Upload
lynhan
View
215
Download
0
Embed Size (px)
Citation preview
Department of Computer Science
DCS
COMSATS Institute of Information Technology
Logical Network Design (Part II)
Rab Nawaz JadoonAssistant Professor
COMSATS IIT, Abbottabad
Pakistan
Telecommunication Network Design (TND)
Department of Computer Science
Possible (Part II) covering
Designing a network topology
Designing models for addressing and numbering
Selecting switching and routing protocols
Developing network security strategies
Developing network management strategies
2
Department of Computer Science
Classic Three-Layer Hierarchical Mode
Core layer
The core layer provides optimal transport between sites.
Distribution layer
The distribution layer connects network services to the access layer and implements policies regarding security, traffic loading, and routing.
Access layer
In a WAN design, the access layer consists of the routers at the edge of the campus networks.
In a campus network, the access layer provides switches or hubs for end user access.
3
Department of Computer Science
Core layer
The core layer of a three-layer hierarchical topology is the high-speed backbone of the internetwork.
Because the core layer is critical for interconnectivity, you should design the core layer with redundant components.
The core layer should be highly reliable and should adapt to changes quickly.
4
Department of Computer Science
Distribution Layer
The distribution layer of the network is the demarcation point between the access and core layers of the network.
The distribution layer has many roles, including controlling access to resources for security reasons and controlling network traffic.
5
Department of Computer Science
Distribution layer
The distribution layer allows the core layer to connect sites that run different protocols while maintaining high performance.
To maintain good performance in the core, the distribution layer can redistribute between bandwidth-intensive access layer routing protocols and optimized core routing protocols.
For example, perhaps one site in the access layer is still running an older protocol, such as IGRP. The distribution layer can redistribute between IGRP at the access layer
and EIGRP in the core layer.
6
Department of Computer Science
Access Layer
The access layer provides users on local segments with access to the internetwork.
The access layer can include routers, switches, bridges, shared-media hubs, and wireless access points.
7
Department of Computer Science
Redundant Network Design
Redundant network designs enable you to meet requirements for network availability by duplicating elements in a network.
Redundancy attempts to eliminate any single point of failure on the network.
The goal is to duplicate any required component whose failure could disable critical applications.
The component could be a core router, a switch, a link between two switches, a channel service unit (CSU), a power supply, a WAN trunk, Internet connectivity, and so on.
Redundancy adds complexity to the network topology and to network addressing and routing.
8
Department of Computer Science
Redundant Network Design
Backup Paths
To maintain interconnectivity even when one or more links are down, redundant network designs include a backup path for packets to travel when there are problems on the primary path.
A backup path consists of routers and switches and individual backup links between routers and switches, which duplicate devices and links on the primary path.
9
Department of Computer Science
Redundant Network Design
When estimating network performance for a redundant network design, you should take into consideration two aspects of the backup path:
How much capacity the backup path supports.
How quickly the network will begin to use the backup path.
You can use a network-modeling tool to predict network performance when the backup path is in use.
Sometimes the performance is worse than the primary path, but still acceptable.
10
Department of Computer Science
Redundant Network Design
Load Sharing
The primary purpose of redundancy is to meet availability requirements.
A secondary goal is to improve performance by supporting load sharing across parallel links.
Load sharing, sometimes called load balancing, allows two or more interfaces or paths to share traffic load
11
Department of Computer Science
CISCO Safe Architecture
SAFE is a reference architecture that network designers can use to simplify the complexity of a large internetwork.
With SAFE, you can analyze the functional, logical, and physical components of a network and thus simplify the process of designing an overall enterprise network.
12
Department of Computer Science
CISCO Safe Architecture
Core
The core stitches together all the other modules. The core is a high-speed infrastructure that provides reliable and scalable Layer 2 and Layer 3 transport
Data center
The data center hosts servers, applications, and storage devices for use by internal users.
The data center also connects the network infrastructure that these devices require, including routers, switches, load balancers, content delivery devices, and application acceleration devices.
The data center is not directly accessible from the Internet to the general public.
14
Department of Computer Science
CISCO Safe Architecture
Campus
The campus network provides network access to end users and devices located in a single geographical location.
The campus may span several floors in a single building or multiple buildings for larger enterprises.
The campus hosts local data, voice, and video services
15
Department of Computer Science
CISCO Safe Architecture
Management
The management network provides monitoring, analysis, authentication, and logging services.
WAN edge:
The WAN edge is the portion of the network that aggregates WAN links that connect geographically distant branch offices to a central site or regional hub.
Internet edge
The Internet edge is the infrastructure that provides connectivity to the Internet and that acts as a gateway for the enterprise to the rest of the world.
16
Department of Computer Science
CISCO Safe Architecture
Branches
Branches provide connectivity to users and devices at remote locations.
A branch office typically includes one or more LANs and connects to the central site via a private WAN or an Internet connection using VPN technology.
Branches host local data, voice, and video services
17
Department of Computer Science
CISCO Safe Architecture
Extranet
An extranet allows selected business partners, customers, and suppliers to access a portion of the network via secure protocols.
Extranet services include remote-access VPN.
Partner Site
Partner sites are networks owned by business partners, customers, and suppliers.
They access services in the extra net via secure WAN or Internet connectivity.
18
Department of Computer Science
CISCO Safe Architecture
E-Commerce
The e-commerce module hosts applications, servers, and data used in the selling and buying of products.
Teleworker
The teleworker module is the home office of a full-time or part-time employee.
Services in the teleworker module include remote-access VPN, desktop security, secure wireless networking, IP telephony, and IP video.
19
Department of Computer Science
CISCO Safe Architecture
Cisco Sensor Base
Cisco Sensor Base consists of threat collection servers that receive daily updates from globally deployed sensors regarding threats such as botnets, dark nets, malware, and serial attackers.
Sensors include intrusion prevention systems, email servers, and web security appliances.
20
Department of Computer Science 21