CSE 550 Computer Network Design

CSE 550 Computer Network Design
Dr. Mohammed H. Sqalli COE, KFUPM Spring 2007 (Term 062)

Outline Network Topology Design Flat Network Topologies
Hierarchical Network Design Model Mesh Network Topologies Redundant Network Design Topologies Modular Network Design Model Campus/LAN Network Design Topology Enterprise/WAN Network Design Topology Secure Network Design Topologies CSE-550-T062 Lecture Notes - 6

Network Topology Design

First step in the logical design phase of the top-down network design methodology During this phase, we identify: Networks and interconnection points Size and scope of networks Types of internetworking devices required CSE-550-T062 Lecture Notes - 6

Questions to determine network topology: Is it a small LAN with few workstations? Is it a campus LAN or a massive enterprise implementation? Is scalability important? How about network management? What about cost? CSE-550-T062 Lecture Notes - 6

No one topology is right for every network environment Each network topology can be an integral part of another topology design Redundant and secure topologies should be part of every network design CSE-550-T062 Lecture Notes - 6

Network Topologies Network topologies covered: Flat Hierarchical Mesh
Redundant Campus/LAN Enterprise/WAN Secure CSE-550-T062 Lecture Notes - 6

Flat Network Topologies

Flat Network Topologies
Generally used for very small networks Each network device (e.g., hub, switch, …) is used for a general rather than specific purpose Most network components are used for simple broadcasting and providing limited switching capabilities Based on a common broadcast domain There is no hierarchy Not generally created in a modular fashion Provide a consistent and easy-to-manage network environment Scalability is not usually an important design factor CSE-550-T062 Lecture Notes - 6

Flat Network Topologies - Advantages -
Lower initial cost – due to the smaller size of network and lower equipment costs Special routing and switching components are not used to a wide extent Reliability – due to the simplistic design and general static nature of the topology Easy to design – due to the lack of need for modularity and scalability Easy to implement – due to the lack of specialized switching equipment Easy to maintain – as long as the network stays small CSE-550-T062 Lecture Notes - 6

Flat Network Topologies - Disadvantages -
Not modular – changes to the environment will usually affect all internetworking devices Bandwidth domain – most if not all devices are usually in the same bandwidth domain (i.e., share the same bandwidth) Broadcast domain – same broadcast domain that can lead to congestion Lack of hierarchy makes troubleshooting difficult – inspect the entire network CSE-550-T062 Lecture Notes - 6

Flat WAN Topologies Flat loop topology: A WAN for a small company may consist of a few sites connected in a loop Meets goals for low cost and reasonably good availability Quick convergence of routing protocols Communication recovery when one link fails Not recommended for networks with many sites: Significant delay and a higher probability of failure because of routers that are many hops away CSE-550-T062 Lecture Notes - 6

Flat vs. Hierarchical WAN Topologies
Hierarchical redundant topology meets goals for scalability, high availability, and low delay CSE-550-T062 Lecture Notes - 6

Hierarchical Network Design Model

Hierarchical Network Design Model (1/2)
When scalability is a major goal, a hierarchical topology is recommended Created in layers to allow specific functions and features to be implemented in each of the layers Each component is carefully placed in a hierarchical design for maximum efficiency and specific purpose Routers, switches, and hubs all play specific role in routing and distributing data and packet information The model can be used for switched networks as well as routed networks CSE-550-T062 Lecture Notes - 6

Hierarchical Network Design Model (2/2)
Incorporates 3 key layers (Three-tier hierarchical model): Core layer Distribution layer Access layer Each layer has a specific role Each layer provides a backbone for the layer below Definition: A backbone is a network whose primary purpose is the interconnection of other networks CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Topology (1/4)
CSE-550-T062 Lecture Notes - 6

A Partial-Mesh Hierarchical Design CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Topology - Core Layer (1/3) -
Main rule: Design the core layer for optimized transport between sites Should be optimized for low latency and good manageability Consists of high-end routers and switches that are optimized for availability and performance Focus on redundancy and reliability Adapt to changes quickly and continue to function with circuit outages Should have a limited and consistent diameter Provides predictable performance and ease of troubleshooting CSE-550-T062 Lecture Notes - 6

Provides optimal wide-area transport between geographically remote sites Connects campus networks in a corporate or enterprise WAN Services are typically leased from a telecom service provider Need to efficiently use bandwidth because of provider tariffs May use the public Internet as enterprise backbone CSE-550-T062 Lecture Notes - 6

Includes one or more links to external networks (for extranet or Internet connections). This centralization at the core: Reduces complexity and potential of routing problems Minimizes security concerns, due to having only one security structure to administer Means higher bandwidth costs Avoid using packet filters or other features that slow down the manipulation of packets Avoid connecting end stations to the core CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Topology - Distribution Layer (1/3) -
Main rule: Connect network services and implement policies at the distribution layer Demarcation point between access and core layers Acts as a concentrator point for many of its access layer sites Delineates broadcast domains (can be done at the access layer as well) Can be configured to route between VLANs Connects multiple networks (departments) within a campus network environment (one or more buildings) Includes campus backbone network, based on FDDI, Fast Ethernet, Gigabit Ethernet, or ATM Connects network services to the access layer CSE-550-T062 Lecture Notes - 6

Links usually owned and/or controlled by the organization Network policies are often implemented in this layer: Consists of routers and switches that implement policies Network security: Firewall, filtering, encryption Access to services (admin privileges, etc.) Traffic patterns through definition of path metrics (priority, preference, trust, etc) Route summarization / Address aggregation Network naming and numbering conventions Traffic loading, routing, and address translation CSE-550-T062 Lecture Notes - 6

Controls access to resources for security reasons Controls network traffic that traverses the core for performance reasons Redistribute between bandwidth-intensive access layer routing protocols (e.g., IGRP), and optimized core routing protocols (e.g., EIGRP) Should hide detailed topology information about the access layer from core routers Maximizes hierarchy, modularity, and performance (e.g., route summarization) Should hide detailed topology information about the core layer from the access layer (e.g., use one default route) CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Topology - Access Layer (1/3) -
Main rule: Move users down to the access layer Provides end-user access to a network Where hosts are attached to the network (e.g., labs) Usually a LAN or a group of LANs Usually within a single building (or single floor) Typically uses Ethernet, Token Ring, or FDDI Can include routers, switches, bridges, shared-media hubs, and wireless access points CSE-550-T062 Lecture Notes - 6

Connects workgroups (e.g., marketing, administration) Can be divided into two levels (workgroup level and desktop level) Workgroup level: e.g., departmental level Desktop level: where end-user devices are attached Provides logical network segmentation, traffic isolation, and distributed environment Remote (dialup) users are connected at this tier CSE-550-T062 Lecture Notes - 6

In a campus network, it provides switches or hubs for end-user access Connects users via lower-end switches and wireless access points Switches are used to divide up bandwidth domains to meet the specific demands of certain applications (e.g., multimedia) In a WAN design, it consists of the routers at the edge of the campus networks Provides remote access into the corporate internetwork using WAN technologies, e.g., ISDN, Frame Relay, etc. Can implement routing features, e.g., dial-on-demand (DDR) routing CSE-550-T062 Lecture Notes - 6

Hierarchical Network Design - Guidelines (1/3) -
Choose a hierarchical model that best fits your requirements Do not always completely mesh all tiers of the network (use the backbone for connections) Core connectivity, however, will generally be meshed for circuit redundancy and network convergence speed Do not place end stations on backbones Improves the reliability of the backbone Workgroup LANs should keep as much as 80% of their traffic local to the workgroup Right positioning of the servers Use specific features at the appropriate hierarchical level CSE-550-T062 Lecture Notes - 6

Control the diameter of a hierarchical enterprise network topology (in most cases, 3 major layers are sufficient) Provides low and predictable latency Helps predict routing paths, traffic flows, and capacity requirements Makes troubleshooting and network documentation easier Design the access layer first, then the distribution layer, and finally the core layer Helps, more accurately, perform capacity planning at the distribution and core layers CSE-550-T062 Lecture Notes - 6

Avoid chains at the access layer (e.g., connecting a branch network to another branch, adding a 4th layer) Avoid backdoors (i.e., connection between devices in the same layer) Cause unexpected routing problems Make network documentation and troubleshooting more difficult CSE-550-T062 Lecture Notes - 6

Hierarchical Network Design Guidelines - A Chain and A Backdoor at the Access Layer -

Three-layer Hierarchical Topology - Advantages (1/4) -
Modularity: Keeps each design element simple and easy to understand Allows each component to perform a specific purpose in the internetwork Easier and more organized network management Enables creating design elements that can be replicated as the network grows  Scalability Example: Planning a campus network for a new site might simply mean replicating an existing campus network design Scalability: Allows addition of routers, switches, etc. when needed with minimum impact to design Hierarchical networks are built for maximum scalability As elements in a network require change, the cost of an upgrade is contained to a small subset of the network CSE-550-T062 Lecture Notes - 6

Predictability: Makes capacity planning for growth easier Manageability: Easy to deploy network management instrumentation by placing probes at different levels of hierarchy More automated Ease of troubleshooting: Fault isolation is improved because network technicians can easily recognize the transition points in the network to help isolate possible failure points Use “divide-and-conquer” approach: Temporarily segment the network Does not affect core tier network CSE-550-T062 Lecture Notes - 6

Ease of implementation: Phased approach is more effective due to cost of resources Efficient allocation of resources in each phase of network deployment Simplicity: Minimizes the need for extensive training for network operations personnel Testing a network design is made easy because there is clear functionality at each layer Protocol support: Mixing new protocols is easier Merger of companies using different protocols is easier CSE-550-T062 Lecture Notes - 6

High availability: Due to redundancy, alternate paths, optimization, and filtering Low delay: Routers delineating broadcast domains Multiple paths for switching and routing Cost efficient: Due to ability to optimize and tune switching and routing paths Today’s fast-converging routing protocols were designed for hierarchical topologies Route summarization is facilitated by hierarchical network design CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Topology - Disadvantages -
Cost – due to redundancy that is often integrated into the network topology and switching equipment CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Model - Variations -
One-tier Design – Distributed One-tier Design – Hub-and-Spoke Two-tier Design CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Model - One-tier Design – Distributed -
Remote networks connect to a pseudo-core Good for small networks with no centralized server location Advantage: Faster overall response time between peers, simplicity, and cost effectiveness Disadvantage: Loss of centralized management control and higher management cost because of duplicated management functions Responsibilities such as server backups and network documentation are delegated to the access site CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Model - One-tier Design – Hub-and-Spoke -
Servers are located in central farms Advantage: Increased management control (centralized) Disadvantage: Single points of failure and bandwidth aggregation CSE-550-T062 Lecture Notes - 6

Three-layer Hierarchical Model - A Hub-and-Spoke Hierarchical Topology -

Three-layer Hierarchical Model - Two-tier Design -
A campus backbone that interconnects separate buildings VLANs can be used to create separate logical networks (i.e., broadcast domains) CSE-550-T062 Lecture Notes - 6

How Can You Tell When You Have a Good Design? (P. Welcher)
When you already know how to add a new building, floor, WAN link, remote site, e-commerce service, and so on When new additions cause only local change, to the directly connected devices When your network can double or triple in size without major design changes When troubleshooting is easy because there are no complex protocol interactions to wrap your brain around CSE-550-T062 Lecture Notes - 6

Mesh Network Topologies

Mesh Network Topologies
Network designers often recommend a mesh topology to meet availability requirements Constructed with many different interconnections between network nodes Two types: Full-mesh topology Partial-mesh topology CSE-550-T062 Lecture Notes - 6

Mesh Network Topologies - Full-Mesh Topology (1/3) -
Every router or switch is connected to every other router or switch Provides complete redundancy and excellent reliability Offers good performance Nodes are typically located at core level or backbone level of the enterprise network CSE-550-T062 Lecture Notes - 6

Frequently supports mission-critical services and applications Cannot guarantee that server or application failures will be avoided with just a fully meshed backbone Not a cost-effective solution High number of links: (N*(N-1))/2 for N routers of switches CSE-550-T062 Lecture Notes - 6

Mesh Network Topologies - Partial-Mesh Topology (1/2) -
Has fewer connections than full-mesh topology Each network node or switch does not necessarily have immediate connection to each other network node or switch To reach another router, the network might require traversing intermediate links Can still provide redundancy through alternate paths Allows mission critical applications to continue processing If a network connection fails, the network will remain operational with reduced bandwidth and service levels More likely to be implemented in an enterprise network CSE-550-T062 Lecture Notes - 6

Mesh Network Topologies - Partial-Mesh Topology (2/2) -

Mesh Network Topologies - Advantages -
Good Reliability Redundancy – provided by having multiple links connecting each network site CSE-550-T062 Lecture Notes - 6

Mesh Network Topologies - Disadvantages -
Mesh networks can be expensive to deploy and maintain: Due to redundancy and high circuit cost Hard to optimize, troubleshoot, and upgrade Devices not optimized for specific functions Containing network problems is difficult because of lack of modularity Difficult to upgrade just one part of the network Have scalability limits for groups of routers that broadcast routing updates (i.e., processing increases) A hierarchical design limits the number of router adjacencies CSE-550-T062 Lecture Notes - 6

Mesh Network Topologies - A Partial-Mesh Hierarchical Design -

Redundant Network Design Topologies

Redundant Network Design Topologies - Introduction (1/3) -
Provide network availability by duplicating network links and interconnectivity devices Eliminate the possibility of having a single point of failure (SPOF) on the network Goal: Duplicate any required component whose failure could disable critical applications Need to consider redundancy in transmission media, routers, workstations, and servers Designer can select different media types to provide redundancy (e.g., satellite and data circuits) CSE-550-T062 Lecture Notes - 6

Should be incorporated into all network designs Extremely important at the core or backbone layer Help the designer meet the availability goals for users accessing local services (in campus networks) Help the designer meet the overall availability and performance goals (in enterprise networks) Add complexity to the network topology and to network addressing and routing Note: Select a level of redundancy that matches your customer’s requirements for availability and affordability CSE-550-T062 Lecture Notes - 6

Redundant Network Design Topologies - Example -

Redundant Network Design Topologies - Advantages & Disadvantages -
Provides high network availability Secures data transactions from hardware failures Allows easier and more cost-effective network management of redundant nodes Disadvantages: Could be costly if not well designed CSE-550-T062 Lecture Notes - 6

Redundant Network Design Topologies - Backup Paths (1/3) -
A backup path: Consists of routers and switches and individual backup links between routers and switches that duplicate devices and links on the primary path Maintains interconnectivity even when one or more links are down Two aspects of the backup path to consider: How much capacity does the backup path support? How quickly will the network begin to use the backup path? Use a modeling tool to predict network performance when backup is in use: It can be acceptable that the performance of the backup path is worse than that of the primary path CSE-550-T062 Lecture Notes - 6

Backup paths usually have less capacity than primary paths, e.g., a leased line with a backup dial-up line However, requirements may state that both must provide the same performance  this is expensive Tradeoff: Cost vs. Reliability Automatic fail-over is necessary for mission-critical applications Where disruption is not acceptable If manual reconfiguration is required to switch to a backup path, users will notice disruption Redundant partial mesh network design speeds automatic recovery time when a link fails, e.g., spanning tree CSE-550-T062 Lecture Notes - 6

Backup path must be tested Do not wait for a catastrophe to happen Some backup links are used for load balancing as well as redundancy Advantage: Backup path is a tested solution that is regularly used and monitored CSE-550-T062 Lecture Notes - 6

Redundant Network Design Topologies - Load Sharing -
Redundancy improves performance by supporting load sharing across parallel links Load sharing must be planned and in some cases configured However, some protocols do not support load sharing by default (e.g., running RIP on IPX) Some internetworking devices support sharing across multiple parallel paths CSE-550-T062 Lecture Notes - 6

Modular Network Design Model

Modular Network Design Model
A fundamental concept related to hierarchy is modularity Cisco uses the Enterprise Composite Network Model (ECNM) to describe different modules of a typical enterprise network The ECNM comprises three major areas Each area is made up of modules Modules can be added if necessary Modules may have submodules Each area should be designed using a systematic, top-down approach, applying hierarchy and redundancy where appropriate Use ECNM to simplify the complexity of a large internetwork CSE-550-T062 Lecture Notes - 6

Enterprise Composite Network Model (1/3)
Enterprise campus: Includes modules required to build a robust campus network Contains all elements for independent operation within one campus location An enterprise can have more than one campus Enterprise edge: Aggregates the connectivity from various elements at the edge of an enterprise network Functional area filters traffic from the edge modules and routes it into the enterprise campus Contains all elements for efficient and secure communication between the enterprise campus and remote locations, business partners, mobile users, and the Internet CSE-550-T062 Lecture Notes - 6

Service provider edge: Modules within are not implemented by the enterprise Enable communication with other networks using WAN technologies and ISPs CSE-550-T062 Lecture Notes - 6

Campus/LAN Network Design Topology

Campus Network Design Topology - Introduction (1/2) -
Should meet a customer’s goals for availability and performance: Small bandwidth domains Small broadcast domains Redundancy Mirrored servers Multiple ways for a workstation to reach a router for off-net communications Should be designed using a hierarchical and modular approach To offer good performance, maintainability, and scalability CSE-550-T062 Lecture Notes - 6

Campus Network Design Topology - Introduction (2/2) -
Features a high performance, switched backbone, i.e., campus backbone: Connects buildings and different parts of the campus Switched LANs: Can provide dedicated bandwidth to specific users High-capacity, centralized server farm: Connects to the backbone and provides internal server resources to users, e.g., Must provide access to management devices that support monitoring, logging, security, etc. CSE-550-T062 Lecture Notes - 6

Campus Network Design Topology - Virtual LANs (1/3) -
VLAN: A logical grouping of nodes, consisting of clients and servers that reside in a common broadcast domain Nodes within one VLAN: Need not be physically connected to the same switch or even be in the same physical location Appear as though they are connected to one Layer 2 bridge or switch Primary purpose of Virtual LANs (VLANs) is to reduce broadcast and multicast traffic Allow a large, flat, switch-based network to be divided into separate broadcast domains CSE-550-T062 Lecture Notes - 6

VLANs allow for more flexibility in the positioning of end stations and servers: They can be placed physically anywhere in the building and still remain in the same logical LAN (i.e., VLAN) They can be placed physically in the same location but move to a new logical LAN Simplify moves, adds, and changes in a campus network CSE-550-T062 Lecture Notes - 6

Virtual LANs - VLAN Types -
There are three basic VLAN memberships for determining and controlling how a packet gets assigned: Port-based VLANs (Fastest) MAC-address-based VLANs Protocol-based VLANs CSE-550-T062 Lecture Notes - 6

VLAN Types - Port-Based VLANs (1/2) -
A VLAN is a collection of ports across one or more switches A device attached to one of these ports is a member of this VLAN Manually assign a switch port to a particular VLAN number Example: Assign switch port 8 to a VLAN called Finance Connect multiple VLAN switch ports to form a common VLAN Example: Switch port 1 can connect to marketing employees in HQ building, port 2 can connect to marketing employees in Sales building, etc. CSE-550-T062 Lecture Notes - 6

VLAN Types - Port-Based VLANs (2/2) -
Advantages Setup is quick and easy to understand Disadvantages Can not have a single port in more than one VLAN Manual tracking of all VLAN names, port numbers, and connected associated nodes Changing ports for a user requires reconfiguration of the VLAN setup CSE-550-T062 Lecture Notes - 6

VLAN Types - MAC-Based VLANs (1/2) -
VLAN membership is determined by the device MAC address Add individual MAC addresses manually to specific VLANs End station, no matter where it is on a network, will be a member of that VLAN CSE-550-T062 Lecture Notes - 6

VLAN Types - MAC-Based VLANs (2/2) -
Advantages No need to reconfigure with mobility If you move the PC / notebook (i.e., NIC, and MAC address)  Switch will retain original VLAN membership Disadvantages Every MAC address needs to be entered manually or added to a VLAN Performance degradation on ports with several MACs on different VLANs Many docking stations for notebooks have the NIC card installed in them instead of in the notebooks If NIC or PC is faulty and replaced, the switch VLAN configuration needs to be updated CSE-550-T062 Lecture Notes - 6

VLAN Types - Layer 3/Protocol-Based VLANs (1/2) -
A VLAN group is based on protocol type (e.g., IP) or on network address Must be running more than one protocol Set up a VLAN based on what specific protocol is in use CSE-550-T062 Lecture Notes - 6

VLAN Types - Layer 3/Protocol-Based VLANs (2/2) -
Advantages Often, particular applications use a specific protocol Allows you to create an application-specific VLAN A single port can participate in multiple VLANs Can segment by Network Operating System (NOS) server by choosing NetWare and NT as policies (most common use of this kind of VLAN) Disadvantages Must read layer-3 addresses in packets Analyzing the protocol type on every packet is very time-consuming (vs. MAC- and port-based VLAN switching) CSE-550-T062 Lecture Notes - 6

VLAN Types - Layer 3/IP Network Address VLANs (1/2) -
Similar to protocol-based method in that it uses Layer-3 info to determine VLAN membership Different IP nodes can be grouped together to form one VLAN Works very well with IP LANs, where each node can have a unique IP subnet address CSE-550-T062 Lecture Notes - 6

VLAN Types - Layer 3/IP Network Address VLANs (2/2) -
Advantages Works well if VLAN grouping matches the physical IP subnet structure Disadvantages Network address-based VLANs only work for IP-based nodes CSE-550-T062 Lecture Notes - 6

VLAN Types - IP Multicast Address-Based VLANs -
Use a proxy address for a larger group of IP addresses If a frame needs to go to the group of IP addresses, it is sent first to the proxy IP address and then forwarded to the entire group Membership in the group is voluntary Useful in networks where video or audio data is being broadcast and only a select few users are allowed or want to view or listen to the info Setup at Layer 3 or higher Temporary; nodes can leave the multicast domain at any time CSE-550-T062 Lecture Notes - 6

VLAN Types - Summary of VLAN Membership Options (1/2) -

VLAN Types - Summary of VLAN Membership Options (2/2) -

Virtual LANs - Broadcast Domains with VLANs and Routers (1/3) -
A VLAN is a broadcast domain created by one or more switches Both scenarios show how three separate broadcast domains are created using three separate switches Layer 3 routing allows the router to send packets to the different broadcast domains CSE-550-T062 Lecture Notes - 6

In this scenario, a VLAN is created using one router and one switch However, there are three separate broadcast domains The router routes traffic between the VLANs using Layer 3 routing The switch forwards frames to the router interfaces: If it is a broadcast frame If it is in route to one of the MAC addresses on the router CSE-550-T062 Lecture Notes - 6

Implementing VLANs on a switch causes the following to occur: The switch maintains a separate bridging table for each VLAN If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1 When the frame is received, the switch adds the source address to the bridging table if it is currently unknown The destination is checked so a forwarding decision can be made CSE-550-T062 Lecture Notes - 6

Virtual LANs - Disadvantages -
No association between the physical layout and the logical layout Extra traffic through the backbone if more than one switch cover a broadcast domain CSE-550-T062 Lecture Notes - 6

Virtual LANs - Distributed VLANs -
Router Subnet 2 VLAN Subnet 15 VLAN Subnet 230 VLAN Subnet 18 VLAN Subnet 135 VLAN Subnet 9 VLAN Traffic for 2, 15 & 230 Traffic for 9, 18 & 135 Key CSE-550-T062 Lecture Notes - 6

Virtual LANs - VLAN Tagging -
Inter Switch Link (ISL) (Cisco Proprietary) and 802.1Q are two types of encapsulation that are used to carry data from multiple VLANs over trunk links 802.1Q VLANs “tag” frames by adding four bytes of VLAN info where the Type or Length field was, and slides down the original bytes Preamble Start of frame delimiter Data, the payload CRC 7 bytes 1 byte 46 to 1500 bytes 4 bytes IFG 96b Destination address Source address Type or Length 6 bytes 2 bytes IEEE 802 Done in hardware Done in software VLAN Tag Done in switch CSE-550-T062 Lecture Notes - 6

Virtual LANs - VLAN Tag Format -
Two-byte Tag Protocol Identifier field (only used for Token Ring, FDDI - set to 0x8100 for Ethernet) Three-bit User Priority field (for 802.1p prioritization) One-bit Canonical Format Indicator (CFI - used for Token Ring encapsulation in Ethernet) Twelve-bit VLAN ID (4096 possible VLANs) CFI User Priority VLAN ID Tag Protocol Identifier 3 Bits 1 Bit 12 Bits Tag Control Info 2 Bytes CSE-550-T062 Lecture Notes - 6

Virtual LANs - VLAN Trunking -
VLAN tags can be used to allow multiple VLAN traffic across a common link (called VLAN trunking) S1 S2 Subnet 2 VLAN Subnet 15 VLAN Subnet 2 Traffic Subnet 15 Traffic Key CSE-550-T062 Lecture Notes - 6

Campus Network Design Topology - Wireless LANs -
Wireless LANs (WLANs) support user mobility Offers access in open areas on the campus Enables deployment of LANs where it is not cost-effective or practical to install cabling Designer needs to determine the converge area of each wireless cell (a single access point (AP)) and decide how many cells are needed APs should be positioned for maximum coverage Whenever possible, a WLAN should be a separate subnet to simplify addressing while roaming, and to improve management and security CSE-550-T062 Lecture Notes - 6

Campus Network Design Topology - Redundant LAN Segments (1/3) -
Design redundant links between LAN switches Topology of each module and sub-module is partially determined by the Spanning Tree Protocol (STP) Most LAN switches implement IEEE 802.1d spanning tree algorithm  Loops in network traffic are avoided Algorithm guarantees that only one path is active between two stations Good solution for redundancy, but not for load sharing Can combine IEEE 802.1d and VLANs in some switches to implement one spanning tree per VLAN Redundant links can offer load sharing and fault tolerance CSE-550-T062 Lecture Notes - 6

A is the root bridge for VLANs 2, 4, and 6 B can become root bridge if A fails B is the root bridge for VLANs 3, 5, and 7 A can become root bridge if B fails This design scale to very large campus networks Has been tested on a network with: 8000 users 80 access-layer switches 14 distribution-layer switches 4 core campus routers CSE-550-T062 Lecture Notes - 6

Campus Network Design Topology - Server Redundancy (1/2) -
Depends on the customer’s requirements Services include: file, web, DHCP (Dynamic Host Configuration Protocol), name, database, etc. Use redundant servers when needed Example: DHCP The servers should hold redundant (mirrored) copies of the DHCP database DHCP servers can be placed at either the: Access layer - for large networks Avoids excessive traffic between access and distribution layers Each DHCP server serves a smaller % of users Distribution layer - for small networks CSE-550-T062 Lecture Notes - 6

Campus Network Design Topology - Server Redundancy (2/2) -

Campus Network Design Topology - Workstation-to-Router Redundancy -
Routers may implement HSRP (Hot Standby Router Protocol): Cisco proprietary Provides automatic router backup when configured on Cisco routers Allows one router to automatically assume the function of a second router if the second router fails Provides a way for an IP workstation to keep communicating on an internetwork even it its default router becomes unavailable Useful when users on one subnet require continuous access to resources in a network VRRP (Virtual Router Redundancy Protocol) is an industry standard that provides very similar features and functions as the HSRP CSE-550-T062 Lecture Notes - 6

Workstation-to-Router Redundancy - HSRP (1/3) -
HSRP works by creating a phantom router with its own IP and MAC addresses CSE-550-T062 Lecture Notes - 6

Each workstation uses the phantom as its default router When a workstation broadcasts an ARP frame to find its default router, the active HSRP router responds with the phantom’s MAC address If the active HSRP router goes offline, a standby router takes over as active router CSE-550-T062 Lecture Notes - 6

HSRP routers on a LAN communicate to designate an active and standby router Uses a priority scheme to determine which HSRP-configured router is to be the default active router Exchange of multicast messages advertise priority among HSRP-configured routers When the active router fails to send a hello message within configurable period of time, the standby router with the highest priority becomes the active router CSE-550-T062 Lecture Notes - 6

Workstation-to-Router Redundancy - MHSRP (1/2) -
Multigroup HSRP (MHSRP) Extension of HSRP that allows a single router interface to belong to more than one Hot Standby group CSE-550-T062 Lecture Notes - 6

Workstation-to-Router Redundancy - MHSRP (2/2) -
Load Sharing Half of workstations on a LAN are configured for router A, and other half are configured for router B CSE-550-T062 Lecture Notes - 6

Campus Network Design Topology - Backbone Design -
There are two types of backbone design: Distributed backbones Collapsed backbones CSE-550-T062 Lecture Notes - 6

Backbone Design - Distributed Backbones in Buildings (1/3) -
Each floor’s router is directly connected to a centralized backbone The backbone is typically and FDDI ring This provides maximum fault tolerance Generally, do not contain a single point of failure Requires extra input and output ports for each component Advantage: Faults quickly corrected by isolation process Disadvantage: High cost (also because of fiber) CSE-550-T062 Lecture Notes - 6

Drawbacks: Multiple IP network numbers Difficult to add, move, or change users (not flexible) More expensive Migration to switching not easy Less-flexible approach to wiring a building CSE-550-T062 Lecture Notes - 6

Backbone Design - Distributed Backbones on the Campus -
More resource-efficient solution than in a building Example: high cost might be acceptable here Drawback: Lack of flexibility in connecting to other buildings on the campus (because of routers) Switching allows for more flexibility (but not easily deployed on campus) Logical groups are defined within each building CSE-550-T062 Lecture Notes - 6

Backbone Design - Collapsed Backbones in Buildings (1/4) -
Has a single concentration point connecting all floors All floor-to-floor connectivity passes through the backbone component Single point of failure (Router) Solution: Router with HSRP More flexible and cost-effective approach to wiring a building Although more cabling is required to support this topology CSE-550-T062 Lecture Notes - 6

Problem isolation is simple, while finding problem’s root cause is difficult Because any troubleshooting changes can potentially impact other segments attached to the same device Changes can be easily made Moving users is easier, because all of them are directly attached to the central concentration point Can be extended to accommodate VLANs CSE-550-T062 Lecture Notes - 6

VLANs in a building More flexibility in positioning of end stations and servers CSE-550-T062 Lecture Notes - 6

Backbone Design - Collapsed Backbones on the Campus -
VLANs across a campus One switch acts as the backbone for the entire campus Assign stations to VLANs such that only 20% of their traffic is destined to other VLANs CSE-550-T062 Lecture Notes - 6

Enterprise/WAN Network Design Topology

Enterprise Edge Network Topology - Introduction -
Enterprise edge network design topology should meet a customer’s goals for availability and performance: Redundant LAN and WAN segments in the intranet Multiple paths to extranets and the Internet Extranet: an internal internetwork that is accessible by outside parties, e.g., suppliers, resellers, etc. CSE-550-T062 Lecture Notes - 6

Enterprise Edge Network Topology - Redundant WAN Segments -
Usually uses a hierarchical partial-mesh topology Circuit diversity: physical circuit routing of backup WAN links and primary WAN links should be different than each other Different carriers sometimes use the same facilities Backup path is susceptible to same failure Backup should be really a backup CSE-550-T062 Lecture Notes - 6

Enterprise Edge Network Topology - Multihoming the Internet Connection (1/2) -
Multihoming the Internet connection: provides an enterprise network more than one entry into the Internet (i.e., redundancy and fault tolerance) Definition: Multihoming - provides more than one connection for a system to access and offer network services Example: A server is multihomed if it has more than one network-layer address Options for multihoming the Internet connection (i.e., the enterprise network is multihomed to the Internet) CSE-550-T062 Lecture Notes - 6

Enterprise Edge Network Topology - Multihoming the Internet Connection (2/2) -

Enterprise Edge Network Topology - Virtual Private Networks (VPNs) (1/2) -
An enterprise network design alternative A public network, such as the Internet, is used as a backbone for the enterprise network Link remote offices together Can connect business suppliers and distributors through a third-party proprietary network No permanent link is required Inexpensive compared to private leased lines CSE-550-T062 Lecture Notes - 6

Enterprise Edge Network Topology - Virtual Private Networks (VPNs) (2/2) -
Control of network infrastructure is not in your hand! Provide a secure connection among sites on the organization’s internetwork Private data is encrypted for routing through the public network Can use Dial-on-demand routing (DDR) CSE-550-T062 Lecture Notes - 6

Enterprise Edge Network Topology - Remote-Access VPN for a Retail Company -

Enterprise Edge Network Topology - WAN Topologies -
Full-Mesh Star or Hub-and-Spoke Partial-Mesh CSE-550-T062 Lecture Notes - 6

Enterprise Edge Network Topology - Three-layer Design Model (WAN version) -

Secure Network Design Topologies

Secure Network Design Topologies - Three Main Areas (1/2) -
Policy and Standardization: Allow network users freedom to use network services securely Access management (different levels for different ranks) Remote access management Data encryption and authentication Firewalls Physical security CSE-550-T062 Lecture Notes - 6

Secure Network Design Topologies - Three Main Areas (2/2) -
Implementation: Firewalls are commonly used Not everyone needs to know what level of security is implemented! Audit and Review: Review and audit of network security is critical Should be aware of latest news on hacker activity and threats to your network systems Stay current on new technologies as well as latest software patches, security holes, and enhancements CSE-550-T062 Lecture Notes - 6

Secure Network Design Topologies - Physical Security & Firewalls -
Planning for physical security Protection from unauthorized access, theft, vandalism, and natural disasters (e.g., floods, fires, storms, and earthquakes) Not an aspect of logical network design, but it has an impact on it Meeting security goals with firewall topologies Definition: (National Computer Security Association (NCSA)) Firewall – a system or combination of systems that enforces a boundary between two or more networks CSE-550-T062 Lecture Notes - 6

Secure Network Design Topologies - Firewall Topologies (1/3) -
A firewall can be either: a router with access control lists (ACLs), or a dedicated hardware box (e.g., PIX), or a software running on a PC or UNIX system A firewall should be placed in the network so that all traffic from outside the protected network must pass through the firewall A firewall is especially important at the boundary between the enterprise network and the Internet A basic firewall topology is simply a router with: a WAN connection to the Internet, and a LAN connection to the enterprise network, and a software that has security feature CSE-550-T062 Lecture Notes - 6

Secure Network Design Topologies - Firewall Topologies (2/3) -
A router can also use Network Address Translation (NAT) to hide internal addresses from Internet hackers Larger companies use a dedicated firewall in addition to a router (with security features) between the Internet and the enterprise network A firewall topology can include a public LAN that hosts Web, FTP, DNS, and SMTP servers (for customers who need to publish public data) This public LAN is referred to as: demilitarized or free-trade zone (DMZ) CSE-550-T062 Lecture Notes - 6

Secure Network Design Topologies - Firewall (DMZ) Topologies (3/3) -

References P. Oppenheimer, “Top-Down Network Design,” Cisco Press, 2nd edition, 2004 Dr. Marwan Abu-Amara (COE, KFUPM), CSE 550 Lecture Slides, Term 052 “Cisco Internetwork Design” edited by Matthew H. Birkner. Cisco Systems, 2000 CSE-550-T062 Lecture Notes - 6

CSE 550 Computer Network Design

Similar presentations

Presentation on theme: "CSE 550 Computer Network Design"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

CSE 550 Computer Network Design

Similar presentations

Presentation on theme: "CSE 550 Computer Network Design"— Presentation transcript:

Similar presentations

About project

Feedback