CSE 550 Computer Network Design

CSE 550Computer Network Design

Dr. Mohammed H. SqalliCOE, KFUPM

Spring 2007 (Term 062)

CSE-550-T062 Lecture Notes - 6 2

Outline

Network Topology Design Flat Network Topologies Hierarchical Network Design Model Mesh Network Topologies Redundant Network Design Topologies Modular Network Design Model Campus/LAN Network Design Topology Enterprise/WAN Network Design Topology Secure Network Design Topologies

Network Topology Design



First step in the logical design phase of the top-down network design methodology

During this phase, we identify: Networks and interconnection points Size and scope of networks Types of internetworking devices required



Questions to determine network topology: Is it a small LAN with few workstations? Is it a campus LAN or a massive enterprise

implementation? Is scalability important? How about network management? What about cost?



No one topology is right for every network environment

Each network topology can be an integral part of another topology design

Redundant and secure topologies should be part of every network design


Network Topologies

Network topologies covered: Flat Hierarchical Mesh Redundant Campus/LAN Enterprise/WAN Secure

Flat Network Topologies


Flat Network Topologies

Generally used for very small networks Each network device (e.g., hub, switch, …) is used

for a general rather than specific purpose Most network components are used for simple

broadcasting and providing limited switching capabilities

Based on a common broadcast domain There is no hierarchy Not generally created in a modular fashion Provide a consistent and easy-to-manage network

environment Scalability is not usually an important design

factor


Flat Network Topologies- Advantages - Lower initial cost – due to the smaller size of

network and lower equipment costs Special routing and switching components are not

used to a wide extent Reliability – due to the simplistic design and

general static nature of the topology Easy to design – due to the lack of need for

modularity and scalability Easy to implement – due to the lack of specialized

switching equipment Easy to maintain – as long as the network stays

small


Flat Network Topologies- Disadvantages -

Not modular – changes to the environment will usually affect all internetworking devices

Bandwidth domain – most if not all devices are usually in the same bandwidth domain (i.e., share the same bandwidth)

Broadcast domain – same broadcast domain that can lead to congestion

Lack of hierarchy makes troubleshooting difficult – inspect the entire network


Flat WAN Topologies

Flat loop topology: A WAN for a small company may consist of a few sites connected in a loop

Meets goals for low cost and reasonably good availability

Quick convergence of routing protocols Communication recovery when one link fails Not recommended for networks with many sites:

Significant delay and a higher probability of failure because of routers that are many hops away


Flat vs. Hierarchical WAN Topologies

Hierarchical redundant topology meets goals for scalability, high availability, and low delay

Hierarchical Network Design Model


Hierarchical Network Design Model (1/2)

When scalability is a major goal, a hierarchical topology is recommended

Created in layers to allow specific functions and features to be implemented in each of the layers

Each component is carefully placed in a hierarchical design for maximum efficiency and specific purpose

Routers, switches, and hubs all play specific role in routing and distributing data and packet information

The model can be used for switched networks as well as routed networks


Hierarchical Network Design Model (2/2)

Incorporates 3 key layers (Three-tier hierarchical model): Core layer Distribution layer Access layer

Each layer has a specific role Each layer provides a backbone for the layer below

Definition: A backbone is a network whose primary purpose is the interconnection of other networks


Three-layer Hierarchical Topology (1/4)



A Partial-Mesh Hierarchical Design






Three-layer Hierarchical Topology- Core Layer (1/3) - Main rule: Design the core layer for optimized

transport between sites Should be optimized for low latency and good

manageability Consists of high-end routers and switches that are

optimized for availability and performance Focus on redundancy and reliability

Adapt to changes quickly and continue to function with circuit outages

Should have a limited and consistent diameter Provides predictable performance and ease of

troubleshooting


Three-layer Hierarchical Topology- Core Layer (2/3) -

Provides optimal wide-area transport between geographically remote sites

Connects campus networks in a corporate or enterprise WAN

Services are typically leased from a telecom service provider

Need to efficiently use bandwidth because of provider tariffs

May use the public Internet as enterprise backbone


Three-layer Hierarchical Topology- Core Layer (3/3) - Includes one or more links to external networks (for

extranet or Internet connections). This centralization at the core: Reduces complexity and potential of routing

problems Minimizes security concerns, due to having only one

security structure to administer Means higher bandwidth costs

Avoid using packet filters or other features that slow down the manipulation of packets

Avoid connecting end stations to the core


Three-layer Hierarchical Topology- Distribution Layer (1/3) - Main rule: Connect network services and

implement policies at the distribution layer Demarcation point between access and core layers Acts as a concentrator point for many of its access

layer sites Delineates broadcast domains (can be done at the

access layer as well) Can be configured to route between VLANs Connects multiple networks (departments) within a

campus network environment (one or more buildings) Includes campus backbone network, based on

FDDI, Fast Ethernet, Gigabit Ethernet, or ATM Connects network services to the access layer


Three-layer Hierarchical Topology- Distribution Layer (2/3) - Links usually owned and/or controlled by the

organization Network policies are often implemented in this

layer: Consists of routers and switches that implement

policies Network security:

Firewall, filtering, encryption Access to services (admin privileges, etc.) Traffic patterns through definition of path metrics

(priority, preference, trust, etc) Route summarization / Address aggregation Network naming and numbering conventions Traffic loading, routing, and address translation


Three-layer Hierarchical Topology- Distribution Layer (3/3) - Controls access to resources for security reasons Controls network traffic that traverses the core for

performance reasons Redistribute between bandwidth-intensive access

layer routing protocols (e.g., IGRP), and optimized core routing protocols (e.g., EIGRP)

Should hide detailed topology information about the access layer from core routers Maximizes hierarchy, modularity, and performance

(e.g., route summarization) Should hide detailed topology information about

the core layer from the access layer (e.g., use one default route)


Three-layer Hierarchical Topology- Access Layer (1/3) - Main rule: Move users down to the access layer Provides end-user access to a network Where hosts are attached to the network (e.g., labs) Usually a LAN or a group of LANs Usually within a single building (or single floor) Typically uses Ethernet, Token Ring, or FDDI Can include routers, switches, bridges, shared-media

hubs, and wireless access points


Three-layer Hierarchical Topology- Access Layer (2/3) - Connects workgroups (e.g., marketing,

administration) Can be divided into two levels (workgroup level and

desktop level) Workgroup level: e.g., departmental level Desktop level: where end-user devices are attached

Provides logical network segmentation, traffic isolation, and distributed environment

Remote (dialup) users are connected at this tier


Three-layer Hierarchical Topology- Access Layer (3/3) - In a campus network, it provides switches or hubs

for end-user access Connects users via lower-end switches and wireless

access points Switches are used to divide up bandwidth domains

to meet the specific demands of certain applications (e.g., multimedia)

In a WAN design, it consists of the routers at the edge of the campus networks Provides remote access into the corporate

internetwork using WAN technologies, e.g., ISDN, Frame Relay, etc.

Can implement routing features, e.g., dial-on-demand (DDR) routing


Hierarchical Network Design- Guidelines (1/3) - Choose a hierarchical model that best fits your

requirements Do not always completely mesh all tiers of the

network (use the backbone for connections) Core connectivity, however, will generally be meshed

for circuit redundancy and network convergence speed Do not place end stations on backbones

Improves the reliability of the backbone Workgroup LANs should keep as much as 80% of

their traffic local to the workgroup Right positioning of the servers

Use specific features at the appropriate hierarchical level


Hierarchical Network Design- Guidelines (2/3) - Control the diameter of a hierarchical enterprise

network topology (in most cases, 3 major layers are sufficient) Provides low and predictable latency Helps predict routing paths, traffic flows, and capacity

requirements Makes troubleshooting and network documentation

easier Design the access layer first, then the distribution

layer, and finally the core layer Helps, more accurately, perform capacity planning at

the distribution and core layers


Hierarchical Network Design- Guidelines (3/3) - Avoid chains at the access layer (e.g., connecting a

branch network to another branch, adding a 4th layer)

Avoid backdoors (i.e., connection between devices in the same layer) Cause unexpected routing problems Make network documentation and troubleshooting

more difficult


Hierarchical Network Design Guidelines- A Chain and A Backdoor at the Access Layer -


Three-layer Hierarchical Topology- Advantages (1/4) - Modularity:

Keeps each design element simple and easy to understand Allows each component to perform a specific purpose in

the internetwork Easier and more organized network management

Enables creating design elements that can be replicated as the network grows Scalability

Example: Planning a campus network for a new site might simply mean replicating an existing campus network design

Scalability: Allows addition of routers, switches, etc. when needed with

minimum impact to design Hierarchical networks are built for maximum scalability As elements in a network require change, the cost of an

upgrade is contained to a small subset of the network


Three-layer Hierarchical Topology- Advantages (2/4) - Predictability:

Makes capacity planning for growth easier Manageability:

Easy to deploy network management instrumentation by placing probes at different levels of hierarchy

More automated Ease of troubleshooting:

Fault isolation is improved because network technicians can easily recognize the transition points in the network to help isolate possible failure points

Use “divide-and-conquer” approach: Temporarily segment the network Does not affect core tier network


Three-layer Hierarchical Topology- Advantages (3/4) - Ease of implementation:

Phased approach is more effective due to cost of resources Efficient allocation of resources in each phase of network

deployment Simplicity:

Minimizes the need for extensive training for network operations personnel

Testing a network design is made easy because there is clear functionality at each layer

Protocol support: Mixing new protocols is easier Merger of companies using different protocols is easier


Three-layer Hierarchical Topology- Advantages (4/4) - High availability:

Due to redundancy, alternate paths, optimization, and filtering

Low delay: Routers delineating broadcast domains Multiple paths for switching and routing

Cost efficient: Due to ability to optimize and tune switching and routing

paths Today’s fast-converging routing protocols were

designed for hierarchical topologies Route summarization is facilitated by hierarchical network

design


Three-layer Hierarchical Topology- Disadvantages -

Cost – due to redundancy that is often integrated into the network topology and switching equipment


Three-layer Hierarchical Model- Variations -

One-tier Design – Distributed

One-tier Design – Hub-and-Spoke

Two-tier Design


Three-layer Hierarchical Model- One-tier Design – Distributed -

Remote networks connect to a pseudo-core Good for small networks with no centralized server

location Advantage: Faster overall response time between

peers, simplicity, and cost effectiveness Disadvantage: Loss of centralized management

control and higher management cost because of duplicated management functions Responsibilities such as server backups and network

documentation are delegated to the access site


Three-layer Hierarchical Model- One-tier Design – Hub-and-Spoke -

Servers are located in central farms

Advantage: Increased management control (centralized)

Disadvantage: Single points of failure and bandwidth aggregation


Three-layer Hierarchical Model- A Hub-and-Spoke Hierarchical Topology -


Three-layer Hierarchical Model- Two-tier Design -

A campus backbone that interconnects separate buildings

VLANs can be used to create separate logical networks (i.e., broadcast domains)


How Can You Tell When You Have a Good Design? (P. Welcher)

When you already know how to add a new building, floor, WAN link, remote site, e-commerce service, and so on

When new additions cause only local change, to the directly connected devices

When your network can double or triple in size without major design changes

When troubleshooting is easy because there are no complex protocol interactions to wrap your brain around

Mesh Network Topologies


Mesh Network Topologies

Network designers often recommend a mesh topology to meet availability requirements

Constructed with many different interconnections between network nodes

Two types:1. Full-mesh topology

2. Partial-mesh topology


Mesh Network Topologies- Full-Mesh Topology (1/3) -

Every router or switch is connected to every other router or switch

Provides complete redundancy and excellent reliability

Offers good performance Nodes are typically located at core level or

backbone level of the enterprise network



Frequently supports mission-critical services and applications

Cannot guarantee that server or application failures will be avoided with just a fully meshed backbone

Not a cost-effective solution High number of links: (N*(N-1))/2 for N routers of

switches




Mesh Network Topologies- Partial-Mesh Topology (1/2) -

Has fewer connections than full-mesh topology Each network node or switch does not necessarily have

immediate connection to each other network node or switch

To reach another router, the network might require traversing intermediate links

Can still provide redundancy through alternate paths Allows mission critical applications to continue

processing If a network connection fails, the network will remain

operational with reduced bandwidth and service levels More likely to be implemented in an enterprise network


Mesh Network Topologies- Partial-Mesh Topology (2/2) -


Mesh Network Topologies- Advantages -

Good Reliability

Redundancy – provided by having multiple links connecting each network site


Mesh Network Topologies- Disadvantages - Mesh networks can be expensive to deploy and

maintain: Due to redundancy and high circuit cost

Hard to optimize, troubleshoot, and upgrade Devices not optimized for specific functions Containing network problems is difficult because of lack

of modularity Difficult to upgrade just one part of the network

Have scalability limits for groups of routers that broadcast routing updates (i.e., processing increases) A hierarchical design limits the number of router

adjacencies


Mesh Network Topologies- A Partial-Mesh Hierarchical Design -

Redundant Network Design Topologies


Redundant Network Design Topologies- Introduction (1/3) -

Provide network availability by duplicating network links and interconnectivity devices

Eliminate the possibility of having a single point of failure (SPOF) on the network Goal: Duplicate any required component whose

failure could disable critical applications Need to consider redundancy in transmission

media, routers, workstations, and servers Designer can select different media types to

provide redundancy (e.g., satellite and data circuits)


Redundant Network Design Topologies- Introduction (2/3) -


Redundant Network Design Topologies- Introduction (3/3) - Should be incorporated into all network designs Extremely important at the core or backbone layer Help the designer meet the availability goals for

users accessing local services (in campus networks)

Help the designer meet the overall availability and performance goals (in enterprise networks)

Add complexity to the network topology and to network addressing and routing

Note: Select a level of redundancy that matches your customer’s requirements for availability and affordability


Redundant Network Design Topologies- Example -


Advantages: Provides high network availability Secures data transactions from hardware

failures Allows easier and more cost-effective

network management of redundant nodes Disadvantages:

Could be costly if not well designed

Redundant Network Design Topologies- Advantages & Disadvantages -


Redundant Network Design Topologies- Backup Paths (1/3) - A backup path:

Consists of routers and switches and individual backup links between routers and switches that duplicate devices and links on the primary path

Maintains interconnectivity even when one or more links are down

Two aspects of the backup path to consider: How much capacity does the backup path support? How quickly will the network begin to use the backup

path? Use a modeling tool to predict network

performance when backup is in use: It can be acceptable that the performance of the

backup path is worse than that of the primary path


Redundant Network Design Topologies- Backup Paths (2/3) - Backup paths usually have less capacity than

primary paths, e.g., a leased line with a backup dial-up line However, requirements may state that both must

provide the same performance this is expensive Tradeoff: Cost vs. Reliability

Automatic fail-over is necessary for mission-critical applications Where disruption is not acceptable If manual reconfiguration is required to switch to a

backup path, users will notice disruption Redundant partial mesh network design speeds

automatic recovery time when a link fails, e.g., spanning tree


Redundant Network Design Topologies- Backup Paths (3/3) -

Backup path must be tested Do not wait for a catastrophe to happen

Some backup links are used for load balancing as well as redundancy Advantage: Backup path is a tested solution that is

regularly used and monitored


Redundant Network Design Topologies- Load Sharing -

Redundancy improves performance by supporting load sharing across parallel links

Load sharing must be planned and in some cases configured However, some protocols do not support load sharing

by default (e.g., running RIP on IPX) Some internetworking devices support sharing

across multiple parallel paths

Modular Network Design Model


Modular Network Design Model

A fundamental concept related to hierarchy is modularity Cisco uses the Enterprise Composite Network Model

(ECNM) to describe different modules of a typical enterprise network

The ECNM comprises three major areas Each area is made up of modules Modules can be added if necessary Modules may have submodules Each area should be designed using a systematic, top-

down approach, applying hierarchy and redundancy where appropriate

Use ECNM to simplify the complexity of a large internetwork


Enterprise Composite Network Model (1/3)

Enterprise campus: Includes modules required to build a robust campus

network Contains all elements for independent operation within one

campus location An enterprise can have more than one campus

Enterprise edge: Aggregates the connectivity from various elements at the

edge of an enterprise network Functional area filters traffic from the edge modules and

routes it into the enterprise campus Contains all elements for efficient and secure

communication between the enterprise campus and remote locations, business partners, mobile users, and the Internet



Service provider edge: Modules within are not implemented by the

enterprise Enable communication with other networks using

WAN technologies and ISPs



Campus/LAN Network Design Topology


Campus Network Design Topology - Introduction (1/2) - Should meet a customer’s goals for availability and

performance: Small bandwidth domains Small broadcast domains Redundancy Mirrored servers Multiple ways for a workstation to reach a router for

off-net communications Should be designed using a hierarchical and

modular approach To offer good performance, maintainability, and

scalability


Campus Network Design Topology - Introduction (2/2) - Features a high performance, switched backbone,

i.e., campus backbone: Connects buildings and different parts of the campus Switched LANs:

Can provide dedicated bandwidth to specific users

High-capacity, centralized server farm: Connects to the backbone and provides internal

server resources to users, e.g., e-mail Must provide access to management devices that

support monitoring, logging, security, etc.


Campus Network Design Topology - Virtual LANs (1/3) - VLAN: A logical grouping of nodes, consisting of

clients and servers that reside in a common broadcast domain

Nodes within one VLAN: Need not be physically connected to the same switch or

even be in the same physical location Appear as though they are connected to one Layer 2

bridge or switch

Primary purpose of Virtual LANs (VLANs) is to reduce broadcast and multicast traffic

Allow a large, flat, switch-based network to be divided into separate broadcast domains


Campus Network Design Topology - Virtual LANs (2/3) -

VLANs allow for more flexibility in the positioning of end stations and servers: They can be placed physically anywhere in the building

and still remain in the same logical LAN (i.e., VLAN) They can be placed physically in the same location but

move to a new logical LAN Simplify moves, adds, and changes in a campus network


Campus Network Design Topology - Virtual LANs (3/3) -


Virtual LANs - VLAN Types -

There are three basic VLAN memberships for determining and controlling how a packet gets assigned: Port-based VLANs (Fastest) MAC-address-based VLANs Protocol-based VLANs


VLAN Types - Port-Based VLANs (1/2) - A VLAN is a collection of

ports across one or more switches A device attached to one of these

ports is a member of this VLAN Manually assign a switch port

to a particular VLAN number Example: Assign switch port 8 to

a VLAN called Finance Connect multiple VLAN switch

ports to form a common VLAN Example: Switch port 1 can

connect to marketing employees in HQ building, port 2 can connect to marketing employees in Sales building, etc.


VLAN Types - Port-Based VLANs (2/2) - Advantages

Setup is quick and easy to understand

Disadvantages Can not have a single port in more than one VLAN Manual tracking of all VLAN names, port numbers, and

connected associated nodes Changing ports for a user requires reconfiguration of the

VLAN setup


VLAN Types- MAC-Based VLANs (1/2) - VLAN membership is determined by the device MAC

address Add individual MAC addresses manually to specific

VLANs End station, no matter where it is on a network, will be

a member of that VLAN


VLAN Types- MAC-Based VLANs (2/2) - Advantages

No need to reconfigure with mobility If you move the PC / notebook (i.e., NIC, and MAC address)

Switch will retain original VLAN membership

Disadvantages Every MAC address needs to be entered manually or added

to a VLAN Performance degradation on ports with several MACs on

different VLANs Many docking stations for notebooks have the NIC card

installed in them instead of in the notebooks If NIC or PC is faulty and replaced, the switch VLAN

configuration needs to be updated


VLAN Types - Layer 3/Protocol-Based VLANs (1/2) - A VLAN group is based on protocol type (e.g., IP)

or on network address Must be running more than one protocol Set up a VLAN based on what specific protocol is

in use


VLAN Types - Layer 3/Protocol-Based VLANs (2/2) - Advantages

Often, particular applications use a specific protocol Allows you to create an application-specific VLAN A single port can participate in multiple VLANs Can segment by Network Operating System (NOS) server

by choosing NetWare and NT as policies (most common use of this kind of VLAN)

Disadvantages Must read layer-3 addresses in packets Analyzing the protocol type on every packet is very time-

consuming (vs. MAC- and port-based VLAN switching)


VLAN Types - Layer 3/IP Network Address VLANs (1/2) -

Similar to protocol-based method in that it uses Layer-3 info to determine VLAN membership

Different IP nodes can be grouped together to form one VLAN

Works very well with IP LANs, where each node can have a unique IP subnet address


VLAN Types - Layer 3/IP Network Address VLANs (2/2) -

Advantages Works well if VLAN grouping matches the physical IP

subnet structure

Disadvantages Network address-based VLANs only work for IP-based

nodes


VLAN Types - IP Multicast Address-Based VLANs - Use a proxy address for a larger group of IP

addresses If a frame needs to go to the group of IP addresses, it

is sent first to the proxy IP address and then forwarded to the entire group

Membership in the group is voluntary Useful in networks where video or audio data is

being broadcast and only a select few users are allowed or want to view or listen to the info

Setup at Layer 3 or higher Temporary; nodes can leave the multicast domain at

any time


VLAN Types - Summary of VLAN Membership Options (1/2) -


VLAN Types - Summary of VLAN Membership Options (2/2) -


Virtual LANs - Broadcast Domains with VLANs and Routers (1/3) -

A VLAN is a broadcast domain created by one or more switches

Both scenarios show how three separate broadcast domains are created using three separate switches Layer 3 routing allows the router to send packets to the different

broadcast domains



In this scenario, a VLAN is created using one router and one switch However, there are three separate broadcast domains

The router routes traffic between the VLANs using Layer 3 routing The switch forwards frames to the router interfaces:

If it is a broadcast frame If it is in route to one of the MAC addresses on the router



Implementing VLANs on a switch causes the following to occur: The switch maintains a separate bridging table for each

VLAN If the frame comes in on a port in VLAN 1, the switch searches

the bridging table for VLAN 1 When the frame is received, the switch adds the source

address to the bridging table if it is currently unknown The destination is checked so a forwarding decision can be

made


Virtual LANs - Disadvantages -

No association between the physical layout and the logical layout

Extra traffic through the backbone if more than one switch cover a broadcast domain


Virtual LANs - Distributed VLANs -

S2 S3

S1

S5 S6

S4

Router

Subnet 2 VLAN

Subnet 15 VLAN

Subnet 230 VLAN

Subnet 18 VLAN

Subnet 135 VLANSubnet 9 VLAN

Traffic for 2, 15 & 230Traffic for 9, 18 & 135

Key


Virtual LANs - VLAN Tagging - Inter Switch Link (ISL) (Cisco Proprietary) and 802.1Q are

two types of encapsulation that are used to carry data from multiple VLANs over trunk links

802.1Q VLANs “tag” frames by adding four bytes of VLAN info where the Type or Length field was, and slides down the original bytes

PreambleStart of frame

delimiter

Data, the payload CRC

7 bytes 1 byte

46 to 1500 bytes 4 bytes

IFG

96b

Destination address Source addressType or Length

6 bytes6 bytes 2 bytes

IEEE 802

Done in hardwareDone in software

VLAN Tag

4 bytes

Done in switch


Virtual LANs - VLAN Tag Format - Two-byte Tag Protocol Identifier field (only used for Token

Ring, FDDI - set to 0x8100 for Ethernet) Three-bit User Priority field (for 802.1p prioritization) One-bit Canonical Format Indicator (CFI - used for Token

Ring encapsulation in Ethernet) Twelve-bit VLAN ID (4096 possible VLANs)

CFIUserPriority

VLAN IDTagProtocolIdentifier

3 Bits 1 Bit 12 Bits

Tag Control Info

2 Bytes 2 Bytes


Virtual LANs - VLAN Trunking - VLAN tags can be used to allow multiple VLAN

traffic across a common link (called VLAN trunking)

S1 S2

Subnet 2 VLAN

Subnet 15 VLAN

Subnet 2 Traffic

Subnet 15 Traffic

Key


Campus Network Design Topology - Wireless LANs - Wireless LANs (WLANs) support user mobility Offers access in open areas on the campus Enables deployment of LANs where it is not cost-

effective or practical to install cabling Designer needs to determine the converge area of

each wireless cell (a single access point (AP)) and decide how many cells are needed

APs should be positioned for maximum coverage Whenever possible, a WLAN should be a separate

subnet to simplify addressing while roaming, and to improve management and security


Design redundant links between LAN switches Topology of each module and sub-module is partially

determined by the Spanning Tree Protocol (STP) Most LAN switches implement IEEE 802.1d

spanning tree algorithm Loops in network traffic are avoided Algorithm guarantees that only one path is active between

two stations Good solution for redundancy, but not for load sharing

Can combine IEEE 802.1d and VLANs in some switches to implement one spanning tree per VLAN Redundant links can offer load sharing and fault tolerance

Campus Network Design Topology - Redundant LAN Segments (1/3) -




A is the root bridge for VLANs 2, 4, and 6 B can become root bridge if A fails

B is the root bridge for VLANs 3, 5, and 7 A can become root bridge if B fails

This design scale to very large campus networks Has been tested on a network with:

8000 users 80 access-layer switches 14 distribution-layer switches 4 core campus routers



Campus Network Design Topology- Server Redundancy (1/2) - Depends on the customer’s requirements Services include: file, web, DHCP (Dynamic Host

Configuration Protocol), name, database, etc. Use redundant servers when needed Example: DHCP

The servers should hold redundant (mirrored) copies of the DHCP database

DHCP servers can be placed at either the: Access layer - for large networks

Avoids excessive traffic between access and distribution layers

Each DHCP server serves a smaller % of users Distribution layer - for small networks


Campus Network Design Topology- Server Redundancy (2/2) -


Campus Network Design Topology- Workstation-to-Router Redundancy - Routers may implement HSRP (Hot Standby Router

Protocol): Cisco proprietary Provides automatic router backup when configured on

Cisco routers Allows one router to automatically assume the function of a

second router if the second router fails Provides a way for an IP workstation to keep

communicating on an internetwork even it its default router becomes unavailable

Useful when users on one subnet require continuous access to resources in a network

VRRP (Virtual Router Redundancy Protocol) is an industry standard that provides very similar features and functions as the HSRP


Workstation-to-Router Redundancy- HSRP (1/3) - HSRP works by creating a phantom router with its

own IP and MAC addresses


Workstation-to-Router Redundancy- HSRP (2/3) - Each workstation uses the

phantom as its default router

When a workstation broadcasts an ARP frame to find its default router, the active HSRP router responds with the phantom’s MAC address

If the active HSRP router goes offline, a standby router takes over as active router


Workstation-to-Router Redundancy- HSRP (3/3) -

HSRP routers on a LAN communicate to designate an active and standby router

Uses a priority scheme to determine which HSRP-configured router is to be the default active router

Exchange of multicast messages advertise priority among HSRP-configured routers

When the active router fails to send a hello message within configurable period of time, the standby router with the highest priority becomes the active router


Workstation-to-Router Redundancy- MHSRP (1/2) - Multigroup HSRP (MHSRP)

Extension of HSRP that allows a single router interface to belong to more than one Hot Standby group


Workstation-to-Router Redundancy- MHSRP (2/2) - Load Sharing

Half of workstations on a LAN are configured for router A, and other half are configured for router B


There are two types of backbone design:

Distributed backbones

Collapsed backbones

Campus Network Design Topology- Backbone Design -


Backbone Design- Distributed Backbones in Buildings (1/3) -

Each floor’s router is directly connected to a centralized backbone

The backbone is typically and FDDI ring This provides maximum fault tolerance

Generally, do not contain a single point of failure Requires extra input and output ports for each

component Advantage: Faults quickly corrected by isolation

process Disadvantage: High cost (also because of fiber)





Drawbacks: Multiple IP network numbers

Difficult to add, move, or change users (not flexible) More expensive Migration to switching not easy Less-flexible approach to wiring a building


Backbone Design- Distributed Backbones on the Campus -

More resource-efficient solution than in a building Example: high cost might be acceptable here

Drawback: Lack of flexibility in connecting to other buildings on the campus (because of routers) Switching allows for more flexibility (but not easily

deployed on campus) Logical groups are defined within each building


Backbone Design- Collapsed Backbones in Buildings (1/4) -

Has a single concentration point connecting all floors All floor-to-floor connectivity passes through the

backbone component Single point of failure (Router)

Solution: Router with HSRP

More flexible and cost-effective approach to wiring a building Although more cabling is required to support this

topology





Problem isolation is simple, while finding problem’s root cause is difficult Because any troubleshooting changes can

potentially impact other segments attached to the same device

Changes can be easily made Moving users is easier, because all of them are

directly attached to the central concentration point Can be extended to accommodate VLANs



VLANs in a building More flexibility in positioning of end stations and

servers


Backbone Design- Collapsed Backbones on the Campus -

VLANs across a campus One switch acts as the backbone for the entire campus Assign stations to VLANs such that only 20% of their

traffic is destined to other VLANs

Enterprise/WAN Network Design Topology


Enterprise Edge Network Topology - Introduction - Enterprise edge network design topology should

meet a customer’s goals for availability and performance: Redundant LAN and WAN segments in the intranet Multiple paths to extranets and the Internet

Extranet: an internal internetwork that is accessible by outside parties, e.g., suppliers, resellers, etc.


Enterprise Edge Network Topology- Redundant WAN Segments -

Usually uses a hierarchical partial-mesh topology

Circuit diversity: physical circuit routing of backup WAN links and primary WAN links should be different than each other Different carriers sometimes use the same facilities

Backup path is susceptible to same failure Backup should be really a backup


Enterprise Edge Network Topology- Multihoming the Internet Connection (1/2) -

Multihoming the Internet connection: provides an enterprise network more than one entry into the Internet (i.e., redundancy and fault tolerance)

Definition: Multihoming - provides more than one connection for a system to access and offer network services Example: A server is multihomed if it has more than

one network-layer address Options for multihoming the Internet connection

(i.e., the enterprise network is multihomed to the Internet)


Enterprise Edge Network Topology- Multihoming the Internet Connection (2/2) -


An enterprise network design alternative A public network, such as the Internet, is used as a

backbone for the enterprise network Link remote offices together Can connect business suppliers and distributors

through a third-party proprietary network No permanent link is required Inexpensive compared to private leased lines

Enterprise Edge Network Topology- Virtual Private Networks (VPNs) (1/2) -


Control of network infrastructure is not in your hand!

Provide a secure connection among sites on the organization’s internetwork

Private data is encrypted for routing through the public network

Can use Dial-on-demand routing (DDR)

Enterprise Edge Network Topology- Virtual Private Networks (VPNs) (2/2) -


Enterprise Edge Network Topology- Remote-Access VPN for a Retail Company -


Enterprise Edge Network Topology- WAN Topologies -

Star or Hub-and-SpokeFull-Mesh

Partial-Mesh


Enterprise Edge Network Topology- Three-layer Design Model (WAN version) -

Secure Network Design Topologies


Policy and Standardization: Allow network users freedom to use network services

securely Access management (different levels for different ranks) Remote access management Data encryption and authentication Firewalls Physical security

Secure Network Design Topologies - Three Main Areas (1/2) -


Implementation: Firewalls are commonly used Not everyone needs to know what level of security is

implemented!

Audit and Review: Review and audit of network security is critical Should be aware of latest news on hacker activity and

threats to your network systems Stay current on new technologies as well as latest

software patches, security holes, and enhancements

Secure Network Design Topologies - Three Main Areas (2/2) -


Secure Network Design Topologies- Physical Security & Firewalls - Planning for physical security

Protection from unauthorized access, theft, vandalism, and natural disasters (e.g., floods, fires, storms, and earthquakes)

Not an aspect of logical network design, but it has an impact on it

Meeting security goals with firewall topologies Definition: (National Computer Security Association (NCSA))

Firewall – a system or combination of systems that enforces a boundary between two or more networks


Secure Network Design Topologies - Firewall Topologies (1/3) - A firewall can be either:

a router with access control lists (ACLs), or a dedicated hardware box (e.g., PIX), or a software running on a PC or UNIX system

A firewall should be placed in the network so that all traffic from outside the protected network must pass through the firewall

A firewall is especially important at the boundary between the enterprise network and the Internet

A basic firewall topology is simply a router with: a WAN connection to the Internet, and a LAN connection to the enterprise network, and a software that has security feature


Secure Network Design Topologies - Firewall Topologies (2/3) - A router can also use Network Address Translation

(NAT) to hide internal addresses from Internet hackers

Larger companies use a dedicated firewall in addition to a router (with security features) between the Internet and the enterprise network

A firewall topology can include a public LAN that hosts Web, FTP, DNS, and SMTP servers (for customers who need to publish public data) This public LAN is referred to as: demilitarized or

free-trade zone (DMZ)


Secure Network Design Topologies - Firewall (DMZ) Topologies (3/3) -


References

P. Oppenheimer, “Top-Down Network Design,”

Cisco Press, 2nd edition, 2004

Dr. Marwan Abu-Amara (COE, KFUPM), CSE 550

Lecture Slides, Term 052

“Cisco Internetwork Design” edited by Matthew H.

Birkner. Cisco Systems, 2000

http://www.cisco.com/

Date post:	25-Jan-2016
Category:	Documents
Upload:	fritz
View:	62 times
Download:	3 times

CSE 550 Computer Network Design

Documents