KU Network Project

1)Eagle 9

We trust on what we know

Design and Documentation By:Team: Eagle 9 Phone:+93795008012Email:  Hasibsahibzada@gmail.comDate:

Contents

1)Existing Network Infrastructure.

2)Problems with existing network.

3)Network Requirments.

4)Introduction to New KU network.

5)Services of the New KU network.

Existing Network Infrastructure.

Existing network Problems

1)Trunked ports.

2)Load on the NOC router.

3)Single point of failure devices.

4)NO bandwidth utilization.

5)Authentication problem.

6)Usage of one Cache server.

7)No routing protocols. (NO IP summarization.)

8)Less usage from layer three switches.

9)Usage of software based security firewalls.

10)Complicated Configuration.

Existing Network Services

1)Internet connections to all faculties

2)VOIP services

3)EMAIL service

4)One cache servers.

New Network Capabilities1)Different VLANS for (Data,Voice and Video).

2)VOIP Services.(LAN and WAN).

3)Video Conferencing Services in all faculties.

4)Web Service.

5)A improved Library.

6)Database.

7)Authentication (VPN and RADIUS).

8)Best Redundancy Links.

9)Best use of Routing Protocols (OSPF)

10)Centralized Control.

New Network Capabilities

1)IP summarizations on ABR routers.

2)Greater processing speed.

3)Flexability.

4)99.99% data availability & uptime.

5)Faster information retrieval

VOIP Service structures

1) Centralized Controll of VOIP.

A: Cisco CallManager 4.01 with SR2a or later

VOIP Service structures

2)None Centralized VOIP.

Benifites:

1)Fast connectivity.

2)Connecting to other Networks.

3)Istablishing connections to other Universities.

Video Conferencing

High-performance, flexible, and scalable video infrastructure to help you:

A: Conduct face-to-face discussions between distributed personnel.

B: Reduce travel and expenses

C: Enhance collaboration between colleagues, partners, and customers

Video Conferencing Requirments

Cisco Unified Videoconferencing 3500 Series products.

This solutions Provides:1) Support for a broad range of standards-based video endpoints.

2) Continuous presence features displayed at full HD quality .

3) Advanced conference setup and attendance functions, a range of dynamic layouts, and numerous in-conference controls for an optimal user experience.

4) Firewall-friendly desktop video to extend your video environment to any networked PC.

5) File sharing,

6) Integrated Voice

7) And lots more ..................................

Web Services

Kabul Univerisity Should have a Web site.

That should provide important informations about Kabul University and its faculties.

And should be an interface for Library and Database of the Kabul University.

It should be placed in the NOC.

Electronic LibraryThis Library should have all kinds of book found in the Kabul

University Library and other international books found on other international libraries.

Access Methods.

1: Inside access (Students in KU network).

2: out side access (Remote Users).

Structure of Library.

1: Primary server in NOC.

2: secondary in some star center faculties.

Cenchronization occures between these Libraries.

Database

Databases is designed for the information of

1: Faculties details

2: Teacher's profiles.

3: Student's profiles and grades.

4: Easy Result retrivals.

5: Classes time tables.

6: Start and end dates of Classes and more.

Mail Server

Mail server is currently Active on Kabul University from the ISP.

But we can make a mail server too.

ConnectivityThe connectivity is an important issue in the KU network.

All the devices are interconnected and is designed to be available 99.9%.

Usage of routing Protocol.

OSPF routing protocol is implemented in our Network to establish connections between all networks.

Routing protocol is used to avoid trunk ports and sub ports and to benefit from ip address summarizations for fast connectivity and fast convergence.

OSPF Structure in KU network.

Three areas are configured (area 0 ,area 1 and area2) on the Network.

These areas are used to betterly summarize IP addresses and to avoid lots of routing updates of routing protocols.

VLANSEvery Faculty has three VLANS1: Voice VLAN.

2: Video Conferencing VLAN.

3: Data VLAN (Through wired and Aps).

Every VLAN is actually a seperate network and the Switch assigns IP address From a specific network.

VLAN Networks are in available in routing updates and every faculty can reach to them.

OSPF Areas

Redundant ABRsblog.chinaunix.net

IP Addressing Schems

Security on the networkSecurity is one of the important part of every network.

Different security messures are concedered here.

Security while Connecting to the KU network.(Authentication)

Using RADIUS Server and VPN.

RADIUS Server

DEFINITION - Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources,

enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for

effective network management and security.

As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before

access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's

RADIUS Server

authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network.

If the credentials are at variance, authentication fails and network access is denied.

How Does RADIUS Server work?

RADIUS is a client/server protocol. The RADIUS client is typically a NAS and the RADIUS server is usually

a daemon process running on a UNIX or Windows NT machine. The client passes user information to designated RADIUS servers and acts on the response that is returned. RADIUS servers receive user connection requests, authenticate the user, and then return the configuration information necessary for the client to deliver service to the user.

A RADIUS server can act as a proxy client to other RADIUS servers or

other kinds of authentication servers.

RADIUS

1. User initiates PPP authentication to the NAS.

2. NAS prompts for username and password (if Password Authentication Protocol [PAP]) or CHAP (Challenge Handshake Authentication Protocol [CHAP]).

3. User replies.

4. RADIUS client sends username and encrypted password to the RADIUS server.

5. RADIUS server responds with Accept, Reject.

6. The RADIUS client acts upon services and services parameters bundled with Accept or Reject.

RADIUSThis server has (Authentication,Accounting and Authorization). ==== AAA

Server.

Implementing it in KU network. For inside USERS

RADIUS and VPNFor outside users we have two way

1: on the previous slides (Dial up connection)

2: VPN.• Windows 2000 RADIUS server requires Password Authentication Protocol

(PAP) for authenticating a Cisco VPN Client. (IPSec clients)

• Using a RADIUS server that does not support Microsoft Challenge Handshake Authentication Protocol (MSCHAP) requires MSCHAP options to be disabled on the VPN 3000 Concentrator. (Point−to−Point Tunneling Protocol [PPTP] clients)

• Using encryption with PPTP requires the return attribute MSCHAP−MPPE−Keys from RADIUS.(PPTP clients)

• With Windows 2003, MS−CHAP v2 can be used, but the authentication method should be set as "RADIUS with Expiry"

RADIUS and VPN

Components Used:• Cisco VPN 3000 Concentrator

• Cisco VPN Client

Security on network devices

Network devices like (Switches,Routers,servers).

1:Using ssh for management of switches and Routers.

2:Authentications for NOC servers.

NOC Servers like (Monitoring Servers,cach Servers, Exchange Servers and other servers).

Firewalls

Firewalls are very important in different places of our network.

Types of Firewalls in our Network.

Hardware Based Firewalls.

1: Netscreen 5200

Features:

Juniper NetScreen 5200

Juniper NetScreen 5200Location of the netScreen 5200.

Firewalls For FacultiesABR routers has Hardware firewalls.

Other software based FirewallsIndian Firewalls.

IPCOP Firewalls with web sence.

Micorsoft ISA firewall.(Has lots of features).

And These firewalls can be used as cach server too.

RedundancyRedundancy is something that keeps our network

up and available for the users.

We have different redundancies in out Network.

1: Link Redundancies.

Using Patch Panels on every faculties to make redundant links.

Using other fiber optic cores.

2: Server Redundancies.

Making Primary and secondary servers on different locations.

Using Virtualizations for servers.

Link Redundancies

Link Redundancies

Virtualizations

What's a server Virtualization? Basically, a virtual server, or VM, is an instance of some operating system platform

running on any given configuration of server hardware, centrally managed by a virtual machine manager, or hypervisor, and consolidated management tools.

A single instance may operate in isolation or share resources with several other instances of the same (or separate) server platforms.

Primary Benefits of Virtualization.

1:share its resources1:share its resources

2:functions as individual entity on the network.2:functions as individual entity on the network. 3:save money.3:save money.

4:Centralized server Management.4:Centralized server Management.

5:simple and faster Backup and recovery5:simple and faster Backup and recovery

Server Virtualization Features

Among the various virtualization methods available, NEC primarily focuses on virtualization software solutions. Because the virtualization software, or hypervisor, used by NEC runs directly on bare hardware (physical servers), our virtualized environments have little overhead. NEC’s proven, reliable solutions are built upon years of experience with virtualization.

Features:

Features

End