Network Design

CHAPTER 2
Structuring and
Modularizing the
Network
Hierarchical
The hierarchicalNetwork Model
network model provides a framework that
network designers can use to help ensure that the network is
flexible and easy to implement and troubleshoot .To meet the
four fundamental design goals, a network must be built on an
architecture that allows for both flexibility and growth.
In networking, a hierarchical design is used to group devices
into multiple networks. The networks are organized in a
layered approach.
 This model has three basic layers:
Core layer: Connects distribution layer devices
Distribution layer: Interconnects the smaller local networks
Access layer: Provides connectivity for network hosts and
end devices
Cont,
Core Layer Design Considerations
The core layer is responsible for transporting large
amounts of data quickly and reliably. The designer must
ensure that the core layer is designed with fault tolerance,
especially because all users in the network can be affected
by a failure.
The ability to avoid unnecessary delays in network traffic
quickly becomes a top priority for the network designer.
The core layer is sometimes called the network backbone.
Routers and switches at the core layer provide high-speed
connectivity.
The core layer includes one or more links to the devices at
the enterprise edge to support Internet, virtual private
networks(VPN), extranet, and WAN access.
 Cont,

Implementing a core layer reduces the complexity of the network,

making it easier to manage and troubleshoot.
The core layer design enables the efficient, high-speed transfer of data
between one section of the network and another.
Technologies used at the core layer include the following:
Routers or multilayer switches that combine routing and switching in
the same device
Routing protocols that scale well and converge quickly, such as
(EIGRP)and Open Shortest Path First (OSPF) Protocol
Redundant Links
Distribution Layer Design Considerations
Distribution Layer Routing
The access layer is commonly built using Layer 2 switching
technology. The distribution layer is built using Layer 3
devices. Routers or multilayer switches, located at the
distribution layer, provide many functions critical for meeting
the goals of the network design, including the following:
Filtering and managing traffic flows
Enforcing access control policies
Summarizing routes before advertising the routes to the Core
Isolating the core from access layer failures or disruptions
Routing between access layer VLANs
Distribution layer devices are also used to manage queues and
prioritize traffic before transmission through the campus core.
Cont,
 Trunks
Trunk links are often configured between
access and distribution layer networking
devices. Trunks are used to carry traffic that
belongs to multiple VLANs between devices
over the same link.
The network designer considers the overall
VLAN strategy and network traffic patterns
when designing the trunk links.
Distribution Layer Topology
Distribution layer networks are usually wired
in a partial-mesh topology.
This topology provides enough redundant
paths to ensure that the network can survive
a link or device failure. When the distribution
layer devices are located in the same wiring
closet or data center, they are interconnected
using gigabit links. When the devices are
separated by longer distances, fiber cable is
used. Switches that support multiple high-
speed fiber connections can be expensive
Traffic Filtering at the Distribution Layer
Access control lists (ACL) are a tool that can be used at
the distribution layer to limit access and to prevent
unwanted traffic from entering the core network.
ACL statements identify which packets to accept or
which to deny.
To filter network traffic,therouter examines each packet
and then either forwards or discards it, based on the
conditions specified in the ACL.
 There are different types of ACLs for different purposes.
 Standard ACLs filter traffic based on the source address.
 Extended ACLs can filter based on multiple criteria,
such as Source address, Destination address, Protocols,
Port numbers or applications and whether the packet is
part of an established TCP stream.
The access layer is used to control user access to the
internetwork resources.
The access layer represents the edge of the network
where end devices connect.
Access layer services and devices reside inside each
building of a campus, each remote site and server
farm, and at the enterprise edge.
The access layer of the campus infrastructure uses
Layer 2 switching technology to provide access into
the network.
The access can be either through a permanent wired
infrastructure or through wire- less access points.
Ethernet over copper wiring poses distance
limitations.
 Wiring Closets
Wiring closets can be actual closets or small telecommunication
rooms that act as the termination point for infrastructure cabling
within buildings or within floors of a building.
The placement and physical size of the wiring closets depends on
network size and expansion plans.
The wiring closet equipment provides power to end devices such as IP
phones and wireless access points. Many access layer switches have
Power-over-Ethernet (PoE) functionality.
The Need for Availability at the Access Layer
In early networks, high availability was usually present only at the
network core, enterprise edge, and data center networks. With IP
telephony, there is now an expectation that every individual telephone
should be available 100 percent of the time. Redundant components
and failover strategies can be implemented at the access layer to
improve reliability and increase availability for the end devices.
 Most recent Ethernet networks use a star topology,
Network Topologies at the Access Layer

which is sometimes called a hub-and-spoke topology.

In a star topology, each end device has a direct
connection to a single networking device.
This single networking device is usually a Layer 2 or
multilayer switch. A wired star topology in the access
layer typically has no redundancy from individual end
devices to the switch.
For many businesses, the cost of additional wiring to
create redundancy is usually too high.
Using a Modular Approach to Network Design
The access, distribution, and core layers can appear within each
module of the Cisco Enterprise Architecture. The modularity
built into the architecture allows flexibility in network design
and facilitates implementation and troubleshooting.
Evolution of Enterprise Networks
the hierarchical model divides the enterprise network design
(separately for both campus and WAN networks) into the access,
distribution, and core layers.
This solution has several weaknesses, especially for large
networks, which are difficult to implement, manage, and,
particularly, troubleshoot.
Networks became complex, and it was difficult to evaluate a
network solution end-to-end through the network. The
hierarchical model does not scale well to these large networks.
 Functional Areas of the Cisco Enterprise
Architecture
the entire network is divided into functional
components.
The access, distribution, and core layers can
appear in any functional area or module of
the Cisco Enterprise Architecture.
The Cisco Enterprise Architecture comprises
the following major functional areas (also
called modules): Enterprise Campus,
Enterprise Edge, Service Provider, and
Remote.
Cont

Cisco Enterprise Architecture

An enterprise campus site is a large site that is often the
Enterprise Campus Modules

corporate headquarters or a major office. Regional offices,

SOHOs, and mobile workers might have to connect to the
central campus for data and information.

Enterprise Campus Functional Area

Campus Infrastructure Module
It consists of several buildings connected
across a Campus Core.
The Campus Infrastructure module connects
devices within a campus to the Server Farm
and Enterprise Edge modules.
A single building in a Campus Infrastructure
design contains a Building Access layer and a
Building Distribution layer. When more
buildings are added to the Campus
Infrastructure, a backbone or Campus Core
layer is added between buildings. The Campus
Infrastructure module includes three layers:
Building Access layer, Building Distribution
laye rand Campus Core layer
Server Farm Module
A high-capacity, centralized server farm module
provides users with internal server resources. it
typically supports network management services
for the enterprise, including monitoring, logging,
and troubleshooting, and other common
management features from end to end.
The Server Farm module typically contains
internal e-mail and other corporate servers that
provide internal users with application, file, print,
e-mail, and Domain Name System (DNS) services.
the Server Farm module switches are cross-
connected with the Campus Core layer switches,
thereby enabling high reliability and availability
of all servers in the Server Farm module.
Enterprise Edge Modules
The modules aggregate the connectivity from
the various elements outside the campus
using various services and WAN technologies
as needed, typically provisioned from service
providers and route the traffic into the
Campus Core layer.
This area is composed of four main modules:
E-commerce, Internet Connectivity,
Remote Access and VPN and, WAN and
MAN and Site-to-Site VPN module.
 Cont,

Enterprise Edge Functional Area

 E-commerce Module
The E-commerce module enables enterprises to successfully
deploy e-commerce applications and take advantage of the
opportunities the Internet provides. All e-commerce
transactions pass through a series of intelligent services that
provide scalability, security, and high availability within the
overall e-commerce network design.
Internet Connectivity Module
 The Internet Connectivity module provides internal users
with connectivity to Internet services, such as HTTP, FTP,
Simple Mail Transfer Protocol (SMTP), and DNS. This
module also provides Internet users with access to
information published on an enterprise's public servers,
such as HTTP and FTP servers.
Remote Access and VPN Module
The Remote Access and VPN module terminates remote access
traffic and VPN traffic that the Internet Connectivity Module
forwards from remote users and remote sites. It also uses the
Internet Connectivity module to initiate VPN connections to
remote sites.
WAN and MAN and Site-to-Site VPN Module
including site-to-site VPNs, to route traffic between remote
sites and the central site. In addition to traditional media (such
as leased lines) and circuit-switched data-link technologies
(such as Frame Relay and ATM), including Synchronous
Optical Network/Synchronous Digital Hierarchy (SDH), cable,
DSL, MPLS, Metro Ethernet, wireless, and service provider
VPNs. This module incorporates all Cisco devices that support
these WAN technologies, and routing, access control, and QoS
mechanisms.
Service Provider
they are necessary Modules
to enable communication with other
networks, using a variety of WAN technologies, and with
Internet service providers (ISP). The modules within the
Service Provider functional area are: Internet Service Provider,
PSTN and Frame Relay/ATM module
Internet Service Provider
Module
The IP connectivity to an ISP network for basic access to the
Internet or for enabling Enterprise Edge services, such as those
in the E-commerce, Remote Access and VPN, and Internet
Connectivity modules. Enterprises can connect to two or more
ISPs to provide redundant connections to the Internet.
Public Switched Telephone Network Module
The PSTN module represents all nonpermanent WAN connections.
The PSTN module represents the dialup infrastructure for accessing
the enterprise network using ISDN, analog, and wireless telephony
(cellular) technologies.
Frame Relay/ATM Module
This module covers all WAN technologies for permanent connectivity
with remote locations.
 The technologies in this module include the following:
Frame Relay is a connection-oriented, packet-switching technology
designed to efficiently transmit data traffic at data rates of up to those
used by E3 and T3 connections.
E3 is a European standard with a bandwidth of 34.368 megabits per
second (Mbps).
T3 is a North American standard with a bandwidth of 44.736 Mbps.
ATM is a higher-speed alternative to Frame Relay. It is a high-
performance, cell-oriented, switching and multiplexing technology for
carrying different types of traffic.
Remote
The three Enterprise Modules
modules supporting remote enterprise locations are
the Enterprise Branch, the Enterprise Data Center, and the
Enterprise Teleworker.
Enterprise Branch Module
This module extends the enterprise by providing each
location with a resilient network architecture with
integrated security, Cisco Unified Communications, and
wireless mobility.
A branch office is sometimes called a remote site, remote
office, or sales office.
 Branch office users must be able to connect to the central
site to access company information. The Enterprise Branch
module typically uses a simplified version of the Campus
Infrastructure module design.
Enterprise

Data Center Module
The Enterprise Data Center network architecture allows the network
to evolve into a platform that enhances the application, server, and
storage solutions and equips organizations to manage increased
security, cost, and regulatory requirements while providing the
ability to respond quickly to changing business environments.
Enterprise Teleworker Module
Telecommuters might also be mobile user people who need
access while traveling or who do not work at a fixed company
site.
Mobile users tend to access the company network using a
broadband Internet service and the VPN client software on
their laptops or via an asynchronous dialup connection through
the telephone company. These solutions provide simple and
safe access for teleworkers to the corporate network site,
according to the needs of the users at the sites.
Infrastructure Services within Modular Networks
Businesses that operate large enterprise networks strive to
create an enterprise-wide networked infrastructure and
interactive services to serve as a solid foundation for business
and collaborative applications.
A network service is a supporting and necessary service, but
not an ultimate solution. IP telephony might be an ultimate
goal of a network and is therefore a network application (or
solution), rather than a service.
Interactive Services
Interactive services add intelligence to the network
infrastructure, beyond simply moving a datagram between two
points Advanced network services use the traffic classification
to regulate performance, ensure security, facilitate delivery, and
improve manageability.
Network applications such as IP telephony support the entire
enterprise network environment from the teleworker to the
campus to the data center. These applications are enabled by
critical network services and provide a common set of
capabilities to support the application’s networkwide
requirements, including security, high availability, reliability,
flexibility, responsiveness, and compliancy.
 Cont,
 the layers of the SONA interactive services layer includes both
application networking services and infrastructure services.
Security services: Ensure that all aspects of the network are secure,
from devices connecting to the network to secured transport to data
theft prevention
Mobility services: Allow users to access network resources
regardless of their physical location
Storage services: Provide distributed and virtual storage across the
infrastructure
Voice and collaboration services: Deliver the foundation by which
voice can be carried across the network, such as security and high
availability
Compute services: Connect and virtualize compute resources based
on the application
Identity services: Map resources and policies to the user and device