Washington Elementary School District
Equipment Required to Implement the WAN

1. Public Access Router – Includes a T1 interface card for the connection to the Internet, and on-board LAN ports for the 100BaseT connection to the Firewall router.
2. Firewall/NAT Router – Includes a 1000BaseT daughtercard for the connection to the Phoenix C.O. router, and a 10/100 Ethernet network module for the connection to the Public Access router.
3. Phoenix C.O. Router – Includes three 8-port T1 port adapters for the connections to the other two WAN core routers and to the attached schools.
4. Greenway C.O. Router – Includes three 8-port T1 port adapters for the connections to the other two WAN core routers and to the attached schools.
5. Sunnyslope C.O. Router – Includes a 4-port BRI port adapter with a U interface for the connection to the Community School, a 1-port HSSI port adapter for the connection to the Shaw Butte network, and three 8-port T1 port adapters for the connections to the other two WAN core routers and to the attached schools.

Redundancy In The WAN Design
Each WAN core router is connected to each of the other two core routers by four redundant T1 links. This provides redundancy in case one or more of the links goes down, as the router can redistribute traffic among the remaining links. It also provides redundancy because the three core routers form a mesh, so that traffic can still be routed even if all four links between any two routers were all broken. In addition, the T1 links are distributed among separate blades on the routers, so that the failure of an entire blade will not take down the entire connection between the two routers.

Benefits Summary
Fault Tolerance
One important benefit of the WAN design is redundancy. Between each core router, there are four T1 links. This helps to ensure that traffic will still be able to flow between the sites even if one or more of the links goes down. The three core routers are also connected to each other in a mesh, so that even if all four links between any two of them were severed completely, traffic could still be routed around the break. The links are also distributed among network modules in each router, so that even if an entire blade were to go down, it would not take down the entire link.

Scalability
The network design factors in an expected doubling in WAN core throughput and 10-fold growth in Internet connection throughput over the next seven to ten years. All three core routers can easily be upgraded from T1 to T3 links by replacing network modules, and could also accomodate faster connections such as ATM or SONET as well if necessary. Each router's backplane has sufficient capacity to handle any expected increase in WAN core traffic during the next seven to ten years. The Public Access router can also be upgraded to a T3 connection to the Frame Relay cloud without suffering any loss in efficiency.

Layered Design
As described in the WAN model, the proposed WAN design is divided into a two-layer hierarchy. Traffic flows no higher in the hierarchy than is necessary to reach its destination, which helps preserve WAN bandwidth. Only traffic destined for another school or the Internet is permitted onto the Core layer, where it is routed to its destination as quickly as possible. No packet filtering or manipulation which would slow down the traffic is done at the Core layer, but is done instead at the Access layer. Since the role of the Core layer is clearly defined, this allows for future growth into a three-layer hierarchy with minimal disruption, since it will involve changes at the Access layer only, as the current Access layer routers are redefined as Distribution layer routers, and new routers lower in the hierarchy are added to create a new Access layer.

Leased-line Alternatives
Most of the WAN links are characterized by "always-on" leased lines, which provide reliability but are relatively expensive. In two areas of the network where the expense of leased-lines is not justified, more cost-effective options have been implemented:

• For the link from the Public Access router to the Internet provider, a Frame Relay connection has been put in place. Access to the Internet is expected to be sporadic, and Frame Relay has the benefit of guaranteeing the same speed as a T1 link, but at a lower cost since the provider does not provide an "always-on" link, and charges for access to the Frame Relay cloud regardless of the distance across the cloud that data must travel.
• For the link from the Sunnyslope Central Office to the Community School, an ISDN link has been put in place. The Community School has far fewer students than the other schools in the network, and does not have a computer lab. It therefore has much lower bandwidth requirements, and only requires occasional access to the District network. For these reasons, Sunnyslope router and the Community School router have been set up to use dial-on-demand routing, in which the link is only brought up when interesting traffic needs to cross the link, and is taken down again when the data transfer is finished.

• Between the Public Access router and the District network, there is a Firewall router on which access control lists have been implemented. Outside users will have access to public web, email, and DNS servers located on the Internet Services Segment but will be blocked from accessing any further. The ACLs on the Firewall router are designed to keep track of conversations initiated by users on the network and permit return traffic, but deny all other traffic.
• On the ISDN link, PPP encapsulation has been chosen due to its ability to use Challenge Handshake Authentication Protocol (CHAP) for authentication. In contrast to other layer 2 WAN encapsulation methods, PPP and CHAP require the remote host to respond to an authentication challenge in order to gain access, and to respond to periodic challenges thereafter. The hostname and password information is also encrypted. Both of these make it more difficult for an outside user to gain access to the network through brute-force attacks, such as repeatedly sending username and password pairs, or recording and resending authentication information from a legitimate user.