CIS460 – NETWORK ANALYSIS AND DESIGN CHAPTER 5 – Designing a Network Topology
Topology • a map of an internetwork that indicates segments, interconnection points and user communities • First step in logical design • Hierarchical network design • Scalable campus and enterprise networks • Layered, modular model
Hierarchical Network Design • Develop in discrete layers • Each has a specific functions • Typical hierarchical topology is: • core layer of high-end routers and switches that are optimized for availability and performance • Distribution layer of routers and switches that implement policy • Access layer that connects users via hubs, switches, and other devices
Why Use A Hierarchical Network Design • CPU adjacencies and increased workload with broadcast packets • Modular topology that limits the number of communicating routers • Minimize costs by buying appropriate internetworking devices for each layer • Keep design element simple and easy to understand • Facilitates design changes • Enables creating design elements that can be replicated • Today’s routing protocols were designed for hierarchical topologies
Flat Versus Hierarchical Topologies • Flat is adequate for very small networks • Flat is easy to design and implement and maintain
Flat WAN Topologies • A WAN for a small company can consist of a few sites connected in a loop. Each site has a WAN router that connects to two other adjacent sites via point-to-point links • Not recommended for networks with many sites. • Loop topology can mean many hops between routers • If routers on opposite sides of a loop exchange a lot of traffic use a hierarchical topology • Redundant routers or switches required for high availability
Mesh Versus Hierarchical-Mesh Topologies • Mesh topology helps meet availability requirements • Full-mesh topology every router or switch is connected to every other router or switch. • Provides complete redundancy and offers good performance because there is just a single-link delay between any two sites • Partial-mesh network has fewer connections. Reach another router or switch might require traversing intermediate links
Mesh Topology (Cont’d) • Disadvantages: • Expensive to deploy and maintain • Hard to optimize, troubleshoot, and upgrade • Lack of modularity • Difficult to upgrade just one part of the network • Scalability limits for groups of routers that broadcast routing updates or service advertisements • Limit adjacent routers that exchange routing tables and service advertisements • For small and medium-sized companies the hierarchical model is often implemented as a hub-and-spoke topology with little or no meshing
The Classic Three-Layer Hierarchical Model • Permits traffic aggregation and filtering at three successive routing or switching levels • Scalable to large international internetworks • Each layer has a specific role • Core layer provides optimal transport between sites • Distribution layer connects network services to the access layer and implements policies regarding security, traffic loading and routing • Access layer consists of routers at the edge of the campus networks. Provides switches or hubs for end-user access.
The Core Layer • High-speed backbone of the internetwork • Should design with redundant components because it is critical for interconnectivity • Highly reliable and adaptable to changes • Use routing features that optimize packet throughput • Have a limited and consistent diameter to provide predictable performance and ease of troubleshooting • For connection to other enterprises via an extranet/internet should include one or more links to external networks.
The Distribution Layer • The demarcation point between the access and core layers of the network • Roles include controlling access to resources for security reasons and controlling network traffic that traverses the core for performance reasons • Often the layer that delineates broadcast domains • Allow core layer to connect diverse sites while maintaining high performance • Can redistribute between bandwidth-intensive access-layer routing protocols and optimized core routing protocols. • Can summarize routes from the access layer • Can provide address translation.
The Access Layer • Provides users on local segments access to the internetwork • Can include routers, switches, bridges and shared-media hubs • Switches are used to divide up bandwidth domains to meet the demands of applications that require a lot of bandwidth. • For small networks can provide access into the corporate internetwork using wide-area technologies such as ISDN, Frame relay, leased digital lines and analog model lines.
Guidelines for Hierarchical Network Design • Control diameter of hierarchical enterprise network topology • Most cases the three major layers are sufficient • Provides low and predictable latency • Should make troubleshooting and network documentation easier • Strict control at the access layer should be maintained
Guidelines for Hierarchical Network Design (Cont’d) • Avoid the design mistake of adding a chain (don’t add networks inappropriately) • Avail backdoors – a connection between devices in the same layer. It can be an extra router, bridge, or switch added to connect two networks • Design access layer first, then the distribution layer and finally the core layer. • More accurately plan capacity requirements for the distribution and core layers • Also recognize optimization techniques needed
Guidelines for Hierarchical Network Design (Cont’d) • Design using modular and hierarchical techniques and then plan the interconnection between layers based on analysis of traffic load, flow, and behavior
Redundant Network Design Topologies • Lets you meet network availability by duplicating network links and interconnectivity devices. • Eliminates the possibility of having a single point of failure • Cab be implemented in both campus and enterprise • Campus goals for users accessing local services • Enterprise goals for overall availability and performance • Analyze business and technical goals of customer
Backup Paths • Consists of routers and switches and individual backup links between routers and switches that duplicate devices and links on the primary path • Consider 2 aspects of backup path • How much capacity does it support • How quickly will the network begin using it • Common to have less capacity than a primary path • Different technologies • Expensive
Backup Paths (Cont’d) • Manual versus automatic • Manual reconfigure users will notice disruption and for mission critical systems not acceptable • Use redundant, partial-mesh network designs to speed automatic recovery time • They must be tested • Sometimes used for load balancing as well as backup
Load Balancing • Primary goal of redundancy is to meet availability • Secondary goal is to improve performance by load balancing across parallel links • Must be planned and in some cases configured • In ISDN environments can facilitate by configuring channel aggregation • Channel aggregation means that a router can automatically bring up multiple ISDN B channel as bandwidth requirements increase
Load Balancing (Cont’d) • Most vendor implementations of IP routing protocols support load balancing across parallel links that have equal cost • Some base cost on the number of hops to a particular destination • Load balance over unequal bandwidth paths • Can be effected by advanced switching (forwarding) mechanisms implemented in routers • Often caches the path to remote destinations to allow faster forwarding of packets
Designing a Campus Network Design Topology • Should meet a customer’s goals for availability and performance by featuring small broadcast domains, redundant distribution-layer segments, mirrored servers, and multiple ways for a workstation to reach a router for off-net communications • Designed using a hierarchical model for good performance, maintainability and scalability.
Virtual LANs • Is an emulation of a standard LAN that allows data transfer to take place without the traditional physical restraints placed on a network. • Based on logical rather than physical connections and are very flexible • Communicate as if they were on the same network • Allows a large flat network to be divided into subnets to divide up broadcast domains • In the future fewer companies will implement large flat LANs and the need for VLANs will be less • Hard to manage and optimize. When dispersed across many physical networks traffic must flow to each of those networks
Redundant LAN Segments • In Campus LANs it is common to design redundant links between LAN switches • The spanning-tree algorithm is used to avoid packet loops. • Spanning-tree algorithm is good for loops but not necessarily for load balancing • When multiple bridges or switches exist in a spanning tree, one bridge becomes the root bridge. Traffic always travels toward the root bridge. Only one path to the root bridge is active, other paths are disabled.
Server Redundancy • File, Web, Dynamic Host Configuration Protocol (DHCP), name, database, configuration, and broadcast servers are all candidates for redundancy in campus design • When a LAN is migrated to DHCP servers the DHCP servers become critical. Use redundant DHCP servers. • DHCP servers can be at the access or distribution layer. In small networks often in the distribution layer. In larger in the access layer. • In large campus networks the DHCP server is often placed on a different network segments than the end systems that use it.
Server Redundancy (Cont’d) • Name servers are less critical than DHCP servers because users can reach services by address instead of name if the name server fails • If ATM is used it is a good idea to duplicate the ATM services used by clients running ATM LAN emulation (LANE) software • LAN Emulation Configuration Server (LECS) • LAN Emulation Server (LES) • Broadcast and Unknown Server (BUS)
Server Redundancy (Cont’d) • Where cost of downtime for file servers is a major concern mirrored file servers should be recommended • If complete redundancy is not feasible then duplexing of the file server hard drives is a good ideas • mirrored file servers allow the sharing of workload between servers
Workstation-to-Router Redundancy • Workstation-to-router communication is critical in most designs to reach remote services • Many ways to discover a router on the network depending on the protocol running and its implementation
AppleTalk Workstation-to-Router Communication • AppleTalk workstations remember the address of the router that sent the most recent RTMP packet • To minimize memory and processing requirements remembers the address of only one router
Novell NetWare Workstation--to-Router Communication • Broadcasts a find-network-number request to find a route to the destination • Routers on the workstation’s network respond • The workstation uses the first router that responds
IP Workstation-to-Router Communication • Implementations vary in how they implement workstation-to-router communication. • Some send an address resolution protocol (ARP) to find remote station • A router running proxy ARP responds to the ARP request with the router’s data-link-layer address • Advantage of proxy ARP is that a workstation does not have to be manually configured with the address of a router
IP Workstation-to-Router Communication (Cont’d) • Sometimes network administrators manually configure an IP workstation with a default router • A default router is the address of a router on the local segment that a workstation uses to reach remote services • A number of protocols are used to identify routers such as • Router Discovery Protocol (RDP) which uses • Internet control Message Protocol (ICMP) • ICMP router advertisement packet • ICMP router solicitation packet
Designing an Enterprise Network Design Topology • Should meet a customer’s goals for availability and performance by featuring redundant LAN and WAN segments in the intranet, and multiple paths to extranets and the Internet • Virtual Private Networking (VPN) can be used
Redundant WAN Segments • Because Wan links can be critical redundant (backup) WAN links are often included in the enterprise topology • Full-mesh topology provides complete redundancy • Full mesh is costly to implement, maintain, upgrade and troubleshoot
Circuit Diversity • Learn as much as possible about the actual physical circuit routing • Some carriers use the same facilities which means the backup path is susceptible to the same failure as the primary path • Circuit diversity refers to the optimum situation of circuits using different paths • It is becoming increasingly harder to guarantee circuit diversity because of mergers of carriers • Analyze your local cabling in addition to the carrier’s services
Multihoming the Internet Connection • Means to provide more than one connection for a systems to access and offer network services • Server is multihomed is it has more than one network layer address • Increasing used to refer to the practice of providing an enterprise network more than one entry into the Internet • Has the potential to become a transit network that provides interconnections for other networks • Means routers on the Internet learn they can reach other routers through the enterprise network
Virtual Private Networking • Enable a customer to use a public network to provide a secure connection among sites on the organization’s internetwork • Can also be used to connect an enterprise intranet to an extranet to reach outside parties • Gives the ability to connect geographically-dispersed offices via a service provider vice a private network • Company data can be encrypted for routing • Firewalls and TCP?/IP tunneling allow a customer to use a public network as a backbone for the enterprise network
Secure Network Design Topologies • Planning for Physical Security • Meeting Security Goals with Firewall Topologies
Planning for Physical Security • Install critical equipment in computer rooms that have protection • Logical design might have an impact on physical security • Planning should start to allow lead times to build or install security mechanisms
Meeting Security Goals with Firewall Topologies • A firewall is a system or combination of systems that enforces a boundary between two or more networks • Can be a router with access control lists (ACL) • Dedicated hardware box • Software running on a PC or UNIX system • Should be placed in the network topology so that all traffic from outside the protected network must pass through the firewall • Security policy specifies which traffic is authorized to pass through the firewall
Meeting Security Goals with Firewall Topologies (Cont’d) • Especially important at the boundary between the enterprise network and the Internet • Customers with the need to publish public data and protect private data the firewall topology can include a public LAN that hosts Web, FTP, DNS and SMTP servers • Larger customers should use a firewall in addition to a router between the Internet and the enterprise network
Meeting Security Goals with Firewall Topologies (Cont’d) • An alternative is to use two routers as the firewall and place the free-trade zone between them. This is the three-part firewall topology • The configuration on the routers might be complex, consisting of many access control list to control traffic in and out of the private network and the free trade zone. • Dedicated firewalls usually have a GUI that lets you specify a security policy an an intuitive fashion
Summary • Designing a network topology is the first step in the logical design • Three models for network topologies: hierarchical, redundant, and secure • Hierarchical lets you develop a network consisting of many interrelated components in a layered, modular fashion • Redundant lets you meet requirements for network availability by duplicating network components • Secure protects core routers, demarcation points, cabling, modems and other equipment. Adding firewalls protects against hackers.