1 / 23

ChilliGaming CITN251 Local Wide Area Networks Network Design Project

prue
Download Presentation

ChilliGaming CITN251 Local Wide Area Networks Network Design Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. ChilliGaming CITN251 Local & Wide Area Networks Network Design Project By: Lucas Brimson, Steve Edwards, Joe Moore, Kevin Skelton

    2. Intro ChilliGaming is a fictitious small-scale game hosting service provider We have developed and implemented a prototype network supporting numerous services The network is comprised of various networking devices, technologies, and security measures CHOSE SCENARIO OF - a small, fictitious provider SERVICES – hosting of multiplayer games servers, voice / chat servers CONSIST - Network devices – routers, wireless routers and AP’s, servers for varying configurations for various roles Technologies –Wi-Fi, Firewalls, NAT, and other non-implemented things - VoIP Employed various security measures – Firewalls and ACLs, a DMZ for outside access – isolation purposes, appropriate wireless security; SSID’s, encryption, etcCHOSE SCENARIO OF - a small, fictitious provider SERVICES – hosting of multiplayer games servers, voice / chat servers CONSIST - Network devices – routers, wireless routers and AP’s, servers for varying configurations for various roles Technologies –Wi-Fi, Firewalls, NAT, and other non-implemented things - VoIP Employed various security measures – Firewalls and ACLs, a DMZ for outside access – isolation purposes, appropriate wireless security; SSID’s, encryption, etc

    3. Topology

    4. Devices Explain the topology with these: CG-GW - Gateway Router CG-INTR1 – Internal LAN Router CG-EXTSW1 – External Switch CG-INTSW1 – Internal Switch SRV-GAME – Game Server SRV-PUBLIC – Public Facing Web Server/Ventrilo SRV-DC1 - Domain Controller 1 SRV-DC2 – Domain Controller 2 CustWIFi LAN WiFi TBA: VoIP phones / models Hosts

    5. Servers Internal LAN DC1 DC2 External DMZ Game Public The prototype network currently uses four servers, these servers have been segmented into different areas of the network. We have two servers for the Internal Network and two servers for the External NetworkThe prototype network currently uses four servers, these servers have been segmented into different areas of the network. We have two servers for the Internal Network and two servers for the External Network

    6. Internal LAN Servers Internal LAN Servers Services; SRV-DC1 Exchange email server Active Directory DNS SRV-DC2 Active Directory (Backup) DNS Internal IIS web server software We decided to have two servers running AD for the purpose of providing backup this would ensure is SRV-DC1 went down users of the network would still be able to login as SRC-DC2 would be providing authentication. SRV-DC1 has been configured to allow the company to send email internal for this we are usign Exchange server 2003We decided to have two servers running AD for the purpose of providing backup this would ensure is SRV-DC1 went down users of the network would still be able to login as SRC-DC2 would be providing authentication. SRV-DC1 has been configured to allow the company to send email internal for this we are usign Exchange server 2003

    7. External Servers External Servers Services; SRV-GAME Unreal Tournament SRV-PUBLIC WAMP Web server Ventrilo Voice software We had only installed one Game on the game server as this was adqueate for testing this game was called Unreal Tournament Wamp server had been installed this was choosen instead of IIS for the external public facing site for the reasson that it came with php and mysql pre installed Ventrilo was used to provide voip to chilli gaming customers We had only installed one Game on the game server as this was adqueate for testing this game was called Unreal Tournament Wamp server had been installed this was choosen instead of IIS for the external public facing site for the reasson that it came with php and mysql pre installed Ventrilo was used to provide voip to chilli gaming customers

    8. Static IP addressing

    9. Topology

    10. Dynamic IP addressing The Staff workstations have been configured to receive their IP addresses from a DHCP server. The DHCP server is the router called CG-INTR1. The DHCP server has been configured as follows; Network: 172.16.5.64 Subnet Mask: 255.255.255.192 Default Gateway: 172.16.5.65 Useable IP Address Range: 172.16.5.69 – 172.16.5.126 Excluded IP Address Range: 172.16.5.65 – 172.16.5.68

    11. VLANs Sub interfaces on router interfaces match VLAN numbers. In future, as the SME expands, VLANS to match the increasing physical departments would be used, and VLAN 99 for management. DMZ: 9 – game server 10 – Blade 60 – Wireless (customer) 1 - management Internal: Management – 1 Staff and wireless – 30 Servers - 20 VoIP – 150

    12. EIGRP Uses Key Chain authentication with md5 and a password of chilli No summarization

    13. VoIP In vlan 150 Internal switch would have the PoE connections Internal router would have the phone IOS

    14. Gateway Connection and Security Cisco Security Device Manager A config was developed and tested on other equipment with an ADSL link, using SDM. Key sections are ATM0, Dialer0, Default Route and Access Control Lists access-list LAN2WEB permit 172.16.0.0 0.0.0.255

    15. ATM/Dialer and Default Route Sections interface ATM0 no ip address  no ip mroute-cache  atm vc-per-vp 64  no atm ilmi-keepalive  dsl operating-mode auto  hold-queue 224 in  pvc 0/38   encapsulation aal5mux ppp dialer   dialer pool-member 1 interface Dialer1  description $FW_OUTSIDE$  ip address negotiated  ip access-group 101 in  ip nat outside  ip inspect SDM_LOW out  ip virtual-reassembly  encapsulation ppp  dialer pool 1  dialer-group 1  ppp authentication chap pap callin  ppp chap hostname x@plusdsl.net  ppp chap password 7 071C3549580C1C031B0B1B0B50  ppp pap sent-username x@plusdsl.net password 7 0215105E1D030A27405 ppp ipcp dns request  ppp ipcp wins request ip route 0.0.0.0 0.0.0.0 Dialer1

    16. Pre SDM FW

    17. Inspect Rules post FW ip name-server 216.146.35.35 ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive

    18. Post SDM FW

    19. Firewall Extended IP access list 101     10 permit udp any any eq 1701     20 permit tcp any any eq www (1 match)     30 permit tcp any any eq 27900     40 permit udp any any eq 80     50 permit udp any any eq 27900     60 permit tcp any any eq 7777 (4 matches)     70 permit tcp any any eq 1723 (276 matches)     80 permit udp host 131.188.3.223 eq ntp any eq ntp (660 matches)     90 permit ahp any any     100 permit esp any any     110 permit udp any any eq isakmp (60 matches)     120 permit udp any any eq non500-isakmp     130 deny ip 192.168.1.0 0.0.0.255 any     140 permit icmp any any echo-reply     150 permit icmp any any time-exceeded     160 permit icmp any any unreachable (6 matches)     170 deny ip 10.0.0.0 0.255.255.255 any     180 deny ip 172.16.0.0 0.15.255.255 any     190 deny ip 192.168.0.0 0.0.255.255 any     200 deny ip 127.0.0.0 0.255.255.255 any     210 deny ip host 255.255.255.255 any     220 deny ip host 0.0.0.0 any     230 deny ip any any log (7023 matches) Extended IP access list LAN2WEB     10 permit ip any any (1851 matches) ip nat inside source list LAN2WEB interface Dialer1 overload

    20. Live NAT Translations ip nat inside source static tcp 192.168.1.15 1723 interface Dialer1 1723   PPTP  ip nat inside source static tcp 192.168.1.100 80 interface Dialer1 80  ip nat inside source static tcp 192.168.1.100 9777 interface Dialer1 7777   UT  ip nat inside source static udp 192.168.1.100 27900 interface Dialer1 27900   UT sync sh ip nat trans Pro Inside global      Inside local       Outside local      Outside global tcp 87.113.241.15:80   192.168.1.100:80   ---                --- udp 87.113.241.15:500  192.168.1.100:500  ---                --- tcp 87.113.241.15:7777 192.168.1.100:7777 ---                --- udp 87.113.241.15:7779 192.168.1.100:7779 216.146.35.99:27900 216.146.35.99:27900 udp 87.113.241.15:7780 192.168.1.100:7780 216.27.56.3:27900  216.27.56.3:27900

    21. NAT ip nat inside source static tcp 192.168.1.15 1723 interface Dialer1 1723   PPTP  ip nat inside source static tcp 192.168.1.100 80 interface Dialer1 80  ip nat inside source static tcp 192.168.1.100 9777 interface Dialer1 7777   UT  ip nat inside source static udp 192.168.1.100 27900 interface Dialer1 27900   UT sync sh ip nat trans Pro Inside global      Inside local       Outside local      Outside global tcp 87.113.241.15:1723 192.168.1.4:1723   ---                --- udp 87.113.241.15:80   192.168.1.50:1234  ---                --- tcp 87.113.241.15:80   192.168.1.100:80   ---                --- udp 87.113.241.15:500  192.168.1.100:500  ---                --- tcp 87.113.241.15:7777 192.168.1.100:7777 ---                --- udp 87.113.241.15:7779 192.168.1.100:7779 216.146.35.99:27900 216.146.35.99:27900 udp 87.113.241.15:7780 192.168.1.100:7780 216.27.56.3:27900  216.27.56.3:27900 udp 87.113.241.15:7781 192.168.1.100:7781 207.38.11.174:27900 207.38.11.174:27900 tcp 87.113.241.15:27900 192.168.1.100:8777 ---               --- udp 87.113.241.15:27900 192.168.1.100:27900 ---              --- udp 87.113.241.15:55869 192.168.1.100:55869 65.55.158.116:3544 65.55.158.116:3544

    22. Development methods/testing Planning Build/Testing in PT Implementation Testing Our development cycle went as such (point) and describe- Planning - start at the basics, simply brain storming sessions, jotting down basic setups and schemes, sharing our ideas and views on the subject - make sure we can all agree on a goal – trying to achieve Build in a sim – construct a topology whatever we’d planned prior in our network sim of choice, pkt trcr – and configure it as decided, once it’s a-ok, we implement it – begin the real-world construction Implement – gather the nessesary meterials - hardware software , cable it up, and configure it according to the toplogical diagram as planned it in the simulation software Test – does it work? Yes – great back to step one to plan the next stage , NO – troubleshoot with diagnostic software, simply reanalyse configurations, and physical topology – perhaps test again in pkt trcrOur development cycle went as such (point) and describe- Planning - start at the basics, simply brain storming sessions, jotting down basic setups and schemes, sharing our ideas and views on the subject - make sure we can all agree on a goal – trying to achieve Build in a sim – construct a topology whatever we’d planned prior in our network sim of choice, pkt trcr – and configure it as decided, once it’s a-ok, we implement it – begin the real-world construction Implement – gather the nessesary meterials - hardware software , cable it up, and configure it according to the toplogical diagram as planned it in the simulation software Test – does it work? Yes – great back to step one to plan the next stage , NO – troubleshoot with diagnostic software, simply reanalyse configurations, and physical topology – perhaps test again in pkt trcr

    23. logging / record The ChilliGaming blog http://stevepedwards.com/chilligaming/wordpress/ Areas of Interest Web address on previous slides Progress logged on a web-blog , on a subdomain of steves own website using proprietory browser-based blogging software – wordpress Much more convenient - everything is time stamped , stored securely on server, very user-friendly HERE IS AN EXERT FROM OUR BLOG It all follows much the same format We went from discussing and posting changes on; the topological diagrams , to server configurations, to security and more advanced device configurations, wireless, and then any little details and changes. GENERAL INT – members had their own areas of interest or particular expertise, or indeed simpyl because it was related to there final year project Steve FIREWALLS wanted to use SDM (Security device manager) Joe Servers – the operating systems and configurations Me and Lucas – kind of general-purpose type guys , assisting with configurations , hardware setup, odd jobs Web address on previous slides Progress logged on a web-blog , on a subdomain of steves own website using proprietory browser-based blogging software – wordpress Much more convenient - everything is time stamped , stored securely on server, very user-friendly HERE IS AN EXERT FROM OUR BLOG It all follows much the same format We went from discussing and posting changes on; the topological diagrams , to server configurations, to security and more advanced device configurations, wireless, and then any little details and changes. GENERAL INT – members had their own areas of interest or particular expertise, or indeed simpyl because it was related to there final year project Steve FIREWALLS wanted to use SDM (Security device manager) Joe Servers – the operating systems and configurations Me and Lucas – kind of general-purpose type guys , assisting with configurations , hardware setup, odd jobs

    24. Future IPv6 Scalability/growth Hardware / performance changes Upgrading our ADSL connection WiMAX connection Being as ambitious as we are – we have plans for the future of ChilliGaming; IPv6 – 128 bit addresses over ipv4’s 32 more flexibility in addressing and scaling , higher routing speed through simplified header format , Secure -unlike IPv4, IPSec is set to a base configuration rather than an available option Flow Label – resource allocation mechanism – source can send request for special handling of packet – very good for real time audio / video , enhanced security through encyrption and authentication options for packets Scalibility- using higher specced hardware/ more efficient networking technologies for increased throughput PURCHASE A BETTER ADSL CONNECTION– Faster outbound connection looking for an increase in bandwidth and throughput perhaps a leased line WIMAX CONNECTION As contigency If we happen to be based in an area where a high speed ADSL connection is no possible – TOO EXPENSIVE, simply not possible geographically 100Mb Symmetric connection 1:1 download upload ratio 100Mb either end Line of Site – an Issue; buildings, tall stuff Being as ambitious as we are – we have plans for the future of ChilliGaming; IPv6 – 128 bit addresses over ipv4’s 32 more flexibility in addressing and scaling , higher routing speed through simplified header format , Secure -unlike IPv4, IPSec is set to a base configuration rather than an available option Flow Label – resource allocation mechanism – source can send request for special handling of packet – very good for real time audio / video , enhanced security through encyrption and authentication options for packets Scalibility- using higher specced hardware/ more efficient networking technologies for increased throughput PURCHASE A BETTER ADSL CONNECTION– Faster outbound connection looking for an increase in bandwidth and throughput perhaps a leased line WIMAX CONNECTION As contigency If we happen to be based in an area where a high speed ADSL connection is no possible – TOO EXPENSIVE, simply not possible geographically 100Mb Symmetric connection 1:1 download upload ratio 100Mb either end Line of Site – an Issue; buildings, tall stuff

More Related