priscilla oppenheimer - gbv
TRANSCRIPT
Top-Down Network Design Third Edition
Priscilla Oppenheimer
Cisco Press 800 East 96th Street
Indianapolis, IN 46240
vi Тор-Down Network Design
Contents at a Glance Introduction xxii
Part I Identifying Your Customer's Needs and Goals 1
Chapter 1 Analyzing Business Goals and Constraints 3
Chapter 2 Analyzing Technical Goals and Tradeoffs 25
Chapter 3 Characterizing the Existing Internetwork 59
Chapter 4 Characterizing Network Traffic 87
Part II Logical Network Design 117
Chapter 5 Designing a Network Topology 119
Chapter 6 Designing Models for Addressing and Numbering 167
Chapter 7 Selecting Switching and Routing Protocols 199
Chapter 8 Developing Network Security Strategies 233
Chapter 9 Developing Network Management Strategies 263
Part III Physical Network Design 281
Chapter 10 Selecting Technologies and Devices for Campus Networks 283
Chapter 11 Selecting Technologies and Devices for Enterprise Networks 319
Part IV Testing, Optimizing, and Documenting Your Network Design 351
Chapter 12 Testing Your Network Design 353
Chapter 13 Optimizing Your Network Design 367
Chapter 14 Documenting Your Network Design 393
Glossary 407
Index 435
Contents Introduction xxii
Part I Identifying Your Customer's Needs and Goals 1
Chapter 1 Analyzing Business Goals and Constraints 3
Using a Top-Down Network Design Methodology 3
Using a Structured Network Design Process 5
Systems Development Life Cycles 6
Plan Design Implement Operate Optimize (PDIOO) Network Life Cycle
Analyzing Business Goals 8
Working with Your Client 8
Changes in Enterprise Networks 10
Networks Must Make Business Sense 10
Networks Offer a Service 11
The Need to Support Mobile Users 12
The Importance of Network Security and Resiliency 12
Typical Network Design Business Goals 13
Identifying the Scope of a Network Design Project 14
Identifying a Customer's Network Applications 16
Analyzing Business Constraints 19
Politics and Policies 19
Budgetary and Staffing Constraints 20
Project Scheduling 21
Business Goals Checklist 22
Summary 23
Review Questions 23
Design Scenario 24
Chapter 2 Analyzing Technical Goals and Tradeoffs 25
Scalability 25
Planning for Expansion 26
Expanding Access to Data 26
Constraints on Scalability 27
Availability 27
Disaster Recovery 28
Specifying Availability Requirements 29
Тор-Down Network Design
Five Nines Availability 30 The Cost of Downtime 31 Mean Time Between Failure and Mean Time to Repair 31
Network Performance 32 Network Performance Definitions 33 Optimum Network Utilization 34 Throughput 35 Throughput of Internetworking Devices 36 Application Layer Throughput 37 Accuracy 38 Efficiency 39 Delay and Delay Variation 40 Causes of Delay 41 Delay Variation 43 Response Time 44
Security 44 Identifying Network Assets 45 Analyzing Security Risks 46 Reconnaissance Attacks 47 Denial-of-Service Attacks 48 Developing Security Requirements 48
Manageability 49 Usability 50 Adaptability 50 Affordability 51 Making Network Design Tradeoffs 52 Technical Goals Checklist 54 Summary 55 Review Questions 56 Design Scenario 56
Chapter 3 Characterizing the Existing Internetwork 59 Characterizing the Network Infrastructure 59
Developing a Network Map 60 Characterizing Large Internetworks 60 Characterizing the Logical Architecture 62 Developing a Modular Block Diagram 64 Characterizing Network Addressing and Naming 64
ix
Characterizing Wiring and Media 65
Checking Architectural and Environmental Constraints 68
Checking a Site for a Wireless Installation 69
Performing a Wireless Site Survey 70
Checking the Health of the Existing Internetwork 71
Developing a Baseline of Network Performance 72
Analyzing Network Availability 73
Analyzing Network Utilization 73
Measuring Bandwidth Utilization by Protocol 75
Analyzing Network Accuracy 76
Analyzing Errors on Switched Ethernet Networks 77
Analyzing Network Efficiency 79
Analyzing Delay and Response Time 80
Checking the Status of Major Routers, Switches, and Firewalls 82
Network Health Checklist 83
Summary 84
Review Questions 84
Hands-On Project 85
Design Scenario 85
Chapter 4 Characterizing Network Traffic 87
Characterizing Traffic Flow 87
Identifying Major Traffic Sources and Stores 87
Documenting Traffic Flow on the Existing Network 89
Characterizing Types of Traffic Flow for New Network Applications 90
Terminal/Host Traffic Flow 91
Client/Server Traffic Flow 91
Peer-to-Peer Traffic Flow 93
Server/Server Traffic Flow 94
Distributed Computing Traffic Flow 94
Traffic Flow in Voice over IP Networks 94
Documenting Traffic Flow for New and Existing Network Applications 95
Characterizing Traffic Load 96
Calculating Theoretical Traffic Load 97
Documenting Application-Usage Patterns 99
Refining Estimates of Traffic Load Caused by Applications 99
Estimating Traffic Load Caused by Routing Protocols 101
x Тор-Down Network Design
Characterizing Traffic Behavior 101 Broadcast/Multicast Behavior 101 Network Efficiency 102 Frame Size 103 Windowing and Flow Control 103 Error-Recovery Mechanisms 104
Characterizing Quality of Service Requirements 105 ATM QoS Specifications 106 Constant Bit Rate Service Category 107 Real-time Variable Bit Rate Service Category 107 Non-real-time Variable Bit Rate Service Category 107 Unspecified Bit Rate Service Category 108 Available Bit Rate Service Category 108 Guaranteed Frame Rate Service Category 108 IETF Integrated Services Working Group QoS Specifications 109 Controiled-Load Service 110 Guaranteed Service 110 IETF Differentiated Services Working Group QoS Specifications 111 Grade of Service Requirements for Voice Applications 112 Documenting QoS Requirements 113
Network Traffic Checklist 114 Summary 114 Review Que stions 114 Design Scenario 115 Summary for Part I 115
Part II Logical Network Design 117
Chapter 5 Designing a Network Topology 119 Hierarchical Network Design 120
Why Use a Hierarchical Network Design Model? 121 Flat Versus Hierarchical Topologies 122 Flat WAN Topologies 122 Flat LAN Topologies 123 Mesh Versus Hierarchical-Mesh Topologies 124 Classic Three-Layer Hierarchical Model 125 Core Layer 127 Distribution Layer 127
xi
Access Layer 128
Guidelines for Hierarchical Network Design 128
Redundant Network Design Topologies 130
Backup Paths 131
Load Sharing 132
Modular Network Design 133
Cisco SAFE Security Reference Architecture 133
Designing a Campus Network Design Topology 135
Spanning Tree Protocol 135
Spanning Tree Cost Values 136
Rapid Spanning Tree Protocol 137
RSTP Convergence and Reconvergence 138
Selecting the Root Bridge 139
Scaling the Spanning Tree Protocol 140
Virtual LANs 141
Fundamental VLAN Designs 142
Wireless LANs 144
Positioning an Access Point for Maximum Coverage 145
WLANs and VLANs 146
Redundant Wireless Access Points 146
Redundancy and Load Sharing in Wired LANs 147
Server Redundancy 148
Workstation-to-Router Redundancy 150
Hot Standby Router Protocol 152
Gateway Load Balancing Protocol 153
Designing the Enterprise Edge Topology 153
Redundant WAN Segments 153
Circuit Diversity 154
Multihoming the Internet Connection 154
Virtual Private Networking 157
Site-to-Site VPNs 158
Remote-Access VPNs 159
Service Provider Edge 160
Secure Network Design Topologies 162
Planning for Physical Security 162
Meeting Security Goals with Firewall Topologies 162
xii Тор-Down Network Design
Summary 163 Review Questions 165 Design Scenario 165
Chapter 6 Designing Models for Addressing and Numbering 167 Guidelines for Assigning Network Layer Addresses 168
Using a Structured Model for Network Layer Addressing 168 Administering Addresses by a Central Authority 169 Distributing Authority for Addressing 170 Using Dynamic Addressing for End Systems 170 IP Dynamic Addressing 171 IP Version 6 Dynamic Addressing 174 Zero Configuration Networking 175 Using Private Addresses in an IP Environment 175 Caveats with Private Addressing 177 Network Address Translation 177
Using a Hierarchical Model for Assigning Addresses 178 Why Use a Hierarchical Model for Addressing and Routing? 178 Hierarchical Routing 179 Classless Interdomain Routing 179 Classless Routing Versus Classful Routing 180 Route Summarization (Aggregation) 181 Route Summarization Example 182 Route Summarization Tips 183 Discontiguous Subnets 183 Mobile Hosts 184 Variable-Length Subnet Masking 185 Hierarchy in IP Version 6 Addresses 186 Link-Local Addresses 187 Global Unicast Addresses 188 IPv6 Addresses with Embedded IPv4 Addresses 189
Designing a Model for Naming 189 Distributing Authority for Naming 190 Guidelines for Assigning Names 191 Assigning Names in a NetBIOS Environment 192 Assigning Names in an IP Environment 193 The Domain Name System 193
xiii
Dynamic DNS Names 194 IPv6 Name Resolution 195
Summary 195 Review Questions 196 Design Scenario 197
Chapter 7 Selecting Switching and Routing Protocols 199 Making Decisions as Part of the Тор-Down Network Design Process 200 Selecting Switching Protocols 201
Switching and the OSI Layers 202 Transparent Bridging 202 Selecting Spanning Tree Protocol Enhancements 203 PortFast 204 UplinkFast and BackboneFast 204 Unidirectional Link Detection 205 LoopGuard 206 Protocols for Transporting VLAN Information 207 IEEE 802.1Q 207 Dynamic Trunk Protocol 208 VLAN Trunking Protocol 208
Selecting Routing Protocols 209 Characterizing Routing Protocols 209 Distance-Vector Routing Protocols 210 Link-State Routing Protocols 212 Routing Protocol Metrics 214 Hierarchical Versus Nonhierarchical Routing Protocols 214 Interior Versus Exterior Routing Protocols 214 Classful Versus Classless Routing Protocols 214 Dynamic Versus Static and Default Routing 215 On-Demand Routing 216 Scalability Constraints for Routing Protocols 216 Routing Protocol Convergence 217 IP Routing 218 Routing Information Protocol 218 Enhanced Interior Gateway Routing Protocol 219 Open Shortest Path First 221 Intermediate System-to-Intermediate System 224 Border Gateway Protocol 225
xiv Тор-Down Network Design
Using Multiple Routing Protocols in an Internetwork 225 Routing Protocols and the Hierarchical Design Model 226 Redistribution Between Routing Protocols 227 Integrated Routing and Bridging 22 9
A Summary of Routing Protocols 230 Summary 231 Review Questions 231 Design Scenario 232
Chapter 8 Developing Network Security Strategies 233 Network Security Design 233
Identifying Network Assets 234 Analyzing Security Risks 234 Analyzing Security Requirements and Tradeoffs 235 Developing a Security Plan 235 Developing a Security Policy 236 Components of a Security Policy 237 Developing Security Procedures 237 Maintaining Security 237
Security Mechanisms 238 Physical Security 238 Authentication 239 Authorization 239 Accounting (Auditing) 240 Data Encryption 240 Public/Private Key Encryption 241 Packet Filters 243 Firewalls 244 Intrusion Detection and Prevention Systems 244
Modularizing Security Design 245 Securing Internet Connections 245 Securing Public Servers 246 Securing E-Commerce Servers 247 Securing Remote-Access and VPNs 248 Securing Remote-Access Technologies 248 Securing VPNs 249 Securing Network Services and Network Management 250 Securing Server Farms 251
XV
Securing User Services 252
Securing Wireless Networks 253
Authentication in Wireless Networks 254
Data Privacy in Wireless Networks 258
Summary 261
Review Questions 261
Design Scenario 262
Chapter 9 Developing Network Management Strategies 263
Network Management Design 263
Proactive Network Management 264
Network Management Processes 264
Fault Management 265
Configuration Management 266
Accounting Management 266
Performance Management 266
Security Management 268
Network Management Architectures 269
In-Band Versus Out-of-Band Monitoring 270
Centralized Versus Distributed Monitoring 270
Selecting Network Management Tools and Protocols 271
Selecting Tools for Network Management 271
Simple Network Management Protocol 271
Management Information Bases (MIB) 272
Remote Monitoring (RMON) 273
Cisco Discovery Protocol 274
Cisco NetFlow Accounting 276
Estimating Network Traffic Caused by Network Management 276
Summary 277
Review Questions 278
Design Scenario 278
Summary for Part II 279
Part III Physical Network Design 281
Chapter 10 Selecting Technologies and Devices for Campus Networks 283
LAN Cabling Plant Design 284
Cabling Topologies 284
Building-Cabling Topologies 285
xvi Тор-Down Network Design
Campus-Cabling Topologies 285 Types of Cables 285
LAN Technologies 289 Ethernet Basics 290 Ethernet and IEEE 802.3 290 Ethernet Technology Choices 291 Half-Duplex and Full-Duplex Ethernet 292 100-Mbps Ethernet 292 Gigabit Ethernet 293 10-Gbps Ethernet 295
Selecting Internetworking Devices for a Campus Network Design 299 Criteria for Selecting Campus Internetworking Devices 300 Optimization Features on Campus Internetworking Devices 302
Example of a Campus Network Design 303 Background Information for the Campus Network Design Project 303 Business Goals 304 Technical Goals 304 Network Applications 305 User Communities 306 Data Stores (Servers) 307 Current Network at WVCC 307 Traffic Characteristics of Network Applications 310 Summary of Traffic Flows 311 Performance Characteristics of the Current Network 312 Network Redesign for WVCC 313 Optimized IP Addressing and Routing for the Campus Backbone 313 Wireless Network 314 Improved Performance and Security for the Edge of the Network 315
Summary 316 Re view Que stions 317 Design Scenario 317
Chapter 11 Selecting Technologies and Devices for Enterprise Networks 319 Remote-Access Technologies 320
PPP 321 Multilink PPP and Multichassis Multilink PPP 321 Password Authentication Protocol and Challenge Handshake
Authentication Protocol 322
xvii
Cable Modem Remote Access 323
Challenges Associated with Cable Modem Systems 324
Digital Subscriber Line Remote Access 325
Other DSL Implementations 326
PPP and ADSL 326
Selecting Remote-Access Devices for an Enterprise Network Design 327
Selecting Devices for Remote Users 327
Selecting Devices for the Central Site 328
WAN Technologies 328
Systems for Provisioning WAN Bandwidth 329
Leased Lines 330
Synchronous Optical Network 331
Frame Relay 332
Frame Relay Hub-and-Spoke Topologies and Subinterfaces 333
Frame Relay Congestion Control Mechanisms 335
Frame Relay Traffic Control 335
Frame Relay/ATM Interworking 336
ATM 337
Ethernet over ATM 337
Metro Ethernet 338
Selecting Routers for an Enterprise WAN Design 339
Selecting a WAN Service Provider 340
Example of a WAN Design 341
Background Information for the WAN Design Project 341
Business and Technical Goals 342
Network Applications 343
User Communities 343
Data Stores (Servers) 344
Current Network 344
Traffic Characteristics of the Existing WAN 345
WAN Design for Klamath Paper Products 346
Summary 348
Review Questions 349
Design Scenario 349
Summary for Part III 350
xviii Тор-Down Network Design
Part IV Testing, Optimizing, and Documenting Your Network Design 351
Chapter 12 Testing Your Network Design 353 Using Industry Tests 354 Building and Testing a Prototype Network System 355
Determining the Scope of a Prototype System 355 Testing a Prototype on a Production Network 356
Writing and Implementing a Test Plan for Your Network Design 357 Developing Test Objectives and Acceptance Criteria 357 Determining the Types of Tests to Run 358 Documenting Network Equipment and Other Resources 359 Writing Test Scripts 360 Documenting the Project Timeline 361 Implementing the Test Plan 361
Tools for Testing a Network Design 362 Types of Tools 362 Examples of Network Testing Tools 363 CiscoWorks Internetwork Performance Monitor 364 WANDL Network Planning and Analysis Tools 364 OPNET Technologies 364 Ixia Tools 365 NetlQ Voice and Video Management Solution 365 NetPredict's NetPredictor 365
Summary 366 Review Questions 366 Design Scenario 366
Chapter 13 Optimizing Your Network Design 367 Optimizing Bandwidth Usage with IP Multicast Technologies 368
IP Multicast Addressing 369 Internet Group Management Protocol 370 Multicast Routing Protocols 370 Distance Vector Multicast Routing Protocol 371 Protocol Independent Multicast 371
Reducing Serialization Delay 372 Link-Layer Fragmentation and Interleaving 373 Compressed Real-Time Transport Protocol 374
xix
Optimizing Network Performance to Meet Quality of Service Requirements 374
IP Precedence and Type of Service 375
IP Differentiated Services Field 376
Resource Reservation Protocol 377
Common Open Policy Service Protocol 379
Classifying LAN Traffic 379
Cisco IOS Features for Optimizing Network Performance 380
Switching Techniques 380
Classic Methods for Layer 3 Packet Switching 381
NetFlow Switching 382
Cisco Express Forwarding 382
Queuing Services 383
First-In, First-Out Queuing 383
Priority Queuing 384
Custom Queuing 384
Weighted Fair Queuing 385
Class-Based Weighted Fair Queuing 386
Low-Latency Queuing 387
Random Early Detection 388
Weighted Random Early Detection 388
Traffic Shaping 389
Committed Access Rate 389
Summary 389
Review Questions 390
Design Scenario 391
Chapter 14 Documenting Your Network Design 393
Responding to a Customer's Request for Proposal 394
Contents of a Network Design Document 395
Executive Summary 396
Project Goal 396
Project Scope 396
Design Requirements 397
Business Goals 397
Technical Goals 398
User Communities and Data Stores 399
xx Тор-Down Network Design
Network Applications 399 Current State of the Network 399 Logical Design 400 Physical Design 400 Results of Network Design Testing 401 Implementation Plan 401 Project Schedule 402 Project Budget 403 Return on Investment 403 Design Document Appendix 404
Summary 404 Review Questions 405 Design Scenario 405
Glossary 407
Index 435