module 4: designing routing and switching requirements
TRANSCRIPT
Module 4:Designing Routing and
Switching Requirements
Connectivity Requirements
Branch OfficeBranch Office
Corporate HeadquartersCorporate Headquarters
Web Server
Internet
Server
LAN
LAN
Remote User
Remote User
VPN
Wireless User
•Locally
•Remotely
•Across the Internet
Evaluate how users connect
Types of Network Devices
Device OSI layer Definition
Hub• Physical
(layer 1)
• Extends the network by retransmitting the signal
• Does not process the data
Switch• Data-link
(layer 2)
• Forwards frames according to the destination MAC address
• Supports simultaneous conversations without collisions
Router• Network
(layer 3)• Used to link WANs and dissimilar LANs• Sends packets based on logical addressing
Layer 3 switch
• Network (layers 2 and 3)
• Is a limited-purpose hardware-based IP router with bridging capabilities
• Also performs layer 2 switching
Reasons for Using Routers
Use routers to:
• Isolate networks from each other• Provide a start for a secure network
implementation
Traditional uses of routers
• Connecting WANs• Segmenting LANs
Internet Security and Acceleration for Internet Connectivity
131.107.0.9
IntranetIntranet
10.10.10.810.10.10.8
ISA ServerISA Server
10.10.10.0 maps to 131.107.0.9
10.10.10.0 maps to 131.107.0.9
10.10.10.710.10.10.7
10.10.10.910.10.10.9
10.10.10.1010.10.10.10
10.10.10.810.10.10.8
131.107.0.9
ISA has additional features over NAT:
• Application traffic monitoring
• Internet content caching
• User-based control
Strategies for Designing Firewalls
Bastion hostBastion host
Web Server
LAN
Multi-homed firewallMulti-homed firewall
LANWeb Server
Back-to-back firewallBack-to-back firewall
Web Server
LAN
Internet
Strategies for Designing Extranet
Option Description
VPN • Encrypted communication over the Internet
Dial-up • Computer communication over phone lines
Secure Web server
• Authenticated access to a Web server
RPC over HTTP• RPC communication tunnelled in HTTP for an
application
Terminal services
• Remote access to an application
ADFS• Active Directory authentication for Web
applications
Determining Connection Methods
Connection method Use when:
Leased lines• Security is important• Speed and reliability are required• No budget constraints
Tunneling• Security is important• No modem infrastructure
Demand-dial -on demand
• Limited traffic • Per-instance fee pricing structure
Demand-dial -persistent
• Ample traffic• Flat fee pricing structure
Selecting a Site-to-Site VPN Tunnel
VPN tunnel type Criteria
VPN with PPTP tunnel is used if:
• All routers support PPTP passthrough• User-based authentication is sufficient• Support for non-IP protocols is required
VPN with L2TP/IPSec tunnel is used if:
• All routers support passthrough of IPSec• Computer-based authentication is required• Support for non-IP protocols is required
VPN with IPSec in tunnel mode is used if:
• All routers support passthrough of IPSec• Only computer-based authentication is
required• Support for only TCP/IP is required
Factors Affecting Network Performance
Factors affecting network performance
• Bandwidth
• Latency
• Throughput
• Capacity
• Wire speed
• Utilization
• Jitter
• Jabber
• Bottleneck
• Collisions
• Efficiency
• Frame rate
Network Upgrade Considerations
When determining how to upgrade a network, consider:
• Current utilization rates at various times of day
• Appropriate target utilization rates
• Flow of traffic through the network
• Future growth
• Potential repercussions
Calculating Actual Data Throughput
Actual data throughput formula
• ADT = net utilization * efficiency rating * wire speed
• Net utilization = (utilization - collisions)
• Efficiency rating based on frame size
• Actual Data Throughput (ADT) shows you how much usable data is actually being carried on the network
• Adding nodes and header information affects throughput
• You should measure throughput after data transmission
What Is Quality of Service?
Quality of Service (QoS):
• Prioritizes network traffic for network routing by adding a DSCP value
• Uses throttling to limit bandwidth usage on a host
Can be based on:
• Sending application
• Source or destination IPv4 or IPv6 addresses
• Protocol (TCP or UDP)
• Source or destination ports
What Is a QOS Policy?
A QoS policy:
• Is defined as part of a Group Policy
• Can be applied to users or computers
• Can include specific IPv4 or IPv6 addresses or networks to apply to
• Lets you define a DSCP value for network traffic
• Lets you define a throttle rate for network traffic