Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points, and user communities. A term used in the computer networking field to describe the structure of a network During the topology design phase, you identify networks and interconnection points, the size and scope of networks, and the types of internetworking devices that will be required, but not the actual devices. Page 1
Network Topology Design Themes Hierarchy Redundancy Modularity Well-defined entries and exits Protected perimeters Why Use a Hierarchical Model? Reduces workload on network devices Avoids devices having to communicate with too many other devices (reduces CPU adjacencies ) Constrains broadcast domains Enhances simplicity and understanding Facilitates changes Facilitates scaling to a larger size Page 2
Hierarchical Network Design Cisco s Hierarchical Design Model A core layer of high-end routers and switches that are optimized for availability and speed A distribution layer of routers and switches that implement policies and segment traffic An access layer that connects users via hubs, switches, and other devices WAN: the access layer consists of the routers at the edge of the campus networks. Campus network: the access layer provides switches for end-user access Page 3
Page 4
Flat Versus Hierarchy A flat WAN for a small company can consist of a few sites connected in a loop. Each site has a WAN router that connects to two other adjacent sites via point-to-point links Page 5
Mesh Designs Mesh topology helps meet availability requirements Full-mesh topology: every router or switch is connected to every other router or switch. Partial-mesh network has fewer connections. Reach another router or switch might require traversing intermediate links A Partial-Mesh Hierarchical Design Page 6
A Hub-and-Spoke Hierarchical Topology A topology that consists of one central network and a set of remote networks each with one connection to the central network and no direct connections to each other. Traffic between remote networks goes through the hub network. Avoid Chains and Backdoors Connect the branch network to another branch, adding a fourth layer. This is a common network design mistake that is known as adding a chain. A backdoor is a connection between devices in the same layer. they cause unexpected routing and switching problems and make network documentation and troubleshooting more difficult. Page 7
How Do You Know When You Have a Good Design? When you already know how to add a new building, floor, WAN link, remote site, e-commerce service, and so on When new additions cause only local change, to the directly-connected devices When your network can double or triple in size without major design changes When troubleshooting is easy because there are no complex protocol interactions Campus Topology Design Use a hierarchical, modular approach Minimize the size of bandwidth domains Minimize the size of broadcast domains Provide redundancy Mirrored servers Multiple ways for workstations to reach a router Page 8
Cisco s Enterprise Composite Network Model To scale the hierarchical model, Cisco developed the ECNM, which reduces the enterprise network into further physical, logical, and functional boundaries. Hierarchy is embedded as required into each module. Enterprise Campus Modules Server farm Network management module Edge distribution module for connectivity to the rest of the world Campus infrastructure module: Building access submodule Building distribution submodule Campus backbone Page 9
Page 10
Redundant Network Design Topologies Lets you meet network availability by duplicating network links and interconnectivity devices. Eliminates the possibility of having a single point of failure Can be implemented in both campus and enterprise Campus goals for users accessing local services Enterprise goals for overall availability and performance Analyze business and technical goals of customer Page 11
Backup Paths Consists of routers and switches and individual backup links between routers and switches that duplicate devices and links on the primary path Consider 2 aspects of backup path How much capacity does it support How quickly will the network begin using it Common to have less capacity than a primary path Different technologies Expensive Backup Paths (Cont) Manual versus automatic Manual reconfigure users will notice disruption and for mission critical systems not acceptable Use redundant, partial-mesh network designs to speed automatic recovery time They must be tested Sometimes used for load balancing as well as backup Page 12
Load Balancing Primary goal of redundancy is to meet availability Secondary goal is to improve performance by load balancing across parallel links Must be planned and in some cases configured In ISDN environments can facilitate by configuring channel aggregation Channel aggregation means that a router can automatically bring up multiple ISDN B channel as bandwidth requirements increase Designing a Campus Network Design Topology Should meet a customer s goals for availability and performance by: featuring small broadcast domains, redundant distribution-layer segments, mirrored servers, and multiple ways for a workstation to reach a router for off-net communications Designed using a hierarchical model for good performance, maintainability and scalability. Page 13
Virtual LANs (VLANs) An emulation of a standard LAN that allows data transfer to take place without the traditional physical limits placed on a network A set of devices that belong to an administrative group Designers use VLANs to constrain broadcast traffic VLANs versus Real LANs Two physical separate switches Page 14
A Switch with VLANs VLANs Span Switches Trunk The VLAN tag contains a VLAN ID that specifies to which VLAN the frame belongs Page 15
WLANs and VLANs A wireless LAN (WLAN) is often implemented as a VLAN Facilitates roaming Users remain in the same VLAN and IP subnet as they roam, so there s no need to change addressing information Also makes it easier to set up filters (access control lists) to protect the wired network from wireless users Campus Hierarchical Redundancy Topology This design has been tested on a network that has 8000 users, 80 access layer switches, 14 distribution layer switches, and 4 core campus routers Page 16
Workstation-to-Router Communication Proxy ARP: router running proxy ARP can respond to the ARP request with the router's data link layer address. Listen for route advertisements: each router periodically multicasts an ICMP router advertisement packet from each of its interfaces, announcing the IP address of that interface. Workstations discover the addresses of their local routers simply by listening for advertisements ICMP router solicitations: a workstation can multicast an ICMP router solicitation packet to ask for immediate advertisements, rather than wait for the next periodic advertisement to arrive. Default gateway provided by DHCP Use Hot Standby Router Protocol (HSRP) for redundancy Hot Standby Router Protocol (HSRP) HSRP provides a way for an IP workstation to keep communicating on an internetwork even if its default gateway becomes unavailable. HSRP works by creating a virtual router, also called a phantom router. The virtual router has its own IP and MAC addresses. Each workstation is configured to use the virtual router as its default gateway. When a workstation broadcasts an ARP frame to find its default gateway, the active HSRP router responds with the virtual router's MAC address. If the active router goes offline, a standby router takes over as active router, continuing the delivery of the workstation's packets. Page 17
Designing the Enterprise Edge Topology Redundant WAN Segments Because Wan links can be critical, redundant (backup) WAN links are often included in the enterprise topology Full-mesh topology provides complete redundancy Full mesh is costly to implement, maintain, upgrade and troubleshoot Page 18
Multihoming the Internet Connection The generic meaning of multihoming is to "provide more than one connection for a system to access and offer network services." Multihoming the Internet Connection Page 19
Virtual Private Networking Enable a customer to use a public network to provide a secure connection among sites on the organization s internetwork Can also be used to connect an enterprise intranet to an extranet to reach outside parties Gives the ability to connect geographically-dispersed offices via a service provider Company data can be encrypted for routing Firewalls and TCP/IP tunneling allow a customer to use a public network as a backbone for the enterprise network Meeting Security Goals with Firewall Topologies - DMZ For the need to publish public data and protect private data, the firewall topology can include a public LAN that hosts Web, FTP, DNS, and SMTP servers. The public LAN referred as the free-trade zone. Another term is demilitarized zone (DMZ) A firewall should be placed in the network topology so that all traffic from outside the protected network must pass through it. Page 20
Security Topologies - Three-part firewall An alternative topology is to use two routers as the firewalls and place the DMZ between them. Page 21
Summary Use a systematic, top-down approach Plan the logical design before the physical design Topology design should feature hierarchy, redundancy, modularity, and security Review Questions Why are hierarchy and modularity important for network designs? What are the three layers of Cisco s hierarchical network design? What are the major components of Cisco s enterprise composite network model? What are the advantages and disadvantages of the various options for multihoming an Internet connection? Page 22