NETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE Computer Network Analysis and Design Slide 1

Designing a Network Topology

NETE-4635

Network Topology Design Themes

ƒ

Hierarchy

ƒ

Redundancy

ƒ

Modularity

ƒ

Well-defined entries and exits

Why Use a Hierarchical Model?

ƒ

Reduces workload on network devices

−

Avoids devices having to communicate with

too many other devices (reduces “CPU

adjacencies”)

ƒ

Constrains broadcast domains

ƒ

Enhances simplicity and understanding

ƒ

Facilitates changes

Hierarchical Network Design

Enterprise WAN

Backbone

Campus A

Campus B

Campus C

Building C-1

Building C-2

Campus C Backbone

Core Layer

Distribution

Layer

Access Layer

Cisco’s Hierarchical Design Model

ƒ

A core layer of high-end routers and

switches that are optimized for availability

and speed

ƒ

A distribution layer of routers and switches

that implement policies and segment traffic

ƒ

An access layer that connects users via

hubs, switches, and other devices

Flat Versus Hierarchy

Flat Loop Topology

Headquarters

in Medford

Grants Pass

Branch

Office

Ashland

Branch

Office

Klamath Falls

Branch Office

Headquarters

in Medford

Ashland

Branch

Office

Klamath Falls

Branch Office

Grants Pass

Branch

Office

White City

Branch

Office

Mesh

Designs

A Partial-Mesh Hierarchical Design

Headquarters

(Core Layer)

Branch Offices (Access Layer)

Regional

Offices

(Distribution

Avoid Chains and Backdoors

Core Layer

Distribution Layer

Access Layer

Core Layer

ƒ

Provide 100% uptime

ƒ

Maximize throughput

ƒ

Facilitate network

growth

Redundant Links and Mesh Topology

in Core Layer

Distribution Layer

ƒ

Filtering and

managing traffic

flows

ƒ

Enforcing access

control policies

ƒ

Isolating Core from

Access Layer

failures or

disruptions

ƒ

Routing between

Access Layer

VLANs

Campus Topology Design

ƒ

Use a hierarchical, modular approach

ƒ

Minimize the size of bandwidth domains

ƒ

Minimize the size of broadcast domains

ƒ

Provide redundancy

−

Mirrored servers

−

Multiple ways for workstations to reach a

router for off-net communications

Simple Redundant with

Spanning-Tree Protocol

Without STP

Access Control

in Distribution Layer

Without ACLs

With STP

Access Layer

ƒ

Represents the

edge of the

network where

end devices

connect.

Virtual LANs (VLANs)

ƒ

An emulation of a standard LAN that

allows data transfer to take place

without the traditional physical restraints

placed on a network

ƒ

A set of devices that belong to an

administrative group

ƒ

Designers use VLANs to constrain

broadcast traffic

VLANs versus Real LANs

Switch A

Station A1

Station A2

Station A3

Network A

Switch B

Station B1

Station B2

Station B3

VLANs Span Switches

Switch A

Station B1

Station B2 Station B3

Switch B

Station B4

Station B5 Station B6

Station A1 Station A2 Station A3

Station A4 Station A5 Station A6

WLANs and VLANs

ƒ

A wireless LAN (WLAN) is often

implemented as a VLAN

ƒ

Facilitates roaming

ƒ

Users remain in the same VLAN and IP

subnet as they roam, so there’s no need

to change addressing information

ƒ

Also makes it easier to set up filters

(access control lists) to protect the wired

network from wireless users

Server Farm

ƒ

Easy to secure, filter, and

prioritize traffic.

ƒ

Redundant, high-capacity

links can be installed.

ƒ

Cost-effective than

distributed servers

ƒ

Load balancing and failover

can be provided.

ƒ

Number of high-capacity

switches and security

devices is reduced.

Security Topologies

Enterprise

Network

DMZ

Web, File, DNS, Mail Servers

Security Topologies

Internet

Enterprise Network

DMZ

Protecting Server Farms Against Attack

ƒ

Firewalls

ƒ

LAN switch security features

ƒ

Host-based and

network-based intrusion detection

and prevention systems

ƒ

Load balancers

ƒ

Network analysis and

management devices

Workstation-to-Router Communication

ƒ

Proxy ARP (not a good idea)

ƒ

Listen for route advertisements (not a

great idea either)

ƒ

ICMP router solicitations (not widely used)

ƒ

Default gateway provided by DHCP (better

idea but no redundancy)

−

Use Hot Standby Router Protocol (HSRP) for

redundancy

HSRP

Active Router

Standby Router

Virtual Router

Workstation

Enterprise Internetwork

Multihoming the Internet Connection

Enterprise

Enterprise

Enterprise

ISP 1

ISP 1

ISP 2

ISP 1

ISP 1

ISP 2

Enterprise

Option A

Option B

Option C

Option D

Paris

NY

Paris

NY