Debre Berhan University

College of Computing
Network Design Short Notes
Chapter 1: Apply a Methodology to NW Design o Environmental factors and Location (geographical
1. Introduction layout of the business at the site) can possibly affect the
NW Design
 Network: is a group of computers, peripherals, and software
o Availability of expertise and resources
that are connected to each other using wired cables or
o Train the staff on these new technologies
wirelessly and can be used together.
o Fault tolerance in terms of applications, system and NW
 Internet: represents the world’s largest network, connecting
access
both standalone computers and computers on LAN and
WAN networks all over the world. o Ease of configuration and Management
 Planning: is an essential part of any network  The aim is to have a design that is both cost effective and
deployment, and the design of the NW is a crucial element provisioned for future expansion.
of planning process. 3. Common Network Design Goals
 Depending on its size and location, the process of designing  Good designs should:
your network can be simple or extremely complex that o Deliver services requested by users
range from small home networks to large enterprise o Enhance employees’ productivity; by enhancing and
internetworks. integrating internal communications through video and mobile
 Network design: should be a complete process that matches devices, without compromising the company’s security policy
business needs to available technology to deliver a system o Deliver acceptable throughput and response times
that will maximize an organization’s success. o Be within budget and maximize cost efficiencies
 Network designers are challenged to develop state-of-the-art o Be reliable
networks o Be expandable without major redesign
o To accommodate increasing requirements o Be manageable by maintenance and support staff
o Vendors and standards bodies introduce new o Be well documented
technologies and protocols at a rapid rate. 4. Fundamental Network Design Requirements
 A network will work best if it is designed to meet the a) Business Requirements:
needs of your customer. o Organizational structure of the company
 Network design document: describes your customer’s o Organizational structure of the company
requirements and explains how your design meets those o Organizational structure of the company
requirements. o IT as a “Business Innovation” Enabler
o Documents the existing network, the logical & o The Nature of the Business
physical design and the budget & expenses associated o Business Priorities
with the projects. b) Functional Requirements:
o Plans for implementing the network, measuring the o The foundation of any system design because they
success of the implementation and evolving a new define system and technology functions. Sometimes
application requirements. referred to as behavioral requirements because they
 Network design & Implementation Processes. address what a system does.
o Analyze requirements o The design that does not address the business’s
o Develop logical design functional requirements is considered a poor design.
o Develop physical design o a statement ;ike; “The provider edge routers must send
o Test, Optimize and document design VoIP traffic over 10G fiber link while data traffic is to
o Implement and test network be sent over the OC-48 link.”
o Monitor and optimize network performance c) Application Requirements: network designers should also
 At a minimum, the design should include consider the answers to the following fundamental
o What hardware you intend to purchase, questions when evaluating application requirements:
o How much it costs, o How much network traffic does the application require?
o Where you’re going to locate it at your site, and o the level of criticality of this application and the service
o How you’re going to connect it all. level requirement?
2. General Design Considerations: o Does the application have any separate requirements?
o Type and Number of users o What are the characteristics of the application?
o Type and quality of services. o How long does the application need to reset its session?
o Future growth  Technical Requirements:
o Nature of applications o Technical aspects that a network infrastructure must
o Budget and Time provide in terms of security, availability, quality of
service, scalability, integration, manageability,
 Debre Berhan University
College of Computing
Network Design Short Notes
usability, and affordability (cost-effectiveness), and  Network designers often think they understand a customer’s
network performance: capacity(bandwidth), utilization, applications and requirements.
throughput, offered load, accuracy, efficiency, delay  Begins at the upper layers of the OSI reference model before
(latency), delay variation, response time etc. moving to the lower layers
5. Applying a Methodology to Network Design o Focuses on applications, sessions, and data transport
 Network design is the ultimate target of our work, the before the selection of routers, switches, and media that
culmination of network analysis and architecture processes. operate at the lower layers
o Network analysis provides understanding, and  Explores divisional structures to find the people:
o network architecture provides conceptual (technology o For whom the network will provide services, and
and topology) descriptions of the network o From whom to get valuable information to make the
o Network design builds upon these to add physical detail design succeed
and vendor, product, and service selections to the  It is an iterative process
network.  A top-down approach lets a network designer get “the big
 There are two common approaches to analyze and design picture” first and then spiral downward into detailed
networks: Where to begin? technical requirements and specifications
o The bottom-up approach: Traditional Network Design o It is important to first get an overall view of a customer's
o The top-down approach: Systematic Network Design requirements
Traditional Network Design Methodology  A logical model is developed before the physical model
 Many network design tools and methodologies in use today o The logical model represents the basic building blocks,
resemble the “connect-the-dots” game divided by function, and the structure of the system
 These tools let you place internetworking devices on a o The physical model represents devices and specific
palette and connect them with LAN or WAN media technologies and implementations
 Problem with this methodology:  For large NW design projects, modularity is essential
o It skips the steps of analyzing a customer's o The design should be split functionally to make the
requirements, and selecting devices and media based project more manageable
on those requirements 6. Network Design and Implementation Cycle
 When a customer expects a quick response to a network a) Analyze requirements:
design request o Interviews with users and technical personnel
o A bottom-up (connect-the-dots) network design o Understand business and technical goals for a new or
methodology can be used, if the customer’s enhanced system
applications and goals are well known o Characterize the existing network: logical and
 Based on a set of general rules physical topology, and network performance
o “80/20” o Analyze current and future network traffic, including
o “Bridge when you can, route when you must” traffic flow and load, protocol behavior, and QoS
o Can’t deal with scalability & complexity requirements
 Focused on capacity planning b) Develop the logical design:
o Throw more bandwidth at the problem: having enough o Deals with a logical topology for the new or enhanced
bandwidth to keep data moving network
o No consideration to delay optimization o Network layer addressing and naming
o No guarantee of service quality o Switching and routing protocols
o Less importance given to network RMA (Reliability, o Security planning
Maintainability, and Availability) compared to o Network management design
throughput o Initial investigation into which service providers can
Top-Down Network Design Methodology meet WAN and remote access requirements
 Good network design c) Develop the physical design:
o Recognizes that a customer’s requirements embody o Specific technologies and products to realize the
many business and technical goals logical design are selected
o May specify a required level of network performance, o investigation into ISP must be completed at this phase
i.e., service level d) Test, optimize, and document the design:
o Includes difficult network design choices and tradeoffs o Write and implement a test plan
that must be made when designing the logical network o Build a prototype or pilot
before any physical devices or media are selected o Optimize the network design
o Document your work with a network design proposal
 Debre Berhan University
College of Computing
Network Design Short Notes
Chapter 2: Network Design Requirements  Operational suitability – how well can the customer
1. Identifying Network Design Requirements configure and monitor the system?
 Supportability – how well can the customer maintain
 Requirements: the network functions and performance
the system?
needed for the network to successfully support its users,
 Confidence – what is the data loss rate when the
applications, and devices.
system is running at its required throughput?
o Are Separated into Core/Fundamental Requirements,
 Financial requirements
Features, Future, Rejected, and Informational
Requirements  Enterprise requirements: typically include
integration of your network with existing standards
 Features: network functions and performance that are
for voice, data, or other protocols
desired but not necessary for the success of the network
project.  Requirements Spec and Map
 We need to use a systems approach for understanding the o A requirements specification is a document which
network summarizes the requirements for a network
o The system goes far beyond the network hardware,  Often it becomes a contractual obligation, so
software, etc. assumptions, estimates, etc. should be carefully
spelled out
o Also includes understanding the users, applications or
services, and external environment o Requirements are classified by
 Requirements can come from many aspects of the  Status: core/current, future, rejected, or
network system: informational requirement
o User Requirements: Set of requirements that is  Priority can provide additional numeric distinction
gathered or derived from user input and needed by users within a given Status (typically on a 1-3 or 1-5 scale)
to successfully accomplish their tasks on the system  Sources for Gathering requirements can be identified,
o Application Requirements: or give basis for Deriving it
 What types and groups of apps are we using?  Type is user, app, device, network or other
 Where are the apps located? 2. Analyzing Existing Network
o Device Requirements:  Few networks today
 What kinds of devices are on your network? (generic o are built entirely from scratch
computing devices, servers, or specialized devices)  Most network architectures/designs today
 Specialized devices are often location-specific o incorporates existing networks by upgrades, such as
 Often generic devices can be grouped by their  adding a new application to the system,
quantity  migrating to a new/different technology/protocol, or
 understanding of the device’s performance – its  upgrading the network infrastructure, and
ability to process data from the network results from  the expansion or reduction of a system’s size or scope
many factors  The network architecture and design must accommodate any
 Storage performance, that is, flash, disk drive, dependencies and constraints imposed by existing network
or tape performance o Scaling, Location, Network, system, Interoperability
 Processor (CPU) performance and support service dependencies,
 Memory performance (access times) o Performance constraints, Network obsolescence, and
 Bus performance (bus capacity and o requirements for the users, applications, and devices of
arbitration efficiency) the existing network must be considered
 OS performance (effectiveness of the protocol  Requirements Mapping: can show graphically where stuff
stack and APIs) is, what kind of apps are used, and existing connectivity
 Device driver performance 3. Network Analysis Methods/tools
o Network Requirements: a) Gather and List Requirements
 Network integration; Scaling dependencies,  Service requirements are gathered and developed with
Location dependencies , Performance constraints initial conditions on the architecture and design, with input
 Network management and security issues need to be from:
addressed throughout development  Users
o Other Requirements:  Administration,
 Requirements can come from other outside sources –  Management
your customer, legal requirements, larger scale  Then refined by applying experience and knowledge
organization (enterprise) requirements, etc b) Determining Initial Conditions: consist of:
 can include  any outside forces acting on the network
 Debre Berhan University
College of Computing
Network Design Short Notes
 Type of Network Project 4. Characterizing Network Traffic & Flows
o New network, Modification of an existing network,  Flows
Analysis of network problems, Outsourcing, o is the process of characterizing traffic flows for a
Consolidation, Upgrade network: where they are likely to occur and what levels
 Scope of Network Project of performance they will require.
o Network size, Number of sites, Distance between sites  The requirements map is a great place to start analysis of
 Initial Architecture/Design Goals flows in your network are built entirely from scratch
o upgrade technology/vendor, improve performance to o We don’t want to model EVERY traffic (data) flow, just
part or all of network, support new users, applications, the important ones
or devices, solve perceived problems within system,  A traffic flow describes data movement, e.g.
increase security, Support a new capability in system o Source and/or destination addresses
c) Work with Customer and User o Type of information
 Working with users is important, to know how they use the o Directionality (bidirectional or unidirectional)
network and what problems they find important o Other aspects, such as QoS needs
 Look for red flags in early discussions  Flows are end-to-end, between source and destination
d) Developing Service Metrics applications/devices/users.
 Service metrics are characteristics measured or derived  Most flows are bidirectional: represented as either a single,
from the network double sided arrow with one or two sets of performance
o Metrics must be configurable, measurable, & verifiable requirements, or as two separate flows, each with its own
 RMA metrics might include set of requirements.
o Reliability – mean time between failures (MTBFs) and  Unidirectional flow represented as a single-sided arrow
mean time between mission critical failures (MTBCFs) with one set of performance requirements.
o Maintainability – mean time to repair (MTTR)  Individual and Composite Flows
o Availability – MTBF, MTBCF, and MTTR  Individual flow: flow for a single session of an application;
 Service metrics for capacity include: o considered individually for guaranteed requirements
o Data rates – peak data rate, sustained data rate, and or consolidated with other requirements and combined
minimum data rate into a composite flow.
o Data sizes – burst sizes and durations  A composite flow: is a combination of requirements from
 Service metrics for delay include: multiple applications, or of individual flows, that share a
o End-to-end or round-trip delay common link, path, or network. Most flows in network are
o Latency composites.
o Delay variation  Identifying and Developing Flows
 Operational Suitability o Identified and developed from information in the
o ensuring that operating the planned NW is an easy task requirements specification: user, application, device,
 Confidence: is the ability of a network to provide throughput and network requirements
at an acceptable error or loss rate o Develop sets of requirements and mappings of
o Measure by percent of traffic lost during a given time application and/or device locations.
period (e.g. 2% loss up to 1 min) o Do not constrain flows to existing networks, topologies,
 SNMP or CMIP (Common Management Information or technologies.
Protocol) can be used to configure these metrics, which are o Based on the requirements and locations of the
kept in the Management Information Base (MIB) applications and devices that generate (source) or
e) Requirements Mapping and specification terminate (sink) each traffic flow.
 In topic 1 and 2  Data sources and sinks can help provide directionality to
o we discussed the importance of determining the flows.
locations of important devices and applications  Flow Models: We have 4 types of flow models as follows:
 As part of the analysis process o Peer-to-peer flow model: either all of the flows or
o we will bring that location information together into a none of the flows is critical. the flows are equivalent
map of where devices are likely to be and where o Client–server flow model: are bidirectional, between
applications are likely to apply. clients and the server, in the form of requests and
 After map out the requirements, write them in a specification responses
o Make sure you and your customer are in agreement o Hierarchical client–server: These flows (server-to-
on the needs of the network server and server-to-manager) may be considered
o Prioritize requirements, critical, in addition to the server-to-client flows. The
servers can now be either data sources or sinks (or both).
 Debre Berhan University
College of Computing
Network Design Short Notes
 Content delivery networks (CDN) and mirrors o Testing a network design is made easy
o Distributed computing: flows may be primarily o Hierarchical design facilitates changes.
between a task manager and its computing devices (like o Supports fast-converging routing protocols and
a client–server model) or between the computing scalability
devices (like a peer-to-peer model). b) Flat Versus Hierarchical Topologies?
 For each model consider the directionality and hierarchy  flat network topology
of its flows. o is adequate for small NWs
 identify which flows in each model are critical, or  easy to design, implement, and maintain.
important flows o There is no hierarchy.
Chapter 3: Structuring and Modularizing the NW  Each network device has essentially the same job, and
1. Logical Network Topologies the network is not divided into layers or modules.
 Logical Design o When the network grows, a flat NW is undesirable.
o The network topology including one or more drawings  The lack of hierarchy makes troubleshooting
that illustrate the logical architecture, Addressing, difficult.
naming network devices, routing, bridging and  Rather than concentrate troubleshooting efforts in just
switching protocols, security mechanisms, network one area of network, you might inspect the entire
management architecture, processes and products network.
 Designing a network topology is the first step in the logical  Flat WAN Topologies
design phase of the top-down network design methodology. o A WAN for a small company can consist of a few sites
o A topology is a map of an internetwork that indicates connected in a loop.
network segments, interconnection points, and user o Each site has a WAN router that connects to two other
communities. adjacent sites via point-to-point links
o The map is a high-level blueprint of the network o As long as the WAN is small (a few sites), routing
 A topology diagram is a useful tool to move from a logical protocols can converge quickly, and communication
design to a physical implementation of network. with any other site can recover when a link fails.
a) Hierarchical Network Design o As long as only one link fails, communication recovers.
 made corporate network design easier by When more than one link fails, some sites are isolated
o “divide and conquer” the job and from others.
o design in discrete layers. o A flat loop topology is generally not recommended for
 Each layer can be focused on specific functions, networks with many sites
o allows to choose the right systems and features for the o A loop topology can mean that there are many hops
layer. between routers on opposite sides of the loop, resulting
insignificant delay and higher probability of failure.
 A typical hierarchical topology is
o If your traffic flow analysis indicates that routers on
o A core layer of high-end routers and switches that are
opposite sides of a loop topology exchange a lot of
optimized for availability and performance.
traffic, you should recommend a hierarchical topology
o A distribution layer of routers and switches that
instead of loop.
implement policies. In small and medium-sized
o To avoid any single point of failure, you can place
organizations, the core and distribution layers can be
redundant routers or switches at upper layers of the
combined.
hierarchy
o An access layer that connects users via lower-end
c) Mesh Versus Hierarchical-Mesh Topologies
switches and wireless access points.
 Network designers often recommend mesh topology to meet
 Why Use a Hierarchical Network Design Model?
good reliability and availability
o to design a modular topology that limits the number of
 In a full-mesh topology,
communicating routers.
o every router or switch is connected to every other router
o can help you minimize costs
or switch.
 avoiding spending money on unnecessary features for
o The number of links in a full-mesh topology is: (N *
a layer
(N – 1)) / 2. (N is the number of routers or switches.
 use low-end switches when simple, inexpensive
(Divide result by 2 to avoid counting Router X to Router
access is required
Y and Router Y to Router X as two different links.)
o Modularity enables you to keep each design element
o Provides complete Link redundancy and good
simple and easy to understand.
performance because there is just a single-link delay
o Maximizing overall performance by modularizing the
between any two sites
tasks required of internetworking devices.
 Debre Berhan University
College of Computing
Network Design Short Notes
 Partial-mesh network topology o Each area should be designed using a systematic, top-
o has fewer connections. down approach,
o To reach another router or switch in a partial-mesh  applying hierarchy and redundancy where
network might require traversing intermediate links appropriate.
 Disadvantages of Mesh Topologies o Network solutions and services can be selected on a per-
o Mesh topology have many disadvantages if they are not module basis
designed carefully.  but validated as part of the overall network design
 can be expensive to deploy and maintain. (A full-  For Example: SAFE
mesh network is expensive.) o Cisco developed the SAFE security reference
 can also be hard to optimize, troubleshoot, and architecture to depict the components or modules of
upgrade, unless they are designed using a simple, enterprise network.
hierarchical model. o SAFE simplify the designing of complexity & large
 have scalability limits for groups of routers that internetwork.
broadcast routing updates or service advertisements. o With SAFE, you can analyze the functional, logical, and
o Solution: Simple, Classic Three-Layer Hierarchical physical components of a network.
Model. o SAFE takes a defense-in-depth approach,
d) Classic Three-Layer Hierarchical Model Cisco SAFE Architecture
 limits the number of router adjacencies  Core:
 For small and medium-sized companies, the hierarchical o stitches together all other modules. a high-speed infra-
model is often implemented as a hub-and-spoke topology structure that provides reliable and scalable Layer 2 and
with little or no meshing. As shown in Figure 3.4 3 transport.
o Corporate headquarters or a data center form the hub. o typically implemented with redundant switches that
o Links to remote offices and telecommuters’ homes aggregate the connections to the campus, data center,
form the spokes WAN edge, and Internet edge.
 The three-layer model permits traffic aggregation and  Data center:
filtering at three successive routing or switching levels. o hosts servers, applications, and storage devices for use
o This makes the three-layer hierarchical model scalable by internal users.
to large international internetworks. o connects the network infrastructure that these devices
e) Redundant Network Design Topologies require,
 Enable you to meet requirements for network availability  including routers, switches, load balancers, content
by duplicating any required components in a network delivery devices, and application acceleration
whose failure could disable critical applications. devices.
 Redundancy attempts to eliminate any single point of o not directly accessible from the Internet to the general
failure on the network. public.
 To enable business survivability after a disaster and offer  Campus network :
performance benefits from load sharing, some organizations o provides network access to end users and devices
have completely redundant data centers. . located in a single geographical location.
 You can implement redundancy inside individual campus o should allow campus users to securely access data center
networks and between layers of the hierarchical model. and Internet resources from the campus infrastructure.
o Implementing redundancy on campus networks  Management Network: spanning all the building blocks of
 can help you meet availability goals for users SAFE arc.
accessing local services. o provides out-of-band (OOB) and in-band (IB)
o Implementing redundancy on the edge of the management, monitoring, analysis, authentication &
enterprise network logging services.
 to ensure high availability for Internet, extranet, and o Management servers support RADIUS, Kerberos,
virtual private network (VPN) access. Network Time Protocol (NTP), SNMP, and syslog
 Because redundancy is expensive to deploy and maintain, traffic.
o you should implement redundant topologies with care.  WAN Edge:
o be sure to select a level of redundancy that matches your o is the portion of the network that aggregates WAN links
customer’s requirements for availability and o The WAN can be owned by the enterprise or by a
affordability. service provider, the latter being the more common
f) Modular Network Design option.
 Large network design projects and large networks in
general consist of different areas or modules.
 Debre Berhan University
College of Computing
Network Design Short Notes
 Internet edge: b) Flow Models
o is the infrastructure that provides connectivity to the o Peer-to-peer, Client-server, Hierarchical client-server,
Internet Distributed-computing
o acts as a gateway for the enterprise to the rest of the c) Network functions
world.  Think of the functions it’s performing (addressing, routing,
o Internet edge services include a public DMZ, corporate security, network management, performance) as an integral
Internet access, and remote-access VPN. part of the components
 Branches: o E.g. routing or switching can be affected by security
o provide connectivity to users and devices at remote o So think of functional entities, not just HW
locations.  Measure network success by how well user, app, and
o includes one or more LANs and connects to the central device req’ts are met functionally
site via a private WAN or an Internet connection using  Each function will be defined by a component architecture;
VPN technology. combine them to get the overall reference architecture
o host local data, voice, and video services.  What is the difference b/n network architecture and network
 Extranet: design?
o allows selected business partners, customers, and o Network design is more detailed, technology- and
suppliers to access a portion of the network via secure location-specific description than its architecture
protocols. o Component architectures describe the hardware and
o Extranet services include remote-access VPN, threat software mechanisms needed to make a type of function
detection and mitigation, state full failover for servers work
and network devices, and topological redundancy.  The key functions are; Addressing and routing, Network
 Partner Sites: management, Performance, Security
o are networks owned by business partners, customers,  Making this work may require trade-offs!
and suppliers.  Routing/Addressing Arch.
o They access services in the extranet via secure WAN or o Addressing applies MAC or IP addresses
Internet connectivity. for devices
 E-Commerce: o Routing establishes connectivity within and between
o hosts applications, servers, and data used in the selling network(s)
and buying of products. o This component architecture defines how user and
o Services include Layer 2 through 7 security, server management flows are forwarded, and how hierarchy &
farms with traffic filtering, and server load balancing. interconnectivity are balanced in subnets
o Virtual contexts provide segmentation and policy o For a network design to work well, we need to balance
enforcement for server-to-server communication. between 2 main principles
 Teleworker:  Hierarchy – how much network traffic flows connect
o is the home office of a full-time or part-time employee. in tiers of organization
o Services in this module include remote-access VPN,  Interconnectivity – offsets hierarchy by allowing
desktop security, secure wireless networking, IP connections between levels of the design, often to
telephony, and IP video. improve performance between them
 Cisco Sensor Base:  Network Management Arch.
o consists of threat collection servers that receive daily o decides how the network will be monitored and
updates from globally deployed sensors managed; Monitoring, instrumentation, configuration,
2. Network architecture security management components, how centralized is
 Architectural Models mgmt.?
o Models for network architecture can be based on  Performance Architecture
topology, flow or functionality o defines how network performance will be established
 Topology models are mainly to design: and managed
o The WAN/MAN/LAN model – basic hierarchical  Defines how network resources are allocated
structure to users, apps, and devices
a) Topology models  Capacity planning, traffic engineering, QoS, access
o Connecting Different Size (Sub_)networks; control
 WAN, MAN, LAN  DiffServ vs IntServ
 Core, distribution, access  Security Architecture
o How do you protect system resources and data from
theft, damage, and unauthorized access?
 Debre Berhan University
College of Computing
Network Design Short Notes
 encryption, firewalls, routing filters, NAT
 Threat analysis, physical vs app security
o Define security zones (cells) for different levels of
security
 Affects how other architectural components can
interact with each other
Chapter 4: Designing Basic Campus and Data
Center Networks a) Campus Network Design consideration
 The availability of multi-gigabit campus switches gives o Edge Networks (Layer 2 LANs)
customers the opportunity to build extremely high-  Minimize Number of Network Devices in the Path :
performance, high-reliability networks—if they follow  Plan for no more than 250 Computers at maximum
correct network design approaches.  This network should only be switched
 Unfortunately, some alternative design approaches can result  Always buy switches that are managed – no unmanaged
lower performance, reliability, and manageability. switches!
 A hierarchical modular design approach called multilayer  Build Edge network incrementally as you have demand
campus network design combines data link layer and and money
multilayer switching to achieve robust, highly available  Resist the urge to save money by breaking this model and
campus networks. daisy chaining networks or buildings together
 Why We Focus on Enterprise Campus Design o Core Layer
o It is the foundation of Research and Education Networks  Always route (not switch) in the core
(REN) for enabling business applications, enhancing  Reliability is key: Reliable power and air conditioning
productivity, and providing a multitude of services to  Add more devices for redundancy or better
end users. performance
o Ad hoc networks just don’t work well; They are  Use dual power supplies fed from separate UPSs
unreliable and hard to maintain.  At the core of your network should be routers – you must
o If you don’t have a plan, how will you know where are route, not switch.
going?  Routers give isolation between subnets (they stop
 Campus Network Rules broadcasts)
o Separate layers of your network  Routing is more complicated, but also more
o Minimize number of network devices in any path sophisticated and can make more efficient use of the
o Use standard solutions for common situations network, particularly if there are redundancy elements
o Provision central services near the core such as loops
o Route near the core, switch at the edges o Where to put Firewalls or NAT
o Separate core router functions from border router  Firewalls or NAT devices must be placed “in line”
functions  This means that the speed of this device affects access
o Use DHCP centrally to the outside world
o Separate DNS server duties  Try to have parts of your network non-firewalled, non
NATed
1. Campus Network Design
 this will allow full bandwidth, un-filtered access to the
 A good Campus Network design is modular and Internet
hierarchical, with a clear separation of functions:
o Where to put Servers?
o Core: Resilient, few changes, few features, high link
 Servers should be on a high speed interface off of your
and high CPU capacity
core router
o Distribution: Aggregation, redundancy
 Servers should be at your core location where there is good
o Access: Port density, affordability, security features, power and air conditioning
many adds, moves and changes
 Within a campus network, servers may be placed locally
in the Building Access or Building Distribution layer, or
attached directly to the Campus Core.
 Centralized servers are typically grouped into a server
farm located in the Enterprise Campus or in a separate
data center.
 If the server is dual-attached (dual-NIC redundancy), one
interface can be active while the other is in hot standby.
 Sample Server Farm Design
 Debre Berhan University
College of Computing
Network Design Short Notes
 attach the Server Farm module to the Campus Core  Access Switch
layer with either a 10-Gigabit Ethernet or multiple o Layer2 Managed Fixed configuration / Unmanaged
Gigabit Ethernet links. switch
 Within the Server Farm module, multiple VLANs can o Multiple 10/100 or 10/100/1000 ports for desktop
be used to create multiple policy domains as required. connectivity
o Border Router 2. Data Center Network Designing
 Connects to outside world  Data centers contain centralized computing resources vital
 RENs and Peering are the reason you need them to all employees in the enterprise;
 Must get Provider Independent IP address space and o be they at headquarters, a large regional office, a remote
Autonomous System Number and run BGP to really make branch office, a home office or at a customer site.
this work right  new data center topologies are emerging.
o Putting it all Together o data center traffic becoming less client-server and more
o Alternative Core Designs server-server centric,
 One Armed Router for Core o Yesterday’s heavily segmented data center is becoming
 Wireless Links versus Fiber less physically segmented and more virtually
 Complex Core Designs; Multiple Core Routers segmented.
o Central DHCP o Virtual segmentation allows for the reduction of
 In order to centralize your DHCP service, you need a physical equipment, leading to both capital and
DHCP relay on each subnet operational expense (CAPEX/OPEX) savings.
 Most routers provide this feature  New Data Center connectivity solutions provide the ability
 The central server knows which subnet queries are to compress the traditional 3-tier network into a physical 2-
coming from, and assigns addresses from the right tier network by virtualizing the routing and switching
pool functions into a single tier.
 As you grow;  Virtualized routing provides greater resiliency and fewer
 add another server and run as a failover pair switches.
o Separate Authoritative and Recursive DNS  Reducing the number of uplinks (switch hops) in the data
 DNS reliability is essential to your network center improves application performance as it reduces
 No DNS == No services latency throughout the fabric.
 Server location a) Three-Tier Design
 On different subnets, of different routers  Three-tier data center design is comprised of
 Air conditioned, dual power supplies, etc. o access switches connected to servers,
 Separate duties o aggregation switches for access switch aggregation and
 Authoritative and recursive on different machines o data center core switches providing routing to and
 Layer 2 and 3 Summary from the enterprise core network.
o Route in the core  The three-tier design is based on a hierarchical design so its
o Switch at the edge main benefit is scalability.
o Build star networks – don’t daisy chain  With routing being done by data center core switches, no full
o Buy only managed switches – repurpose mesh is required.
o your old unmanaged switches for labs  The disadvantages of three-tier design are
b) Simple Campus Network Architecture o Higher latency due to the additional layer,
 Uses Three Tier Switching Architecture (Popularly known o additional congestion/oversubscription in the design
as Cisco’s Switching Architecture) (unless bandwidth between nodes is dramatically
 Backbone Switch increased),
o Layer 3/4 Chassis based switch o more managed nodes (adding a certain amount of
o Multiple 100Fx or 1000SX/LX or 10GLX/LH ports for complexity for operation & maintenance),
connectivity to Distribution switches o higher energy consumption and
o Multiple 10/100/1000 ports for connectivity to Servers o the need for additional Rackspace.
 Distribution Switch b) Sample Data Center Network Topology
o Layer 2/3 Managed Fixed configuration switch  provides connectivity services for networked elements
o 1/2 100Fx or 1000Sx/Lx or 10GLX/LH ports for within the data center, such as servers and storage, as well as
connectivity to the Backbone switch to external users or other data centers.
o Multiple 10/100 or 10/100/1000 ports for connectivity  Data Center Access Layer
to the Access switches o provides Layer 2, Layer 3, and mainframe connectivity.
 Debre Berhan University
College of Computing
Network Design Short Notes
o This layer design varies depending on whether Layer 2 private addressing and network address translation (NAT),
or Layer 3 access switches are used; and dynamic addressing.
o it is typically built with high-performance, low-latency  Classful addressing:
Layer 2 switches, o the address space is divided into five classes: A, B, C,
 allowing better sharing of service devices across D, and E.
multiple servers and allowing the use of Layer 2  Subnetting:
clustering, which requires the servers to be Layer 2– o If an organization was granted a large block in class A
adjacent. or B, it could divide the addresses into several
 With Layer 2 access switches, the default gateway for contiguous groups and assign each group to smaller
the servers can be configured at the access or networks (called subnets) or, in rare cases, share part of
aggregation layer. the addresses with neighbors.
 Data Center Aggregation (distribution) Layer o Subnetting increases the number of 1s in the mask.
o aggregates the uplinks from the access layer to the Data  Variable-Length Subnetting:
Center Core layer and is the critical point for control and o is subnetting where multiple variable-length subnet
application services. masks (VLSM) are used, creating subnets of different
o Deploys Security and application service devices (such sizes.
as load-balancing devices, SSL offloading devices, o allows better mapping of subnets to workgroups.
firewalls, and IDS devices) provide Layer 4 through  Supernetting:
Layer 7 services. o is aggregating network addresses, by changing the
 Data Center Core Layer address mask to decrease the number of bits recognized
o best practice for large data centers. as the network.
o Its Key characteristics include the following: o reduced the number of advertisements in the Internet
 A distributed forwarding architecture and changed the way that most people view addressing.
 Low-latency switching  classless interdomain routing (CIDR):
 10-Gigabit Ethernet scalability o used to denote the absence of class boundaries in
 Scalable IP multicast support network routing.
3. Network Architectures Considerations o in classless addressing the mask for a block can take
a) Addressing and Routing Architecture Considerations any value from 0 to 32. It is very convenient to give just
 IP addressing and routing are the cornerstones of a network, the value of n preceded by a slash (CIDR – Classless
o upon which other component architectures are built., Inter Domain Routing notation).
 Addressing is assigning local or global, private or public, o The address and the /n notation completely define the
temporary or persistent, identifiers to devices. whole block (the first address, the last address, and the
 Routing consists of learning about the reachability within number of addresses).
and between networks and using this information to forward  Private Addressing and NAT:
IP packets to their destinations. o 10.0.0.0 through 10.255.255.255 (10/8 prefix)
 IP addresses consist of an address identifier and mask. o 172.16.0.0 through 172.31.255.255 (172.16/12 prefix)
o Classful IP address identifier divided into network ID o 192.168.0.0 through 192.168.255.255 (192.168/16
and host ID. prefix)
o Address mask identifies which bits in the address are o benefit of using private addresses
part of the network and device.  was originally established to help with address space
 IP address with its Mask determines either an address is on depletion in the Internet.
the local network or remote network.  These addresses are not advertised and forwarded in
o Traffic Is Forwarded Based on the Longest (Most the Internet
Explicit) Address Match.  they have an additional degree of security
 Addresses can be local or global, private or public, o NAT maps IP addresses between public and private
temporary or persistent. spaces.
 Routers learn reachability either  Routing Mechanisms
o Statically: info configured into them by network o we consider here are establishing routing flows,
personnel or identifying and classifying routing boundaries, and
o Dynamically: through the use of a routing protocol. manipulating routing flows.
 Some of the popular mechanisms for addressing networks: o Establishing Routing Flows:
classful addressing, sub netting, variable-length sub netting,  flow specification and flow map forms the foundation
super netting and classless inter domain routing (CIDR), for routing flows (traffic flows being what is routed
through the network)
 Debre Berhan University
College of Computing
Network Design Short Notes
 consists of b) Network Management Considerations
 segmenting the network into functional areas and  Network management(NM) consists of the set of functions
workgroups, to control, plan, allocate, deploy, coordinate, and monitor
 identifying boundaries between these areas, and then network resources.
 forming the relationships between boundaries and  consisting of multiple layers (a top-down approach)
routing flows.  NM is Composed of Managing Elements and Transporting
 Functional areas(FA) are groups within the system Management Data
that share a similar function.  Think about scalability, traffic patterns, data formats, and
 may be of users (workgroups), applications, devices, cost/benefit tradeoffs, proactive network management
or combinations of these strategy.
 functional areas are connected with routers.  ISO defines five types of network management processes
o Identifying and Classifying Routing Boundaries: o Fault management: diagnosing, detecting, isolating,
 Routing boundaries are physical or logical separations correcting and reporting problems.
of a network, based on requirements for or o Configuration management: helps NW manager to
administration of that network. keep track of NW devices and maintain information on
 Physical boundaries can be identified by how devices are configured.
 isolation LANs; physical interfaces on network o Accounting management: facilitates usage-based
equipment or billing, whereby individual departments or projects are
 demilitarized zones (DMZs); physical security. charged for network services. catch departments or
 Logical boundaries can be identified by individuals who “abuse” the network.
 functional areas, workgroups, administrative o Performance management: allows measurement of
domains, such as autonomous systems (ASs), network behavior and effectiveness.
Security domains and routing management domains.  You should monitor two types of performance: End-
 two general types of routing protocols. to-end performance and Component performance
 Exterior gateway protocols(EGPs): communicate o Security Management:
routing information (reachability and metrics)  lets a network manager maintain and distribute
primarily between ASs. passwords and other authentication and authorization
 Interior gateway protocols (IGPs): communicate information.
routing information primarily within an AS.  process of collecting, storing, and examining security
o Routing flows are flows of routing information, passed audit logs.
between functional areas as well as between ASs.  Network Management Architectures
o routing information includes o consists of three major components:
 routing initialization, updates, transients, and  Managed device:
background traffic such as hello or keep alive  network node that collects and stores management
messages. information.
o Routing boundaries and flows are important to the  can be routers, servers, switches, hubs, end systems,
development of the architecture and design, because or printers.
routing flows can be manipulated at routing boundaries.  Agent:
o Manipulating Routing Flows:  NM software that resides in a managed device.
 controlling routing flows within the network is vital  tracks local management information and uses a
to the proper operation and performance of the protocol such as SNMP to send information to
network. NMSs.
 techniques  Network management system (NMS):
 default route: used when no other route for that  Runs applications to display management data,
destination monitor and control managed devices, and
 route filtering to hide routes from the rest of an AS communicate with agents.
 route aggregation to simplify advertisements by c) Selecting Network Management Tools and Protocols
exchanging routing information between ASs, o NM tools should provide
usually between ISP and large customer networks.  intuitive user interface that can react quickly to user
 develop peering relationships between networks or input,
ASs across boundaries.  command-line interface (CLI),
 develop routing policies and policy enforcement.  both browser interface and CLI.
o You can meet most customers’ needs by recommending
tools that support Management Information Bases
 Debre Berhan University
College of Computing
Network Design Short Notes
(MIB), Remote Monitoring (RMON), Cisco Discovery  Network Security is the 12 Step Program:
Protocol, Cisco NetFlow Accounting … 1) Identify network assets
d) Designing Remote Connectivity 2) Analyze security risks
 organizations have become more mobile and geographically 3) Analyze security requirements and tradeoffs
dispersed, remote-access technologies have become an 4) Develop a security plan
important ingredient of many enterprise network designs. 5) Define a security policy
 Enterprises use remote-access technologies to provide 6) Develop procedures for applying security policies
network access to telecommuters, employees in remote 7) Develop a technical implementation strategy
offices, and mobile workers who travel. 8) Achieve buy-in from users, managers, & technical staff
 analysis of location of user communities and their 9) Train users, managers, and technical staff
applications should form the basis of remote-access design. 10) Implement the technical strategy and security
 It is important to consider procedures
o location and number of full & part-time telecommuters, 11) Test the security and update it if any problems are found
o how mobile users access the network, and 12) Maintain security
o location and scope of remote offices.  Security Mechanisms:
o Service-level agreements (SLA) o Physical security, Authentication, Authorization,
o Cost of investment and usage Accounting (Auditing), Data encryption, Packet filters,
 But we can’t compromise security Firewalls, Intrusion Detection Systems (IDS), Intrusion
o Remote access increases security risks Prevention Systems (IPS)
o Difficult and expensive to implement current solutions,  Modularizing Security Design
 How do we do this? o “Defense in depth” security Design
o Remote locations (Internet, branches, offices, and  multilayered Network security with many different
teleworkers) connectivity is provided through enterprise techniques
edge technologies and the enterprise WAN architecture. o Secure all components of a modular design:
 The enterprise edge connects campus resources to  Internet connections
remote enterprise locations. It includes; WAN,  Public servers and e-commerce servers: place public
Internet connectivity, remote access, and VPN servers in DMZ is protected via firewalls, run a
modules. firewall on the server itself …
o WAN technologies and WAN transport media must be  Remote access networks and VPNs
utilized.  Network services: Use SSH rather than Telnet
 Different types of WAN connection are appropriate  network management …
for different uses  Server farms: authentication and authorization for
 Can be point-to-point between two locations or server access and management …
 multipoint WAN service offering, such as a Frame  User services: personal firewalls and antivirus
Relay or Multiprotocol Label Switching (MPLS) software on networked PCs …
network.  Wireless networks
o WAN remote access choices: TDM, ISDN, Analog  Place wireless LANs (WLANs) in their own subnet
modem dialup, Frame Relay, Asynchronous Transfer or VLAN
Mode (ATM), Asynchronous Transfer Mode (ATM),  Require all wireless (and wired) laptops to run
Cable Technology, Wireless Technologies, and DSL personal firewall and antivirus software
technologies that are used with VPN.  Disable beacons that broadcast, and require MAC
4. Network Security Considerations address authentication
 Security should be considered during many steps of the top- o Cisco SAFE Security Reference Model addresses
down network design process. security in every module of a modular network
 Security experts promote defense in depth principle. architecture
o NW security should be multilayered, with many 5. Identifying Voice Networking Considerations
different techniques.  Design architectures
o No security mechanism can be guaranteed to withstand o Alternative Traditional Voice Architectures: PSTN,
every attack. PBX, and
o sometimes called belt-and-suspenders approach o integrated voice architectures: VoIP, IP telephony
o Example: use a dedicated firewall to limit access to  considerations
resources and a packet-filtering router that adds another o voice quality issues,
line of defense. o coding and compression standards, and
o Bandwidth.