Download Week_Five_Network

ITEC 275
Computer Networks – Switching,
Routing, and WANs
Week 5
Robert D’Andrea
Winter 2017
• Learning Activities
Agenda
– Network Design Document, logical design, and top-down
network design methodology.
– Hierarchical Network Design, network topology consisting
of many interrelated components. This task might be easier
to divide and conquer the problem and develop it.
– Spanning Tree Protocol, fast convergence network routers.
– VLANs, small bandwidths to switches rather than
broadcasting.
– Redundancy, provides availability, performance, and
scalability.
– VPNs, use a third party communication media securing
data.
Documenting Your Design
• If you are given a Request For Proposal (RFP),
respond to the request in the exact format that the
RFP specifies
• If no RFP, you should still write a design document
– Describe your customer’s requirements and how
your design meets those requirements
– Document the budget for the project
– Explain plans for implementing the design
Typical RFP Response Topics
• A network topology for the new design
• Information on the protocols, technologies, and
products that form the design
• An implementation plan
• A training plan
• Support and service information and plan
• Prices and payment options
• Qualifications of the responding vendor or supplier
• Recommendations from other customers
• Legal contractual terms and conditions
•
•
•
•
•
•
•
•
•
Contents of a Network Design
Document
Executive summary
Project goal
Project scope
Design requirements
Current state of the network
New logical and physical design
Results of network design testing
Implementation plan
Project budget
Design Requirements
• Business goals explain the role the network
design will play in helping an organization
succeed
• Technical goals include scalability,
performance, security, manageability, usability,
adaptability, and affordability
Logical and Physical Design
Logical design
– Topology
– Models for addressing and naming
– Switching and routing protocols
– Security strategies
– Network management strategies
Physical design
– Actual technologies and devices
Implementation Plan
Recommendations for deploying the network design
• Project schedule which includes dates and times for
service provider installations
• Any plans for outsourcing (offshore or in country)
• Training
• Risks
• A fallback plan if the implementation should fail
• A plan for evolving the design as new requirements
arise
Possible Appendixes
Details found in appendixes
•
•
•
•
•
•
•
Detailed topology maps
Device configurations
Addressing and naming details
Network design testing results
Contact information
Pricing and payment options
More information about the company that is
presenting the design
• Annual reports, product catalogs, press releases
• Legal contractual terms and conditions
Topology
The origin of a topology
• A branch of mathematics concerned with those
properties of geometric configurations that are
unaltered by elastic deformations such as
stretching or twisting
• A term used in the computer networking field to
describe the structure of a network
What is a Topology?
Definition of Topology
A topology is a map of an internetwork
that indicates network segments, interconnection
points, and user communities. The purpose of the
map is to show the geometry of the network, not
the physical geography or technical
implementation.
Network Topology Design Themes
•
•
•
•
•
Hierarchy
Redundancy
Modularity
Well-defined entries and exits
Protected perimeters
Network Topology Design Themes
Hierarchical Network model
Network Topology Design Themes
Why Use a Hierarchical Model?
1. Reduces workload on network devices
2. Avoids devices having to communicate with
too many other devices (reduces “CPU
adjacencies”)
3. Constrains on broadcast domains
4. Enhances simplicity and understanding
5. Facilitates changes
6. Facilitates scaling to a larger size
Network Topology Design Themes
Why Use a Hierarchical Model?
When a network grows without a plan or
purpose, they develop into an unstructured
format. According to Dr. Peter Welcher, the
author of network design and technology articles
for Cisco World, the unstructured design
becomes a fur-ball network.
Network Topology Design Themes
What are the disadvantages of fur-ball topology?
1. Too many CPU adjacencies – the network
devices communicate with too many other
devices (broadcast packets).
2. Workload required of the CPU on the device
can be overloading.
3. Affected devices are routers, workstations,
and servers.
Network Topology Design Themes
When trying to meet a customers business
and technical goals for a corporate network
design, it might be necessary to recommend a
network topology of many interrelated
components. The task is made easier if you can
“divide and conquer” the job and develop the
design in independent layers.
Network design experts can develop a
hierarchical network design model in layers to
better understand and select the discrete layers.
Network Topology Design Themes
Network Topology Design Themes
Network Topology Design Themes
Network Topology Design Themes
Cisco’s Hierarchical Design Model
A core layer of high-end routers and
switches that are optimized for availability and
speed. Avoid connecting packet filters or
network monitors at this layer.
A distribution layer of routers and switches
that implement policies and segment traffic. This
is a demarcation point between access and core
layer of the network.
Network Topology Design Themes
An access layer that connects users via
hubs, switches, routers, and other devices.
Switches are usually implemented at the access
layer in campus networks to divide up bandwidth
domains to meet the demands of applications
that need a lot of bandwidth or cannot handle the
delay associated with sharing a bandwidth.
A network design guideline would be to
design the access layer first, then the
distribution, and core layer.
Network Topology Design Themes
Controlling a Network Diameter
Provides low and predictable latency.
Predict routing paths
Traffic flows
Capacity requirements
Network Topology Design Themes
Network Topology Design Themes
Network Topology Design Themes
Mesh Topologies
Full-mesh topology provides complete
redundancy and good performance. There is only
a single link delay between two sites. Costly to
implement a full-mesh topology.
Partial-mesh topology has fewer
connections between sites. To reach another
switch or router, traffic flow would experience
more traversing of intermediate links.
Network Topology Design Themes
Partial-Mesh
Full Mesh
Network Topology Design Themes
Small and Medium-Sized Companies
Recommend a hierarchical model that
reflects a hub-and-spoke topology. Usually,
corporate headquarters or a data center form the
center hub. Links extended from the hub connect
to remote offices and telecommuters’ locations.
Hub-and –Spoke Network Topology Design
Hub-and –Spoke Network Topology Design
External Network Topology
Internal Network Topology
Internal Network Topology
Detail Description of External Network Topology
Network Packet
How packets travel in a network?
The data transmitted from the source computer to
a destination computer is broken up into small pieces of
data called packets. Each packet contains an IP address
and a sequence number. The IP address represents the
source computer address and the sequence number the
destination computer address.
Network Packet
How packets travel in a network?
A check sum is created at the source computer and
included in the packet. The check sum value is computed from
data packet to check its integrity. Through integrity, we mean a
check on whether the data received is error free or not. This is
because while traveling on network a data packet can become
corrupt and there has to be a way at the receiving end to know
that data is corrupted or not. This is the reason the checksum field
is added to the header. At the source computer, the checksum is
calculated and set in the header as a field. At the destination
computer, the checksum is again calculated and cross checked
with the existing checksum value in the header to see if the data
packet is error free or not.
Network Packet
Checksum video
https://www.youtube.com/watch?v=JqEvNxAJtDk
Network Packet
Source Computer
Laptop
Packet #2
Packet #1
Packet #4
Destination Computer
Packet #3
Laptop
Network Packet
What is a protocol?
A protocol is a set of rules that governs the
communications process between computers on
a network. In order for two computers to talk to each
other, they must be speaking the same language.
When the packets arrive at the destination, they
are reorganized. They are placed in the same order they
were in during transmission from the source computer.
The reorganization of packets is based on the number of
the packet.
Network Packet
Network Packet
Packet Components
Header contains the source and destination
IP addresses, protocol, header check sum, and
length of packet.
Data (payload) is information you want to
send to the destination computer.
Trailer (footer) contains a couple of bits
that tell the destination computer that it has
reached the end of the packet.
Network Packet
How packets travel in a network?
The trailer may also have some type of error
checking. The most common error checking used in
packets is Cyclic Redundancy Check (CRC). Here is
how it works in certain computer networks: It takes the
sum of all the 1s in the payload and adds them together.
The result is stored as a hexadecimal value in the trailer.
The receiving device adds up the 1s in the payload and
compares the result to the value stored in the trailer. If
the values match, the packet is good. But if the values
do not match, the receiving device sends a request to the
originating device to resend the packet.
Network Packet
Cyclic Redundancy Check Video
https://www.youtube.com/watch?v=RFOGDY2e0mQ
What is Convergence?
What is network convergence?
Network convergence is the efficient
coexistence of telephone, video and data
communication within a single network. The use
of multiple communication modes in a single
network offers convenience and flexibility not
possible with separate infrastructures. Network
convergence is also called media convergence.
Convergence is Voice, Data, and Video
Scope of Convergence
Scope of Access
Control Access Layer Diameter
The most likely place for network design
violations to occur are at the access layer. Users and
network administrators are more likely to add
networks to the internetwork and connect remote
networks together. This is known as adding a chain.
Avoid backdoors. A backdoor connection is a
connection between devices in the same layer. A hub
is considered a backdoor.
Avoid Chains and Backdoors
Core Layer
Distribution Layer
Access Layer
Backdoor
Chain
How Do You Know When You Have a
Good Design?
• When you already know how to add a new building,
floor, WAN link, remote site, e-commerce service, and
so on
• When new additions cause only local change, to the
directly-connected devices
• When your network can double or triple in size
without major design changes
• When troubleshooting is easy because there are no
complex protocol interactions to wrap your brain
around
Flat Network Use
A flat network topology is adequate for small
networks. Each network device functions the same,
and the network is not divided into layers or
modules. A flat network is easy to design.
Flat network designers are most difficult when
there is network growth, and the lack of hierarchy
makes trouble shooting more difficult.
Flat Network Use
Flat WAN Networks
• Flat WAN Topologies
A WAN for a small company consists of a few
sites connected in a loop. Each site has it’s own
WAN router, routing protocols can converge quickly,
and communication with any other site can recover
when a link fails.
Caveat: If only one link fails, recovery is possible. If
two or more links fail, recovery is more difficult.
The flat loop topology goals are low cost and
reasonably good availability.
Flat LAN Networks
• Flat LAN Topologies
In the 1990s, a typical LAN configuration was
to connect PCs and servers to one or more hubs. The
PCs and servers implemented a media-access control
process like token passing or carrier sense multiple
access with collision detection (CSMA/CD) to
control access to a shared bandwidth. This
configuration had the potential to negatively affect
delay and throughput for other devices. Today,
designers recommend connecting PCs and servers to
the data link layer (Layer 2) switches .
Layer 2 Configuration
• Characterizing Layer 2 Network Traffic
Devices connected in a switched or bridged
network are all in the same broadcast domain.
Switches forward broadcasting frames out from
every port. Routers on the other hand, separate
segments into separate broadcast domains. The
recommended limit for devices connected to one
single broadcast domain is a couple hundred devices.
Broadcasted traffic needs to be limited and watched
closely on flat loop topologies, otherwise frames can
be dropped or lost.
Rule of Thumb – limit broadcast traffic to 20% of
the traffic on each link.
CISCO SAFE Security Architecture
Cisco SAFE is a security reference
architecture that provides prescriptive validated
design guides that address how organizations can
plan, design, and deploy security solutions that meet
the unique requirements of different places in the
network, such as campuses, the Internet edge,
branches, and data centers.
These defense-in-depth blueprints also provide
best practices for securing critical data and
transactions as they travers the entire networked
infrastructure.
Cisco’s SAFE Security Reference
Architecture
Campus Topology Design
•
•
•
•
Use a hierarchical, modular approach
Minimize the size of bandwidth domains
Minimize the size of broadcast domains
Provide redundancy
– Backup paths
– Mirrored servers
– Mirror stored data
– Multiple ways for workstations to reach a router
for off-net communications
Campus Topology Design
• Cisco SAFE Security Reference Architecture
- Used to simplify the complexity of a large
internetwork
- SAFE is concerned with security
- Defense-in-depth approach were multiple layers of
protection are strategically located through-out the
network.
- See page 134 for major design modules
A Simple Campus Redundant Design
Host A
LAN X
Switch 1
Switch 2
LAN Y
Host B
Bridges and Switches use Spanning-Tree
Protocol (STP) to Avoid Loops
Host A
LAN X
X Switch 2
Switch 1
LAN Y
Host B
What is Spanning Tree Protocol?
Spanning Tree Protocol (STP) is a layer 2
protocol that prevents logical loops in switched
networks that have redundant links.
Redundancy in a network may appear to be
harmless and needed to maintain connectivity with
other devices. One problem occurs when a broadcast
frame is sent on the network. Device A sends an ARP
request to find the MAC address of device B. The
ARP request is sent as a broadcast. Both switches
receive the broadcast and both switches flood the
broadcast to all of its other connected ports. The end
result is a broadcast storm.
How does ARP work?
What is Spanning Tree Protocol?
A second problem occurs with redundant
topologies is a single device will receive multiple
copies of the same frame.
The third problem occurs within the switch
itself. The MAC address table can change rapidly
and contain wrong information. What happens when
neither switch has learned about devices A and B’s
location? Device A sends data to device B. Each
switch learns about device A is on port 1, and each
records this in its MAC address table. The switches
haven’t learned about device B yet. Both switches
flood the frame to discover device B on their port 2.
What is Spanning Tree Protocol?
As a result, the MAC address table is
overwritten. The switches previously had device A
connected to port 1. Because the table changed
rapidly, it might be considered unstable.
What is Spanning Tree Protocol?
What is ARP ?
Address Resolution Protocol (ARP) is used when you
try to ping an IP address on your local network, say
192.168.1.40, your system has to turn the IP address
192.168.1.40 into a MAC address. This involves using ARP
to resolve the address.
Systems keep an ARP look-up table where they store
information about what IP addresses are associated with what
MAC addresses. When trying to send a packet to an IP
address, the system will first consult this table to see if it
already knows the MAC address. If there is a value cached,
ARP is not used.
What is Spanning Tree Protocol?
If the IP address is not found in the ARP table,
the system will then send a broadcast packet to the
network using the ARP protocol to ask "who has
192.168.1.40". Because it is a broadcast packet, it is
sent to a special MAC address that causes all
machines on the network to receive it. Any machine
with the requested IP address will reply with an ARP
packet that says "I am 192.168.1.40", and this
includes the MAC address which can receive packets
for that IP.
What is Spanning Tree Protocol?
On a Linux system, you can display the ARP table
with the command "arp -an".
# arp -an | grep 10
? (10.241.1.114) at 00:25:90:3e:dc:fc [ether] on vlan241 ? (10.252.1.8) at
00:c0:b7:76:ac:19 [ether] on vlan244
? (10.252.1.9) at 00:c0:b7:76:ae:56 [ether] on vlan244 ? (10.241.1.111) at
00:30:48:f2:23:fd [ether] on vlan241
? (10.252.1.6) at 00:c0:b7:74:fb:9a [ether] on vlan244 ? (10.241.1.121) at
00:25:90:2c:d4:f7 [ether] on vlan241
What is Spanning Tree Protocol?
Radia Perlman is the “Mother of the Internet”.
She developed the STP algorithm. One of her
publications is “Interconnections”, which every
network engineer should read.
Spanning Tree Protocol (STP) is a standard. It
is based on IEEE 802.1D, which is one of the oldest
standards today.
What is Spanning Tree Protocol?
The design of STP is hierarchical. At the top
of the network is the root device, which could be a
bridge or switch. The root device makes all decisions
regarding which link should be blocked or allow data
to flow.
Most switches come with a default setting.
Normally, this setting is 38464.
How is the root device determined?
1. Manually
2. Hard coded
What is Spanning Tree Protocol?
Replicating links is good for improving
reliability and availability
Packets are intended to flow on one
link at a time. EtherChannel insures
that only one link is active at a time.
What is Spanning Tree Protocol?
Replicating links is good for improving reliability
and availability.
Packets are intended to flow on one link at a time.
EtherChannel insures that only one link is active at a
time in two or a bundle of connections.
What is Spanning Tree Protocol?
What is EtherChannel?
EtherChannel is a port link aggregation
technology or port-channel architecture used
primarily on Cisco switches. It allows grouping of
several physical Ethernet links to create one logical
Ethernet link for the purpose of providing faulttolerance and high-speed links between switches,
routers and servers.
What is Spanning Tree Protocol?
When bridges or switches are connected together in a
redundant configuration, this appear to be harmless
and good. The problem occurs when the switches
broadcast to their neighbors to create their routing
tables. No broadcasting occurs on the links connecting
adjacent switches .
What is Spanning Tree Protocol?
When bridges or switches are connected
together to form a redundant configuration, this
appears again to be harmless. The problem
occurs when the switches broadcast to their
neighbors to create their routing tables. There is
no broadcasting that occurs on the links
connecting adjacent switches, but there is on the
remaining switch ports.
What is Spanning Tree Protocol?
The red arrows represent links going the other
switches in the network.
What is Spanning Tree Protocol?
The selection criteria for selecting a root
device is based on the lowest priority of the device.
Usually, the root device priority is 38463, which is
one less than the manufactures default priority
(38464).
What is Spanning Tree Protocol?
The root device makes all decisions about which
links will pass traffic. In most cases, the root
device will shut down the furthest link. Cost is a
factor of the link speed.
What is Spanning Tree Protocol?
The root device makes all decisions about
which links will pass traffic. In most cases, the root
device will shut down the furthest link. A
consideration is made based on the speed of the link.
cost
What is Spanning Tree Protocol?
When new switches are installed, they may all have the
same default priority (38464). The selection criteria for the
root device is likely to result is a “root war” of fight off. If
the root war fails to determine a root device, then the lowest
MAC address (could be the oldest) is selected.
What is Spanning Tree Protocol?
When new switches are installed, they may
all have the same default priority number, 38464.
The selection criteria for who is going to be the
root device, usually results in a “root war” or
fight off. If the root war fails to determine a root
device, then the lowest MAC address (usually
the oldest) is selected.
What is Spanning Tree Protocol?
Root
When a link or node fails, the network topology changes.
The root device has to adjust the existing links to make the
new configuration reliable and secure. In doing so, it takes
approximately 30 seconds before the first packet can be sent.
It takes time for these transitions to finalize.
Currently, the IEEE802.1W (RSTP) converges in
approximately 5 seconds.
What is Spanning Tree Protocol?
When a link or node fails, the network
topology changes. The root device has to adjust
the existing/remaining links to make the new
configuration reliable and secure. In doing so, it
takes approximately 30 seconds before the first
packet is sent again.
It takes time for these transitions to
finalize.
What is Spanning Tree Protocol?
STP is the root part of Ethernet.
Latest STP standard is IEEE 802.1S
Bridges (Switches) Running STP
• Participate with other bridges in the election of a single
bridge as the Root Bridge.
• Calculate the distance of the shortest path to the Root
Bridge and choose a port (known as the Root Port) that
provides the shortest path to the Root Bridge.
• For each LAN segment, elect a Designated Bridge and a
Designated Port on that bridge. The Designated Port is a
port on the LAN segment that is closest to the Root Bridge.
(All ports on the Root Bridge are Designated Ports.)
• Select bridge ports to be included in the spanning tree. The
ports selected are the Root Ports and Designated Ports.
These ports forward traffic. Other ports block traffic.
Elect a Root
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Lowest Bridge ID
Wins!
Root
Bridge A
Port 1
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
React to Changes
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Designated Port
Designated Port
Port 1
Port 2
LAN Segment 1
LAN Segment 2
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Designated Port Becomes
Disabled
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
Blocked Port Transitions to
Forwarding State
Determine Root Ports
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Port 1
Lowest Cost
Wins!
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
Determine Designated Ports
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Designated Port
Designated Port
Port 1
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Designated Port
Lowest Bridge ID
Wins!
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
Prune Topology into a Tree!
Bridge A ID =
80.00.00.00.0C.AA.AA.AA
Root
Bridge A
Designated Port
Designated Port
Port 1
Port 2
LAN Segment 1
100-Mbps Ethernet
Cost = 19
LAN Segment 2
100-Mbps Ethernet
Cost = 19
Root Port
Root Port
Port 1
Port 1
Bridge B
Bridge C
Port 2
Port 2
Bridge B ID =
80.00.00.00.0C.BB.BB.BB
Designated Port
Bridge C ID =
80.00.00.00.0C.CC.CC.CC
LAN Segment 3
100-Mbps Ethernet
Cost = 19
X
Blocked Port
Scaling the Spanning Tree Protocol
• Keep the switched network small
– It shouldn’t span more than seven switches
• Use Bridge Protocol Data Units (BPDU)
skew detection on Cisco switches
• Use IEEE 802.1w
– Provides rapid reconfiguration of the spanning
tree. Also known as RSTP
Rapid Spanning Tree Protocol
• Bridge port states
- Discarding is a port that is neither
learning MAC addresses nor forwarding
user’s frames.
- Learning is a port that is learning MAC
addresses to populate the MAC address table,
but has not yet forwarded user frames
- Forwarding is a port that is learning
MAC addresses and forwarding user frames.
Rapid Spanning Tree Protocol
• Converged switched network Bridge port roles
- Root port assigned on a non-root bridge,
provides lowest cost path to the root bridge.
- Designated assigned on a port attached to a
LAN, provides lowest cost path to the root
bridge.
- Alternate assigned to a port that offers an
alternative path in the direction of the root
bridge to that provided by the bridge’s root
port. Considered a discarded port
Rapid Spanning Tree Protocol
- Backup assigned to a port on a
designated bridge that acts as a backup
path provided by a designated port in
the direction of the leaves of the
spanning tree.
- Disabled assigned to a port that is not
operational or is excluded from the
active topology by network
management. Considered a discarded
port.
Rapid Spanning Tree Protocol
RSTP converges quicker (5 sec) than
STP (30 seconds) to a tree topology where the
lowest-cost paths are forwarding frames.
RSTP archives rapid transition to the
forwarding state on edge ports, root ports, and
point-to-point links. Edge and root ports can
transition to forwarding without transmitting
or receiving messages from other bridges.
Rapid Spanning Tree Protocol
• Port Modes
Full-duplex mode port assumed to be
point-to-point. Modern switched networks
utilize this mode mostly.
Half-duplex mode port considered a
shared port by default.
Rapid Spanning Tree Protocol
• Port Modes
Rapid Spanning Tree Protocol
• Root Bridge
High speed
Reliable
Centered in network topology
A switch with the lowest bridge ID
Priority field
MAC address the lowest MAC
address of a switch or bridge
Selecting a Root Bridge
Control which switch becomes the root
bridge.
• Reliable
• High-speed switch in the center of the
topology
• If switches are to elect the root on their
own, you will have little control of the
direction that traffic flows and the amount
of frame-forwarding delay in your network.
Selecting a Root Bridge
Control which switch becomes the root
bridge.
• Control of the root bridge is critical because
a slow bridge can become the root bridge.
• If high-speed ports are accidentally
removed from the spanning tree it is
possible for low-speed ports to take their
place because they are closer to the root
bridge.
Selecting a Root Bridge
The root bridge is the switch with the lowest
bridge ID.
There are two parts to the bridge ID.
1. Priority field
2. MAC address of the switch
If all priorities are set to their default value,
the switch with the lowest MAC address becomes
root.
Manual control of the root bridge is important
to maintain high throughput on switched networks.
Virtual LANs (VLANs)
• An emulation of a standard LAN that allows
data transfer to take place without the
traditional physical restraints placed on a
network
• A set of devices that belong to an
administrative group
• Designers use VLANs to constrain
broadcast traffic
VLANs versus Real LANs
Switch A
Station A1
Station A2
Network A
Switch B
Station A3
Station B1
Station B2
Network B
Station B3
A Switch with VLANs
VLAN A
Station A1
Station B1
Station A2
Station B2
VLAN B
Station A3
Station B3
VLANs Span Switches
VLAN A
Station A1
Station A2
VLAN A
Station A3
Station A4
Station A5
Switch A
Station B1
Station A6
Switch B
Station B2
VLAN B
Station B3
Station B4
Station B5
VLAN B
Station B6
WLANs and VLANs
• A wireless LAN (WLAN) is often
implemented as a VLAN
• Facilitates roaming
• Users remain in the same VLAN and IP
subnet as they roam, so there’s no need to
change addressing information
• Also makes it easier to set up filters (access
control lists) to protect the wired network
from wireless users
Workstation-to-Router Communication
• Proxy ARP (not a good idea)
• Listen for route advertisements (not a great
idea either)
• ICMP router solicitations (not widely used
anymore)
• Default gateway provided by DHCP (better
idea but no redundancy)
– Use Hot Standby Router Protocol (HSRP) for
redundancy
HSRP
Hot Standby Router Protocol
Active Router
Enterprise Internetwork
Virtual Router
Workstation
Standby Router
Multi-Homing
What is Multi-homing?
Multi-homing is to provide more than one
connection for a system to access and offer
network services. In an enterprise network,
multi-homing provides access to more than one
entry into the Internet.
Example: WAN backup and ISP redundancy
If a server has more than one network layer
address.
Multi-homing the Internet Connection
ISP 1
ISP 1
Enterprise
Option A
ISP 1
ISP 2
Enterprise
Paris
ISP 1
Paris
Option B
Enterprise
Enterprise
NY
Option C
ISP 2
NY
Option D
Security Topologies
Enterprise
Network
DMZ
Web, File, DNS, Mail Servers
Internet
Security Topologies
Internet
Firewall
DMZ
Web, File, DNS, Mail Servers
Enterprise Network
Network Security
Definition of Firewall
A firewall is a system or combination of systems
that enforces a boundary between two or more
networks.
Router with ACL
Firewall should be placed within the
network topology so that all traffic from outside
the protected network must pass through the
firewall.
NAT (Network Address Translation)
Definitions
ARP (Address Resolution Protocol) used to find a
remote station. Traces IP addresses to MAC addresses.
Proxy ARP is the name given when a node
responds to an arp request on behalf of another node.
This is commonly used to redirect traffic sent to one IP
address to another system.
RARP (Reverse Address Resolution Protocol) the
protocol within TCP/IP stack that maps MAC addresses
to IP addresses.
Definitions
RIP (Routing Information Protocol) is
commonly used interior gateway protocol in the
Internet. RIP employees hop count as a routing metric.
Root bridge is used with STP to stop network loops
from occurring. The root bridge is elected to have the
lowest bridge ID.
Definitions
Static routing occurs when an administrator
manually adds routes in each router’s routing
table.
Dynamic routing is when protocols are
used to find and update routing tables on routers.
Routing Protocols
Distance vector – RIP and IGRP
Link state - OSPF
Hybrid - EIGRP
Summary
• When a customer provides an RFP, make sure to
follow the prescribed format
• When not bound by an RFP, develop a design
document that describes requirements, the existing
network, the logical and physical design, an
implementation plan, and the budget
• Be sure to include an executive summary
• In some cases, you should also include appendixes
with detailed information
Summary
• Use a systematic, top-down approach
• Plan the logical design before the physical
design
• Topology design should feature hierarchy,
redundancy, modularity, and security
Review Questions
• Why is it important to document your
network design?
• Why is it important to submit an RFP
proposal in the exact format prescribed?
• What are the major topics in a design
document?
• What are some possible appendixes for a
design document?
Review Questions
• Why are hierarchy and modularity important for
network designs?
• What are the three layers of Cisco’s hierarchical
network design?
• What are the major components of Cisco’s
enterprise composite network model?
• What are the advantages and disadvantages of the
various options for multihoming an Internet
connection?
This Week’s Outcomes
•
•
•
•
•
•
Network Design Document
Hierarchical Network Design
Spanning Tree Protocol
VLANs
Redundancy
VPNs
Due this week
• 4-2-1 – Simulator Tutorial and Basic IOS
Command Exploration
Next week
• Read chapter 6 in Top-Down Network Design
• Read chapter 6 in Designing Cisco
Internetwork Solutions
• 5-1 – Concept questions 4
• 1-5-1 – Network Design Project 1
– Switches
Q&A
• Questions, comments, concerns?