Design Project Report

NETSOLUTIONS NETWORKING SOLUTIONS PROPOSAL

EEX5434
Data Communications & networking

By
S M G A SIPKADUWA
619224611

Submitted to
Department of Electrical and Computer Engineering
Faculty of Engineering Technology
The Open University of Sri Lanka

At
Colombo Regional Center
On
28th November 2023

1|Page
 1. CUSTOMER A : A Consulting Firm
1.1.a Plan for Connectivity

▪ In order to satisfy the unique requirements of Customer A's consulting business, we advise
them to have a dedicated and trustworthy Internet connection. We suggest a fiber optic
internet connection in light of the importance of services like DNS, mail, and web hosting, as
well as the need for staff members to have quick access to the internet.

EXTERNAL
NETWORK

WEB SERVER

INTERNAL
NETWORK
MAIL SERVER

DNS SERVERS

2|Page
1.1.b. Internet Connectivity:
▪ Establish a dedicated and reliable internet connection for the Consulting firm. This can be
achieved through a high-speed broadband connection or a dedicated leased line, depending on
the size and budget of the firm.
▪ Consider redundancy options to ensure high availability, such as a secondary connection or
failover mechanisms.

1.1.c. Server Configuration:

▪ Configure the DNS Server (Primary) to host the firm's domain name. Ensure proper DNS
resolution for internal resources and external internet domains.
▪ Set up the Mail and Web Server to handle email communication and host the firm's
website.

1.1.d. Internal Network:

▪ Implement a secure and robust internal network infrastructure.
▪ Assign static IP addresses to the servers for consistent network access.
▪ Implement firewalls and security measures to protect the internal servers from
unauthorized access.

1.1.e. Employee Internet Access:

▪ Establish a different network for staff workstations.
▪ Give employees access to a reasonably quick internet connection so they can use the
internet effectively.
▪ In order to priorities traffic for essential services like DNS, mail, and web surfing, think
about installing Quality of Service (QoS).

1.1.f. Security Measures:

▪ Implement security measures such as firewalls, intrusion detection/prevention systems,
and antivirus solutions to safeguard the network.
▪ Enforce strong password policies and access controls to protect sensitive data on the
servers.

1.1.g. Scalability:
▪ Design the network with scalability in mind to accommodate future growth in the number
of staff or services.

1.1.h. Monitoring and Management:

▪ Implement network monitoring tools to track the performance of servers and network
devices.

3|Page
 ▪ Set up a management system for easy troubleshooting and maintenance.

1.1.i. The suggested technological kind is a fiber-optic internet connection.

➢ Fiber optics offer several benefits to cater to the unique requirements of the company.

o High Bandwidth:
Broadband capacity is much higher with fiber optics than with conventional copper wires.
Ensuring prompt and effective communication is important for consulting firms that depend on
data-intensive systems and services.
o Reliability:
Fiber optics have a reputation for dependability. Their resistance to electromagnetic interference
might be crucial in preserving a steady internet connection and guaranteeing uninterrupted access
to the company's servers.
o Low Latency:
Compared to copper connections, fiber optic cables have reduced latency since they transfer data
at the speed of light. This ensures that staff members have a smooth communication experience
and is especially useful for real-time applications like video conferencing.
o Extended Ranges:
Longer transmission lengths without appreciable signal deterioration are possible using fibre
optics. This is helpful in case the consulting
o Security:

4|Page
Fiber optic cables are more secure than traditional copper cables because they don't emit
electromagnetic signals that can be easily tapped into. This enhances the overall security of the
network, especially for sensitive data such as client information.
o Reduced Maintenance:
Fiber optic cables are less prone to damage and require less maintenance compared to traditional
copper cables. This can result in lower long-term operational costs for the firm.
o Support for Multiple Services:
Fiber optics can support various services simultaneously, including internet connectivity, VoIP
(Voice over Internet Protocol), and other data-intensive applications, making it a versatile choice
for the firm's networking needs.

1.2.a. Working together with ISP

starting negotiations with the chosen Internet Service Provider (ISP) to resolve any outstanding
issues about the Fiber Optic Internet Connection, such as service level agreements, installation
schedules, and available capacity.

1.2.b. Selecting Network Hardware/Equipment

To guarantee a smooth integration into the current network infrastructure, assess and buy the
routers, switches, and firewalls that are compatible with fiber optics.
i. Router:
A high-quality router to manage the internet connection and facilitate communication between
the internal network and the ISP's network.
ii. Switches:
Ethernet switches to connect and manage the local area network (LAN) within the office.
Consider managed switches for better control and network optimization.
iii. Firewall:
A firewall to protect the internal network from unauthorized access and potential cyber threats.
This is crucial for securing the DNS, mail, and web servers.
Iv Servers:
DNS Server: To host the firm's domain name and handle domain name resolution.
Mail Server: For managing internal email communication.
Web Server: To host the firm's website and web applications.

5|Page
v. Access Points:

Wireless access points to provide Wi-Fi connectivity for staff members who use laptops or
mobile devices. Ensure secure configurations and strong encryption for wireless communication.
vi. Modems or Optical Network Terminal (ONT):

If using a broadband internet connection, a modem or ONT may be required to interface with the
ISP's network, converting the optical signal (if using fiber) or digital signal (if using DSL or
cable) to Ethernet.

1.2.c. Installing

➢ Physical Setup:
Install and mount network equipment in the server room or data center. Ensure proper ventilation
and environmental conditions for servers and networking devices.

➢ Connectivity:
Connect all devices using appropriate Ethernet cables. Ensure the correct placement of cables,
avoiding interference and maintaining neat cable management.

➢ Power:
Connect devices to power sources, and if applicable, connect critical equipment like servers and
network devices to Uninterruptible Power Supplies (UPS) to ensure continuous operation during
power outages.

6|Page
 ➢ Configuration:
Configure the router with the necessary settings provided by the ISP.
Configure switches with VLANs if needed.
Set up security parameters on the firewall, including rules for inbound and outbound traffic.

➢ Server Configuration:
Configure the DNS Server with the firm's domain name and relevant settings.
Set up the Mail Server with email accounts and security configurations.
Configure the Web Server with the firm's website and necessary security features.

➢ Wireless Network Setup:

Configure wireless access points with secure Wi-Fi settings, including strong encryption and
authentication methods.

1.2.d. Testing

➢ Testing Physical Connections:

Physically inspect all connections to ensure they are secure and correctly plugged in.

➢ Connectivity Testing:
Verify internet connectivity by checking the connection from a computer on the network.
Test communication between internal servers to ensure proper functioning.

➢ DNS Testing:
Confirm that the DNS server can resolve internal and external domain names.
Test DNS resolution from client computers to ensure proper functionality.

➢ Email Testing:
Send test emails to verify that the mail server is sending and receiving emails correctly.
Check email access from client computers to ensure proper configuration.

7|Page
 ➢ Web Server Testing:
Access the firm's website internally and externally to verify the proper functioning of the web
server.
Test different web applications hosted on the server if applicable.

➢ Wireless Network Testing:

Test Wi-Fi connectivity from various locations within the office to ensure adequate coverage.
Check the performance and security of the wireless network.

➢ Security Testing:
Perform security testing to identify and address vulnerabilities.
Verify that firewall rules are correctly configured and provide the necessary protection.

➢ Backup and Recovery Testing:

Test backup procedures and ensure that data can be recovered in case of data loss.
Verify the functionality of any network-attached storage (NAS) devices

8|Page
1.3.a. Plan for IP Addressing:
o Creating an appropriate IP addressing scheme is essential to a network's smooth and well-
organized operation.

1.Understand the Requirements:

-Identify the number of devices that require IP addresses, including servers, computers, printers, and other
networked devices.
-Consider the potential growth of the network to ensure scalability.

2.Choose IP Address Classes:

-Decide whether to use IPv4 or IPv6 based on the firm's requirements and compatibility with existing
devices.
- Decide IP version 4

3. Allocate IP Address Ranges:

-Assign specific IP address ranges to each subnet.

-Consider leaving room for future expansion and avoid creating subnets that are too small.

4. Divide the Network into Subnets:

-Divide the network into logical subnets based on departments, functions, or physical locations.
-Subnetting helps in organizing and segmenting the network for better security and performance.
-Subnet 1: Office: Subnet Mask: 255.255.255.0
-Subnet 2: Servers: Subnet Mask: 255.255.255.0
-Subnet 3: Wireless Network: Subnet Mask: 255.255.255.0

5.IP Addressing Plan:

-Subnet 1: Office Staff
IP Range: 192.168.1.1 - 192.168.1.254
Subnet Mask: 255.255.255.0

9|Page
-Subnet 2: Servers
IP Range: 192.168.2.1 - 192.168.2.254
Subnet Mask: 255.255.255.0
-Subnet 3: Wireless Network
IP Range: 192.168.3.1 - 192.168.3.254
Subnet Mask: 255.255.255.0
-In additionally
▪ DNS Server:
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
▪ Mail and Web Server:
IP Address: 192.168.1.11
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
▪ Staff Computers:
DHCP-based dynamic IP addresses,
IP Range: 192.168.1.50 to 192.168.1.79
Subnet Mask: 255.255.255.0
Broadcast Address: 192.168.1.80
Default Gateway: 192.168.1.1

References: https://www.linkedin.com/company/total-network-solutions
: https://obkio.com/blog/network-testing/

10 | P a g e
 2. CUSTOMER B : A TRADING FIRM (ZEST)

2.1.a Connectivity Plan for Zest Trading Firm:

▪ In order to satisfy the unique requirements of Customer A's consulting business, we advise them to
have a dedicated and trustworthy Internet connection. We suggest a Fiber Optic Internet Connection
in light of the necessity for personnel to have quick access to the internet and the importance of
services like DNS, Mail, and Web hosting.

LAN 2
LAN 1

LAN 3

11 | P a g e
2.1.b. Internet Connectivity:

• Internet Service Providers (ISPs):

Select reputable ISPs that can provide reliable and high-speed internet connectivity to both the
Head Office and each branch.
Consider ISPs that offer Service Level Agreements (SLAs) for guaranteed uptime and
performance.
• Bandwidth Requirements:
Assess the bandwidth requirements for each location based on the anticipated internet usage.
Consider factors such as the number of users, types of applications, and the volume of data
traffic.
• Load Balancing:
Implement load balancing to distribute internet traffic across multiple connections, optimizing
bandwidth usage and ensuring efficient performance.
• Remote Access Security:
If remote access is required, implement secure methods such as Virtual Private Network (VPN)
connections to ensure the confidentiality and integrity of data.
• Monitoring and Reporting:
Implement network monitoring tools to track internet usage, bandwidth consumption, and overall
network performance.
Generate regular reports to assess the effectiveness of the internet connectivity plan.

2.1.c. Connectivity Plan

Plan 1: WAN Technologies
Wide Area Network (WAN):

-It connects all branches to the head office through a secure WAN.

-Utilizes routers for WAN connectivity and VPN technology for secure communication.
Plan 2: LAN Technologies
Local Area Network (LAN):
-Each location (Head Office and branches) has its own LAN.
-LAN technologies include Ethernet for local connectivity within each office.

12 | P a g e
-The WAN technologies are essential to both designs in order to connect geographically
separated sites (the head office and branches). WAN technologies provide smooth data flow
between offices by enabling secure connections over a larger distance.

-On the other hand, local connectivity within each office is provided using LAN technology. For
the purpose of linking devices within the same physical space, technologies like Ethernet are
used.

-Together, the WAN and LAN components provide a seamless network architecture that satisfies
Zest Trading Firm's unique requirements. Local connectivity inside each office is handled by
LAN technology, while interoffice communication is facilitated via the WAN.

2.2.a. Plan for IP Addressing:

One of the most important steps in configuring a network is creating an IP addressing strategy.
This article provides instructions on how to create an IP addressing plan for a company.

1. Understand the Requirements:

Identify the number of devices that require IP addresses. Consider servers, computers, printers,
network devices, and other connected equipment.

▪ Computers and Workstations:

-Staff computers and workstations are essential connected equipment in an office network.

▪ Servers:

-Servers host various services and applications. In the case of Zest Trading Firm, servers may
include DNS servers, mail servers, web servers, file servers, etc.

▪ Printers and Scanners:

-Network printers and scanners are connected devices that provide printing and scanning services
to the network.

▪ Network Switches:

-Switches are network devices that connect multiple computers within a local area network
(LAN). They facilitate communication between devices within the same subnet.

13 | P a g e
▪ Routers:

-Routers connect different subnets within the network. They enable communication between
devices in different parts of the organization, such as between the Head Office and branches.

▪ Firewalls:

-Firewalls are security devices that control and monitor incoming and outgoing network traffic.
They are crucial for protecting the network from unauthorized access and cyber threats.

▪ Wireless Access Points (WAPs):

-WAPs enable wireless connectivity for devices such as laptops, tablets, and smartphones within
the organization.

▪ Network Security Appliances:

-Devices such as intrusion detection/prevention systems, antivirus gateways, and content filtering
appliances contribute to the overall security of the network.

Anticipate future growth to ensure scalability.

2. Divide the Network into Subnets:

Divide the network into logical subnets based on departments, functions, or physical locations.

Subnetting helps in organizing and segmenting the network for better security and performance.

➢ Subnet 1: Head Office: Subnet Mask:192.168.1.0/24

➢ Subnet 2: Branches:
❖ Branch1: Subnet Mask: 192.168.2.0/24
❖ Branch2: Subnet Mask: 192.168.3.0/24
❖ Branch3: Subnet Mask: 192.168.4.0/24
❖ Branch4: Subnet Mask: 192.168.5.0/24
❖ Branch5: Subnet Mask: 192.168.6.0/24
❖ Branch6: Subnet Mask: 192.168.7.0/24
❖ Branch7: Subnet Mask: 192.168.8.0/24
❖ Branch8: Subnet Mask: 192.168.9.0/24
❖ Branch9: Subnet Mask: 192.168.10.0/24

➢ Subnet 3: Servers: Subnet Mask: 192.168.11.0/24

➢ Subnet 4: Wireless Network: Subnet Mask: 192.168.12.0/24

14 | P a g e
 3. Choose IP Address Classes:

Decide whether to use IPv4 or IPv6 based on the organization's requirements and compatibility
with existing devices.

4. Allocate IP Address Ranges:

➢ Head Office: IP Range: 192.168.1.1 - 192.168.1.254

-Suggest 192.168.1.1-192.168.1.51-for 50 computers

➢ Branches:

- Branch 1: IP Range: 192.168.2.1 to 192.168.2.19

- Branch 2: IP Range: 192.168.3.1 to 192.168.3.19

- Branch 3: IP Range: 192.168.4.1 to 192.168.4.19

- Branch 4: IP Range: 192.168.5.1 to 192.168.5.19

- Branch 5: IP Range: 192.168.6.1 to 192.168.6.19

- Branch 6: IP Range: 192.168.7.1 to 192.168.7.19

- Branch 7: IP Range: 192.168.8.1 to 192.168.8.19

- Branch 8: IP Range: 192.168.9.1 to 192.168.9.19

- Branch 9: IP Range: 192.168.10.1 to 192.168.10.19

➢ Servers: IP Range: 192.168.11.1 - 192.168.11.254

➢ Wireless Network: IP Range: 192.168.12.1 - 192.168.12.254

Assign specific IP address ranges to each subnet.

Consider leaving room for future expansion and avoid creating subnets that are too small.

5. Define Subnet Masks:

Determine the subnet mask for each subnet based on the number of devices it needs to
accommodate.

Choose an appropriate subnet mask that balances the number of subnets and hosts.

15 | P a g e
6. Allocate IP Addresses:

Assign static IP addresses to servers and critical network devices.

Use DHCP (Dynamic Host Configuration Protocol) for dynamic assignment of IP addresses to
client computers.

References: https://hotelbostanciprenses.com/2021/know-more-about-sd-wan-network-
management/

: https://ipwithease.com/network-design-cisco-router-for-branch-site-with-5-6-
endpoints-2/

16 | P a g e
3.Customer C: C-Soft - Teleworking Software Development Company

3.1.a Plan for Connectivity

Software developers using C-Soft's teleworking model need a Virtual Private Network (VPN) in
order to provide safe remote access. With the help of this VPN, developers will be able to access
the company's internal network and secure servers without difficulty from anywhere in the world.

17 | P a g e
3.1.b. The suggested technological kind is a virtual private network (VPN).
o Given the nature of Teleworking, a Virtual Private Network (VPN) solution will be
implemented to provide secure and remote access for software developers.
o Utilize a combination of Internet connections and a dedicated VPN gateway for a
seamless and secure connection.
o Implement a Site-to-Site VPN solution for secure connectivity.
o Utilize SSL VPN for ease of access and compatibility across various devices.
o Employ Multi-Factor Authentication (MFA) for enhanced security.

18 | P a g e
3.1.c. Implementation Details:
1. Connectivity Plan Implementation:
o Set up a VPN gateway at the company's central location to establish secure connections with
remote software developers.
o Configure client VPN software on each developer's device to enable secure access.
o Ensure that the VPN solution supports bandwidth requirements for efficient application
development.
2. Proposed Technology Implementation:
o Implement SSL VPN technology for its flexibility and ease of use across various platforms
and devices.
o Integrate Multi-Factor Authentication (MFA) to enhance the security of VPN access.
o Regularly update VPN software and security protocols to address emerging threats.

3. IP Addressing Plan Implementation:

o Allocate a specific subnet for the secure servers, ensuring a clear distinction between internal
and external traffic.
o Use DHCP for software developers' devices to dynamically assign IP addresses, simplifying
network management.
o Implement IPv6 alongside IPv4 to accommodate the growing number of connected devices
and future expansion.
3.1.d. Benefits:

1.Enhanced Security:

Secure access to the internal network ensures the confidentiality and integrity of application
details.

2.Flexibility and Mobility:

Teleworking software developers can connect to the secure servers from any location with
internet access.

3.Scalability:

The use of dynamic addressing and IPv6 allows for scalability as the company expands its
workforce.

19 | P a g e
 4.User-Friendly Access:

SSL VPN provides a user-friendly and consistent experience across various devices and
operating systems.

5.Reduced Operational Costs:

Teleworking reduces the need for physical office space and associated infrastructure, leading
to cost savings.

3.2. Plan for IP Addressing:

1. Subnet Allocation:

Allocate a subnet for the secure servers within the internal network. For
example:
Secure Servers: 192.168.1.0/24

1. Dynamic IP Assignment (DHCP):

Implement DHCP for software developers' devices to simplify IP address

management and provide dynamic addressing. Consider a DHCP range for
remote devices:
DHCP Range: 192.168.2.1 - 192.168.2.254

2. Static IP Assignment:

Assign static IP addresses to critical infrastructure components such as servers

and network devices within the allocated subnet:
VPN Gateway: 192.168.1.1
DNS Server: 192.168.1.2
Future Expansion: 192.168.1.3 - 192.168.1.10

3. VPN Client Address Pool:

Define a specific IP address pool for VPN clients connecting remotely. This
pool should be separate from the internal network's DHCP range:
VPN Client Pool: 10.0.0.1 - 10.0.0.100
20 | P a g e
references: https://readwrite.com/cybersecurity-tips-for-remote-workers/
: https://www.networkdefenseblog.com/post/network-vpn-design

21 | P a g e
 ***

22 | P a g e