Professional Documents
Culture Documents
How to plan and design a network that is of good reliability, expandability, security, manageability, and maintainability? This course gives a brief look at the network planning in the aspects of topology design, address and naming planning, route selection, security, and network management.
Page 1
Here are the learning objectives of this course [ Outline the basic principle of network planning [ Master the principle of topology design and addressing [ Understand how to select routing protocols for the network [ Outline the basic idea of developing the security strategies [ Know the development trends of network management system
Page 2
Page 3
Page 4
Page 5
[ Whether the network can provide rich services [ Whether reliable security level can be ensured [ QoS of key services
l Manageability
[ Centralized management platform enabling flexible management on various equipment [ NMS for maintenance of topology management, configuration and backup, software upgrade, and real-time traffic and exception monitor
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 6
Policy routing
Page 7
Equipment Selection
l Reliability
[ NAT, VPN, and policy routing in addition to ordinary IP routing (CPU, ASIC and NP)
l Port
[ Support of possible future performance and services by adding boards or software upgrade (CPU, ASIC and NP) [ Price Select devices according to the above factors instead of devices with high price.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 8
Page 9
[ Network performance maximization [ Condensed time for deployment and fault removal [ Cost-effectiveness
l Redundant and backup
[ Counteraction of impact by single node failure [ Load sharing and better network performance [ Increased network complexity and cost
l Security
[ Protection of core router, edge routers, switches, and server [ Firewall against external attack
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 10
[ No hierarchy and modularization, easy deployment and management [ Suitable for small networks, and inconvenient for expansion
l Plane hierarchy model
[ Common structure for traditional large network, including core layer, convergence layer, access layer
l Plane and Space Hierarchy model
[ Hierarchy and plane, different planes for different services [ Clear structure, good backup capability, and high security
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 11
Quidway S8500/8000/6500
Quidway Eudemon 100/200/1000 Quidway AR4600/2800 Quidway S3500 Quidway S3000 Quidway S5000
Quidway WA1000
Quidway S2000
Page 12
BJ IDC
GZ
SH IDC SH Egress
GZ IDC
XA
BJ
SY
CD
GZ
WH
SH
NJ
1+1>2
A Internet Service plane
Page 14
MAN
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
[ Backup cost
[ N+1 backup, through which the network operation will not be affected in case of any fault in key equipment, links, and modules ! [ Backup of topology, equipment, and protocols
l Access layer backup
[ Usually select the devices without redundancy function in key modules [ Usually not considering dual-host backup [ Only provide the dual-uplink for backup if necessary
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 15
[ Usually select devices with redundancy function in key modules ! [ Usually considering dual-host backup, dual-uplink backup, and ring connection among convergence layer devices
l Core layer backup
[ Usually select devices with carrier-class reliability [ Considering full mesh or partially mesh topology connection among core layer devices
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 16
[ Equal bandwidth on active and standby links; standby devices or links participating in operation
l Asymmetrical backup
[ Less or equal bandwidth on standby links; standby devices or links participating in operation only in case of active link failure
Page 17
Regional center
12.5G GSR12016 5155M
GSR12416
GSR12416 Hohhot
Baotou GSR12012
NE80 3155M 5155M 3155M 1155M Wuhai GSR12012 Ba League GSR12012 A League Xingan League Wu League Tongliao GSR12012 GSR12012 GSR12012 2155M 2155M 5155M
NE80 2155M
NE80
Erdos
GSR12012
NE80
2155M
Page 18
PSTN/ISDN
Business office
Active link
Quidway Router
ATM
Page 19
Page 20
[ Continuous addresses can facilitate path coverage, reduce the size of routing tables, and improve the efficiency of routing algorithms in the hierarchical network.
l Expandable
[ Some address should be reserved during address assignment on each layer ensure the continuity of address coverage during network expansion.
l Meaningful
Loopback address [ Concept: logical interface, always UP [ Address planning A 32-bit mask address is required. Odd number of the last digit for routers, and even number for switches The nearer the devices is to the core, the smaller the loopback address becomes
Interconnection address [ Concept: address for port connection of two network devices [ Address planning A 30-bit mask address is required. Use smaller address for core devices Use continuous aggregatable address
Service address [ Concept: gateway address and address for connecting Ethernet servers and hosts [ Address planning [ Use the same last number for all gateway addresses, for example, ".254" for gateway
Page 22
Name the devices in the form of AA-B-YYYY-X to facilitate the management. [ AA: device level and name, usually the name of the region [ B: name of equipment supplier [ YYYY: equipment model [ X: identity numbered by 1, 2... if the previous three items are the same
l
Examples: [ Name of the first switch 3526E in Beihai: BH-H3-S3526E-1 [ Name of the router AR4640 at Chongkou: ChongKB-H3-AR4640
Page 23
indicate and the peer connection and bandwidth. Naming format: name of peer device bandwidth
l Example: description to ZD-H3-NE16E-2
8MThis indicates the standby router NE16E with 8 Mbps bandwidth at the peer end.
Page 24
[ For MP, Ethernet sub-interface, and VLAN interface, assign meaningful numbers for their names. [ For MP-group A/B/C, "A" indicates the slot number; "B" indicates card number, which is fixed; "C" is set to a digit that indicates the information of the peer device, for example, an identification digit of peer loopback interface address, or OSPF area number of peer device. [ Strictly keep Ethernet sub-interface number consistent with the VLAN information. [ Make a uniform plan for the use of numbers for global VLAN interfaces, for example, 100 and 200 for the VLAN of VPN, and 1000 for NM VLAN.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 25
Page 26
RIPv1
Distance vector
Interior
Classful
Hop count
15 hops
Maybe a long time (if no load balance) Maybe a long time (if no load balance)
Memory: High; CPU: High; Bandwidth: Low Memory: High; CPU: High; Bandwidth: Low
RIPv2
Distance vector
Interior
Classless
Hop count
15 hops
Yes
Easy
OSPF
Link state
Interior
Classless
Several hundred areas, each area supporting several hundred routers Several hundred areas, each area supporting several hundred routers
Yes
Medium
IS-IS
Link state
Interior
Classless
Yes
Medium
BGP
Path vector
Exterior
Classless
1,000 routers
Yes
Medium
Page 27
[ Simple, flat network topology, no need of hierarchy design [ Simple hub-and-spoke topology [ Network manager is unfamiliar with link state protocols and unable to shoot troubles in link state database [ No need to consider convergence time in the worst case
l Link state protocol
[ Hierarchical large network [ Network administrator has rich knowledge about link state protocol [ Fast convergence is of much importance
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 28
and reliability
same tasks
l With hierarchical routing protocol, routers of different roles perform
different tasks
Page 29
system
l Exterior routing protocol runs between autonomous systems
[ Manual configuration, suitable for stub network [ No protocol messages occupy bandwidth [ Easy fault removal [ User has higher control over path selection [ Difficult to manage in large networks [ Routing details are not known
l Default route
[ Simple; suitable for the network with only one ingress and egress link [ Routing details are not known
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 31
State Advertisement
l Information transmission upon route update l Bandwidth occupation by route update l Advertisement range of route update l CPU occupation by routing protocols l Whether it supports default and static routes l Whether it supports route aggregation
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 32
[ Support of redundancy links and load sharing [ Recommended: OSPF, IS-IS [ Not recommended: RIP
l Selection of routing protocol for convergence layer
[ Recommended: OSPF, RIPv2, static routing protocol [ IS-IS is not suitable for access layer
Page 33
A router runs more than one routing protocol Routing protocols need share routing information
Redistribution Principle
l l
protocol to another protocol, and use of static or default route in the reverse direction.
Two-way distribution refers to distribution of routing information from one
Avoid re-advertisement of routes learnt from a protocol back to it Measures of different protocols are different.
All rights reserved Page 34
Page 35
[ Password mechanism
l Privacy policy
[ Physical isolation of key network resources [ Certification and authorization [ Certificate and authenticate the validity of user identity [ Limit the range of network resources available for certified users by right control
l Data encryption
[ Encrypt original data to prevent data from being read by third-parties [ Choose a balanced solution between security and performance
l No encryption for internal networks
[ Protect network resources from unauthorized use, theft, damage, and attack
l Firewall
[ Physical equipment Deploy devices to perform security policies at the border of two or more networks Configure ACL router, dedicated hardware, and software on PC and Unix systems [ Firewall types Static packet filter ! Check packets one by one; fast forwarding; simple configuration Dynamic firewall ! Trace sessions and make intelligent admission and discard decisions
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 38
[ Usage Detect malicious attacks Take performance statistics and analyze exceptional cases [ Type Host IDS: running on a single host and detecting only this host Network IDS: detecting the stream of the whole network
Page 39
Page 40
Configuration management
Fault management
Security management
accounting management
Performance management
Page 41
Page 42
IPV6 IPV4
SNMPv6
IPv6 network
Page 44
Data management
Northbound interface
Data operation
Terminal interface
Other NMS
IP/ATM Core
N2000 NMS Firewall Aggregation Layer Aggregation Layer N2000 Local Terminal
Backup
Page 46
DCN
N2000 NMS Firewall
Backup
IP/ATM Core
Access Devices
Page 47
Municipal terminal
Municipal NE
Page 48
Municipal terminal
Regional IN NE
SCP/SMP
Page 49
Provincial NMS A
Provincial NMS B
Municipal OMC
Municipal OSS
Municip al NE
IN NMS
Municip al NE
Page 50
Provincial NM terminal
OSS
DCN/Group/Internet
Page 51
Municipal terminal
Municipal NMS
Municipa l NE
Page 52
Network infrastructure
User
NMS
Service NE
User domain
" PSTN terminal " Mobile terminal " Third party access
Network domain " Internal systems " External interfaces " DMZ " Public security service " " " " "
NM domain Provincial NMS sub-domain Simens NMS sub-domain Ericsson NMS sub-domain Municipal NMS sub-domain ##
Cross-subdomain NM network data arrangement
Service module 1
Service module 5
Service module 4
DMZ
Internal risk
DCN
Page 55
MA5200F
Standby WPN data exchange area Active WPN data exchange area
IDS
Network domain
interface area
DCN
Municipal node 1
MA5200F
Municipal node N
Page 56
Thank You
www.huawei.com