Cost-Effective and Resilient Large-Sized Campus Network Design
Isiaka A. Alimi1, *, Akeem O. Mufutau2, Tusin D. Ebinowen1
1Department of Electrical and Electronics Engineering, School of Engineering and Engineering Technology, Federal University of Technology, Akure, Nigeria
2Computer Resource Centre (CRC), Federal University of Technology, Akure, Nigeria
Computer networks have contributed immensely to the development of educational systems globally by enabling timely access to information both in and out of the lecture rooms. This technology serves among its numerous uses as a bedrock of e-learning, e-library, telepresence and access to different research materials. The need for high network availability is therefore of paramount importance in an educational systems. This paper presents how high reliability, availability, and serviceability can be achieved in a campus network by the implementation of network architecture and standardised protocols that enable the network hardware to be more intelligent in load balancing and fail-over functionality in order to eliminate downtime during crashes and device upgrades. The approach enables a scalable and manageable network which allows devices from different vendors to interoperate.
Received: April 24, 2015
Accepted: May 6, 2015
Published online: June 3, 2015
@ 2015 The Authors. Published by American Institute of Science. This Open Access article is under the CC BY-NC license. http://creativecommons.org/licenses/by-nc/4.0/
It has been noted in  that, the idea of internet was primarily conceived by the United State Department of Defense in 1969 when it was known as Advanced Research Projects Agency Network (ARPANet). The ARPANet aimed at creating a unified network that would allow researchers to communicate from different universities. However, with the advancements in Information and Communication Technologies (ICT), the internet has become a means of passing information among billions of peoples globally. Internet has been observed to be creating an integrated system for processing, storing, accessing and distributing information and managing content. The convergence functionality is attributed to the rapid evolution of the digital technology and the diffusion of the Internet concept across the globe . With the integration, there are significant transformations in multimedia applications and services. Apart from the e-mail which is one of the applications supported by the internet, other applications and services such as e-commerce, e-government, e-banking, e-business, e-learning, real-time images or video and virtual library has made internet the most prominent tool for information dissemination worldwide .
Nowadays, various institutions have been trying to provide excellent learning environments by embarking on building campus network so that researchers can go beyond the limitations of space and time to acquire desirable applications, services and information. This trend has been part of the yardsticks in determining the quality and the level of teaching and scientific research work of an institution . To this end, the need for cost-effective high-availability network is therefore of utmost importance in an educational systems.
The problems in campus network information security and its solutions are highlighted in  in order to establish a suitable campus network security system. Similarly, in  analysis and description on the campus network with the aim of achieving a higher overall performance is discussed. An extensive evaluation on the Virtual Router Redundancy Protocol extension with load balancing is described in . This paper however presents network architecture and standardised protocols that give high reliability and availability in a campus network. This approach improves the system fail-over functionality and eliminate downtime during crashes and device upgrades. Also, it aids network scalability, manageability and enables devices from different vendors to effectively interoperate.
This paper is structured as follows: in Section 2, hierarchical internetworking model of campus networks is presented and the associated layers are discussed. Section 3 presents the procedures for the high-availability Network. Section 4 focusses on gateway redundancy concept that protect the network against a single point of failure. Section 5 contains the proposed network architecture and the requirements at each layer of the hierarchical networks. Conclusions are provided in Section 6.
2. Hierarchical Internetworking Model of Campus Networks
Campus networks are classified into large-sized, medium-sized and small-sized networks depending on the numbers of users. The large-sized campus network has the highest numbers of users while the small-sized campus network has the least numbers. Structurally, a large-sized campus network is hierarchical. One of the advantages of hierarchical network design is that it enables fast, efficient and logical traffic forwarding patterns while minimizing the cost of connecting multiple devices at network endpoints. Also, the model ease the required security measures for the network administrators so that they can easily shape the traffic, adjust the access control lists and blocking unwanted traffic. In addition, cost of the required network devices can be minimized by the modular nature of the network that enables scalability. Furthermore, layers of the hierarchical networks are designed to perform specific functions that are consistent throughout a given layer which make manageability to be relatively easy. Also, consistency of each layer aids system recovery and simplified troubleshooting. The campus network is conventionally defined as a three-tier hierarchical model that consists of the core layer, the distribution layer and access layer , . The associated layers of a typical campus network is depicted in Figure1.
2.1. Access Layer
The access layer is the first stage of the three-tier hierarchical model of campus network in which end devices such as PCs, printers and cameras are connected to the wired portion of the network. Furthermore, devices that extend the network out one more level such as IP phones and wireless access points (APs) are attached to the network through the access layer . This layer is one of the most feature-rich parts of the campus network because of the supported devices, services and dynamic configuration mechanisms. Different services and capabilities that need to be defined and supported in the access layer of the campus network is enumerated in . The access layer is connected to the core layer through the distribution layer which serves as a services and control boundary between them.
2.2. Distribution Layer
This layer is an aggregation point for all of the access switches that provides layer 2 distribution. Also, it serves as an integral member of the access-distribution block by offering connectivity and policy services for traffic flows. It is also an element in the core of the network and participates in the core routing design. The distribution role can be performed by implementing the STP or, better still with any of developed network protocols such as RSTP and MSTP .
2.3. Core Layer
The core layer is the backbone that aggregates and supports all the network elements of the campus architecture and ties together the campus network with other network. This layer requires high reliability and it is always designed to be highly available and operate in an always-on mode. To achieve the required availability, appropriate level of redundancy is essential for near immediate data-flow recovery in case of any network component failure .
3. High-Availability Network
With the proliferations of desirable applications, services and information which aid development of educational systems both in and out of the lecture rooms, there is need for high network availability at all times so that researcher can fully benefit form services such as e-learning, e-library and telepresence. Therefore, high availability is a principal service requirement in designing a campus network. It was observed in  that one of the concepts that applied to repairable equipment is availability. The main determinants of system availability are the availability of the distinct network elements and the topology of the network. The estimation of availability is based on the mean time between failures (MTBF) of the distinct network elements and the mean time to repair (MTTR) which is expressed in  and  as:
Equation (1) can further be expressed as;
Thus, this expression implies that, the system availability can be enhanced by increasing the MTBF which means the probability of network devices and links failure should be reduced. Furthermore, the system availability can be improved significantly by decreasing the MTTR which means that the time to recover from a failure. Therefore, system availability can be considerably enhanced in hierarchical networks by the implementation of redundancy .
The network devices can be connected either in series or in parallel. It is advisable to implement parallel connection to benefit from the advantages of redundancy. In a set of nth serially connected identical network devices shown in Figure 2, the overall system availability is the product of each device availability which is expressed as:
Equation (3) shows that the system is available when all components are available. However, the system availability could be enhanced by parallel arrangement shown Figure 3. The overall system availability of parallel configuration of two identical network devices is expressed as:
Equation (4) shows that the system will only be unavailable when both components are unavailable. It is noted in  that system availability can be increased significantly in hierarchical networks by the implementation of redundancy. Therefore, to prevent being cut off from other network, an appropriate gateway redundancy is required in a campus network.
4. Gateway Redundancy
The gateway redundancy is a fault-tolerant approach employed in a network to enable hosts to communicate outside their local subnet in case of single point of failure in the network. In a network, hosts are normally configured with a single default gateway IP address which is the next-hop router IP address. This enables them to communicate outside the local subnet. Assuming that the default gateway fails, hosts will be able to communicate only within the subnet but not with the rest of the network. This is also the case when there is a redundant router in the network but without dynamic technique by which the hosts could switch to a new default gateway IP address. A system without gateway redundancy which has a physical (static) default gateway IP address is depicted in Figure 4.
The gateway redundancy protects the network against a single point of failure by pre-configuring a group of routers that manage a single virtual router IP address and appear as a single gateway IP address which provides network redundancy for IP networks . The concept of the gateway redundancy is that, there will be a master router, a backup router and a virtual router that LAN clients will be sending their traffics to. The traffic will normally be forwarded by the physical master router. The configuration enables the backup router to take the responsibility of the default gateway when the master router fails. This enables the user traffic to recover from first hop failures. A system with gateway redundancy which has a virtual router IP address is depicted in Figure 5.
There are three main redundancy protocols which are Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP) , , . In a campus network, implementation of VRRP is advised to allow devices from different vendors to interoperate, because other protocols are Cisco proprietary protocols.
5. Proposed Network Architecture
This work, to the best of our knowledge, presents a model that represent the best compromise between the system cost and redundancy. When introducing redundancy into a network with the purpose of achieving resiliency, it is obvious that the addition of physical component or even outright replacement of some components, as the case may be, can be necessitated, thus the cost of the component becomes an issue to be given due consideration. Furthermore, when the number of redundant network components are much, the associated cost will be high and the viability of a cost-effective solution might be questionable. Therefore, the level redundancy to be introduced at each layer is a function of overall system requirement. Redundant components are employed at each layer in order to prevent a single link or component failures from taken down part of the network from the other. All the layers should have redundant paths between them and devices such as routers and switches should be provided with redundant power supply. Also, servers should be connected with dual links.
5.1. Access Layer Requirements
The access layer is the interface which enables end devices such as PCs, printers, modems and IP phones to connect to the rest of the system. At this layer, depending on the system requirement, network devices such as wired routers, switches, wireless access points and routers may be necessary. The access layer switch should support multiple speeds, VPN and rapid failover capability. Physical and logical Redundancy is introduced on the link between the active devices at this layer and the distribution layer. On each of these devices-switches and routers precisely, consideration may also be made for redundant power supply. Also, centralized management and wireless access point are required for wireless connectivity applications. One of the concepts that can be employed at this layer is the Virtual Local Area Network (VLAN) which enables logical grouping of end-stations that are physically dispersed on a network. Implementation of VLANs lead to ease of administration, confinement of broadcast domains, reduced broadcast traffic, and enforcement of security policies.
5.2. Distribution Layer Requirements
The distribution layer is an intermediate layer between the core and the access layers. The increase in the use of bandwidth-intensive applications and services at the access leads to higher traffic volumes. Therefore, multiple access layer switch traffics are aggregated to the core layer. In view of this, high-performance devices with significant redundancy is required for system availability and stability. Moreover, part of the required components are high-performance backplanes, high-density port modules, redundant power supplies and management modules. Also, the routing protocols to be employed in the network should be open standard. The network traffic can be efficiently managed at this layer with load balancing which can be used to define quality of service (QoS) required the VLANs.
5.3. Core Layer Requirements
The core layer also require high-speed, high-performance devices with significant redundancy. This is required for the fast delivery of the aggregated traffic. Furthermore, core switches are designed with high-density modules of high-performance ports. There may be need for the core layer to support advanced multiprotocol label switching (MPLS) and multi-virtual routing and forwarding (Multi-VRF) protocols in order to enforce traffic separation and QoS policies. Also, gateway redundancy is essential to protect the network against a single point of failure and for traffic load balancing. Furthermore, for different vendors’ devices interoperability, implementation of VRRP is advised. Also, the routing protocols to be employed in the network should be open standard.
The overall network architecture of a resilient campus network is depicted in Figure 6. Some detail are not presented for simplicity purpose. The 1st departmental access layer is emphasized and the concept can be applied to other departments depending on the requirement of each one of them. Moreover, EtherChannel employed to create logical link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. Also, the configuration presented for the demilitarized zone (DMZ) can be extended to the server farm.
6. Experimental Implementation Results and Analysis
This paper presents comprehensive practical application of gateway redundancy which enable hosts to communicate outside their local subnet in case of single point of failure in the network. The analysis is divided into two main sections. The first part studies a system in which gateway redundancy is being implemented while the second part deals with system without redundancy. The network is made up of three hosts which are connected to a switch (SW1). Also, the network has redundant links to two routers, Router1 (R1) and Router2 (R2). The network’s local switch is connected to each router's FastEthernet 0/0 (f0/0) interface and the routers are then connected to the internet service provider (ISP) via serial interface. The network architecture employed is simulated using GNS3, a graphical network simulator. The system topology is shown in Figure 7.
6.1. Experiment 1: System with Gateway Redundancy
The section focuses on provision of a fault-tolerant default gateway for the network. The routers are configured to participate in a VRRP group so that they form a virtual default gateway. R1 is made the master router by setting a higher priority (200) and preemption for the VRRP group 1. The physical IP address of R1 is 10.1.1.1. The virtual IP and MAC addresses are 10.1.1.254 and 0000.5e00.0101 respectively. The state of R1 after the configuration is master as highlighted in Figure 8.
Furthermore, R2 is made the backup router by setting a lower priority (150) and preemption for the VRRP group 1. The physical IP address of R2 is 10.1.1.2. It also has the same virtual IP and MAC addresses as R1. The state of R2 after the configuration is backup as highlighted in Figure 9.
The default gateway of each host is set to the virtual IP address so that they can use backup router when the master router or its links failed. The advantage of gateway redundancy is tested by pinging an IP address of the ISP which is a loopback address (184.108.40.206) from the first host in the local network. Five exclamation points are received on Host 1 from the ISP and each exclamation point indicates reception of a reply. Also, traceroute command is used to obtain the path taken to reach the ISP by the Host 1. It is observed that it passes through physical IP address of R1 (10.1.1.1) to reach the ISP network. The results of both tests are highlighted in Figure 10.
The interface f0/0 of R1 is shut down to study the reaction of VRRP group to link or router failure. The event that shows how R1 changes state when f0/0 is down is highlighted in Figure 11.
Figure 12 illustrates the advantage of gateway redundancy using VRRP. The host is still able to reach the ISP despite the link failure on R1. R2 changes state to master and the traffic passes through physical IP address of R2 (10.1.1.2) to reach the ISP network. The results of the ping and traceroute tests are highlighted in Figure 12. These results show that gateway redundancy concept can protect the network against single point of failure.
6.2. Experiment 1: System Without Gateway Redundancy
This section demonstrates the limitation of a system without gateway redundancy. Both routers are stopped from participating in VRRP group and the physical IP address of R1 (10.1.1.1) is configure on the hosts as the default gateway. It should be noted that there is no protocol to enable hosts to know when there is failure to change the gateway even with R2 in the system. Host 1 is used to ping the IP address of the ISP (220.127.116.11). Five exclamation points are received on Host 1 from the ISP. Furthermore, traceroute command is used to obtain the path to the ISP by Host 1. It is observed that it passes through physical IP address of R1 (10.1.1.1). The results of both tests are highlighted in Figure 13.
The interface f0/0 of R1 is shut down to study how the network reacts to link or router failure. The event that shows how R1 changes state when f0/0 is down is highlighted in Figure 14.
Furthermore, five periods are received by the Host 1 after pinging the ISP and each period indicates the network server timed out while waiting for a reply. Also, traceroute command is used to obtain the path to reach the ISP by the Host 1 and asterisks are received which indicate that the probe timed out. The results of both tests are highlighted in Figure 15. These results indicate that system without gateway redundancy is susceptible to single point of failure.
Computer networks have contributed in various ways to the development of educational systems and institutions have been providing excellent learning environments by embarking on building campus network. Therefore, need for high network availability is important in an educational systems for timely access. This paper presents a cost-effective and resilient large-sized campus network by the implementation of hierarchical network design. Standardised protocols that offer high reliability and availability in a campus network are also employed to improve the system fail-over functionality and eliminate downtime during crashes and device upgrades. This aids network scalability, manageability and enables devices from different vendors to effectively interoperate.
Isiaka Ajewale Alimi Isiaka earns B.Tech. (Hons) and M.Eng. in Electrical and Electronics Engineering (Communication) from Ladoke Akintola University of Technology, Ogbomoso, Nigeria in 2001, and the Federal University of Technology, Akure, Nigeria in 2010 respectively. He is a Lecturer in the Department of Electrical and Electronics Engineering, Federal University of Technology, Akure, Nigeria. He has published 3 refereed international journals. He has extensive experience in radio transmission, as well as in Computer Networking. His areas of research are in Computer Networking and Security, Advanced Digital Signal Processing and Wireless communications. He is a COREN registered engineer.
Akeem Olapade Mufutau holds M.Eng. Degree in Communication Engineering from the Federal University of Technology, Ondo state, Nigeria 2013. He joined the services of the Federal University of Technology, Akure as Senior Network Engineer in 2005 and rose to the position of Chief Network Engineer and current the head of Systems & Network Engineering Unit in the Computer Resource Centre of the University. He is presently a P.hD student and his research interests include, Network traffic monitoring and analysis, wireless network and Radio frequency spectrum. He is a COREN registered engineer, Chartered Information Technology Practitioner (C.itp), and Member, Computer Professionals.
Tusin Dayo Ebinowen received MBA and M.Eng. Degree in Communication Engineering from The Federal University of Technology, Ondo state, Nigeria in 2004 and 2012 respectively. He joined the services of the Nigerian National Petroleum Corporation as an Electrical Technician in the Technical Service Department from 1998-2000. He joined the Department of Electrical and Electronics Engineering, Federal University of Technology, Akure, Nigeria as Technologist in charge of Communication laboratory. His current research interests as a P.hD. student include, Radio frequency spectrum, Multi-cell cooperation in wireless networks. He is a COREN registered engineer.