Transcript Designing a Network Topology

CIS460 – NETWORK
ANALYSIS AND DESIGN
CHAPTER 5 –
Designing a Network Topology
Topology
• a map of an internetwork that indicates
segments, interconnection points and user
communities
• First step in logical design
• Hierarchical network design
– Scalable campus and enterprise networks
– Layered, modular model
Hierarchical Network Design
• Develop in discrete layers
• Each has a specific functions
• Typical hierarchical topology is:
– core layer of high-end routers and switches that are
optimized for availability and performance
– Distribution layer of routers and switches that
implement policy
– Access layer that connects users via hubs, switches, and
other devices
Why Use A Hierarchical Network
Design
– CPU adjacencies and increased workload with
broadcast packets
– Modular topology that limits the number of
communicating routers
– Minimize costs by buying appropriate internetworking
devices for each layer
– Keep design element simple and easy to understand
– Facilitates design changes
– Enables creating design elements that can be replicated
– Today’s routing protocols were designed for
hierarchical topologies
Flat Versus Hierarchical
Topologies
• Flat is adequate for very small networks
• Flat is easy to design and implement and
maintain
Flat WAN Topologies
• A WAN for a small company can consist of a few
sites connected in a loop. Each site has a WAN
router that connects to two other adjacent sites via
point-to-point links
• Not recommended for networks with many sites.
– Loop topology can mean many hops between routers
– If routers on opposite sides of a loop exchange a lot of
traffic use a hierarchical topology
– Redundant routers or switches required for high
availability
Mesh Versus Hierarchical-Mesh
Topologies
• Mesh topology helps meet availability
requirements
• Full-mesh topology every router or switch is
connected to every other router or switch.
– Provides complete redundancy and offers good
performance because there is just a single-link delay
between any two sites
• Partial-mesh network has fewer connections.
Reach another router or switch might require
traversing intermediate links
Mesh Topology (Cont’d)
• Disadvantages:
–
–
–
–
–
Expensive to deploy and maintain
Hard to optimize, troubleshoot, and upgrade
Lack of modularity
Difficult to upgrade just one part of the network
Scalability limits for groups of routers that broadcast
routing updates or service advertisements
– Limit adjacent routers that exchange routing tables and
service advertisements
• For small and medium-sized companies the
hierarchical model is often implemented as a huband-spoke topology with little or no meshing
The Classic Three-Layer
Hierarchical Model
• Permits traffic aggregation and filtering at three
successive routing or switching levels
• Scalable to large international internetworks
• Each layer has a specific role
• Core layer provides optimal transport between sites
• Distribution layer connects network services to the
access layer and implements policies regarding
security, traffic loading and routing
• Access layer consists of routers at the edge of the
campus networks. Provides switches or hubs for
end-user access.
The Core Layer
• High-speed backbone of the internetwork
• Should design with redundant components because it
is critical for interconnectivity
• Highly reliable and adaptable to changes
• Use routing features that optimize packet throughput
• Have a limited and consistent diameter to provide
predictable performance and ease of troubleshooting
• For connection to other enterprises via an
extranet/internet should include one or more links to
external networks.
The Distribution Layer
– The demarcation point between the access and core layers of
the network
– Roles include controlling access to resources for security
reasons and controlling network traffic that traverses the core
for performance reasons
– Often the layer that delineates broadcast domains
– Allow core layer to connect diverse sites while maintaining
high performance
– Can redistribute between bandwidth-intensive access-layer
routing protocols and optimized core routing protocols.
– Can summarize routes from the access layer
– Can provide address translation.
The Access Layer
• Provides users on local segments access to the
internetwork
• Can include routers, switches, bridges and sharedmedia hubs
• Switches are used to divide up bandwidth domains
to meet the demands of applications that require a
lot of bandwidth.
• For small networks can provide access into the
corporate internetwork using wide-area
technologies such as ISDN, Frame relay, leased
digital lines and analog model lines.
Guidelines for Hierarchical
Network Design
• Control diameter of hierarchical enterprise
network topology
– Most cases the three major layers are sufficient
– Provides low and predictable latency
– Should make troubleshooting and network
documentation easier
• Strict control at the access layer should be
maintained
Guidelines for Hierarchical
Network Design (Cont’d)
• Avoid the design mistake of adding a chain (don’t add
networks inappropriately)
• Avail backdoors – a connection between devices in the
same layer. It can be an extra router, bridge, or switch
added to connect two networks
• Design access layer first, then the distribution layer and
finally the core layer.
– More accurately plan capacity requirements for the
distribution and core layers
– Also recognize optimization techniques needed
Guidelines for Hierarchical
Network Design (Cont’d)
• Design using modular and hierarchical
techniques and then plan the
interconnection between layers based on
analysis of traffic load, flow, and behavior
Redundant Network Design
Topologies
• Lets you meet network availability by duplicating
network links and interconnectivity devices.
• Eliminates the possibility of having a single point
of failure
• Cab be implemented in both campus and
enterprise
– Campus goals for users accessing local services
– Enterprise goals for overall availability and
performance
– Analyze business and technical goals of customer
Backup Paths
• Consists of routers and switches and individual
backup links between routers and switches that
duplicate devices and links on the primary path
• Consider 2 aspects of backup path
– How much capacity does it support
– How quickly will the network begin using it
• Common to have less capacity than a primary path
– Different technologies
– Expensive
Backup Paths (Cont’d)
• Manual versus automatic
– Manual reconfigure users will notice disruption
and for mission critical systems not acceptable
– Use redundant, partial-mesh network designs to
speed automatic recovery time
• They must be tested
• Sometimes used for load balancing as well
as backup
Load Balancing
• Primary goal of redundancy is to meet availability
• Secondary goal is to improve performance by load
balancing across parallel links
• Must be planned and in some cases configured
• In ISDN environments can facilitate by
configuring channel aggregation
– Channel aggregation means that a router can
automatically bring up multiple ISDN B channel as
bandwidth requirements increase
Load Balancing (Cont’d)
• Most vendor implementations of IP routing
protocols support load balancing across parallel
links that have equal cost
• Some base cost on the number of hops to a
particular destination
– Load balance over unequal bandwidth paths
• Can be effected by advanced switching
(forwarding) mechanisms implemented in routers
– Often caches the path to remote destinations to allow
faster forwarding of packets
Designing a Campus Network
Design Topology
• Should meet a customer’s goals for availability
and performance by featuring small broadcast
domains, redundant distribution-layer segments,
mirrored servers, and multiple ways for a
workstation to reach a router for off-net
communications
• Designed using a hierarchical model for good
performance, maintainability and scalability.
Virtual LANs
– Is an emulation of a standard LAN that allows data
transfer to take place without the traditional physical
restraints placed on a network.
– Based on logical rather than physical connections and
are very flexible
– Communicate as if they were on the same network
– Allows a large flat network to be divided into subnets to
divide up broadcast domains
– In the future fewer companies will implement large flat
LANs and the need for VLANs will be less
– Hard to manage and optimize. When dispersed across
many physical networks traffic must flow to each of
those networks
Redundant LAN Segments
• In Campus LANs it is common to design
redundant links between LAN switches
• The spanning-tree algorithm is used to avoid
packet loops.
• Spanning-tree algorithm is good for loops but not
necessarily for load balancing
• When multiple bridges or switches exist in a
spanning tree, one bridge becomes the root bridge.
Traffic always travels toward the root bridge.
Only one path to the root bridge is active, other
paths are disabled.
Server Redundancy
– File, Web, Dynamic Host Configuration Protocol
(DHCP), name, database, configuration, and broadcast
servers are all candidates for redundancy in campus
design
– When a LAN is migrated to DHCP servers the DHCP
servers become critical. Use redundant DHCP servers.
– DHCP servers can be at the access or distribution layer.
In small networks often in the distribution layer. In
larger in the access layer.
– In large campus networks the DHCP server is often
placed on a different network segments than the end
systems that use it.
Server Redundancy (Cont’d)
• Name servers are less critical than DHCP servers
because users can reach services by address
instead of name if the name server fails
• If ATM is used it is a good idea to duplicate the
ATM services used by clients running ATM LAN
emulation (LANE) software
– LAN Emulation Configuration Server (LECS)
– LAN Emulation Server (LES)
– Broadcast and Unknown Server (BUS)
Server Redundancy (Cont’d)
• Where cost of downtime for file servers is a
major concern mirrored file servers should
be recommended
• If complete redundancy is not feasible then
duplexing of the file server hard drives is a
good ideas
• mirrored file servers allow the sharing of
workload between servers
Workstation-to-Router
Redundancy
• Workstation-to-router communication is
critical in most designs to reach remote
services
• Many ways to discover a router on the
network depending on the protocol running
and its implementation
AppleTalk Workstation-to-Router
Communication
• AppleTalk workstations remember the
address of the router that sent the most
recent RTMP packet
• To minimize memory and processing
requirements remembers the address of only
one router
Novell NetWare Workstation--toRouter Communication
• Broadcasts a find-network-number request
to find a route to the destination
• Routers on the workstation’s network
respond
• The workstation uses the first router that
responds
IP Workstation-to-Router
Communication
• Implementations vary in how they implement
workstation-to-router communication.
• Some send an address resolution protocol (ARP)
to find remote station
• A router running proxy ARP responds to the ARP
request with the router’s data-link-layer address
• Advantage of proxy ARP is that a workstation
does not have to be manually configured with the
address of a router
IP Workstation-to-Router
Communication (Cont’d)
• Sometimes network administrators manually
configure an IP workstation with a default router
• A default router is the address of a router on the
local segment that a workstation uses to reach
remote services
• A number of protocols are used to identify routers
such as
– Router Discovery Protocol (RDP) which uses
• Internet control Message Protocol (ICMP)
• ICMP router advertisement packet
• ICMP router solicitation packet
Designing an Enterprise Network
Design Topology
• Should meet a customer’s goals for
availability and performance by featuring
redundant LAN and WAN segments in the
intranet, and multiple paths to extranets and
the Internet
• Virtual Private Networking (VPN) can be
used
Redundant WAN Segments
• Because Wan links can be critical redundant
(backup) WAN links are often included in
the enterprise topology
• Full-mesh topology provides complete
redundancy
• Full mesh is costly to implement, maintain,
upgrade and troubleshoot
Circuit Diversity
• Learn as much as possible about the actual
physical circuit routing
• Some carriers use the same facilities which means
the backup path is susceptible to the same failure
as the primary path
• Circuit diversity refers to the optimum situation of
circuits using different paths
• It is becoming increasingly harder to guarantee
circuit diversity because of mergers of carriers
• Analyze your local cabling in addition to the
carrier’s services
Multihoming the Internet
Connection
• Means to provide more than one connection for a
systems to access and offer network services
• Server is multihomed is it has more than one
network layer address
• Increasing used to refer to the practice of
providing an enterprise network more than one
entry into the Internet
• Has the potential to become a transit network that
provides interconnections for other networks
– Means routers on the Internet learn they can reach other
routers through the enterprise network
Virtual Private Networking
• Enable a customer to use a public network to provide a
secure connection among sites on the organization’s
internetwork
• Can also be used to connect an enterprise intranet to an
extranet to reach outside parties
• Gives the ability to connect geographically-dispersed
offices via a service provider vice a private network
• Company data can be encrypted for routing
• Firewalls and TCP?/IP tunneling allow a customer to use
a public network as a backbone for the enterprise
network
Secure Network Design
Topologies
• Planning for Physical Security
• Meeting Security Goals with Firewall
Topologies
Planning for Physical Security
• Install critical equipment in computer rooms
that have protection
• Logical design might have an impact on
physical security
• Planning should start to allow lead times to
build or install security mechanisms
Meeting Security Goals with
Firewall Topologies
• A firewall is a system or combination of systems
that enforces a boundary between two or more
networks
– Can be a router with access control lists (ACL)
– Dedicated hardware box
– Software running on a PC or UNIX system
• Should be placed in the network topology so that
all traffic from outside the protected network must
pass through the firewall
• Security policy specifies which traffic is
authorized to pass through the firewall
Meeting Security Goals with
Firewall Topologies (Cont’d)
• Especially important at the boundary between the
enterprise network and the Internet
• Customers with the need to publish public data
and protect private data the firewall topology can
include a public LAN that hosts Web, FTP, DNS
and SMTP servers
• Larger customers should use a firewall in addition
to a router between the Internet and the enterprise
network
Meeting Security Goals with
Firewall Topologies (Cont’d)
• An alternative is to use two routers as the firewall
and place the free-trade zone between them. This
is the three-part firewall topology
• The configuration on the routers might be
complex, consisting of many access control list to
control traffic in and out of the private network
and the free trade zone.
• Dedicated firewalls usually have a GUI that lets
you specify a security policy an an intuitive
fashion
Summary
• Designing a network topology is the first step in
the logical design
• Three models for network topologies:
hierarchical, redundant, and secure
– Hierarchical lets you develop a network consisting of
many interrelated components in a layered, modular
fashion
– Redundant lets you meet requirements for network
availability by duplicating network components
– Secure protects core routers, demarcation points,
cabling, modems and other equipment. Adding
firewalls protects against hackers.