+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, network design - just bouncing idea off anyone who cares to look in Technical; G'day gang, Just about to start a relative overhaul of the current network infrastructure since ive had to add some ...
  1. #1
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17

    network design - just bouncing idea off anyone who cares to look

    G'day gang,

    Just about to start a relative overhaul of the current network infrastructure since ive had to add some band-aid switches here and there because of large (and rapid) growth in some areas.

    In addition ive never had anyone comment on the actual network design, hopefully its all gravy but id like to hear your comments if things can be done better (or if its perfect haha).

    Things to note about the diag.

    1) Each bottom colour surrounded item represents a building and its assosciated VLAN, all colours/VLAN are supposed to be unque but i think i may have doubled up on some. Router provides inter-vlan routing and acts as the virtual interfaces for all vlan dhcp scopes.

    2) This also aplies to the server segment and the 24port 10/100 switch

    3) Dashed lines represent fibre optic

    3) At each building there is atleast 1x 24port 10/100 switch with GBIC interface

    4) The router-to-optical swtich interface is via media converter from opticla to copper


    Things i would like help/clarification with:

    1) The central router, should it be 'in-line' or should it be hanging off the optical switch only utilising one interface? Therefore enabling direct connection from the 12 port gigabit (with gbic) to the optical switch

    2) Is the link between optical switches OK? (being optical patch link) These switches are physically on top of each other, but i seperated them just for diagram purposes.

    3) A throw back to other thread ive been reading recently, where would be a good place to place an instance of packetFence here?

    4) All servers (including http, smtp, remoteFileAccess ... web accessible) are in the server segment. My backend firewall is an ISA 2k4 box and the front side is a fairly plain netgear. Is this good or bad practice? Ive heard both in regards to isa applicaiton filterting as a plus, but server location (non-DMZ) as a negative.


    Thanks alot everyone, very much appreciated for any words of wisdom you can spin my way.

    Regards
    Anthony
    Attached Images Attached Images

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,816
    Thank Post
    517
    Thanked 2,473 Times in 1,916 Posts
    Blog Entries
    24
    Rep Power
    836
    The first thing I'd say is that the having 2 optical switches connected together like that adds a possible bottleneck. It most likely isn't one just at the moment, but could be (set up an installation of Cacti to monitor it for a while and see what sort of traffic it is utilising).

    The ideal solution would be to have the core switch be a single unit - something like a HP 6200yl-24G-mGBIC. That way, all feeds in get the same capacity.

    As for the way the servers are connected, this is an area which I would say opinion will vary. Personally, I'd say they should be connected directly to the core as this provides a direct route to them from the core. Others, if I remember correctly Torledo is one, prefer a cleaner approach of separating the 2 functions. The core would simply deal with connecting switches together, and another switch would deal with connecting the servers to the core, like you have at present. But I see this as a potential bottleneck really.

    EDIT: On the central router issue, I would say that if you replace your core, you should replace it with one that can do routing itself. The 6200yl above does it, as does the 5400zl. This will speed up routing quite a lot.

    And the ideal location for your web accessible servers is in a DMZ, where their traffic to your local network can be filtered to ensure it is safe. However, sometimes, this is simply not feasible, as it could end up costing you in terms of new hardware - money which many schools aren't willing to spend.
    Last edited by localzuk; 4th June 2008 at 09:09 AM.

  3. #3

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,942
    Thank Post
    1,199
    Thanked 1,069 Times in 760 Posts
    Rep Power
    330
    Localzuk: totally agree with you there all servers should be connected directly into the core switch (having a redundant core switch also for failover) as this is the single point of failure.

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    Quote Originally Posted by amfony View Post
    Things i would like help/clarification with:

    1) The central router, should it be 'in-line' or should it be hanging off the optical switch only utilising one interface? Therefore enabling direct connection from the 12 port gigabit (with gbic) to the optical switch

    2) Is the link between optical switches OK? (being optical patch link) These switches are physically on top of each other, but i seperated them just for diagram purposes.

    3) A throw back to other thread ive been reading recently, where would be a good place to place an instance of packetFence here?

    4) All servers (including http, smtp, remoteFileAccess ... web accessible) are in the server segment. My backend firewall is an ISA 2k4 box and the front side is a fairly plain netgear. Is this good or bad practice? Ive heard both in regards to isa applicaiton filterting as a plus, but server location (non-DMZ) as a negative.


    Thanks alot everyone, very much appreciated for any words of wisdom you can spin my way.

    Regards
    Anthony
    1) if it is routing between two different ip subnets then it should be in line as you have it. If it is sitting in between your workstations and all servers though it will act as a bottleneck meaning that your workstations have only one gigabit of bandwidth to share between them when talking to all the servers. Depending on how many servers you have this could mean a very low amount of bandwidth is avalible from each one (100mbit or less)

    2) The link between the switches should show up like that on the diagram but having a single 1GB link between them does create a bottleneck on the network and has no redundancy, trunking another link if possible would be a good call.

    3) not sure on this one but probably off one of the 12port gigabit switches so that any packets can be packets can be injected quickly without having to go through the router.

    4) ISA is good in my opinion and can be setup as the primary firewall or behind an existing firewall that limits ports as a second level of defense.

  5. #5
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    Hey gang,

    Thanks alot for the input. It is well appreciated. I have made some changes to the situation like (hopefully) obtaining some 4 x gigaBit modules for the optical switches which would achieve in part the "server on core" idea. As far as having the 2 optical switches there isnt much i can do about that in the near future as there seems to be no more money in the kitty haha.

    In saying that i have been doing some research into refubished/2nd hand core equipment which seem to be alot more cost effective. Any one have thuoghts positive or negative on refurbished network equipment they would like to share?

    Thanks again for the input. And happy birthday to EduGeek, very very nice site and resource!
    Last edited by amfony; 5th June 2008 at 01:31 PM. Reason: missing X

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    In saying that i have been doing some research into refubished/2nd hand core equipment which seem to be alot more cost effective. Any one have thuoghts positive or negative on refurbished network equipment they would like to share?
    I know HP's 'lifetime' warrenty on their procurve kit does not apply if its second hand.

  7. #7
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    I know HP's 'lifetime' warrenty on their procurve kit does not apply if its second hand.
    Ha! Thats abit ironic, dont cha think. Thanks for the info Geoff.

SHARE:
+ Post New Thread

Similar Threads

  1. Design - Best Webpage you have ever seen?
    By Zoom7000 in forum General Chat
    Replies: 26
    Last Post: 4th June 2008, 12:03 PM
  2. Web design software for KS3?
    By scgf in forum Educational Software
    Replies: 8
    Last Post: 22nd May 2008, 01:12 PM
  3. New 2D Design talking to the Old Mill Design
    By Sean in forum Educational Software
    Replies: 5
    Last Post: 15th January 2008, 09:26 AM
  4. Looking for Design software?
    By jumpinjamez in forum Educational Software
    Replies: 3
    Last Post: 10th May 2007, 02:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •