Module Title: Building Internet Infrastructure

LO1: Plan and Design Internet Infrastructure

Network Design Basics
The sections that follow cover the basics of network design with regard to the following concepts:
■Network design overview
■The benefits of a hierarchical network design
■Network design methodology

Network Design Overview

Computers and information networks are critical to the success of businesses, both large and small. They connect
people, support applications and services, and provide access to the resources that keep the businesses running. To
meet the daily requirements of businesses, networks themselves are becoming quite complex.
Network Requirements
Today, the Internet-based economy often demands around-the-clock customer service. This means that business
networks must be available nearly 100 percent of the time. They must be smart enough to automatically protect
against unexpected security incidents. These business networks must also be able to adjust to changing traffic loads
to maintain consistent application response times. It is no longer practical to construct networks by connecting many
standalone components without careful planning and design.
Building a Good Network
Good networks do not happen by accident. They are the result of hard work by network designers and technicians,
who identify network requirements and select the best solutions to meet the needs of a business.
The steps required to design a good network are as follows:
Step 1.Verify the business goals and technical requirements.
Step 2.Determine the features and functions required to meet the needs identified in Step 1.
Step 3.Perform a network-readiness assessment.
Step 4.Create a solution and site acceptance test plan.
Step 5.Create a project plan.
After the network requirements have been identified, the steps to designing a good network are followed as the
project implementation moves forward. Network users generally do not think in terms of the complexity of the
underlying network. They think of the network as a way to access the applications they need, when they need them.
Network Requirements
Most businesses actually have only a few requirements for their network:
■The network should stay up all the time, even in the event of failed links, equipment failure, and overloaded
conditions.
■The network should reliably deliver applications and provide reasonable response times from any host to any host.
■The network should be secure. It should protect the data that is transmitted over it and data stored on the devices
that connect to it.
■The network should be easy to modify to adapt to network growth and general business changes.
■Because failures occasionally occur, troubleshooting should be easy. Finding and fixing a problem should not be
too time-consuming.
Fundamental Design Goals
When examined carefully, these requirements translate into four fundamental network design goals:
■Scalability: Scalable network designs can grow to include new user groups and remote sites and can support
new applications without impacting the level of service delivered to existing users.
■Availability: A network designed for availability is one that delivers consistent, reliable performance, 24 hours a
day, 7 days a week. In addition, the failure of a single link or piece of equipment should not significantly impact
network performance.
■Security: Security is a feature that must be designed into the network, not added on after the network is
complete. Planning the location of security devices, filters, and firewall features is critical to safeguarding network
resources.
■Manageability: No matter how good the initial network design is, the available network staff must be able to
manage and support the network. A network that is too complex or difficult to maintain cannot function
effectively and efficiently.
Hierarchical networks have advantages over flat network designs. The benefit of dividing a flat network into
smaller, more manageable hierarchical blocks is that local traffic remains local. Only traffic destined for other
networks is moved to a higher layer.

Lucy TVET College By:- Gizachew Ayalew Page 1 of 5

Module Title: Building Internet Infrastructure
Layer 2 devices in a flat network provide little opportunity to control broadcasts or to filter undesirable traffic. As
more devices and applications are added to a flat network, response times degrade until the network becomes
unusable. Figures 1-1 and 1-2 show the advantages of a hierarchical network design versus a flat network design.
The Benefits of a Hierarchical Network Design
To meet the four fundamental design goals, a network must be built on an architecture that allows for both flexibility
and growth.
Hierarchical Network Design
In networking, a hierarchical design is used to group devices into multiple networks. The networks are organized in
a layered approach. The hierarchical design model has three basic layers:
■Core layer: Connects distribution layer devices
■Distribution layer: Interconnects the smaller local networks
■Access layer: Provides connectivity for network hosts and end devices

Figure 1-1 Flat Network

Figure 1-2 Hierarchical Networks

Network Design Methodologies

Large network design projects are normally divided into three distinct steps:
Step 1.Identify the network requirements.
Step 2.Characterize the existing network.
Step 3.Design the network topology and solutions.
Step 1: Identifying Network Requirements
The network designer works closely with the customer to document the goals of the project. Figure 1-3 depicts a
meeting between the designer and the business owner. Goals are usually separated into two categories:
■Business goals: Focus on how the network can make the business more successful
■Technical requirements: Focus on how the technology is implemented within the network

Lucy TVET College By:- Gizachew Ayalew Page 2 of 5

Module Title: Building Internet Infrastructure
Step 2: Characterizing the Existing Network
Information about the current network and services is gathered and analyzed. It is necessary to compare the
functionality of the existing network with the defined goals of the new project. The designer determines whether any
existing equipment, infrastructure, and protocols can be reused, and what new equipment and protocols are needed
to complete the design.
Step 3: Designing the Network Topology
A common strategy for network design is to take a top-down approach. In this approach, the network applications
and service requirements are identified, and then the network is designed to support them. When the design is
complete, a prototype or proof-of-concept test is performed. This approach ensures that the new design functions as
expected before it is implemented.
Figure 1-3 Client Interaction

A common mistake made by network designers is the failure to correctly determine the scope of the network design
project.
Determining the Scope of the Project
While gathering requirements, the designer identifies the issues that affect the entire network and those that affect
only specific portions. Failure to understand the impact of a particular requirement often causes a project scope to
expand beyond the original estimate. This oversight can greatly increase the cost and time required to implement the
new design.
Impacting the Entire Network
Network requirements that impact the entire network include the following:
■Adding new network applications and making major changes to existing applications, such as database or
Domain Name System (DNS) structure changes.
■Improving the efficiency of network addressing or routing protocol changes
■Integrating new security measures
■Adding new network services, such as voice traffic, content networking, and storage networking
■Relocating servers to a data center server farm.

Impacting a Portion of the Network

Requirements that may only affect a portion of the network include the following:
■Improving Internet connectivity and adding bandwidth
■Updating access layer LAN cabling
■Providing redundancy for key services
■Supporting wireless access in defined areas
■Upgrading WAN bandwidth

Planning a Logical Network Design

When you plan a logical network design, you can start from one of two places. You can design and install
a new network from scratch, or you can upgrade an existing network. Either way, you should gather
information about several important factors before you begin the logical design. For example, depending
on the services that will be provided to clients, you might need to analyze the possible traffic patterns that
might result from your plan. Locate potential bottlenecks and, where possible, alleviate them by providing

Lucy TVET College By:- Gizachew Ayalew Page 3 of 5

Module Title: Building Internet Infrastructure
multiple paths to resources or by putting up servers that provide replicas of important data so that load
balancing can be provided. The following are other factors to consider:
 Who are the clients? What are their actual needs? How have you determined these needs—from
user complaints or from help-desk statistics? Is this data reliable?
 What kinds of services will you provide on the network? Are they limited in scope? Will any
involve configuring a firewall between LANs? And if so, that still doesn't account for configuring
a firewall to enable access to the Internet.
 Will you need to allow an Internet connection for just your internal network's users, or will use
you need to allow outside vendors access to your network? What will it cost to evaluate what
kind of services user groups need to access from the Internet? Will you need to allow all users to
use email—both within the internal network and through the firewall on the Internet? The same
goes for what sites users will be allowed to access using a network browser and other network
applications. Will you have users who work from home and require dial-in or VPN access
through the Internet?
NOTE
A hot topic in many companies revolves around just how important it is to let all users have unlimited
access to the Internet. If users need to exchange email with vendors, outside consultants, or customers, for
example, then you should be sure to send this traffic through a content filter or firewall, and use virus-
protection software to detect and prevent malicious code or virus-infected attachments.
Applications such as FTP allow users to send or receive files from remote systems. Can you trust each
employee to use this application without abusing it? From a security point of view, it is usually
considered very improper to allow any new application to be loaded on any computer—desktop or server
—without first submitting the application to testing to ensure that is necessary and is not a security risk.
Don't leave any backdoors into or out of your network.
Can your users tolerate a little downtime now and then due to network problems, or is it necessary to
provide a high-availability network? Will you need clustered servers to provide for a high degree of
uptime, or do your users' applications not suffer from a temporary loss of the use of a server? To provide
for maximum uptime, can you afford to build redundancy into your network?
In an existing network, will you keep the current protocol or upgrade to a different protocol standard? If
you create a network from scratch, what factors should affect your network protocol decision? Ethernet is
the most popular LAN technology in the world today. TCP/IP is the most popular protocol suite that runs
on Ethernet. Yet there are cases in which other technologies have their niches. Consider the implications
(such as support costs) to maintain older, proprietary protocols.
Who Are Your Clients?
This seems like a very simple question. You need to assess work patterns for various departments so that
you can appropriately place servers, high-bandwidth links, and other such things in the appropriate
physical location of the network. If most of the network traffic you expect to see will come from the
engineering department, you'll need to provide that department with a large data pipe.
What Kinds of Services or Applications Will the Network Offer?
Of course, everyone knows that the most important function of a network today is to support multiuser
gaming. Seriously, though, you need to make a list of the kinds of applications currently in use, as well as
a list of those requested by users. Each application should have a written risk assessment document that
points out potential security problems, if any. Typical network applications today include FTP, telnet,
and, of course, browsing the Web. There are "secure" versions of these applications and there are versions
that leave a door wide open into your network. Whatever list of applications you chose to support over the
network, keep in mind two things:
 Is the application safe? Most applications today come in secure versions or can be used with a
proxy server to help minimize the possibility of abuse. Yet, as we all have seen, even the largest
corporations are targets at times, and those companies have the staff that should be able to
prevent these things from happening. Because proxy servers are an important component of
firewalls, this subject is covered in greater detail in Chapter 49. If you want a secure network, this
is highly recommended reading!
 Does one application overlap another? Every user has his or her favorite application. Some
people like one word processor, whereas others prefer a different one. But when dealing with

Lucy TVET College By:- Gizachew Ayalew Page 4 of 5

Module Title: Building Internet Infrastructure
applications or application suites (such as Microsoft Office), you'll find it better to make a
decision and stick with a single product if it can satisfy the needs of your users. They might not
like it, and training might be necessary, but supporting multiple applications that do the same
thing wastes money and leads to confusion.
A commonly overlooked method for getting data files out of a network and onto the Internet is to simply
send the files as an attachment to an email. So if you think you've blocked file transfers by disabling FTP
access through the firewall, this example should show that you really do need to do a careful evaluation of
any new application or service you will allow on the network. New applications should be justified with
facts that show why they are needed. If an existing application can be used to accomplish the same goal,
why do you need another application? Should you retire the older application and use a newer one? Pay
attention to the details. And don't forget to test new applications to ensure that they perform as expected.
The same goes for older applications—will they work on the new or upgraded network?
Lastly, do you monitor network usage? Do you want to permit users to spend their days browsing the Net,
or checking personal email while at work? Many companies have policies that apply to using the
telephone for personal business. Do you overlook this situation when giving users email capability? Are
you preventing access to sites that are obviously not business-related?
What Degree of Reliability Do I Require for Each Network Link?
Just how much downtime is acceptable? For most users, the answer would be zero. Important components
of your network, such as file servers, should have fault tolerance built in from the bottom up. In large
servers, you'll find dual-redundant power supplies (each connected to a separate UPS), and disk arrays set
up using RAID techniques to provide for data integrity in the event that a disk goes south. If a link
between two offices needs to be up 100% of the time, you should plan for multiple links between the two
sites to provide a backup capability. In this case, you also can justify the cost of the extra link by using
load balancing so that network response time is improved. And, if you are using multiple links to remote
sites, it's always a good idea to have more than a single path to the site. At one site this author worked at,
there were redundant power lines bringing electricity into the site—side-by-side. If a tree falls, will it
bring down one or both of those power lines?
NOTE
In addition to dedicated links between sites, the use of Virtual Private Networking (VPNs) is becoming a
popular method for connecting to remote sites. The advantages of using a VPN are that you can send data
across the Internet, which is less expensive than using a dedicated link, and mobile users can also use a
VPN connection to connect to your network as they move from place to place. The only problem with this
approach is that a remote site, as well as your main site, should use two ISPs to ensure that if one goes
down, you still have a connection to the Internet. For a mobile user, this can be problematic if using an
Internet service provided by the hotel. You can solve this problem by giving your users access to two
different nationwide ISPs.
Another technology that can be used to provide an extra layer of redundancy, as well as high-speed access
to storage devices, is the Storage Area Network (SAN). A SAN is a network that is separate from the
LAN and contains only storage devices and servers that need to access those devices. Because the
network bandwidth is not shared with LAN users, multiple servers can access the same storage. If one
server fails, other servers can be configured to provide redundant access to the data. Also, the same RAID
and other redundancy techniques used for storage devices that are directly attached to a server (such as
the SCSI hardware and protocols) can be used on a SAN.

Lucy TVET College By:- Gizachew Ayalew Page 5 of 5