites (1200+ desktops and devices and such)
Workstation < -- > Layer 3 Switch < -- > Router < -- > MPLS Cloud
Or could I slip in a Layer 2 switch before the Layer 3? since my VLANS are sort of big.
As for the routers being used, I’m looking at 2800 series

For my VLAN addressing. Since I'm using the 10.x.x.x range.
I'll end up with something like this
VLAN 2 = 10.1.1.0
VLAN 3 = 10.1.2.0

I plan on being logical and doing this
10.LOCATION.NETWORK.HOST
So with this I have good route aggregation and do not have to worry about massive routing tables. As each router can look at the second ocet and then route to the correct place, which can then sort out it’s own routing to the correct host. Good idea yes?

Thanks for the help! You have been most helpful

Also any recommendations on how many maximum clients I should allow to access an internet connection when using NAT?

This is guide for a hierarchical LAN design. If it was a real network you would have to design it around the site requirments, but it is a good starting point.

2800s will can only handle enough throughput for a few T1/E1's. 3800's can handle DS3/E3's and 7200 can handle OC3's. So small sites get 2800's, medium site get 3800's and large sites get 7200s or 7600s.



It can be whatever you want. Just remember, no two sites can have the same IP address, so plan very carefully.



I would say start with a /19 range (which means it can have 5000 hosts) for the large sites. Then break it apart inside the network. But as far as the BGP table on the MPLS routers are concerned, it is one network.

Medium sites should get a /21 or /22 and small sites could get away with a /24 address. But remeber even with the best summariztion, every site would still be one entry in the routing table. That said, a 1000 line routing table is still considered small.

I would say give each medium site 2 or 3 IPs and small sites one IP for NAT. That way if someone is causing mischief, than it would be easy to track down. Your large sites will probably need 7 to 10 IPs. Dont forget, you will need allot of IP just for servers and such. I prefer to give my servers in the DMZ a public IP address because I hate screwing around with static NAT.

Thanks very much, that has been very helpful
All I really have to do now is just alter for redundancy between the large sites.

Boy this is looking expensive now Can't wait to price up the hardware

It would quite literally be millions of dollars or Euros.

Maybe 500,000 or so pounds?

_________________
Reasonably un-nerdy blog:
americanwerewolfinbelgrade.wordpress.com/

Well there is a total of 48 sites.
So I'm looking at at least 20k of people on my network.
I think the company can afford it! Oh and It looks like the ISP has only given me 64 ip address, so I will have to be carefull how I use them.
.64/27 - .128/27

Fun

You wouldnt be getting IPs from the ISP for something link this. You would need to get an ASN and a large IP block from RIPE.

Yes in real terms a company of this size would get it's own block. Yet the assignment has given us those IPs to use. Some of us have been slightly annoyed, as we have not been taught much as to how you would design such large networks. We have had some stuff on routing protocols, bit of switching and IP sub netting, but nothing of this size. Therefore, I have been reading up on some books and mostly your help on here.

But it's getting there.

If this is supposed to be an assignment that is based on what someone would do in a real corporate network, than it would have redundant ISP connections which means it would need an ASN and a RIPE assigned IP range. Tell your professor he/she needs to modify the parameters of the assignment.