Planning for Complex Networks
Network Design Models
Todayís networks typically include voice, video, network management, mission–critical, and routing traffic in addition to bulk user traffic. Each type of traffic has different performance (bandwidth, delay, and jitter) and security requirements. Network design models provide a framework for integrating the many different types of traffic into the network.
Over the years, several models have been used to help describe how a complex network functions. These models are useful for designing a network and for understanding traffic flow within a more complex network. This section covers three models: the traditional Hierarchical Model, the Enterprise Composite Model, and the Cisco Enterprise Model.
Hierarchical Design Model
Network designers used the three–level Hierarchical Design Model for years. This older model provided a high–level idea of how a reliable network might be conceived, but it was largely conceptual because it didnít provide specific guidance. Figure 1–1 shows the Hierarchical Design Model.
This is a simple drawing of how the three–layer model might be built out for a campus network. A distribution Layer–3 switch is used for each building on campus, tying together the access switches on the floors. The core switches link the various buildings together.
This same three–layer hierarchy can be used in the WAN with a central headquarters, division headquarters, and units.
Figure 1–1 Hierarchical Design Model
Hierarchical Design Model
The layers break a network in the following way:
Redundant distribution and core devices, with connections, make the model more fault–tolerant. This early model was a good starting point, but it failed to address key issues, such as
Enterprise Composite Model
A newer Cisco model–the Enterprise Composite Model–is significantly more complex and attempts to address the shortcomings of the Hierarchical Design Model by expanding the older version and making specific recommendations about how and where certain network functions should be implemented. This model is a component of the Cisco Security Architecture for Enterprise (SAFE) Reference Architecture.
The Enterprise Model is broken into three large sections:
The Enterprise Campus, as shown in Figure 1–2, looks like the old Hierarchical Design Model with added details. It features six sections:
The Enterprise Edge, as shown in Figure 1–3, details the connections from the campus to the WAN and includes
Figure 1–2 Enterprise Campus
Figure 1–3 Enterprise Edge
The Service Provider Edge is just a list of the public networks that facilitate wide–area connectivity and include
Figure 1–4 puts together the various pieces: Campus, Enterprise Edge, and Service Provider Edge. Security implemented on this model is described in the Cisco SAFE blueprint.
Figure 1–4 Enterprise Composite Model
Cisco Enterprise Architecture
The Cisco Enterprise Architecture attempts to describe how all the network components integrate and work together. It includes Campus, Data Center, Branch, WAN, and Teleworker components.
The Campus Architecture component is basically the same as in the Composite model. It includes routing and switching integrated with technologies such as IP telephony and is designed for high availability with redundant links and devices. It integrates security features and provides QoS to ensure application performance. It is flexible enough to add advanced technologies such as VPNs, tunnels, and authentication management.
The Data Center component provides a centralized, scalable architecture that enables virtualization, server and application access, load balancing, and user services. Redundant data centers might be used to provide backup and business continuity.
The Branch Architecture extends enterprise services to remote offices. Network monitoring and management is centralized. Branch networks include access to enterprise–level services such as converged voice and video, security, and application WAN optimization. Resiliency is obtained through backup local call processing, VPNs, redundant WAN links, and application content caching.
The WAN component provides data, voice, and video content to enterprise users any time and any place. QoS, SLAs, and encryption ensure a high–quality secure delivery of resources. It uses IPsec or MPLS VPNs over Layer 2 or Layer 3 WANs, with either a hub–and–spoke or mesh topology.
Teleworker Architecture describes how voice and data are delivered securely to remote small or home office users. It leverages a standard broadband connection, combined with VPN and identity–based access. An IP phone can also be used.
SONA and IIN
Modern converged networks include different traffic types, each with unique requirements for security, QoS, transmission capacity, and delay. These include:
Cisco routers can implement filtering, compression, prioritization, and policing. Except for filtering, these capabilities are referred to collectively as QoS.
Although QoS is a powerful tool, it is not the only way to address bandwidth shortage. Cisco espouses an idea called the Intelligent Information Network (IIN).
IIN describes an evolutionary vision of a network that integrates network and application functionality cooperatively and enables the network to be smart about how it handles traffic to minimize the footprint of applications. IIN is built on top of the Enterprise Composite Model and describes structures overlaid on to the Composite design as needed in three phases.
Phase 1, "Integrated Transport," describes a converged network, which is built along the lines of the Composite model and based on open standards. This is the phase that the industry has been transitioning to recently. The Cisco Integrated Services Routers (ISR) are an example of this trend.
Phase 2, "Integrated Services," attempts to virtualize resources, such as servers, storage, and network access. It is a move to an "on–demand" model.
By "virtualize," Cisco means that the services are not associated with a particular device or location. Instead, many services can reside in one device to ease management, or many devices can provide one service. An ISR brings together routing, switching, voice, security, and wireless. It is an example of many services existing on one device. A load balancer, which makes many servers look like one, is an example of one service residing on many devices.
VRFs are an example of taking one resource and making it look like many. Some versions of IOS are capable of having a router present itself as many virtual router (VRF) instances, allowing your company to deliver different logical topologies on the same physical infrastructure. Server virtualization is another example. The classic example of taking one resource and making it appear to be many resources is the use of a virtual LAN (VLAN) and a virtual storage area network (VSAN).
Virtualization provides flexibility in configuration and management.
Phase 3, "Integrated Applications," uses application–oriented networking (AON) to make the network application-aware and to enables the network to actively participate in service delivery.
An example of this Phase 3 IIN systems approach to service delivery is Network Admission Control (NAC). Before NAC, authentication, VLAN assignment, and antivirus updates were separately managed. With NAC in place, the network can check the policy stance of a client and admit, deny, or remediate based on policies.
IIN enables the network to deconstruct packets, parse fields, and take actions based on the values it finds. An ISR equipped with an AON blade might be set up to route traffic from a business partner. The AON blade handles many functions, including examining traffic, recognizing an application, and rebuilding XML files in memory. Corrupted XML fields might represent an attack (called schema poisoning), and the AON blade can react by blocking that source from further communication. In this example, routing, an awareness of the application data flow, and security are all combined to enable the network to contribute to the success of the application.
Services–Oriented Network Architecture (SONA) applies the IIN ideal to Enterprise networks. SONA breaks down the IIN functions into three layers:
Understanding Routing Protocols
Routing protocols pass information about the structure of the network between routers. Cisco routers support multiple routing protocols, but the ROUTE exam covers only EIGRP, OSPF, and BGP. This section compares routing protocols and calls out some key differences between them.
Cisco routers are capable of supporting several IP routing protocols concurrently. When identical prefixes are learned from two or more separate sources, Administrative Distance (AD) is used to discriminate between the paths. AD is a poor choice of words; risk–factor is a more descriptive name. All other things being equal, routers choose paths advertised by the protocol with the lowest AD. AD can be manually adjusted.
Table 1–1 lists the default values for various routing protocols.
Routing Protocol Characteristics
Two things should always be considered in choosing a routing protocol: fast convergence speed and support for VLSM. EIGRP, OSPF, and BGP all meet these criteria. There are important distinctions between them, as described here:
Table 1–2 compares routing protocols.
Building the Routing Table
The router builds a routing table by ruling out invalid routes and considering the remaining advertisements. The procedure is:
Choosing a Route
Routers look at the routing table to decide how to forward a packet. They look for a match to the destination IP address. Rarely will a route match the destination IP address exactly, so the router looks for the longest match. For instance, suppose a packet is bound for the IP address 10.1.1.1. The routing table has a route for 10.1.0.0/16, one for 10.1.1.0/24, and a default route of 0.0.0.0. The default route matches 0 bits of the destination address, the 10.1.0.0 route matches 16 bits of the destination address, and the 10.1.1.0 route matches 24 bits of the destination address. The 10.1.1.0 route is the longest match, so it will be used to forward the packet.
Planning a Routing Implementation
It is critical to take a structured approach to planning a routing implementation and to document thoroughly once you are done. Taking an ad–hoc approach could lead to network instability, suboptimal routing, or scalability problems. Four commonly used models include:
Creating an Implementation Plan
To create an implementation plan you need to know what the network looks like now, and what it should look like when you are done. This involves gathering information about the current network parameters such as IP addressing, physical connectivity, routing configuration, and equipment. Compare the current state to what is required. Be sure to include any site–specific requirements and any dependencies on the existing network.
An implementation plan includes most of the following, some of which might be site–specific:
Creating Implementation Documentation
Documentation should be kept up–to–date, accurate, and accessible. It includes network information, tools and resources used, implementation tasks, verification methods, device configurations, performance measurements, and possibly screen shots or pictures.