suggestions on network infrastructure

ibagur · Jan 23, 2014

Dear all,

I would appreciate your general advice on the following issue. Our organization, which previously was located in different offices is going to be temporary relocated to 4 pre-fab buildings in the same compound for around a year or so. The local network infrastructure has yet to be built and there is a budget limitation, specially regarding the cabling works. Basically what we have is:

- 4 pre-fab buildings (2 store each), very close to each other (5 meter gap among the buildings).
- Around 170 PC's, mostly desktops but also a few laptops. All of them need to be connected to the LAN, at least to make use of printers, file services and web applications in the server.
- 8 network printers (2 for each building)

It was decided a maximum of 90 network sockets ( the main building with 30 and the other 3 with 20 sockets each) to reduce the cabling installation costs. But as I mentioned before, now it seems around 170 computers have to be fitted.

For just the wired part of the network I have thought of the following:

- Cabling 5e, as it can still support up to 1 Gbyte
- 1 Smart 1 gigabyte network switch with 48 ports for the main building (or 1 smart 24 port plus another unmanaged 24 port). This will be installed in the main rack cabinet together with a patched panel, a server, a network attached storage, ups equipments and other usual stuff. This switch is the one that will be connected to the router-modem. It has to be smart in order to configure QoS, bandwidth limits, subnetting, etc.
- 3 unmanaged 1 gigabyte 24-port switched, one for each of the other 3 buildings, plus the correspondent patch panels, ups and cabinet
- Each unmanaged switch will be then connected to the main central smart switch with a 5e cable, as the max. distance from the further building is around 20m (the closest is 5 m).
- Also for each building there will be a wireless access point, as some of the users might use laptops (not many) and need to move around.

For the rest of the computer that need to be connected I do not know which will be the best solution:

- Either connect the remaining desktops to the wireless access points by using a wifi usb dongle
- Buy several small 5-port switches to place around the offices according to the PC's distribution.

In general, do you think the above approach is appropriate as a 'provisional' solution without having to spend too much? Thank you very much for all your suggestions.

Urumiko · Jan 23, 2014

ibagur :

hmmm it would depend on your plan for v-lans really? where will she switches go in the prefabs? do you want all users etc in the same v-lan?
This is just my opinion but I think I'd aim to have a core switch/stack in each cabinet and all ports wired direct to this switch stack. I'd then create a square so all core switches are connected in a ring via at least 2 cables, or a 10gig fiber, on each link (port channel), a full mesh between all switches if possible.

If there was enough budget id go for stacks of 48port Cisco 3750 switches and keep the core later 3, but this may be overkill for what you need.

I think the topology here is quite easy, but you need to think about things like vlans, access lists, routing, subnetting, traffic volumes, scalability, and stuff like that. Try and design what you need without specific hardware in mind.
Once you have a design with that kind of detail on it then you should be able to buy the cheapest hardware that will do the job.

If you know what the previous network was and how it performed this should give you an idea.

ibagur · Jan 23, 2014

Urumiko :

Hi Urumiko,

Thanks a lot for your suggestions. I give you a bit more details. In principle I was thinking in just subnetting, as there are 4 buildings and for each building all the resources will be connected to the switch on that given building. I mean, they won't need to access the printers from the other buildings. The only common resource they might need to access is the central file server and the internal web-based applications (some databases). The focus on budget limitation and hardware to be used is behind the following reasons:

- we are a non-governmental organization now based in a developing country where access to high-end technology is difficult and expensive...for example, Cisco equipment is very difficult to procure locally and we have to rely on other available lower-end equipment such TP-Link, which can be procured locally through some providers. Unmanaged switches are easy to find and probably a smart switch (mostly 24 ports, and 48 ports might be difficult). Fiber-optic equipment I do not even consider.
- it's a non-governmental organization and eventually the network maintenance will be done by people with good skills but not 'experts', so the network and the equipment has to be easy to maintain, preferably through a web interface (that's why I thought of one of those 'smart' switches that you can configure in a relatively easy way)

The traffic volume will be small, mostly email and almost no video but the occasional Skype use. Internet browsing will be restricted in order to block access to video, etc. and bandwidth download will be limited to the users (this could be done from the managed/smart switch). Scalability is not a problem as there are no plans for extra recruitment during the year or so to be spent in these provisional offices.

So the topology I was thinking is in fact very driven by the available equipment and technology. I summarized below:

Central building 1 (managed switch / file & app. server)
|
|___ Building 2 - subnet 2 (unmanaged switch <---- lan sockets + wifi AP)
|
|___ Building 3 - subnet 3 (unmanaged switch <---- lan sockets + wifi AP)
|
!___ Building 4 - subnet 4 (unmanaged switch <---- lan sockets + wifi AP)

Regarding what you mentioned here :

"This is just my opinion but I think I'd aim to have a core switch/stack in each cabinet and all ports wired direct to this switch stack. I'd then create a square so all core switches are connected in a ring via at least 2 cables, or a 10gig fiber, on each link (port channel), a full mesh between all switches if possible. "

Could you please elaborate a bit more? As I am not a network engineer, so my knowledge is also limited. Thanks again.

Urumiko · Jan 24, 2014

Hi,

No problem, Please remember that if you want to subnet, i.e have users on different vlans and ip ranges you will need at least one managed switch. You could get away without this if you are sure traffic will be light and you are not expanding much with this setup.

"create a square" I just mean that every building will be linked to at least 2 other buildings so that if a cable fails the traffic can take another route. For this to work though you need technology such as spanning tree protocol.

If you have to have un-managed switches then you will just be creating one big flat network, which will work, dont worry about it if that's all you can afford, it's just not good practice for various reasons.

The next best alternative would be to have one managed switch in your main building and have the other buildings hanging off that, then using the managed switch to put each building in its own vlan. Rember though that if you have multiple vlans and you want them to be able to talk to each other, you need to provide inter-vlan routing via a layer 3 switch or a router. (Google "Router on a stick), If that all sounds too expensive you are going to have to stay with a flat layer 2 network.

I mentioned port channels/ether channels, the open standards for this are IEEE 802.3ad, & IEEE 802.1ax, they allow you to connect multiple wires between the same two switches to increase the bandwidth. You can connect up to 8 cables, but your switch has to support it. To be fair if your traffic is light you wont need it, but again it means if one cable fails the other will continue to work.

I've only ever used cisco kit at work but I use the TP-LINK home products and they seem really good for the money

choucove · Jan 24, 2014

I might suggest looking into HP ProCurve switches. Much cheaper than similar Cisco switches and very easy to manage through a web interface on many of the manageable models. I've used the 1810 series switches for small businesses which need features like VLANs, link aggregation, etc.

As others have said, I'd recommend implementing a core, distribution, and access scheme for your infrastructure. Your core switch connects all primary internet services, including your default gateway/router to the rest of the network. This definitely needs to be a nice robust manageable switch as it is going to see the most traffic. From here, you will connection one switch in each building, this will be the distribution switch. To the distribution switch you will connect the rest of your network devices or additional switches connecting endpoint devices.

If you can only run ethernet cable to a small portion of your devices, then that means you will need to find a way to get the rest of them onto wireless. Given the number that need to operate wirelessly, you may need to implement several access points per building, not just a single one. Again, these access points will connect back to the distribution switches.

Utilize Link Aggregation (LACP) to connect multiple ethernet cables between the core and distribution switches. This will provide redundancy as well as improve throughput for all the network traffic going between the core and the end point devices. Keep in mind that if you want to utilize VLANs and may have more than one VLAN connected to any single one switch, that switch will need to be VLAN capable meaning it probably needs to be a manageable switch. Again, the HP ProCurve 1810 series is a great affordable switch that offers these features, but they are limited too. They're probably not going to work for a core switch, but on a budget they will work for your access and possibly your distribution switches.

ibagur · Jan 26, 2014

Dear Choucove and Urumiko,

Thanks a lot for your very helpful tips. I would probably try to find 4 affordable smart switches, one for each building. The HP1810 looks nice indeed for the price, also the TP-Link SG-2424 for that matter. I will see what can be procured here. Regarding the network design, I was thinking in creating 4 VLAN's, one for each building, which in fact they almost correspond to the physical LAN's, as for the moment the resources will be kept separate for each building (apart from the central file/app server, which must be accessible by everyone). Each building will have its distribution switch, and also in the central building the switch will act as well as core switch (if there is enough ports). So let's say something like this:

Lan Building 1 (central): 192.168.1.x
Lan Builiding 2: 192.168.2.x
Lan Builiding 3: 192.168.3.x
Lan Builiding 4: 192.168.4.x

- If I do supernetting, by using a network mask, for example 255.255.252.0, then I will not have to bother too much about the routing between the different VLAN's. What are the pro/cons for these option?

- If I keep the subnets, then either I need a Layer 3 switch for the core (in Building 1) or use the 'router on a stick' as suggested by Urumiko (assuming the router has VLAN support). I guess this option gives me more control on the different segments of the networks, but makes things a bit more complex in terms of management. What are the pro/cons? Can you suggest me an affordable router that can provide VLAN support?

- In any case, I saw that these switches do have SFP ports. The buildings are relatively close, as I mentioned before (max. distance between central building and furthest office around 30 meters). For the Link Aggregation in terms of performance..do you advice to use fiber optic cable? If I go for the fiber, apart from the LC cable itself, is it needed anything else to connect the switched via SFP? or can I go with the 5e / 6 standard ethernet cable linking through the 1Gb ports, at least for the moment, considering that the distance is not too big so I can reduce the budget (fiber optic is costly here)?

Thanks again.

choucove · Jan 27, 2014

If it is possible for you to run ethernet cable between buildings without going over 100 meters, then that is probably going to be your least costly option. Fiber optics would be the better bet for connectivity between nodes (you could run fiber all to your core instead of daisy-chaining due to cable length limitation, and fiber doesn't have attenuation problems with electrical interference.) However, it is more costly because you do have to run the fiber itself, then you also have to buy an SFP fiber optic transceiver for each end of the fiber cable which actually connects it into the SFP port on the switch.

Utilizing VLANs and routing between VLANs is personally what I would recommend. It is more secure to control and manage in the long run. You can use a router to do the actual routing between VLANs if you can't afford to put in a full layer 3 switch for your core. I've used Sonicwall firewalls to do this, setting up individual interfaces as default gateways for each VLAN to allow for the best throughput. I'm not really sure the best device for the size of business that you have, but there are tons of options out there to fit just about any need. There are other brands as well, of course, but keep in mind the fewer interfaces you have to work with the less network throughput you have as well really. Having four gigabit interfaces, one for each of your VLANs, may be much less of a bottleneck than trying to route all four through a single gigabit interface. A layer 3 switch has the added benefit of having several more network interfaces for connecting multiple devices, link aggregation options, etc.

ibagur · Jan 27, 2014

Hi choucove,

Thanks for your answer. I saw in the technical specifications that the HP 1910 switches provide with some layer 3 features including static routing and I might be able to procure one of those. You mentioned before that you had experience with that equipment. Do you think the HP 1910 switch could eventually allow me to handle the VLAN's interconnection? What I basically need is that any user from VLAN2, VLAN3 and VLAN4 can access the app server and network storage which in principle will be under VLAN1. Then use the HP1910 as core switch, and have cheaper smart distribution switches for each of the VLAN's.

Thanks.

choucove · Jan 27, 2014

I personally haven't used any of the HP 1910 series switches so I can't give you any firm information on that. I don't think that it has the true layer 3 functionality that you might need to route between VLANs but I'm not sure, perhaps something can be done with static routes to do that. Again, for all of the small business offices I've set up personally I have used an actual router or firewall for the routing between VLANs but they are also smaller office networks than what you are working with here.

Perhaps someone else has some input on those switches or some other recommendations for layer 2+/3 switches to suit that need.

ibagur · Jan 27, 2014

choucove :

Could you please recommend me some of the router/firewall models you have been using for the VLAN routing? I then can try to find similar equipment here based on those specifications. Thanks again for your tips!

bill001g · Jan 27, 2014

Normally if I use HP switches I use their managed procurve line but a 24port switch is over $1000. If I had to guess this switch should do what you need. It has only 8 routable vlans and only 32 static routes. That may be enough. Most layer 3 switches run actual routing protocols like OSPF or BGP but its not like you need that when you have only a couple of devices and no need for redundancy. These appear to also have a very limited ability to limit traffic. The procuve line has very advanced QoS abilities. Still I tend to like cisco switches like 3560g mostly because that is where most my experience is but these are very expensive compared to similar procurve switches.

I really wish HP had good doc on this switch. The key thing you look for a on layer 3 switch is what is called forwarding rate. All switches can switch packets at wirespeed. Not all layer3 switches can route at full speed. Normally they rate the backplane in packets/sec with a minimum packet size to show you worst case throughput.

Another option will be to buy refurbished cisco gear like the 3560g. If you buy from a authorized cisco seller you can even put these on a service contract.

If these have good forwarding rates I am going to bet they are enough to meet your needs. Still I would guess the forwarding rate is going to be many gigbit/sec when you convert packet/sec to bit/sec

choucove · Jan 28, 2014

The Sonicwall TZ 215 is one firewall that we have used at a couple locations that might fit your needs. There are seven configurable gigabit interfaces, so that's plenty of room for VLANs etc. but I don't know overall total throughput if it would be right for handling your office size or if you would need something a little more robust then that perhaps. Bill001g is also giving some good suggestions above. If you can find some way of getting some refurbished units of HP or Cisco gear there can be some great pricing advantages.

Search

suggestions on network infrastructure

ibagur

Honorable

Urumiko

Distinguished

ibagur

Honorable

Urumiko

Distinguished

choucove

Distinguished

ibagur

Honorable

choucove

Distinguished

ibagur

Honorable

choucove

Distinguished

ibagur

Honorable

bill001g

Titan

choucove

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page