Network Design Report: IPsec Technology and Globexcrop's Network

Verified

Added on 2023/01/16

AI Summary

This report presents a network design solution for Globexcrop, addressing the company's need for a high-performance network to analyze data from various sensors used in precision farming. The report outlines business requirements, including the need for real-time data analysis and secure data sharing across different departments and locations. Functional requirements such as ample data storage, real-time data processing, and seamless file sharing are discussed. Technical requirements, including network availability, security, scalability, and simplified network management, are also analyzed. The report also identifies constraints like budget, company policies, scheduling, and personnel availability. The proposed design focuses on an IPsec-based full mesh network, with an overview of IPsec technology and its protocols, including AH, ESP, and IKE, to ensure secure communication and data integrity. The report concludes with a list of references.

Report on network design

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Project requirements for network design:..............................................................................5
Business requirements:.........................................................................................................5
Functional requirements:.....................................................................................................6
Technical requirements:.......................................................................................................7
Constraints:...........................................................................................................................8
Proposed design:.....................................................................................................................10
Report on candidate technology:...........................................................................................11
Overview of IPsec technology:...........................................................................................11
IPsec protocols:...................................................................................................................11

Project requirements for network design:
Business requirements:
 Globexcrop wants to have a high performance network that is required for detailed
and in-depth analysis and these analysis needs to be done on data that is collected from
various sensors which are an important aspect for business of Globexcrop as these
sensors are required for implementing precision firming to which Globexcrop wants to
have competitive advantage in the market. As Globexcrop deals and wants to excel in
precision firming, it is not only required for them to analysis data with enhanced
accuracy.
 Not only that, data also needs to be captured from various sensors and once data is
collected from different sensors it is then need to be shared across different
departments that are located in various region. Hence Globexcrop who wants to design
an efficient infrastructure which ensures simple yet effective measures that helps to
share data, while integrating automation to data analysis.
 Automation to data that is an important aspect for Globexcrop is required to deal with
real time data analysis. This is required for providing context to access real-time
positions and alerts that is required for managing mixed Farm Equipment fleets. These
mixed Farm Equipment fleets are developed using a Fleet Manager solution. It is also
required for Globexcrop to reduce cost in fuel consumption and enhancing operator
performance. Hence this makes it necessary for Globexcrop to have option for real-
time data analysis and along with that it is also required to have facility to
communicate data in real time and the network designed in this context should support
this business requirement as this requirements are important for Globexcrop.

Functional requirements:
Deployment of mesh based network design has some functional requirements as
specified by Globexcrop:
 Ample storage for storing data related to firming sensor
 System associated with the network design should be able to store and process data in
real time while ensuring data accuracy
 System associated with the network should provide context to file sharing seamlessly
with superior speed
 Database should be accessible any time and from any location. It is not enough to
provide access only to the employees, but there should be facility that ensures
extension of this access to the end users which includes farmers as well.
 Sensors that are implemented on filed needs to send data wirelessly and needs to be
stored in central database of the company. This data needs to be shared to other
departments specializes in different aspects of precision firming over internet.
 Once data is shared across different platform in different location, intelligence should
be derived from the analysed data which is then need to be shared with different firms
to assist farmers in taking different decision as per requirement.
 Information that is gathered through data analysis should be available to end users
every time and hence the central database should be consistent no matter what is the
traffic of data access.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Technical requirements:
 Increase in network availability Support that includes criteria for 24x7 network
availability for web-enabled applications and performance. So one of the important
technical requirements is to make network available throughout the day and also
during night as well. so increasing latency and reducing latency is one of the major
technical requirements for this network design
 Support for 24x7 network availability and integrate with security applications
 Support for 24x7 network availability and integrate with the telephone system
 Transaction processing time needs to be accurate, fast and reliable. Special
consideration should be made to reduce transaction redundancy as less as possible.
Improving transaction processing system and reducing transaction-processing time to
less than 3 seconds is an preferred requirement for the network design
 Customer support is an important requirement for Globexcrop. However in customer
service resolving consumers’ queries are important which requires improved voice
communication which is not possible to ensure without proper network design. hence
improving voice quality is an important technical requirement for this network design
 Security is an important technical requirement for any company. Hence without proper
management of network security, it is not possible to design an efficient requirement
that ensure fulfilment of client requirements. Some of the important consideration in
this aspect are Improve security with the proper integration of filtering, firewalls, and
IDS Centralize servers and management and to Provide wireless security as well
 Scalability of network is also an important requirement for this network design. If a
network is not scalable enough it lacks support for integration of different services that
the company might require for improving business process. Now if a network is not
scalable, it will make it difficult to extend the designed network infrastructure for
increasing network capacity and functionalities. Hence ensuring that designed network

is scalable is an important technical requirement for this network design for
Globexcrop.
 No network design is effective it is not possible to manage network properly.
However, it is not only enough to have option for network management, it should be
easier to implement as well. Hence simplification of network management is also an
important technical requirement. This include maintenance of new network with
existing one and support for reporting and management tools.
Constraints:
While implementing network design for Globexcrop, it is not only enough to analyse
various requiremnwts such as business requirements, functional requirements and technical
requirements, it is also important various constraints that are associated with implanting these
requirements into actual design. These helps in identifying issues that needs to be managed so
that design is properly completed and delivered to Globexcrop.
Although Globexcrop wants to have an advanced and efficient network design, there are
various constraints that affects this process. Some of these constraints are:
 Budget: there might be resource scarcity and due to this limited resource, Globexcrop
might compromise with their spending for f equipment, software, or other components
and this will also result in compromise in design of the requirements for which it
might not be possible to design efficient network system and also it will be difficult to
incorporate various project requirements into the design
 Company policies: The design also have to consider the customer’s existing policies
regarding protocols, standards, vendors, and applications as these things often proves
to be an significant constraints in design of efficient network design
 Scheduling: coordination between project timeline and schedule defined by consumer
might also proves to be an significant constraints in design process

 Personnel: trained personnel are required both at the implementation as well as at the
operation phases and availability of those trained personnel might be a significant
design constraint as well

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Proposed design:

Report on candidate technology:
Detailed analysis of candidate technology for implementing proposed network design
has been provided here. In order to design full mesh network two options are available. IPSec
tunnels using hardware routers or OpenVPN are two options to design of full mesh network.
However, in this report candidate technology that is considered is IPSec tunnels using
OpenVPN.
Overview of IPsec technology:
IPsec, also defined as the Internet Protocol Security or IP Security protocol, provides
the architecture support that is required for enhancing security services that is associated with
IP network traffic. IPsec describes and provides the context that is required to design the
framework that is efficient for providing security and that too at the IP layer. Along with that
the suite of protocols that is designed to provide that security, provides authentication along
with encryption that is required for enhancing security of IP network packets. IPsec includes
protocols that is aimed to define the required and enhanced cryptographic algorithms that are
used in order to ensure that the system encrypt, decrypt and authenticate packets. In addition
to that the protocols that are needed for providing secure key exchange as well as enhanced
key management.
IPsec protocols:
IPsec provides recent versions of the Internet Protocol which includes IPv4 and IPv6.
IPsec protocol headers are now provided with the IP header and they are considered as IP
header extensions when a system is using IPsec.
The most important protocols considered a part of IPsec include:
 The IP Authentication Header (AH), identified in RFC 4302, is an important one as it
provides an optional packet header that provides assurance for connectionless

integrity. It also assures that there is proper data authentication that is required for IP
packets as it provides measures which helps to protect against replays.
 The IP Encapsulating Security Payload (ESP), specified in RFC 4303, is an important
packet header, but it is optional though for network design. However, it provides
confidentiality that is achieved through encryption and this is ensured through
encryption of the packet. It also provides integrity protection, data origin
authentication, access control and optional protection against replays or traffic
analysis.
 Internet Key Exchange (IKE), defined in RFC 7296, "Internet Key Exchange Protocol
Version 2 (IKEv2)," is a protocol that needs to be properly defined as it allow different
hosts associated with the network to specify which services are important and which
services are essential to be incorporated in packets. These packets are then considered
by cryptographic algorithms that are designed and integrated with the network to
provide those services. In order to properly deliver this service a mechanism is also
developed for sharing the keys that are used with those cryptographic algorithms for
encryption of the data packets sent over the network.
 Previously described separately, now the Internet Security Association and Key
Management Protocol (ISAKMP) is defined as part of the IKE protocol specification.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References:
Al-khatib, A. A., & Hassan, R. (2018). Impact of IPSec Protocol on the Performance of
Network Real-Time Applications: A Review. IJ Network Security, 20(5), 811-819.
Bensalah, F., El Kamoun, N., & Bahnasse, A. (2017). Evaluation of tunnel layer impact on
VOIP performances (IP-MPLS-MPLS VPN-MPLS VPN IPsec). International Journal
of Computer Science and Network Security (IJCSNS), 17(3), 87.
Camilo, B. C., Couto, R. S., & Costa, L. H. M. (2018). Assessing the impacts of IPsec
cryptographic algorithms on a virtual network embedding problem. Computers &
Electrical Engineering, 71, 752-767.
Deshmukh, D., & Iyer, B. (2017, May). Design of IPSec virtual private network for remote
access. In 2017 International Conference on Computing, Communication and
Automation (ICCCA) (pp. 716-719). IEEE.
Kobo, H. I., Abu-Mahfouz, A. M., & Hancke, G. P. (2017). A survey on software-defined
wireless sensor networks: Challenges and design requirements. IEEE access, 5, 1872-
1899.
Korona, M., Skowron, K., Trzepiński, M., & Rawski, M. (2017, May). FPGA implementation
of IPsec protocol suite for multigigabit networks. In 2017 International Conference on
Systems, Signals and Image Processing (IWSSIP) (pp. 1-5). IEEE.
Lee, H. C., & Lin, H. H. (2016). Design and evaluation of an open-source wireless mesh
networking module for environmental monitoring. IEEE sensors journal, 16(7), 2162-
2171.

Marksteiner, S., Rainer, B., & Maurhart, O. (2018). On the Resilience of a QKD Key
Synchronization Protocol for IPsec. arXiv preprint arXiv:1801.01710.
Park, P., Ryu, H., Hong, G., Yoo, S., Park, J., & Ryou, J. (2015). A Service Protection
mechanism Using VPN GW Hiding Techniques. In Information Science and
Applications(pp. 1053-1062). Springer, Berlin, Heidelberg.
Pentikousis, K., Ohlman, B., Corujo, D., Boggia, G., Tyson, G., Davies, E., ... & Eum, S.
(2015). Information-centric networking: baseline scenarios (No. RFC 7476).
Rao, M., Newe, T., Omerdic, E., Dooly, G., Lewis, E., & Toal, D. (2018). An efficient
implementation of FPGA based high speed IPSec (AH/ESP) core. International
Journal of Internet Protocol Technology, 11(2), 97-109.
Rossi, F., Caloffi, A., & Russo, M. (2016). Networked by design: Can policy requirements
influence organisations' networking behaviour?. Technological Forecasting and
Social Change, 105, 203-214.
Wang, G., Sun, Y., He, Q., Xin, G., & Wang, B. (2018, June). A Content Auditing Method of
IPsec VPN. In 2018 IEEE Third International Conference on Data Science in
Cyberspace (DSC) (pp. 634-639). IEEE.
Wickboldt, J. A., De Jesus, W. P., Isolani, P. H., Both, C. B., Rochol, J., & Granville, L. Z.
(2015). Software-defined networking: management requirements and
challenges. IEEE Communications Magazine, 53(1), 278-285.