logical network design (part ii) - rab nawaz jadoon of computer science dcs comsats institute of...

Department of Computer Science

DCS

COMSATS Institute of Information Technology

Logical Network Design (Part II)

Rab Nawaz JadoonAssistant Professor

COMSATS IIT, Abbottabad

Pakistan

Telecommunication Network Design (TND)


Possible (Part II) covering

Designing a network topology

Designing models for addressing and numbering

Selecting switching and routing protocols

Developing network security strategies

Developing network management strategies

2


Classic Three-Layer Hierarchical Mode

Core layer

The core layer provides optimal transport between sites.

Distribution layer

The distribution layer connects network services to the access layer and implements policies regarding security, traffic loading, and routing.

Access layer

In a WAN design, the access layer consists of the routers at the edge of the campus networks.

In a campus network, the access layer provides switches or hubs for end user access.

3


Core layer

The core layer of a three-layer hierarchical topology is the high-speed backbone of the internetwork.

Because the core layer is critical for interconnectivity, you should design the core layer with redundant components.

The core layer should be highly reliable and should adapt to changes quickly.

4


Distribution Layer

The distribution layer of the network is the demarcation point between the access and core layers of the network.

The distribution layer has many roles, including controlling access to resources for security reasons and controlling network traffic.

5


Distribution layer

The distribution layer allows the core layer to connect sites that run different protocols while maintaining high performance.

To maintain good performance in the core, the distribution layer can redistribute between bandwidth-intensive access layer routing protocols and optimized core routing protocols.

For example, perhaps one site in the access layer is still running an older protocol, such as IGRP. The distribution layer can redistribute between IGRP at the access layer

and EIGRP in the core layer.

6


Access Layer

The access layer provides users on local segments with access to the internetwork.

The access layer can include routers, switches, bridges, shared-media hubs, and wireless access points.

7


Redundant Network Design

Redundant network designs enable you to meet requirements for network availability by duplicating elements in a network.

Redundancy attempts to eliminate any single point of failure on the network.

The goal is to duplicate any required component whose failure could disable critical applications.

The component could be a core router, a switch, a link between two switches, a channel service unit (CSU), a power supply, a WAN trunk, Internet connectivity, and so on.

Redundancy adds complexity to the network topology and to network addressing and routing.

8



Backup Paths

To maintain interconnectivity even when one or more links are down, redundant network designs include a backup path for packets to travel when there are problems on the primary path.

A backup path consists of routers and switches and individual backup links between routers and switches, which duplicate devices and links on the primary path.

9



When estimating network performance for a redundant network design, you should take into consideration two aspects of the backup path:

How much capacity the backup path supports.

How quickly the network will begin to use the backup path.

You can use a network-modeling tool to predict network performance when the backup path is in use.

Sometimes the performance is worse than the primary path, but still acceptable.

10



Load Sharing

The primary purpose of redundancy is to meet availability requirements.

A secondary goal is to improve performance by supporting load sharing across parallel links.

Load sharing, sometimes called load balancing, allows two or more interfaces or paths to share traffic load

11


CISCO Safe Architecture

SAFE is a reference architecture that network designers can use to simplify the complexity of a large internetwork.

With SAFE, you can analyze the functional, logical, and physical components of a network and thus simplify the process of designing an overall enterprise network.

12



13



Core

The core stitches together all the other modules. The core is a high-speed infrastructure that provides reliable and scalable Layer 2 and Layer 3 transport

Data center

The data center hosts servers, applications, and storage devices for use by internal users.

The data center also connects the network infrastructure that these devices require, including routers, switches, load balancers, content delivery devices, and application acceleration devices.

The data center is not directly accessible from the Internet to the general public.

14



Campus

The campus network provides network access to end users and devices located in a single geographical location.

The campus may span several floors in a single building or multiple buildings for larger enterprises.

The campus hosts local data, voice, and video services

15



Management

The management network provides monitoring, analysis, authentication, and logging services.

WAN edge:

The WAN edge is the portion of the network that aggregates WAN links that connect geographically distant branch offices to a central site or regional hub.

Internet edge

The Internet edge is the infrastructure that provides connectivity to the Internet and that acts as a gateway for the enterprise to the rest of the world.

16



Branches

Branches provide connectivity to users and devices at remote locations.

A branch office typically includes one or more LANs and connects to the central site via a private WAN or an Internet connection using VPN technology.

Branches host local data, voice, and video services

17



Extranet

An extranet allows selected business partners, customers, and suppliers to access a portion of the network via secure protocols.

Extranet services include remote-access VPN.

Partner Site

Partner sites are networks owned by business partners, customers, and suppliers.

They access services in the extra net via secure WAN or Internet connectivity.

18



E-Commerce

The e-commerce module hosts applications, servers, and data used in the selling and buying of products.

Teleworker

The teleworker module is the home office of a full-time or part-time employee.

Services in the teleworker module include remote-access VPN, desktop security, secure wireless networking, IP telephony, and IP video.

19



Cisco Sensor Base

Cisco Sensor Base consists of threat collection servers that receive daily updates from globally deployed sensors regarding threats such as botnets, dark nets, malware, and serial attackers.

Sensors include intrusion prevention systems, email servers, and web security appliances.

20

Department of Computer Science 21

http://www.google.com.pk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=Fq1xGPqJ6oJ2vM&tbnid=CkeNc5Eu0mjFcM:&ved=0CAUQjRw&url=http%3A%2F%2Fwww.clipartof.com%2Fportfolio%2Ftoonaday%2Fthank-you&ei=nGwcUtbFD6rT0QWcr4GwCQ&bvm=bv.51156542,d.ZGU&psig=AFQjCNFuayW2W2VY5qv-0mhYwS2kpNN0ug&ust=1377680906929817

logical network design (part ii) - rab nawaz jadoon of computer science dcs comsats institute of...

Documents