Contents

Foreword xxvi Introduction xxvii

Chapter 1 Network Fundamentals Review 3

Introduction to Networks 3 Protocols and the OSI Model 4 The OSI Model 5 Protocols 6 The OSI Layers 6

Physical Layer—Layer 1 7 Data Link Layer—Layer 2 7 Network Layer—Layer 3 7 Transport Layer—Layer 4 8 Upper Layers—Layers 5 Through 7 9 Communication Among OSI Layers 9 LANs and WANs 11 Network Devices 13

Terminology: Domains, Bandwidth, Unicast, Broadcast, and Multicast 13 Hubs 14 Switches 14 Routers 16 Introduction to the TCP/IP Suite 17

TCP/IP Transport Layer Protocols 18 Port Numbers 20

TCP Sequencing, Acknowledgment, and Windowing 21 TCP/IP Internet Layer Protocols 24 Protocols 25 IP Datagrams 25 TCP/IP-Related Data Link Layer Protocol 27 Routing 27

Routers Work at the Lower Three OSI Layers 28 Routing Tables 29 Routing Protocols 31 Addressing 31

Physical Addresses 31

Logical Addresses 32

Routing and Network Layer Addresses 33

IP Addresses 34

IP Address Classes 34

Private and Public IP Addresses 35

Subnets 36

Switching Types 38 Layer 2 Switching 38 Layer 3 Switching 41 Spanning Tree Protocol 42

Redundancy in Layer 2 Switched Networks 42 STP Terminology and Operation 43 STP Terminology 43 STP States 45 Rapid STP 47 Virtual LANs 47

VLAN Membership 48 Trunks 49 STP and VLANs 49 Inter-VLAN Routing 51 Comprehensive Example 52 Summary 55

Chapter 2 Applying a Methodology to Network Design 57

The Cisco Service Oriented Network Architecture 57 Business Drivers for a New Network Architecture 57 Intelligence in the Network 58 Cisco SONA Framework 60 Network Design Methodology 64

Design as an Integral Part of the PPDIOO Methodology 64 Benefits of the Lifecycle Approach to Network Design 66 Design Methodology 67 Identifying Customer Requirements 69

Assessing the Scope of a Network Design Project 69 Identifying Required Information 70 Extracting Initial Requirements 70 Gathering Network Requirements 71 Planned Applications and Network Services 73 Organizational Goals 75 Organizational Constraints 78 Technical Goals 80 Technical Constraints 81 Characterizing the Existing Network and Sites 83 Customer Input 83

Sample Site Contact Information 84 Sample High-Level Network Diagram 86 Auditing or Assessing the Existing Network 87 Tools for Assessing the Network 89

Manual Information Collection Examples 90 Automatic Information Collection Examples 94

Analyzing Network Traffic and Applications 95 Tools for Analyzing Traffic 96 NBAR 97 NetFlow 98

Other Network Analysis Tools Examples 101 Network Health Checklist 102 Summary Report 103 Creating a Draft Design Document 104 Time Estimates for Performing Network Characterization 105 Using the Top-Down Approach to Network Design 107 The Top-Down Approach to Network Design 107 Top-Down Approach Compared to Bottom-Up Approach 108 Top-Down Design Example 108 Decision Tables in Network Design 110 Structured Design 112 Network Design Tools 114 Building a Prototype or Pilot Network 115 Documenting the Design 116 The Design Implementation Process 117 Planning a Design Implementation 117 Implementing and Verifying the Design 119 Monitoring and Redesigning the Network 119 Summary 120 References 120

Case Study: ACMC Hospital Network Upgrade 121 Case Study Scenario 121 Organizational Facts 121 Current Situation 122 Plans and Requirements 124 Case Study Questions 124 Review Questions 125

Chapter 3 Structuring and Modularizing the Network 129

Network Hierarchy 129

Hierarchical Network Model 129

Hierarchical Network Design Layers 129 Access Layer Functionality 131 The Role of the Access Layer 131

Layer 2 and Multilayer Switching in the Access Layer 132 Access Layer Example 133 Distribution Layer Functionality 134 The Role of the Distribution Layer 134 Distribution Layer Example 136

Core Layer Functionality 136 The Role of the Core Layer 137 Switching in the Core Layer 137 Hierarchical Routing in the WAN 139 Using a Modular Approach to Network Design 140 Evolution of Enterprise Networks 140 Cisco SONA Framework 141

Functional Areas of the Cisco Enterprise Architecture 141 Guidelines for Creating an Enterprise Network 145 Enterprise Campus Modules 146 Campus Infrastructure Module 148 Building Access Layer 148 Building Distribution Layer 148 Campus Core Layer 149 Server Farm Module 149 Enterprise Campus Guidelines 150 Enterprise Edge Modules 150 E-commerce Module 152 Internet Connectivity Module 152 Remote Access and VPN Module 153 WAN and MAN and Site-to-Site VPN Module 154 Enterprise Edge Guidelines 154 Service Provider Modules 155

Internet Service Provider Module 156 PSTN Module 156 Frame Relay/ATM Module 156 Remote Enterprise Modules 157 Enterprise Branch Module 157 Enterprise Data Center Module 158 Enterprise Teleworker Module 158 Services Within Modular Networks 159 Interactive Services 159

Security Services in a Modular Network Design 162 Internal Security 162 External Threats 166 High-Availability Services in a Modular Network Design 169 Designing High Availability into a Network 169 High Availability in the Server Farm 170 Designing Route Redundancy 173 Designing Link Redundancy 175 Voice Services in a Modular Network Design 177 Two Voice Implementations 177 IP Telephony Components 178 Modular Approach in Voice Network Design 179 Evaluating the Existing Data Infrastructure for Voice Design 181

Wireless Services in a Modular Network 1S1

Centralized WLAN Components 1S2 Application Networking Services in a Modular Network Design 1S3 ANS Examples 1S4 ANS Components 1S4 Network Management Protocols and Features 186 Network Management Architecture 1S6

Protocols and Standards 1S7 SNMP 1SS SNMPv1 1S9 SNMPv2 190 SNMPv3 191 MIB 192 MIB-II 194 Cisco MIB 195 MIB Polling Guidelines 195 MIB Example 196 RMON 197 RMON1 19S RMON1 Groups 19S RMON1 and RMON2 199 RMON2 Groups 200 Netflow 202

NetFlow Versus RMON Information Gathering 204 CDP 205

CDP Information 206 How CDP Works 206 Syslog Accounting 207

Syslog Distributed Architecture 210 Summary 211 References 212

Case Study: ACMC Hospital Modularity 212 Review Questions 215

Chapter 4 Designing Basic Campus and Data Center Networks 221

Campus Design Considerations 221

Designing an Enterprise Campus 221 Network Application Characteristics and Considerations 222 Peer-Peer Applications 222 Client-Local Server Applications 223 Client-Server Farm Applications 224 Client-Enterprise Edge Applications 226 Application Requirements 227 Environmental Characteristics and Considerations 22S Network Geography Considerations 22S Transmission Media Considerations 230

Infrastructure Device Characteristics and Considerations 235 Convergence Time 236

Multilayer Switching and Cisco Express Forwarding 237 IP Multicast 239

QoS Considerations in LAN Switches 241 Load Sharing in Layer 2 and Layer 3 Switches 244 Enterprise Campus Design 245

Enterprise Campus Requirements 246 Building Access Layer Design Considerations 246 Managing VLANs and STP 247 Managing Trunks Between Switches 251 Managing Default PAgP Settings 252 Implementing Routing in the Building Access Layer 252 Building Distribution Layer Design Considerations 253 Using First-Hop Redundancy Protocols 254

Deploying Layer 3 Routing Protocols Between Building Distribution and Campus Core Switches 255

Supporting VLANs That Span Multiple Building Access Layer Switches 257 Campus Core Design Considerations 257 Large Campus Design 259 Small and Medium Campus Design Options 260 Edge Distribution at the Campus Core 261 Server Placement 263

Servers Directly Attached to Building Access or Building Distribution Layer Switches 264 Servers Directly Attached to the Campus Core 264 Servers in a Server Farm Module 264 Server Farm Design Guidelines 266 Server Connectivity Options 267 The Effect of Applications on Switch Performance 267 Enterprise Data Center Design Considerations 268 The Enterprise Data Center 268

The Cisco Enterprise Data Center Architecture Framework 269 Enterprise Data Center Infrastructure 272 Data Center Access Layer 274 Data Center Aggregation Layer 274 Data Center Core Layer 275 Density and Scalability of Servers 276 Summary 276 References 277

Case Study: ACMC Hospital Network Campus Design 277 Case Study Additional Information 278 Case Study Questions 279 Review Questions 289

Chapter 5 Designing Remote Connectivity 293

Enterprise Edge WAN Technologies 293 Introduction to WANs 293 WAN Interconnections 294 Traditional WAN Technologies 295

Packet-Switched Network Topologies 296 WAN Transport Technologies 298 TDM (Leased Lines) 299 ISDN 300 Frame Relay 300 Asynchronous Transfer Mode 301 MPLS 301 Metro Ethernet 304 DSL Technologies 304 Cable Technology 308 Wireless Technologies 309

Synchronous Optical Network and Synchronous Digital Hierarchy 311 Dense Wavelength Division Multiplexing 313 Dark Fiber 314

WAN Transport Technology Pricing and Contract Considerations 314 WAN Design 316

Application Requirements of WAN Design 317 Response Time 318 Throughput 318 Packet Loss 318 Reliability 318 Technical Requirements: Maximum Offered Traffic 319 Technical Requirements: Bandwidth 320 Evaluating the Cost-Effectiveness of WAN Ownership 321 Optimizing Bandwidth in a WAN 322 Data Compression 322 Bandwidth Combination 324 Window Size 324

Queuing to Improve Link Utilization 325 Congestion Avoidance 329

Traffic Shaping and Policing to Rate-Limit Traffic Classes 330 Using WAN Technologies 332

Remote Access Network Design 332 VPN Design 333

VPN Applications 333 VPN Connectivity Options 334 Benefits of VPNs 337 WAN Backup Strategies 338 Dial Backup Routing 338 Permanent Secondary WAN Link 338 Shadow PVC 340

The Internet as a WAN Backup Technology 341 IP Routing Without Constraints 341 Layer 3 Tunneling with GRE and IPsec 341 Enterprise Edge WAN and MAN Architecture 343

Enterprise Edge WAN and MAN Considerations 344 Cisco Enterprise MAN and WAN Architecture Technologies 345 Selecting Enterprise Edge Components 348 Hardware Selection 348 Software Selection 348 Cisco IOS Software Packaging 348

Cisco IOS Packaging Technology Segmentation 351

Comparing the Functions of Cisco Router Platforms and Software Families 351 Comparing the Functions of Multilayer Switch Platforms and Software Families 352 Enterprise Branch and Teleworker Design 352 Enterprise Branch Architecture 353 Enterprise Branch Design 355 Small Branch Office Design 356 Medium Branch Office Design 359 Large Branch Office Design 360 Enterprise Teleworker (Branch of One) Design 362 Summary 364 References 365

Case Study: ACMC Hospital Network WAN Design 366 Case Study Additional Information 366 Business Factors 367 Technical Factors 367 Case Study Questions 368 Review Questions 372

Chapter 6 Designing IP Addressing in the Network 377

Designing an IP Addressing Plan 377

Private and Public IPv4 Addresses 377

Private Versus Public Address Selection Criteria 378 Interconnecting Private and Public Addresses 379

Guidelines for the Use of Private and Public Addresses in an Enterprise Network 380 Determining the Size of the Network 381 Determining the Network Topology 382 Size of Individual Locations 383 Planning the IP Addressing Hierarchy 384 Hierarchical Addressing 384 Route Summarization 384 IP Addressing Hierarchy Criteria 386 Benefits of Hierarchical Addressing 386 Summarization Groups 387 Impact of Poorly Designed IP Addressing 388

Benefits of Route Aggregation 389 Fixed- and Variable-Length Subnet Masks 390 Routing Protocol Considerations 391 Classful Routing Protocols 391 Classless Routing Protocols 393

Hierarchical IP Addressing and Summarization Plan Example 394 Methods of Assigning IP Addresses 395

Static Versus Dynamic IP Address Assignment Methods 396 When to Use Static or Dynamic Address Assignment 396 Guidelines for Assigning IP Addresses in the Enterprise Network 397 Using DHCP to Assign IP Addresses 398 Name Resolution 400

Static Versus Dynamic Name Resolution 400 When to Use Static or Dynamic Name Resolution 401 Using DNS for Name Resolution 401 DHCP and DNS Server Location in a Network 403 Introduction to IPv6 404 IPv6 Features 405 IPv6 Address Format 406 IPv6 Address Types 408

IPv6 Address Scope Types 408 Interface Identifiers in IPv6 Addresses 409 IPv6 Unicast Addresses 410 Global Aggregatable Unicast Addresses 411 Link-Local Unicast Addresses 411 IPv6 Address Assignment Strategies 412 Static IPv6 Address Assignment 412 Dynamic IPv6 Address Assignment 413 IPv6 Name Resolution 414

Static and Dynamic IPv6 Name Resolution 414 IPv4- and IPv6-Aware Applications and Name Resolution 414 IPv4-to-IPv6 Transition Strategies and Deployments 415 Differences Between IPv4 and IPv6 415 IPv4-to-IPv6 Transition 416 Dual-Stack Transition Mechanism 416 Tunneling Transition Mechanism 417 Translation Transition Mechanism 418 IPv6 Routing Protocols 419 RIPng 420 EIGRP for IPv6 420 OSPFv3 421

Integrated IS-IS Version 6 421 BGP4+ 422

Summary 422 References 423

Case Study: ACMC Hospital IP Addressing Design 423 Review Questions 426

Chapter 7 Selecting Routing Protocols for the Network 429

Routing Protocol Features 429

Static Versus Dynamic Routing 430 Static Routing 430 Dynamic Routing 431 Interior Versus Exterior Routing Protocols 432

IGP and EGP Example 432 Distance Vector Versus Link-State Versus Hybrid Protocols 433 Distance Vector Example 435 Link-State Example 436 Routing Protocol Metrics 438 What Is a Routing Metric? 438 Metrics Used by Routing Protocols 439 Routing Protocol Convergence 441 RIPv2 Convergence Example 442 Comparison of Routing Protocol Convergence 443 Flat Versus Hierarchical Routing Protocols 444 Flat Routing Protocols 444 Hierarchical Routing Protocols 445 Routing Protocols for the Enterprise 446 EIGRP 446

EIGRP Terminology 447 EIGRP Characteristics 449 OSPF 449

OSPF Hierarchical Design 450 OSPF Characteristics 451 Integrated IS-IS 453

Integrated IS-IS Terminology 453 Integrated IS-IS Characteristics 455 Summary of Interior Routing Protocol Features 455 Selecting an Appropriate Interior Routing Protocol 456 When to Choose EIGRP 457 When to Choose OSPF 457 Border Gateway Protocol 457

BGP Implementation Example 459 External and Internal BGP 460 Routing Protocol Deployment 461

Routing Protocols in the Enterprise Architecture 461 Routing in the Campus Core 461 Routing in the Building Distribution Layer 463

Routing in the Building Access Layer 463 Routing in the Enterprise Edge Modules 464 Route Redistribution 464

Using Route Redistribution 465 Administrative Distance 466 Selecting the Best Route 467 Route Redistribution Direction 467 Route Redistribution Planning 468 Route Redistribution in the Enterprise Architecture 468 Route Filtering 470

Redistributing and Filtering with BGP 470 Route Summarization 471

The Benefits of Route Summarization 471

Recommended Practice: Summarize at the Distribution Layer 471 Recommended Practice: Passive Interfaces for IGP at the Access Layer 473 Summary 474 References 474

Case Study: ACMC Hospital Routing Protocol Design 475 Review Questions 475

Chapter 8 Voice Network Design Considerations 479

Traditional Voice Architectures and Features 479 Analog and Digital Signaling 479 The Analog-to-Digital Process 480 Time-Division Multiplexing in PSTN 482 PBXs and the PSTN 483

Differences Between a PBX and a PSTN Switch 484 PBX Features 485 PSTN Switches 486 Local Loops, Trunks, and Interswitch Communications 487 Telephony Signaling 489

Telephony Signaling Types 490 Analog Telephony Signaling 491 Digital Telephony Signaling 491 PSTN Numbering Plans 495

International Numbering Plans 495 Call Routing 496 Numbering Plans 496 Integrating Voice Architectures 500

Introduction to Integrated Networks 500

Drivers for Integrating Voice and Data Networks 502 H.323 503

Introduction to H.323 503 H.323 Components 503 H.323 Example 507

Introduction to IP Telephony 508 IP Telephony Design Goals 509 Single-Site IP Telephony Design 510 Multisite WAN with Centralized Call Processing Design 511 Multisite WAN with Distributed Call Processing Design 513 Call Control and Transport Protocols 514 Voice Conversation Protocols 515 Call Control Functions with H.323 516

Call Control Functions with the Skinny Client Control Protocol 516 Call Control Functions with SIP 518 Call Control Functions with MGCP 520 Voice Issues and Requirements 521 Voice Quality Issues 521 Packet Delays 521 Fixed Network Delays 522 Variable Network Delays 524 Jitter 526 Packet Loss 527 Echo 527 Voice Coding and Compression 529

Coding and Compression Algorithms 530 Voice Coding Standards (Codecs) 530 Sound Quality 531

Codec Complexity, DSPs, and Voice Calls 532 Bandwidth Considerations 533

Reducing the Amount of Voice Traffic 533 Voice Bandwidth Requirements 534 Codec Design Considerations 536 QoS for Voice 536

Bandwidth Provisioning 538

Signaling Techniques 538

Classification and Marking 538

Congestion Avoidance 539

Traffic Policing and Shaping 539

Congestion Management: Queuing and Scheduling 539

Link Efficiency 541

CAC 541

Building Access Layer QoS Mechanisms for Voice 544 AutoQoS 545 Introduction to Voice Traffic Engineering 545 Terminology 546

Blocking Probability and GoS 546 Erlang 547 CCS 547

Busy Hour and BHT 547 CDR 548

Erlang Tables 548 Erlang B Table 549 Erlang Examples 549 Trunk Capacity Calculation Example 550 Off-Net Calls Cost Calculation Example 551 Calculating Trunk Capacity or Bandwidth 552 Cisco IP Communications Return on Investment Calculator 553 Summary 553 References 554

Case Study: ACMC Hospital Network Voice Design 555 Case Study Additional Information 556 Case Study Questions 556 Review Questions 557

Chapter 9 Wireless Network Design Considerations 565

Introduction to Wireless Technology 565 RF Theory 567

Phenomena Affecting RF 567 RF Math 568 Antennas 570 Agencies and Standards Groups 570 IEEE 802.11 Operational Standards 571

IEEE 802.11b/g Standards in the 2.4 GHz Band 572 802.11a Standard in the 5-GHz Band 575 802.11 WLANs Versus 802.3 Ethernet LANs 576 WLAN Topologies 577 WLAN Components 577

Cisco-Compatible WLAN Clients 577 Autonomous APs 578 Lightweight APs 578 AP Power 578 WLAN Operation 579 WLAN Security 580 The Cisco Unified Wireless Network 581 The Cisco UWN Architecture 581 Cisco UWN Elements 582

Cisco UWN Lightweight AP and WLC Operation 583 Cisco UWN Wireless Authentication and Encryption 585 LWAPP Fundamentals 588

Layer 2 LWAPP Architecture 588 Layer 3 LWAPP Architecture 589 WLAN Controllers 590 WLC Terminology 590 WLC Interfaces 590 WLC Platforms 592 Access Point Support Scalability 594

Lightweight APs 597

Lightweight AP Discovery and Join Process 598 Lightweight AP and WLC Control Messages 600 Access Point Modes 601 Mobility in a Cisco Unified Wireless Network 602 Intracontroller Roaming 603 Intercontroller Roaming at Layer 2 604 Intercontroller Roaming at Layer 3 606 Mobility Groups 607

Recommended Practices for Supporting Roaming 609 Radio Resource Management and RF Groups 610 Radio Resource Management 610 RF Grouping 612 AP Self-Healing 613 Cisco UWN Review 613 Designing Wireless Networks with Lightweight Access Points and Wireless LAN Controllers 615 RF Site Survey 615

RF Site Survey Process 616 Define the Customer Requirements 616 Identify Coverage Areas and User Density 617 Determine Preliminary AP Locations 618 Perform the Actual Survey 619 Document the Findings 621 Controller Redundancy Design 621 Dynamic Controller Redundancy 622 Deterministic Controller Redundancy 624 Deterministic Redundancy Options 625 Design Considerations for Guest Services in Wireless Networks 628 Design Considerations for Outdoor Wireless Networks 631 Wireless Mesh Components 632 MAP-to-RAP Connectivity 633 Mesh Design Recommendations 634 Design Considerations for Campus Wireless Networks 635 Common Wireless Design Questions 635 Controller Placement Design 636 Campus Controller Options 637 Design Considerations for Branch Office Wireless Networks 638 Branch Office Considerations 638 Local MAC 638 REAP 639 Hybrid REAP 640

Branch Office WLAN Controller Options 642 Summary 642 References 643

Case Study: ACMC Hospital UWN Considerations 644 Review Questions 646

Chapter 10 Evaluating Security Solutions for the Network 651

Network Security 651

The Need for Network Security 651 Network Security Requirements 652 Security Legislation Examples 652 Terminology Related to Security 653 Threats and Risks 654

Threat: Reconnaissance Attacks 655

Threat: Gaining Unauthorized Access to Systems 657

Threat: DoS 657

Risk: Integrity Violations and Confidentiality Breaches 659 Network Security Policy and Process 660 Security Policy 662 The Need for a Security Policy 662 Risk Assessment and Management 663 Documenting the Security Policy 666 Network Security Process 667 The Cisco Self-Defending Network 669

The Cisco Self-Defending Network Framework 669 Secure Network Platform 670 Cisco Self-Defending Network Phases 670 Trust and Identity Management 672 Trust 672 Identity 674 Access Control 677

Trust and Identity Management Technologies 677 Identity and Access Control Deployment 681 Threat Defense 682 Physical Security 683 Infrastructure Protection 686 Threat Detection and Mitigation 688 Secure Connectivity 691

Encryption Fundamentals 692 VPN Protocols 693

Transmission Confidentiality: Ensuring Privacy 693 Maintaining Data Integrity 695 Security Management 697

Cisco Security Management Technologies 698 Network Security Solutions 699

Integrated Security Within Network Devices 699 Cisco IOS Router Security 700 Security Appliances 702

Appendix A Appendix B Appendix C Appendix D

IPSs 702

Catalyst Services Modules 703 Endpoint Security Solutions 705 Securing the Enterprise Network 706

Deploying Security in the Enterprise Campus 706 Deploying Security in the Enterprise Data Center 707 Deploying Security in the Enterprise Edge 709 Summary 711 References 712

Case Study 10-1: ACMC Hospital Network Security Design 713

Case Study Questions 714 Case Study 10-2: ACMC Hospital Network—Connecting More Hospitals

Case Study Questions 715 Review Questions 719

Answers to Review Questions and Case Studies 725

Acronyms and Abbreviations Index 888

IPv4 Supplement 807

Open System Interconnection (OSI) Reference Model Network Address Translation 859 871

Was this article helpful?

0 0

Post a comment