Enterprise network planning and optimization

Internet 2023-09-30 18:15:29 views: null

Enterprise network planning and optimization

1. Experimental background

The network topology of a warehousing enterprise is shown in Figure 1-. The enterprise covers an area of ​​500 acres. There is one five-story office building and 10 large warehouses. Each warehouse is equipped with 16 video surveillance units inside and outside, and a total of 160 video surveillance units are installed. Switch A, servers, firewalls, management machines, Router A and other equipment are deployed in the data computer room on the first floor of the corporate office building. SwitchB is deployed in the office building. The first-floor wiring room serves as the access device on the first floor. Switch C and SwitchD are deployed in warehouse 1 and warehouse 2 respectively. The switches in each warehouse are connected to SwitchA.

The network access methods of switches on other floors of the office building and switches in other warehouses are the same as the access methods of Switch B, Switch C, and Switch D in Figure 1-1, and are no longer marked separately on Figure 1-1.

Picture 1-1

The enterprise's office network uses the 172.16.1.0/24 address segment, and the number of department terminals is shown in Table 1-1.

department

Number of terminals

IP address range

subnet mask

Administration Department

28

172.16.1.1~172.16.1.30

(1)

Marketing Department

42

(2)

255.255.255.192

Finance Department

20

(3)

255.255.255.224

Business Unit

120

172.16.1.129~172.16.1.254

(4)

Table 1-1

(1) 255.255.255.224

(2) 172.16.1.65~172.16.1.126

(3) 172.16.1.33~62

(4) 255.255.255.128

2. Calculation of IP address range for the number of department terminals:

2.1 Administration Department (28 terminals):

2.1.1 Subnet size:

2 to the 5th power = 32.

Therefore, the number of the 4th byte in the subnet mask = 256-32 = 224.

The subnet mask is 255.255.255.224.

2.2 Marketing Department (42 terminals):

2.2.1 Subnet size:

2 to the 6th power = 64.

The administration department has already used the subnet segment 172.16.1.1~172.16.1.30, so the marketing department needs to take 64 consecutive addresses starting from 172.16.1.64.

The IP address range of the marketing department is 172.16.1.65~172.16.1.126, excluding the network address and broadcast address.

2.3.1 Finance Department (20 terminals):

2.3.2 Subnet size:

2 to the 5th power = 32.

Since 172.16.1.1172.16.1.30 and 172.16.1.65172.16.1.126 have been used, the Finance Department needs to take 32 consecutive addresses starting from 172.16.1.32.

The IP address range of the Finance Department is 172.16.1.33~172.16.1.62, excluding the network address and broadcast address.

2.4.1 Business Department (120 terminals):

2.4.2 Subnet size:

2 to the 7th power = 128.

Therefore, the number of the 4th byte in the subnet mask is 256-128=128.

The subnet mask is 255.255.255.128.

2.5 Explanation of subnet size selection:

We choose the size of the subnet based on the number of terminals in the department and future expansion needs.

For example, the subnet size for the Administration Department is 32. Since there are 28 terminals, this size is sufficient to meet current needs while leaving some available addresses for future expansion. This allows for efficient management of IP addresses and avoids waste and unnecessary address fragmentation.

2.6.Selection of IP address range:

When allocating IP address ranges to the Marketing and Finance departments, we take into account address segments that are already in use to avoid conflicts.

For example, when allocating the IP address range of the marketing department, we considered that the administrative department has already used the subnet segment 172.16.1.1172.16.1.30, so we chose the address range starting from 172.16.1.64 to ensure that it is not related to the administrative department. departmental conflict. At the same time, we also avoided overlapping the address range with the business department (172.16.1.129172.16.1.254) to ensure the normal operation of the network.

3. Topology analysis

3.1 What subsystem does the wiring system from the warehouse to the office building belong to? What transmission quality should be used? What components are needed to connect the cable to the switch?

Building group subsystem or park subsystem uses single-mode optical fiber, optical module or SFP.

3.2 Answer explanation

The question actually examines the basic concept of integrated wiring. According to the topology diagram, it can be seen that the warehouse and the office building belong to different buildings. Therefore, the wiring system connecting the warehouse to the office building belongs to the building group subsystem.

The transmission medium usually used for building group subsystems is optical fiber. Although the background does not specify the distance between each building, it can be understood from the background that a large park corresponds to a large warehouse. It can be considered that The distance is relatively long. Therefore, it is recommended to use single-mode fiber.

Optical modules are usually used to connect optical fibers to switches. Theoretically, photoelectric converters can also meet the requirements. However, from the perspective of network design, it is recommended to choose optical modules or SFP.

4. Scenario analysis

If the connected IPC uses 1080P image transmission quality to transmit data, please explain whether the 100M switches used by Switch C and Switch A meet the bandwidth requirements.

Switch C can meet the requirements, but Switch A cannot. The data volume of 1080P image transmission is about 6Mb/s. Therefore, the data volume carried by Switch C is 96Mb/s. 100Mb/s can meet the requirements, and the traffic generated by 160 units is far more than 100Mb/s, so Switch A is used as the core and cannot meet the requirements. This is a basic calculation question. The difficulty lies in the transmission speed required for 108P image transmission. The resolution of 1080P is 1920*1080, the bandwidth used is 3-9Mbps, and the mainstream bandwidth is 6Mbps. Since the location of Swtich C requires access to 16 IPC channels, each channel is calculated as 6Mbps as 16*6Mbps=96Mbps. If you choose a 100M switch, it can barely meet the requirements.

Swtich A is at the core. The warehouse below has a total of 160 IPC connections, and the total bandwidth is far more than 100Mbps, so it cannot meet the requirements.

5. Scenario assumptions

5.1 Add a switch Switch E to location A to provide link redundancy from the access layer to the core layer, as shown in Figure 2. Please use Switch C as an example to briefly describe the configuration changes of the access layer and core layer.

figure 2

5.1.2 SwitchA and SwitchE form dual cores, link aggregation is used between switches, and STP or MSTP is used to avoid loops.

5.1.2.1 Answer explanation

Add a switch at position A as a link redundancy from the access layer to the core layer, thus realizing a dual-core switch. The following access layer devices need to use dual links to connect to Switch A and Switch E in the core layer respectively. Therefore, for the core layer configuration, two core layer switches need to be connected. You can consider using link aggregation to provide higher link bandwidth. The access layer switch needs to be configured with two communication links, which are connected to switch A and switch E respectively. Since there are redundant links, spanning tree protocol needs to be configured to avoid loops.

5.2 Briefly describe the configuration points for establishing an IPSec VPN tunnel between Router A and Router B.

5.2.2 Configure the IP address of the interface and the static route to the opposite end to ensure that the routes at both ends are reachable.

Configure ACLs to define data flows that require IPSec protection.

Configure IPSec security proposals and define IPSec protection methods

Configure IKE peers and define attributes for IKE negotiation between peers.

Configure security policies and reference ACLs, IPSec security proposals, and IKE peers to determine which protection methods are used for which data flows.

Apply a security policy group on the interface to enable IPSec protection on the interface.

5.2.2.1 Answer explanation

 To configure IPSEC VPN, you first need to ensure that the network is connected, so you need to configure the IP address of each interface and the corresponding route.

The second step requires configuring ACL and using ACL to control the traffic entering the IPSEC VPN tunnel.

The third step is to configure the IPsec security proposal.

The fourth step is to configure the lke peer.

The fifth step is to configure the security policy and associate the previously defined ACL, IPsec security proposal and Ike peer.

Step 6: Apply the security policy on the interface.

No matter how far the journey is, as long as you move forward step by step, you will reach your destination.

Guess you like

Origin blog.csdn.net/m0_63624418/article/details/133420879
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com