About the Author

Priscilla Oppenheimer has been developing data communications and networking systems since 1980 when she earned her master's degree in information science from the University of Michigan. After many years as a software developer, she became a technical instructor and training developer and taught more than 2000 network engineers from most of the Fortune 500 companies. Her employment at such companies as Apple Computer, Network General, and Cisco Systems gave her a chance to troubleshoot...

Administering Addresses by a Central Authority

A corporate Information Systems (IS) or enterprise networking department should develop a global model for network layer addressing. As the network designer, you should help the IS department develop the model. The model should identify network numbers for the core of the enterprise network, and blocks of subnets for the distribution and access layers. Depending on the organizational structure of the enterprise, network managers within each region or branch office can further divide the...

Affordability

The final technical goal this chapter covers is affordability. Affordability is sometimes called cost-effectiveness. Most customers have a goal for affordability, although sometimes other goals such as performance and availability are more important. Affordability is partly a business goal, and, in fact, was discussed in Chapter 1. It is covered again in this chapter because of the technical issues involved. For a network design to be affordable, it should carry the maximum amount of traffic...

Aggregatable Global Addresses

Aggregatable global unicast addresses are equivalent to public registered addresses in IPv4. These addresses are designed to support the type of provider-based aggregation currently used on the Internet and a new, geographic type of aggregation based on exchange points. (The latter is experimental, and provider-based aggregation may remain the norm.) The structure of aggregatable global unicast addresses enables aggregation of routing prefixes so that the number of routing table entries in the...

Agilents Router Tester

Agilent's RouterTester is a powerful and flexible test system for generating traffic streams and testing network design and routing scalability. The RouterTester system can generate IPv4 and IPv6 routing, signaling, multicast, and tunneling protocol traffic over a wide range of Packet over SONET (POS), ATM, and Ethernet interfaces. It has the capability of handling up to 2000 individual streams per port. It also includes tools for sending realistic traffic streams, building large test...

Analysis of the New Order Entry System

In an attempt to estimate the consequences of adding ten users in Building 4, who will use the new Oracle order-entry system to access a database in Building 1, packet traces were collected during normal work hours for one Oracle user. From the captured data, it can be estimated that a typical order entry creates approximately 2 MB of data traffic, broken down as follows About 220 KB of TCP IP traffic between the user and the Oracle database server in Building 1 on the FDDI backbone. About 1.7...

Analyzing Business Goals

Understanding your customer's business goals and constraints is a critical aspect of network design. Armed with a thorough analysis of your customer's business objectives, you can propose a network design that will meet with your customer's approval. It is tempting to overlook the step of analyzing business goals, because analyzing such technical goals as capacity, performance, security, and so on is more interesting to many network engineers. Analyzing technical goals is covered in the next...

Analyzing Network Accuracy

Chapter 2 talked about specifying network accuracy as a bit error rate (BER). You can use a BER tester (also called a BERT) on serial lines to test the number of damaged bits compared to total bits. As discussed in the Checking the Status of Major Routers, Switches, and Firewalls section later in this chapter, you can also use Cisco show commands to gain an understanding of errors on a serial interface, which is a more common practice on modern networks than using a BERT. With packet-switched...

Analyzing Network Availability

To document availability characteristics of the existing network, gather any statistics that the customer has on the mean time between failure (MTBF) and mean time to repair (MTTR) for the internetwork as a whole as well as major network segments. Compare these statistics with information you have gathered on MTBF and MTTR goals, as discussed in Chapter 2. Does the customer expect your new design to increase MTBF and decrease MTTR Are the customer's goals realistic considering the current state...

Analyzing Network Utilization

Network utilization is a measurement of how much bandwidth is in use during a specific time interval. Utilization is commonly specified as a percentage of capacity. If a network-monitoring tool says that network utilization on a Fast Ethernet segment is 70 percent, for example, this means that 70 percent of the 100-Mbps capacity is in use, averaged over a specified timeframe or window. Different tools use different averaging windows for computing network utilization. Some tools let the user...

Analyzing Security Risks

In addition to identifying assets, an important step in security planning is analyzing potential threats and gaining an understanding of their likelihood and severity. Risk management and the consequent building of a security policy and secure network design is a continuous process, as risks change in their severity and probability on a regular basis. For example, a company's encryption algorithm and the length of the encryption key may need to be reconsidered if a relatively inexpensive and...

Apple Talk Dynamic Addressing

AppleTalk was the first network protocol to support dynamic addressing. AppleTalk's dynamic addressing inspired IP dynamic addressing, so learning a bit about AppleTalk addressing will help you understand modern schemes for dynamic IP addressing. An AppleTalk network layer station address consists of a 16-bit network number and an 8-bit node ID. The address is written as network.node for example, 2210.15 means station 15 on network 2210. When an AppleTalk station boots, it dynamically chooses...

Apple Talk Workstationto Router Communication

An AppleTalk workstation remembers the address of the router that sent the most recent RTMP packet. Although the workstation does not participate in the routing protocol process, it does hear RTMP broadc packets and copy into memory the address of the router that sent the broadcast. As long as there is at least one router on the workstation's network, the workstation can reach remote devices. If there are multiple routers on a workstation's network, the workstation very quickly learns a new way...

Application Layer Throughput

Most end users are concerned about the throughput for applications. Marketing materials from some networking vendors refer to application layer throughput as goodput. Calling it goodput sheds light on the fact that it is a measurement of good and relevant application layer data transmitted per unit of time. It is possible to improve throughput such that more data per second is transmitted, but not increase goodput, because the extra data transmitted is overhead or retransmissions. It is also...

ATM Quality of Service Specifications

In their document Traffic Management Specification Version 4.1, the ATM Forum does an excellent job of categorizing the types of service that a network can offer to support different sorts of applications. Even if your customer has no plans to use Asynchronous Transfer Mode (ATM) technology, the ATM Forum terminology is still helpful because it identifies the parameters that different sorts of applications must specify to request a certain type of network service. These parameters include delay...

ATM Wide Area Networks

Chapter 10, Selecting Technologies and Devices for Campus Networks, discussed using ATM in a campus network. This chapter discusses using ATM as the core of a WAN enterprise network. Despite the complexity of ATM, ATM is a good choice for WAN backbone networks for customers with accelerating bandwidth requirements and applications with advanced QoS requirements. ATM supports very high bandwidth requirements. When used on copper cabling, ATM can run at T3 or above speeds. When used on...

Background Information for the WAN Design Project

Klamath Paper Products, Inc., manufactures paper and packaging products, including office paper, newsprint, cartons, and corrugated boxes. They also manufacture wood pulp and chemicals used in the manufacturing of pulp and paper. Klamath Paper Products (which will be called Klamath from now on) has approximately 15 sites in the western United States. Headquarters are in Portland, Oregon. Klamath employs around 1500 people and has customers all over the world, with a large customer base in Asia....

Boot Time Traffic for Older Protocols

You may be thinking that there's no need to categorize boot-time traffic for older protocols. Be sure to check network traffic with a protocol analyzer before making a quick decision on this. Many universities, schools, governments, and nonprofit organizations still use older protocols. Also, some companies that have theoretically standardized on TCP IP are often surprised when a network engineer studies their network traffic. A lot of equipment that is supposedly running only TCP IP tends to...

Budgetary and Staffing Constraints

Your network design must fit the customer's budget. The budget should include allocations for equipment purchases, software licenses, maintenance and support agreements, testing, training, and staffing. The budget might also include consulting fees (including your fees) and outsourcing expenses. Throughout the project, work with your customer to identify requirements for new personnel, such as additional network managers. Point out the need for personnel training, which will affect the budget...

Building Cabling Topologies

Within a building, either a centralized or distributed architecture can be used, depending on the size of the building. For small buildings, a centralized scheme with all cables terminating in a communications room on one floor is possible, as shown on the left side of Figure 10-1. A centralized scheme offers good manageability but does not scale. For larger buildings, a distributed topology is more appropriate. Many LAN technologies make an assumption that workstations are no more than 100...

Business Goals

Business goals explain the role the network design will play in helping an organization provide better products and services to its customers. Executives who read the design document will be more likely to accept the network design if they recognize from the Business Goals section that the network designer understands the organization's business mission. Many network designers have a hard time writing the Business Goals section because they are more interested in technical goals. However, it is...

Business Goals Checklist

You can use the following checklist to determine if you have addressed your client's business-oriented objectives and concerns. If you can't gather every piece of data mentioned in the checklist, make sure you document what is missing in case it becomes critical, but don't stall the project to gather every last detail. This book teaches an ideal network design methodology that you should try to follow, but if real-world constraints, such as uncooperative network design customers, budget cuts,...

Cabling Topologies

In some environments, because of right-of-way issues or environmental obstructions such as creeks or swamps, it might not be practical to have multiple cable conduits on the campus, as shown in the topology in the bottom part of Figure 10-2. In this case, you can recommend a wireless technology (for example, a laser, microwave, or 802.11 bridged link between Buildings A and D). One disadvantage of a distributed scheme is that management can be more difficult than with a centralized scheme....

Calculating Theoretical Traffic Load

As described in Chapter 2, traffic load (sometimes called offered load) is the sum of all the data network nodes have ready to send at a particular time. A general goal for most network designs is that the network capacity should be more than adequate to handle the traffic load. The challenge is to determine if the capacity proposed for a new network design is sufficient to handle the potential load. In his book Local and Metropolitan Area Networks, William Stallings provides some...

Campus ATM Networks

ATM can be used in WAN and campus networks. This chapter discusses ATM campus networks Chapter 11 discusses ATM WAN networks. In a campus network, a designer can select ATM as a backbone technology for connecting LANs. The designer also has the option of recommending that workstations be equipped with ATM NICs and protocol stacks. In the mid-1990s some networking experts thought ATM would replace many LAN installations because of its scalability and support for QoS requirements. As Ethernet has...

Campus Cabling Topologies

The cabling that connects buildings is exposed to more physical hazards than the cabling within buildings. A construction worker might dig a trench between buildings and inadvertently cut cables. Flooding, ice storms, earthquakes and other natural disasters can also cause problems, as can manmade disasters such as terrorist attacks. In addition, cables might cross properties outside the control of the organization, making it hard to troubleshoot and fix problems. For these reasons, cables and...

Caveats with Private Addressing

Although the benefits of private addressing outweigh the disadvantages, it is important to be aware of the drawbacks. One drawback is that outsourcing network management is difficult. When a company delegates network management responsibility to an outside company, the outside company typically sets up network consoles at its own site that communicate with internetworking devices inside the client's network. With private addressing, however, the consoles cannot reach the client's devices,...

Challenges Associated with Cable Modem Systems

A challenge with implementing a remote-access solution based on cable modems is that the CATV infrastructure was designed for broadcasting TV signals in just one direction from the cable TV company to a person's home. Data transmission, however, is bidirectional. Data travels from the provider to the home (or small office) and from the home to the provider. Because of the design of CATV networks, most cable-network services offer much more bandwidth for downstream traffic (from the service...

Analyzing Business Goals and Constraints

This chapter serves as an introduction to the rest of the book by describing top-down network design. The first section explains how to use a systematic, top-down process when designing computer networks for your customers. Depending on your job, your customers might be other departments within your company, those to whom you are trying to sell products, or clients of your consulting business. After describing the methodology, this chapter focuses on the first step in top-down network design...

Selecting Technologies and Devices for Enterprise Networks

This chapter presents technologies for the remote-access and wide-area network (WAN) components of an enterprise network design. The chapter discusses physical and data link layer protocols and enterprise network devices, such as remote-access servers, routers, and virtual private network (VPN) concentrators. The chapter begins with a discussion of the following remote-access technologies The Point-to-Point Protocol (PPP) Integrated Services Digital Network (ISDN) Digital Subscriber Line (DSL)...

Testing Your Network Design

Part IV, Testing, Optimizing, and Documenting Your Network Design, of Top-Down Network Design covers the final steps in network design testing, optimizing, and documenting your design. This chapter discusses testing your design, which is a critical step in a systems-analysis approach to network design. Testing will help you prove to yourself and your network design customer that your solution meets business and technical goals. This chapter covers using industry tests to predict the performance...

Documenting Your Network Design

This chapter starts by providing advice on responding to a customer's request for proposal (RFP), and concludes with information on writing a design document when no RFP exists. The section Contents of a Network Design Document provides an outline of a typical design document, and specifies the topics that should be included in each part of the document. The section serves as a summary for Top-Down Network Design because it references each of the major steps of the top-down design methodology...

Analyzing Technical Goals and Tradeoffs

This chapter provides techniques for analyzing a customer's technical goals for a new network design or network upgrade. Analyzing your customer's technical goals can help you confidently recommend technologies that will perform to your customer's expectations. Typical technical goals include scalability, availability, network performance, security, manageability, usability, adaptability, and affordability. Of course, there are tradeoffs associated with these goals. For example, meeting strict...

Designing a Network Topology

In this chapter, you will learn techniques for developing a network topology. A topology is a map of an internetwork that indicates network segments, interconnection points, and user communities. Although geographical sites can appear on the map, the purpose of the map is to show the geometry of the network, not the physical geography or technical implementation. The map is a high-level blueprint of the network, analogous to an architectural drawing that shows the location and size of rooms for...

Designing Models for Addressing and Naming

This chapter provides guidelines for assigning addresses and names to internetwork components, including networks, subnets, routers, servers, and end systems. The chapter focuses on Internet Protocol (IP) addressing and naming. To benefit most from this chapter, you should already have a basic understanding of IP addressing. This chapter illustrates the importance of using a structured model for network layer addressing and naming. Without structure, it is easy to run out of addresses, waste...

Selecting Switching and Routing Protocols

The goal of this chapter is to help you select the right switching and routing protocols for your network design customer. The selections you make will depend on your customer's business and technical goals. To help you select the right protocols for your customer, the chapter covers the following attributes of switching and routing protocols Network traffic characteristics Bandwidth, memory, and CPU usage The approximate number of peer routers or switches supported The capability to quickly...

Developing Network Security Strategies

Developing security strategies that can protect all parts of a complicated network while having a limited effect on ease of use and performance is one of the most important and difficult tasks related to network design. Security design is challenged by the complexity and porous nature of modern networks that include public servers for electronic commerce, extranet connections for business partners, and remoteaccess services for users reaching the network from home, customer sites, hotel rooms,...

Developing Network Management Strategies

This chapter concludes the discussion of logical network design. Network management is one of the most important aspects of logical network design. Management is often overlooked during the design of a network because it is considered an operational issue rather than a design issue. However, if you consider management in the beginning, you can avoid scalability and performance problems that occur when management is added to a design after the design is complete. A good network management design...

Characterizing Network Addressing and Naming

Characterizing the logical infrastructure of a network involves documenting any strategies your customer has for network addressing and naming. Addressing and naming are discussed in greater detail in Part II of this book, Logical Network Design. When drawing detailed network maps, include the names of major sites, routers, network segments, and servers. Also document any standard strategies your customer uses for naming network elements. For example, some customers name sites using airport...

Checking a Site for a Wireless Installation

A common goal for modern campus network designs is to install a wireless LAN (WLAN) based on IEEE 802.11 standards. An important aspect of inspecting the architectural and environmental constraints of a site is determining the feasibility of using wireless transmission. The term wireless site survey is often used to describe the process of analyzing a site to see if it will be appropriate for wireless In some ways, doing a wireless site survey is no different from checking an architecture for...

Checking the Health of the Existing Internetwork

Studying the performance of the existing internetwork gives you a baseline measurement from which to measure new network performance. Armed with measurements of the present internetwork, you can demonstrate to your customer how much better the new internetwork performs once your design is implemented. Many of the network-performance goals discussed in Chapter 2, Analyzing Technical Goals and Tradeoffs, are overall goals for an internetwork. Because the performance of existing network segments...

Choosing Between Distance Vector and Link State Protocols

According to Cisco design documents, you can use the following guidelines to help you decide which typ Choose distance-vector protocols when The network uses a simple, flat topology and does not require a hierarchical design. The network uses a simple hub-and-spoke topology. The administrators do not have enough knowledge to operate and troubleshoot link-state protoc Worst-case convergence times in the network are not a concern. The network design is hierarchical, which is usually the case for...

Cisco Discovery Protocol

As mentioned in Chapter 3, Characterizing the Existing Internetwork, CDP specifies a method for Cisco routers and switches to send configuration information to each other on a regular basis. Although some security experts recommend disabling CDP because a hacker could use the information to learn about a network's configuration and topology, many network managers leave CDP enabled because of its usefulness. CDP is enabled by default. With the show cdp neighbors detail command, you can display...

Cisco Net Flow Accounting

As mentioned in Chapter 3, Cisco IOS NetFlow technology is an integral part of Cisco IOS Software that collects and measures data as it enters router or switch interfaces. The information gathered enables a network manager to characterize utilization of network and application resources. It can also be used to design quality of service (QoS) support. A network flow is defined as a unidirectional sequence of packets between a source and destination endpoint. A flow endpoint is identified both by...

Cisco Works Internetwork Performance Monitor

Chapter 3 mentioned the CiscoWorks Internetwork Performance Monitor (IPM), which is a network-management tool that locates bottlenecks, measures response time, and diagnoses latency problems. IPM is available as a component of the CiscoWorks Routed WAN Management Solution. Working with features of the Cisco IOS Software, IPM can identify the possible paths between two devices and display the performance for each of the hops in the paths. Software processes in the Cisco IOS Software that perform...

Class Based Weighted Fair Queuing

CBWFQ combines the best elements of priority, custom, and weighted-fair queuing. CBWFQ results in a more complex configuration than the other queuing methods, but the complexity adds flexibility not found in the other methods. CBWFQ lets you define traffic classes based on match criteria such as protocols, access control lists, and input interfaces. Packets satisfying the criteria for a class constitute the traffic for that class. A FIFO queue is reserved for each class, and traffic belonging...

Classic Methods for Layer 3 Packet Switching

Process switching is the slowest of the switching methods. With process switching, when an interface processor receives an incoming packet, it transfers the packet to input output memory on the router. The interface processor also generates a receive interrupt of the central processor. The central processor determines the type of packet and places it in the appropriate input queue. For example, if it is an IP packet, the central processor places the packet in the ip_input queue. The next time...

Classless Routing Versus Classful Routing

As shown in Figure 6-1, an IP address contains a prefix part and a host part. Routers use the prefix to determine the path for a destination address that is not local. Routers use the host part to reach local hosts. Figure 6-1. The Two Parts of an IP Address Figure 6-1. The Two Parts of an IP Address A prefix identifies a block of host numbers and is used for routing to that block. Traditional routing, also known as classful routing, does not transmit any information about the prefix length....

Committed Access Rate

Cisco also supports a feature called committed access rate (CAR) that allows you to classify and police traffic on an incoming interface. CAR supports specifying policies regarding how traffic that exceeds a certain bandwidth allocation should be handled. CAR looks at traffic received on an interface (or a subset of that traffic selected by an access control list), compares its rate to a configured maximum, and then takes action based on the result. For example, it can drop a packet or change...

Compressed Real Time Protocol

The Real Time Protocol (RTP), which is defined in RFC 1889, provides end-to-end network transport functions suitable for transmitting real-time data over multicast or unicast network services. Applications typically run RTP on top of the User Datagram Protocol (UDP) to make use of UDP's multiplexing and checksum services. Working together with UDP, RTP implements Layer 4 (transport) functionality. (UDP is not required. RTP can be used with other suitable underlying network or transport...

Controlled Load Service

Controlled-load service is defined in RFC 2211 and provides a client data flow with a QoS closely approximating the QoS that same flow would receive on an unloaded network. Admission control is applied to requests to ensure that the requested service is received even when the network is overloaded. The controlled-load service is intended for applications that are highly sensitive to overloaded conditions, such as real-time applications. These applications work well on unloaded networks, but...

Corporate and Government Sales

Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales 1-800-382-3419 corpsales pearsontechgroup.com For sales outside of the U.S. please contact international pearsoned.com At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the...

Current State of the Network

This section briefly describes the structure and performance of the existing network. It should include a high-level network map that identifies the location of major internetworking devices, data processing and storage systems, and network segments. The high-level map should document the names and addresses of major devices and segments and indicate the types and lengths of principal network segments. For very large internetworks, two or three high-level maps might be necessary. Detailed maps,...

Data Encryption

Encryption is a process that scrambles data to protect it from being read by anyone but the intended receiver. An encryption device encrypts data before placing it on a network. A decryption device decrypts the data before passing it to an application. A router, server, end system, or dedicated device can act as an encryption or decryption device. Data that is encrypted is called ciphered data (or simply encrypted data). Data that is not encrypted is called plain text or clear text. Encryption...

Data Stores Servers

Table 10-8 shows the major data stores (servers) that have been identified at WVCC. Used by User Community (or Communities) Mac users in the Computing Center and in Arts and Humanities building All users except visitors (who use their own servers) College management system Novell server

Delay and Delay Variation

Users of interactive applications expect minimal delay in receiving feedback from the network. In addition, users of multimedia applications require a minimal variation in the amount of delay that packets experience. Delay must be constant for voice and video applications. Variations in delay, called jitter, cause disruptions in voice quality and jumpiness in video streams. Older applications, such as SNA-based applications, are also sensitive to delay. In traditional SNA environments, delay...

Delay Characteristics for the New Order Entry System

In addition to understanding the extra load that the Oracle system will put on the network, Umqua was also interested in understanding the end-to-end delay characteristics of the application. Using NetPredictor, the delay when transmitting 5000 bytes (40 Kbits) from Building 4 to Building 1 was predicted. Figure 12-6 shows results produced by NetPredictor for the transmission of 5000 bytes, including the time needed for the file server to respond and the travel time for the associated...

Denialof Service Attacks

Denial-of-service (DoS) attacks target the availability of a network, host, or application, making it impossible for legitimate users to gain access. DoS attacks are a major risk because they can easily interrupt business processes and they are relatively simple to conduct, even by an unskilled attacker. DoS attacks include the flooding of public servers with enormous numbers of connection requests, rendering the server unresponsive to legitimate users, and the flooding of network connections...

Dense Mode Protocol Independent Multicast

Dense-mode PIM is similar to an older dense-mode protocol, the Distance-Vector Multicast Routing Protocol (DVMRP), which is described in RFC 1075 and is a derivative of RIP. Both protocols use a reverse-path forwarding (RPF) mechanism to compute the shortest (reverse) path between a source and all possible recipients of a packet. Dense-mode PIM is simpler than DVMRP, however, because it does not require the computation of routing tables. If a router running dense-mode PIM receives a multicast...

Design Document Appendix

Most design documents include one or more appendixes that present supplemental information about the design and implementation. Supplemental information can include detailed topology maps, device configurations, network addressing and naming details, and comprehensive results from the testing of the network design. You can also include business information such as a list of contacts at the customer's site and in your organization, including e-mail addresses, phone numbers, beeper numbers, and...

Design Requirements

Whereas the Project Goal section is generally very short, the Design Requirements section is your opportunity to list all the major business and technical requirements for the network design. The Design Requirements section should list the goals in priority order. Critical goals should be marked as such. To review some examples of design requirements, see the case studies in Chapter 10, Selecting Technology and Devices for Campus Networks, Chapter 11, Selecting Technologies and Devices for...

Designing the Enterprise Edge Topology

Depending on a customer's goals for availability, performance, and affordability, enterprise edge network design should feature redundant WAN segments in the intranet, and multiple paths to extranets and the Internet. VPNs can also be used to connect private enterprise sites via a service provider's public WAN or the Internet. This section covers enterprise edge topologies that include redundant WAN segments, multihomed connections to the Internet, and VPNs. The section also includes a few...

Determining the Scope of a Prototype System

Based on a clear understanding of your customer's goals, you should determine how much of the network system you must implement to convince your customer that the design will meet requirements. Because it is generally not practical to implement a complete, full-scale system, you should isolate which aspects of a network design are most important to your customer. Your prototype should verify important capabilities and functions that might not perform adequately. Risky functions can include...

Determining the Types of Tests to

In general, tests should include performance, stress, and failure analyses. Performance analysis should examine the level of service that the system offers in terms of throughput, delay, delay variation, response time, and efficiency. Stress analysis should examine any degradation of service due to increased offered load on the network. Failure analysis should calculate network availability and accuracy, and analyze the causes of any network outages. Depending on a customer's business and...

Developing a Modular Block Diagram

In addition to developing a set of detailed maps, it is often helpful to draw a simplified block diagram of the network, or parts of the network. The diagram can depict the major functions of the network, in a modular fashion. Figure 3-2 shows a block, modularized network topology map that is based on the Cisco Enterprise Composite Network Model. The model is part of Cisco's Secure Architecture for Enterprises (SAFE). Figure 3-2. Modularized Network Topology Example Figure 3-2. Modularized...

Developing a Network

Learning the location of major hosts, interconnection devices, and network segments is a good way to start developing an understanding of traffic flow. Coupled with data on the performance characteristics of network segments, location information gives you insight into where users are concentrated and the level of traffic a network design must support. At this point in the network design process, your goal is to obtain a map (or set of maps) of the already-implemented network. Some design...

Developing a Security Policy

According to RFC 2196, The Site Security Handbook A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide. A security policy informs users, managers, and technical staff of their obligations for protecting technology and information assets. The policy should specify the mechanisms by which these obligations can be met. As was the case with the security plan, the security policy should have buy-in...

Digital Subscriber Line Remote Access

Another technology for remote access is Digital Subscriber Line (DSL). Telephone companies offer DSL for high-speed data traffic over ordinary telephone wires. With DSL, a home office or small office can connect a DSL modem (or DSL router with a built-in modem) to a phone line and use this connection to reach a central-site intranet and or the Internet. DSL is similar to ISDN in that it is a technology that operates over existing telephone lines between a telephone switching station and a home...

Discontiguous Subnets

As mentioned earlier, classful routing protocols automatically summarize subnets. One side-effect of this is that discontiguous subnets are not supported. Subnets must be next to each other that is, contiguous. Figure 6-3 shows an enterprise network with discontiguous subnets. Figure 6-3. A Network with Discontiguous Subnets With a classful routing protocol such as RIP version 1 or IGRP, Router A in Figure 6-3 advertises that it can get to network 10.0.0.0. Router B ignores this advertisement,...

Distributing Authority for Addressing

One of the first steps in developing an addressing and naming model is to determine who will implement the model. Which network administrators will actually assign addresses and configure devices If addressing and configuration will be carried out by inexperienced network administrators, you should keep the model simple. If there is a shortage of network administrators, (which there is in many organizations), then simplicity is important as well as minimizing the amount of configuration...

Distributing Authority for Naming

During the early stages of designing a naming model, consider who will actually assign names by asking the following questions Will the name space be completely controlled by a centralized authority, or will the naming of some devices be carried out by decentralized agents Will a corporate IS department name devices at regional and branch offices, or can departmental administrators implement naming at those sites Will users be allowed to name their own systems, or are all names assigned by...

Documenting Application Usage Patterns

The first step in documenting application-usage patterns is to identify user communities, the number of users in the communities, and the applications the users employ. This step, which was already covered earlier in this chapter, can help you identify the total number of users for each application. In addition to identifying the total number of users for each application, you should also document the following information The frequency of application sessions (number of sessions per day, week,...

Documenting Traffic Flow for New and Existing Network Applications

To document traffic flow for new (and existing) network applications, characterize the flow type for each application and list the user communities and data stores that are associated with applications. You can use Table 4-4 to enhance the Network Applications charts already discussed in Chapters 1 and 2. When filling out Table 4-4, use the same application names you used in the other charts. (The protocols, approximate bandwidth requirement, and QoS requirements columns are described later in...

Doing a Wireless Site Survey

A site survey confirms signal propagation, strength, and accuracy in different locations. Many wireless network interface cards (NICs) ship with utilities that enable you to measure signal strength. Cisco 802.11 NICs ship with the Cisco Aironet Client Utility (ACU), which is a graphical tool for configuring, monitoring, and managing the NIC and its wireless environment. A site survey can be as simple as walking around with a wireless notebook computer and using the utility to measure signal...

Dynamic DNS Names

With many DHCP implementations, when a host requests an IP address from a DHCP server, the host also receives a dynamic host name, something like pc23.dynamic.priscilla.com. A dynamic name is not appropriate for some applications. For example, web servers, FTP servers, and some Internet telephony applications rely on static host names. To reach a web server, a user types in a Universal Resource Locator (URL) that is based on the server's domain name. If the name changes dynamically, it becomes...

Efficiency

Efficiency is a term borrowed from engineering and scientific fields. It is a measurement of how effective an operation is in comparison to the cost in effort, energy, time, or money. Efficiency specifies how much overhead is required to produce a required outcome. For example, you could measure the efficiency of a method for boiling water. Does most of the energy go to actually boiling the water or does a lot of the energy get wasted heating the electrical wiring, the pot the water is in, and...

Error Recovery Mechanisms

Poorly designed error-recovery mechanisms can waste bandwidth. For example, if a protocol retransmits data very quickly without waiting a long enough time to receive an acknowledgment, this can cause performance degradation for the rest of the network due to the bandwidth used. Acknowledgments at Layer 2 waste bandwidth as seen earlier in the Protocol Interaction section. Connectionless protocols usually do not implement error recovery. Most data link layer and network layer protocols are...

Estimating Network Traffic Caused by Network Management

After you have determined which management protocols will be used, you can estimate the amount of traffic caused by network management. Probably the main management protocol will be SNMP, although other options exist, such as CDP, pings, IP traceroute, and so on. After selecting management protocols, you should determine which network and device characteristics will be managed. The goal is to determine what data an NMS will request from managed devices. This data could consist of reachability...

Estimating Traffic Overhead for Various Protocols

The previous section talked about characterizing application traffic load by looking at the size of data objects that applications transfer across networks. To completely characterize application behavior, you should investigate which protocols an application uses. Once you know the protocols, you can calculate traffic load more precisely by adding the size of protocol headers to the size of data objects. Table 4-6 shows some typical protocol header sizes. Table 4-6. Traffic Overhead for...

Figure 104 Ether Channel Redundancy

The EtherChannel connection consists of four Fast Ethernet links. Two fiber runs on the east side of the building provide 400 Mbps, and two fiber runs on the west side of the building provide the remaining 400 Mbps. In this example, in the event of a fiber cut on one side of the building, the remaining side will pick up the traffic in less than 1 second and wiring closet clients will probably not even notice the change.

Figure 105 The Wandering Valley Community Colleges Current Campus Backbone Network

The campus network design has the following features The network uses switched Ethernet. A high-end switch in each building is redundantly connected to two high-end switches in the Computing Center. Figure 10-5 shows these switches. Within each building, a 24- or 48-port Ethernet switch on each floor connects end-user systems. Figure 10-6 shows the building network architecture.

Figure 106 The Building Network Design for WVCC

The switches run the IEEE 802.1D Spanning Tree Protocol. The switches support SNMP and RMON. A Windows-based network management software package monitors the switches. The software runs on a server in the server farm module of the network design. All devices are part of the same broadcast domain. All devices (except two public servers) are part of the 192.168.1.0 subnet using a subnet mask of 255.255.255.0. Addressing for end-user PCs and Macintoshes is accomplished with DHCP. A Windows server...

Figure 91 A Network Management Architecture

A network management architecture consists of managed devices, agents, and NMSs arranged in a topology that fits into the internetwork topology. The tasks for designing a network management architecture parallel the tasks for designing an internetwork. Traffic flow and load between NMSs and managed devices should be considered. A decision should be made regarding whether management traffic flows in-band (with other network traffic) or out-of-band (outside normal traffic flow). A redundant...

First In First Out Queuing

FIFO queuing provides basic store-and-forward functionality. It involves storing packets when the network is congested and forwarding them in the order they arrived when the network is no longer congested. FIFO has the advantage that it is the default queuing algorithm in some instances, so requires no configuration. FIFO has the disadvantage that it makes no decision about packet priority. The order of arrival determines the order a packet is processed and output. With FIFO queuing, if there...

Flat LAN Topologies

In the early and mid-1990s, a typical design for a LAN was PCs and servers attached to one or more hubs in a flat topology. The PCs and servers implemented a media- access control process, such as token passing or carrier sense multiple access with collision detection (CSMA CD) to control access to the shared bandwidth. The devices were all part of the same bandwidth domain and had the ability to negatively affect delay and throughput for other devices. These days, network designers usually...

Flat Versus Hierarchical Topologies

A flat network topology is adequate for very small networks. With a flat network design, there is no hierarchy. Each internetworking device has essentially the same job, and the network is not divided into layers or modules. A flat network topology is easy to design and implement, and it is easy to maintain, as long as the network stays small. When the network grows, however, a flat network is undesirable. The lack of hierarchy makes troubleshooting difficult. Rather than being able to...

Flat WAN Topologies

A wide-area network (WAN) for a small company can consist of a few sites connected in a loop. Each site has a WAN router that connects to two other adjacent sites via point-to-point links, as shown at the top of Figure 5-2. As long as the WAN is small (a few sites), routing protocols can converge quickly, and communication with any other site can recover when a link fails. (As long as only one link fails, communication recovers. When more than one link fails, some sites are isolated from...

Frame Relay Traffic Control

When you subscribe to a Frame Relay service with a provider, you establish an access rate and order the appropriate line service and interface for the router to support this access rate. The access rate is the maximum number of bits per second that a DTE, such as a router, can transmit into the Frame Relay network. In addition, many service providers let you specify other parameters related to bandwidth usage, including a committed information rate (CIR), a committed burst size (Bc), and an...

Frame RelayATM Interworking

As ATM gains popularity, WANs that use both ATM and Frame Relay technologies are becoming more common. The term Frame Relay ATM interworking is used to describe the protocols and processes for connecting ATM and Frame Relay WANs. Interworking can be implemented in two different ways, depending on the goals of the network design Network interworking. Two or more Frame Relay networks are connected via an ATM core network. This is a common topology used by service providers who use ATM for their...

Fundamental VLAN Designs

To understand VLANs, it helps to think about real (nonvirtual) LANs first. Imagine two switches that are connected to each other in any way. Switch A connects stations in Network A and Switch B connects stations in Network B, as shown in Figure 5-8. Figure 5-8. Two Switches with Stations Attached Figure 5-8. Two Switches with Stations Attached When Station A1 in Figure 5-8 sends a broadcast, Station A2 and Station A3 receive the broadcast, but none of the stations in Network B receive the...

Future Enhancements for the WVCC Campus Network

The work of an IT department is never finished. The network administrators and student assistants have many plans for the next network upgrade. Their main concern at this point is availability. Although the hierarchical mesh network does have some redundancy, there are many single points of failure. Availability of applications can be adversely affected by any one of these points failing. It is left to the reader to design some solutions to this problem.

Gbps Ethernet

One of the reasons that Ethernet is such a good choice for campus network designs is that it continues to grow with increasing bandwidth demands. In 2002, the IEEE standardized 10-Gbps Ethernet in the 802.3ae specification. 10-Gbps Ethernet differs in some important ways from the other Ethernet implementations, but it is also remarkable how similar it is to the other implementations. The frame format and other Layer 2 specifications remain the same which means that applications that use...

Guidelines for Assigning Network Layer Addresses

Network layer addresses should be planned, managed, and documented. Although an end system can learn its address dynamically, no mechanisms exist for assigning network or subnet numbers dynamically. These numbers must be planned and administered. Many vintage networks still exist where addressing was not planned or documented. These networks are hard to troubleshoot and do not scale. The following list provides some simple rules for network layer addressing that will help you architect...

Guidelines for Hierarchical Network Design

This section briefly describes some guidelines for hierarchical network design. Following these simple guidelines will help you design networks that take advantage of the benefits of hierarchical design. The first guideline is that you should control the diameter of a hierarchical enterprise network topology. In most cases, three major layers are sufficient (as shown in Figure 5-4) Controlling the network diameter provides low and predictable latency. It also helps you predict routing paths,...

Hierarchical Network Design

To meet a customer's business and technical goals for a corporate network design, you might need to recommend a network topology consisting of many interrelated components. This task is made easier if you can divide and conquer the job and develop the design in layers. Network design experts have developed the hierarchical network design model to help you develop a topology in discrete layers. Each layer can be focused on specific functions, allowing you to choose the right systems and features...

Hierarchical Versus Nonhierarchical Routing Protocols

Some routing protocols do not support hierarchy. All routers have the same tasks, and every router is c Routing protocols that support hierarchy, on the other hand, assign different tasks to routers, and grou systems, or domains. In a hierarchical arrangement, some routers communicate with local routers in th have the job of connecting areas, domains, or autonomous systems. A router that connects an area to for its local area. Summarization enhances stability because routers are shielded from...

Hot Standby Router Protocol

The Cisco Hot Standby Router Protocol (HSRP) provides a way for an IP workstation to keep communis on an internetwork even if its default gateway becomes unavailable. In RFC 2338, the IETF standardize similar protocol called the Virtual Router Redundancy Protocol (VRRP). Routers in the core, distribution, access layer can run HSRP or VRRP. The campus design shown in Figure 5-11 features HSRP at the cor< layer. HSRP works by creating a virtual router, also called a phantom router, as shown in...

How Can You Tell When You Have a Good Design

Here are some wise answers from Peter Welcher that are based on the tenets of hierarchical, modular network design When you already know how to add a new building, floor, WAN link, remote site, e-commerce service, and so on When new additions cause only local change, to the directly connected devices When your network can double or triple in size without major design changes When troubleshooting is easy because there are no complex protocol interactions to wrap your brain around When...

Hubandspoke topology

A topology that consists of one central network and a set of remote networks each with one connection to the central network and no direct connections to each other. Traffic between remote networks goes through the hub network. Internet Assigned Numbers Authority. Organization operated under the auspices of the ISOC that delegates authority for IP address-space allocation, domain-name assignment, and autonomous system number assignment. IANA also maintains a database of assigned protocol...

IETF Differentiated Services Working Group Quality of Service Specifications

The IETF also has a Differentiated Services working group that works on QoS-related specifications. RFC 2475, An Architecture for Differentiated Services, defines an architecture for implementing scalable service differentiation in an internetwork or the Internet. As Chapter 13, Optimizing Your Network Design, covers in more detail, IP packets can be marked with a differentiated services codepoint (DSCP) to influence queuing and packet-dropping decisions for IP datagrams on an output interface...