chapter 1 network design

8/8/2019 Chapter 1 Network Design

1/26

General Network Design PrinciplesFor network design, there is no one "good network design," andthere is certainly no "one size fits all." A good network design is

based on many concepts, some of which are summarized by thefollowing key general principles:There should be redundancy in your network, so that a single link or hardware failure does not isolate any portion of the network resulting in those users losing access to network resources.

High bandwidth : The more network bandwidth available to your

users, the faster they can work, or surf the Internet. Think of a four-lane highway that enables more cars to travel than a two-lane road.

LAN DESIGN


2/26

Quality of service (QoS) This is a traffic-prioritization scheme usedto ensure that delay-sensitive traffic such as voice and video is givena higher priority on the network than other types of traffic that arerelatively immune to delay or changes in delay times (jitter)

Low cost. Don't spend more money than necessary. Fast c

onvergence.

S ecurity


3/26

H owever, the cornerstone of any good network is the hierarchical model, which is made up of three pieces, or layers, as illustrated in

Figure 1. It is important to keep in mind that the hierarchical modelrefers to conceptual layers providing functionality in your network,not an actual physical separation.

Figure 1


4/26

The hierarchical network design model serves to help you develop a

network topology in separate layer s.For example, in Figure 1, high-speed WAN routers carry trafficacross the enterprise backbone, ( C ore ) medium-speed routersconnect buildings at each campus,( Distributio n) and switches andhubs connect user devices and servers within buildings. ( Acc ess)

Figure 1


5/26

It is important to keep in mind that the hierarchical model refers toconceptual layers providing functionality in a network, NOT an

actual physical separation as shown below.


6/26

T he core layer is a high-speed switching and routing backbone andshould be designed to pass network traffic as fast as possible. This layer

of the network should not perform any frame or packet manipulation,such as access lists and filtering, which would slow down the switchingof traffic and in turn result in less than a "high-speed" environment.

T he distribution layer of the network is the demarcation point betweenthe access and core layers and helps define and differentiate the core.The purpose of the distribution layer is to define network boundariesand is the point in the network at which packet manipulation can take

place. The distribution layer is where access lists and filtering (based on

Layer 2 MAC or Layer 3 network addresses) will take place, providingnetwork security. The distribution layer is also where broadcastdomains are defined and traffic between VLANs is routed. If there isany media transition that needs to occur, such as between a 10-MbpsEthernet and 100-Mbps Fast Ethernet network segment, this transition

also happens at the distribution layer.


7/26

T he access layer is the point at which local end users are allowed into

the network. The access layer might also use access lists or filters andVLANS to further meet the needs of a particular set of users. Theaccess layer is where such functions as bandwidth sharing, filteringon the MAC (Layer 2) address, micro- segmentation and wirelessaccess points connection can occur .


8/26

B ENEFITS OF T H E H IERARC H ICAL NETWORK

In a large flat, ( figure below ) or switched, network, for example, broadcast frames are burdensome. A broadcast frame interrupts the CPUon each device within the broadcast domain, and demands processingtime on every device, including routers, workstations, and servers.


9/26

Using a hierarchical model helps you to minimize network costs

because you can buy the appropriate networking devices for each layer of the hierarchy. This in turn avoids spending money on unnecessaryfeatures for a layer, not unlike buying a home appliance with featuresthat you are not going to use, such as a microwave with a toothbrushholder.

The modular nature of the hierarchical design model also enables youto accurately plan network capacity within each layer of the hierarchy,which means you can reduce wasted bandwidth in your network

That keeps your financial people happy because you are not paying for something you're not using. Network management responsibility andnetwork management systems can also be applied to the differentlayers of your network to control costs. Again, this is made possible

because of the modular architecture of your network .


10/26

Network modularity enables you to keep each design element simple

and easy to manage. Testing a network design is made easy becausethere is clear functionality at each layer. Fault isolation is improved

because network transition points are easily identified.

A hierarchical design eases changes in the network environment. ALayer 3 switch helps implement a hierarchical topology. As a network requires changes, such as more users joining the network or atechnology refresh/upgrade, the cost of making an upgrade to thenetwork infrastructure is contained to a small section of the network.

In large, flat network architectures, changes impact a large number of network devices and systems. Replacing one of the network devices inthis large network can affect numerous other networks because of theinterconnections between each network, as illustrated in the figure

below.


11/26


12/26

The hierarchical network design model serves to help you develop a

network topology in separate layers. Each layer focuses on specificfunctions, enabling you to choose the right equipment and features for the layer.

It was mentioned in the slide above that, the access layer is the point atwhich local end users are allowed into the network, and that the accesslayer might also use access lists or filters and VLANS to further meet theneeds of a particular set of users. Let us now discuss the benefits of VLANS.


13/26

Definition: A virtual L AN, or VLAN, is a group of computer s, network printer s, network server s, and other network device s thatbehave a s if they were connected to a single network . In it s basic form , a VLAN is a broadca st domain but the differencebetween a traditional broadca st domain and one defined by a

VLAN is that a broadca st domain i s seen a s a di stinct phy sicalentity while a VL AN is a logical topology , meaning that theVLAN hosts are not grouped within the phy sical confine s of atraditional broadca st domain , such a s an Ethernet L AN .


14/26

VLANs

T he Di stribution Layer define s broadca st domain s

and route s VLAN

s . It sum s up(aggregate s) A

ccess traffic


15/26

The prim a ry reason for VLAN implementation is the cost reduction of handling user moves and changes. Any network device moved or

added can be dealt with from the network-management console rather than the wiring closet. VLANs provide a flexible, easy, and less-costlyway to modify and manage logical groups of computers in changingenvironments.

BenefitsThere are benefits for using VLANs. Users might be spread throughoutdifferent floors of a building, so a VLAN would enable you to make allthese users part of the same broadcast domain. This can also be a

security feature.

In addition, if one department's server were placed on the same VLAN,the users would be able to access their server without the need for traffic to cross routers and impact other parts of the network, possiblyresulting in network congestion and causing slowdowns.


16/26

CONFIGURATION/IMPLEMENTATIONB asic Configuration:OverviewVirtual LAN; a logical, not physical, group of devices, defined bysoftware. VLANs allow network administrators to re-segment their networks without physically rearranging the devices or network

connections. A VLAN (Virtual LAN) is a network composed of logical broadcast domains. Configuration VLANs allows network traffic to be separated logically. Network devices on VLAN1 will not

be able to communicate (ping) devices on VLAN2. It is possible tohave devices on VLAN1 of a switch communication with VLAN1 on

another switch through a method called VLAN trunking. See theimage below :


17/26


18/26

This diagram gives you the basic idea of VLAN membership. You can

see how the floors of the building are separate and that each departmentis represented by a different color. The switches lie below and the trunk link is represented by the lightning bolt. Trunk links may also be referredto as .1q or "dot one Q." This refers to the IEEE standard of 802.1qwhich defines the method of vlan trunking .

T ypes of MembershipThere are several different types of memberships associated withVLANs:Static VLANsDynamic VLANs

Static VLANs are specified by switch port. For example, a 12 port fastethernet switch is split for the creation of 2 VLANs. The first 6 ports areassociated with VLAN1 and the last 6 ports are associated with VLAN2.If a machine is moved from port 3 to port 11, it will effectively changeVLANs.


19/26

Dynamic VLANs are specified by MAC address. Assuming the same

scenario, a system administrator will enter MAC addresses for allmachines connecting to the switch. These addresses will be stored in amemory chip inside the switch that forms a database of local MACaddresses. Each MAC address can then be associated with a certainVLAN. This way, if a machine is moved, it will retain the originalVLAN membership reguardless of it's port number.


20/26

VLAN T agging Moving VLAN data over multiple switches uses a method called VLAN ta gging . The act of VLAN tagging simply adds extra information in the

packet header of ethernet frames so routers know how to pass along thedata.VLAN Enabled S witches

Not all switches support VLANs. Most "managed" switches including

Dell, Netgear, H P, and others all support vlans. Remember that becauseVLAN tagging is a universal standard, different brands of switches canaccomplish the same thing. Data centers are large enivronments shouldstandardize on a specific platform. Cisco has created proprietary

protocols to manage VLANs called VLAN T runking P ro t oc ol or VTPwhich enables Cisco switches to advertise VLAN routes to other VTPenabled switches. This also allows a system administrator to manage allVLANs from a central point and order all switches to update the VLANinformation along the entire network. Most orgainizations using VLANshave figured out it is worth shelling out the extra cash to go with Ciscoequipment and get the extra features and fuctionality


21/26


22/26

VLAN ConfigurationVLANs are broadca st domain s defined within switche s to allow control of broadca st, multica st, unica st, and unknown unica st within a Layer 2 device .VLAN s are defined on a switch in an internal databa se known a s the VLAN TrunkingProtocol (VTP ) database. A fter a VL AN ha s been created , port s are a ssigned to the VL AN .VLAN s are a ssigned number s for identification within and between switche s. Ciscoswitche s have two range s of VLAN s, the normal range and extended range.VLAN s have a variety of configurable parameter s, including name , type , and state .Several VL AN s are re served , and some can be u sed for internal purpo ses within theswitch .


23/26

Creation of an Ethernet VLANVLAN s are created on Layer 2 switche s to control broadca sts and enforce the u se of aLayer 3 device for communication s. Each VLAN is created in the local switch' s databa se

for u se. If a VLAN is not known to a switch , that switch cannot tran sfer traffic acro ss any of it s port s for that VL AN . VLAN s are created by number , and there are two range s of usable VLAN number s (normal range 11000 and extended range 10254096 ). When aVLAN is created , you can al so give it certain attribute s such a s a VLAN name , VLAN type , and it s operational state . T o create a VL AN, use the following step s.Configure V TP .


24/26

VTP is a protocol u sed by Ci sco switche s to maintain a con sistent databa se betweenswitche s for trunking purpo ses. VTP is not required to create VL AN s; however , Ciscoha s set it up to act a s a conduit for VL AN configuration between switche s as a default tomake admini stration of VL AN s easier . Because of thi s, you mu st first either configureVTP with a domain name or di sable V TP on the switch .


25/26

Distribution_1 (enable )>set vtp mode transparentDistribution_1 (enable )>set vlan 5 name Cameron

Distribution_1 (enable )>set vlan 8 name LoganDistribution_1 (enable )>set vlan 10 name KatieDistribution_1 (enable )>set spantree macreduction enableDistribution_1 (enable )>set vlan 2112 name Ru shDistribution_1 (enable )>

A n example of the Cataly st OS configuration for Di stribution 1 follow s:


26/26

A n example of the Supervi sor IO S configuration for Di stribution 1 follow s:Distribution_1# vlan database Distribution_1(vlan )#vtp tran sparentDistribution_1(vlan )#exit Di stribution_1#conf t Di stribution_1(config )#vlan 5Distribution_1(config-vlan )# name Cameron Di stribution_1(config-vlan )#vlan 8Distribution_1(config-vlan )# name Logan Di stribution_1(config-vlan )# vlan 10Distribution_1(config-vlan )# name Katie Di stribution_1(config-vlan )# endDistribution_1 #copy running-config startup-config

A n example of the Layer 2 IO S configuration for A ccess 1 follow s:

A ccess _1#vlan database A ccess _1 (vlan )#vtp tran sparent A ccess _1 (vlan )#vlan 5name Cameron A ccess _1 (vlan )#vlan 8 name Logan A ccess _1 (vlan )#vlan 10 nameKatie A ccess _1 (vlan )#exit A ccess _1#copy running-config startup-config

chapter 1 network design

Documents