Download Week_Five_Network_ppt

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
Document related concepts

Zero-configuration networking wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer network wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Parallel port wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Airborne Networking wikipedia , lookup

Network tap wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Virtual LAN wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Transcript 
ITEC 275
Computer Networks – Switching,
Routing, and WANs
Week 5
Robert D’Andrea
Some slides provide by Priscilla
Oppenheimer and used with permission
• Learning Activities
Agenda
– Network Design Document, logical design, and top-down
network design methodology.
– Hierarchical Network Design, network topology consisting
of many interrelated components. This task might be
easier to divide and conquer the problem and develop it.
– Spanning Tree Protocol, fast convergence network routers.
– VLANs, small bandwidths to switches rather than
broadcasting.
– Redundancy, provides availability, performance, and
scalability.
– VPNs, use a third party communication media securring
data.
Documenting Your Design
• If you are given a request for proposal (RFP),
respond to the request in the exact format that
the RFP specifies
• If no RFP, you should still write a design
document
– Describe your customer’s requirements and how your
design meets those requirements
– Document the budget for the project
– Explain plans for implementing the design
Typical RFP Response Topics
• A network topology for the new design
• Information on the protocols, technologies, and
products that form the design
• An implementation plan
• A training plan
• Support and service information and plan
• Prices and payment options
• Qualifications of the responding vendor or supplier
• Recommendations from other customers
• Legal contractual terms and conditions
Contents of a Network Design
Document
•
•
•
•
•
•
•
•
•
Executive summary
Project goal
Project scope
Design requirements
Current state of the network
New logical and physical design
Results of network design testing
Implementation plan
Project budget
Design Requirements
• Business goals explain the role the network
design will play in helping an organization
succeed
• Technical goals include scalability,
performance, security, manageability,
usability, adaptability, and affordability
Logical and Physical Design
• Logical design
– Topology
– Models for addressing and naming
– Switching and routing protocols
– Security strategies
– Network management strategies
• Physical design
– Actual technologies and devices
Implementation Plan
• Recommendations for deploying the network design
• Project schedule
– Including any dates and times for service provider
installations
•
•
•
•
•
Any plans for outsourcing
Training
Risks
A fallback plan if the implementation should fail
A plan for evolving the design as new requirements
arise
Possible Appendixes
•
•
•
•
•
•
•
Detailed topology maps
Device configurations
Addressing and naming details
Network design testing results
Contact information
Pricing and payment options
More information about the company that is
presenting the design
– Annual reports, product catalogs, press releases
• Legal contractual terms and conditions
Topology
• A branch of mathematics concerned with those
properties of geometric configurations that are
unaltered by elastic deformations such as
stretching or twisting
• A term used in the computer networking field to
describe the structure of a network
What is a Topology?
Definition of Topology
A topology is a map of an internetwork
that indicates network, segments,
interconnection points, and user communities.
The purpose of the map is to show the
geometry of the network, not the physical
geography or technical implementation.
External Network Topology
Internal Network Topology
Detail Description of External Network Topology
What is Convergence?
Definition of Convergence
The speed and ability of a group of
internetworking devices running a specific
routing protocol to agree on the topology of an
un-internetwork after a change in the topology.
Convergence is Voice, Data, and Video
Scope of Convergence
Network Topology Design Themes
•
•
•
•
•
Hierarchy
Redundancy
Modularity
Well-defined entries and exits
Protected perimeters
Why Use a Hierarchical Model?
• Reduces workload on network devices
– Avoids devices having to communicate with
too many other devices (reduces “CPU
adjacencies”)
•
•
•
•
Constrains broadcast domains
Enhances simplicity and understanding
Facilitates changes
Facilitates scaling to a larger size
Hierarchical Network Design
Enterprise WAN
Backbone
Campus A
Core Layer
Campus B
Campus C
Campus C Backbone
Access Layer
Building C-1
Building C-2
Distribution Layer
Cisco’s Hierarchical Design Model
• A core layer of high-end routers and switches that
are optimized for availability and speed. Avoid
connecting packet filters or network monitors at this
layer.
• A distribution layer of routers and switches that
implement policies and segment traffic. This is a
demarcation point between access and core layer of
the network.
Cisco’s Hierarchical Design Model
• An access layer that connects users via hubs,
switches, routers, and other devices. Switches are
usually implemented at the access layer in campus
networks to divide up bandwidth domains to meet
the demands of applications that need a lot of
bandwidth or cannot handle the delay associated
with sharing a bandwidth.
A network design guideline would be to design the
access layer first, then the distribution, and core layer.
Cisco’s Hierarchical Design Model
• Controlling a Network Diameter
Provides low and predictable latency.
Predict routing paths
Traffic flows
Capacity requirements
Flat Versus Hierarchy
Headquarters in
Medford
Headquarters in
Medford
Grants Pass
Branch Office
Klamath Falls
Branch Office
Ashland
Branch Office
Flat Loop Topology
Grants Pass
Branch Office
Klamath Falls
Branch Office
Ashland
Branch
Office
White City
Branch Office
Hierarchical Redundant Topology
Flat Network Topology
Mesh Versus Hierarchical-Mesh
Topologies
• Mesh Topologies
Full-mesh topology provides complete
redundancy and good performance. There is
only a single link delay between two sites. Costly
to implement a full-mesh topology.
Partial-mesh topology has fewer
connections between sites. To reach another
switch or router, traffic flow would experience
more traversing of intermediate links.
Mesh
Designs
Full-Mesh Topology
Partial-Mesh Topology
A Partial-Mesh Hierarchical Design
Headquarters
(Core Layer)
Regional
Offices
(Distribution
Layer)
Branch Offices (Access Layer)
Company Structure
• Small and Medium-Sized Companies
Recommend a hierarchical model that reflects a
hub-and-spoke topology. Usually, corporate
headquarters or a data center form the center hub.
Links extended from the hub connect to remote
offices and telecommuters’ locations.
See slide Hub-and-Spoke Hierarchical Topology
A Hub-and-Spoke Hierarchical Topology
Corporate
Headquarters
Branch Office
Home Office
Branch Office
Scope of Access
• Control Access Layer Diameter
The most likely place for network design violations
to occur are at the access layer. Users and network
administrators are more likely to add networks to the
internetwork , and connect remote networks together.
This is known as adding a chain.
Avoid backdoors. A backdoor connection is a
connection between devices in the same layer. A hub
is considered a backdoor.
Avoid Chains and Backdoors
Core Layer
Distribution Layer
Access Layer
Backdoor
Chain
How Do You Know When You Have a
Good Design?
• When you already know how to add a new building,
floor, WAN link, remote site, e-commerce service, and
so on
• When new additions cause only local change, to the
directly-connected devices
• When your network can double or triple in size
without major design changes
• When troubleshooting is easy because there are no
complex protocol interactions to wrap your brain
around
Flat Network Use
• A flat network topology is adequate for small
networks. Each network device functions the
same, and the network is not divided into layers
or modules. A flat network is easy to design.
Flat network designers are most difficult
when there is network growth, and the lack
of hierarchy makes trouble shooting more
difficult.
Flat WAN Networks
• Flat WAN Topologies
A WAN for a small company consists of a few
sites connected in a loop. Each site has it’s own
WAN router, routing protocols can converge quickly,
and communication with any other site can recover
when a link fails.
Caveat: If only one link fails, recovery is possible. If
two or more links fail, recovery is more difficult.
The flat loop topology goals are low cost and
reasonably good availability.
See slide -Flat verses Hierarchical.
Flat LAN Networks
• Flat LAN Topologies
In the 1990s, a typical LAN configuration was
to connect PCs and servers to one or more hubs.
The PCs and servers implemented a media-access
control process like token passing or carrier sense
multiple access with collision detection (CSMA/CD)
to control access to a shared bandwidth. This
configuration had the potential to negatively affect
delay and throughput for other devices.
Today, designers recommend connecting PCs and
servers to the data link layer (Layer 2) switches .
Layer 2 Configuration
• Characterizing Layer 2 Network Traffic
Devices connected in a switched or bridged
network are all in the same broadcast domain.
Switches forward broadcasting frames out from
every port. Routers on the other hand, separate
segments into separate broadcast domains. The
recommended limit for devices connected to one
single broadcast domain is a couple hundred
devices. Broadcasted traffic needs to be limited and
watched closely on flat loop topologies, otherwise
frames can be dropped or lost.
Rule of Thumb – limit broadcast traffic to 20% of the
traffic on each link.
Cisco’s SAFE Security Reference
Architecture
Campus Topology Design
•
•
•
•
Use a hierarchical, modular approach
Minimize the size of bandwidth domains
Minimize the size of broadcast domains
Provide redundancy
– Backup paths
– Mirrored servers
– Mirror stored data
– Multiple ways for workstations to reach a router
for off-net communications
Campus Topology Design
• Cisco SAFE Security Reference Architecture
- Used to simplify the complexity of a large
internetwork
- SAFE is concerned with security
- Defense-in-depth approach were multiple layers
of protection are strategically located through-out
the network.
- See page 134 for major design modules
See Cisco SAFE high-level view slide
A Simple Campus Redundant Design
Host A
LAN X
Switch 1
Switch 2
LAN Y
Host B
Bridges and Switches use Spanning-Tree
Protocol (STP) to Avoid Loops
Host A
LAN X
X Switch 2
Switch 1
LAN Y
Host B
Bridges (Switches) Running STP
• Participate with other bridges in the election of a single
bridge as the Root Bridge.
• Calculate the distance of the shortest path to the Root
Bridge and choose a port (known as the Root Port) that
provides the shortest path to the Root Bridge.
• For each LAN segment, elect a Designated Bridge and a
Designated Port on that bridge. The Designated Port is a
port on the LAN segment that is closest to the Root Bridge.
(All ports on the Root Bridge are Designated Ports.)
• Select bridge ports to be included in the spanning tree. The
ports selected are the Root Ports and Designated Ports.
These ports forward traffic. Other ports block traffic.
Elect a Root
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Lowest Bridge ID
Wins!
Root
Bridge A
Port 1
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
Determine Root Ports
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Port 1
Lowest Cost
Wins!
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
Determine Designated Ports
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Designated Port
Designated Port
Port 1
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Designated Port
Lowest Bridge ID
Wins!
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
Prune Topology into a Tree!
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Designated Port
Designated Port
Port 1
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Designated Port
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
X
Blocked Port
React to Changes
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Designated Port
Designated Port
Port 1
Port 2
LAN Segment 1
LAN Segment 2
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Designated Port Becomes
Disabled
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
Blocked Port Transitions to
Forwarding State
Scaling the Spanning Tree Protocol
• Keep the switched network small
– It shouldn’t span more than seven switches
• Use BPDU skew detection on Cisco switches
• Use IEEE 802.1w
– Provides rapid reconfiguration of the spanning
tree
– Also known as RSTP
Rapid Spanning Tree Protocol
• Bridge port states
- Discarding a port that is neither
learning MAC addresses nor forwarding user’s
frames.
- Learning a port the is learning MAC
addresses to populate the MAC address table
but is not yet forwarding user frames
- Forwarding a port the is learning MAC
addresses and forwarding user frames.
Rapid Spanning Tree Protocol
• Converged switched network Bridge port roles
- Root port assigned on a non-root bridge,
provides lowest cost path to the root bridge.
- Designated assigned on a port attached to a
LAN, provides lowest cost path to the root
bridge.
- Alternate assigned to a port that offers an
alternative path in the direction of the root
bridge to that provided by the bridge’s root
port. Considered a discarded port
Rapid Spanning Tree Protocol
- Backup assigned to a port on a
designated bridge that acts as a backup
for the path provided by a designated
port in the direction of the leaves of the
spanning tree.
- Disabled assigned to a port that is not
operational or is excluded from the
active topology by network
management. Considered a discarded
port.
Rapid Spanning Tree Protocol
RSTP converges quicker than STP (50
seconds) to a tree topology where the lowestcost paths are forwarding frames. RSTP
archives rapid transition to the forwarding
state on edge ports, root ports, and point-topoint links. Edge and root ports can transition
to forwarding without transmitting or
receiving messages from other bridges.
Rapid Spanning Tree Protocol
• Port Modes
Full-duplex mode port assumed to be
point-to-point. Modern switched networks
utilize this mode mostly.
Half-duplex mode port considered a
shared port by default.
Rapid Spanning Tree Protocol
• Root Bridge
High speed
Reliable
Centered in network topology
A switch with the lowest bridge ID
Priority field
MAC address the lowest MAC
address of a switch or bridge
Virtual LANs (VLANs)
• An emulation of a standard LAN that allows
data transfer to take place without the
traditional physical restraints placed on a
network
• A set of devices that belong to an
administrative group
• Designers use VLANs to constrain broadcast
traffic
VLANs versus Real LANs
Switch A
Station A1
Station A2
Network A
Switch B
Station A3
Station B1
Station B2
Network B
Station B3
A Switch with VLANs
VLAN A
Station A1
Station B1
Station A2
Station B2
VLAN B
Station A3
Station B3
VLANs Span Switches
VLAN A
Station A1
Station A2
VLAN A
Station A3
Station A4
Station A5
Switch A
Station B1
Station A6
Switch B
Station B2
VLAN B
Station B3
Station B4
Station B5
VLAN B
Station B6
WLANs and VLANs
• A wireless LAN (WLAN) is often implemented
as a VLAN
• Facilitates roaming
• Users remain in the same VLAN and IP subnet
as they roam, so there’s no need to change
addressing information
• Also makes it easier to set up filters (access
control lists) to protect the wired network
from wireless users
Workstation-to-Router Communication
• Proxy ARP (not a good idea)
• Listen for route advertisements (not a great
idea either)
• ICMP router solicitations (not widely used)
• Default gateway provided by DHCP (better
idea but no redundancy)
– Use Hot Standby Router Protocol (HSRP) for
redundancy
HSRP
Hot Standby Router Protocol
Active Router
Enterprise Internetwork
Virtual Router
Workstation
Standby Router
Week Five
Definition of Multihoming
Multi-homing is to provide more that one
connection for a system to access and offer
network services. In an enterprise network,
multi-homing provides access to more than one
entry into the Internet.
Example: WAN backup and ISP redundancy
If a server has more than one network layer
address
Multi-homing the Internet Connection
ISP 1
ISP 1
Enterprise
Option A
ISP 1
ISP 2
Enterprise
Paris
ISP 1
Paris
Option B
Enterprise
Enterprise
NY
Option C
ISP 2
NY
Option D
Security Topologies
Enterprise
Network
DMZ
Web, File, DNS, Mail Servers
Internet
Security Topologies
Internet
Firewall
DMZ
Web, File, DNS, Mail Servers
Enterprise Network
Network Security
Definition of Firewall
A firewall is a system or combination of systems
that enforces a boundary between two or more
networks.
Router with ACL
Firewall should be placed within the
network topology so that all traffic from outside
the protected network must pass through the
firewall.
NAT (Network Address Translation)
Summary
• When a customer provides an RFP, make sure to
follow the prescribed format
• When not bound by an RFP, develop a design
document that describes requirements, the existing
network, the logical and physical design, an
implementation plan, and the budget
• Be sure to include an executive summary
• In some cases, you should also include appendixes
with detailed information
Summary
• Use a systematic, top-down approach
• Plan the logical design before the physical
design
• Topology design should feature hierarchy,
redundancy, modularity, and security
Review Questions
• Why is it important to document your
network design?
• Why is it important to submit an RFP
proposal in the exact format prescribed?
• What are the major topics in a design
document?
• What are some possible appendixes for a
design document?
Review Questions
• Why are hierarchy and modularity important for
network designs?
• What are the three layers of Cisco’s hierarchical
network design?
• What are the major components of Cisco’s
enterprise composite network model?
• What are the advantages and disadvantages of the
various options for multihoming an Internet
connection?
This Week’s Outcomes
•
•
•
•
•
•
Network Design Document
Hierarchical Network Design
Spanning Tree Protocol
VLANs
Redundancy
VPNs
Due this week
• 4-2-1 – Simulator Tutorial and Basic IOS
Command Exploration
Next week
• Read chapter 6 in Top-Down Network Design
• Read chapter 6 in Designing Cisco
Internetwork Solutions
• 5-1 – Concept questions 4
• 1-5-1 – Network Design Project 1
– Switches
Q&A
• Questions, comments, concerns?
Related documents
Slide 1 - itworkss
Slide 1 - itworkss
An Initiative Approach to Determine STATE RAILWAY OF THAILAND
An Initiative Approach to Determine STATE RAILWAY OF THAILAND
Chapter 1: Protocols and Layers
Chapter 1: Protocols and Layers
Let X and Y be topological spaces, where the only open
Let X and Y be topological spaces, where the only open
Hurricane Resilience: Port of Providence
Hurricane Resilience: Port of Providence
Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP)
Europeans Explore the East
Europeans Explore the East
Problem set 2 - Math User Home Pages
Problem set 2 - Math User Home Pages
Building and Maintaining Infrastructure
Building and Maintaining Infrastructure
ITEC275v2
ITEC275v2
View
View
Bridging Protocols Overview - UNH-IoL
Bridging Protocols Overview - UNH-IoL
HARDWARE TERMS The Forensic Services Group ROM (read
HARDWARE TERMS The Forensic Services Group ROM (read
Topology
Topology