Advertisment

Case Study: Network Nightmare

author-image
PCQ Bureau
New Update

Anoop was beginning to get worried. He had just joined the dMarc group as Systems Manager. He would have preferred the designation of CTO or even CIO. But that was not what he was worried about right now. 

Advertisment

At the corporate office there was a network of about 200 PCs, five design workstations, 10 departmental servers, one mail server and one machine running a proxy server and firewall that connected to the Internet over a 128 Kbps DSL line. Not every one had a Net connect, but all machines had an IP address that was served by a DHCP server running off the proxy server. IP addresses being served were in the range 192.168.1.x with subnet mask of 255.255.255.0. The servers were kept at the respective departments and they were connected across by hubs. He had found out this much during the one week that he have been in the company. 

He had also found out that everyone who had a Net connect was incessantly on chat. There seemed to be no official policy on this, though it was said that the MD frowned upon this. It was also said that the MD himself was also a frequent user of various chat clients. 

There was no network documentation that he could lay his hands on, and the general talk was that everything was inside Vipin’s head. Vipin, who was Assistant Manager, Systems, had been around for five years, and at least for the present, did not seem to be in a very

communicative mood. The rest of the IT team included two hardware engineers who were only a

month old  in the company.

Advertisment

Already, many employees had approached him, asking for an Internet connect for themselves. But that didn’t worry him as much as the lack of bandwidth. The squeeze on Internet bandwidth was in some ways understandable and he planned to do something about it. What was more worrying was the frequent complaints he was getting about the slow network. Even the routine copying of files across the network was taking ages. He had experienced it himself, but had no clue as to what was going on.

Answer 1



Advertisment

R Srinivasan 



is Assistant Manager IT at 



Apollo Hospitals, Delhi and is 


responsible for the Hospital’s 


network

The situation that Arun is facing is no different from that faced by many network managers. Given below are some things to set the situation right. Some of them can be done immediately, at almost zero additional costs, while the others have associated costs and a decision to implement them would need a better understanding of the budget available to him. He may need to bring in a network services provider for some of the action points.

Network speed 



u Implement sub-netting of the network. 



u Check for collisions in the network. Use software or get it done by a service provider.


u Replace the hubs with manageable switches.


u Check whether there is at least a 6” gap between the power lines and the network cabling.


u Get Pentascanning done by a good service provider for proper cable identification, data transmission rate of the cable and checking collision rates. This is particularly desirable if the cabling is old or really messy. Pentascanning will also help in getting the network documentation in place. 


u Move the desktops, at least the workstations and the servers to100 Mbps NIC cards, along with the installation of the
switches.



u For better bandwidth consider changing the backbone cabling to Thick Ethernet or OFC (Optical Fiber cable). 




Advertisment

Chat and downloads



These programs generally have options to connect behind a firewall by entering proxy information, such as HTTP, SOCKS or others. Some will pick up the proxy configuration information from the Internet Explorer settings. Blocking a connection through a proxy is generally pretty easy as all you have to do is enter the proper Deny URL rule. Generally, the only proxy that will be used here is the HTTP Proxy, possibly the Transparent HTTP Proxy. The key here is to deny access to whatever login server is called in the configuration options for the chat programs in use. Some show you a 



configurable entry, while others (like MSN Messenger) hide it.

Internet connectivity



A 128 Kbps DSL line means that Arun may or may not get the complete 128 Kbps bandwidth. Instead, he should consider a 128 Kbps dedicated line. He needs to identify whether those asking for Internet connections really need it for their work. And he can also control heavy downloads during peak usage time as well as restrict downloading to those who

require it.

Answer 2

Advertisment



Chandan Mendiratta 



is Principal Consultant with Cisco Systems, India 

From this it seems the network had been expanded on an adhoc basis and the PCs and servers were connected to the network whenever and wherever it suited the people or the IT guys.

Advertisment

The design which I think should be implemented is as follows:

Change’em



Implement a hierarchical network design that creates a core layer and one distribution/access layer. As suggested in the diagram on the left, the network will now have core switches which will connect the highly process-intensive stations (Design workstations, proxy, mail servers and department servers).

The core switches will also connect to the workgroup layer switch at gigabit speeds. These individual switches will have individual workstations terminating onto them. With the help of this two-layer, switch-based design, we will be able to implement VLAN-based setup and control the traffic of one department to go into other departments. This will help eliminate the latency in the intra department file transfers or other data communication needs.

Advertisment

Secondly, by putting a server farm to the core switches, we will be connecting these highly demanding machines on gigabit to the core switch, which will eliminate any bandwidth concerns that were there earlier while accessing the servers.

Moreover, putting the entire load of DHCP, proxy and firewall on one server is also one of the major reasons of delay in Internet connectivity. Putting a dedicated firewall will help make the network more secure and will also not put any extra delays while accessing the Internet. 

There must be a company policy on who can access what. By segmenting the network into layers and VLANs, we can use multiple subnets and assign the IP address based on the policy of the company, whether to allow access to particular resources (including the Internet) or not. Using the core switch to do something like policy routing and rate limiting based on the company policy, we can get utilize Internet bandwidth better.

The biggest tech challenge I faced and how I overcame it -- Prof Krishnayya, Executive Director Systems Research Institute, Pune



Prof Krishnayya

Executive Director



Systems Research Institute, Pune

founded the Systems Research Institute in Pune after resigning from

IIM-A in 1974. He had been responsible for installing India’s first time-sharing computer there in 1970. He completed his studies at MIT and the Harvard Business School

I was teaching MIS and OR at IIM-A in 1970, when Air Marshal Lal, then CMD of HAL (Hindustan Aeronautics Limited), asked us to develop a materials-planning system to handle the overhauls of the then newly inducted MiG-21s. The project involved four factories–Bangalore, Nasik (airframes), Hyderabad (electronics) and Koraput (engines). There were many different kinds of parts involved, different manufacturing procedures and time scales. We decided to study HAL’s experience with the Canberra bomber (by then in use for a decade). Our first task was to find out why overhauls took months, instead of the three weeks given in the handbook.

Now, spares could be rubber parts, rotables (subsystems that were stripped, inspected and overhauled off-line) and the like.

For replacements, there was something called a 10-off number–the total number of the particular part required for 10 incoming overhauls. Provisioning was done a year ahead, by multiplying the expected number of planes by the 10-off number.

In reality, planes did not come as expected for overhaul, but the inventory kept on increasing, and excessive use was made of the AOG facility (aircraft on ground where original-equipment manufacturers supply one unit of a part).

We concluded that simple use of the 10-off list was at fault. What was needed was a flexible-order quantity that depended not only on the average previous usage, but also the item’s cost. Low-cost items (rubber parts) could be overstocked, while high-cost items (airframe parts, hinges) should be under-stocked. This was underscored by the fact that a large area in the front apron of the Bangalore plant was occupied by a single 6’ x 50’ x 50’ crate containing one wing. It had been ordered with the very first Canberras some 20 years before!

We had to persuade IAF to change their system of ordering. Luckily, Air Marshal Lal, who was now Chief of Air Staff, asked us to make a presentation at Air HQ. We developed a simulation model, which took as input a “Provisioning Policy Vector”, three numbers–the provisioning levels for the lowest cost, the medium-priced and the expensive spares. We ran a Monte-Carlo model for 100 aircraft, for each of which a stratified sample of parts was required according to the historical pattern of usage. 

We ran the model with many different policies, and were able to show that policies where the expensive parts were under-provisioned and the less expensive ones were over-provisioned were systematically better in terms of aircraft overhauled on-time vs inventory holdings. We found the convex hull of the policy space, and were able to show that any policy on this boundary was equally efficient. One could select between them by setting the level of inventory the IAF was willing to hold, or the percentage of aircraft to be overhauled on time. 

This presentation convinced the IAF and the Ministry, and over the next year we implemented the system in HAL.

The biggest tech challenge I faced and how I overcame it -- TNC Venkata Rangan CMD, Vishwak Solutions nd Regional Director, MSDN



TNC Venkata Rangan 



CMD,
Vishwak Solutions and 



Regional Director, MSDN

is passionate about architecting mobile and Web solutions around .NET technologies. You can contact him via vishwak.com

Background



It was about a year back that a leading global portal approached us. The company had over a dozen websites serving about six countries in Asia alone. They wanted a solution that could track the number of times each advertising image was served. They also wanted secure, customized report for each advertiser. We had to deploy the solution in their existing web-farm, which had a couple of Web servers (Win 2000 Server, IIS) and one database server (MS SQL Server 2000). 

Challenges



The websites were heavily visited, and the client wanted us to serve and track over 2 million images a day. The image-tracking system was to be such that it should not have missed even a single image served and reporting had to be real time or near-real time. The specification did not allow us to add more hardware.

Options



1) Updating the back-end database every time an image was served (using ADO and ASP). We had to rule out this option as doing 2 million database connections in a day with just one database server is impossible. 

2) Maintaining an in-memory cache in each Web server and periodically updating the backend database. This option had to be ruled out has we did not have the time to design, build, test and deliver a reliable caching system. Moreover, an in-memory cache would be lost in the eventuality of a server restart or network breakdowns.

Eureka!



MSMQ (Microsoft Message Queue Server) came to our rescue. Out-of-the box MSMQ provided a reliable, asynchronous queuing mechanism. We designed a system with the master queue in the database server and the independent slave queues on each of the Web servers. Every time an image was served, we wrote a message locally to the slave queue and MSMQ ensured that this message got moved to the master queue. MSMQ provides guaranteed message delivery, which made our solution resilient. A VB.NET service, running in the database server, periodically read the messages from the master queue, opened a connection and updated the database. As the service ran every 5 mins (configurable), we could do about 7000 message updates (equal to 7000 images served) with a single DB connection. This solution could also scale up by re-configuring the time gap between each service run. 

Learnings



Using a ready-made wheel is better than reinventing one! Using out-of-the box tools reduces delivery time and increases the reliability of solutions.

Advertisment