CIS460 – NETWORK ANALYSIS AND DESIGN - PowerPoint PPT Presentation

cis460 network analysis and design n.
Skip this Video
Loading SlideShow in 5 Seconds..
CIS460 – NETWORK ANALYSIS AND DESIGN PowerPoint Presentation
Download Presentation

play fullscreen
1 / 42
Download Presentation
Download Presentation


- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CIS460 – NETWORK ANALYSIS AND DESIGN CHAPTER 5 – Designing a Network Topology

  2. Topology • a map of an internetwork that indicates segments, interconnection points and user communities • First step in logical design • Hierarchical network design • Scalable campus and enterprise networks • Layered, modular model

  3. Hierarchical Network Design • Develop in discrete layers • Each has a specific functions • Typical hierarchical topology is: • core layer of high-end routers and switches that are optimized for availability and performance • Distribution layer of routers and switches that implement policy • Access layer that connects users via hubs, switches, and other devices

  4. Why Use A Hierarchical Network Design • CPU adjacencies and increased workload with broadcast packets • Modular topology that limits the number of communicating routers • Minimize costs by buying appropriate internetworking devices for each layer • Keep design element simple and easy to understand • Facilitates design changes • Enables creating design elements that can be replicated • Today’s routing protocols were designed for hierarchical topologies

  5. Flat Versus Hierarchical Topologies • Flat is adequate for very small networks • Flat is easy to design and implement and maintain

  6. Flat WAN Topologies • A WAN for a small company can consist of a few sites connected in a loop. Each site has a WAN router that connects to two other adjacent sites via point-to-point links • Not recommended for networks with many sites. • Loop topology can mean many hops between routers • If routers on opposite sides of a loop exchange a lot of traffic use a hierarchical topology • Redundant routers or switches required for high availability

  7. Mesh Versus Hierarchical-Mesh Topologies • Mesh topology helps meet availability requirements • Full-mesh topology every router or switch is connected to every other router or switch. • Provides complete redundancy and offers good performance because there is just a single-link delay between any two sites • Partial-mesh network has fewer connections. Reach another router or switch might require traversing intermediate links

  8. Mesh Topology (Cont’d) • Disadvantages: • Expensive to deploy and maintain • Hard to optimize, troubleshoot, and upgrade • Lack of modularity • Difficult to upgrade just one part of the network • Scalability limits for groups of routers that broadcast routing updates or service advertisements • Limit adjacent routers that exchange routing tables and service advertisements • For small and medium-sized companies the hierarchical model is often implemented as a hub-and-spoke topology with little or no meshing

  9. The Classic Three-Layer Hierarchical Model • Permits traffic aggregation and filtering at three successive routing or switching levels • Scalable to large international internetworks • Each layer has a specific role • Core layer provides optimal transport between sites • Distribution layer connects network services to the access layer and implements policies regarding security, traffic loading and routing • Access layer consists of routers at the edge of the campus networks. Provides switches or hubs for end-user access.

  10. The Core Layer • High-speed backbone of the internetwork • Should design with redundant components because it is critical for interconnectivity • Highly reliable and adaptable to changes • Use routing features that optimize packet throughput • Have a limited and consistent diameter to provide predictable performance and ease of troubleshooting • For connection to other enterprises via an extranet/internet should include one or more links to external networks.

  11. The Distribution Layer • The demarcation point between the access and core layers of the network • Roles include controlling access to resources for security reasons and controlling network traffic that traverses the core for performance reasons • Often the layer that delineates broadcast domains • Allow core layer to connect diverse sites while maintaining high performance • Can redistribute between bandwidth-intensive access-layer routing protocols and optimized core routing protocols. • Can summarize routes from the access layer • Can provide address translation.

  12. The Access Layer • Provides users on local segments access to the internetwork • Can include routers, switches, bridges and shared-media hubs • Switches are used to divide up bandwidth domains to meet the demands of applications that require a lot of bandwidth. • For small networks can provide access into the corporate internetwork using wide-area technologies such as ISDN, Frame relay, leased digital lines and analog model lines.

  13. Guidelines for Hierarchical Network Design • Control diameter of hierarchical enterprise network topology • Most cases the three major layers are sufficient • Provides low and predictable latency • Should make troubleshooting and network documentation easier • Strict control at the access layer should be maintained

  14. Guidelines for Hierarchical Network Design (Cont’d) • Avoid the design mistake of adding a chain (don’t add networks inappropriately) • Avail backdoors – a connection between devices in the same layer. It can be an extra router, bridge, or switch added to connect two networks • Design access layer first, then the distribution layer and finally the core layer. • More accurately plan capacity requirements for the distribution and core layers • Also recognize optimization techniques needed

  15. Guidelines for Hierarchical Network Design (Cont’d) • Design using modular and hierarchical techniques and then plan the interconnection between layers based on analysis of traffic load, flow, and behavior

  16. Redundant Network Design Topologies • Lets you meet network availability by duplicating network links and interconnectivity devices. • Eliminates the possibility of having a single point of failure • Cab be implemented in both campus and enterprise • Campus goals for users accessing local services • Enterprise goals for overall availability and performance • Analyze business and technical goals of customer

  17. Backup Paths • Consists of routers and switches and individual backup links between routers and switches that duplicate devices and links on the primary path • Consider 2 aspects of backup path • How much capacity does it support • How quickly will the network begin using it • Common to have less capacity than a primary path • Different technologies • Expensive

  18. Backup Paths (Cont’d) • Manual versus automatic • Manual reconfigure users will notice disruption and for mission critical systems not acceptable • Use redundant, partial-mesh network designs to speed automatic recovery time • They must be tested • Sometimes used for load balancing as well as backup

  19. Load Balancing • Primary goal of redundancy is to meet availability • Secondary goal is to improve performance by load balancing across parallel links • Must be planned and in some cases configured • In ISDN environments can facilitate by configuring channel aggregation • Channel aggregation means that a router can automatically bring up multiple ISDN B channel as bandwidth requirements increase

  20. Load Balancing (Cont’d) • Most vendor implementations of IP routing protocols support load balancing across parallel links that have equal cost • Some base cost on the number of hops to a particular destination • Load balance over unequal bandwidth paths • Can be effected by advanced switching (forwarding) mechanisms implemented in routers • Often caches the path to remote destinations to allow faster forwarding of packets

  21. Designing a Campus Network Design Topology • Should meet a customer’s goals for availability and performance by featuring small broadcast domains, redundant distribution-layer segments, mirrored servers, and multiple ways for a workstation to reach a router for off-net communications • Designed using a hierarchical model for good performance, maintainability and scalability.

  22. Virtual LANs • Is an emulation of a standard LAN that allows data transfer to take place without the traditional physical restraints placed on a network. • Based on logical rather than physical connections and are very flexible • Communicate as if they were on the same network • Allows a large flat network to be divided into subnets to divide up broadcast domains • In the future fewer companies will implement large flat LANs and the need for VLANs will be less • Hard to manage and optimize. When dispersed across many physical networks traffic must flow to each of those networks

  23. Redundant LAN Segments • In Campus LANs it is common to design redundant links between LAN switches • The spanning-tree algorithm is used to avoid packet loops. • Spanning-tree algorithm is good for loops but not necessarily for load balancing • When multiple bridges or switches exist in a spanning tree, one bridge becomes the root bridge. Traffic always travels toward the root bridge. Only one path to the root bridge is active, other paths are disabled.

  24. Server Redundancy • File, Web, Dynamic Host Configuration Protocol (DHCP), name, database, configuration, and broadcast servers are all candidates for redundancy in campus design • When a LAN is migrated to DHCP servers the DHCP servers become critical. Use redundant DHCP servers. • DHCP servers can be at the access or distribution layer. In small networks often in the distribution layer. In larger in the access layer. • In large campus networks the DHCP server is often placed on a different network segments than the end systems that use it.

  25. Server Redundancy (Cont’d) • Name servers are less critical than DHCP servers because users can reach services by address instead of name if the name server fails • If ATM is used it is a good idea to duplicate the ATM services used by clients running ATM LAN emulation (LANE) software • LAN Emulation Configuration Server (LECS) • LAN Emulation Server (LES) • Broadcast and Unknown Server (BUS)

  26. Server Redundancy (Cont’d) • Where cost of downtime for file servers is a major concern mirrored file servers should be recommended • If complete redundancy is not feasible then duplexing of the file server hard drives is a good ideas • mirrored file servers allow the sharing of workload between servers

  27. Workstation-to-Router Redundancy • Workstation-to-router communication is critical in most designs to reach remote services • Many ways to discover a router on the network depending on the protocol running and its implementation

  28. AppleTalk Workstation-to-Router Communication • AppleTalk workstations remember the address of the router that sent the most recent RTMP packet • To minimize memory and processing requirements remembers the address of only one router

  29. Novell NetWare Workstation--to-Router Communication • Broadcasts a find-network-number request to find a route to the destination • Routers on the workstation’s network respond • The workstation uses the first router that responds

  30. IP Workstation-to-Router Communication • Implementations vary in how they implement workstation-to-router communication. • Some send an address resolution protocol (ARP) to find remote station • A router running proxy ARP responds to the ARP request with the router’s data-link-layer address • Advantage of proxy ARP is that a workstation does not have to be manually configured with the address of a router

  31. IP Workstation-to-Router Communication (Cont’d) • Sometimes network administrators manually configure an IP workstation with a default router • A default router is the address of a router on the local segment that a workstation uses to reach remote services • A number of protocols are used to identify routers such as • Router Discovery Protocol (RDP) which uses • Internet control Message Protocol (ICMP) • ICMP router advertisement packet • ICMP router solicitation packet

  32. Designing an Enterprise Network Design Topology • Should meet a customer’s goals for availability and performance by featuring redundant LAN and WAN segments in the intranet, and multiple paths to extranets and the Internet • Virtual Private Networking (VPN) can be used

  33. Redundant WAN Segments • Because Wan links can be critical redundant (backup) WAN links are often included in the enterprise topology • Full-mesh topology provides complete redundancy • Full mesh is costly to implement, maintain, upgrade and troubleshoot

  34. Circuit Diversity • Learn as much as possible about the actual physical circuit routing • Some carriers use the same facilities which means the backup path is susceptible to the same failure as the primary path • Circuit diversity refers to the optimum situation of circuits using different paths • It is becoming increasingly harder to guarantee circuit diversity because of mergers of carriers • Analyze your local cabling in addition to the carrier’s services

  35. Multihoming the Internet Connection • Means to provide more than one connection for a systems to access and offer network services • Server is multihomed is it has more than one network layer address • Increasing used to refer to the practice of providing an enterprise network more than one entry into the Internet • Has the potential to become a transit network that provides interconnections for other networks • Means routers on the Internet learn they can reach other routers through the enterprise network

  36. Virtual Private Networking • Enable a customer to use a public network to provide a secure connection among sites on the organization’s internetwork • Can also be used to connect an enterprise intranet to an extranet to reach outside parties • Gives the ability to connect geographically-dispersed offices via a service provider vice a private network • Company data can be encrypted for routing • Firewalls and TCP?/IP tunneling allow a customer to use a public network as a backbone for the enterprise network

  37. Secure Network Design Topologies • Planning for Physical Security • Meeting Security Goals with Firewall Topologies

  38. Planning for Physical Security • Install critical equipment in computer rooms that have protection • Logical design might have an impact on physical security • Planning should start to allow lead times to build or install security mechanisms

  39. Meeting Security Goals with Firewall Topologies • A firewall is a system or combination of systems that enforces a boundary between two or more networks • Can be a router with access control lists (ACL) • Dedicated hardware box • Software running on a PC or UNIX system • Should be placed in the network topology so that all traffic from outside the protected network must pass through the firewall • Security policy specifies which traffic is authorized to pass through the firewall

  40. Meeting Security Goals with Firewall Topologies (Cont’d) • Especially important at the boundary between the enterprise network and the Internet • Customers with the need to publish public data and protect private data the firewall topology can include a public LAN that hosts Web, FTP, DNS and SMTP servers • Larger customers should use a firewall in addition to a router between the Internet and the enterprise network

  41. Meeting Security Goals with Firewall Topologies (Cont’d) • An alternative is to use two routers as the firewall and place the free-trade zone between them. This is the three-part firewall topology • The configuration on the routers might be complex, consisting of many access control list to control traffic in and out of the private network and the free trade zone. • Dedicated firewalls usually have a GUI that lets you specify a security policy an an intuitive fashion

  42. Summary • Designing a network topology is the first step in the logical design • Three models for network topologies: hierarchical, redundant, and secure • Hierarchical lets you develop a network consisting of many interrelated components in a layered, modular fashion • Redundant lets you meet requirements for network availability by duplicating network components • Secure protects core routers, demarcation points, cabling, modems and other equipment. Adding firewalls protects against hackers.