Network Scalability and Maintenance

Questions and Answers

What is the primary function of a Firewall in network security?

To filter out spam emails

To detect and drop suspected packets

To manage network traffic logs

To inspect packets based on protocols (correct)

What percentage of spare equipment should be planned for modems, UPSs, switches, LAN Extenders, etc.?

40%

25% (correct)

10%

30%

What is the primary function of access control protocols in network security?

Authenticating users (correct)

Firewall configuration

Encrypting data

Authorizing users

What does UTM stand for in the context of network security?

Unified Threat Management

What is the primary purpose of a Network Management System (NMS)?

To monitor the health of the network

What is the recommended configuration for core level network equipment like high-end routers and manageable switches?

N+1 configuration

What protocol is used by Network Management System (NMS) for network management?

SNMP

Where should access to Railway Data networks from public networks like the Internet be permitted?

At protected points with firewalls/IPS/IDS

What is the primary concern in network topology design for Indian Railways?

Scalability without replacing existing network components

Which of the following is NOT a special purpose data network established by Indian Railways?

E-procurement System

What is the function of a Network Access and Bandwidth Management Control in a UTM appliance?

To manage network traffic and allocate bandwidth

What is the purpose of recording traffic logs from various network devices at a central server?

To analyze traffic patterns and logs

What is the primary function of the FOIS network in Indian Railways?

Freight Operations Information System (FOIS)

What is the purpose of Intrusion Detection Systems (IDS) in Railway Data networks?

To detect and alert on potential security breaches

What is the scope of S&T department for a department with its own dedicated network?

Provision of railway telecom connectivity only

What is the name of the dashboard for Indian Railways that is mentioned in the content?

e-Drishti

What is the role of a Network Operation Center (NOC) in Indian Railway Data Network?

To control different segments of the network

Which of the following is NOT an application running on the Indian Railways data network?

Video Conferencing

What is the term for the combination of a username and a password used in authentication?

One-factor authentication

What is the function of an Intrusion Detection and Protection system in network security?

To detect and drop suspected packets

What is the name of the system used for managing electric locomotive assets in Indian Railways?

SLAM

Which of the following is a potential use case of the Indian Railways data network?

Disaster Management

How many major data networks does Indian Railways have?

3

What is the name of the system used for managing locomotives in Indian Railways?

LMS

What is a recommended practice to prevent damage to datacom equipment?

Using ESD wrist bands while handling datacom equipment

What is a recommended practice for maintaining network efficiency?

Training staff and updating their knowledge to maintain the network more efficiently

What should be kept handy for easy reference?

Operation and maintenance manual of datacom equipment

What is a recommended practice for ensuring network security?

Changing the password of routers/servers once in a month

Why is it important to use a good quality earth and maintain the earth resistance below 1 Ohms?

To ensure proper earthing of datacom equipment

What should be done with the event and performance logs of the NMS?

Clear the logs at specified intervals

Why is it important to check the backup links at least once a month?

To ensure that backup links are functioning properly

What should be planned as per the specified lifecycle?

Replacement of UPS batteries

What is the recommended minimum speed for IP networks at the distribution level?

2 Mbps

What is the current infrastructure used by Railnet?

L3 VPN over MPLS infrastructure

What is the primary purpose of using L3 switches in the Railnet LAN Architecture?

To act as a core switch in the network

What is the recommended redundancy configuration for L3 switches in the Railnet LAN Architecture?

1+1 redundancy

What is the purpose of the DNS cache server in the Railnet setup?

To cache DNS requests

What is the bandwidth range for the connections between each zone and division to the MPLS router of RCIL?

20 Mbps to 300 Mbps

What is the purpose of the UTM/Firewall in the Railnet setup?

To provide security services

What is the recommended configuration for the core switch in the Railnet LAN Architecture?

L3 switch

What is the recommended configuration for VLANs in the LAN?

One VLAN should normally not have more than 70-100 computers

What is the purpose of RSTP/MSTP in the switches?

To configure the Layer 3 core switch as the root bridge

Why is DHCP snooping used in the switches?

To build MAC address tables in the switch

What type of ports should the distribution switch have?

Gigabit access Copper ports

What is the recommended connectivity between the user nodes and the distribution/access switch?

Through Cat-6 UTP cable/OFC

What is the minimum speed of the connectivity to the user nodes?

1Gbps

What is the purpose of configuring the switches to recognize a trusted DHCP server?

To not allow access to rough DHCP servers

What type of links should be used for the connectivity of the Layer 2 switch and the Layer 3 switch?

Multiple links with path protection

How should local servers providing network services like DNS be connected to the Layer 3 switch?

In a different VLAN either directly or through a distribution/access switch

What is the recommended configuration for the DHCP servers in the network?

Two DHCP servers providing IP addresses from disjoint sets

Why is stacking better than connecting the switches using 1/10G port?

It provides better speed and better forwarding rates

What is the purpose of configuring VRRP between the Layer 3 switches?

To provide redundancy for the gateway IP for each VLAN

How should load balancing be configured for the Layer 3 switches?

One Layer 3 switch should be the gateway for half the total VLANs and the other for the balance VLANs

What is the purpose of connecting the Layer 3 switches to the routers/switches on the WAN side?

To route the traffic out of the network towards the MPLS network of RCIL

What is the benefit of using Layer 3 switches as the gateway for the nodes in each VLAN?

It allows for manual configuration of IP addresses

What is the recommended configuration for multiple Layer 2 switches at one location?

They should be stacked

What is the primary purpose of RSTP/MSTP implementation in switches?

To prevent Layer 2 loops and improve network redundancy

What is the recommended configuration for VLANs in the LAN?

To configure VLANs on the access switch

Why is DHCP snooping used in the switches?

To prevent unauthorized DHCP servers

What type of ports should the distribution switch have?

10/100/1000 Mbps ports

What is the recommended connectivity between the user nodes and the distribution/access switch?

via UTP cables

What is the minimum speed of the connectivity to the user nodes?

100 Mbps

Why is it important to configure the switches to recognize a trusted DHCP server?

To prevent unauthorized DHCP servers

What is the recommended configuration for the core switch in the LAN Architecture?

To configure it as a Layer 3 switch

What is a recommended practice to prevent damage to datacom equipment?

Using ESD wrist bands while handling datacom equipment

Why is it important to use a good quality earth and maintain the earth resistance below 1 Ohms?

To reduce the risk of datacom equipment damage

What is the recommended redundancy configuration for UPS in core network equipment?

N+1 redundancy mode with sync control option

What should be planned as per the specified lifecycle?

Replacement of UPS batteries

How often should the diversity channels be checked?

Once a month

What is a recommended practice for maintaining network efficiency?

Training staff and updating knowledge

What is the recommended voltage for Data Communication Equipments?

48V DC

Why is it important to check the backup links at least once a month?

To reduce the risk of network downtime

What should be done with the router configurations?

Write them in a register and document them

What is the recommended frequency for cleaning the datacom equipment?

Once a year

What should be done with the event and performance logs of the NMS?

Follow the housekeeping procedure for clearing them at specified intervals

What should be checked as part of routine checks for U/G cables?

Condition of underground cables

What is a recommended practice for ensuring network security?

Changing the password of router/servers once in a month

What should be kept handy for easy reference?

Operation and maintenance manual

What should be updated time to time in NMS system?

Antivirus patches

What should be done with the configuration files of the routers?

Store them in both softcopy and hardcopy

Study Notes

Network Components and Scalability

• Network components should be selected to permit scalability without replacing existing components
• At least 25% spare equipment should be planned for items like modems, UPSs, switches, LAN Extenders, etc.
• Spares are recommended in N+1 configuration in each critical location for core level network equipment like high-end routers, manageable switches, servers, firewalls, etc.

Access from Public Networks

• Access to Railway Data networks from public networks like the Internet may be permitted only at protected points
• Network must be adequately protected through provision of firewalls/Intrusion Prevention System (IPS)/Intrusion Detection System (IDS) etc.

Network Security

• Network Access Control performs three functions: Authentication, Authorization, and Accounting
• Authentication is the process of identifying and verifying a user
• Only authorized personnel should be permitted access to network resources
• Network security is achieved through deployment of:
  • Firewall: First level of defense at the network perimeter
  • Intrusion detection and Protection system: Signature identification, Protocol identification, etc.
  • UTM (Unified Threat Management): an all-in-one security appliance with features like spam filtering, web filtering, anti-virus, anti-spyware, anti-phishing, IPS/IDS, DOS and DDOS protection, Application filtering, Network Access and Bandwidth Management Control, VPNs, etc.

Network Management System and Traffic Monitoring

• Network Management System (NMS) is essential for managing the complete data network using SNMP protocol based on open standards
• NMS can perform tasks like configuration, diagnostic, provisioning, security, and originating various MIS reports
• NMS also has the facility of performance monitoring through resource utilization graphs
• Traffic logs from various network devices may be recorded at a central server for analysis purposes
• Each division and zone should have an integrated NMS at their Network Operation Center (NOC) in standby mode

Data Network

• A data network is a collection of interconnected data processing devices through suitable communication links enabling data transfer between devices
• Indian Railways has three major data networks: Railnet, Unified Ticketing network (UTN), and FOIS network
• Special purpose data networks are also being established by the Railways like the network for monitoring the CCTV network, VoIP control communication network, etc.
• Several applications are operating over the networks, including Passenger Reservation System, Freight Operations Information System, Material Management Information System, etc.

Network Topology and Architecture

• Railnet is currently built as an L3 VPN over MPLS infrastructure of RCIL
• Each zone and division is connected to an MPLS router of RCIL with appropriate bandwidth ranging from 20Mbps to 300Mbps
• Railnet setup at zonal and divisional HQs may have the following setup:
  • Railnet routers in high availability
  • UTM/Firewall
  • L3 switches working in 1+1 redundancy
  • DNS cache server
  • Network Management server
  • Other servers like DHCP, Web server, Antivirus server, Patch Management server, Proxy server, etc.

Network Maintenance and Best Practices

• Proper lacing of internal wiring
• Protecting cables from rodents
• Training staff and updating knowledge to maintain the network efficiently
• Using ESD wristbands while handling datacom equipment
• Using a good quality earth and maintaining the earth resistance below 1 Ohms
• Changing passwords of routers/servers once a month
• Following the housekeeping procedure of clearing event and performance logs of the NMS at specified intervals
• Planning replacement of UPS batteries as per the specified lifecycle
• Keeping operation and maintenance manual handy
• Keeping bills and Guarantee/warranty cards of datacom equipment handy

Don'ts

• Don't change hardware of routers like data cards when the router power supply is ON unless it supports hot swapping
• Don't change V.35 Data cable when the router and modems are ON
• Don't change IP addressing scheme and IP address of the working network without written permission of the Network Administrator
• Don't change configuration of the router without permission of the Network administrator
• Don't run down batteries of UPS below specified level
• Never switch off datacom equipment without following the proper shut-down procedure
• Don't share passwords of routers' and servers with colleagues
• Never use water to clean the equipment room
• Don't use water-based fire extinguishers for datacom installations

DHCP Server Configuration

• Two DHCP servers shall be provided in the network with disjoint sets of IP addresses to avoid IP clashes.

Network Architecture

• Local servers providing network services like DNS shall be connected to the Layer 3 switch in a different VLAN using a distribution/access switch.
• Manual configuration of IP addresses is allowed in this case.
• Layer 3 switches shall be used as the gateway for nodes in each VLAN.
• Load balancing should be configured to ensure that one Layer 3 switch is the gateway for half the total VLANs and the other Layer 3 switch is the gateway for the remaining VLANs.

VRRP Configuration

• VRRP (Virtual Router Redundancy Protocol) should be configured between the switches for the gateway IP for each VLAN.
• This ensures that when one switch goes down, the other takes over the role of traffic forwarding/routing.

Unified Ticketing Network

• Layer 2 switches should be used in the LAN for interconnecting user nodes.
• These switches should support features like VLANs, RSTP and MSTP, DHCP relay, DHCP snooping, and MAC address authentication through a radius server.
• Non-blocking Gigabit PoE access ports are required.

Switch Connectivity

• The connectivity of Layer 2 switch and the Layer 3 switch shall be on OFC with 1G or 10G multiple links and path protection.
• Distribution switch should have Gigabit access Copper ports and SFP based optical ports for connectivity to the Layer 3 switch.
• Connectivity between the user (clients) and the distribution/access switch shall be through Cat-6 UTP cable/OFC.

VLAN Configuration

• VLANs shall be used to limit the Ethernet broadcast domain in such a way that one VLAN should normally not have more than 70-100 computers.
• For simplicity, one VLAN should normally not cover more than one switch stack.
• Multiple VLANs can be configured in one switch stack.

Switch Configuration

• Switches should be configured to recognize trusted DHCP servers and not allow access to rogue DHCP servers.
• ARP-based MAC learning should be disabled, and DHCP snooping should be used for building MAC address tables in the switch.

Power Supply

• Uninterrupted Power supply (UPS) should be provided to increase the life of the equipment as well as to keep up the availability of the location/node.
• The capacity and redundancy of the UPS should be decided considering local power supply, standby supply, and importance of the location.

Maintenance Schedule

• Datacom equipment should be kept clean and tidy, and inspected once a year by SSE/JE incharge.
• Diversity channels should be checked at least once a month by switching off main channels.
• Condition of underground cables should be checked by carrying out routine checks.

Do's and Don'ts

• Do write configuration changes in a register for performance analysis and record purpose.
• Do take printouts of router configurations and store them in softcopy.
• Do protect cables from rodents.
• Do change router passwords once a month.
• Don't change router hardware while the power supply is ON.
• Don't change IP addressing scheme and IP address of the working network without permission of the Network Administrator.

Fault Diagnosis

• Fault diagnosis is categorized into three types: Hardware, Software, and Media/Channel.
• Datacom equipment provides visual indications for status checking.
• Equipment can be checked or upgraded to higher versions depending on the type of fault encountered.

Environment, Rack, and Flooring

• Core and critical network datacom equipment should be housed in air-conditioned rooms.
• Other datacom equipment should be housed in a dust-free environment, preferably air-conditioned.
• Equipment should be housed in a standard 19” rack with front and back openings for ease of maintenance.
• The rack should be provided with power supply distribution panel for AC/DC distribution.
• Good quality earth with a value less than one Ohm should be provided.

Description

This quiz covers the importance of scalability in network components and the need for spare equipment to ensure efficient maintenance. It also discusses the N+1 configuration for critical network equipment.