Guide to Network Design
If one part of the corporate network isn't fully functional, a bottleneck will be created and the entire network will be negatively affected. This article provides an overview of how to design an efficient and effective network. This network design guide offers tips on network hardware selection, setup, security and more.
A network, in its most basic form, is hardware connected by wires. This hardware can include PCs, servers, routers, and switches. Most of the wires on a modern network are Ethernet cables. Other types, such a coaxial and fiber, can be found as well.
When designing a network, the biggest considerations to weigh in regards to hardware are your routers and switches.
Routers are available in various classes, from a small home router to an enterprise-class solution. The size and needs of your business should help you decide which router you need. Many router providers offer an informational breakdown to help you choose the right one.
There are several common specifications for routers, including:
- Wireless capability. Does the router need to have wireless functionality built-in? Or will separate access points or another solution be used instead?
- VPN configuration. Will VPN capability be needed? If so, which VPN protocols and security settings will it need to support?
- VLAN setups. Is a router that supports VLANs required? What configuration options are needed?
- Security options. What security features does the router need to offer? Is a simple firewall acceptable, or do you require something that is highly configurable? Are additional security options available?
Once there is an understanding of the class and specifications that you are looking for, you can evaluate pricing and decide on a manufacturer. At this point, the options should have been narrowed down quite a bit.
The considerations for switches are similar to those for routers. First, define the class of the switch. Simple home office switches aren't very expensive. Enterprise-class switches are highly configurable and come at a much higher price.
Configuration options to consider include:
- Manage or unmanaged? Switches that offer port-management features come at a higher cost than ones that don’t. While the added features of a managed switch are convenient, it may not be worth paying the higher price if your business doesn’t need the feature.
- Speed capabilities. The slowest models on the market typically start at 100 Mbps, and the fastest go up to 10 Gbps. It’s hard to find a reason to purchase a switch that supports fewer than a 1 Gbps connection. Many businesses don’t need to pay the price for a 10 Gbps switch, but planning for future speeds is a good excuse.
- VLAN configurations. Configuring VLANs on your network is a powerful tool, but it's not always necessary and can over-complicate things if you use them without really needing them.
- The number of ports. Switches can come with several different available port configurations, starting at around 5, and up to around 48 ports in most cases. It’s generally a good idea to plan on having more ports than your network needs. This way, you are ready for future system upgrades.
Further reading Guide to Network Hardware Selection
Get tips for keeping your networks clean and well-organized, including:
- Effective labeling practices
- Tips on standard network sizing
- Network cooling and heating, and more.
Choosing an ideal subnet for a business may seem very simple, but your subnetting choices can make a big difference when everything is set up. Administrators must have an understanding of classified private IP address subnets, as well as how many devices will fit within your assigned subnet and how to assign subnets to different networks.
Here’s a breakdown of each of these items -
- Classified IP address subnets. There are three “super subnets” that fit within the list of classified local subnets. Any local networks created should fall within these super subnets. These networks include:
- Class A: 10.0.0.0/8
- Class B: 172.16.0.0/12
- Class C: 192.168.0.0/16
- Amount of allowed hosts. You should keep in mind, both the number of hosts that lie on their network and the possible number of future hosts. The subnet chosen should be able to handle all of the hosts on the network, and then some more on top of it for future upgrades.
- Multi-network subnet selection. Administrators that are planning on designing several different networks that will communicate with each other should verify that each network is distinct and doesn’t intersect. On top of that, many administrators prefer a logical, sequential pattern to their subnets for clarity.
Once all of the decisions have been made regarding IP addressing, administrators should create network maps. These maps will help provide them with a clearer understanding of how the network is laid out. Maps can be made for each network, and you can also create a “big picture” map that gives an overview of how all of the networks intersect and interact.
VLANs, as discussed earlier, should only be used if needed. If they are deemed necessary, a few decisions need to be made. These decisions include:
- IP schemes. We discussed the topic of IP schemes above, but its importance cannot be understated. Administrators should choose logical IP schemes for separate VLANs. For simplicity, a sequence is also a good idea.
- VLAN IDs. Each VLAN should have its numeric VLAN identifier or VLAN ID. As with IP addresses schemes, these identifiers should be logically sequenced.
- Tagged or untagged. A tagged VLAN is one in which informational packet headers include the VLAN tag number. The necessity of this will depend on the situation.
Network VLANs are a very complicated, complex topic that cannot be explained fully in just a few paragraphs. The best rule of thumb, again, is to not use them at all unless you know you are in a situation where they are needed.
Further reading Guide to Subnets and IP Addressing
DHCP, or dynamic host configuration protocol, is now a standard on most network setups. When configuring a DHCP server, there are several considerations for administrators to evaluate:
- Size of scope. Administrators should make sure that the DHCP scope will allow for all of these devices to be assigned leases at the same time, with some room for growth as well.
- IP address pool. A logical process must be used to identify which IP addresses should fall within the DHCP pool. These addresses should be in one sequential order. Additionally, precautions must be taken to verify that any statically assigned or reserved addresses do not fall within this list.
- Static reservations. Some network devices should be assigned IP addresses that never change. This is done via DHCP with static reservations. Determine which devices need reservations and leave aside a block of addresses for this purpose.
Some networks host their DNS (short for Domain Name System) servers. In many other situations, networks use public DNS servers. If the latter is chosen, it's a good idea to use DNS servers that you can trust. Here are a few to consider:
- Google. 184.108.40.206, 220.127.116.11, and 18.104.22.168.
- OpenDNS. 22.214.171.124 and 126.96.36.199.
- Level 3. 188.8.131.52 through 184.108.40.206.
Further reading Sysadmin's Guide to Network Services
You should design your network not just to be functional, but also secure. Here are a few best practices for network security to consider during the design phase:
- Only allow devices with proper security software. Many routers can be configured to allow outbound access only to PCs running network-mandated security software. This is a good practice as it allows to prevent malicious software infiltrating the network.
- Forbid untrusted DNS servers. Only allow devices using DNS servers that are whitelisted to access the Internet from your network.
- Separate business networks from public networks. Guests or other personal machines should be forced to use a separate network from business devices. This can be done using router configurations or VLANs.
- Disable unused network ports. On managed switches, ports that are not being used should be disabled. This way, unauthorized users are unable to access your network by plugging their devices into an open port.
Further reading Network Security Best Practices
A logically, intelligently designed network helps businesses communicate and operate with minimal interruption. To enjoy the benefits of a logical and intelligent network, you need to build these elements into the design stage.
Not only should the proper hardware for the network be purchased, but it should also be configured in a way that best fits the network. An appropriate IP address scheme should be selected, with considerations made for additional networks and VLANs. Network services, such as DHCP and DNS, should be configured to best fit your specific network. Security considerations should be addressed for all areas of your network as well.
Your network, like any other community of hosts, works best when it is designed intelligently.