Major Network design help needed ....

David Bandel david.bandel
Wed Feb 22 12:31:59 PST 2006 

On 2/22/06, Ben Duncan <bns at meta3.net> wrote:
> OK, I have been called in by a Company to help with some MAJOR networking issues.
> This involves an Apartment complex located on the grounds of a Major University.
> The apartments are sponsored by the University, but operated by a private firm.
> One of those "Future of" campus housing deals. All Apartments are wired with cat 5e,
> come with cable Tee-Vee and telephone service.
>
> Now, I have have 3 complex's. Complex A has 48 apartments, B has 24 and C has 36.
> Each complex's wiring terminates in it's own "Equipment Closet" and has
> a HP 4000M Procurve switch. Each Complex's Switch has a Fiber Connection that goes back
> to a Central Location that then terminates in another HP Procurve 4000M
> then goes out via a uBR900 Cable Router with 6Mbs/6Mbs internet connection.
>
> They are reporting that the connections are being dropped, slow response, and
> no DHCP address's are being given out. The cable techs' report that the Router shows
> it has been trying to hand out 400 DHCP address's. The manager of this operation
> knows that students are coming over to the Apartments and (ab)using the network,
> since the University has port blocking and throttling in place. (I Suspect
> some one's running some server farms as well as a on-line gaming
> setup as well ;-> ). This equipment was installed around 2000/2001.
>
> The managers seem convinced that the HP PRocurve 4000M is a "managed" switch with
> various "features". The only things I see it has is "Spanning Tree", VLAN and
> port trunking control.
>
> They want a proposal on what to do. New Equipment? Routers at each Unit ?
>
> Any suggestions out there ?
>

This one is right up my alley.  You have several problems, but I can
almost guarantee you that the slow response, etc., is not directly TCP
related, but ARP related.

400 DHCP addresses is what sets off alarm bells.  A flat network this
big is a monstrous problem, more so with Windoze boxes blasting away
on broadcast addresses.

This monstrosity needs to be broken into manageable segments.  I'd
start by building and go to floors.  Routing is key, bridging
(switching) is bad.  Flat networks are unmanageable.  You want maximum
/26 networks (255.255.255.192), but /27 is better (255.255.255.224). 
First thing to go is VoIP (and since I specialize now in VoIP, I
know).

If you don't know how to do bandwidth management, you might also want
to look into a box or software to do that (Arbitrator).

If abuse is a problem (servers, others connecting that shouldn't,
etc.) then you could use radius and force users to log in, allowing 2
simultaneous sessions (or perhaps only one).  FreeRadius can help here
as it does MAC address authentication against username/password
database.  You can also track servers by services and block ports in
the routers (first ports I'd suggest blocking are all the virus
causing M$ ports: 42, 135, 137, 138, 139, 445, 1433, 1434).

First thing to do is start analyzing their traffic.  Mirror each port
one at a time to a monitor port and watch the traffic.  It will tell
you what is wrong and where you need to start.

Call me if you need a consult.  You have my cell number.

Ciao,

David A. Bandel
--
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto

More information about the Linux-users mailing list