Capstone Assignment Paper Help-Design and Implementation

pressays

Capstone Assignment Paper Help-Design and Implementation

Objectives

In this Capstone Project activity, you will demonstrate your ability to:

  • Design and implement an addressing scheme that fulfills the requirements.
  • Configure, verify, and secure point-to-point serial connections.
  • Design, configure, verify, and eBGP and other routing as required.
  • Implement QoS, IPSLAs, and NAT.
  • Configure, implement and verify ACLs as required.
  • Create detailed design documentation for your proposed network.
  • Implement an operational network based on your network design.
  • Explain your implementation and demonstrate its operation.
  • Produce documentation of your testing and network configuration for use by others to maintain and expand the network.

Required Resources

  • Use the equipment available in H-218 and H-166B. You will be able to complete this capstone using the equipment in 1 pod. Solutions done in Packet Tracer will NOT be accepted, they will be graded with a mark of zero.
  • Computers, (as needed) connected via network cable will be required to complete testing. This is expected to be 2 laptops plus the pod workstation.
  • Word processing software. Microsoft Word is a good option but any equivalent is acceptable (LibreOffice, etc).
  • Diagraming software. Microsoft Visio is a good option but any equivalent is acceptable (LibreOffice Draw, Lucidchart, etc.) Diagrams from Packet Tracer are NOT acceptable and will be graded with a mark of zero.
    • Ensure that you use the appropriate icons / devices / media type(s) in your topology diagram – marks will be deducted for non-standard representations.

Miscellaneous Notes

  • In this capstone, replace all occurrence of ‘xx’ with your two digit group number (i.e. if you belong to group 1, and the project ask you to assign the BGP AS # of 123xx, you will configure it as AS # 12301).
  • For the capstone, where appropriate, you are allowed to utilize loopback interfaces to simulate LAN segments.

Part 1 – Design

Scenario

You are a networking systems consulting and have been hired by Galaxy Communications. This Ontario based company has recently acquired the Coquitlam, BC based company Paramount Solutions.  Galaxy Communications has hired you to help them create an integrated network between the two operations as well as helping implement their network in Toronto to allow their data centre to be installed down the street from its current location where they have acquired space more appropriate for the data centre. Galaxy Communications has a gigabit connection connecting it to the Data Centre using a private address space of 192.168.100.0/29.

Despite the small size of both Galaxy Communications and Paramount Solutions, each company has successfully applied for, and received an autonomous system number for their company. Galaxy Communications has been assigned the AS 65090 for use at the Data Centre and Paramount Solutions is assigned the AS 65xx1.  Galaxy Communications is using the public address space of 196.20.4.88/30 to connect with Paramount Solutions. The two routers should be able to authentication with each other, utilizing both a secure authentication and (in the case of failure) clear text authentication.

Internally, Paramount Solutions is allocated the public address space of 196.1.xx.128/27 and 196.1.xx.160/27 for hosting its web servers. Additionally, it has two serial connections which should be setup to operate as single logical connection connecting it to the Data Centre, this connection is utilizing the publically routable space of 196.20.4.80/29. To meet with the security requirements at Data Centre, the serial connection must be authenticated using secure authentication with prevention against password replays. You have been asked to suggest a sufficiently strong password for this authentication. Paramount Solutions will do route peering with the Data Centre via eBGP.   2

All systems in Galaxy use private IP addresses in the 172.16.xx.0/20 space.  The relocation of the data centre to a new facility has provided the company with an opportunity to redesign their IP address layout, devices located at the Data Centre will be using the address space of 192.168.xx.0/24.  Galaxy has three LAN segments capable of accommodating 200 (referred to as LAN 1), 60 (LAN 2), and 100 (LAN 3) hosts per segment at Galaxy; and an additional 3 LAN segments capable of accommodating 14 (LAN 4), 100 (LAN 5), and 60 (LAN 6) servers at the data centre.  As part of your project, you have been asked to allocate the space in a logical manner with an explanation of why your design would be good for the company and how you will implement it. Assign the last available IP address for all LAN networks.

Configure a PC to emulate a web server with the address space 192.168.100.1/29. To provide remote access to this server, ensure network address translation is configured correctly utilizing the address pool 198.10.xx.0/30. Because of lack of availability, only 2 public addresses can be made available to support all the planned devices at the Data Centre. Utilize the public address space of 199.11.xx.0/30 for the address translation. You are required to setup address translation to a single address for all devices located on LANs 5 and 6 respectively, do not configure address translation for servers located on the LAN segment 4. To allow connectivity to the Galaxy Segments from Paramount segments you are required to configure Network address translation utilizing the public address space of 199.10.xx.0/24, advertise the 2 LAN networks associated with Paramount through a routing protocol of your choice.

Configure 2 PCs to emulate Application Servers located on Galaxy and Data Centre respectively, these should utilize the address space of 210.10.xx.1/30 & 210.11.xx.1/30 respectively.  In order to ensure that the company is aware of problems with the connection to and from the Coquitlam office to the data centre they wish to use two IP SLAs to monitor connections. The first connection should ping the Application Server located on the Data Centre router every 10 seconds – this path should be utilized as the preferred path to access the Web Server from Coquitlam.  The second connection should ping the Application Server located on the Galaxy router every 30 seconds – this path should be used as the alternative path.

The data centre needs to ensure that SSH connections to the servers are able to get through even during periods of high load.   To achieve this, the data centre router will set outbound ssh traffic with a priority of 6 to the Galaxy Communications head office.  Similarly, traffic from the Web Server should have an increased priority level of 3, set by the data centre router outbound to Paramount Solutions.

For this project, you are required to setup BGP between the Paramount Router (name ParamountSlts) and the Data Centre (name DCntrON).  You are required to setup 2 loopback interfaces that are advertised by BGP.

Loopback128   196.1.xx.128/27 (use last IP as interface address)

Loopback160   196.1.xx.160/27 (use last IP as interface address)

Bonus: advertise the single smallest block into BGP that covers both loopbacks instead of advertising the individual blocks.

The Paramount router should be able to reach LANs 5 and 6 via BGP advertisements.

Design Documentation Requirements (40% of grade):

  1. A complete network topology for your network including port assignments, IP addressing, routing protocols used on each link including AS numbers.
  2. A full explained network addressing scheme.
  3. Documentation of where QoS will be implemented and the logical rules of how traffic will be prioritized, including and explanation of which router will do the QoS processing and why.
  4. Detailed documentation of what network address translation will be performed, including what router will perform this translation.

Design Documentation for Part 1 must be submitted in DC Connect by Friday, March 16th at 11:59pm. No Extensions – No Exceptions.

Part 2 – Implementation

Implement the network you have designed.

The client has provided additional details to assist as you configure the network.

  1. Galaxy and the Data Centre routers should be considered an extended LAN environment, hence you are required to advertise directly connected networks (including Loopback addressing) using the wildcard mask between Galaxy and the Data Centre using a routing protocol of your choice.
  2. Disable automatic summarization.
  3. Modify the bandwidth of the interfaces as appropriate.
  4. Devices located on LAN 4 should only be accessible to Galaxy users.
  5. Paramount should be able to contact LANs 5 & 6 through their publically assigned address space.
  6. LANs 1 – 3 associated with Galaxy should be accessible to Paramount via their publically assigned address space.

Configure network security to the client requirements

  1. Configure all passwords as encrypted.
  2. Require a username and password for all logins to routers, regardless of source.
  3. Restrict access to the console connection.
  4. Restrict access to the VTY connections.
    1. Allow SSHv2 connections only. (Use the company domain GalaxyCommunications.ca)
    2. Allow telnet connections to the Data Centre to originate only from the Galaxy centre network.
  5. Disable all AUX port access.
  6. Configure an appropriate banner warning.
  7. Only allow web requests initiated from within the Paramount network through – all other web requests should be denied entry.
  8. Only allow the Galaxy Application Server to FTP access to the Data Centre.
  9. Do not allow the Data Centre Application Server access to the Galaxy Application Server.
  10. Only allow the last IP address from LAN 1 and LAN 4 to ping the Web Server.

Verify the network.

  1. For testing you will need to use 3 machines.
    1. A machine emulating the Application Server connected to the Coquitlam Router via Gigabit Ethernet.
    2. A machine emulating the Application Server connected to the Ontario Router via Gigabit Ethernet.
    3. A machine emulating the Web Server.
  2. Validate connectivity between all networks and devices. Document what was tested and explain why this should full connectivity.
  3. Validate dynamic routing functionality by provides the appropriate routing tables and traceroute outputs. Use at least five commands to verify dynamic routing configuration.
  4. Verify IP SLAs have the desired effect.
  5. Verify and document that all security restrictions have been correctly implemented.
  6. Verity and document that the QoS rules are detecting and classifying traffic correctly.

 

 

Final Documentation Requirements (60% of grade)

Submit the following files:

  • For each router and switch, the final configuration of the device as a DEVICENAME-cfg.txt file where DEVICENAME is the name of the device.
  • For each router, the output from ping testing showing connectivity to all other networks. Filenames DEVICENAME-pings.txt
  • Complete output documenting the BGP routing functionality from the Data Centre and Coquitlam routers. Filenames DEVICENAME-routing.txt
  • Provide appropriate documentation of network connectivity testing.
  • Provide appropriate documentation of security restrictions testing.
  • Provide appropriate documentation of IP SLA policies testing.
  • Provide screen shots of web server / application server configuration.
  • Provide appropriate documentation that the QoS system is correctly flagging and processing packets according QoS rules.
  • A complete network topology for your network “as built”
  • A full explained network addressing scheme.

Final Documentation for Part 2 must be submitted in DC Connect by Friday April 20th at 11:59pm. No Extensions – No Exceptions.

 

Please follow and like us: