FOSS Network Infrastructure and Security/Network Planning
Foreword — List of Abbreviations — Introduction to FOSS and GNU/Linux — Network Concepts and Architectures — Major Networking Functions with FOSS — Security Functions with FOSS — Network Planning — Further References — Glossary — About the Author — Acknowledgements — About APDIP — About IOSN
A network in any computing environment is always a long-term investment. It is imperative that proper planning be done before going all out to deploy a network. A few pointers on network design and development are given below.
Network Planning Basics
[edit | edit source]Capacity: Plan for at least two to three years
Infrastructure: Build for at least one year
Business Models: Look after the next quarter
As illustrated above, there are three factors to consider when planning a network. The first is capacity, both in terms of bandwidth as well as human resource. Second, you need to consider the infrastructure that you need to build to support the capacity. Ultimately, your network is good only for as long as it can help you meet business needs and costs. For both service providers and non-profit organizations, planning should be for at least two to three years. However, at the same time, the infrastructure should be able to handle at least another year of operation.
Major Considerations
[edit | edit source]Here are some more points to consider:
- Identify the components of a LAN/WAN and determine the type of network design that is most appropriate for a given site.
- Identify the different media used in network communications, distinguish between them, and determine how to use them to connect servers and workstations in a network.
- Differentiate between the different networking standards, protocols, and access methods, and determine which would be most appropriate for a given situation.
- Recognize the primary network architectures, identify their major characteristics, and determine which would be most appropriate for a proposed system.
- Identify the primary functions of network operating systems and distinguish between a centralized computing environment and a client/server environment.
- Determine how to implement and support the major networking components (including the server, operating system and clients), and propose a system for adequately securing data on a given LAN and protecting the system’s components.
- Distinguish between LANs and WANs, identify the components used to expand a LAN into a WAN, and determine how to implement an appropriate modem in the larger LAN/WAN environment.
- Identify strategic LAN support tools and resources, and determine how to use these in troubleshooting basic network problems.
Services Planning
[edit | edit source]Choose a reliable MTA, but at the same time be cautious about spam, as it is a big headache.
Make redundant servers.
Separate user servers from real servers.
DNS
Use the latest BIND releases.
Plan nomenclature properly, but do not make it too obvious.
Redundancy is most important.
Arrange to host alternative DNS servers at off site/multiple locations.
User Services
E-mail access – POP, Web.
Web access.
Transparent caching/proxy.
Core Services – Infrastructure
Multi home: try to buy bandwidth from an IX facility.
Buying capacity is cheaper than managed capacity.
Plan to peer with other ISPs as much as possible.
Routers
Use loopback address in a separate subnet.
Use the lookback address as RouterID.
For core routers, memory is important.
For edge routers, ports are important.
Take configuration backups regularly.
Switching
Switching capacity is never enough. Invest in large switches, if that is what you will need in future.
Use VLANs to separate different groups of machines/networks.
For backbones, gigabit Ethernet is now more commonly used.
Backbone
Switched vs. routed backbone.
The same decisions apply as in LAN connections.
The backbone itself can be switched, and the traffic between different subnets can be routed.
Switching has its advantages if there is large local broadband use.
Branch Offices
Branch offices (BOs) need to be planned well in advance.
BOs tend to grow faster than you think they will.
- Basic considerations for BOs.
- Multihoming.
- Distributed user services.
- Authentication/remote management.
Hosts
Core services.
Use separate servers for separate functions.
1U servers are more manageable and also consume less power and space.
Use standardized platform as much as possible.
Using FOSS
[edit | edit source]In an integrated environment, FOSS tools are used alongside proprietary software and tools. This is a common scenario, but when it comes to network infrastructure, resources and security, FOSS provides an established and proven track record as the best software choice available in this area. In a networked environment, the ability to quickly diagnose and solve problems is critical. Experienced network administrators know that 80 percent of all network-related problems have to do with cabling and physical problems. Many problems can be minimized by using the best software in each category and, today, as argued above, the best software in most cases are FOSS.