IT207 Network Essentials Project Frame Relay

IT207 – Network Essentials - Project 2011
INFORMATICS COMPUTER SCHOOL
DIT PROJECT
(IT207 – Network Essentials)
< Thai Airways Computer Network Connection >
Name: Lim, Ma. Carmen N.
Address: 37 Padua St. BFRV LPC, M.M.
Student No.: 0000-7999
Lecturer: Sir Jasper L. Calibo
Center: 0535
Country: Republic of the Philippines
1 0000-7999 (I-DIT)
TABLE OF CONTENTS
CHAPTER I: Introduction ------------------------------------------------------------- 3
CHAPTER 2: Network Architecture Topologies & Diagram ----------------- 4 to 6
CHAPTER 3: Network & Server Configuration ------------------------------ 7 to 13
CHAPTER 4: Network & Internetworking Devices ------------------------- 14 to 24
CHAPTER 5: Network Security ----------------------------------------------- 25 to 43
CHAPTER 6: Communication Links ------------------------------------------- 44 to 45
CHAPTER 7: Approximate Budget ------------------------------------------ 46 to 47
Conclusion ------------------------------------------------------------------------------- 48
Bibliography ---------------------------------------------------------------------------------- 49
Acknowledgements ------------------------------------------------------------------------ 50
2 0000-7999 (I-DIT)
CHAPTER 1: INTRODUCTION
This documentation will contain an explanation of the computer
network design of Thai Airways, as we all know; this company is providing
airline services domestic and international. They are one of the largest and
leading companies in that field as of now due to their proficient service that
has an affable and cultural manner.
Since the company is inclined in travel and tours services, it is
understood that they have to put up facilities in every area of their key
destinations. Thai Airways is continuously growing; in fact, they now have
flight zones in outlandish European countries such as Oslo, Norway as their
59th newest station.
If we think of it, the number of base stations the company has is broad
and it could probably bewilder an individual on the thought of “how they
manage and operate them?” How? You know what! There is a form of inter-
communication between each of their base station and that is computer
networking, of which is the practice of linking hardware, software & devices for
communication purposes. This write-up will further expand on that topic and
expose the computer network structure of our subject company.
Thai Airways is making use of technology that could reach into
amazing geographical areas, like say, from country to country. However we
will only demonstrate a sample of their computer network topology in only a
couple of their destinations from the home base because they have loads. It
will be a Wide Area Network in a frame relay. Starting from their recent base
station Oslo, Norway to Philippines.
3 0000-7999 (I-DIT)
CHAPTER 2: NETWORK ARCHITECTURE TOPOLOGIES AND DIAGRAM
Thai Airways Computer Network is arranged in a WAN (Wide
Area Network) Connection in a frame relay setting. It is a telecommunication
service designed for cost-efficient data transmission for intermittent traffic
between local area networks (LANs) and between end-points in a wide area
network (WAN). The network connection has a cloud as the central device
that handles other networks that surround it across distant regions. Therefore
it applies an extended star network topology to propagate information from
point-to-point through routing techniques and a partial mesh topology through
assignment of DLCI to direct the flow of data in the network.
Extended Star Topology
The Extended Star Topology is a
bit more advanced. Instead of
connecting all devices to a
central unit, we have sub-central
devices added to the mix. This
allows more functionality for
organization and subnetting- yet
also creates more points of failure. In many cases it is impractical to use a
Star Topology since networks can span an entire building. In this case, the
Extended Star Topology is all but necessary to prevent degraded signals.
Whereas the Star Topology is better suited for small networks, the Extended
Star Topology is generally better for the larger ones.
4 0000-7999 (I-DIT)
Thai Airways enhances their Extended Star Topology through the use of Data
Communications Equipments (DCEs) to direct transmitted data with Data Link
Connection Identifier (DLCI) into various existent end-points.
Mesh Topology
The Mesh Topology is a type of networking where each node must not only
capture and
disseminate its own
data, but also serve as
a relay for other nodes,
that is, it must
collaborate to propagate the data in the network.
This network topology connects every single node together. This will create
the most redundant and reliable network around- especially for large
networks.
If any link fails, we (should) always have another link to send data through. So
why don’t we use it more often?
Simple: how many wires would it take to link a computer to every device on a
network of over 100 devices? Now multiply that for every device on the
network- not a pleasant number is it? Obviously you should only use this in
smaller networks. Alternatively, you could try a Partial-Mesh Topology.
5 0000-7999 (I-DIT)
Network Architecture
This is the network architecture of Thai Airways that was virtually designed
with Cisco Packet Tracer.
Diagram Inside the Frame Relay Cloud:
6 0000-7999 (I-DIT)
CHAPTER 3: NETWORK AND SERVER CONFIGURATION
Configuration of Frame Relay
Change the encapsulation
Go in interface mode and select the Frame Relay encapsulation on the
interface. There are two types of Frame Relay encapsulations: Cisco and
IETF. Cisco is the default. The syntax to set your encapsulation is
encapsulation frame-relay [ietf]
Configuring the LMI type
The three LMI types are Cisco, Ansi, and Q933a. For IOS 11.2 and higher,
the LMI type is automatically detected
frame-relay lmi-type [cisco | ansi | 933a]
Configuring the Frame Relay map
configuring a static Frame Relay map, is optional unless you are using
subinterfaces. The Frame Relay map will map a Layer 3 address to a local
DLCI. This step is optional because inverse-arp will automatically perform this
map for you. The syntax for a Frame Relay map is as follows:
frame-relay map protocol address dlci [broadcast] [cisco | ietf]
Configuring subinterfaces
If you are using a routing protocol in a hub-and-spoke topology, you will
probably want to use subinterfaces to avoid the split-horizon problem. To
configure a subinterface, remove the IP address off the main interface and put
it under the subinterface.
7 0000-7999 (I-DIT)
Configuring a subinterface involves assigning it a number and specifying the
type. The following command creates point-to-point subinterface serial0/0.1
Router(config)#interface serial0/0.1 point-to-point
To create a multipoint subinterface, enter multipoint instead:
Router(config)#interface serial0/0.1 multipoint
Assign IP address to subinterface
After entering one of these commands you will be taken to the subinterface
configuration mode where you can enter your IP address:
Router(config-subif)#ip address 10.0.0.2 255.0.0.0
If you are using a multipoint subinterface, you will need to configure frame-
relay maps and you cannot rely on inverse-arp.
If you are using a point-to-point subinterface, you will need to assign a DLCI
to the subinterface. This is only for point-to-point subinterfaces; this is not
needed on the main interface or on multipoint subinterfaces. To assign a DLCI
to a point-to-point subinterface, enter the following command under the
subinterface:
frame-relay interface-dlci dlci
8 0000-7999 (I-DIT)
Now first configure Router1. Fast Ethernet port and hostname is already
configured. Open the Command Line Interface (CLI) of Router1 and configure
serial port for frame relay encapsulation and further create sub interface for
connecting Router2, Router3, Router4. Configure also static route for
connecting remaining network.
(Configure Router 1)
R1>enable
R1#configure terminal
R1(config)#interface serial 0/0/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config-subif)#interface serial 0/0/0.102 point-to-point
R1(config-subif)#ip address 192.168.1.245 255.255.255.252
R1(config-subif)#frame-relay interface-dlci 102
R1(config-subif)#exit
R1(config)#interface serial 0/0/0.103 point-to-point
R1(config)#ip route 192.168.1.64 255.255.255.224 192.168.1.246
R1(config)#ip route 192.168.1.96 255.255.255.224 192.168.1.250
R1(config)#ip route 192.168.1.128 255.255.255.224 192.168.1.254
R1(config)#exit
(configure Router 2)
R2>enable
R2(config-if)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.245
9 0000-7999 (I-DIT)
R3>enable
R3(config-if)#exit
R3(config-subif)#ip address 192.168.1.250
255.255.255.252
R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.249
R3(config)#
R4>enable
R4(config-if)#exit
R4(config-subif)#ip address 192.168.1.254
255.255.255.252
R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.253
R4(config)#
now verify by doing ping from pc0 to all pc. It should be pinged successfully.
Router(config)#interface serial 0/0/0
Enter in interface mode
Router(config-if)#encapsulation frame-relay
Turns on Frame Relay encapsulation with the default encapsulation type of
cisco
Router(config-if)#frame-relay lmitype {ansi | cisco | q933a}

Depending on the option you select, this command sets the LMI type to the
ANSI standard, the Cisco standard, or the ITU-T Q.933 Annex A standard.
Router(config-if)#frame-relay interface-dlci 110
10 0000-7999 (I-DIT)
Sets the DLCI number of 110 on the local interface and enters Frame Relay
DLCI configuration mode
Router(config-fr-dlci)#exit
Returns to interface configuration mode
Router(config-if)#frame-relay map ip 192.168.100.1 110 broadcast
Maps the remote IP address (192.168.100.1) to the local DLCI number (110).
The optional broadcast keyword specifies that broadcasts across IP should be
forwarded to this address. This is necessary when using dynamic routing
protocols.
Router(config-if)#no frame-relay inverse arp
Turns off Inverse ARP.
Router#show frame-relay map
Displays IP/DLCI map entries
Router#show frame-relay pvc
Displays the status of all PVCs configured
Router#show frame-relay lmi
Displays LMI statistics
Router#clear frame-relay counters
Clears and resets all Frame Relay counters
Router#clear frame-relay inarp
Clears all Inverse ARP entries from the map table
Router#debug frame-relay lmi
Used to help determine whether a router and Frame Relay switch are
exchanging LMI packets properly
11 0000-7999 (I-DIT)
Local Area Network Configuration
A local area network (LAN) connection is configured through a switch and
possibly next to a router as a central endpoint that can be linked to a larger
network such as a wide area network (WAN).
Before any configuration is done, computing devices that are to be included to
a local area network (LAN), which will be attached to a switch, has to be
arranged first and have IP Addresses & gateways assigned to it for necessary
functions needed by network services or the like later on.
Once we have assigned IP Addresses and gateways to computer devices that
are attached to a switch via a copper straight-through cable into their fast
Ethernet ports, configurations are now ready to be set in switches at the
command line interface.
Local area network switch configuration
1.) Open the switch’s command line interface (CLI) press ENTER once
you are there.
2.) Type in the following commands to enable and configure the VLAN
database.
Switch>en
Switch#VLAN database
Switch(VLAN)#VLAN 10 name LAName1
Switch(VLAN)#VLAN 20 name LAName2
Switch(VLAN)#exit
The above command statements are used to name a LAN where computer
devices will be connected.
12 0000-7999 (I-DIT)
Switch>configure terminal
Switch(config)#interface fa0/2
Switch(config)#switchport mode access
Switch(config)#switchport access vlan 10
Switch(config)#
The above configuration is used to include the interface of fa0/2(fast etherenet
0/2) to the vlan 10 cluster of local area network. Same configuration
commands are used for other devices to be included in that local area
network connection. After that we shall now exit with this command:
Switch>end
Switch(config)#configure terminal
Switch(config)#interface fa0/1
Switch(config)#switchport mode trunk
Switch(config)#end
3.) When we have granted all computing devices access to a local area
network , It is time to configure the router which is attached to a switch
via a copper straight through cable. This is done in the routers
command line interface (CLI)
4.) open the routers command line interface (CLI) an type in
Router>enable
Router#configure terminal
Router(config)#interface fa0/0
Router(config)#no shutdown
Router(config-if)#interface fa0/0.1
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#end
Router#
5.) Close the CLI window now. That was the command to register the
router to the switch to link it with the end point devices such as
desktops. Configuration ends here.
13 0000-7999 (I-DIT)
CHAPTER 4: NETWORKING AND INTERNETWORKING DEVICES
Thai Airways has a Wide Area Network that is in a Frame-Relay connection.
This portion of the discourse will identify the devices used for both their WAN
& LAN.
Wide Area Network (WAN) Frame Relay Devices
DCE – as in Data Circuit-Terminating Equipments are carrier-owned
internetworking devices. The purpose of DCE equipment is to provide
clocking and switching services in a network, which are the devices that
actually transmit data through the WAN. In most cases, these are packet
switches.
 Modem - (modulator-demodulator) is a device that modulates an analog
carrier signal to encode digital information, and also demodulates such a
carrier signal to decode the transmitted information.
The goal is to produce a signal that can be transmitted easily and
decoded to reproduce the original digital data. Modems can be used over
any means of transmitting analog signals, from light emitting diodes to
radio.
 Packet Switch - is a node in a network which uses the packet switching
paradigm for data communication. Packet
switches can operate at a number of different

PACKET
levels in a protocol suite; although the exact SWITCH
technical details differ, fundamentally they all perform the same
function: they store and forward packets.
14 0000-7999 (I-DIT)
One common class of contemporary packet switches are the bridge
and network hub, which interconnect multiple network segments at the
data link layer.
Another is the router, a
device which operates at
the internetwork layer,
and connects dissimilar
kinds of networks, such
as serial lines and local
area networks.
Generally, packet switches only perform communication-related
functions, but in some systems the computers which performed the
packet-switching function were also used for data storage and
computation.
Originally, packet switches were built around standard minicomputers.
Today, almost all packet switches are specialized hardware devices,
ranging in size and performance from small local hubs up to the large
switching systems used by major Internet service providers. However,
software is available which allows a personal computer to function as a
low-performance packet switch.
15 0000-7999 (I-DIT)
 Permanent Virtual Circuits (PVCs) are permanently established connections
that are used for frequent and consistent data transfers between DTE devices
across the Frame Relay network. Communication across a PVC does not
require the call setup and termination states that are used with SVCs. PVCs
always operate in one of the following two operational states:
 Data transfer - Data is transmitted between the DTE devices over the
virtual circuit.
 Idle - The connection between DTE devices is active, but no data is
transferred. Unlike SVCs, PVCs will not be terminated under any
circumstances when in an idle state.
DTE devices can begin transferring data whenever they are ready because the circuit
is permanently established.
16 0000-7999 (I-DIT)
 Generic Routing Encapsulation (GRE) Tunnel – is a simple IP packet
encapsulation
protocol. A GRE
tunnel is used when
IP packets need to be sent from one network to another, without being
parsed or treated like IP packets by any intervening routers.
GRE Mechanism:
The Generic Routing Encapsulation (GRE) tunnel keepalive
mechanism is slightly different than for Ethernet or serial interfaces. It
gives the ability for one side to originate and receive keepalive
packets to and from a remote router even if the remote router does
not support GRE keepalives. Since GRE is a packet tunneling
mechanism for tunneling IP inside IP, a GRE IP tunnel packet can be
built inside another GRE IP tunnel packet. For GRE keepalives, the
sender pre-builds the keepalive response packet inside the original
keepalive request packet so that the remote end only needs to do
standard GRE decapsulation of the outer GRE IP header and then
forward the inner IP GRE packet. This mechanism causes the
keepalive response to forward out the physical interface rather than
the tunnel interface. This means that the GRE keepalive response
packet is not affected by any output features on the tunnel interface.
17 0000-7999 (I-DIT)
 ATM (asynchronous transfer
mode) – is a dedicated-connection
switching technology that
organizes digital data into 53-byte
cell units and transmits them over
a physical medium using digital
signal technology. Individually, a
cell is processed asynchronously
relative to other related cells and is queued before being multiplexed
over the transmission path.
Because ATM is designed to be easily implemented by hardware
(rather than software), faster processing and switch speeds are
possible. The pre-specified bit rates are either 155.520 Mbps or
622.080 Mbps. Speeds on ATM networks can reach 10 Gbps. Along
with Synchronous Optical Network (SONET) and several other
technologies, ATM is a key component of broadband ISDN (BISDN).
ATM also stands for automated teller machine, a machine that bank
customers use to make transactions without a human teller.
18 0000-7999 (I-DIT)
Local Area Network (LAN) Devices
DTE – meaning Data Terminal Equipment are generally considered to be
terminating equipment for a specific network and typically are located on the
premises of a customer. In fact, they may be owned by the customer.
 1841Integrated Service Router – is part of the Cisco 1800 Integrated
Services Router Series which
complements the Integrated
Services Router Portfolio.
The Cisco 1841 Integrated Services Router provides the following
support:
 Wire-speed performance for concurrent services at T1/E1 WAN rates
 Enhanced investment protection through increased performance and
modularity
 Enhanced investment protection through increased modularity
 Increased density through High-Speed WAN Interface Card Slots (two)
 Support for over 90 existing and new modules
 Support for majority of existing WICs, VWICs, and VICs (data mode only)
 Two Integrated 10/100 Fast Ethernet ports
 Security
o On-board encryption
o Support of up to 800 VPN tunnels with the AIM Module
o Antivirus defense support through Network Admission Control (NAC)
o Intrusion Prevention as well as stateful Cisco IOS Firewall support and
many more essential security features

19 0000-7999 (I-DIT)
 2960-24TT Switch – Intelligent Ethernet Switches are a new family of
fixed-configuration
standalone devices
that provide desktop
Fast Ethernet and
Gigabit Ethernet connectivity, enabling enhanced LAN services for
entry-level enterprise, mid-market, and branch office networks.
The Catalyst 2960 Series offers integrated security, including
network admission control (NAC), advanced quality of service (QoS),
and resiliency to deliver intelligent services for the network edge.
 2950T-24 Switch –Is a member of the Cisco Catalyst 2950 Series
switches, and is a
standalone, fixed-
configuration, managed
10/100 switch providing user
connectivity for small to mid-
sized networks. This wire-
speed desktop switch comes with Standard Image (SI) software
features and offers Cisco IOS® functionality for basic data, video and
voice services at the edge of the network.
20 0000-7999 (I-DIT)
 Desktop Computers – is a
personal computer that is
designed to fit conveniently on
top of a typical office desk.
A desktop computer typically
comes in several units that are connected together during installation:
(1) the processor, which can be in a microtower or minitower designed
to fit under the desk or in a unit that goes on top of the desk, (2) the
display monitor, (3) and input devices - usually a keyboard and a
mouse.
Today, almost all desktop computers include a built-in modem, a CD-
ROM drive, a multi-gigabyte magnetic storage drive, and sometimes a
diskette drive. At home, most desktop computer users also purchase a
printer.
In businesses and increasingly at home, desktop computers can be
interconnected and can share resources such as printers by being
connected to a local area network (LAN).
21 0000-7999 (I-DIT)
 RJ45 (T568A) Straight- Through Cable – The
data cables we use to connect computers to a
Ethernet switch is straight-through cables.
The RJ45 cable uses only 2-pairs of wires:
Orange (pins 1 & 2) and Green (pins 3 & 6).
Pins 4, 5 (Blue) and 7, 8 (Brown) are NOT
used.
Straight-through cable, as its name suggests, connects pin 1 to pin 1,
pin 2 to pin 2, pin 3 to pin 3, and pin 6 to pin 6.
 UTP CAT5e Solid – Stands for
Unshielded Twisted Pair
Category 5 Enhanced Cable,
Supports networking at Gigabit
Ethernet speeds (up to 1000
Mbps) over short distances by
utilizing all four wire pairs, and it
is backward-compatible with ordinary CAT5.
22 0000-7999 (I-DIT)
 Network Interface Cards (NIC) - an
expansion board you insert into a
computer so the computer can be
connected to a network.
Most NICs are designed for a particular type of network, protocol, and
media, although some can serve multiple networks.
 Crimping Tool – is a tool designed to
crimp or connect a connector to the
end of a cable.
For example, network cables and phone cables are created using a
crimping tool to connect the RJ-45 and RJ-11 connectors to the end of
the cable. In the picture to the right, is an example of what a crimping
tool looks like. This example shows a tool capable of crimping both RJ-
11 and RJ-45 connectors.
23 0000-7999 (I-DIT)
Telecom Device (Other)
 Cisco Unified IP Phone
7900 Series - A
telephone that converts
voice into IP packets
and vice versa for voice
over IP (VoIP) telephone service. The term usually refers to a
telephone with built-in IP signaling protocols such as H.323 or SIP that
is used in conjunction with an IP PBX in an enterprise. However, it may
also refer to a software-based phone (softphone) that is installed in the
user's PC and requires that calls be made from the PC.
Internet telephony refers to communications services—Voice, fax,
SMS, and/or voice-messaging applications—that are transported via
the Internet, rather than the public switched telephone network
(PSTN). The steps involved in originating a VoIP telephone call are
signaling and media channel setup, digitization of the analog voice
signal, encoding, packetization, and transmission as Internet Protocol
(IP) packets over a packet-switched network. On the receiving side,
similar steps (usually in the reverse order) such as reception of the IP
packets, decoding of the packets and digital-to-analog conversion
reproduce the original voice stream.
24 0000-7999 (I-DIT)
CHAPTER 5: NETWORK SECURITY
Risk Management: The Game of Security
It's very important to understand that in security, one simply cannot say
``what's the best firewall?'' There are two extremes: absolute security and
absolute access. The closest we can get to an absolutely secure machine is
one unplugged from the network, power supply, locked in a safe, and thrown
at the bottom of the ocean. Unfortunately, it isn't terribly useful in this state. A
machine with absolute access is extremely convenient to use: it's simply
there, and will do whatever you tell it, without questions, authorization,
passwords, or any other mechanism. Unfortunately, this isn't terribly practical,
either: the Internet is a bad neighborhood now, and it isn't long before some
bonehead will tell the computer to do something like self-destruct, after which,
it isn't terribly useful to you.
This is no different from our daily lives. We constantly make decisions about
what risks we're willing to accept. When we get in a car and drive to work,
there's a certain risk that we're taking. It's possible that something completely
out of control will cause us to become part of an accident on the highway.
When we get on an airplane, we're accepting the level of risk involved as the
price of convenience. However, most people have a mental picture of what an
acceptable risk is, and won't go beyond that in most circumstances. If I
happen to be upstairs at home, and want to leave for work, I'm not going to
jump out the window. Yes, it would be more convenient, but the risk of injury
outweighs the advantage of convenience.
25 0000-7999 (I-DIT)
Every organization needs to decide for itself where between the two extremes
of total security and total access they need to be. A policy needs to articulate
this, and then define how that will be enforced with practices and such.
Everything that is done in the name of security, then, must enforce that policy
uniformly.
Types And Sources Of Network Threats
Now, we've covered enough background information on networking that we
can actually get into the security aspects of all of this. First of all, we'll get into
the types of threats there are against networked computers, and then some
things that can be done to protect yourself against various threats.
Denial-of-Service
DoS (Denial-of-Service) attacks are probably the nastiest,
and most difficult to address. These are the nastiest,
because they're very easy to launch, difficult (sometimes
impossible) to track, and it isn't easy to refuse the requests
of the attacker, without also refusing legitimate requests for
service.
The premise of a DoS attack is simple: send more requests to the machine
than it can handle. There are toolkits available in the underground community
that make this a simple matter of running a program and telling it which host
to blast with requests. The attacker's program simply makes a connection on
some service port, perhaps forging the packet's header information that says
where the packet came from, and then dropping the connection.
26 0000-7999 (I-DIT)
If the host is able to answer 20 requests per second, and the attacker is
sending 50 per second, obviously the host will be unable to service all of the
attacker's requests, much less any legitimate requests (hits on the web site
running there, for example).
Such attacks were fairly common in late 1996 and early 1997, but are now
becoming less popular.
Some things that can be done to reduce the risk of being stung by a denial of
service attack include
 Not running your visible-to-the-world servers at a level too close to
capacity
 Using packet filtering to prevent obviously forged packets from entering
into your network address space.
Obviously forged packets would include those that claim to come from
your own hosts, addresses reserved for private networks as defined in
RFC 1918, and the loopback network (127.0.0.0).
 Keeping up-to-date on security-related patches for your hosts'
operating systems.
27 0000-7999 (I-DIT)
Unauthorized Access
`Ùnauthorized access'' is a very high-level term
that can refer to a number of different sorts of
attacks. The goal of these attacks is to access
some resource that your machine should not
provide the attacker. For example, a host might be
a web server, and should provide anyone with requested web pages.
However, that host should not provide command shell access without being
sure that the person making such a request is someone who should get it,
such as a local administrator.
Executing Commands Illicitly
It's obviously undesirable for an unknown and untrusted person to be able to
execute commands on your server machines. There are two main
classifications of the severity of this problem: normal user access, and
administrator access. A normal user can do a number of things on a system
(such as read files, mail them to other people, etc.) that an attacker should not
be able to do. This might, then, be all the access that an attacker needs. On
the other hand, an attacker might wish to make configuration changes to a
host (perhaps changing its IP address, putting a start-up script in place to
cause the machine to shut down every time it's started, or something similar).
In this case, the attacker will need to gain administrator privileges on the host.
28 0000-7999 (I-DIT)
Confidentiality Breaches
We need to examine the threat model: what is it that you're trying to protect
yourself against? There is certain information that could be quite damaging if
it fell into the hands of a competitor, an enemy, or the public. In these cases,
it's possible that compromise of a normal user's account on the machine can
be enough to cause damage (perhaps in the form of PR, or obtaining
information that can be used against the company, etc.)
While many of the perpetrators of these sorts of break-ins are merely thrill-
seekers interested in nothing more than to see a shell prompt for your
computer on their screen, there are those who are more malicious, as we'll
consider next. (Additionally, keep in mind that it's possible that someone who
is normally interested in nothing more than the thrill could be persuaded to do
more: perhaps an unscrupulous competitor is willing to hire such a person to
hurt you.)
Destructive Behavior
Among the destructive sorts of break-ins and attacks, there are two major
categories.
Data Diddling.
The data diddler is likely the worst sort, since the fact of a break-in might not
be immediately obvious. Perhaps he's toying with the numbers in your
spreadsheets, or changing the dates in your projections and plans. Maybe
he's changing the account numbers for the auto-deposit of certain paychecks.
In any case, rare is the case when you'll come in to work one day, and simply
know that something is wrong.
29 0000-7999 (I-DIT)
An accounting procedure might turn up a discrepancy in the books three or
four months after the fact. Trying to track the problem down will certainly be
difficult, and once that problem is discovered, how can any of your numbers
from that time period be trusted? How far back do you have to go before you
think that your data is safe?
Data Destruction.
Some of those perpetrate attacks are simply twisted jerks who like to delete
things. In these cases, the impact on your computing
capability -- and consequently your business -- can be
nothing less than if a fire or other disaster caused your
computing equipment to be completely destroyed.
Where Do They Come From?
How, though, does an attacker gain access to your equipment? Through any
connection that you have to the outside world. This includes Internet
connections, dial-up modems, and even physical access. (How do you know
that one of the temps that you've brought in to help with the data entry isn't
really a system cracker looking for passwords, data phone numbers,
vulnerabilities and anything else that can get him access to your equipment?)
In order to be able to adequately address security, all possible avenues of
entry must be identified and evaluated. The security of that entry point must
be consistent with your stated policy on acceptable risk levels.
30 0000-7999 (I-DIT)
Lessons Learned
From looking at the sorts of attacks that are common, we can divine a
relatively short list of high-level practices that can help prevent security
disasters, and to help control the damage in the event that preventative
measures were unsuccessful in warding off an attack.
Hope you have backups
This isn't just a good idea from a security point of view. Operational
requirements should dictate the backup policy, and this should be closely
coordinated with a disaster recovery plan, such that if an airplane crashes into
your building one night, you'll be able to carry on your business from another
location. Similarly, these can be useful in recovering your data in the event of
an electronic disaster: a hardware failure, or a breakin that changes or
otherwise damages your data.
Don't put data where it doesn't need to be
Although this should go without saying, this doesn't occur to lots of folks. As a
result, information that doesn't need to be accessible from the outside world
sometimes is, and this can needlessly increase the severity of a break-in
dramatically.
Avoid systems with single points of failure
Any security system that can be broken by breaking through any one
component isn't really very strong. In security, a degree of redundancy is
good, and can help you protect your organization from a minor security
breach becoming a catastrophe.
31 0000-7999 (I-DIT)
Stay current with relevant operating system patches
Be sure that someone who knows what you've got is watching the vendors'
security advisories. Exploiting old bugs is still one of the most common (and
most effective!) means of breaking into systems.
Watch for relevant security advisories
In addition to watching what the vendors are saying, keep a close watch on
groups like CERT and CIAC. Make sure that at least one person (preferably
more) is subscribed to these mailing lists
Have someone on staff be familiar with security practices
Having at least one person who is charged with keeping abreast of security
developments is a good idea. This need not be a technical wizard, but could
be someone who is simply able to read advisories issued by various incident
response teams, and keep track of various problems that arise. Such a
person would then be a wise one to consult with on security related issues, as
he'll be the one who knows if web server software version such-and-such has
any known problems, etc.
This person should also know the ``dos'' and ``don'ts'' of security, from
reading such things as the ``Site Security Handbook.''
32 0000-7999 (I-DIT)
Firewalls
As we've seen in our discussion of the Internet and
similar networks, connecting an organization to the
Internet provides a two-way flow of traffic. This is
clearly undesirable in many organizations, as
proprietary information is often displayed freely within
a corporate intranet (that is, a TCP/IP network, modeled after the Internet that
only works within the organization).
In order to provide some level of separation between an organization's
intranet and the Internet, firewalls have been employed. A firewall is simply a
group of components that collectively form a barrier between two networks.
A number of terms specific to firewalls and networking are going to be used
throughout this section, so let's introduce them all together.
Bastion Host
A general-purpose computer used to control
access between the internal (private) network
(intranet) and the Internet (or any other
untrusted network). Typically, these are hosts
running a flavor of the Unix operating system
that has been customized in order to reduce its
functionality to only what is necessary in order to support its functions.
Many of the general-purpose features have been turned off, and in
many cases, completely removed, in order to improve the security of
the machine.
33 0000-7999 (I-DIT)
Router
A special purpose computer for connecting networks together. Routers
also handle certain functions, such as routing, or managing the traffic
on the networks they connect.
Access Control List (ACL).
Many routers now have the ability to selectively perform their duties,
based on a number of facts about a packet that comes to it. This
includes things like origination address, destination address,
destination service port, and so on. These can be employed to limit the
sorts of packets that are allowed to come in and go out of a given
network.
Demilitarized Zone (DMZ).
The DMZ is a critical part of a
firewall: it is a network that is
neither part of the untrusted
network, nor part of the trusted
network. But, this is a network that connects the untrusted to the
trusted. The importance of a DMZ is tremendous: someone who breaks
into your network from the Internet should have to get through several
layers in order to successfully do so. Those layers are provided by
various components within the DMZ.
34 0000-7999 (I-DIT)
Proxy.
This is the process of having one host act in behalf of another. A host
that has the ability to fetch documents from the Internet might be
configured as a proxy server , and host on the intranet might be
configured to be proxy clients . In this situation, when a host on the
intranet wishes to fetch the <http://www.interhack.net/> web page, for
example, the browser will make a connection to the proxy server, and
request the given URL. The proxy server will fetch the document, and
return the result to the client. In this way, all hosts on the intranet are
able to access resources on the Internet without having the ability to
direct talk to the Internet.
Types of Firewalls
There are three basic types of firewalls, and we'll consider each of them.
Application Gateways
The first firewalls were application gateways, and are sometimes known as
proxy gateways. These are made up of bastion hosts that run special software
to act as a proxy server. This software runs at the Application Layer of our old
friend the ISO/OSI Reference Model, hence the name. Clients behind the
firewall must be proxitized (that is, must know how to use the proxy, and be
configured to do so) in order to use Internet services. Traditionally, these have
been the most secure, because they don't allow anything to pass by default,
but need to have the programs written and turned on in order to begin passing
traffic.
35 0000-7999 (I-DIT)
A sample application gateway
These are also typically the slowest, because more processes need to be
started in order to have a request serviced. Figure 5 shows a application
gateway.
Packet Filtering
Packet filtering is a technique whereby routers have ACLs (Access Control
Lists) turned on. By default, a router will pass all traffic sent it, and will do so
without any sort of restrictions. Employing ACLs is a method for enforcing
your security policy with regard to what sorts of access you allow the outside
world to have to your internal network, and vice versa.
36 0000-7999 (I-DIT)
There is less overhead in packet filtering than with an application gateway,
because the feature of access control is performed at a lower ISO/OSI layer
(typically, the transport or session layer). Due to the lower overhead and the
fact that packet filtering is done with routers, which are specialized computers
optimized for tasks related to networking, a packet filtering gateway is often
much faster than its application layer cousins. Because we're working at a
lower level, supporting new applications either comes automatically, or is a
simple matter of allowing a specific packet type to pass through the gateway.
(Not that the possibility of something automatically makes it a good idea;
opening things up this way might very well compromise your level of security
below what your policy allows.)
There are problems with this method, though. Remember, TCP/IP has
absolutely no means of guaranteeing that the source address is really what it
claims to be. As a result, we have to use layers of packet filters in order to
localize the traffic. We can't get all the way down to the actual host, but with
two layers of packet filters, we can differentiate between a packet that came
from the Internet and one that came from our internal network. We can
identify which network the packet came from with certainty, but we can't get
more specific than that.
37 0000-7999 (I-DIT)
Hybrid Systems
In an attempt to marry the security of the application layer gateways with the
flexibility and speed of packet filtering, some vendors have created systems
that use the principles of both.
A sample packet filtering gateway
In some of these systems, new connections must be authenticated and
approved at the application layer. Once this has been done, the remainder of
the connection is passed down to the session layer, where packet filters
watch the connection to ensure that only packets that are part of an ongoing
(already authenticated and approved) conversation are being passed.
Other possibilities include using both packet filtering and application layer
proxies. The benefits here include providing a measure of protection against
your machines that provide services to the Internet (such as a public web
server), as well as provide the security of an application layer gateway to the
internal network.
38 0000-7999 (I-DIT)
Additionally, using this method, an attacker, in order to get to services on the
internal network, will have to break through the access router, the bastion
host, and the choke router.
So, what's best for me?
Lots of options are available, and it makes sense to spend some time with an
expert, either in-house, or an experienced consultant who can take the time to
understand your organization's security policy, and can design and build a
firewall architecture that best implements that policy. Other issues like
services required, convenience, and scalability might factor in to the final
design.
Some Words of Caution
The business of building firewalls is in the process of becoming a commodity
market. Along with commodity markets come lots of folks who are looking for
a way to make a buck without necessarily knowing what they're doing.
Additionally, vendors compete with each other to try and claim the greatest
security, the easiest to administer, and the least visible to end users. In order
to try to quantify the potential security of firewalls, some organizations have
taken to firewall certifications. The certification of a firewall means nothing
more than the fact that it can be configured in such a way that it can pass a
series of tests. Similarly, claims about meeting or exceeding U.S. Department
of Defense `Òrange Book'' standards, C-2, B-1, and such all simply mean
that an organization was able to configure a machine to pass a series of tests.
39 0000-7999 (I-DIT)
This doesn't mean that it was loaded with the vendor's software at the time, or
that the machine was even usable. In fact, one vendor has been claiming their
operating system is ``C-2 Certified'' didn't make mention of the fact that their
operating system only passed the C-2 tests without being connected to any
sort of network devices.
Such gauges as market share, certification, and the like are no guarantees of
security or quality. Taking a little bit of time to talk to some knowledgeable
folks can go a long way in providing you a comfortable level of security
between your private network and the big, bad Internet.
Additionally, it's important to note that many consultants these days have
become much less the advocate of their clients, and more of an extension of
the vendor. Ask any consultants you talk to about their vendor affiliations,
certifications, and whatnot. Ask what difference it makes to them whether you
choose one product over another, and vice versa. And then ask yourself if a
consultant who is certified in technology XYZ is going to provide you with
competing technology ABC, even if ABC best fits your needs.
Single Points of Failure
Many ``firewalls'' are sold as a single component: a bastion host, or some
other black box that you plug your networks into and get a warm-fuzzy, feeling
safe and secure. The term ``firewall'' refers to a number of components that
collectively provide the security of the system. Any time there is only one
component paying attention to what's going on between the internal and
external networks, an attacker has only one thing to break (or fool!) in order to
gain complete access to your internal networks.
40 0000-7999 (I-DIT)
Secure Network Devices
It's important to remember that the firewall is only one entry point to your
network. Modems, if you allow them to answer incoming calls, can provide an
easy means for an attacker to sneak around (rather than through ) your front
door (or, firewall). Just as castles weren't built with moats only in the front,
your network needs to be protected at all of its entry points.
Secure Modems; Dial-Back Systems
If modem access is to be provided, this should be guarded carefully. The
terminal server , or network device that provides dial-up access to your
network needs to be actively administered, and its logs need to be examined
for strange behavior. Its passwords need to be strong -- not ones that can be
guessed. Accounts that aren't actively used should be disabled. In short, it's
the easiest way to get into your network from remote: guard it carefully.
There are some remote access systems that have the feature of a two-part
procedure to establish a connection. The first part is the remote user dialing
into the system, and providing the correct userid and password. The system
will then drop the connection, and call the authenticated user back at a known
telephone number. Once the remote user's system answers that call, the
connection is established, and the user is on the network. This works well for
folks working at home, but can be problematic for users wishing to dial in from
hotel rooms and such when on business trips.
41 0000-7999 (I-DIT)
Other possibilities include one-time password schemes, where the user enters
his userid, and is presented with a ``challenge,'' a string of between six and
eight numbers. He types this challenge into a small device that he carries with
him that looks like a calculator. He then presses enter, and a ``response'' is
displayed on the LCD screen. The user types the response, and if all is
correct, he login will proceed. These are useful devices for solving the
problem of good passwords, without requiring dial-back access. However,
these have their own problems, as they require the user to carry them, and
they must be tracked, much like building and office keys.
No doubt many other schemes exist. Take a look at your options, and find out
how what the vendors have to offer will help you enforce your security policy
effectively.
Crypto-Capable Routers
A feature that is being built into some routers is the ability to use session
encryption between specified routers. Because
traffic traveling across the Internet can be seen
by people in the middle who have the
resources (and time) to snoop around, these
are advantageous for providing connectivity
between two sites, such that there can be secure routes.
42 0000-7999 (I-DIT)
Virtual Private Networks
Given the ubiquity of the
Internet, and the
considerable expense in
private leased lines, many
organizations have been
building VPNs (Virtual
Private Networks). Traditionally, for an organization to provide connectivity
between a main office and a satellite one, an expensive data line had to be
leased in order to provide direct connectivity between the two offices. Now, a
solution that is often more economical is to provide both offices connectivity to
the Internet. Then, using the Internet as the medium, the two offices can
communicate. The danger in doing this, of course, is that there is no privacy
on this channel, and it's difficult to provide the other office access to `ìnternal''
resources without providing those resources to everyone on the Internet.
VPNs provide the ability for two offices to communicate with each other in
such a way that it looks like they're directly connected over a private leased
line. The session between them, although going over the Internet, is private
(because the link is encrypted), and the link is convenient, because each can
see each others' internal resources without showing them off to the entire
world. A number of firewall vendors are including the ability to build VPNs in
their offerings, either directly with their base product, or as an add-on. If you
have need to connect several offices together, this might very well be the best
way to do it.
43 0000-7999 (I-DIT)
CHAPTER 6: COMMUNICATION LINKS
This section of the documentation will identify the different
communication links present in Thai Airways wide area network (WAN) frame
relay (FRAS) connection.
1.] IP multicast (Multiplexed Broadcast)
– is a technique for one-to-many
communication over an IP infrastructure
in a network. It scales to a larger
receiver population by not requiring prior
knowledge of who or how many
receivers there are. Multicast uses network infrastructure efficiently by
requiring the source to send a packet only once, even if it needs to be
delivered to a large number of receivers. The nodes in the network take care
of replicating the packet to reach multiple receivers only when necessary. The
most common transport layer protocol to use multicast addressing is User
Datagram Protocol (UDP). By its nature, UDP is not reliable—messages may
be lost or delivered out of order. Reliable multicast protocols such as
Pragmatic General Multicast (PGM) have been developed to add loss
detection and retransmission on top of IP multicast. IP multicast is widely
deployed in enterprises, commercial stock exchanges, and multimedia
content delivery networks. A common enterprise use of IP multicast is for
IPTV applications such as distance learning and televised company meetings.
44 0000-7999 (I-DIT)
2.) Point – to -Multipoint – In a multipoint
topology the hub can send to one or more
systems based on an address. Frame Relay
is the most common technology to implement
this scheme, and it is typically used as a WAN
(Wide Area Network) technology. All the remote connection points are
connected to a single Frame Relay switch or router port, and communication
between sites is managed by that central point. In hub and spoke, all spokes
or only one spoke hears a given transmission. In point to multipoint, any
number of remote stations can be accessed.
Frame Relay Point to Multipoint Element:
Data Link Communications Protocol (DLCI) is a Frame Relay 10 bit wide
link-local virtual circuit identifier used to assign frames to a specific PVC or
SVC. Frame Relay networks use DLCIs to statistically multiplex frames.
DLCIs are preloaded into each switch and act as road signs to the
traveling frames.
3.] Private Link – is a link that is either owned by a specific entity or a link that
is only accessible by a specific entity. More frequently, organizations
worldwide are deploying private Frame Relay networks. In private Frame
Relay networks, the administration and maintenance of the network are the
responsibilities of the enterprise (a private company). All the equipment,
including the switching equipment, is owned by the customer.
45 0000-7999 (I-DIT)
CHAPTER 7: APPROXIMATE BUDGET
Rows that are highlighted in red and marked in orange are the services opted
by our subject company Thai Airways.
Pacnet Frame Relay Costing (Philippine Peso Currency Based)

Standard Monthly Charges
Speed Access Charges PVC Charges
PER SITE LOCAL & ‘A’
CIR BURST INTRA-UAE
(AED) BAND
23,842.52
0 64 Kbps 13,005.01 PHP 61,773.79 PHP
PHP
34,680.02
0 128 Kbps 29,261.27 PHP 108,375.08 PHP
PHP
Desktop PC56,355.04
Hardware Costs
0 256 Kbps 42,266.28 PHP 173,400.12 PHP
PHP
0 60,690.04
384 Kbps 48,768.78 PHP 222,168.90 PHP
PHP
Thai Airways Frame Relay Service 67,192.55
0 512 Kbps 58,522.54 PHP 265,518.93 PHP
PHP
91,035.06
0 1 Mbps 74,778.80 PHP 292,612.70 PHP
PHP
91,035.06
0 2 Mbps 84,532.56 PHP 330,543.98 PHP
PHP
Pacnet Frame Relay Installation Charges (Philippine Peso Currency Based)

Speed Access Link (AED) PVC (AED)
64 Kbps & 128 Kbps 28,177.52 PHP 2,167.50 PHP
Thai256 Kbps
Airways & up
Frame toInstallation
Relay 1 Mbps 47,685.03 PHP 2,167.50 PHP
2 Mbps 86,700.06 PHP 2,167.50 PHP
Up to 34 Mbps 130,050.09 PHP 2,167.50 PHP
Cost of Network Hardware Devices (LAN)

Equipment / Device Price
Cisco 1841 Integrated Services Router 24,195.76 PHP -
Cisco 2960-24TT Switch 33,400.98 PHP -
Cisco 2950T – 24 Switch 17,255.74 PHP -
RJ-45 5.00 PHP -
CAT5e Cable 24.50 PHP -
Rhino CEROS - Network Interface Card (NIC) 1,518.95 PHP -
Crimping Tool 220.00 PHP -
Cisco Unified IP Phone 7900 Series 10,676.02 PHP -
TOTAL 87,296.95 PHP
46 0000-7999 (I-DIT)
Qube PC Desktop Promo Package

Specifications:
 LED Qube 16" Wide Screen LCD Monitor DVI
 Mouse
 Keyboard
 Multimedia Speaker
 CPU:
 Processor: AMD Athlon II 240 (2.8G) X2 Dual Core AM3 (= Core 2 Duo 45nm)
 Motherboard:Foxconn A76ML-K 3.0 AMD® 760G Chipset (up to 1GB Built-in Video) Support
Phenom II - AM3 - DDR3
 Productivity Suite: Open Office (Full Version with CD)
 Memory: 1GB DDR3 1333MHz Memory (1x1GB)
 Hard Drive: 500GB 7200RPM Hard Drive SATA 3.0 3X faster
 Optical Drive: Samsung 22x Dual Layer DVD-RW Drive Sata
 Media Drive: USB Card Reader
 Power: Free Surge Protector
 Qube Premium A Chassis - Black w/ 700w PSU & Hi Def. Sound Support
TOTAL 12,799.00 PHP -
SOFTWARE COSTS
Software Item Price
Windows HPC Server 2008
17,719.60 PHP
Enterprise R2 Installation CD
Cafe Manila Server 3000 PHP -
Cafe Manila Client (for every client
300 PHP -
workstation)
TOTAL 21,019,60 PHP
47 0000-7999 (I-DIT)
CONCLUSION
At this moment, we have reached the end of this documentation
for Thai Airways Network Connection. In the previous pages, it was discussed
that they are operating their communications under a Frame-Relay Wide Area
Network Type. Viewers probably have an idea of how that type of connection
works its way around propagating data from point to point.
Flipping through the pages of this documentation made it clear
how frame relays internally function by delving deep to its intimate devices.
Having a clear identification of the technology involved in this wide area
connection type, we should now have a deeper understanding of its logical
design. Viewers should have enough knowledge on how to link its nodes by
now, be it in real time or packet tracer.
As a whole, it’s hoped that this paper work has introduced
readers the intricate concepts of frame relay. Aside from its purpose, readers
should be aware of its benefits in the computer networking aspect, like below
to name a few:
 This sort of networking set up is cost efficient in financial terms.
 This wide area network connection type is more practical than leased
lines as it needs lesser devices for its operations.
 Frame relay can support voice & video data other than text & images.
 Can direct data flow directly to designated networks in its radius.
May this documentation continue to aide viewers and budding network
technicians in the future and may it encourage improvements.
48 0000-7999 (I-DIT)
BIBLIOGRAPHY & REFERENCE MATERIAL
CHAPTER 2: Network Architecture
(http://learn-networking.com/network-design/a-guide-to-network-topology)
(http://en.wikipedia.org/wiki/Mesh_networking)
CHAPTER 3: Network & Server Architecture
(http://goo.gl/GDn6p)
CHAPTER 4: Networking and Internetworking Devices
(http://docwiki.cisco.com/wiki/Frame_Relay#Frame_Relay_Devices)
(http://en.wikipedia.org/wiki/Packet_switch)
(http://en.wikipedia.org/wiki/Serial_communication)
(http://www.cisco.com/en/US/products/ps5875/index.html)
(http://www.softchoice.com/catalog/en-us/hubs-switches-cisco-catalyst-2960-24tt-switch-WS-
C2960-24TT-L-N48913)
(http://www.cisco.com/en/US/products/hw/switches/ps628/ps627/index.html)
(http://searchenterprisedesktop.techtarget.com/definition/desktop-computer)
(http://www.topwebhosts.org/tools/rj45-wiring.php)
(http://compnetworking.about.com/od/ethernet/g/cat5-cables.htm)
CHAPTER 5: Network Security
(http://www.interhack.net/pubs/network-security/network-
security.html#SECTION00060000000000000000)
CHAPTER 6: Communication Links
(http://en.wikipedia.org/wiki/Link_%28telecommunications%29)
(http://en.wikipedia.org/wiki/Multicast)
(https://learningnetwork.cisco.com/thread/4892)
(http://en.wikipedia.org/wiki/Data_link_connection_identifier)
(http://www.inetdaemon.com/tutorials/networking/lan/topology.shtml)
CHAPTER 7: Approximate Budget
(http://goo.gl/3udpj)
49 0000-7999 (I-DIT)
ACKNOWLEDGEMENTS
God almighty for giving me the ability & skills to complete this task;
My Parents who finance my schooling;
Everyone who supports me;
Informatics Festival Mall for the quality education & making it possible to
materialize this project;
Pisong Print & Pa-Book Bind sa kanto for the hardcopy.
And so so…
50 0000-7999 (I-DIT)

IT207 Network Essentials Project Frame Relay

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

IT207 Network Essentials Project Frame Relay

Transféré par

Droits d'auteur :

Formats disponibles

IT207 – Network Essentials - Project 2011

INFORMATICS COMPUTER SCHOOL

(IT207 – Network Essentials)

< Thai Airways Computer Network Connection >

Name: Lim, Ma. Carmen N.

Address: 37 Padua St. BFRV LPC, M.M.

Student No.: 0000-7999

Lecturer: Sir Jasper L. Calibo

Country: Republic of the Philippines

CHAPTER I: Introduction ------------------------------------------------------------- 3

CHAPTER 2: Network Architecture Topologies & Diagram ----------------- 4 to 6

CHAPTER 3: Network & Server Configuration ------------------------------ 7 to 13

CHAPTER 4: Network & Internetworking Devices ------------------------- 14 to 24

CHAPTER 5: Network Security ----------------------------------------------- 25 to 43

CHAPTER 6: Communication Links ------------------------------------------- 44 to 45

CHAPTER 7: Approximate Budget ------------------------------------------ 46 to 47

This documentation will contain an explanation of the computer

network design of Thai Airways, as we all know; this company is providing

has an affable and cultural manner.

Since the company is inclined in travel and tours services, it is

destinations. Thai Airways is continuously growing; in fact, they now have

flight zones in outlandish European countries such as Oslo, Norway as their

59th newest station.

and it could probably bewilder an individual on the thought of “how they

communication between each of their base station and that is computer

expose the computer network structure of our subject company.

Thai Airways is making use of technology that could reach into

amazing geographical areas, like say, from country to country. However we

will only demonstrate a sample of their computer network topology in only a

station Oslo, Norway to Philippines.

CHAPTER 2: NETWORK ARCHITECTURE TOPOLOGIES AND DIAGRAM

Thai Airways Computer Network is arranged in a WAN (Wide

Area Network) Connection in a frame relay setting. It is a telecommunication

service designed for cost-efficient data transmission for intermittent traffic

it applies an extended star network topology to propagate information from

point-to-point through routing techniques and a partial mesh topology through

assignment of DLCI to direct the flow of data in the network.

Extended Star Topology

The Extended Star Topology is a

bit more advanced. Instead of

connecting all devices to a

central unit, we have sub-central

devices added to the mix. This

allows more functionality for

organization and subnetting- yet

also creates more points of failure. In many cases it is impractical to use a

Extended Star Topology is all but necessary to prevent degraded signals.

Star Topology is generally better for the larger ones.

Communications Equipments (DCEs) to direct transmitted data with Data Link

Connection Identifier (DLCI) into various existent end-points.

disseminate its own

data, but also serve as

a relay for other nodes,

that is, it must

collaborate to propagate the data in the network.

why don’t we use it more often?

smaller networks. Alternatively, you could try a Partial-Mesh Topology.

with Cisco Packet Tracer.

Diagram Inside the Frame Relay Cloud:

CHAPTER 3: NETWORK AND SERVER CONFIGURATION

Configuration of Frame Relay

Change the encapsulation

Go in interface mode and select the Frame Relay encapsulation on the