• No results found

Top-Down Network Design

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Top-Down Network Design"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

Top-Down Network Design

Chapter Five

Designing a Network Topology

Copyright 2010 Cisco Press & Priscilla Oppenheimer

Topology

 A map of an internetwork that indicates network segments, interconnection points, and user communities.

 A term used in the computer networking field to describe the structure of a network

 During the topology design phase, you

identify networks and interconnection points, the size and scope of networks, and the types of internetworking devices that will be

required, but not the actual devices.

(2)

Network Topology Design Themes

 Hierarchy

 Redundancy

 Modularity

 Well-defined entries and exits

 Protected perimeters

Why Use a Hierarchical Model?

 Reduces workload on network devices

◦ Avoids devices having to communicate with too many other devices (reduces “CPU adjacencies”)

 Constrains broadcast domains

 Enhances simplicity and understanding

 Facilitates changes

(3)

Hierarchical Network Design

Cisco’s Hierarchical Design Model

 A core layer of high-end routers and switches that are optimized for availability and speed

 A distribution layer of routers and switches that implement policies and segment traffic

 An access layer that connects users via hubs, switches, and other devices

◦ WAN: the access layer consists of the routers at the edge of the campus networks.

◦ Campus network: the access layer provides switches for end-user access

(4)
(5)

Flat Versus Hierarchy



A flat WAN for a small company can consist of a few

sites connected in a loop. Each site has a WAN

router that connects to two other adjacent sites via

point-to-point links

(6)

Mesh Designs



Mesh topology helps meet availability requirements



Partial-mesh network has fewer connections. Reach another router or switch might require traversing intermediate links



Full-mesh topology:

every router or switch is connected to every other router or switch.

A Partial-Mesh Hierarchical Design

(7)

A Hub-and-Spoke Hierarchical Topology



A topology that consists of one central network and a set of remote networks each with one connection to the central network and no direct connections to each other.



Traffic between remote networks goes through the hub network.

Avoid Chains and Backdoors



Connect the branch network to another branch, adding a fourth layer . This is a common network design mistake that is known as adding a chain.



A backdoor is a connection between devices in the same layer .

they cause unexpected routing and switching problems and

make network documentation and troubleshooting more

difficult.

(8)

How Do You Know

When You Have a Good Design?



When you already know how to add a new building, floor, WAN link, remote site, e-commerce service, and so on



When new additions cause only local change, to the directly-connected devices



When your network can double or triple in size without major design changes



When troubleshooting is easy because there are no complex protocol interactions

Campus Topology Design

 Use a hierarchical, modular approach

 Minimize the size of bandwidth domains

 Minimize the size of broadcast domains

 Provide redundancy

◦ Mirrored servers

◦ Multiple ways for workstations to reach a router

(9)

Cisco’s Enterprise Composite Network Model

 To scale the hierarchical model, Cisco developed the ECNM, which reduces the enterprise network into further physical, logical, and functional

boundaries. Hierarchy is embedded as required into each module.

Enterprise Campus Modules

 Server farm

 Network management module

 Edge distribution module for connectivity to the rest of the world

 Campus infrastructure module:

◦ Building access submodule

◦ Building distribution submodule

◦ Campus backbone

(10)
(11)

Redundant Network Design Topologies

 Lets you meet network availability by

duplicating network links and interconnectivity devices.

 Eliminates the possibility of having a single point of failure

 Can be implemented in both campus and enterprise

Campus goals for users accessing local services

Enterprise goals for overall availability and performance

Analyze business and technical goals of customer

(12)

Backup Paths

 Consists of routers and switches and

individual backup links between routers and switches that duplicate devices and links on the primary path

 Consider 2 aspects of backup path

How much capacity does it support

How quickly will the network begin using it

 Common to have less capacity than a primary path

Different technologies

Expensive

Backup Paths (Cont)

 Manual versus automatic

◦ Manual reconfigure users will notice disruption and for mission critical systems not acceptable

◦ Use redundant, partial-mesh network designs to speed automatic recovery time

 They must be tested

 Sometimes used for load balancing as well as

(13)

Load Balancing

 Primary goal of redundancy is to meet availability

 Secondary goal is to improve performance by load balancing across parallel links

 Must be planned and in some cases configured

 In ISDN environments can facilitate by configuring channel aggregation

Channel aggregation means that a router can automatically bring up multiple ISDN B channel as bandwidth

requirements increase

Designing a Campus Network Design Topology

 Should meet a customer’s goals for availability and performance by:

◦ featuring small broadcast domains,

◦ redundant distribution-layer segments,

◦ mirrored servers,

◦ and multiple ways for a workstation to reach a router for off-net communications

 Designed using a hierarchical model for good

performance, maintainability and scalability.

(14)

Virtual LANs (VLANs)

 An emulation of a standard LAN that allows data transfer to take place without the

traditional physical limits placed on a network

 A set of devices that belong to an administrative group

 Designers use VLANs to constrain broadcast traffic

VLANs versus Real LANs

(15)

A Switch with VLANs

VLANs Span Switches

The VLAN tag contains a VLAN ID that specifies to which

VLAN the frame belongs

Trunk

(16)

WLANs and VLANs

 A wireless LAN (WLAN) is often implemented as a VLAN

 Facilitates roaming

 Users remain in the same VLAN and IP subnet as they roam, so there’s no need to change addressing information

 Also makes it easier to set up filters (access control lists) to protect the wired network from wireless users

Campus Hierarchical Redundancy Topology

(17)

Workstation-to-Router Communication

 Proxy ARP: router running proxy ARP can respond to the ARP

request with the router's data link layer address.

 Listen for route advertisements: each router periodically

multicasts an ICMP router advertisement packet from each of its interfaces, announcing the IP address of that interface.

Workstations discover the addresses of their local routers simply by listening for advertisements

 ICMP router solicitations: a workstation can multicast an

ICMP router solicitation packet to ask for immediate advertisements, rather than wait for the next periodic advertisement to arrive.

 Default gateway provided by DHCP

Use Hot Standby Router Protocol (HSRP) for redundancy

Hot Standby Router Protocol (HSRP)

 HSRP works by creating a virtual router, also called a phantom router.

The virtual router has its own IP and MAC addresses. Each workstation is configured to use the virtual router as its default gateway. When a workstation broadcasts an ARP frame to find its default gateway, the active HSRP router responds with the virtual router's MAC address. If the active router goes offline, a standby router takes over as active router, continuing the delivery of the workstation's packets.



HSRP provides a way

for an IP workstation

to keep communicating

on an internetwork

even if its default

gateway becomes

unavailable.

(18)

Designing the

Enterprise Edge Topology

Redundant WAN Segments

 Because Wan links can be critical, redundant (backup) WAN links are often included in the enterprise topology

 Full-mesh topology provides complete redundancy

 Full mesh is costly to implement, maintain,

(19)

Multihoming the Internet Connection

The generic meaning of multihomingis to "provide more than one connection for a system to access and offer network services."

Multihoming the Internet Connection

(20)

Virtual Private Networking



Enable a customer to use a public network to provide a secure connection among sites on the organization’s internetwork



Can also be used to connect an enterprise intranet to an extranet to reach outside parties



Gives the ability to connect geographically-dispersed offices via a service provider



Company data can be encrypted for routing



Firewalls and TCP/IP tunneling allow a customer to use a public network as a backbone for the

enterprise network

Meeting Security Goals with Firewall Topologies - DMZ



For the need to publish public data and protect private data,

the firewall topology can include a public LAN that hosts

Web, FTP, DNS, and SMTP servers. The public LAN referred

as the free-trade zone. Another term is demilitarized zone

(DMZ)

(21)

Security Topologies - Three-part firewall



An alternative topology is to use two routers as the firewalls

and place the DMZ between them.

(22)

Summary

 Use a systematic, top-down approach

 Plan the logical design before the physical design

 Topology design should feature hierarchy, redundancy, modularity, and security

Review Questions



Why are hierarchy and modularity important for network designs?



What are the three layers of Cisco’s hierarchical network design?



What are the major components of Cisco’s enterprise composite network model?



What are the advantages and disadvantages of the

References

Download now ( PDF - 22 Page - 2.38 MB )

Related documents

Software-based methods for Operating system dependability

This document presents a fault injection tool, called Kernel-based Fault-Injection Tool Open-source (KITO), to analyze the effects of faults in memory elements containing kernel

Standard Chartered Singapore posts 17% rise in operating profit

The Consumer Banking business continues to grow and gain share, with a continued strategy focused on innovation and service, delivering an income of US$479 million, an 8% growth from

Medicine Shelf Stuff

○ If BP elevated, think primary aldosteronism, Cushing’s, renal artery stenosis, ○ If BP normal, think hypomagnesemia, severe hypoK, Bartter’s, NaHCO3,

Does masculinity matter? The contribution of masculine face shape to male attractiveness in humans

Morphing methods often use objective criteria of masculinity, but are subject to the alternative shortcoming that only one variable is manipulated in the construction of the

Poultry in Motion: A Study of International Trade Finance Practices

The positive and signi…cant coe¢ cient on the post shipment dummy in the fourth column implies that prices charged in post shipment term transactions are higher than those charged

This chapter introduces general campus switching and data center design considerations. It includes the following sections:

For a medium-sized campus with 200 to 1000 end devices, the network infrastructure typically consists of Building Access layer switches with uplinks to Building

Securing Web Applications...at the Network Layer

Perform SQL Injection in order to get sensitive data back to the hacker VLAN 3 VLAN 4 DMZ-2 VLAN 3 VLAN 4 External Servers Database Server Intranet Internet Internet Internet

Efficient Management of the Traffic Flows in Wireless Internet. Contents. The mobile Internet. Evolution in telecom technologies

Network Layer Higher Layers Securi ty Service Access Provider to other packet data networks Access Layer Data Link Layer. Network Layer