Designing Cisco Network Service Architectures

(1)

ARCH

Designing Cisco

Network Service

Architectures

Volume 1

Version 1.2

Student Guide

Text Part Number: ILSG Production Services: 12.21.04

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

(2)

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices.

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica Croatia • Cyprus • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania

Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe

Copyright © 2004 Cisco Systems, Inc. All rights reserved. CCSP, the Cisco Square Bridge logo, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Post-Routing, ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0406R)

DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

(3)

Students, this letter describes important

course evaluation access information!

Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,

Cisco Systems is committed to bringing you the highest-quality training in the industry.

Cisco learning products are designed to advance your professional goals and give you the

expertise you need to build and maintain strategic networks.

Cisco relies on customer feedback to guide business decisions; therefore, your valuable

input will help shape future Cisco course curricula, products, and training offerings.

We would appreciate a few minutes of your time to complete a brief Cisco online course

evaluation of your instructor and the course materials in this student kit. On the final day

of class, your instructor will provide you with a URL directing you to a short post-course

evaluation. If there is no Internet access in the classroom, please complete the evaluation

within the next 48 hours or as soon as you can access the web.

On behalf of Cisco, thank you for choosing Cisco Learning Partners for your Internet

technology training.

Sincerely,

Cisco Systems Learning

(4)

(5)

Volume 1

Course Introduction

1

Overview 1

Learner Skills and Knowledge 2

Course Goal and Objectives 4

Course Flow 5

Additional References 6

Cisco Glossary of Terms 6

Your Training Curriculum 7

Introducing Cisco Network Service Architectures

1-1

Overview 1-1

Module Objectives 1-1

Introducing the Cisco AVVID Framework 1-3

Overview 1-3

Objectives 1-3

What Is the Cisco AVVID Framework? 1-4

What Are the Performance Concerns When Deploying an Enterprise Network? 1-7

What Are the Scalability Concerns When Deploying an Enterprise Network? 1-9

What Are the Availability Concerns When Deploying an Enterprise Network? 1-10

What Is the Cisco AVVID Network Infrastructure? 1-11

What Are the Cisco AVVID Intelligent Network Services? 1-13

What Are the Cisco AVVID Network Solutions? 1-15

Summary 1-16

Introducing the Enterprise Composite Network Model 1-17

Overview 1-17

Objectives 1-17

What Is the Enterprise Composite Network Model? 1-18

What Is the Enterprise Campus? 1-22

What Is the Enterprise Edge? 1-26

Service Provider Edge 1-30

Summary 1-32

Introducing the Network Design Methodology 1-33

Overview 1-33

Objectives 1-33

Network Design Process 1-34

Network Design Phases 1-35

Validating the Network Design 1-38

Summary 1-42

Module Summary 1-43

References 1-43

Module Self-Check 1-44

Module Self-Check Answer Key 1-49

Designing Enterprise Campus Networks

2-1

Overview 2-1

Reviewing the Enterprise Network Design Methodology 2-3

Overview 2-3

Objectives 2-3

Designing the Campus within the Enterprise Composite Network Model 2-4

What are the Typical Requirements for an Enterprise Campus Network? 2-6

What is the Enterprise Campus Design Methodology? 2-8

Analyzing Network Traffic Patterns 2-10

Summary 2-12

(6)

Designing the Campus Infrastructure 2-13

Overview 2-13

Objectives 2-13

Designing the Logical Campus Network 2-14

Designing the Physical Campus Network 2-19

Selecting Data Link Layer or Multilayer Switching Solutions 2-25

Selecting Cisco Hardware and Software 2-31

Identifying an IP Addressing Strategy 2-33

Selecting Routing Protocols 2-37

When to Choose RIP or RIPv2 2-38

When to Choose IGRP 2-38

When to Choose EIGRP 2-39

When to Choose OSPF 2-40

When to Choose Integrated IS-IS 2-40

Selecting Areas or Networks 2-41

Proposing Enterprise Campus Designs 2-42

Summary 2-48

Designing the Server Farm 2-49

Overview 2-49

Objectives 2-49

What are the Design Requirements for the Server Farm? 2-50

Selecting Server Farm Infrastructure Architecture 2-52

Designing the Server Farm for Scalability 2-56

Considerations for Server Farm Security and Manageability 2-58

Summary 2-60

Module Summary 2-61

References 2-61

Designing Enterprise Edge Connectivity

3-1

Overview 3-1

Reviewing the Enterprise Edge Network Design Methodology 3-3

Overview 3-3

Objectives 3-3

What is the Enterprise Edge Design within the Enterprise Composite Model? 3-4

What are the Typical Requirements for the Enterprise Edge? 3-6

What is the Enterprise Edge Design Methodology? 3-8

Analyzing Network Traffic Patterns 3-10

Summary 3-12

Designing the Classic WAN Module 3-13

Overview 3-13

Objectives 3-13

What are the Enterprise Needs for the WAN? 3-14

Selecting the WAN Topology 3-15

Selecting a Service Provider 3-19

Selecting the Data Link Layer 3-21

Selecting the Physical Layer 3-23

(7)

Designing the Remote Access Module 3-39

Overview 3-39

Objectives 3-39

What are the Enterprise Needs for Remote Access? 3-40

Selecting the Remote-Access Type and Termination 3-43

Selecting the Remote-Access Physical Connectivity 3-45

Selecting the Remote-Access Protocol 3-47

Selecting Cisco Access Routing Solutions 3-48

Designing Enterprise Remote-Access Solutions 3-52

Summary 3-56

Designing the Internet Connectivity Module 3-57

Overview 3-57

Objectives 3-57

What are the Enterprise Requirements for the Internet? 3-58

Using NAT at the Enterprise Edge 3-60

Designing ISP Connectivity Solutions 3-61

Designing Internet Connectivity Solutions 3-64

Summary 3-66

Module Summary 3-67

References 3-67

Designing Network Management Services

4-1

Overview 4-1

Developing an Enterprise Network Management Strategy 4-3

Overview 4-3

Objectives 4-3

What are the Goals for Network Management? 4-4

What are the Network Management Policies and Procedures? 4-7

What are the Network Management Module Functions? 4-10

What is the Cisco Network Management Strategy? 4-11

What are the CiscoWorks Features? 4-12

What is the CiscoWorks LAN Management Solution? 4-14

What is the CiscoWorks Routed WAN Management Solution? 4-18

Summary 4-21

Designing the Network Management Architecture 4-23

Overview 4-23

Objectives 4-23

Considerations for Network Management Design 4-24

Recommendations for Network Management Deployment 4-28

Designing Network Management Solutions 4-33

Summary 4-42

Module Summary 4-43

References 4-43

Designing High-Availability Services

5-1

Overview 5-1

Reviewing High-Availability Features 5-3

Overview 5-3

Objectives 5-3

What are Network Requirements for High Availability? 5-4

What is Cisco IOS High-Availability Architecture? 5-7

(8)

What is Fault Tolerance and Hardware Redundancy? 5-8

What are the Options for Layer 3 Redundancy? 5-13

What is Redundancy and Spanning Tree Protocol? 5-16

Summary 5-20

Designing High-Availability Enterprise Networks 5-21

Overview 5-21

Objectives 5-21

What are the Design Guidelines for High Availability? 5-22

What are the Best Practices for High-Availability Network Design? 5-29

What are the Enterprise Campus Design Guidelines for High Availability? 5-31

What are the Enterprise Edge Design Guidelines for High Availability? 5-35

Strategy for High-Availability Design 5-37

Summary 5-38

Module Summary 5-39

References 5-39

Designing Security Services

6-1

Overview 6-1

Evaluating Network Security Policies 6-3

Overview 6-3

Objectives 6-3

Network Vulnerabilities 6-4

Defining a Security Policy 6-6

Network Security as a Process 6-8

Securing the Network 6-8

Monitoring Security 6-9

Testing Security 6-9

Improving Security 6-9

Risk Assessment and Management 6-10

Summary 6-13

Reviewing Cisco Security Solutions 6-15

Overview 6-15

Objectives 6-15

Key Elements of Network Security 6-16

Network Security Attacks and Solutions 6-18

Firewall Design Options 6-30

Intrusion Detection System Design Options 6-37

Authentication, Authorization, and Accounting 6-40

IP Security 6-46

Device Security Options 6-50

Summary 6-55

Implementing Network Security Using the Cisco SAFE Security Blueprints 6-57

Overview 6-57

Objectives 6-57

Cisco SAFE Architecture Overview 6-58

SAFE Security Strategies for Small Networks 6-60

(9)

ARCH

Course Introduction

Overview

In Designing Cisco Network Service Architectures (ARCH) v1.2, you will learn how to perform the conceptual, intermediate, and detailed design of a network infrastructure that supports desired network solutions over intelligent network services, to achieve effective performance, scalability, and availability.

You will learn the fundamental aspects of campus and edge network design, network management, high availability, security, quality of service (QoS), and IP multicast. In addition, you will be able to design solutions for the network that are strategic to small, medium, and large enterprises, including virtual private networking, wireless, and IP telephony.

(10)

Learner Skills and Knowledge

This subtopic lists the skills and knowledge that learners must possess to benefit fully from the course. The subtopic also includes recommended Cisco learning offerings that learners should complete to benefit fully from this course.

Introduction to Cisco Networking Technologies (INTRO) Cisco IP Telephony (CIPT)

Managing Cisco Network Security (MCNS) Implementing Cisco Multicast (MCAST)

Learner Skills and Knowledge

• Cisco CCNA®_{certification and Cisco CCNP}®_{certification}

or

• Completion of related courses:

– CCNA Basics

– Interconnecting Cisco Network Devices (ICND)

– Building Scalable Cisco Internetworks (BSCI)

– Building Cisco Multilayer Switched Networks (BCMSN)

– Building Cisco Remote Access Networks (BCRAN)

– Cisco Internetwork Troubleshooting (CIT)

– Designing for Cisco Internetwork Solutions (DESGN)

– IP Telephony

– Quality of Service (QOS)

– Security Technologies

– IP Multicast

Before taking ARCH, learners should be familiar with internetworking technologies, Cisco products, and Cisco IOS features. Specifically, before attending this course learners should be able to meet these objectives:

Design the necessary services to extend IP addresses using variable-length subnet masking

(VLSM) and route summarization

Implement appropriate networking routing protocols, such as Open Shortest Path First

(OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP) on an existing internetwork

Redistribute routes between different routing protocols

(11)

technology requirements, including permanent or dial-up access between a central campus, branch offices, and telecommuters

Select Cisco equipment to establish appropriate WAN connections

Enable protocols and technologies that allow traffic flow between multiple sites, while minimizing the amount of overhead traffic on each connection

Implement QoS capabilities to ensure that mission-critical applications receive the required bandwidth within a given WAN topology

Implement Cisco Voice over IP and IP telephony solutions

(12)

Course Goal and Objectives

This topic describes the course goal and objectives.

“To perform the conceptual, intermediate, and

detailed design of a network infrastructure that supports the network solutions to achieve effective performance, scalability, and

availability to meet the desired requirements”

Designing Cisco Network Service Architectures (ARCH v1.2)

Course Goal

Upon completing this course, you will be able to meet these objectives:

Present the Cisco AVVID framework, its segmentation of the network infrastructure, and

intelligent network services to support key enterprise network applications and network solutions

Create conceptual, intermediate, and detailed enterprise campus network and Enterprise Edge infrastructure designs that offer effective functionality, performance, scalability, and availability

Create conceptual, intermediate, and detailed intelligent network service designs for

network management, high availability, security, QoS, and IP multicast

Create conceptual, intermediate, and detailed virtual private network designs Create conceptual, intermediate, and detailed wireless network designs

(13)

Course Flow

This topic presents the suggested flow of the course materials.

Course Flow

Course Introduction Introducing Cisco Network Service Architectures Designing Enterprise Campus Networks Designing IP Multicast Services Designing IP Telephony Solutions Lunch Designing Network Management Services Designing QoS Designing Enterprise Wireless Networks A M P M Wrap-Up

Day 1 Day 2 Day 3 Day 4 Day 5

Designing Security Services Designing Enterprise Campus Networks (cont.) Designing Enterprise Edge Connectivity Designing High-Availability Services Designing Virtual Private Networks Designing Enterprise Edge Connectivity (cont.)

The schedule reflects the recommended structure for this course. This structure allows enough time for the instructor to present the course information and for you to work through the lab activities. The exact timing of the subject materials and labs depends on the pace of your specific class.

(14)

Additional References

This topic presents the Cisco icons and symbols used in this course and also information on where to find additional technical references.

Cisco Icons and Symbols

Cisco Glossary of Terms

For additional information on Cisco terminology, refer to the Cisco Internetworking Terms and Acronyms glossary of terms at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm.

(15)

Your Training Curriculum

This topic presents the training curriculum for this course.

Cisco Certifications

This educational offering is a Cisco certification professional-level course. ARCH is the recommended method of preparation for the Cisco CCDP®_{exam. The CCDP certification}

indicates a professional mastery of network design.

This course enables learners, applying solid Cisco network solution models and best design practices, to provide viable, stable enterprise internetworking solutions. The course presents concepts and examples necessary to design enterprise campus networks and enterprise edge networks. Advanced network infrastructure technologies, such as Virtual Private Networks (VPNs) and wireless communications, are also covered.

The course covers issues and considerations for fundamental intelligent network services, including security, network management, QoS, high availability, and bandwidth use optimization through IP multicasting and also design models for network solutions such as voice networking and content and storage networking.

The CCDP exam is the final step necessary to achieve Cisco CCDP certification, following the Cisco CCNA®_{and Cisco CCDA}®_{exams. A CCDP certification affirms possession of some of}

the skills needed to achieve Cisco CCIE® _{certification.}

You are encouraged to join the Cisco Certification Community, a discussion forum open to anyone holding a valid Cisco Career Certification (such as Cisco CCIE, CCNA, CCDA, CCNP®,_{CCDP, CCIP}™,_{or CCSP}™_{). The Cisco Certification Community provides a gathering}

place for Cisco-certified professionals to share questions, suggestions, and information about Cisco Career Certification programs and other certification-related topics. For more

information, visit

http://www.cisco.com/en/US/learning/le3/le2/le41/learning_certification_level_home.html.

(16)

Cisco CCDP Career Certifications

Expand Your Professional Options and Advance Your Career

CCDP Professional CCIE CCDP CCDP CCNA/CCDA CCNA/CCDA Associate

Professional-level recognition in Designing Cisco Network Service Architectures (ARCH)

http://www.cisco.com/go/certifications

Recommended Training Through Cisco Learning Partners Required Exam CCDP 642-801 BSCI 642-811 BCMSN 642-871 ARCH

Building Scalable Cisco Internetworks

Building Cisco Multilayer Switched Networks Designing Cisco Network Service Architectures

(17)

Module 1

Introducing Cisco Network

Service Architectures

Overview

Large enterprises increasingly seek an enterprise-wide infrastructure to serve as a solid foundation for emerging applications such as IP telephony. The Cisco Architecture for Voice, Video and Integrated Data (AVVID) framework, with its open communications interface, is the basis of Cisco’s enterprise network architecture. The framework is designed to support the operation of concurrent solutions operating over a single infrastructure designed, tested, and fully documented with scalability, performance, and availability that meets end-to-end enterprise requirements.

Module Objectives

Upon completing this module, you will be able to present the Cisco AVVID framework, its segmentation of the network infrastructure, and intelligent network services to support key enterprise network applications and network solutions. This ability includes being able to meet these objectives:

Describe the Cisco AVVID framework and explain how it addresses enterprise network

needs for performance, scalability, and availability

Describe the Enterprise Composite Network Model used to design enterprise networks and

explain how it addresses enterprise network needs for performance, scalability, and availability

Describe the major steps of the network design process and explain how to validate your design before going live

(18)

(19)

Lesson 1

Introducing the Cisco AVVID

Framework

Overview

The Cisco AVVID framework provides an enterprise with a foundation that combines IP connectivity with performance and availability. Layering application solutions, such as voice, video, or content delivery networks, requires changes to an existing infrastructure. The Cisco AVVID framework provides effective design principles and practices to plan those changes. Each enterprise network is different because it is built to accommodate different topologies, media, and features that the specific enterprises may deploy. The Cisco AVVID framework provides an infrastructure on which to offer intelligent services to support network solutions and business applications.

Objectives

Upon completing this lesson, you will be able to describe the Cisco AVVID framework and explain how it addresses enterprise network needs for performance, scalability, and availability. This ability includes being able to meet these objectives:

Describe the major components of the Cisco AVVID framework and explain why an

architecture is important for enterprise networks

Describe performance concerns when deploying an enterprise network Describe scalability concerns when deploying an enterprise network

Describe availability concerns when deploying an enterprise network

Describe the network infrastructure component of the Cisco AVVID framework, and explain how it satisfies enterprise requirements for performance, scalability, and availability

Describe the intelligent network services of the Cisco AVVID framework, and explain how

those services support enterprise needs for performance, scalability, and availability

Describe the Cisco AVVID network solutions offered to address the needs of enterprise

applications

(20)

What Is the Cisco AVVID Framework?

This topic describes the major components of the Cisco AVVID framework and explains why an architecture is important for enterprise networks.

Cisco AVVID Framework

Cisco AVVID provides the framework for the Internet business solutions of today. Cisco AVVID is an enterprise-wide, standards-based network architecture that provides a roadmap for combining business and technology strategies into a cohesive model. A network

architecture is a roadmap and guide for ongoing network planning, design, and implementation. It provides a coherent framework that unifies disparate solutions onto a single foundation. The Cisco AVVID framework supports these key components:

Common network infrastructure: This includes the hardware and software used to send,

receive, and manage datagrams that are transmitted between end-user devices throughout the enterprise. Common network infrastructure includes the transmission media and devices that control transmission paths, including private and public transport media. Examples of these devices are routers, LAN switches, WAN switches, PBXs, and so on.

Intelligent network services: These services allow the end user to operate in a controlled, secure environment in which differentiated services are provided. Intelligent network services essentially add intelligence to the network infrastructure beyond just moving a datagram between two points. Intelligent network services allow for application awareness. Intelligent network services include network management, high availability, security, quality of service (QoS), and IP multicast.

(21)

network infrastructure and intelligent network services to their advantage. Network solutions allow enterprises to make business decisions about the business itself and also about networks and the technologies and applications that run on them. Network-based applications enable an enterprise organization to interact more effectively with customers, suppliers, partners, and employees. Customer service, commerce, supplier, and internal applications run over the network infrastructure enabled by intelligent network services. Some examples of network solutions are IP telephony, content networking, and storage networking.

Note This course discusses the design implications of IP telephony. Content networking and storage networking design are not included in this course.

(22)

Benefits of Cisco AVVID

• Integration

• Intelligence

• Innovation

• Interoperability

Cisco AVVID offers these benefits:

Integration: By leveraging the Cisco AVVID framework and applying the network intelligence inherent in IP, organizations can enable comprehensive tools to improve productivity.

Intelligence: Traffic prioritization and intelligent networking services maximize network

efficiency for optimized application performance.

Innovation: Customers have the ability to adapt quickly in a competitive and changing

business environment.

Interoperability: Standards-based hardware and software interfaces allow open

integration, providing organizations with choice and flexibility.

Combining network infrastructure and services with new applications, Cisco AVVID accelerates the integration of technology strategy with business activities. Cisco AVVID enables Internet business solutions for enterprises via the network infrastructure.

(23)

What Are the Performance Concerns When

Deploying an Enterprise Network?

This topic describes the performance concerns when deploying an enterprise network.

Primary Concern of Network Deployment:

Performance

• Responsiveness – Important to users • Throughput – Important to operational management • Utilization – Important to executive management

While specific devices or applications may promise performance, effective performance is achieved only by considering and optimizing each component. Only a cohesive, integrated, and optimized network can ensure the best network performance. Performance might be the least understood term in networking. Typically, performance is defined as throughput and packets per second (pps). These are easy numbers to gauge and report, but these values relate to a single switch or router and make no sense when measuring an entire network. For example, one can state that a network should perform at 10,000 pps, but testing over the network might yield only 5000 pps. What happened? In fact, the network might consist of 1.536-Mbps (T1) WAN links with traffic shaping enabled, which in turn limits the packet rate through the entire network. In addition, forwarding traffic at that rate might have an impact on the processor loads, limiting the overall throughput performance and placing the router at risk of not having enough resources—either to converge following a failure in the network or to enable additional features. The point is that there is no one metric for determining performance.

Instead, gauge network performance by these three metrics:

Responsiveness: This indicates how users or consumers perceive the performance of their

applications. Responsiveness is affected by link speeds, congestion, and features, and includes device and protocol responses. This is the most important metric in the network. If an application does not respond in an acceptable time, it does not matter how fast the network claims to be. This metric changes based on how an application responds to changes in the network. For example, many applications use TCP, which slows the

transmission rate into the network if too much congestion or loss is present in the network.

(24)

Throughput: This specifies the rate of information arriving at, and possibly passing through, a particular point in a network system. Throughput is closely related to utilization. As utilization increases, throughput approaches the theoretical maximum until driven to congestive collapse. Typically, throughput is measured in pps, kbps, Mbps, and Gbps.

Utilization: This measures the use of a particular resource over time. This measure is usually expressed as a percentage, where the usage of a resource is compared with its maximum operational capacity. Through utilization measures, you can identify congestion (or potential congestion) throughout the network. You can also identify underutilized resources.

Utilization is the principle measure to determine how full the network pipes (links) are. Analyzing CPU, interface, queuing, and other system-related capacity measurements allows you to determine the extent to which network system resources are being consumed. High utilization is not necessarily bad. Low utilization may indicate traffic flows in

unexpected places. As lines become overutilized, the effects can become significant. Overutilization on a link occurs when there is consistently more traffic that needs to pass through more of an interface than it can handle. Ultimately, there will be excessive queuing delays and even packet loss. Sudden jumps in resource utilization can indicate a fault condition.

(25)

What Are the Scalability Concerns When

Deploying an Enterprise Network?

This topic describes scalability concerns when deploying an enterprise network.

Primary Concern of Network Deployment:

Scalability

Scalability Requirements • Topology – Support changes with minimum reconfiguration • Addressing – Allow route summarization • Routing protocols – Accommodate changes without massive redesign

A network must be able to scale from where it is today to where it might be in the future. For example, a network administrator might need to design the WAN to support only 50 branch offices. However, over the course of a year, 50 more branches might require connectivity. The design, IP address management, features, and WAN link speeds must all be able to

accommodate this need for added connectivity without massive redesign of the network. When designing an enterprise network, you should try to implement some basic principles throughout the network to improve scalability. Specialization of devices and card modules for specific functions makes it easy to upgrade each device as the network grows. Parallelism in the network design improves overall network performance. By implementing a hierarchy, you will achieve more control and manageability of the network.

Specific network scalability concerns include the following:

Topology: Network topology must be such that additions or subtractions to the network do not cause major reconfigurations, create instability, affect deterministic performance, or adversely affect availability levels.

Addressing: Distribution of IP addresses should facilitate route summarization.

Additionally, it should be possible to create new subnets with a minimum impact on the addressing scheme and router load.

Routing protocols: The routing protocol of choice must be able to accommodate additions, deletions, and changes without a massive redesign.

(26)

What Are the Availability Concerns When

Deploying an Enterprise Network?

This topic describes availability concerns when deploying an enterprise network.

Primary Concern of Network Deployment:

Availability

• Device fault tolerance and redundancy

• Link redundancy

• Protocol resiliency

• Network capacity design

A major concern for network managers is how available the network is and how impervious it is to network changes. A network that takes 10 seconds to converge is clearly superior to one that takes 1 minute to converge.

To the user, the network is down regardless of whether an application went down, a router died, or a piece of fiber was cut. For this reason, availability must be viewed from the perspective of the user.

Key availability issues to address include the following:

Device fault tolerance and redundancy: This is often the first level of availability in the network. Fault-tolerant devices provide a high level of reliability. Cisco offers options for redundant supervisor engines and dual power supplies, which provide the first backstop against a network failure.

Link redundancy: Link redundancy is critical in the network and provides a high level of reliability in the event of a link failure. However, while some redundancy is good, more redundancy is not necessarily better.

(27)

What Is the Cisco AVVID Network Infrastructure?

This topic describes the network infrastructure component of the Cisco AVVID framework, and explains how it meets enterprise needs for performance, scalability, and availability.

Cisco AVVID Network Infrastructure

Components

The Cisco AVVID framework consists of several building blocks that deliver solutions to accelerate the enterprise. The network infrastructure components include clients and servers, network platforms, and intelligent network services.

The Cisco AVVID network infrastructure consists of these hardware components:

Clients and application servers: Network clients include workstations (both fixed and

portable), IP Phones, and wireless devices. Application servers provide services to clients and may be located in a data center or other easily accessible network location.

Network platforms: The network platforms comprise routers, gateways, switches, servers, firewalls, and other devices. This component of the architecture provides the basis for a complete networking solution.

Intelligent network services: Intelligent network services include the platforms, network

services, appliances, and management that allow business rules and policies to positively affect network performance.

The Cisco AVVID network infrastructure solution provides an enterprise foundation that combines IP connectivity with high performance and availability. Although layering

application solutions such as voice, video, or content delivery networks require changes to the network infrastructure, this infrastructure provides a basis for good design principles and practices.

Each network is different because it is built to accommodate different topologies (mesh or hub-and-spoke), WAN technologies (such as Frame Relay, ATM, or PPP), and networks (LAN, WAN, or metropolitan-area network [MAN]) that enterprises deploy.

(28)

Network managers who design and build networks to support solutions such as voice and video must first consider the components that allow networks to operate properly. Thus, the network device often becomes the focus of design decisions. However, a single device—whether a switch, router, or other networking device—is only a component of the overall network. How the devices connect, what features and protocols are used, and how they are used form the foundation for the services that run on top of the network. If the foundation is unstable, layering solutions over the network can create problems.

By laying the foundation for basic connectivity and protocol deployment, the Cisco AVVID network infrastructure solution addresses the three primary concerns of network deployment: performance, scalability, and availability.

(29)

What Are the Cisco AVVID Intelligent Network

Services?

This topic describes the intelligent network services of the Cisco AVVID framework and explains how those services meet enterprise needs for performance, scalability, and availability.

Cisco AVVID Intelligent Network Services

Cisco AVVID network infrastructure supports the key intelligent network services, which comprise numerous networking technologies and topologies, with a corresponding large number of possible designs and architectures. The net result is a blueprint that blends equipment, features, and management tools that match business criteria.

Cisco deploys these intelligent network services to keep the network at peak performance:

Network management: This service provides a number of related network management

tools built on a Common Management Foundation (CMF). Tools include the LAN Management Solution (LMS) for advanced management of Catalyst multilayer switches; the Routed WAN Management Solution (RWAN) for monitoring traffic management and providing access control to administer the routed infrastructure of multiservice networks; the Service Management Solution for managing and monitoring service level agreements; and the Virtual Private Network (VPN)/Security Management Solution for optimizing VPN performance and security administration.

High availability: This service refines design and tools to ensure end-to-end availability

for services, clients, and sessions. Tools include reliable, fault-tolerant network devices to automatically identify and overcome failures, and resilient network technologies, such as Hot Standby Router Protocol (HSRP), to bring resilience to the critical junction between hosts and backbone links.

(30)

Security: This service ensures the security of the network through authentication, encryption, and failover. Security features include application-based filtering (context-based access control), intrusion detection in the network and at hosts, defense against network attacks, per-user authentication and authorization, and real-time alerts.

QoS: This service manages the delay, delay variation (jitter), bandwidth, and packet loss parameters on a network to meet the diverse needs of voice, video, and data applications. QoS features provide functionality such as network-based application recognition (NBAR) for classifying traffic on an applications basis, a Service Assurance Agent (SAA) for end-to-end QoS measurements, and Resource Reservation Protocol (RSVP) signaling for admission control and reservation of resources.

IP multicast: This service provides bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to thousands of end-system clients. Multicasting enables distribution of videoconferencing, corporate communications, distance learning, distribution of software, and other applications. Multicast packets are replicated in the network by Cisco routers enabled with Protocol Independent Multicast (PIM) and other supporting multicast protocols resulting in an efficient delivery of data to multiple receivers.

Cisco AVVID Intelligent Network Services

Meet Enterprise Needs

Makes applications more available Increases scalability of existing network resources Enhances application performance IP Multicast Makes critical applications more available Increases support of preferred applications Enhances performance of selected applications Quality of Service Makes applications and data more

available Security Makes network more available High Availability Monitors device and network availability Enhances performance when preemptive Network Management Availability Scalability Performance

The figure describes how the Cisco AVVID intelligent network services meet enterprise network needs for performance, scalability, and availability.

(31)

What Are the Cisco AVVID Network Solutions?

This topic describes the Cisco AVVID network solutions that Cisco offers to address enterprise application needs.

Cisco AVVID Network Solutions

The Cisco AVVID framework provides a foundation for applications and solutions. Third-party companies provide solutions through the Cisco AVVID Partner Program, while Cisco provides the following solutions:

VPN (part of the Enterprise Edge): VPNs use advanced encryption and tunneling to permit organizations to establish secure, end-to-end private network connections over third-party networks, such as the Internet or extranets.

Wireless (part of the Campus Infrastructure): Wireless IP technology creates anytime,

anywhere connections to the Internet and enterprise networks. In a campus environment or distant mobile location, wireless technology allows users to be constantly connected as they move between wireless cells, unconstrained by direct physical connections.

IP telephony: The convergence of voice, video, and data on a single IP network is

changing the way enterprises communicate. Convergence on a single network infrastructure lowers total network costs and optimizes enterprise communications.

Content networking: Content networking optimizes website performance and content delivery by positioning content near consumers in anticipation of use.

Storage networking: Driven by workforce collaboration, e-commerce, and e-learning, storage networking has emerged as an important networking application. Cisco storage networking solutions provide high-capacity, low-latency networking for disaster recovery, data replication, and storage consolidation.

Note This course discusses the design implications of IP telephony. Content networking and storage networking design are not included in this course.

(32)

Summary

This topic summarizes the key points discussed in this lesson.

Summary

• Cisco AVVID is an enterprise-wide, standards-based network architecture that provides a roadmap for combining business and technology strategies into a cohesive model.

• While specific devices or applications may promise performance, effective performance is achieved only by considering and optimizing each component. Only a

cohesive, integrated, and optimized network can ensure the best network performance.

• A network must be able to scale from where it is today to where it might be in the future. The design, IP address

management, features, and WAN link speeds must all be able to provide connectivity and additions without massive redesign of the network.

Summary (Cont.)

• A major concern for network managers is how available the network is or how impervious it is to network changes. • The Cisco AVVID network infrastructure component includes

clients and servers, network platforms, and intelligent network services.

• Cisco AVVID network infrastructure supports the key intelligent network services, which comprise numerous networking technologies and topologies, with a

corresponding large number of possible designs and architectures.

• The Cisco AVVID framework provides a foundation for applications and solutions. Cisco provides some solutions, while third-party companies provide solutions through the Cisco AVVID Partner Program.

(33)

Lesson 2

Introducing the Enterprise

Composite Network Model

Overview

The Enterprise Composite Network Model provides a framework for designing the components of an enterprise network. The model relies on the principles of the Cisco AVVID, which provides a framework for the solutions presented in this course.

Objectives

Upon completing this lesson, you will be able to describe the Enterprise Composite Network Model used to design enterprise networks and explain how it addresses enterprise network needs for performance, scalability, and availability. This ability includes being able to meet these objectives:

Describe the Enterprise Composite Network Model and explain how it addresses enterprise

network modularity

Describe the modules that comprise an enterprise campus network, and explain how the

Enterprise Campus functional area meets the need for performance, scalability, and availability

Describe the components and functionality at the Enterprise Edge, and explain how the Enterprise Edge functional area meets the need for performance, scalability, and availability

Describe the components and functionality at the Service Provider Edge, and explain how

the Service Provider Edge functional area meets the need for performance, scalability, and availability

(34)

What Is the Enterprise Composite Network

Model?

This topic describes the Enterprise Composite Network Model and explains how it addresses enterprise network requirements for modularity.

Hierarchical Model

The Enterprise Composite Network Model provides a modular framework for designing networks. The modularity within the model allows flexibility in network design and facilitates implementation and troubleshooting.

Nearly a decade ago, Cisco introduced a hierarchical design model as a tool for network designers to approach network design from physical, logical, and functional viewpoints. The hierarchical model divided networks into these layers:

Access layer: The access layer is used to grant user access to network devices. At a network campus, the access layer incorporates shared, switched, or subnetted LAN devices with ports available to workstations and servers. In the WAN environment, the access layer can provide sites with access to the corporate network using a WAN technology.

Distribution layer: The distribution layer aggregates the wiring closets and uses data link layer switching and multilayer switching to segment workgroups and isolate network problems, preventing workgroups from having an impact on the core layer. Routing and packet manipulation occur in the distribution layer.

(35)

Enterprise Composite

Network Model Functional Areas

The Enterprise Composite Network Model introduces additional modularity into the network structure. The entire network is divided into functional areas that contain the access,

distribution, and core layers of the hierarchical model.

The Enterprise Composite Network Model contains three major functional areas:

Enterprise Campus: This functional area contains the modules required to build a

hierarchical, highly robust campus network that offers performance, scalability, and availability. This Enterprise Campus contains the network elements required for

independent operation within a single campus. This functional area does not offer remote connections or Internet access.

A campus is defined as one or more buildings, with multiple virtual and physical networks, connected across a high-performance, multilayer-switched backbone.

Enterprise Edge: This functional area aggregates connectivity from the various elements at the edge of the enterprise network. The Enterprise Edge functional area filters traffic from the edge modules and routes it into the Enterprise Campus functional area. The Enterprise Edge functional area contains all of the network elements for efficient and secure communication between the Enterprise Campus and remote locations, remote users, and the Internet.

Service Provider Edge: This functional area provides functionality implemented by service providers. The Service Provider Edge functional area enables communications with other networks using different WAN technologies and Internet service providers (ISPs).

(36)

Enterprise Composite Network Model

To scale the hierarchical model, Cisco introduced the Enterprise Composite Network Model, which further divides the enterprise network into physical, logical, and functional boundaries. The Enterprise Composite Network Model contains functional areas, each of which has its own access, distribution, and core layers.

The Enterprise Composite Network Model meets the following criteria:

This model defines a deterministic network with clearly defined boundaries between modules. The model has clear demarcation points to aid the designer in knowing exactly where traffic is located.

This model increases network scalability and eases the design task by making each module

discrete.

This model provides scalability by allowing enterprises to add modules easily. As network

complexity grows, designers can add new functional modules.

This model offers more integrity in network design, allowing the designer to add services

and solutions without changing the underlying network design.

The Enterprise Composite Network Model provides a conceptual view of an enterprise network. The model describes the functions to include in a network design but does not

specifically define the devices and connections that are required. As you design a network, you will need to select the devices, interfaces, wiring, and so on, that the specific design requires.

(37)

Example Implementation of the Enterprise

Composite Network Model

The figure shows an enterprise network with the major components of the Enterprise

Composite Network Model. The network is divided into the Enterprise Campus and Enterprise Edge functional areas, connected by the Campus Backbone submodule.

(38)

What Is the Enterprise Campus?

This topic describes the modules that comprise an enterprise campus network, and explains how the infrastructure meets the need for performance, scalability, and availability.

Enterprise Campus Functional Area

The Enterprise Campus functional area includes the Campus Infrastructure, Network Management, Server Farm, and Edge Distribution modules. Each module has a specific function within the campus network.

The Enterprise Campus functional area includes these four major modules:

Campus Infrastructure Network Management

Server Farm Edge Distribution

(39)

Enterprise Campus Infrastructure

The Campus Infrastructure module connects users within a campus with the Server Farm and Edge Distribution modules. The Campus Infrastructure module is composed of one or more floors or buildings connected to the Campus Backbone submodule. Each building contains a Building Access and Building Distribution submodule.

The Campus Infrastructure module includes these submodules:

Building Access (also known as the access layer): This submodule contains end-user workstations, IP Phones, and data link layer access switches that connect devices to the Building Distribution submodule. The Building Access submodule performs important services, such as broadcast suppression, protocol filtering, network access, and QoS marking.

Building Distribution (also known as the distribution layer): This submodule provides

aggregation of wiring closets, often using multilayer switching. The Building Distribution submodule performs routing, QoS, and access control. Requests for data flow into the Building Distribution switches and to the campus backbone. The module provides fast failure recovery, because each Building Distribution switch maintains two equal-cost paths in the routing table to every destination network. When one connection to the campus backbone fails, all routes immediately switch over to the remaining path about 1 second after the link failure is detected.

Campus Backbone (also known as the core layer): This submodule provides redundant

and fast-converging connectivity between buildings and with the Server Farm and Edge Distribution modules. The Campus Backbone routes and switches traffic as fast as possible from one module to another. This submodule uses data link layer switches or multilayer switches for high-throughput functions with added routing, QoS, and security features.

(40)

In addition to the Campus Infrastructure module, the Enterprise Campus functional area includes these modules:

NetworkManagement: This module performs intrusion detection, system logging, and authentication, and also network monitoring and general configuration management functions. For management purposes, an out-of-band connection (a network on which no production traffic resides) to all network components is recommended. The Network Management module provides configuration management for nearly all devices in the network using Cisco routers and dedicated network management stations.

Server Farm: This module contains internal e-mail and corporate servers providing application, file, print, e-mail, and Domain Name System (DNS) services to internal users. Because access to these servers is vital, they are connected to two different switches, enabling full redundancy and load sharing. The Server Farm module switches are cross-connected with core-layer switches, enabling high reliability and availability of all servers.

Edge Distribution: This module aggregates the connectivity from the various elements at

the Enterprise Edge functional area and routes the traffic into the Campus Backbone submodule. The Edge Distribution structure is similar to the Building Distribution

submodule. Both the Enterprise Edge and Campus Backbone modules use access control to filter traffic, although the Edge Distribution module can rely on the edge distribution devices to perform additional security.

Example Implementation of an Enterprise

Campus Network

(41)

Campus Infrastructure Modules

Contributions to Enterprise Needs

Important to provide redundancy Provides switch

modularity Critical to WAN and

Internet performance

Edge Distribution

Critical to provide redundancy and fault

tolerance Provides switch modularity Critical to server performance Server Farm Monitors device and network availability Monitors

performance

Network Management

Critical to provide redundancy and fault

tolerance Provides switch modularity Critical to overall network performance Campus Backbone Critical to provide redundancy Provides switch modularity Critical to campus performance Building Distribution Important to provide redundancy Provides port density Critical to desktop performance Building Access Availability Scalability Performance

The figure describes how the campus network meets the enterprise network needs for performance, scalability, and availability.

(42)

What Is the Enterprise Edge?

This topic describes the components and functionality at the Enterprise Edge functional area, and explains how the Enterprise Edge functional area meets the need for performance, scalability, and availability.

Enterprise Edge Functional Area

The Enterprise Edge functional area is comprised of four modules: E-Commerce, Internet Connectivity, Remote Access and VPN, and WAN. Each module connects to the Edge Distribution module, which connects the Enterprise Edge and Enterprise Campus functional areas.

The Enterprise Edge module is comprised of these four modules:

E-Commerce Internet Connectivity

Remote Access and VPN WAN

(43)

Enterprise Edge Modules

The Enterprise Edge modules perform the following functions:

E-Commerce: This module enables enterprises to successfully deploy e-commerce applications and take advantage of the powerful competitive opportunities provided by the Internet. All e-commerce transactions pass through a series of intelligent services to provide performance, scalability, and availability within the overall e-commerce network design. To build a successful e-commerce solution, enterprises may deploy the following network devices:

— Web servers: Act as the primary user interface for the navigation of e-commerce — Application servers: Support enterprise applications including online transaction

processing systems and decision support applications

— Database servers: Contain the critical information that is the heart of e-commerce business implementation

— Security servers: Govern communication between the various levels of security in the system, often using firewalls and intrusion detection systems (IDSs)

Internet Connectivity: This module provides internal users with connectivity to Internet

services. Internet users can access the information on publicly available servers.

Additionally, the Internet Connectivity module accepts VPN traffic from remote users and remote sites and forwards it to the Remote Access and VPN module. The major

components of the Internet Connectivity module are as follows:

— E-mail servers: Act as a relay between the Internet and the intranet mail servers — DNS servers: Serve as authoritative external DNS servers for the enterprise and

relay internal requests to the Internet

— Public web servers: Provide public information about the organization

— Security servers: Govern communication between the various levels of security in the system, often using firewalls and IDSs

— Edge routers: Provide basic filtering and Layer 3 connectivity to the Internet

Designing Cisco Network Service Architectures

ARCH

Designing Cisco

Network Service

Architectures

Volume 1

Student Guide

Students, this letter describes important

course evaluation access information!

Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,

Cisco Systems is committed to bringing you the highest-quality training in the industry.

Cisco learning products are designed to advance your professional goals and give you the

expertise you need to build and maintain strategic networks.

Cisco relies on customer feedback to guide business decisions; therefore, your valuable

input will help shape future Cisco course curricula, products, and training offerings.

We would appreciate a few minutes of your time to complete a brief Cisco online course

evaluation of your instructor and the course materials in this student kit. On the final day

of class, your instructor will provide you with a URL directing you to a short post-course

evaluation. If there is no Internet access in the classroom, please complete the evaluation

within the next 48 hours or as soon as you can access the web.

On behalf of Cisco, thank you for choosing Cisco Learning Partners for your Internet

technology training.

Sincerely,

Cisco Systems Learning

Table of Contents

Volume 1

Course Introduction

1

Introducing Cisco Network Service Architectures

1-1

Designing Enterprise Campus Networks

2-1

Designing Enterprise Edge Connectivity

3-1

Designing Network Management Services

4-1

Designing High-Availability Services

5-1

Designing Security Services

6-1

ARCH

Course Introduction

Overview

Learner Skills and Knowledge

Learner Skills and Knowledge

Course Goal and Objectives

“To perform the conceptual, intermediate, and

Course Goal

Course Flow

Course Flow

Additional References

Cisco Icons and Symbols

Cisco Glossary of Terms

Your Training Curriculum

Cisco Certifications

Cisco CCDP Career Certifications

Module 1

Introducing Cisco Network

Service Architectures

Overview

Module Objectives

Lesson 1

Introducing the Cisco AVVID

Framework

Overview

Objectives

What Is the Cisco AVVID Framework?

Cisco AVVID Framework

Benefits of Cisco AVVID

What Are the Performance Concerns When

Deploying an Enterprise Network?

Primary Concern of Network Deployment:

Performance

What Are the Scalability Concerns When

Deploying an Enterprise Network?

Primary Concern of Network Deployment:

Scalability

What Are the Availability Concerns When

Deploying an Enterprise Network?

Primary Concern of Network Deployment: