I’m getting a little bit bored/frustrated with my network topology. I think I might leave it as it is for a bit and get on with some of the other assignment work.
So far I’ve built a full mesh wan using VPN within GRE for OSPF propagation. My segregation is totally based on subnetting – I might consider VLANs at some point, but I think this might be going a bit beyond the brief. I might even consider a DMZ just for the experience of setting one up, but there’s no firewall device simulation in Packet Tracer so I’d end up getting in knots with ACLs – a prospect that does not melt my butter, I must admit. I’ve got my single PAT/NAT link to the public internet working nicely. Well, as per the brief anyway: poor little Joey in London who wants to post pictures of his drunken friends on The Face Books (is this what it’s called?) has to do so by sqirting all his traffic across the Atlantic and back again. A bit of a pain.
I’ve got a few apps working too. Web server, FTP, HTTP/S, DHCP and DNS. Just makes the simulation a little more realistic. Wifi is working too, but I’m struggling to get DHCP working across subnets. The helper-address hands on packets as expected, but the basic DHCP engine in Packet Tracer is only able to allocate IP addresses based on the perceived source of the request, not the actual source, therefore it always tries to allocate local IP addresses to the remote subnet. I guess in the real world you’d either have a decent DHCP system or wrap the whole thin up in a VLAN so the physical subnets don’t matter.
I also extended my model to include a couple of the suggested six additional remote sites. However, rather than go for full mesh I surmised that HACME Bank Corporation might like to consider a managed service (i.e. hub/spoke) with routing occurring in the Cloud. In the real world this decision would be a trade-off between cost, security, availability and complexity. It is a bank, so security s likely to be high on the agenda, but it’s also very small – fewer than 3,000 staff worldwide – so maybe they don’t have the cash to be so selective.
Anyway, like I said, I’m getting bored of burning time fixing the small problems I have. Fundamentally the topology is good and it works. So for the next week or so I’m going to turn my attention to network monitoring and vulnerability testing.
Then follows the not inconsiderable task of writing this all up. Good luck to my peers who have yet to even read the assignment. (I’m not joking here. There’s a chilling wind of apathy blowing across a faction of my cohort. Considering I’ve been putting in at least 4 hours a day for four weeks on this, I fail to see how it’s possible to do the subject matter justice in the six weeks we have remaining before hand-in.)