This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Build a Wide Area Network Environment to share the information and data for a company. MPLS (Multi-Protocol Label Switching) is a simple and efficiency method to make up a connection between different location to fulfill the customer request, it also provide the secure private channel within both network. so can share the information between two(or more) location
Base on the diagram, some network device must perform to meet the final target
3Com 4200 26-port Switch, This 26-port Ethernet switch combines wire speed Layer 2(Data Link Layer) switching with easy installation and exceptional reliability, and this switch included 24 (10/100) port, provide for the desktop and workstation computer, and still have 2 (10/100/1000) uplink port, can be use for Gigabit Ethernet backbone and server connections.
Juniper Netscreen SSG5 Firewall, This firewall provide security function, mainly protect connection between Wan / Lan, the function included ( IPSec VPN,IPS, Protect hacking, web filtering, spy software, junk mail ) and also can control and filtering the data from the wan to lan, or lan to wan. And the firewall operate at different layer in the OSI model, the lowest layer in the firewall can work in layer 3(Network Layer), This layer is Care with routing packets to their destination, In this layer , firewall determined whether the packet is from trusted source, but is impossible to understand what contain in the packets, Firewall that operate at the Layer 4 (transport layer) know a little more about a packets, in this layer, firewall start to able to deny or grant access, At the Layer 7 (application level), firewalls can be very easy selective in granting access.
Cisco 7200 Router, mainly function provide the routing for the packet that arrive at its ports, and a router take a routing decision for each of the packet that arrives at its port base on the Routing Tables, In the OSI model it work on Layer 3 (Network Layer), this model also support Layer 2 frame and cell to be direct across an MPLS, for e.g. "Ethernet Vlan, Frame Relay, PPP, HDLC, ATM cell relay".
Cabling ïƒ Category 6 cable, it provide the function is the connection between workstation and computer and all the network device inside the lan, The cable provide performance up to 250MHz and it comptable with 10Base-T, 100BASE-TX, (Fast Ethernet), 1000BASE-T / 1000BASE-TX (Gigabit Ethernet) and 10GBASE-T (10-Gigabit Ethernet).
For the both Site local area network will be using Ethernet IEEE 802.3 standard (Fast Ethernet 802.3u, 100BASE-TX uses 2 pairs in CAT5(e)UTP Cable at 12Mhz 4B/5B encoding), IEEE 802.3 is a collection of IEEE standards defining the Layer one (Physical layer) and Layer two (Data Link Layer)'s Media access control of wired Ethernet. This is generally a Lan technology. Physical connections are made between nodes and/or infrastructure devices (Switch, Hubs, Bridge,Router) by various types of copper. The Ethernet system including three basic function.
The physical medium delivery Ethernet signals between computers
allow many computers to arbitrate pass over to the Ethernet channel
a Ethernet frame that consists of a set of bits and delivery the data over the system .
The IEEE identifiers also include 3 information.
"100" stand for the media speed "100-Mbps"
"BASE" stand for "baseband," which is a type of signaling. means that Ethernet signals are the only signals carried over the media system.
Identifier provides an indication of the segment type
"TX" means twisted-pair that uses two pairs of CAT6 Cable wires and is based on the data grade twisted-pair physical medium standard developed by ANSI.
"T4" means twisted-pair that uses four pairs of CAT6 Cable, telephone-grade twisted-pair wire.
"FX" means fiber optic link segment based on the fiber optic physical medium standard developed by ANSI and that uses two strands of fiber cable.
The TX and FX medium standards are collectively known as 100BASE-X.Â
CSMA/CD (Carrier Sense Multiple Access with Collision Detection) standard to transfer the frame (data),
The data transfer procedure without collision case
Frame (Data) ready to transfer
Automatically check the connection is it idle? If not wait until it become ready
Start to transfer.
Is it collision occur If yes, then wait random time and go back to step 1, otherwise go to step 5
Reset retransmission counter and end the frame (Data) transmission.
This can be likened to what happens in a Party, when someone want to start a topic (Talk), at lease will check is it anyone are talking? (checking connection is it available?) If no, then he/she can start to talk (start to transmit), if two people speak at the same time, then both with stop and wait for a random period (just like collision detect procedure), and start to talk again.
For the Wan Link, will be perform MPLS 2M/2M (Multi-Protocol Label Switching) connection
The primary goal of MPLS is the standardize a base technology that integrate the label swap and forward the paradigm with network layer routing,, we can think is label swapping
The MPLS architectures perform label switching, combine the benefit of packet forwarding base on layer 2 switching with the benefit of layer 3 routing,
MPLS assign label to a packet for transport across packet, the forwarding mechanism throughout the network is label swapping,
The significant difference between MPLS and traditional WAN technologies is the way label are assign and the capability to carry a stack of label attach to a packet. The concept of a label stack enables new applications.
In between both network will using OSPF (Open Shortest Path First) for the routing and forwarding and OSPF is a link states protocol (Dijkstra's algorithm)
For the security issue, in this case, basically protected by Firewall, and the MPLS connection also provide the private network between both site.
First I would like to use DMZ (Demilitarized Zone) "this function provided by firewall" to protect the server, and the DMZ provide the function is same as a sub-network,
for e.g. (Refer to Figure 1.2)
Local Lan Network ID is 192.168.0.0, subnet 255.255.255.0, Gateway 192.168.0.1
DMZ Network ID 10.0.0.0, subnet 255.255.255.0, Gateway 10.0.0.1
Different network ID and gateway but still can communicate though the firewall to control the traffic between the DMZ server to the internal or external network. The setting as below
Allow the internal computer connect to the DMZ server.
Allow the opposite server to connect this DMZ server (Port 80 and 443 Only) "Port 80 for normal http access , and port 443 for SSL)
Other than this 2 policy all the request will be deny to protect any hacking, apply this setting on the both side network, (Refer to Figure 1.3)
Both site also have PPPoE backup connection, once the main line was broken, then it will automatically to switch to use backup link, (the backup link provide by ISP)
Will be using tailor made web base program to share the information between both site,the main function is syn both server, and using SSL(Secure Sockets Layer) to protect the data
What is SSL ?
Is between the web server and the browser adds the decipher way communication the safety work standard, this communication process had guaranteed possesses between the server and the browser through the material privacy and the integrity, SSL is an enterprise standard, it is used for by several million websites to protect they with the customer on-line transaction information, but to use SSL to link safely, a web server needs a certificate.
So in both server also will apply the Cert Server function, make it with secure channel to syn the data between two server