Network Redesign
By Kevin Burke
Champlain College is small college in the middle of Vermont's largest city. Champlain College has embraced technology as a way to help its students further their education. A major part of this high tech environment currently is a network.
The college currently has a Local Area Network (LAN) to connect all of the computers on campus. This report is going to take a new look at the colleges current and future needs. The new network model will have to last at least seven to ten years.
The physical size of the college is rather small. This means that the network can be created using a single LAN. This allows the use of high-speed LAN links between the buildings in the network.
To connect all of the buildings together single-mode fiber-optic cable will be used running at gigabit. There are also other systems that are very likely to use the fiber optic cables, such as voice or security. For that reason each building should have at least 12 pair of fiber optic cable.
There will be three Main Distribution Facilities (MDFs) on the campus. These buildings are Skiff hall, Cushing hall, and Miller information commons. All of the other buildings will connect to one of these buildings. All three of these buildings will be interconnected to provide redundancy. If one of these links is broken, the network will continue to operate unaffected. Two of these links, the one connecting Skiff and Cushing as well as the one connecting Cushing and Miller, will be buried under ground. The other link that connects Miller and Skiff will be run on a telephone pole. The college has invested a lot of time and money into making a high-speed network, and they want to reduce the chance that one accident or event will bring down the entire network.
Many buildings on the campus are used for multiple purposes. The most common example of this is a building that contains both student and staff computers. Each of these computers has different rights and permissions on the network. If the signals were to be mixed then it would be impossible to set different permissions for all of the computers. There are two methods to accomplish this. The first would be to have two separate pair of wires connecting to two separate sets of equipment. Another method would be to set up different Virtual LAN's (VLAN's) for each different group of computers and then use a single pair of wires as a trunk line to connect them to a central switch. The latter method is preferred because it uses fewer of the fiber optic cables, which are a limited commodity. This allows more of the fiber optic cables to be used other purposes as mentioned above. The bandwidth is not an issue because the main campus backbone, which all of these signals will have to run through, is also be gigabit.
The college has a very clean look to it and the sight of any cables that would be run in the air would be undesirable. Since most of the properties abut each other buried cabling can be used to connect the buildings. Buried cable is also desirable over aerial cable runs because there is less chance of the cable being broken. One of the problems with underground cable is that permission must be obtained from any and all property owners whose property the cable crosses. This is not an issue if the run is only across the campus, but it can become a logistical nightmare if there is any number of properties to cross. There are currently three buildings that use aerial cable for that reason. They are North house, Sanders hall, and South house. Champlain College currently has an agreement with a company that allows the college to hang the cables on their space.
A physical map of the college is shown here. It also shows all of the inter-building cable runs.
A logical map of the college is shown here. It shows what buildings are connected to what buildings.
A physical map of North House is shown here. It shows the run of each cable and the location of each wall port.
In an effort to help improve redundancy between all of the other buildings the college should acquire some wireless technology. This would be used if the main cable were damaged. There are two types of wireless currently in use. Optical systems use a laser to transmit data at 1 gigabit. Radio Frequency wireless technology is slow with a maximum of 11Mbps. Optical systems require a completely unobstructed line of sight. They also must be perfectly aligned and must stay perfectly aligned. These factors mean that for a quick setup it would be impractical. Radio Frequency is much more reliable and easier to setup. Since it would only be used in an emergency Radio Frequency will be used.
This backup link is not as fast as the gigabit fiber optic cable that normally connects all of the buildings, but it would be enough to keep the network running. To ensure that it will work properly in an emergency there would have to be a lot of preparation work done ahead of time. Each building should have a designated spot where the wireless system will be placed. This spot should have line-of-sight other building. The definition of line of sight might differ depending on the system used but generally a completely unobstructed path between the buildings is desirable.
The other building that the system would connect to could be any building, when possible it should be a MDF to reduce excess latency. Of course the other building will also have to have a designated spot that can "see" the original building. If there are is a choice in location on a building then preference should be given to any unoccupied space such as an attic. This will help to reduce any disturbance that might interrupt the already fragile setup. Once the location has been decided then there should be two cables run up to that point, one fiber and one Unshielded Twisted Pair (UTP) wire. The UTP should be rated to handle 100Mbps and the fiber optic cable should be rated for 1000Mbps. The reason for running both types of cabling is that some systems may only be able to use one type. Installing both types now will help ensure that the college is not locked into one particular system.
Inside each building there will be Intermediate Distribution Facilities (IDFs) where all of the computers will be connected. These will be located in secured closets. The location of these closets is not always ideal. In some of the dorms they are located in the basement. One example of this is North house. The size of North house is small enough that there will only be one IDF. Like many other dorms the most secure place that is available is the basement. To help prevent damage to the switch it should be placed in a cabinet with an air filter. Inside each closet switches are going to be placed to help micro segment the network. Each of the IDF's will be connected together using multimode fiber running at 1000Mbps to help reduce any bottlenecks.
Inside each of the rooms in all of the buildings there should be approximately four wall jacks in each room, depending on the size the room. This might be considered overkill especially in offices or dorm rooms, where there might only be one computer. Considering how much time can be saved down the road it is not. When only one port is installed in a room it always seems that it is on the opposite side of the room from where the computer is. There are many times where a cable is run on the floor where people can step on it. This greatly increases the chance that the cable will be damaged leading to many unnecessary calls to technical support.
Another advantage of having multiple ports in one room is if there are multiple computers. When there is only one port in a room the only way to connect multiple computers is to use a hub. This can be a bottleneck because it extends the collision domain. If each computer were attached directly into a wall port the computer would have a dedicated full-duplex 100Mbps connection to the network. This would make a virtually collision free network, which has tremendous speed advantages over a traditional Ethernet network.
Depending on the location there may be other cables run with the network cable. Phone and cable TV should also be run at the same time to locations where it would be applicable. For example offices will need a phone run with network while a dorm room will need all three.
Inside all of the buildings reliability is a big concern. It is an especially big concern in the dorms. There are not many networks where the occupants will move in and out once or twice a year. To ensure that the network cable will not be damaged it should be run inside ½ steel conduit. This also has the added advantage of being easier to upgrade. When the network needs to be upgraded the old cable can be taken out and the new cable can be fished through. When possible the conduit should be run inside the wall. This will help prevent damage to the conduit. It will also not be an eyesore as it would be if the conduit were run on the wall.
Champlain currently does use some wireless technology in Miller for student laptops. This allows students with laptops and wireless NIC's to work anywhere in the building. The new network model will call for this in two places. The first is in the dorms. If a transceiver were placed on each floor it would be able to cover the majority of the floor. This would allow mobile computer users to be truly mobile. The other place that wireless is going to be implemented is in any place where students might gather and/or work, such as Miller, the Hauke lounge, or the dining hall.
The protocols that we are using in this network are TCP/IP and IPX. IPX will be implemented as the only protocol on all of the file servers. The reason for this is that it will reduce the chance that an external source will be able to hack into these particular servers because IPX will not be routed over the Internet. Unfortunately, it will do nothing about internal threats.
We will implement four VLANs in this network. The first VLAN is the Staff VLAN. All of the computers that are in the staff offices will be on this VLAN. Most of this traffic will be directed to the local servers. The next VLAN is the Dorm VLAN. All of the computers that are in the student dorms will be part of this. The vast majority of this traffic is directed to the Internet. The third VLAN is the Classroom VLAN. All of the student workstations and classroom computers will be part of this VLAN. The final VLAN is the Server VLAN. This is designed to house all of the servers on campus.
In this network we will have two DNS servers in this network. The first one will be placed in Miller near the POP. This one will be the primary name server for the Staff, Classroom, and Server VLAN. The other DNS server will be placed in Skiff, and will be the primary name server for the Dorm VLAN. We did this because we wanted to place the servers near where most of the traffic is coming form. Cushing is not an option for servers because there is not enough room. The email servers are going to be placed Miller because that is where the POP is.
I considered the idea of an application server to store programs such as office applications. I think that there will be a large opportunity for software piracy because all of the students' computers in the dorms will have access to this as well. Even if we did block the dorm computers form accessing this server, the students at Champlain would be inventive and resourceful enough to copy this software to their own computer. For this reason only applications that have a low likelihood of being pirated should be used on this server. Examples of this are applications that are not useful to students or freeware.
There are many department servers in the college. Most of these are not traditional department servers. The only traditional department server is the library's electronic card catalog system. This is the only traditional department server because the vast majority of it's traffic will be coming form the library, which is where it will be located. The rest of the college is too decentralized. Department servers try to eliminate any unnecessary traffic by placing the server where most of its traffic will be coming from. Instead the severs should be placed where they would be easy to administer. For example there might be a professor that has a computer in his or her office that he or she wants the students to access. If administration is not a big issue then we would suggest placing them in Miller. There is a room that currently houses many of the servers because it is properly secured and climate controlled.
Champlain College is not only concerned with providing an education for the students who go there, but they are also concerned with providing some recreation for the students. This is because many students call the campus their home. For this reason we do not want to block programs that many students may use in their free time. Many of these programs are network games. These need to have total access to the Internet and let the Internet have total access to them. For this reason we are only suggesting that an ACL that blocks problematic ports be put up. If a computer is improperly set up then it might be easy for someone to hack into the computer on ports 21, 23, and 80. Port 21 is also a good port to block for another reason. If a student set up a FTP server on their personal computer then it could very easily eat up a large portion of the bandwidth that the school has.
All of the computers in the network will use DHCP to obtain the IP address with the exception of all the computers on the Server VLAN, which will have static IP addresses. Champlain College currently has eight blocks of subnetted Class C network addresses. Currently all of the computers on campus have external IP addresses. With the Internet running out of IP addresses it is very difficult for an organization to obtain that number of IP addresses. If the college were to switch ISP's then they might not be able to obtain as many IP addresses. The college is also increasing the number of computers that it has so it may run out of IP addresses in the near future.
Network Address Translation (NAT) is a method where many computers can use one IP address to access the Internet, in doing so it can save valuable IP addresses. The use of NAT can cause some problems with certain applications or web sites. By its very nature NAT does not allow a computer to accept incoming transmissions that were not initiated by one of the computers inside. It does not know which computer to direct it to so it drops the request. Basically what this means is that the computer cannot act as a server for anything. This is not a problem with most applications such as web browsing. It can cause problems with other programs such as games.
Many of the computers on the Staff VLAN will not be accessing the Internet much, so NAT will be used for these computers. Because of this all of problems that NAT can cause the computers in the Dorm, Classroom, and Server VLAN will have their own external IP address. Both the Classroom and the Server VLANs will have two blocks of Class C IP addresses assigned to them. There will be about 650 beds in the Champlain College dorms within two years. It is planned that most of these beds will be filled. We will assume, on average, one computer for each bed. The Dorm VLAN will need three blocks of Class C addresses.
This design is following the requirements for a secondary and primary school network. Many of these networks will encompass all of the schools in an entire district. This generally means that the network is a Wide Area Network (WAN). The Champlain College network does not cover a wide geographic area, instead it is a LAN. The requirements still require me to cover WAN technologies. For this reason the following has no bearing on the actual design of the network.
The network design does not use any WAN technologies, nor would it benefit from any WAN technologies. Both currently and in the proposed design all of the buildings are connected with fiber optic line. This is faster than any WAN technology that could be afforded by the college. The POP is the only place that has any WAN technologies. All of these are the responsibility of the Internet service provider that the college subscribes to. All of the WAN protocols that are used can vary depending on which ISP that the college uses.
There are currently only three buildings that fall outside of the main campus area. They are North house, Sanders hall, and South house. The rest of the building can be connected using buried underground cable without any major problem. The other three buildings are currently connected using a fiber optic cable that being run on the telephone poles. An alternative to this would be to use ISDN. This is not desirable for several reasons. It introduces a third party as well as all of their equipment and procedures. It would also introduce extra equipment that would have to be configured and maintained. This equipment could also could fail and cause more problems down the road. The best reason not to use ISDN is that the fiber optic link is much faster. ISDN's PRI service has a maximum transfer rate of 1.544 Mbps using the maximum of 23 B channels, which is less than Ethernet's maximum transfer rate of one 1000 Mbps.
The network does not use any WAN technologies or protocols because there is everywhere where it could be considered there is a better LAN technology or protocol that can be used. For that reason the network will not use the standard two- or three-layer WAN model.
If you have any questions or comments please email me, Kevin Burke, at od2718@yahoo.com
