Network Capstone Project: Worklog & Reccomendations

K

Kaos

[H]ard|Gawd
Joined
Oct 14, 2003
Messages
1,328
Hi,

Im coming up on finishing my degree in computer networking and have to finish my capstone project. Traditional students have been given a theoretical 1.5 million dollars to finish a single site. My instructor has raised the bar and given us 1 million for 5 sites. We are however allowed to find grant programs and programs where companies donate systems (like apple does frequently).

I am currently on the floor layout section, which has its benefits...we are not to be charged for actual building costs at all and can design the building to our liiking. So the MDF is centralized in my design instead of having lockable racks in each of the 4 computer labs they are going to be located around the midf in a sort of plus sign, all racks are located in the mdf and there is security windows in each of that labs that teachers can unlock to gain access to the switches & patch panels for the respective lab.

heres the rough draft of the floorplan thus far, i shaded the areas in the mdf where the racks will be placed near the teachers desk for access to the security window.
further on different versions of this will progress for different needs (fiber runs, wap's etc...)
AlphaTeamFloorLayout.jpg



next i will be "buying" cable and racks and terminating equipment, which I do that for a living so im pretty sure ive got that covered.

after that is network hardware (switches, routers etc) this is probably where im going to save money. The teacher is trying to show us we dont have to spend a ton of money to get something working correctly and efficiently, which i respect.

My first question to those who have dealt with enterprise or volume level networks, would you trust your network to a monowall/smoothwal etc...firewal/router. It would be on some form of 1U rack server which i have yet to pick. So...would you trust it? Or maybe i should roll with something from imagestream? switches ive found a source for with a good price Cisco 1900 series for about 80 bucks a pop. I just need to figure out the router side of things...ill go with 2600's if need be but i wanted something with a little more flexibility than a router thats already starting to age.
 
Have you come up with a router budget yet? I'd throw out "Sonicwall", but they are mid priced and it looked like you might be trying to go cheaper than that. Just curious... nice layout too :)
 
we'll put it this way, i need 5 routers for the actual wan and 5 for the cisco rack (those are 2600's)

so i need 5 routers: and im willing to drop about 10,000 for all 5 or 2,000 each. I figured i would og with a linux derivitave so i can get more bang for the buck, i know there are distros like quagga which mirror the cisco commands pretty closely, but i wanted some pro's opinions.
 
The only requirement is that i do all five sites within the budget. Other than that i can do whatever i want as long as all services are located onsite etc..(no offsite hosting etc..)
 
Well, I've been a big fan of the Sonicwall stuff. We're authorized partners, etc... The 2040 is about $1750 or so and is pretty up to date and sophisticated. It can also have addons for spam, AV, etc... Just my opinion.
 
Do you have any special requirements for the routers?
Are the sites going to be a private WAN or VPN?
Do WAN connections factor into your cost? (they should...)

The telco will likely give you routers for your sites. You just need to evaluate if it would be cheaper to do a private WAN or VPN.

The Cisco 1841 Integrated Services Router (ISR) with a T1 WIC lists for $2400. You can probably knock quite a bit off of that, though. Especially if you're simulating EDU price breaks. The non-T1 version is $1400. I think the 1841 can support 2 T-1's.

The 2800 ISR's are nice too. They start right around $2000 I think.

The PIX is an option too if you dont need advanced stuff like QoS and advanced routing support. You could put a 506e at each site for less than $1000, and a 515e/ASA 5510/Router at the HQ. I dont think an ASA at each site would be within your budget unless you get a phenominal discount.

Anyways, those are my thoughts. Hope it helps.
 
I was already considering a PIX...i just wanted others opinions. Yes circuit connections are a part of the project..im just using a frame relay circuit for the 4 other locations into the main location which will have...either a t1 or t3 (comes down to cost, but id go for the 3)

im not down to the wan section completely but im trying to square away the hardware in the main rack @ the locations.

i was thinking pix just because itll do the routing as well as the firewall, then go with a linux ids maybe.
 
The only consideration with doing a PIX is like I said above...no advanced routing, and limitations on some other features. Right now, the 506e cant do any QoS. When it gets 7.0, it will have some abilities to do QoS...but "when" is still very unknown at this point. QoS is pretty much a requirement if the sites are going to be doing any Voice or Video over IP. With the way EDU's are evolving, you can pretty much bet that they're going to want to do some distance ed using video, and they're gonna want to use the infrastructure already in place. Keep that in mind.

I'd call around and get some pricing on the ISR's and the ASA. With the EDU discount you might be able to get them down low enough to be a possibility.

Otherwise the PIX and a snort box sounds pretty good.

Also, are you just gonna use squid for content filtering?
 
yeah...free is a good price for a proxy :)

Im using as much open source as can be without adding headaches to the business plan side of things.

the only voice at the sites will be run internally at the site (no intercommunication at first other than pots unless i have more monely left over) internal comm is through asterisk with ip softphones.
 
This sounds like an interesting exercise. So are each of the 5 sites identical in layout and requirements? Here are a couple things that come to mind when I'm thinking about the WAN:

1. Are you going to need to have a central file server that all the sites connect to? Or will each site have there own? Basically what are the requirements for cross-site traffic?

2. Are you responsible for purchasing/setting up all the computers that are shown in the diagram? If so then it seems like that will be one of the major costs.

3. Looks like you are going to need some WAP for the couch areas.

4. One thing always to remember is that you have to maintain whatever you build. I don't know how your instructor is grading you, but I hope that he/she is taking into account the long term maintenance plans in your plan.

5. If your business requirements are fairly simple then I think open source firewalls/proxys are the way to go. However, if there is alot of different applications at each site that require different permutations of firewall/proxy rules then you might want to look into a more "intuitive" firewall/proxy commercial application with commercial support. Again it all comes back to the maintenance, IMHO.

6. I think someone mentioned this, but what about VPN? Then of course email/web servers. And don't forget the backup solution!

Keep us posted on the assignment. Looks like a fun one... ;)

Ryan
 
for a *free* highly configurable router or firewall i would recommend OpenBSD. adding on things like pfsync, carp, openbgpd, etc you are going to be able to build a higher class of firewall or router than you could probably afford to buy. also, when i say "add on" i really mean "use things already built in."

on top of that you can use them for proxying basically any major type of application (http, ftp, smtp, etc) with added software like squid, ftp-proxy, postfix, etc.

if you want to upgrade to dual WAN connections to each site for redundancy it is not going to cost you extra for the EX model. if you want unlimited VPN connections it is not going to cost you more than the model that supports up to 50 VPN connections. all you have to pay for is the hardware to install this on.

i dunno, i just think if you're considering linux distros you should consider openBSD as well. i've been using one of those linuxes for about a year now and have recently fallen in love with openBSD again. despite the shiny GUI on those things BSD is still just easier to use.
 
big daddy fatsacks said:
for a *free* highly configurable router or firewall i would recommend OpenBSD. adding on things like pfsync, carp, openbgpd, etc you are going to be able to build a higher class of firewall or router than you could probably afford to buy. also, when i say "add on" i really mean "use things already built in."

on top of that you can use them for proxying basically any major type of application (http, ftp, smtp, etc) with added software like squid, ftp-proxy, postfix, etc.

if you want to upgrade to dual WAN connections to each site for redundancy it is not going to cost you extra for the EX model. if you want unlimited VPN connections it is not going to cost you more than the model that supports up to 50 VPN connections. all you have to pay for is the hardware to install this on.

i dunno, i just think if you're considering linux distros you should consider openBSD as well. i've been using one of those linuxes for about a year now and have recently fallen in love with openBSD again. despite the shiny GUI on those things BSD is still just easier to use.
Click to expand...

Have you been using that in a business environment?
 
I have been using a linux based firewall in businesses. I have been using IPCop, both as a primary firewall, and as a secondairy firewall. In one business it is used in the DMZ to protect some Windows Servers. In other business I work with it is used as thier primary firewall.

I have also worked with the Sonicwall Firewalls and they are also pretty nice.

For Routers you could look at Enterasys, I have a client that has three of these. One at the corporate offices with two T1 WICs, and another at thier two remote sites, that connect back to the one at the corporate office. The Enterasys was cheaper than Cisco routers, and came with a 3 year warrenty and support out of the box.

With Cisco you have to make sure you get a smartnet contract, otherwise if you have a hardware issue after 90 days you are screwed.
 
$1,000,000? Can you say overbudgeted? Can you say 'cakewalk'?
 
shade91 said:
$1,000,000? Can you say overbudgeted? Can you say 'cakewalk'?
Click to expand...


I would say it would depend on the scope. If you are talking adding in servers, and other network services, for 5 sites it could go higher than $1M. Are we talking 5 users per site? 500? 5,000? Beyond that you are going to have more network ports than users due to conference rooms, meeting rooms, and people that need more than one network or phone jack.

I have 70 users, but I have 148 network ports. My network setup if I had to redo it right now would run $22,000 just for equipment. Network pulls are around $30 per so that is $4,500 just for network (I contract out, so this may be lower if you were doing it in house). So double that to addin the phones. Servers would run me another $150,000, so I am up to around $180,000 for a network for 70 users. So $640,000 for 5 sites each configured the same. I can see hitting $1M for 5 sites depending on network services needed at each site and total number of people per site.

BTW best bet is to CAT5 everything to a universal punch panel. Then take it from there to the phone system or network. Trust me on this one.
 
shade91 said:
$1,000,000? Can you say overbudgeted? Can you say 'cakewalk'?
Click to expand...
With all due respect i dont think you are qualified to make that statement.
let me take a walk down doing things in all legality from a schools standpoint.
there will be 200 windows pcs at each site (5 sites)

All racks
all cabling, jacks, patch panels
patch cables
switches
routers
csu/dsu's
frame relay * 4
t1/t3 @ main site
school wide WAP coverage
network printers
battery backups
plotters for CAD students
1000 windows boxes, with removable drive frames for students to have removable trays
monitors for all pc's
hard drives for the students removable drives
15 Apple PC's for multimedia classes (most likely imac g5's)
15 laptops for instructors per site (75 total)
licensing for adobe software for all pc's in the MM lab (win + mac)
licensing for 3dsmax
licensing for visual studio
licensing for ms-office (including visio)
cals for all the windows boxes.
the main site has to have file,ftp,mail, web servers (all have to have some degree of redundancy)

i bet im missing more but ive been fighting with a vpn server @ work all day and im kinda grumpy.

i have a 6 page drill down that guides my RFQ, i wouldnt call this an easy task
 
Kaos: Keep us posted on what you do, and what the outcome of the project is. I am mildly curious.

With my previous post, I didn't even take into account new desktops and software and such for the clients. I was just going off the server room. Geez. Since 90% of my users are laptops we are looking at another $130,000 to add to my already $180,000 for the network. And that doesn't include the desktops, and any specialized software. That $130K was just for the laptop, and Office 2003. Eww....
 
Do you have to factor in the cost of the CAD plotters? (and licensing of Microstation/AutoCAD/etc?) or is that just a "your network must support this" requirement?


Keep on Folding!! For the [H]orde!!

 
With the size of those installs, I would not go with a 1900 switch, even as an access layer. I don't think you can even get hardware support for those anymore, so you would have to keep spares on hand. I would go with something bigger, preferably something with some built in redundancy. Something like a pair of Cat4500/5500s with dual sup modules could provide enough switch ports for the entire building, and provide easy addition or change of features.

EDIT: Or heck, why not 5500s with RSMs. Sure, its a little old, but as far as I know you can still get RMA support for them (we do) and then you don't need a seperate router.

For routers, I would say forget about a 2600. It really wasn't intended for installations of this size, unless there isn't hardly any WAN traffic. I think a good choice would be a 3640. I know it will support an office with several hundred users.

I work almost entirely with Cisco gear all day, so there may be other vendor solutions that provide a better cost fit for the project, but Cisco is what I know.

As far as the firewalls, as long as the hardware can support the # of connections you need, I can't see why smoothwall or monowall wouldn't work. After all, checkpoint is just a software app running on top of selected hardware.

For WAN, I would just go frame or ATM PVC all around. No need for a lease line anywhere (I think you mentioned that at one point).

For a 1000 user infrastructure including the user machines, this is going to be a tight budget. Good luck with that. Make sure to research and factor in that big companies and schools get huge price breaks on volume orders. I believe we get our dell workstations around 40% off list. Because for just your PCs, assuming you can manage to get them for 300 bucks each (perhaps a stretch) you just ate up 300k. Ouch.

Good luck.
 
Heres an update:
I am no longer in charge in the group for purchasing systems. not sure how I feel about that at this point. Thus far Im the only one doing work, but I am now fully in charge of all networking. :) which is fine because thats my realm anyways.

Im going to ask my teacher if i can source a single price on a switch on ebay can i just replicate that sale. My boss just got an enterprise netgear switch for the rack at work

16ports w/2 fiber ports
all ports are gigabit
switch is managable & gigabit: $150 shipped...ill replicate the hell out of that in a hearbeat. for all of the sites. its worth it alone for the upgrade paths that can be taken. since it supports vlan...administration network is easily separated.

then the backbones can be all fiber as well :)

on to the new diagrams! nothing is set in stone but heres an idea of whats cooking

WAN Links (this is still very up in the air)
I know im doing a frame circuit from each site to the main campus.
And i think t1 will suffice for outside connection
DSL is the "oh shit the frame went down" backup vpn link (full mesh capability)
anyways i still have 11 weeks to figure it all out:
WAN_r1.jpg


finished school layout (no ap's cable runs in this revision)
AlphaTeamFloorLayoutMedium.jpg


The basic MDF layout:
MDF_layout_r1.jpg


The basic "lab rack" setup: IT lab might get a bit more since this is more along their line of study, but just a basic sketch:
LAB_rack_r1.jpg


Regular (not CAD) layout: to answer the previous question..ive gotta purchase plotters as well....:(...but im not in charge of that, and if the others drag their feet im using the money first :)...not really but it would be nice.
LAB_r1.jpg


let me know what you guys think.
 
Hi, interesting post.

Silly question. For curiosities sake, in reality how many miles of cable would you need to complete your project?
 
well 5.25 boxes of cable is a mile...im looking at maybe 50-60 boxes of cable for all 5 sites including AP pulls, backbone cables..etc.

around 10 miles total is an estimate.
 
You must log in or register to reply here.
Back
Top