Network design project help.

[CDdude55]

Hey guys,

I have a project due next month where i have to design a large company network that has 7 locations across the U.S., each location has 200 employees expect for the HQ which has 400.

Each location needs to be on it's own IP network and each location as 5 departments, Accounting, Finance, HR, Marketing and Customer Service, so should i use a VLAN to separate each department on a switch? And would i need 5x 48 port switches to connect them all up?

The company also owns a block of class B addresses, 150.15.0.0/16 and i need to map address blocks to each location. Does that mean that the company has 150.15.0.1-150.15.255.254 address available for static IP addressing?

And would i buy both UTP and STP cabling to the nework?

The company will also have an FTP server, Web server etc, would i put those servers at the site in the middle of the county for latency purposes or keep then at the HQ which is all the was on the east cost?

Remember that this isn't for a real company, so don't sweat it.

 

[JrRacinFan]

Would each location have their own FTP/Web hosting? VPN may work best for this. Just throwing out some ideas.

 

[CDdude55]

Would each location have their own FTP/Web hosting? VPN may work best for this. Just throwing out some ideas.

Thanks Jr.

I think that would be best for latency right?, as opposed to putting them in the HQ which is all the way on the east coast. All he wants is a working company network so he is letting us use what ever resources to build and secure the network.

I also have to price everything out.

And do you think i should separate each departments using VLAN?

 

[v12dock]

Something like this? Class B internal for VLANs, and how much traffic to and from FTP/Web server?

I am just now starting to get into networking so please correct me if i'm wrong.

 

[Kreij]

Kinda tough not knowing more information, but the VLANs should work fine.
It really does not matter where the servers are (assuming high-speed, consistant connections), but what about redundancy?
I don't see any need for STP cabling. How do you know how much cable to purchase without location building layouts? (or are you just assuming X feet per employee?)

Your best bet to to start with a drawing of the proposed layout (rough draft) and fill in the details as you go along, location by location.

 

[CDdude55]

I might just make one big VPN, that would render having a VLAN pointless right?

And as for how much cabling im still not completely sure, each location besides the HQ has 200 employees and the HQ has 400 employees, so that would total up to 1500 network cables plus i'd probably need extra to connect to a local switch and everything correct?

Something like this? Class B internal for VLANs, and how much traffic to and from FTP/Web server?

I am just now starting to get into networking so please correct me if i'm wrong.

I too am really just learning more about networking, im a hardware guy mostly.

That diagram looks solid, though i can't really critique it much lol.

 

[Kreij]

From a hardware perspective for the locations, I would do something like ...
-- 5 x 48 port gigabit switches (1 for each department)
-- 1 x 8 port gigabit switch (local main)
-- 1 routers (local main)
-- 207 cat6 network cables
-- 1 network rack

This of course, is an overview because the cabling would normally go in the walls which mean you would probably want punch panels in the communications closet and lots of patch cables.
If the wiring in the building is going to go over air ducts you will need plenum cable to meet fire code requirements (otherwise standard cat6 is fine).
It also does not cover equipment in the event of power failure (ie UPSs or building wide backup power).
There is also no spare components to mitigate catastrophic failure (ie. dead switch or router).

Fun little project you got here. I'll bet we can get you an "A" on the assignment.

I designed and installed the entire network where I work.
When I started here they had daisy-chained thinnet coax and a bunch of DOS boxes. lol

 

[CDdude55]

From a hardware perspective for the locations, I would do something like ...
-- 5 x 48 port gigabit switches (1 for each department)
-- 1 x 8 port gigabit switch (local main)
-- 1 routers (local main)
-- 207 cat6 network cables
-- 1 network rack

This of course, is an overview because the cabling would normally go in the walls which mean you would probably want punch panels in the communications closet and lots of patch cables.
If the wiring in the building is going to go over air ducts you will need plenum cable to meet fire code requirements (otherwise standard cat6 is fine).
It also does not cover equipment in the event of power failure (ie UPSs or building wide backup power).
There is also no spare components to mitigate catastrophic failure (ie. dead switch or router).

Fun little project you got here. I'll bet we can get you an "A" on the assignment.

I designed and installed the entire network where I work.
When I started here they had daisy-chained thinnet coax and a bunch of DOS boxes. lol

Thanks Kreji, awesome stuff!!! And im definitely pushing for an A, just trying to get some advice from my fellow TPUers as i am not very much into networking.(studying hard though!)

You guys have given me a good start!

 

[v12dock]

If the wiring in the building is going to go over air ducts you will need plenum cable to meet

Hmm pulling plenum is fun isn't it... It's the only cable I have managed to break.

But like Kreij said, use patch panels. I would be best just to order the cable in bulk, and then order premade patch cables. I was thinking you would need 1 gateway machine, 1 managed switch. You could use 5 managed switches for each department, but I don't think it necessarily. Make sure the gateway has a extensive firewall (iptables FTW!). You also need to setup a DHCP and DNS machine, and the option for a Web Proxy and/or Mail Proxy depending where you are hosting it.

Also do you have to setup managed wireless?

Sounds like a fun project and i'm sure you will get an A

 

[CDdude55]

Modern companies have a core router that intercepts the incoming ISP service correct? and then that gets connected to multiple switches to service the local users on site and then im guessing it would be best to connect a router to each of those switches.

But there is 400 users at the HQ alone, that's a lot of switches.

 

[CDdude55]

Bump for a little advice.

First thing i need to know is that then an ISP service comes into a company does it hit a core router?

Also if i use x5 48 port switches for each site location, should i also connect a router to each switch or should i connect all the switches up to a single router?

 

[Kreij]

You are going to need a switch port for every device (user's computer) that is connected to the LAN, so yes, you will need several switches to handle the traffic.
If you are going to integrate networked printers and copiers you will need ports for them also. You could opt for some number of wireless devices, but you must gage the throughput requirements for said device (wired is faster).

If there is only one incoming connection to the internet you will need a router to tie it into the network.
I set up a server to handle the internal DNS issues on my LAN, and use it to re-direct to the outgoing gateway. There are several ways to do this, but I chose an internal DNS server so I did not have to direct all of the PCs to an external DNS server (at the ISP).
(Note: I have a redundant DNS/Domain Authentification server just in case the SHTF.)

If you want real internet redundancy, then you would want to set up a couple of routers with different ISPs what use different backbones to mitigate internet anomolies. This would be especially important if you are counting on the internet for little things ... like sales.
This is not the case with your assignment, so it is not as critical.

You could purchase private pipes for your business locations, but that is hideously expenseive and unless you need greater isolation and security than encryption over the internet can afford you, there is little reason for the expenditure.

Stay away from the cloud. It's just another term for outsourcing and is more expensive than setting up an internal system of storage and backups/archives.

Always keep up on the latest technology trends even if you have no plans on using them. In a pinch, it gives you a plethora of buzzwords and dazzling phrases that you can throw at clueless, upper management to bamboozle them into accepting your proposed budget for the stuff they actually need. Don't be afraid to make shit up.

For instance ...
Them : "Why do we need gigabit switches, the ones we have seem to work fine?"
Us : "With the inclusion of cluster cross-access to the relational database core, the crosstalk relection inherent in the layer 2 protocols with 100tx ports can reduce per-transaction remediation by up to 50% on recommits and down-level caching."
Them : "Okay, get them."

 

[CDdude55]

I'm in the final stages of completion pretty much and i have a few more questions that im unable to process myself:

1. The project gives us a block of Class B IP address (150.15.0.0/16) and i need to map the address blocks for each location. So would i just map each server using that address block?, like DNS server gets 150.15.1.2, FTP server gets 150.15.1.3 etc or what?

2. The client machines are going to be using dynamic IP address so they'll get their addresses from a DHCP server in the internet, but since it's a company, shouldn't the IP addresses be private and not provided from a DHCP server?

3.An IP VPN with a TI line to the HQ should be enough overall to support the network correct? the locations are throughout the U.S.