Network Scalability and Maintenance

Network Components and Scalability

• Network components should be selected to permit scalability without replacing existing components
• At least 25% spare equipment should be planned for items like modems, UPSs, switches, LAN Extenders, etc.
• Spares are recommended in N+1 configuration in each critical location for core level network equipment like high-end routers, manageable switches, servers, firewalls, etc.

Access from Public Networks

• Access to Railway Data networks from public networks like the Internet may be permitted only at protected points
• Network must be adequately protected through provision of firewalls/Intrusion Prevention System (IPS)/Intrusion Detection System (IDS) etc.

Network Security

• Network Access Control performs three functions: Authentication, Authorization, and Accounting
• Authentication is the process of identifying and verifying a user
• Only authorized personnel should be permitted access to network resources
• Network security is achieved through deployment of:
  • Firewall: First level of defense at the network perimeter
  • Intrusion detection and Protection system: Signature identification, Protocol identification, etc.
  • UTM (Unified Threat Management): an all-in-one security appliance with features like spam filtering, web filtering, anti-virus, anti-spyware, anti-phishing, IPS/IDS, DOS and DDOS protection, Application filtering, Network Access and Bandwidth Management Control, VPNs, etc.

Network Management System and Traffic Monitoring

• Network Management System (NMS) is essential for managing the complete data network using SNMP protocol based on open standards
• NMS can perform tasks like configuration, diagnostic, provisioning, security, and originating various MIS reports
• NMS also has the facility of performance monitoring through resource utilization graphs
• Traffic logs from various network devices may be recorded at a central server for analysis purposes
• Each division and zone should have an integrated NMS at their Network Operation Center (NOC) in standby mode

Data Network

• A data network is a collection of interconnected data processing devices through suitable communication links enabling data transfer between devices
• Indian Railways has three major data networks: Railnet, Unified Ticketing network (UTN), and FOIS network
• Special purpose data networks are also being established by the Railways like the network for monitoring the CCTV network, VoIP control communication network, etc.
• Several applications are operating over the networks, including Passenger Reservation System, Freight Operations Information System, Material Management Information System, etc.

Network Topology and Architecture

• Railnet is currently built as an L3 VPN over MPLS infrastructure of RCIL
• Each zone and division is connected to an MPLS router of RCIL with appropriate bandwidth ranging from 20Mbps to 300Mbps
• Railnet setup at zonal and divisional HQs may have the following setup:
  • Railnet routers in high availability
  • UTM/Firewall
  • L3 switches working in 1+1 redundancy
  • DNS cache server
  • Network Management server
  • Other servers like DHCP, Web server, Antivirus server, Patch Management server, Proxy server, etc.

Network Maintenance and Best Practices

• Proper lacing of internal wiring
• Protecting cables from rodents
• Training staff and updating knowledge to maintain the network efficiently
• Using ESD wristbands while handling datacom equipment
• Using a good quality earth and maintaining the earth resistance below 1 Ohms
• Changing passwords of routers/servers once a month
• Following the housekeeping procedure of clearing event and performance logs of the NMS at specified intervals
• Planning replacement of UPS batteries as per the specified lifecycle
• Keeping operation and maintenance manual handy
• Keeping bills and Guarantee/warranty cards of datacom equipment handy

Don'ts

• Don't change hardware of routers like data cards when the router power supply is ON unless it supports hot swapping
• Don't change V.35 Data cable when the router and modems are ON
• Don't change IP addressing scheme and IP address of the working network without written permission of the Network Administrator
• Don't change configuration of the router without permission of the Network administrator
• Don't run down batteries of UPS below specified level
• Never switch off datacom equipment without following the proper shut-down procedure
• Don't share passwords of routers' and servers with colleagues
• Never use water to clean the equipment room
• Don't use water-based fire extinguishers for datacom installations

DHCP Server Configuration

• Two DHCP servers shall be provided in the network with disjoint sets of IP addresses to avoid IP clashes.

Network Architecture

• Local servers providing network services like DNS shall be connected to the Layer 3 switch in a different VLAN using a distribution/access switch.
• Manual configuration of IP addresses is allowed in this case.
• Layer 3 switches shall be used as the gateway for nodes in each VLAN.
• Load balancing should be configured to ensure that one Layer 3 switch is the gateway for half the total VLANs and the other Layer 3 switch is the gateway for the remaining VLANs.

VRRP Configuration

• VRRP (Virtual Router Redundancy Protocol) should be configured between the switches for the gateway IP for each VLAN.
• This ensures that when one switch goes down, the other takes over the role of traffic forwarding/routing.

Unified Ticketing Network

• Layer 2 switches should be used in the LAN for interconnecting user nodes.
• These switches should support features like VLANs, RSTP and MSTP, DHCP relay, DHCP snooping, and MAC address authentication through a radius server.
• Non-blocking Gigabit PoE access ports are required.

Switch Connectivity

• The connectivity of Layer 2 switch and the Layer 3 switch shall be on OFC with 1G or 10G multiple links and path protection.
• Distribution switch should have Gigabit access Copper ports and SFP based optical ports for connectivity to the Layer 3 switch.
• Connectivity between the user (clients) and the distribution/access switch shall be through Cat-6 UTP cable/OFC.

VLAN Configuration

• VLANs shall be used to limit the Ethernet broadcast domain in such a way that one VLAN should normally not have more than 70-100 computers.
• For simplicity, one VLAN should normally not cover more than one switch stack.
• Multiple VLANs can be configured in one switch stack.

Switch Configuration

• Switches should be configured to recognize trusted DHCP servers and not allow access to rogue DHCP servers.
• ARP-based MAC learning should be disabled, and DHCP snooping should be used for building MAC address tables in the switch.

Power Supply

• Uninterrupted Power supply (UPS) should be provided to increase the life of the equipment as well as to keep up the availability of the location/node.
• The capacity and redundancy of the UPS should be decided considering local power supply, standby supply, and importance of the location.

Maintenance Schedule

• Datacom equipment should be kept clean and tidy, and inspected once a year by SSE/JE incharge.
• Diversity channels should be checked at least once a month by switching off main channels.
• Condition of underground cables should be checked by carrying out routine checks.

Do's and Don'ts

• Do write configuration changes in a register for performance analysis and record purpose.
• Do take printouts of router configurations and store them in softcopy.
• Do protect cables from rodents.
• Do change router passwords once a month.
• Don't change router hardware while the power supply is ON.
• Don't change IP addressing scheme and IP address of the working network without permission of the Network Administrator.

Fault Diagnosis

• Fault diagnosis is categorized into three types: Hardware, Software, and Media/Channel.
• Datacom equipment provides visual indications for status checking.
• Equipment can be checked or upgraded to higher versions depending on the type of fault encountered.

Environment, Rack, and Flooring

• Core and critical network datacom equipment should be housed in air-conditioned rooms.
• Other datacom equipment should be housed in a dust-free environment, preferably air-conditioned.
• Equipment should be housed in a standard 19” rack with front and back openings for ease of maintenance.
• The rack should be provided with power supply distribution panel for AC/DC distribution.
• Good quality earth with a value less than one Ohm should be provided.