Presentation is loading. Please wait.

Presentation is loading. Please wait.

Campus Network Design.

Published byJerome Phillips Modified over 7 years ago

Similar presentations

Presentation on theme: "Campus Network Design."— Presentation transcript:

1 Campus Network Design

2 Design Principles

3 Design Principles Plan phase The detailed network requirements are identified, and the existing network is reviewed. Design phase The network is designed according to the initial requirements and additional data gathered during analysis of the existing network. The design is refined with the client. Implement phase The network is built according to the approved design. Operate phase The network is operational and is being monitored. This phase is the ultimate test of the design. Optimize phase During this phase, issues are detected and corrected, either before problems arise or, if no problems are found, after a failure has occurred. Redesign might be required if too many problems exist. Retirement phase Although not part of the PDIOO acronym, this phase is necessary when part of the network is outdated or is no longer required.

4 Task in Network Design

5 Determine Requirement
Applications that are to run on the network Internet connections required Addressing restrictions, for example, the use of private Internet Protocol (IP) version 4 (IPv4) addresses Support for IP version 6 (IPv6) addresses Other protocols that are to run on the network (for example, routing protocols) Cabling requirements Redundancy requirements Use of proprietary equipment and protocols Existing equipment that must be supported Network services required, including quality of service (QoS) and wireless How security is to be integrated into the network Network solutions required (for example, voice traffic, content networking, and storage networking) Support for existing applications while new ones are being phased in · Bandwidth availability

6 Determine Requirement
Budget Capital (for new equipment) and operating (for ongoing expenses). Schedule This could include the phasing out of older applications, hiring of new personnel, and so forth. People Considerations include who will install and operate the network, what skills they have, whether they require training, whether any of these tasks will be outsourced, and so forth. Legal Issues include any restrictions on the use and storage of data collected, whether the organization has contractual obligations or opportunities related to the network (for example, long-term maintenance or lease contracts), and so forth. History Factors include examining the existing network's structure and determining whether any person or group will block changes or additions. Policies Consider whether current organizational policies might restrict the network design.

7 Analyzing the Existing Network
If this is a redesign of an existing network, the current network must be analyzed and understood. An existing network is likely to restrict the network design Should analyze the network to determine both what is good and what should be changed. Examining documentation about the existing network and discussing it with users, administration staff, and other stakeholders is important Do an audit of the network. The audit can identify items such as the protocols that are running

8 Preparing the Preliminary Design
Preliminary design involves considering all the network requirements and constraints (including the budget), and determining viable alternative solutions. The network owner is then consulted, and together an optimal solution is chosen; this solution is later developed into the final design. Two models that can be used for network design are examined A top-down approach to network design means that requirements are considered first, with the applications and network solutions that will run on the network driving the design. A bottom-up approach would first select devices, features, cabling, and so on, and then try to fit the applications onto this network. A bottom-up approach can lead to redesign if the applications are not accommodated properly. This approach can also result in increased costs by including features or devices that are not required and would have been excluded had the network requirements analysis been completed.

9 Completing the Final Design Development
producing detailed drawings, configuration specifications, costing, addressing plans, and any other information required for implementation. Physical Network diagram Network redundancy Physical connectivity to existing network Post-design hardware inventory documenting device location, type, number of ports and type of ports Logical Addressing scheme(s) Supported Protocol(s) Routing protocol(s) Bridging group(s) Virtual Local Area Network (VLAN) architecture

10 Completing the Final Design Development
Design Guide Security requirements Redundancy requirements and design Logical connectivity within the Local Area Network (LAN) environment Implementation of any required equipment software advanced features Connectivity to the gateway Configuration of each device

11 Deploying the Network The deployment plan must include details of what is to be done and how it is to be done. For example, if new cabling is required, the procedure to run the cable and the location where it is needed must be fully documented. Scheduling is important, not only to identify when things will be done but also to determine who will do them, and what impact the deployment will have on the existing network.

12 Monitoring and Redesigning
After the network is operating, baseline operational statistics should be gathered The network should then be monitored for anomalies and problems. If problems that require redesign occur, or if requirements change or are added, the appropriate design changes must be made and the entire design process should be repeated for that portion of the network.

13 Maintaining Design Documentation
The design should be documented throughout the process. Documentation should include the following items: All the agreed-to requirements and constraints The state of the existing network, if any Preliminary design options and a brief review of why the final design was chosen Final design details Results of any pilot or prototype testing Deployment plans, schedules, and other implementation details Monitoring requirements Any other pertinent information

14 Modular Network Design
Modules are analogous to building blocks of different shapes and sizes; when creating a building, each block has different functions Designing one of these blocks is a much easier task than designing the entire building Each block might be used in multiple places, saving time and effort in the overall design and building process The blocks have standard interfaces to each other so that they fit together easily If the requirements for a block change, only that block needs to change other blocks are not affected. Similarly, a specific block can be removed or added without affecting other blocks.

15 Modular Network Design
Access layer Provides user and workgroup access to the resources of the network · Distribution layer Implements the organization's policies, and provides connections between workgroups and between the workgroups and the core · Core layer Provides high-speed transport between distribution-layer devices and to core resources

16 Access Layer Entry point to the network Shared bandwidth
Layer 2 services Filtering VLAN membership Access Layer Purpose: Define the characteristics of the access layer. Emphasize: The access layer of the network is the point at which end users are allowed into the network. In the campus environment, some of the functions represented by this layer are as follows: Shared bandwidth can increase the aggregate LAN bandwidth dramatically in multiple-station segments because switches can effect simultaneous switching of packets between ports. Switched bandwidth dedicates the full bandwidth of the adapter and LAN to powerful workstations utilizing high-bandwidth networked applications such graphics, imaging, and multimedia. Layer 2 services such as filtering enables you to restrict specified nodes from communicating with other nodes. VLAN membership is also a method of facilitating or restricting device-to-device communication. The main criterion for access devices is to provide the above functionality with low-cost, high-port density devices. Transition: The following introduces the distribution layer of the hierarchical model.

17 Distribution Layer Access aggregation point Workgroup services access
Broadcast domains definition InterVLAN routing Media translation Security Purpose: Discuss the characteristics of the distribution layer. Emphasize: The distribution layer of the network marks the point between the access and core layers of the network. The distribution or policy layer performs the policy-based operations. Thus it performs the complex, CPU-intensive calculations such as filtering, access lists, interVLAN routing, Cisco Group Management Protocol (CGMP), broadcast or multicast domain definition, and address or area aggregation. This layer may also contain the local servers. Routers reside in the distribution layer, and LAN switches may reside here as well. Transition: The following introduces the core layer of the hierarchical model. Distribution Layer

18 The Core Layer Fast transport No Layer 3 processing Core Layer
Purpose: Discuss the characteristics of the core layer. Emphasize: The sole purpose of the core layer of the network is to switch packets as fast as possible. Routing, access lists, and packet filtering should not take place in the core as these functions will slow the data packet transfer rate. Transition: The following discusses how Cisco products fit in the multilayer design.

19 Enterprise Campus Infrastructure

20 Role of Switches in the Server Farm Module

21 Server Farm Infrastructure Architecture

22 Server Farm Distribution Layer
Deploy high to mid-range switches. Make switching and links entirely redundant.

23 Server Farm Access Layer
Deploy midrange switches. Dual home all servers.

24 Role of Switches in the Enterprise Edge Module

25 A Collapsed Core Switch Block 1 Switch Block 2 Access Layer
Purpose: Describ the concept of a collapsed core. Emphasize: A collapsed core exists when the both the distribution and the core layer functions are performed in the same device. A collapsed core design is prevalent in a small campus network that consists of one or more switch block. Although the functions of each layer are contained in the same device, the functionality remains distinctly separate. All of the access links connect to a central device, which may be within a router or a switch. Each device switch may support more than one device subnets; however, all subnets terminate on Layer 3 ports on the distribution switch. A collapsed core provides a single point of service, which allows for easy maintenance, diagnosis, and upgrades. Transition: The following continues the discussion of the collapsed core. Core Connectivity Distribution/Core Layer Distribution/Core Layer Core Connectivity

26 A Collapsed Core (Cont.)
Switch Block 1 Switch Block 2 Access Layer Access Layer Purpose: continues the discussion of a collapsed core. Emphasize: A collapsed core can be a single point of failure: If the central device fails, all internet traffic fails. However, in this design, each device switch has a redundant link to the distribution-layer switch. Spanning tree blocks the redundant links to prevent loops. Transition: The following introduces the dual core. Core Connectivity Distribution/Core Layer Distribution/Core Layer Core Connectivity

27 The Dual Core Switch Block 1 Switch Block 2 Core Block Subnet A
Purpose: Discuss the characteristics of the dual core. Emphasize: A core configuration is required when there are two or more switch blocks. This example shows a dual-core configuration where the core contains only Layer 2 switches for the backbone. The core devices are not linked to avoid any bridging loops. Being composed of Layer 2 devices, this core configuration does not route any data packets. The core only carries unicast and routed multicast. Transition: The following continues the discussion of the dual-core configuration. Core Block Subnet A Subnet B

28 The Dual Core (cont.) Switch Block 1 Switch Block 2 Core Block
Purpose: Describe the characteristics of the extended collapsed core. Emphasize Each core switch carries a symmetrical number of subnets to the Layer 3 function of the distribution device. Each switch block is redundantly linked to both core switches, allowing for two distinct equal-path links. If one core device fails, convergence is a nonissue as the routing tables in the distribution devices already have an established route to the remaining core device. The Layer 3 routing protocol provides the link determination across the core, while HSRP provides quick failover determination. Transition: The following introduces the extended collapsed core. Core Block Subnet A Subnet B

29 Campus Network Example
Purpose: Begin a series of graphics that traces data paths in a variety of failure scenarios. Emphasize: Access device M has a primary link (M1) through distribution device B. Point out that the lower five access devices in both switch blocks have primary links to another distribution device in the switch block. This configuration provides load balancing of the traffic for the access devices, and ensures that both devices are being used. If all primary links funneled into a single distribution device, the other device would be underutilized. Customers like to use the equipment for which they have paid. Distribution device B has a subnet link to core switch Y. Access device P has a primary link (P1) through distribution device D. Distribution device D has a subnet link to core switch Y. Information travelling from an end user on access device M to an end user on access device P would follow the data path M1BYDP1. Transition: The following begins the first of a series of failure scenarios. A B C D North Building South Building X Y

30 Campus Network Example (cont.)
Purpose: Discuss the failure of primary path M1. Emphasize: What happens if the primary path M1 fails? Access device M detects the failed link and enables secondary path M2 as the primary path. Link M2 connects to distribution device A. Information travelling from an end user on access device M to an end user on access device P would now follow the data path M2ABYDP. Why doesn’t the data path travel through RSM/Router A? Only the link has failed, not the router. If RSM/Router B is the default router for the user device, packet would be addressed to RSM/Router A. Even if HSRP were implemented, because the RSM/router did not fail, it would still assume the active router role. Transition: The following continues the series of failure scenarios. A B C D North Building South Building X Y

31 Campus Network Example (cont.)
Purpose: Explore the consequences arising from the failure of distribution device B. Emphasize: If distribution device B fails, all access devices in the switch block detect the failure and switch over to their redundant link on distribution device A. If HSRP were implemented, the RSM/Router A would assume the active router role. Information travelling from an end user on access device M to an end user on access device P would now follow the data path M2AYDP1. Transition: The following continues the series of failure scenarios. A B C D North Building South Building X Y

32 Campus Network Example (cont.)
Purpose: Explore the consequences arising from the failure of core device Y. Emphasize: If core device Y fails, both distribution device A and B would use their subnets connected to core device X. In this graphic, information travelling from an end user on access device M to an end user on access device P would now follow the data path M2AXCP1. Transition: Following is break for the students to complete the laboratory exercises. Once the students have completed the exercises, summarize the chapter. A B C D North Building South Building X Y

33 Small Campus Network Collapse the Campus Backbone and Building Distribution submodules in the Campus Backbone submodule. Scale up to several Building Access switches.

34 Example Small Enterprise

35 Medium Campus Backbone

36 Example Medium Enterprise

37 Large Campus Design

38 Large-Scale Layer 3 Switched Campus Backbone

39 Example Large Enterprise

40 Network Security Design
Reconnaissance Attacks consist of intelligence gathering, often using tools like network scanners or packet analyzers. The information collected can then be used to compromise networks. Ping sweeping To discover network addresses of live hosts Network and port scanning To discover active ports on target hosts Stack fingerprinting To determine the target operating system (OS) and the applications running on targeted hosts Enumeration To infer network topology Access Attacks : the hacker exploits the vulnerabilities he has discovered during the reconnaissance attack. Entry Unlawful entry to an account or database. Collect The hacker gathers information or passwords. Plant The hacker might create a back door so that he can return at a later time. Occupy The hacker might elect to control as many hosts as he wants. Cover The hacker might cover his tracks by attempting to change the system logs.

41 Network Security Design
Information Disclosure Attacks are different from an access attack in the sense that the information is provided voluntarily through a sophisticated subterfuge. Social engineering Phishing

42 Network Security Design
Denial of Service Attacks a hacker attempts to render a network or an Internet resource, such as a web server, worthless to users.

43 Network Security Design
Mitigating Technologies Threat defense Virus protection Traffic filtering Intrusion detection and prevention Content filtering Secure communication Encrypted Virtual Private Network (VPN) Secure Socket Layer (SSL) File encryption Trust and identity Authentication, authorization, and accounting (AAA) Network Admission Control (NAC) Public key infrastructure (PKI) Network security best practices Network management Assessment and audits Policies

44 Network Security Design
Virus protection Hosts Workstations and servers. servers Incoming messages are scanned prior to being passed to the recipient. Network An intrusion detection system (IDS) or intrusion prevention system (IPS) Traffic Filtering (Firewall) Intrusion Detection and Prevention Intrusion Detection Systems Network-based IDS (NIDS) A dedicated appliance installed on the network Host-based IDS (HIDS) Integrated software on a mission-critical system, such as a web server

45 Network Security Design

46 Network Security Design

47 Content Networking Design
WCCP = Web Cache Communication Protocol

48 Content Networking Design
Nontransparent Caching

49 Content Networking Design

50

Download ppt "Campus Network Design."

Similar presentations

Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Antonio González Torres

Antonio González Torres
Chapter 7: Intranet LAN Design

Chapter 7: Intranet LAN Design
Introducing Campus Networks

Introducing Campus Networks
UTC-N Overview of Campus Networks Design.

UTC-N Overview of Campus Networks Design.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.

Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
1 13-Jun-15 S Ward Abingdon and Witney College LAN design CCNA Exploration Semester 3 Chapter 1.

1 13-Jun-15 S Ward Abingdon and Witney College LAN design CCNA Exploration Semester 3 Chapter 1.
Ch.6 - Switches CCNA 3 version 3.0.

Ch.6 - Switches CCNA 3 version 3.0.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 CCNA 3 v3.1 Module 5. 2 CCNA 3 Module 5 Switches/LAN Design.

1 CCNA 3 v3.1 Module 5. 2 CCNA 3 Module 5 Switches/LAN Design.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
A Guide to major network components

A Guide to major network components
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Network Topologies.

Network Topologies.
Chapter 1: Hierarchical Network Design

Chapter 1: Hierarchical Network Design

Similar presentations

Ads by Google