Assignment 2 “network design and simulation for a critical large hospital

UNIVERSITY OF TECHNOLOGY FACULTY OF COMPUTER SCIENCE AND ENGINEERING BK TP.HCM COMPUTER NETWORKS Assignment 2 “NETWORK DESIGN AND SIMULATION FOR A CRITICAL LARGE HOSPITAL” Advis

UNIVERSITY OF TECHNOLOGY FACULTY OF COMPUTER SCIENCE AND ENGINEERING

BK TP.HCM

COMPUTER NETWORKS Assignment 2

“NETWORK DESIGN AND SIMULATION FOR A CRITICAL LARGE HOSPITAL”

Advisor: Nguyen Le Duy Lai Students: Thieu Quang Tuan Anh - 2153171 Phan Gia Bao - 2153210 Pham Duc Trung - 2153928

HO CHI MINH CITY, April 2024

Contents

3.1 System Requirement 2.2 0 ee ee ee 2

3.1.1 Requirement of Main Site 2 0.0 2 ee ee 2 3.1.2 Requirement of two Auxiliary Sites 2 ee 3 3.1.3 Throughput and Bandwith 2 0.0.0.0 0 0.00 0.000 3 3.2 Survey checklists at installation locations 2 0.0.0.0 0 0 0.004 3

3.3 High load area and Network structure 2 0 ee ee ee en 4

4.1 Recommended equipment and typical specifications 2 0 2, 5

4.1.2 Access Point: Cisco-Linksys WRT300N Wireless-N Broadband Router 6

4.1.4 Switch layer : CISCO WS-C3650-24P5-5 .00 8 4.1.5 EFirewall Cisco- ASA5506SECBUN-K9 9 4.2 IPiaBTAHI On nu nh nà nà kh kh k KV k ki kh 10

4.23 VLUAN at BHQT Street 0.0.0 0000 00.0000 10

5.2 DBP and BHQT Site 2 Q Q Q LH ng vn k kg 11

6 Calculate the necessary bandwidth and suggest the configuration for computer

8.1 The remaining problems 2.2 00000000000 0000000000004 17 8.2 Development orientation in the future 2 2 ee ee een 17

3 Faculty of Computer Science and Engineering

1 Memberlist and workload

No

2 Introduction

In today’s increasingly interconnected world, network design and simulation are essential tools for critical large companies These companies rely on their networks to operate efficiently and effectively, and network failures can have a devastating impact on their bottom line

Network design is the process of planning and implementing a network that meets the needs

of a particular organization It involves considering factors such as the size and complexity of the network, the types of applications that will be used on the network, and the security and reliability requirements of the organization

Network simulation is a technique that can be used to evaluate the performance of a proposed network design It involves using computer models to generate realistic traffic patterns and then simulating the behavior of the network under those conditions

For critical large companies, network design and simulation are essential to ensuring that

their networks are reliable, secure, and able to meet their business needs

3 Requirement analysis

3.1 System Requirement

3.1.1 Requirement of Main Site

CCC (Computer & Construction Concept) was asked to design a computer network to be de- ployed in the Main Site (at Ho Chi Minh City) and two Auxiliary Sites (at DBP Street and DHQT Street) of a Specialized Hospital under construction The key characteristics of IT usage

in this hospital are as follows

e 2 buildings A and B (5 floors with 10 rooms/floor) equipped with computers and medical devices

The data center, IT, and Cabling Central Local (using patch panels gathering wires) are located in a separate room, 50 meters from buildings A and B

Medium-scale: 600 workstations, 10 servers, 12 networking devices (or maybe more with security-specific devices)

The wireless connection has to be covered for the whole Site

Using new technologies for network infrastructure including wired and wireless connections, fiber cabling (GPON), and GigaEthernet 1GbE/10GbE/40GbE The network is organized according to the VLAN structure for different departments

The main Site subnetwork connects two other Sites (Site DBP and Site BHTQ) subnetworks

by 2 leased lines for WAN connection (possibly applying SD-WAN, MPLS)

e 2 xDSL for Internet access with a load-balancing mechanism All traffic to the Internet passes through the main site subnet

e For software acquisition, the Hospital uses a mix of licensed and open-source software,

hospital software (HIS, RIS - PACS, LIS, CRM, etc }, office applications, client-server

applications, multimedia, and databases

e Requirements for capability of extension, high security (e.g., firewall, IPS/IDS, phishing detection), high availability (HA), robustness when problems occur, ease of upgrading the

system

e Propose a VPN configuration for site-to-site and for a teleworker to connect to Company LAN

e Propose a surveillance camera system for the Company

3.1.2 Requirement of two Auxiliary Sites

Each Auxiliary site is designed similarly to the Main site but on smaller scale

e The building has 2 floors, the first floor is equipped with 1 IT room and 1 Cabling Central Local

e Small-scale: 60 workstations, 2 servers, 5 or more networking devices

3.1.3 Throughput and Bandwith

The dataflows and workload of the system (about 80% at peak hours 9g¢-11g and 15g- 16g) can

be shared for the main Site and the two Auxiliary Sites as follows:

e Servers for software updates, web access, and database access, The total download

estimate is about 1000 MB/day and the upload estimate is 2000 MB/day

e Each workstation is used for Web browsing, document downloads, and customer transac-

tions, The total download estimate is about 500 MB/day and the upload estimate is

100 MB/day

e WiFi-connected devices from customers’ access for downloading are about 500 MB/day

3.2 Survey checklists at installation locations

3.2.1 At Main Site

The Main site consists of 300 workstations, 10 servers, 12 networking devices (or maybe more with security-specific devices) equipped at 2 5-floor buildings:

e IT room is located 50 meters far from 2 buildings: 10 servers, 1 router and 1 switch

e Each floor consists of 60 workstations

e Floor 1 and 2: Access point for customer to connect Wifi

e All floor will have switch to connect with the workstation and connect with a Multilayer switch

e Cameras are connected with a Switch for camera in floor 1

University of Technology, Ho Chi Minh City

6

3 Faculty of Computer Science and Engineering

3.2.2 At Auxiliary Sites

Each Branch consists of 60 workstations, 2 servers, 5 or more networking devices

3.3

TT at floor 1: 2 servers, 1 router and 1 switch

Each floor has avarage 15 workstation

Floor 1 provides Wifi for customers

The another floor is designed as same as Main site with smaller scale

High load area and Network structure Network Load Balancing, the uniform distribution of traffic between two or more servers with the same function in the same system, is one of the most important features for computer network By using it, the system will minimize the situation that a server is overloaded and down Besides, when a server crashes, weigh by load will direct the distri- bution of the work of that server to the rest of the servers, push system’s up-time highest and improve overall operational productivity This ensures system availability, reliability and can easily and flexibly add or remove servers as required for future upgrades

Technically, the web server system allows all Internet users to search for information, exchange information with the bank website Therefore, it is necessary to ensure access speed and stability

In our design, on the second and third floors, there is access from plenty of customers and the amount of information here is huge Therefore, it is necessary to focus on network load balancing here

4 List of equipment, IP diagram and cabling

4.1 Recommended equipment and typical specifications

4.1.1 Router CISCO2911/K9

e Manufracture: Cisco System, Inc

e Manufracture Part Number: CISCO2911/K9

e Product type: Router

e Form Factor: External modular 2U

e Services and Slot Density

- 1 service module slot

- | Internal Service Module slot

- 2 onboard digital signal processor (DSP) slots

- 4 enhanced high-speed WAN interface card slots

- RAM Memory: 512 MB (installed) / 2 GB (max)

- Flash Memory: 256 MB (installed) / 8 GB (max)

3 Faculty of Computer Science and Engineering

4.1.2 Access Point: Cisco-Linksys WRT300N Wireless-N Broadband Router

e Manufacturer: Linksys Holdings, Inc

e Manufacturer Part Number: Cisco-Linksys WRT300N

e Product Type: Wireless Access Point

e Throughput: 540 Mbps

e Data process with Layer 7 application fingerprinting and Qos

e Integrate with firewall

e Air Marshal: Real-time WIPS (Wireless intrusion prevention system) with alarm

e Each device is designed for high-density access to more than 100 users per device without bottlenecks, or processor crashes like conventional products In addition, the device has traffic shaping technology to ensure that bandwidth is shared fairly between users

e A void common configuration errors of most wireless networks today Devices without controllers when set to the same frequency band located close to each other will interfere with each other, which affect the performance and stability of the wireless network

4.1.3 Switch: CISCO WS-C2960+24TT-L

Manufacturer: Cisco Systems, Inc

Manufacturer Part Number: Cisco WS-C2960-24TT-L

Product Type: Switch - 24 ports - Managed

Enclosure Type: Rack-mountable 1U

Uplink interface: 2 (SFP or 1000BASE-T)

Ports: 24 x 10/100Mbps Ethernet

Bandwidth forwarding: 16 Gbps

DRAM: 128 MB

Flash Memory: 64 MB

Throughput: 6.5 Mbps

Power: AC 120/230 V (50/60 Hz)

Dimensions (WxDxH) 44.5 cm x 23.6 cm x 4.4 cm and 3.63 kg

3 Faculty of Computer Science and Engineering

4.1.4 Switch layer : CISCO WS-C3650-24P8-S

Manufacturer: Cisco Systems, Inc

Manufacturer Part Number: Cisco WS-C3650-24PS-S

Product Type: Switch - 24 ports - Managed

Enclosure Type: Rack - mountable - 1U

Gate: 24 gates 10/100/1000 Ethernet

e Bandwidth stack: 160 Gpbs

e Bandwidth forwarding: 41,66Mpps

e DRAM: 4 GB

e Flash memory: 2 GB

Number of AP per switch/stack: 25

Number of wireless customer per switch/stack: 1000

Power: AC 120/230 V (50/60 Hz)

Dimensions (WxDxH): 44.5 x 44.8 x 4.4 cm and 7.26 kg

4.1.5 Firewall Cisco - ASA5506-SEC-BUN-K9

cisco

Manufacturer: Cisco Systems, Inc

Manufacturer Part Number: Cisco ASA5506-K9

Product Type: Security appliance

RAM: 4GB

Flash memory: 8 GB

Interfaces: 1 x 1000Base-T (management) - RJ-45 | 1 x USB 2.0 - Type A | 1 x mini-USB

| 1 x console - RJ-45 | 8 x 1000Base-T - RJ-45

Features: Firewall protection, VPN support, VLAN support, High Availability, fanless Encryption Algorithm: Triple DES, AES

Multiprotocol firewall throughput: 300 Mbps

Capacity:

- Concurrent sessions: 50000

- Cisco AnyConnect Plus/Apex VPN peers: 50

- IPSec VPN peers: 50

- Virtual interfaces (VLANs): 30

Compliant Standards: CISPR 22 Class A, CISPR 24, EN 60950, EN 61000-3-2, EN55022,

IEC 60950, EN 61000-3-3, EN55024, UL 60950, VCCI V-3, AS/NZS 60950, CAN/CSA C22.2 No 60950, CNS 13438, EN 301.489-7, EN 301.489-24, EN 301.489.4, EN 301 489-1,

EN 300 386, EN 301 489-17

Power: AC 120/230 V (50/60 Hz)

3 Faculty of Computer Science and Engineering

4.2 IP diagram

4.2.1 VLAN at Main site

192.168.30.0 192.168.30.1 - 192.168.30.60

4.2.2 VLAN at DBP Street

ame camera | 192.168.160.0 192.168.160.1 - 192.168.160.3 WIFI 192.168.120.0 192.168.120.1 - 192.168.120.100

IT Room 192.168.110.0 192.168.110.2 - 192.168.110.4

4.2.3 VLAN at BHQT Street

220 Surveillance camera | 192.168.220.0/24 | 192.168.220.1 - 192.168.220.3

180 Customer WIFI 192.168.180.0/24 | 192.168.180.1 - 192.168.180.100

190 Department1 192.168.190.0/24 | 192.168.190.1 - 192.168.190.30

200 Department2 192.168.200.0/24 | 192.168.200.1 - 192.168.200.30

210 Department3 192.168.210.0/24 | 192.168.210.1 - 192.168.210.30

170 IT Room 192.168.170.0/24 | 192.168.170.2 - 192.168.170.4

5 Wiring diagram

5.1 Main site

internet ® Ề

„ Floer6 ; <2 = Camera switch Switch »—À) @- X ¬

Switch là ©

Router Muttilayer Switen

~ switch —— \ ©

= rex,

sì 9-

5.2 DBP and BHQT Site

Two Auxiliary Sites have the same wiring design

internet Servers

» T” Camera switch

s§> ¡ Router Multilayer

switch

3 Faculty of Computer Science and Engineering

5.3 Whole network

Firewall

| DBP Str

Œ

olde tts

Router Firewal

BHOQT Street

6 Calculate the necessary bandwidth and suggest the con- figuration for computer networks

6.1 Main Site

The dataflows and workload of the headquarter is about 80% at peak hours 9g-11g and 15g-16g

e The total download estimate of each server is about 1000 MB/day and the upload estimate

is 2000 MB/day We have 10 servers:

Throughtput gervers = 10x (1000-42000) «8 = 2.778(Mb/s)

Bandwidth servers = TH = 17.778(Mb/s)

e The total download estimate of workstation is about 500 MB/day and the upload estimate

is 100 MB/day We have 300 workstations:

— 300x(500+100)x8 16 ggg

Bandwithworkstations = 300% (5004 100) x8 x 80% = 106.668(Mb/s)

e WiFi-connected devices from customers’ access are about 500 MB/day

Throughptl wiretess = Freee © 0.046(Mb/s)

Bandwithwiretess = BQOx8 x80 = 0.296(Mb/s)

e Total throughput and bandwidth of the headquarter

Throughput = 2.778 + 16.668 + 0.046 = 14.492( Mb/s) Bandwidth = 17.778 + 106.668 + 0.296 = 124.742(Mb/s)

6.2 Auxiliary Sites

The dataflows and workload of the branch is about 80% at peak hours 9g-11g and 15g-16g

e The total download estimate of each server is about 1000 MB/day and the upload estimate

is 2000 MB/day We have 2 servers:

_ 2x (1000-+2000)x8 9 eras ay ThroughÄtPUf u»ev = ““saaaxen 0.553(Mb/s) 2x (100042000) x8x80% - o eras ay Bandwidth servers = 2 Tế = 3.553( Mb/s)

e The total download estimate of workstation is about 500 MB/day and the upload estimate

is 100 MB/day We have 60 workstations:

_ 60x (500-4100) x8 9 aay4/q, Throughtputyorkstations = — sàxsixg0 TC 1.334(Mb/3) 60x(500+100)x8x80% _ s4 qax/n/

Bandwithworkstations = 3x60xö0 21.334(Mb/s)

e WiFi-connected devices from customers’ access are about 500 MB/day

Throughput wireless = Ss = 0.046(A1b/s)

Bandwithwireless = SOO oxo = 0.296(Mb/s)

e Total throughput and bandwidth of the headquarter

Throughput = 0.553 + 3.334 + 0.046 = 3.933(Mb/s) Bandwidth = 3.553 + 21.334 + 0.296 = 25.183(Mb/s)