Top-Down Network Design

Third Edition

Priscilla Oppenheimer

Cisco Press

800 East 96th Street Indianapolis, IN 46240

vi Тор-Down Network Design

Contents at a Glance

Part I Identifying Your Customer's Needs and Goals 1

Chapter 1 Analyzing Business Goals and Constraints 3 Chapter 2 Analyzing Technical Goals and Tradeoffs 25 Chapter 3 Characterizing the Existing Internetwork 59 Chapter 4 Characterizing Network Traffic 87

Part II Logical Network Design 117

Chapter 5 Designing a Network Topology 119

Chapter 6 Designing Models for Addressing and Numbering 167 Chapter 7 Selecting Switching and Routing Protocols 199 Chapter 8 Developing Network Security Strategies 233 Chapter 9 Developing Network Management Strategies 263

Part III Physical Network Design 281

Chapter 10 Selecting Technologies and Devices for Campus Networks 283 Chapter 11 Selecting Technologies and Devices for Enterprise Networks 319

Part IV Testing, Optimizing, and Documenting Your Network Design 351

Chapter 12 Testing Your Network Design 353 Chapter 13 Optimizing Your Network Design 367 Chapter 14 Documenting Your Network Design 393

Glossary 407 Index 435

Introduction xxii

Part I Identifying Your Customer's Needs and Goals 1

Chapter 1 Analyzing Business Goals and Constraints 3

Using a Top-Down Network Design Methodology 3 Using a Structured Network Design Process 5 Systems Development Life Cycles 6

Plan Design Implement Operate Optimize (PDIOO) Network Life Cycle Analyzing Business Goals 8

Working with Your Client 8 Changes in Enterprise Networks 10

Networks Must Make Business Sense 10 Networks Offer a Service 11

The Need to Support Mobile Users 12

The Importance of Network Security and Resiliency 12

Typical Network Design Business Goals 13

Identifying the Scope of a Network Design Project 14 Identifying a Customer's Network Applications 16 Analyzing Business Constraints 19

Politics and Policies 19

Budgetary and Staffing Constraints 20 Project Scheduling 21

Business Goals Checklist 22 Summary 23

Review Questions 23 Design Scenario 24

Chapter 2 Analyzing Technical Goals and Tradeoffs 25

Scalability 25

Planning for Expansion 26 Expanding Access to Data 26 Constraints on Scalability 27 Availability 27

Disaster Recovery 28

Тор-Down Network Design

Five Nines Availability 30 The Cost of Downtime 31

Mean Time Between Failure and Mean Time to Repair 31

Network Performance 32

Network Performance Definitions 33 Optimum Network Utilization 34 Throughput 35

Throughput of Internetworking Devices 36 Application Layer Throughput 37

Accuracy 38 Efficiency 39

Delay and Delay Variation 40

Causes of Delay 41 Delay Variation 43

Response Time 44 Security 44

Identifying Network Assets 45 Analyzing Security Risks 46

Reconnaissance Attacks 47 Denial-of-Service Attacks 48

Developing Security Requirements 48 Manageability 49

Usability 50 Adaptability 50 Affordability 51

Making Network Design Tradeoffs 52 Technical Goals Checklist 54

Summary 55 Review Questions 56 Design Scenario 56

Chapter 3 Characterizing the Existing Internetwork 59

Characterizing the Network Infrastructure 59 Developing a Network Map 60

Characterizing Large Internetworks 60 Characterizing the Logical Architecture 62 Developing a Modular Block Diagram 64

Characterizing Wiring and Media 65

Checking Architectural and Environmental Constraints 68

Checking a Site for a Wireless Installation 69 Performing a Wireless Site Survey 70

Checking the Health of the Existing Internetwork 71 Developing a Baseline of Network Performance 72 Analyzing Network Availability 73

Analyzing Network Utilization 73

Measuring Bandwidth Utilization by Protocol 75

Analyzing Network Accuracy 76

Analyzing Errors on Switched Ethernet Networks 77

Analyzing Network Efficiency 79 Analyzing Delay and Response Time 80

Checking the Status of Major Routers, Switches, and Firewalls 82 Network Health Checklist 83

Summary 84 Review Questions 84 Hands-On Project 85 Design Scenario 85

Chapter 4 Characterizing Network Traffic 87

Characterizing Traffic Flow 87

Identifying Major Traffic Sources and Stores 87 Documenting Traffic Flow on the Existing Network 89

Characterizing Types of Traffic Flow for New Network Applications 90

Terminal/Host Traffic Flow 91 Client/Server Traffic Flow 91 Peer-to-Peer Traffic Flow 93 Server/Server Traffic Flow 94

Distributed Computing Traffic Flow 94 Traffic Flow in Voice over IP Networks 94

Documenting Traffic Flow for New and Existing Network Applications 95

Characterizing Traffic Load 96

Calculating Theoretical Traffic Load 97 Documenting Application-Usage Patterns 99

Refining Estimates of Traffic Load Caused by Applications 99 Estimating Traffic Load Caused by Routing Protocols 101

x Тор-Down Network Design

Characterizing Traffic Behavior 101 Broadcast/Multicast Behavior 101 Network Efficiency 102

Frame Size 103

Windowing and Flow Control 103 Error-Recovery Mechanisms 104

Characterizing Quality of Service Requirements 105 ATM QoS Specifications 106

Constant Bit Rate Service Category 107

Real-time Variable Bit Rate Service Category 107 Non-real-time Variable Bit Rate Service Category 107 Unspecified Bit Rate Service Category 108

Available Bit Rate Service Category 108 Guaranteed Frame Rate Service Category 108

IETF Integrated Services Working Group QoS Specifications 109

Controiled-Load Service 110 Guaranteed Service 110

IETF Differentiated Services Working Group QoS Specifications 111 Grade of Service Requirements for Voice Applications 112

Documenting QoS Requirements 113 Network Traffic Checklist 114

Summary 114 Review Que stions 114 Design Scenario 115 Summary for Part I 115

Part II Logical Network Design 117

Chapter 5 Designing a Network Topology 119

Hierarchical Network Design 120

Why Use a Hierarchical Network Design Model? 121 Flat Versus Hierarchical Topologies 122

Flat WAN Topologies 122 Flat LAN Topologies 123

Mesh Versus Hierarchical-Mesh Topologies 124 Classic Three-Layer Hierarchical Model 125

Core Layer 127 Distribution Layer 127

Access Layer 128

Guidelines for Hierarchical Network Design 128 Redundant Network Design Topologies 130

Backup Paths 131 Load Sharing 132

Modular Network Design 133

Cisco SAFE Security Reference Architecture 133 Designing a Campus Network Design Topology 135

Spanning Tree Protocol 135

Spanning Tree Cost Values 136 Rapid Spanning Tree Protocol 137

RSTP Convergence and Reconvergence 138 Selecting the Root Bridge 139

Scaling the Spanning Tree Protocol 140

Virtual LANs 141

Fundamental VLAN Designs 142

Wireless LANs 144

Positioning an Access Point for Maximum Coverage 145 WLANs and VLANs 146

Redundant Wireless Access Points 146

Redundancy and Load Sharing in Wired LANs 147 Server Redundancy 148

Workstation-to-Router Redundancy 150

Hot Standby Router Protocol 152 Gateway Load Balancing Protocol 153

Designing the Enterprise Edge Topology 153 Redundant WAN Segments 153

Circuit Diversity 154

Multihoming the Internet Connection 154 Virtual Private Networking 157

Site-to-Site VPNs 158 Remote-Access VPNs 159

Service Provider Edge 160

Secure Network Design Topologies 162 Planning for Physical Security 162

xii Тор-Down Network Design

Summary 163 Review Questions 165 Design Scenario 165

Chapter 6 Designing Models for Addressing and Numbering 167

Guidelines for Assigning Network Layer Addresses 168

Using a Structured Model for Network Layer Addressing 168 Administering Addresses by a Central Authority 169

Distributing Authority for Addressing 170 Using Dynamic Addressing for End Systems 170

IP Dynamic Addressing 171

IP Version 6 Dynamic Addressing 174 Zero Configuration Networking 175

Using Private Addresses in an IP Environment 175

Caveats with Private Addressing 177 Network Address Translation 177

Using a Hierarchical Model for Assigning Addresses 178

Why Use a Hierarchical Model for Addressing and Routing? 178 Hierarchical Routing 179

Classless Interdomain Routing 179

Classless Routing Versus Classful Routing 180 Route Summarization (Aggregation) 181

Route Summarization Example 182 Route Summarization Tips 183

Discontiguous Subnets 183 Mobile Hosts 184

Variable-Length Subnet Masking 185 Hierarchy in IP Version 6 Addresses 186

Link-Local Addresses 187 Global Unicast Addresses 188

IPv6 Addresses with Embedded IPv4 Addresses 189

Designing a Model for Naming 189 Distributing Authority for Naming 190 Guidelines for Assigning Names 191

Assigning Names in a NetBIOS Environment 192 Assigning Names in an IP Environment 193

Dynamic DNS Names 194 IPv6 Name Resolution 195

Summary 195 Review Questions 196 Design Scenario 197

Chapter 7 Selecting Switching and Routing Protocols 199

Making Decisions as Part of the Тор-Down Network Design Process 200 Selecting Switching Protocols 201

Switching and the OSI Layers 202 Transparent Bridging 202

Selecting Spanning Tree Protocol Enhancements 203

PortFast 204

UplinkFast and BackboneFast 204 Unidirectional Link Detection 205

LoopGuard 206

Protocols for Transporting VLAN Information 207

IEEE 802.1Q 207

Dynamic Trunk Protocol 208 VLAN Trunking Protocol 208

Selecting Routing Protocols 209 Characterizing Routing Protocols 209

Distance-Vector Routing Protocols 210 Link-State Routing Protocols 212 Routing Protocol Metrics 214

Hierarchical Versus Nonhierarchical Routing Protocols 214 Interior Versus Exterior Routing Protocols 214

Classful Versus Classless Routing Protocols 214 Dynamic Versus Static and Default Routing 215 On-Demand Routing 216

Scalability Constraints for Routing Protocols 216 Routing Protocol Convergence 217

IP Routing 218

Routing Information Protocol 218

Enhanced Interior Gateway Routing Protocol 219 Open Shortest Path First 221

Intermediate System-to-Intermediate System 224 Border Gateway Protocol 225

xiv Тор-Down Network Design

Using Multiple Routing Protocols in an Internetwork 225

Routing Protocols and the Hierarchical Design Model 226 Redistribution Between Routing Protocols 227

Integrated Routing and Bridging 22 9

A Summary of Routing Protocols 230 Summary 231

Review Questions 231 Design Scenario 232

Chapter 8 Developing Network Security Strategies 233

Network Security Design 233 Identifying Network Assets 234 Analyzing Security Risks 234

Analyzing Security Requirements and Tradeoffs 235 Developing a Security Plan 235

Developing a Security Policy 236

Components of a Security Policy 237

Developing Security Procedures 237 Maintaining Security 237 Security Mechanisms 238 Physical Security 238 Authentication 239 Authorization 239 Accounting (Auditing) 240 Data Encryption 240

Public/Private Key Encryption 241

Packet Filters 243 Firewalls 244

Intrusion Detection and Prevention Systems 244 Modularizing Security Design 245

Securing Internet Connections 245

Securing Public Servers 246 Securing E-Commerce Servers 247

Securing Remote-Access and VPNs 248

Securing Remote-Access Technologies 248 Securing VPNs 249

Securing Network Services and Network Management 250 Securing Server Farms 251

Securing User Services 252 Securing Wireless Networks 253

Authentication in Wireless Networks 254 Data Privacy in Wireless Networks 258

Summary 261 Review Questions 261 Design Scenario 262

Chapter 9 Developing Network Management Strategies 263

Network Management Design 263 Proactive Network Management 264 Network Management Processes 264

Fault Management 265

Configuration Management 266 Accounting Management 266 Performance Management 266 Security Management 268

Network Management Architectures 269 In-Band Versus Out-of-Band Monitoring 270 Centralized Versus Distributed Monitoring 270 Selecting Network Management Tools and Protocols 271

Selecting Tools for Network Management 271 Simple Network Management Protocol 271

Management Information Bases (MIB) 272 Remote Monitoring (RMON) 273

Cisco Discovery Protocol 274 Cisco NetFlow Accounting 276

Estimating Network Traffic Caused by Network Management 276 Summary 277

Review Questions 278 Design Scenario 278 Summary for Part II 279

Part III Physical Network Design 281

Chapter 10 Selecting Technologies and Devices for Campus Networks 283

LAN Cabling Plant Design 284 Cabling Topologies 284

xvi Тор-Down Network Design

Campus-Cabling Topologies 285

Types of Cables 285 LAN Technologies 289

Ethernet Basics 290

Ethernet and IEEE 802.3 290

Ethernet Technology Choices 291

Half-Duplex and Full-Duplex Ethernet 292 100-Mbps Ethernet 292

Gigabit Ethernet 293 10-Gbps Ethernet 295

Selecting Internetworking Devices for a Campus Network Design 299 Criteria for Selecting Campus Internetworking Devices 300 Optimization Features on Campus Internetworking Devices 302 Example of a Campus Network Design 303

Background Information for the Campus Network Design Project 303 Business Goals 304

Technical Goals 304 Network Applications 305 User Communities 306 Data Stores (Servers) 307 Current Network at WVCC 307

Traffic Characteristics of Network Applications 310 Summary of Traffic Flows 311

Performance Characteristics of the Current Network 312

Network Redesign for WVCC 313

Optimized IP Addressing and Routing for the Campus Backbone 313 Wireless Network 314

Improved Performance and Security for the Edge of the Network 315

Summary 316

Re view Que stions 317 Design Scenario 317

Chapter 11 Selecting Technologies and Devices for Enterprise Networks 319

Remote-Access Technologies 320 PPP 321

Multilink PPP and Multichassis Multilink PPP 321 Password Authentication Protocol and Challenge Handshake

Cable Modem Remote Access 323

Challenges Associated with Cable Modem Systems 324

Digital Subscriber Line Remote Access 325

Other DSL Implementations 326 PPP and ADSL 326

Selecting Remote-Access Devices for an Enterprise Network Design 327

Selecting Devices for Remote Users 327 Selecting Devices for the Central Site 328 WAN Technologies 328

Systems for Provisioning WAN Bandwidth 329 Leased Lines 330

Synchronous Optical Network 331 Frame Relay 332

Frame Relay Hub-and-Spoke Topologies and Subinterfaces 333 Frame Relay Congestion Control Mechanisms 335

Frame Relay Traffic Control 335 Frame Relay/ATM Interworking 336

ATM 337

Ethernet over ATM 337

Metro Ethernet 338

Selecting Routers for an Enterprise WAN Design 339 Selecting a WAN Service Provider 340

Example of a WAN Design 341

Background Information for the WAN Design Project 341 Business and Technical Goals 342

Network Applications 343 User Communities 343 Data Stores (Servers) 344 Current Network 344

Traffic Characteristics of the Existing WAN 345 WAN Design for Klamath Paper Products 346 Summary 348

Review Questions 349 Design Scenario 349 Summary for Part III 350

xviii Тор-Down Network Design

Part IV Testing, Optimizing, and Documenting Your Network Design 351

Chapter 12 Testing Your Network Design 353

Using Industry Tests 354

Building and Testing a Prototype Network System 355 Determining the Scope of a Prototype System 355 Testing a Prototype on a Production Network 356

Writing and Implementing a Test Plan for Your Network Design 357 Developing Test Objectives and Acceptance Criteria 357

Determining the Types of Tests to Run 358

Documenting Network Equipment and Other Resources 359 Writing Test Scripts 360

Documenting the Project Timeline 361 Implementing the Test Plan 361 Tools for Testing a Network Design 362

Types of Tools 362

Examples of Network Testing Tools 363

CiscoWorks Internetwork Performance Monitor 364 WANDL Network Planning and Analysis Tools 364 OPNET Technologies 364

Ixia Tools 365

NetlQ Voice and Video Management Solution 365 NetPredict's NetPredictor 365

Summary 366 Review Questions 366 Design Scenario 366

Chapter 13 Optimizing Your Network Design 367

Optimizing Bandwidth Usage with IP Multicast Technologies 368 IP Multicast Addressing 369

Internet Group Management Protocol 370 Multicast Routing Protocols 370

Distance Vector Multicast Routing Protocol 371 Protocol Independent Multicast 371

Reducing Serialization Delay 372

Link-Layer Fragmentation and Interleaving 373 Compressed Real-Time Transport Protocol 374

Optimizing Network Performance to Meet Quality of Service Requirements 374

IP Precedence and Type of Service 375

IP Differentiated Services Field 376

Resource Reservation Protocol 377

Common Open Policy Service Protocol 379 Classifying LAN Traffic 379

Cisco IOS Features for Optimizing Network Performance 380 Switching Techniques 380

Classic Methods for Layer 3 Packet Switching 381 NetFlow Switching 382

Cisco Express Forwarding 382

Queuing Services 383

First-In, First-Out Queuing 383 Priority Queuing 384

Custom Queuing 384 Weighted Fair Queuing 385

Class-Based Weighted Fair Queuing 386 Low-Latency Queuing 387

Random Early Detection 388

Weighted Random Early Detection 388

Traffic Shaping 389

Committed Access Rate 389 Summary 389

Review Questions 390 Design Scenario 391

Chapter 14 Documenting Your Network Design 393

Responding to a Customer's Request for Proposal 394 Contents of a Network Design Document 395

Executive Summary 396 Project Goal 396 Project Scope 396 Design Requirements 397 Business Goals 397 Technical Goals 398

xx Тор-Down Network Design

Network Applications 399

Current State of the Network 399 Logical Design 400

Physical Design 400

Results of Network Design Testing 401 Implementation Plan 401

Project Schedule 402

Project Budget 403

Return on Investment 403

Design Document Appendix 404 Summary 404

Review Questions 405 Design Scenario 405

Glossary 407