[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Network Analysis & Designing
1. N D
A
IS
LYS
A
AN
RK
Y
LOG
O TO
PO
W N WORK
ET IG A NET
N ES ING
D ESIGN
D
2. TOPOLOGY
a map of an internetwork that indicates segments, interconnection
points and user communities
First step in logical design
Hierarchical network design
Scalable campus and enterprise networks
Layered, modular model
3. HIERARCHICAL NETWORK DESIGN
Develop in discrete layers
Each has a specific functions
Typical hierarchical topology is:
core layer of high-end routers and switches that are
optimized for availability and performance
Distribution layer of routers and switches that
implement policy
Access layer that connects users via hubs, switches,
and other devices
4. WHY USE A HIERARCHICAL NETWORK DESIGN
CPU adjacencies and increased workload with broadcast
packets
Modular topology that limits the number of communicating
routers
Minimize costs by buying appropriate internetworking
devices for each layer
Keep design element simple and easy to understand
Facilitates design changes
Enables creating design elements that can be replicated
Today’s routing protocols were designed for hierarchical
topologies
5. FLAT VERSUS HIERARCHICAL TOPOLOGIES
Flat is adequate for very small networks
Flat is easy to design and implement and maintain
6. FLAT WAN TOPOLOGIES
A WAN for a small company can consist
of a few sites connected in a loop.
Each site has a WAN router that
connects to two other adjacent sites
via point-to-point links
Not recommended for networks with
many sites.
Loop topology can mean many hops between routers
If routers on opposite sides of a loop exchange a lot of
traffic use a hierarchical topology
Redundant routers or switches required for high
availability
7. MESH VERSUS HIERARCHICAL-MESH
TOPOLOGIES
Mesh topology helps meet availability
requirements
Full-mesh topology every router or switch is
connected to every other router or switch.
Provides complete redundancy and offers good performance
because there is just a single-link delay between any two
sites
Partial-mesh network has fewer
connections. Reach another router or
switch might require traversing
intermediate links
8. MESH TOPOLOGY (CONT’D)
Disadvantages:
Expensive to deploy and maintain
Hard to optimize, troubleshoot, and upgrade
Lack of modularity
Difficult to upgrade just one part of the network
Scalability limits for groups of routers that broadcast
routing updates or service advertisements
Limit adjacent routers that exchange routing tables and
service advertisements
For small and medium-sized companies
the hierarchical model is often
implemented as a hub-and-spoke
topology with little or no meshing
9. THE CLASSIC THREE-LAYER HIERARCHICAL
MODEL
Permits traffic aggregation and filtering at
three successive routing or switching
levels
Scalable to large international
internetworks
Each layer has a specific role
Core layer provides optimal transport
between sites
Distribution layer connects network services
to the access layer and implements
policies regarding security, traffic loading
and routing
Access layer consists of routers at the edge
10. THE CORE LAYER
High-speed backbone of the internetwork
Should design with redundant components
because it is critical for interconnectivity
Highly reliable and adaptable to changes
Use routing features that optimize packet
throughput
Have a limited and consistent diameter to
provide predictable performance and ease of
troubleshooting
For connection to other enterprises via an
extranet/internet should include one or more
links to external networks.
11. THE DISTRIBUTION LAYER
The demarcation point between the access and core layers of
the network
Roles include controlling access to resources for security
reasons and controlling network traffic that traverses the core
for performance reasons
Often the layer that delineates broadcast domains
Allow core layer to connect diverse sites while maintaining high
performance
Can redistribute between bandwidth-intensive access-layer
routing protocols and optimized core routing protocols.
Can summarize routes from the access layer
Can provide address translation.
12. THE ACCESS LAYER
Provides users on local segments access to
the internetwork
Can include routers, switches, bridges and
shared-media hubs
Switches are used to divide up bandwidth
domains to meet the demands of
applications that require a lot of
bandwidth.
For small networks can provide access into
the corporate internetwork using wide-
area technologies such as ISDN, Frame
relay, leased digital lines and analog
model lines.
13. GUIDELINES FOR HIERARCHICAL NETWORK
DESIGN
Control diameter of hierarchical enterprise network topology
Most cases the three major layers are sufficient
Provides low and predictable latency
Should make troubleshooting and network documentation easier
Strict control at the access layer should be maintained
14. GUIDELINES FOR HIERARCHICAL NETWORK
DESIGN (CONT’D)
Avoid the design mistake of adding a chain
(don’t add networks inappropriately)
Avail backdoors – a connection between
devices in the same layer. It can be an
extra router, bridge, or switch added to
connect two networks
Design access layer first, then the distribution
layer and finally the core layer.
More accurately plan capacity requirements for the distribution
and core layers
Also recognize optimization techniques needed
15. GUIDELINES FOR HIERARCHICAL NETWORK
DESIGN (CONT’D)
Design using modular and hierarchical techniques and then plan the
interconnection between layers based on analysis of traffic load,
flow, and behavior
16. REDUNDANT NETWORK DESIGN TOPOLOGIES
Lets you meet network availability by
duplicating network links and
interconnectivity devices.
Eliminates the possibility of having a
single point of failure
Cab be implemented in both campus and
enterprise
Campus goals for users accessing local services
Enterprise goals for overall availability and performance
Analyze business and technical goals of customer
17. BACKUP PATHS
Consists of routers and switches and
individual backup links between routers
and switches that duplicate devices and
links on the primary path
Consider 2 aspects of backup path
How much capacity does it support
How quickly will the network begin using it
Common to have less capacity than a
primary path
Different technologies
Expensive
18. BACKUP PATHS (CONT’D)
Manual versus automatic
Manual reconfigure users will notice disruption and for mission critical systems not
acceptable
Use redundant, partial-mesh network designs to speed automatic recovery time
They must be tested
Sometimes used for load balancing as well as backup
19. LOAD BALANCING
Primary goal of redundancy is to meet
availability
Secondary goal is to improve performance
by load balancing across parallel links
Must be planned and in some cases
configured
In ISDN environments can facilitate by
configuring channel aggregation
Channel aggregation means that a router can automatically
bring up multiple ISDN B channel as bandwidth
requirements increase
20. LOAD BALANCING (CONT’D)
Most vendor implementations of IP routing
protocols support load balancing across
parallel links that have equal cost
Some base cost on the number of hops to a
particular destination
Load balance over unequal bandwidth paths
Can be effected by advanced switching
(forwarding) mechanisms implemented in
routers
Often caches the path to remote destinations to allow faster
forwarding of packets
21. DESIGNING A CAMPUS NETWORK DESIGN
TOPOLOGY
Should meet a customer’s goals for
availability and performance by
featuring small broadcast domains,
redundant distribution-layer segments,
mirrored servers, and multiple ways for
a workstation to reach a router for off-
net communications
Designed using a hierarchical model for
good performance, maintainability and
scalability.
22. VIRTUAL LANS
Is an emulation of a standard LAN that allows data
transfer to take place without the traditional physical
restraints placed on a network.
Based on logical rather than physical connections and
are very flexible
Communicate as if they were on the same network
Allows a large flat network to be divided into subnets to
divide up broadcast domains
In the future fewer companies will implement large flat
LANs and the need for VLANs will be less
Hard to manage and optimize. When dispersed across
many physical networks traffic must flow to each of those
networks
23. REDUNDANT LAN SEGMENTS
In Campus LANs it is common to design
redundant links between LAN switches
The spanning-tree algorithm is used to
avoid packet loops.
Spanning-tree algorithm is good for loops
but not necessarily for load balancing
When multiple bridges or switches exist in
a spanning tree, one bridge becomes
the root bridge. Traffic always travels
toward the root bridge. Only one path to
the root bridge is active, other paths are
disabled.
24. SERVER REDUNDANCY
File, Web, Dynamic Host Configuration Protocol (DHCP),
name, database, configuration, and broadcast servers
are all candidates for redundancy in campus design
When a LAN is migrated to DHCP servers the DHCP
servers become critical. Use redundant DHCP servers.
DHCP servers can be at the access or distribution layer.
In small networks often in the distribution layer. In
larger in the access layer.
In large campus networks the DHCP server is often
placed on a different network segments than the end
systems that use it.
25. SERVER REDUNDANCY (CONT’D)
Name servers are less critical than DHCP
servers because users can reach services
by address instead of name if the name
server fails
If ATM is used it is a good idea to duplicate
the ATM services used by clients running
ATM LAN emulation (LANE) software
LAN Emulation Configuration Server (LECS)
LAN Emulation Server (LES)
Broadcast and Unknown Server (BUS)
26. SERVER REDUNDANCY (CONT’D)
Where cost of downtime for file servers is a major concern mirrored file
servers should be recommended
If complete redundancy is not feasible then duplexing of the file server
hard drives is a good ideas
mirrored file servers allow the sharing of workload between servers
30. IP WORKSTATION-TO-ROUTER COMMUNICATION
Implementations vary in how they
implement workstation-to-router
communication.
Some send an address resolution protocol
(ARP) to find remote station
A router running proxy ARP responds to the
ARP request with the router’s data-link-
layer address
Advantage of proxy ARP is that a
workstation does not have to be manually
configured with the address of a router
31. IP WORKSTATION-TO-ROUTER COMMUNICATION
(CONT’D)
Sometimes network administrators
manually configure an IP workstation with
a default router
A default router is the address of a router
on the local segment that a workstation
uses to reach remote services
A number of protocols are used to identify
routers such as
Router Discovery Protocol (RDP) which uses
Internet control Message Protocol (ICMP)
ICMP router advertisement packet
ICMP router solicitation packet
32. DESIGNING AN ENTERPRISE NETWORK DESIGN
TOPOLOGY
Should meet a customer’s goals for availability and performance by
featuring redundant LAN and WAN segments in the intranet, and
multiple paths to extranets and the Internet
Virtual Private Networking (VPN) can be used
33. REDUNDANT WAN SEGMENTS
Because Wan links can be critical redundant (backup) WAN links are
often included in the enterprise topology
Full-mesh topology provides complete redundancy
Full mesh is costly to implement, maintain, upgrade and troubleshoot
34. CIRCUIT DIVERSITY
Learn as much as possible about the actual
physical circuit routing
Some carriers use the same facilities which
means the backup path is susceptible to
the same failure as the primary path
Circuit diversity refers to the optimum
situation of circuits using different paths
It is becoming increasingly harder to
guarantee circuit diversity because of
mergers of carriers
Analyze your local cabling in addition to the
carrier’s services
35. MULTIHOMING THE INTERNET CONNECTION
Means to provide more than one connection
for a systems to access and offer network
services
Server is multihomed is it has more than
one network layer address
Increasing used to refer to the practice of
providing an enterprise network more
than one entry into the Internet
Has the potential to become a transit
network that provides interconnections
for other networks
Means routers on the Internet learn they can reach other
routers through the enterprise network
36. VIRTUAL PRIVATE NETWORKING
Enable a customer to use a public network to
provide a secure connection among sites on
the organization’s internetwork
Can also be used to connect an enterprise
intranet to an extranet to reach outside
parties
Gives the ability to connect geographically-
dispersed offices via a service provider vice a
private network
Company data can be encrypted for routing
Firewalls and TCP?/IP tunneling allow a
customer to use a public network as a
37. SECURE NETWORK DESIGN TOPOLOGIES
Planning for Physical Security
Meeting Security Goals with Firewall Topologies
38. PLANNING FOR PHYSICAL SECURITY
Install critical equipment in computer rooms that have protection
Logical design might have an impact on physical security
Planning should start to allow lead times to build or install security
mechanisms
39. MEETING SECURITY GOALS WITH FIREWALL
TOPOLOGIES
A firewall is a system or combination of
systems that enforces a boundary
between two or more networks
Can be a router with access control lists (ACL)
Dedicated hardware box
Software running on a PC or UNIX system
Should be placed in the network topology
so that all traffic from outside the
protected network must pass through the
firewall
Security policy specifies which traffic is
authorized to pass through the firewall
40. MEETING SECURITY GOALS WITH FIREWALL
TOPOLOGIES (CONT’D)
Especially important at the boundary
between the enterprise network and the
Internet
Customers with the need to publish public
data and protect private data the firewall
topology can include a public LAN that
hosts Web, FTP, DNS and SMTP servers
Larger customers should use a firewall in
addition to a router between the Internet
and the enterprise network
41. MEETING SECURITY GOALS WITH FIREWALL
TOPOLOGIES (CONT’D)
An alternative is to use two routers as the
firewall and place the free-trade zone
between them. This is the three-part
firewall topology
The configuration on the routers might be
complex, consisting of many access
control list to control traffic in and out of
the private network and the free trade
zone.
Dedicated firewalls usually have a GUI that
lets you specify a security policy an an
intuitive fashion
42. SUMMARY
Designing a network topology is the first
step in the logical design
Three models for network topologies:
hierarchical, redundant, and secure
Hierarchical lets you develop a network consisting of many
interrelated components in a layered, modular fashion
Redundant lets you meet requirements for network
availability by duplicating network components
Secure protects core routers, demarcation points, cabling,
modems and other equipment. Adding firewalls protects
against hackers.