Top-Down Network Design, Ch. 5: Designing a Network · PDF file... the access layer consists...

Page 1Copyright 2004 Cisco Press & Priscilla Oppenheimer

Top-Down Network Design, Ch. 5: Designing a Network Topology

Top-Down Network Design

Chapter Five

Designing a Network Topology

Copyright 2010 Cisco Press & Priscilla Oppenheimer

Topology

� A map of an internetwork that indicates network segments, interconnection points, and user communities.

� A term used in the computer networking field to describe the structure of a network

� During the topology design phase, you identify networks and interconnection points, the size and scope of networks, and the types of internetworking devices that will be required, but not the actual devices.



Network Topology Design Themes

� Hierarchy

� Redundancy

� Modularity

� Well-defined entries and exits

� Protected perimeters

Why Use a Hierarchical Model?

� Reduces workload on network devices

◦ Avoids devices having to communicate with too many other devices (reduces “CPU adjacencies”)

� Constrains broadcast domains

� Enhances simplicity and understanding

� Facilitates changes

� Facilitates scaling to a larger size



Hierarchical Network Design

Cisco’s Hierarchical Design Model

� A core layer of high-end routers and switches that are optimized for availability and speed

� A distribution layer of routers and switches that implement policies and segment traffic

� An access layer that connects users via hubs, switches, and other devices◦ WAN: the access layer consists of the routers at the edge of the

campus networks.

◦ Campus network: the access layer provides switches for end-user access





Flat Versus Hierarchy� A flat WAN for a small company can consist of a few sites connected in a loop. Each site has a WAN router that connects to two other adjacent sites via point-to-point links



Mesh Designs� Mesh topology helps meet availability requirements

� Partial-mesh network has fewer connections. Reach another router or switch might require traversing intermediate links

� Full-mesh topology: every router or switch is connected to every other router or switch.

A Partial-Mesh Hierarchical Design



A Hub-and-Spoke Hierarchical Topology

� A topology that consists of one central network and a set of remote networks each with one connection to the central network and no direct connections to each other.

� Traffic between remote networks goes through the hub network.

Avoid Chains and Backdoors

� Connect the branch network to another branch, adding a fourthlayer. This is a common network design mistake that is known as adding a chain.

� A backdoor is a connection between devices in the same layer. they cause unexpected routing and switching problems and make network documentation and troubleshooting more difficult.



How Do You Know When You Have a Good Design?

� When you already know how to add a new building, floor, WAN link, remote site, e-commerce service, and so on

� When new additions cause only local change, to the directly-connected devices

� When your network can double or triple in size without major design changes

� When troubleshooting is easy because there are no complex protocol interactions

Campus Topology Design

� Use a hierarchical, modular approach

� Minimize the size of bandwidth domains

� Minimize the size of broadcast domains

� Provide redundancy

◦ Mirrored servers

◦ Multiple ways for workstations to reach a router



Cisco’s Enterprise Composite Network Model

� To scale the hierarchical model, Cisco developed the ECNM, which reduces the enterprise network into further physical, logical, and functional boundaries. Hierarchy is embedded as required into each module.

Enterprise Campus Modules

� Server farm

� Network management module

� Edge distribution module for connectivity to the rest of the world

� Campus infrastructure module:

◦ Building access submodule

◦ Building distribution submodule

◦ Campus backbone





Redundant Network Design Topologies

� Lets you meet network availability by duplicating network links and interconnectivity devices.

� Eliminates the possibility of having a single point of failure

� Can be implemented in both campus and enterprise

◦ Campus goals for users accessing local services

◦ Enterprise goals for overall availability and performance

◦ Analyze business and technical goals of customer



Backup Paths

� Consists of routers and switches and individual backup links between routers and switches that duplicate devices and links on the primary path

� Consider 2 aspects of backup path

◦ How much capacity does it support

◦ How quickly will the network begin using it

� Common to have less capacity than a primary path

◦ Different technologies

◦ Expensive

Backup Paths (Cont)

� Manual versus automatic

◦ Manual reconfigure users will notice disruption and for mission critical systems not acceptable

◦ Use redundant, partial-mesh network designs to speed automatic recovery time

� They must be tested

� Sometimes used for load balancing as well as backup



Load Balancing

� Primary goal of redundancy is to meet availability

� Secondary goal is to improve performance by load balancing across parallel links

� Must be planned and in some cases configured

� In ISDN environments can facilitate by configuring channel aggregation◦ Channel aggregation means that a router can automatically bring up multiple ISDN B channel as bandwidth requirements increase

Designing a Campus Network Design Topology

� Should meet a customer’s goals for availability and performance by:

◦ featuring small broadcast domains,

◦ redundant distribution-layer segments,

◦ mirrored servers,

◦ and multiple ways for a workstation to reach a router for off-net communications

� Designed using a hierarchical model for good performance, maintainability and scalability.



Virtual LANs (VLANs)

� An emulation of a standard LAN that allows data transfer to take place without the traditional physical limits placed on a network

� A set of devices that belong to an administrative group

� Designers use VLANs to constrain broadcast traffic

VLANs versus Real LANs

Two physical separate switches



A Switch with VLANs

VLANs Span Switches

The VLAN tag

contains a VLAN ID

that specifies to which

VLAN the frame

belongs

Trunk



WLANs and VLANs

� A wireless LAN (WLAN) is often implemented as a VLAN

� Facilitates roaming

� Users remain in the same VLAN and IP subnet as they roam, so there’s no need to change addressing information

� Also makes it easier to set up filters (access control lists) to protect the wired network from wireless users

Campus Hierarchical Redundancy Topology

� This design has been tested on a network that has 8000 users, 80 access layer switches, 14 distribution layer switches, and 4 core campus routers



Workstation-to-Router Communication

� Proxy ARP: router running proxy ARP can respond to the ARP request with the router's data link layer address.

� Listen for route advertisements: each router periodically multicasts an ICMP router advertisement packet from each of its interfaces, announcing the IP address of that interface. Workstations discover the addresses of their local routers simply by listening for advertisements

� ICMP router solicitations: a workstation can multicast an ICMP router solicitation packet to ask for immediate advertisements, rather than wait for the next periodic advertisement to arrive.

� Default gateway provided by DHCP

◦ Use Hot Standby Router Protocol (HSRP) for redundancy

Hot Standby Router Protocol (HSRP)

� HSRP works by creating a virtual router, also called a phantom router. The virtual router has its own IP and MAC addresses. Each workstation is configured to use the virtual router as its default gateway. When a workstation broadcasts an ARP frame to find its default gateway, the active HSRP router responds with the virtual router's MAC address. If the active router goes offline, a standby router takes over as active router, continuing the delivery of the workstation's packets.

� HSRP provides a way for an IP workstation to keep communicating on an internetwork even if its default gateway becomes unavailable.



Designing the Enterprise Edge Topology

Redundant WAN Segments

� Because Wan links can be critical, redundant (backup) WAN links are often included in the enterprise topology

� Full-mesh topology provides complete redundancy

� Full mesh is costly to implement, maintain, upgrade and troubleshoot



Multihoming the Internet Connection

The generic meaning of multihoming is to "provide more than one

connection for a system to access and offer network services."

Multihoming the Internet Connection



Virtual Private Networking� Enable a customer to use a public network to provide a secure connection among sites on the organization’s internetwork

� Can also be used to connect an enterprise intranet to an extranet to reach outside parties

� Gives the ability to connect geographically-dispersed offices via a service provider

� Company data can be encrypted for routing

� Firewalls and TCP/IP tunneling allow a customer to use a public network as a backbone for the enterprise network

Meeting Security Goals with Firewall Topologies - DMZ

� For the need to publish public data and protect private data, the firewall topology can include a public LAN that hosts Web, FTP, DNS, and SMTP servers. The public LAN referred as the free-trade zone. Another term is demilitarized zone (DMZ)

A firewall should be placed in the network

topology so that all traffic from outside the

protected network must pass through it.



Security Topologies - Three-part firewall

� An alternative topology is to use two routers as the firewalls and place the DMZ between them.



Summary

� Use a systematic, top-down approach

� Plan the logical design before the physical design

� Topology design should feature hierarchy, redundancy, modularity, and security

Review Questions

� Why are hierarchy and modularity important for network designs?

� What are the three layers of Cisco’s hierarchical network design?

� What are the major components of Cisco’s enterprise composite network model?

� What are the advantages and disadvantages of the various options for multihoming an Internet connection?

Date post:	16-Mar-2018
Category:	Documents
Upload:	duongduong
View:	231 times
Download:	5 times

Top-Down Network Design, Ch. 5: Designing a Network · PDF file... the access layer consists...

Documents