A network is a lot like a community. Both a network and a community are made up of hosts. In a community, we're talking about homes and other buildings; in a network, it's PCs, servers, and other devices. The roads that deliver traffic between these hosts in the network world are generally Ethernet, although they may include other types of cables. Each community host has an address. In a network, each host has an IP address. Traffic intersections are handled by switches and routers.
This example can be carried on and expanded upon, but the point is clear. A properly functional network, just like a community, should be designed properly. A network is only as effective as the effectiveness of each of its parts. If just one of these items isn't fully functional, a bottleneck is created and the entire network is negatively affected.
Table of Contents
With that challenge in mind, this article provides an overview of how to design an efficient and effective network. Keep reading for tips on network hardware selection, setup, security and more.
A network, in its most basic form, is hardware connected by wires. This hardware can include PCs, servers, routers, and switches. Most of the wires on a modern network are Ethernet cables. Other types, such a coaxial and fiber, can be found as well.
When designing a network, the biggest considerations to weigh in regards to hardware are your routers and switches. First, the configuration level that you need should be chosen. Following that, certain specifications should be considered, and a cost-based analysis should be reviewed. Finally, model and manufacturer choices can be reviewed as well.
Routers are available in many different class levels, from a small home router to an enterprise-class solution. The size and needs of your business should help you decide which level of router you need. Many router providers offer an informational breakdown to help you choose the right one.
System administrators need to have an understanding of the exact specifications that their business requires from their router. This may include:
- Wireless capability. Does the router need to have wireless functionality built-in? Or will separate access points or another solution be used instead?
- VPN configuration. Will VPN capability be needed? If so, which VPN protocols and security settings will it need to support?
- VLAN setups. Is a router that supports VLANs required? What configuration options are needed?
- Security options. What security features does the router need to offer? Is a simple firewall acceptable, or do you require something that is highly configurable? Are additional security options available?
Once there is an understanding of the class and specifications that you are looking for, you can evaluate pricing and decide on a manufacturer. At this point, the options should have been narrowed down quite a bit. Network administrators should review the interfaces and support offerings of the different manufacturers that they are considering, and have an understanding of the price point that is being shopped for. At this point, the decision shouldn't be too difficult.
The considerations for switches are similar to those for routers. To start, an understanding of the class-level that is needed is important. Simple home office switches aren't very expensive. Enterprise-class switches have a lot of configurability and come at a much higher price.
Configuration options to consider include:
- Manage or unmanaged? Switches that offer port-management features come at a higher cost than ones that don’t. While the added features of a managed switch are convenient, it may not be worth paying the higher price if your business doesn’t need the feature.
- Speed capabilities. Switches can be purchased starting at as slow as 100 Mbps, and as fast as 10 Gbps. It’s hard to find a reason to purchase a switch that supports fewer than a 1 Gbps connection today. Many businesses don’t need to pay the price for a 10 Gbps switch, but planning for future speeds in a good excuse.
- VLAN configurations. Configuring VLANs on your network is a powerful tool, but they are not always necessary and can over-complicate things if you use them without really needing them. Administrators must, therefore, decide whether they need to utilize VLANs on their network, and, if so, how detailed to make them.
- The number of ports. Switches can come with several different available port configurations, starting at around 5, and up to around 48 ports in most cases. It’s generally a good idea to plan on having more ports than your network needs. This way, you are ready for future system upgrades.
Choosing an ideal subnet for a business may seem very simple, but your subnetting choices can make a big difference when everything is set up. Administrators must have an understanding of classified private IP address subnets, as well as how many devices will fit within your assigned subnet and how to assign subnets to different networks.
Here’s a breakdown of each of these items -
- Classified IP address subnets. There are three “super subnets” that fit within the list of classified local subnets. Any local networks created should fall within these super subnets. These networks include:
- Class A: 10.0.0.0/8
- Class B: 172.16.0.0/12
- Class C: 192.168.0.0/16
- Amount of allowed hosts. Administrators deciding on the best subnet for a local network should understand not only the number of hosts that lie on their network but the number of future hosts to plan for as well. The subnet chosen should be able to handle all of the hosts on the network, and then some more on top of it for future upgrades.
- Multi-network subnet selection. Administrators that are planning on designing several different networks that will communicate with each other should verify that each network is distinct and doesn’t intersect. On top of that, many administrators prefer a logical, sequential pattern to their subnets for clarity.
Once all of the decisions have been made regarding IP addressing, administrators should create network maps. These maps will help provide them with a clearer understanding of how the network is laid out. Maps can be made for each network, and you can also create a “big picture” map that gives an overview of how all of the networks intersect and interact.
VLANs, as discussed earlier, should only be used if needed. If they are deemed necessary, a few decisions need to be made. These decisions include:
- IP schemes. We discussed the topic of IP schemes above, but its importance cannot be understated. Administrators should choose logical IP schemes for separate VLANs. For simplicity, a sequence is also a good idea.
- VLAN IDs. Each VLAN should have its numeric VLAN identifier or VLAN ID. As with IP addresses schemes, these identifiers should be logically sequenced.
- Tagged or untagged. A tagged VLAN is one in which informational packet headers include the VLAN tag number. The necessity of this will depend on the situation.
Network VLANs are a very complicated, complex topic that cannot be explained fully in just a few paragraphs. The best rule of thumb, again, is to not use them at all unless you know you are in a situation where they are needed.
DHCP, or dynamic host configuration protocol, is now a standard on most network setups. When configuring a DHCP server, there are several considerations for administrators to evaluate. It’s important to have an understanding of the number of available IP addresses that you need within your scope. A subset of IP addresses within the subnet must also be set aside, out of the DHCP scope, to be used for static reservations.
- Size of scope. Determinations need to be made on how many devices may need to have IP addresses assigned to them at the same time. Administrators should make sure that the DHCP scope will allow for all of these devices to be assigned leases at the same time, with some room for growth as well.
- IP address pool. A logical process must be used to identify which IP addresses should fall within the DHCP pool. These addresses should be in one sequential order. Additionally, precautions must be taken to verify that any statically assigned or reserved addresses do not fall within this list.
- Static reservations. Some network devices should be assigned IP addresses that never change. This is done via DHCP with static reservations. Determine which devices need reservations and leave aside a block of addresses for this purpose.
Some networks host their DNS (short for Domain Name System) servers. In many other situations, networks use public DNS servers. If the latter is chosen, it's a good idea to use DNS servers that you can trust. Here are a few to consider (the numbers are their IP addresses).
- Google. 126.96.36.199, 188.8.131.52, and 184.108.40.206.
- OpenDNS. 220.127.116.11 and 18.104.22.168.
- Level 3. 22.214.171.124 through 126.96.36.199.
You should design your network not just to be functional, but also secure. Here are a few best practices for network security to consider during the design phase:
- Only allow devices with proper protection software. Many routers can be configured to allow outbound access only to PCs running network-mandated security software. This is a good practice to prevent malicious software from being shared on a network.
- Forbid untrusted DNS servers. Only allow devices using DNS servers that are whitelisted to access the Internet from your network. All other devices must update configuration settings to be allowed outbound access.
- Separate business networks from public networks. Guests or other personal machines should be forced to use a separate network from business devices. This can be done using router configurations or VLANs.
- Disable unused network ports. On managed switches, ports that are not being used should be disabled. This way, unauthorized users are unable to access your network by plugging their devices into an open port.
A logically, intelligently designed network helps businesses communicate and operate with minimal interruption. To enjoy the benefits of a logical and intelligent network, you need to build these elements into the design stage.
Not only should the proper hardware for the network be purchased, but it should also be configured in a way that best fits the network. An appropriate IP address scheme should be selected, with considerations made for additional networks and VLANs. Network services, such as DHCP and DNS, should be configured to best fit your specific network. Security considerations should be addressed for all areas of your network as well.
Your network, like any other community of hosts, works best when it is designed intelligently.