FOSS Network Infrastructure and Security/Network Planning

A network in any computing environment is always a long-term investment. It is imperative that proper planning be done before going all out to deploy a network. A few pointers on network design and development are given below.

Network Planning Basics

Capacity: Plan for at least two to three years

Infrastructure: Build for at least one year

Business Models: Look after the next quarter

As illustrated above, there are three factors to consider when planning a network. The first is capacity, both in terms of bandwidth as well as human resource. Second, you need to consider the infrastructure that you need to build to support the capacity. Ultimately, your network is good only for as long as it can help you meet business needs and costs. For both service providers and non-profit organizations, planning should be for at least two to three years. However, at the same time, the infrastructure should be able to handle at least another year of operation.

Major Considerations

Here are some more points to consider:

• Identify the components of a LAN/WAN and determine the type of network design that is most appropriate for a given site.
• Identify the different media used in network communications, distinguish between them, and determine how to use them to connect servers and workstations in a network.
• Differentiate between the different networking standards, protocols, and access methods, and determine which would be most appropriate for a given situation.
• Recognize the primary network architectures, identify their major characteristics, and determine which would be most appropriate for a proposed system.
• Identify the primary functions of network operating systems and distinguish between a centralized computing environment and a client/server environment.
• Determine how to implement and support the major networking components (including the server, operating system and clients), and propose a system for adequately securing data on a given LAN and protecting the system’s components.
• Distinguish between LANs and WANs, identify the components used to expand a LAN into a WAN, and determine how to implement an appropriate modem in the larger LAN/WAN environment.
• Identify strategic LAN support tools and resources, and determine how to use these in troubleshooting basic network problems.

Services Planning

Mail

Choose a reliable MTA, but at the same time be cautious about spam, as it is a big headache.

Make redundant servers.

Separate user servers from real servers.

DNS

Use the latest BIND releases.

Plan nomenclature properly, but do not make it too obvious.

Redundancy is most important.

Arrange to host alternative DNS servers at off site/multiple locations.

User Services

E-mail access – POP, Web.

Web access.

Transparent caching/proxy.

Core Services – Infrastructure

Multi home: try to buy bandwidth from an IX facility.

Buying capacity is cheaper than managed capacity.

Plan to peer with other ISPs as much as possible.

Routers

Use loopback address in a separate subnet.

Use the lookback address as RouterID.

For core routers, memory is important.

For edge routers, ports are important.

Take configuration backups regularly.

Switching

Switching capacity is never enough. Invest in large switches, if that is what you will need in future.

Use VLANs to separate different groups of machines/networks.

For backbones, gigabit Ethernet is now more commonly used.

Backbone

Switched vs. routed backbone.

The same decisions apply as in LAN connections.

The backbone itself can be switched, and the traffic between different subnets can be routed.

Switching has its advantages if there is large local broadband use.

Branch Offices

Branch offices (BOs) need to be planned well in advance.

BOs tend to grow faster than you think they will.

Basic considerations for BOs.

Multihoming.

Distributed user services.

Authentication/remote management.

Hosts

Core services.

Use separate servers for separate functions.

1U servers are more manageable and also consume less power and space.

Use standardized platform as much as possible.

Using FOSS

In an integrated environment, FOSS tools are used alongside proprietary software and tools. This is a common scenario, but when it comes to network infrastructure, resources and security, FOSS provides an established and proven track record as the best software choice available in this area. In a networked environment, the ability to quickly diagnose and solve problems is critical. Experienced network administrators know that 80 percent of all network-related problems have to do with cabling and physical problems. Many problems can be minimized by using the best software in each category and, today, as argued above, the best software in most cases are FOSS.