You had just gotten a job at a respectable firm. A client came up to you and asked you to design a computer network for their company. They provided you with a document containing all the necessary inputs that you would need to start working on this project. And now, the deadline is approaching, and you still don’t have a clue what to do.
Don’t panic. In this post, I will be walking you through this project. I provide you with a step-by-step guide on how to design your first computer network.
I invite you to follow along with me, step by step, as we unravel the mystery of computer network design.
Step 1 — The Number of Subnets
The first step that you should start with is determining the required sub-networks. Normally, each subnet is associated with a separate entity within a company.
Let’s say that there are four departments: Sales, engineering, human resources, and management. An employee should only be able to access network resources belonging to their department. They should not have access to other departments’ resources.
It should now be clear that we need four subnets to do that. one for each department.
Step 2 — The Number of Endpoints
When determining the number of endpoints, you should consider workstations and any other piece of equipment that will connect to the network (Such as printers and servers).
This step is as simple as counting the number of these devices.
Step 3 — Location of Each Endpoint
Determining the exact location of each endpoint is very important, and this is for two main reasons :
First, it allows us to determine the exact number of network switches. If the endpoint is too far from the nearest switch, then we would have to add another switch to be placed close to the endpoint.
Second, the location of endpoints will determine which ports will be assigned to which subnet.
Step 4 — Types and Number of Network Devices
Now that we know the number of endpoints and their physical location, we can determine the number of network switches.
Switches differ in the number of ports they have. Each port can connect to one endpoint. So if you have, for instance, 17 workstations located in the same physical space, then a 24 port switch will be an appropriate choice. Remember that you should always leave some ports spared for potential future use.
One additional characteristic to examine in a switch is the number of Small Form-Factor Pluggable (SFP) slots. An SFP slot provides an interface for SFP Transceivers. They allow 1 Gigabit transmission on the connected link. An SFP slot is primarily used to connect between network switches.
The number of SFPs that we should use depends on the topology of our network. If we decide to have a non-redundant bus topology between switches, then one SFP per switch would be enough. However, if some level of redundancy is required, then each switch should have at least 2 SFP ports.
Once you’ve established the number of switches and the characteristics they should have, you should next direct your attention to routers. We should use routers to connect to the external network, and to connect between the subnets.
For routing between subnets, we can have two options:
The first option is using a router for routing between VLANs. This is called a router-on-a-stick configuration.
The second option is using a layer 3 switch. This is the same as a switch but adds layer 3 features that will allow routing between different VLANs.
Step 5 — Types of cables
When it comes to cables, there are two main types that you can use: Twisted pair and fiber optic cables
Twisted pair cables
You can use twisted-pair cables for links between a switch and an endpoint that do not exceed 90 meters.
If the distance from a switch to a workstation exceeds this distance, then you have two options. You can either add a smaller switch closer to the distant workstation or use fiber optics instead of copper. If you go with the second option, then you should plan for fiber optic converters on both ends of the link.
Fiber optic cables
Fiber optic cables provide higher bandwidth and have lower attenuation compared to copper cables. They are, therefore, the preferred choice for connecting switches and routers.
They come in two types: Single-mode and multi-mode. Choosing which type to use depends on the situation.
If the two ends are not too far apart (generally not exceeding 500 meters), you can use multimode fiber optic cable to connect them. Else, if the distance is much higher, then a single-mode fiber optic is the recommended choice.
Step 6 — Addressing and Subnetting
If you’ve reached this step, then congratulations! You are now able to design, size, and determine the physical components of a computer network. Now you are ready to move on to the logical part.
In this step, you have to assign IP addresses to networks.
Let’s suppose that endpoints are distributed between subnets as follow:
- Sales: 23
- Engineering: 34
- Human resources: 12
- Management: 6
I assumed a low number of endpoints to make things simple, but the same process is applicable no matter how many endpoints you have. So this shouldn’t be very hard.
We can consider 192.168.1.0/24 as the address range for our main network. The first three octets represent the network address, and the last octet is the host part. So, if we don’t divide this address space, then we should be able to connect up to 254 hosts. The reason why it is 254, and not 256, is because we should spare two special addresses: one for broadcasts, and the other for the network itself.
If we didn’t have separate departments, then this would have been enough. However, this is not our case, so we still have to divide our main network into four sub-networks.
To do this, we should take some bits from the host part of the address and assign them to the network part. This will reduce the number of possible hosts at each subnet, but it allows us to have more networks.
For instance, if we want to have four networks, then we move two bits to the network part. So, instead of 192.168.1.0/24, we will now have 192.168.1.0/26 (Notice the change in the subnet mask).
These are the resulting network addresses :
As you can see, we now have four networks. Each of them can connect up to 62 endpoints. I believe that this should be more than enough for our case.
Step 7 — Secure by design
A computer network is a critical infrastructure for any company. It is, therefore, necessary to plan for its security from the initial design phases.
To ensure the security of your network design, you should follow at least a few good practices.
You can add a firewall to the network perimeter to protect trusted networks from external threats, or you can install it between vital and less critical subnets to add another layer of protection against communication between subnets.
You can also configure access control to prevent unauthorized endpoints and users from connecting to the network. This can be based either on MAC addresses or credentials (802.1X).
Step 8 — Allow for Monitoring
An IT administrator should always know how their network is operating.
During your design, you should make sure that critical network devices can be monitored. They should at least support SNMPv3 ( Simple Network Management Protocol v3).
If you followed with me step-by-step throughout this post, then you should now be able to design a small computer network. If you still have any questions or concerns, please let me know, and I’ll make sure to respond to you.
Originally published at https://patchthenet.com on January 4, 2021.