EXAMPLE OF A CAMPUS

NETWORK DESIGN
FROM TOP-DOWN NETWORK DESIGN BY PRISCILLA OPPENHEIMER
EXAMPLE OF A CAMPUS NETWORK
DESIGN
Background information
Business Goals
Technical Goals
Network Applications
User Communities and Servers
Current Network
Traffic Characteristics of Network Applications
Summary of Traffic Flows
Performance Characteristics

Network Redesign

2
BACKGROUND INFORMATION

Wandering Valley Community College (WVCC) –

600 students, 50 professors, 25 administration
staff
 Doubled enrollment, faculty and administration, except
the IT department
 Problems with performance and reliability

3
BUSINESS GOALS
Increase the enrollment from 600 to 1000 students
in the next 3 years.
Reduce the attrition rate from 30 to 15 percent in
the next 3 years.
Improve faculty efficiency and allow faculty to
participate in more research projects with
colleagues at other colleges.
Improve student efficiency and eliminate problems
with homework submission.

4
BUSINESS GOALS (CONT.)

Allow students to access the campus network and

the Internet wirelessly using their notebook
computers.
Allow visitors to the campus to access the Internet
wirelessly using their notebook computers.
Protect the network from intruders.
Spend a grant that the state government issued
for upgrading the campus network. The money
must be spent by the end of the fiscal year.
5
TECHNICAL GOALS
Redesign the IP addressing scheme.
Increase the bandwidth of the Internet connection to
support new applications and the expanded use of current
applications.
Provide a secure, private wireless network for students to
access the campus network and the Internet.
Provide an open wireless network for visitors to the
campus to access the Internet.
Provide a network that offers a response time of
approximately 1/10th of a second or less for interactive
applications.
6
TECHNICAL GOALS (CONT)
Provide a campus network that is available
approximately 99.90 percent of the time and offers an
MTBF of 3000 hours (about 4 months) and an MTTR of 3
hours (with a low standard deviation from these average
numbers).
Provide security to protect the Internet connection and
internal network from intruders.
Use network management tools that can increase the
efficiency and effectiveness of the IT department.
Provide a network that can scale to support future
expanded usage of multimedia applications.
7
NETWORK APPLICATIONS
1. Homework
2. Email
3. Web research
4. Library card catalog
5. Weather modeling (meteorology)
6. Telescope monitoring (astronomy)
7. Graphics upload (art)
8. Distance learning (computer science)
9. College management system
8
USER COMMUNITIES

9
USER COMMUNITIES (CONT.)

10
SERVERS

11
SERVERS (CONT.)

12
CURRENT NETWORK
(left) whole campus architecture – (right) building architecture

13
CURRENT NETWORK – FEATURES
The network uses switched Ethernet. A high-end switch in each building is redundantly
connected to two high-end switches in the Computing Center.
Within each building, a 24- or 48-port Ethernet switch on each floor connects end user
systems.
The switches run the IEEE 802.1D Spanning Tree Protocol.
The switches support SNMP and RMON. A Windows-based network management
software package monitors the switches. The software runs on a server in the server farm
module of the network design.
All devices are part of the same broadcast domain. All devices (except two public
servers) are part of the 192.168.1.0 subnet using a subnet mask of 255.255.255.0.
Addressing for end-user PCs and Macs is accomplished with DHCP. A Windows server in
the server farm acts as the DHCP server.
 The email and web servers use public addresses that the state community college network
system assigned to the college. The system also provides a DNS server that the college
uses.
The router acts as a firewall using packet filtering. The router also implements NAT. The
router has a default route to the Internet and does not run a routing protocol. The WAN
link to the Internet is a 1.544-Mbps T1 link.

14
CURRENT NETWORK – PHYSICAL
FEATURES
 Buildings are connected via full-duplex 100BASE-FX Ethernet (fiber
optic).
 Within buildings, 100-Mbps Ethernet switches are used.
 Every building is equipped with Category 5e cabling and wallplates
in the various offices, classrooms, and labs.
 The router in the Computing Center supports two 100BASE-TX ports
and one T1 port with a built-in CSU/DSU unit. The router has a
redundant power supply.
 A centralized (star) physical topology is used for the campus cabling.
Underground cable conduits hold multimode fiber-optic cabling. The
cabling is off-the-shelf cabling that consists of 30 strands of fiber with
a 62.5-micron core and 125-micron cladding, protected by a plastic
sheath suitable for outdoor wear and tear.
15
TRAFFIC CHARACTERISTICS OF NETWORK
APPLICATIONS
Homework, email, web research, library card catalog, and college
management system applications have nominal bandwidth requirements
and are not delay sensitive.
The other applications, however, use a significant amount of bandwidth,
in particular a high percentage of the WAN bandwidth to the Internet.
The distance-learning application is also delay sensitive.
Weather-modeling and telescope-monitoring, graphics uploads limited
bandwidth to Internet.
Distance-learning is one-way streaming and now is point-to-point
service with 56-Kbps bandwidth. Should support IP multicast and allow
more than 10 connections at time.

16
SUMMARY OF TRAFFIC FLOWS
Computing Center

Router To Internet

17
PERFORMANCE CHARACTERISTICS
The bandwidth on the Ethernet campus network is lightly used
Three Major problems:
The IP addressing scheme supports just one IP subnet with /24 mask
Only 254 addresses are allowed

The 1.544-Mbps connection to the Internet is overloaded.

Average network utilization of the serial WAN link in a 10mins window is 95%.
The router drops about 5 percent of packets due to utilization peaks of 100%.

The router itself is overloaded.

The assistants discovered that the 5min CPU utilization is often as high as 90 %
The 5sec CPU utilization often peaks at 99%, with a large portion of the CPU power
being consumed by CPU interrupts.
The Internet router CPU is overused not just because of the large amount of traffic
but also because of the access lists and NAT tasks.
18
NETWORK REDESIGN FOR WVCC
Enhancements:
Optimized routing and addressing for the campus backbone that
interconnects buildings provides access to the server farm and routes
traffic to the Internet
Wireless access in all buildings, both for visitors and users of the
private campus network (students, faculty, and administrative staff)
Improved performance and security on the edge of the network
where traffic is routed to and from the Internet

19
OPTIMIZED IP ADDRESSING AND
ROUTING FOR THE CAMPUS BACKBONE
Server farm: 192.168.1.1–192.168.1.254
Library: 192.168.2.1–192.168.2.254
Computing Center: 192.168.3.1–192.168.3.254
Administration: 192.168.4.1–192.168.4.254
Business and Social Sciences: 192.168.5.1–192.168.5.254
Math and Sciences: 192.168.6.1–192.168.6.254
Arts and Humanities: 192.168.7.1–192.168.7.254
Users of the secure, private wireless network: 192.168.8.1–192.168.8.254 (This is a campus wide
subnet that spans all buildings and outside grounds.)
Users of the open, public wireless network: 192.168.9.1–192.168.9.254 (This is a campus wide
subnet that spans all buildings and outside grounds.)
The email and web servers use public addresses that the state community college network system
assigned to the college.
Using Layer 3 (OSPF) protocol instead of Layer 2 (STP), because it is not proprietary, converges quickly,
supports load sharing, and is moderately easy to configure and troubleshoot.

20
WIRELESS NETWORK
Private and Public Wireless – 2 access points in each building
 Different channels
 The access points support IEEE 802.11n and each provides a nominal bandwidth of 600
Mbps.

Separate VLANS for each Network

The Open (Public) Network:
 not configured for WEP or MAC address authentication
 the SSID is announced in beacon frames so that users can easily associate with the
WLAN.
 Security - access lists that forward only a few protocols (TCP ports 80 (HTTP), 25 (SMTP),
and 110 (POP), and UDP ports 53 (DNS) and 67 (DHCP)). All other traffic is denied.

The Private Network:

 the SSID is hidden and not announced in beacon frames.
 security – WPA + TKIP + 802.1X + LEAP + RADIUS SERVER

21
IMPROVED PERFORMANCE AND SECURITY
FOR THE EDGE OF THE NETWORK
Break apart the network functions of security and traffic forwarding.
Simpler list of access filters that provide initial protection from
intruders, removed NAT with a dedicated firewall between the router
and the campus network. The firewall provides security and NAT.
Four interfaces on the firewall: The outside interface will connect the
Internet router; two inside interfaces will connect the campus network;
and the demilitarized zone (DMZ) interface will connect the email and
web servers.
WAN link was replaced with a 10-Mbps Metro Ethernet link. (Single-
mode-fiber-optic-link)

22
ENHANCED NETWORK DESIGN

23
TOP-DOWN NETWORK DESIGN STEPS
Step 1. Analyze requirements, including both business and technical goals,
and any “workplace politics” that are relevant to technology choices.
Step 2. Characterize the existing network.
Step 3. Identify network applications and analyze bandwidth and QoS
requirements for the applications.
Step 4. Analyze traffic flows.
Step 5. Choose a logical topology.
Step 6. Select building access technologies.
Step 7. Select campus-backbone technologies.
Step 8. Select Internet connectivity technologies.
Step 9. Select security solutions.

24