Scope: Produce a proposal for a secure, highly available campus network for a new office building covering ten floors and supporting in excess of two thousand users and up to five hundred guests using wired and wireless technologies. In addition, provision a separate capability for building management, IoT and ‘Smart Building’ services.
Equipment Used: Cisco 6800, 3850 and 2960XR switches, Palo Alto firewalls, Cisco ISE, Cisco Aironet 3800-series access points
Delivery: The campus design was based around a modular model, with a lean, high-performance campus core based on Cisco 6800 switches running in layer three standalone mode. These switches were connected using multiple forty-gigabit connections, aggregated into an etherchannel for throughput and resilience. The campus distribution was based on a pair of 6807XL switches running as a VSS pair, again using the forty-gigabit capabilities of that platform. Access switches were comprised of multiple stacks of 3850 switches – specifically the model capable of multi-gigabit throughput – each running as a discrete layer three entity. In addition, there was a dedicated WAN layer, provisioned with dual ten-gigabit links back to the primary datacentres via two different carriers, and a campus services module for local services. A pair of Palo Alto firewalls formed the demarcation point between the regular campus network and the building services network, as one of the strategic guidelines within that organisation required physical separation between the two networks. The wireless overlay was comprised of 3807 access points, connected to the multi-gigabit ports of the 3850s and running in h-REAP mode, such that authenticated traffic would be ‘dropped’ onto the access VLAN associated with the stack that the APs were connected to.
Audience: The audience was a very difficult mixture of technical and non-technical staff, all of whom had quite specific expertise in different parts of the design.
Challenges: The greatest challenge faced on this project was related to the internal politics of the organisation. This led to a very large team of subject matter experts who tended to work within their own silos. This made it very difficult to engage fully as a project team, and building up the interpersonal relationships within those silos was the number one priority. Once that had been done, the design progressed rapidly. Also, due to the high-profile nature of the programme, some scope-creep was inevitable.
Takeaways: The design for this office was not especially complex, however the programme rapidly became bogged down because of the sheer scale of the undertaking. By building relationships with members of the project, we were still able to deliver a high quality design proposal and help other teams within the programme too.