ODD010001 Overview of IP Network Planning ISSUE1 - 1

Internal
ODD010001 Overview of IP Network Planning

ISSUE 1.1
www.huawei.com
HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
How to plan and design a network that is of good reliability, expandability, security, manageability, and maintainability? This course gives a brief look at the network planning in the aspects of topology design, address and naming planning, route selection, security, and network management.
All rights reserved
Page 1
Here are the learning objectives of this course [ Outline the basic principle of network planning [ Master the principle of topology design and addressing [ Understand how to select routing protocols for the network [ Outline the basic idea of developing the security strategies [ Know the development trends of network management system
All rights reserved
Page 2
Chapter 1 Principles of Network Planning
All rights reserved
Page 3

1.1 Basic Principles of Network Planning 1.2 Designing a Network Topology 1.3 Designing Models for Addressing and Naming 1.4 Selecting Routing Protocols 1.5 Developing Network Security 1.6 Developing Network Management System
All rights reserved
Page 4
Basic Principles of Network Planning

Four Principles
l Reliability
[ Equipment [ Network topology

l Expandability
[ Equipment performance [ Scalability [ IP address and routing protocol planning
All rights reserved
Page 5
Basic Principles of Network Planning

Four Principles
l Operability
[ Whether the network can provide rich services [ Whether reliable security level can be ensured [ QoS of key services
l Manageability
[ Centralized management platform enabling flexible management on various equipment [ NMS for maintenance of topology management, configuration and backup, software upgrade, and real-time traffic and exception monitor
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 6
Flow of Network Planning

Equipment selection Topology planning Physical connection Routing planning IP connection MPLS/VPN planning QoS planning Advanced routing protocol planning Service isolation and assurance of key services Network security deployment Operable, manageable and secure network NM planning IP connection Board planning
Policy routing
All rights reserved
Page 7
Equipment Selection
l Reliability
[ Redundancy and reliability of key modules (power and control board)

l Forwarding performance
[ Real time Traffic < Throughput / 2

l Service capability
[ NAT, VPN, and policy routing in addition to ordinary IP routing (CPU, ASIC and NP)
l Port
[ If the ports can meet the requirements

l Expandability
[ Support of possible future performance and services by adding boards or software upgrade (CPU, ASIC and NP) [ Price Select devices according to the above factors instead of devices with high price.

All rights reserved
Page 9
Designing a Network Topology

Features of Network Topology
l Hierarchy and modularization
[ Network performance maximization [ Condensed time for deployment and fault removal [ Cost-effectiveness
l Redundant and backup
[ Counteraction of impact by single node failure [ Load sharing and better network performance [ Increased network complexity and cost
l Security
[ Protection of core router, edge routers, switches, and server [ Firewall against external attack

Network topology Model
l Plane structure Model
[ No hierarchy and modularization, easy deployment and management [ Suitable for small networks, and inconvenient for expansion
l Plane hierarchy model
[ Common structure for traditional large network, including core layer, convergence layer, access layer
l Plane and Space Hierarchy model
[ Hierarchy and plane, different planes for different services [ Clear structure, good backup capability, and high security

Hierarchy Model
MDNTM Media distribution network Quidway RM9000 Resource Manager iTELLIN CAMSTM Service platform
iManagerTM N2000/NMS Network management platform
Core layer Convergence layer Access layer

Quidway MA5200 Quidway S2000 Quidway S3000
10G/2.5G/RPR MPLS VPN Quidway NetEngine 16E/08E/05
Quidway NetEngine 5000E/80E/40E Quidway NetEngine 40/20
Quidway S8500/8000/6500
Quidway Eudemon 100/200/1000 Quidway AR4600/2800 Quidway S3500 Quidway S3000 Quidway S5000
Quidway WA1000
Quidway S2000
All rights reserved
Page 12

Plane and Space Hierarchy Model
National backbone IP network GZ Egress BJ Egress
BJ SH
BJ IDC
GZ
SH IDC SH Egress
GZ IDC
XA
BJ
SY
CD
GZ
WH
SH
NJ
Provincial IP network Metropolitan IP network


Plane and Space Hierarchy Model
Backbone network 2 (carrier-class services)
Backbone network 2 (network access and data services)
Carrier-class service plane
1+1>2
A Internet Service plane
Page 14
MAN
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

Redundancy and Backup Principles
l Basic principles
[ Backup cost
loss caused by equipment failure
[ N+1 backup, through which the network operation will not be affected in case of any fault in key equipment, links, and modules ! [ Backup of topology, equipment, and protocols
l Access layer backup
[ Usually select the devices without redundancy function in key modules [ Usually not considering dual-host backup [ Only provide the dual-uplink for backup if necessary

l Convergence layer backup
[ Usually select devices with redundancy function in key modules ! [ Usually considering dual-host backup, dual-uplink backup, and ring connection among convergence layer devices
l Core layer backup
[ Usually select devices with carrier-class reliability [ Considering full mesh or partially mesh topology connection among core layer devices

l Symmetrical backup
[ Equal bandwidth on active and standby links; standby devices or links participating in operation
l Asymmetrical backup
[ Less or equal bandwidth on standby links; standby devices or links participating in operation only in case of active link failure
All rights reserved
Page 17

Symmetrical backup
To national backbone network
12.5G 12.5G
Regional center
12.5G GSR12016 5155M
GSR12416
12.5G 3155M 2155M 1155M 1GE
GSR12416 Hohhot
Baotou GSR12012
NE80 3155M 5155M 3155M 1155M Wuhai GSR12012 Ba League GSR12012 A League Xingan League Wu League Tongliao GSR12012 GSR12012 GSR12012 2155M 2155M 5155M
NE80 2155M
NE80
Erdos
GSR12012
NE80
2155M
Xi League GSR12012 NE80
Chifeng NE80 GSR12012 Hulunbeier GSR12012
All rights reserved
Page 18

Asymmetrical backup
Municipal office
R R
Service front end processor group
DCC DCC backup link

ATM front end processor
Quidway Router Quidway Router
PSTN/ISDN
Business office
Active link
Bank backbone network Service terminal

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
Quidway Router
ATM
Page 19

All rights reserved
Page 20
Designing Models for Addressing and Naming

l Unique
[ The same IP address cannot be shared by two hosts in an IP network.

l Continuous
[ Continuous addresses can facilitate path coverage, reduce the size of routing tables, and improve the efficiency of routing algorithms in the hierarchical network.
l Expandable
[ Some address should be reserved during address assignment on each layer ensure the continuity of address coverage during network expansion.
l Meaningful
[ Use the meaningful name

Designing Models for Addressing

l
Loopback address [ Concept: logical interface, always UP [ Address planning A 32-bit mask address is required. Odd number of the last digit for routers, and even number for switches The nearer the devices is to the core, the smaller the loopback address becomes
Interconnection address [ Concept: address for port connection of two network devices [ Address planning A 30-bit mask address is required. Use smaller address for core devices Use continuous aggregatable address
Service address [ Concept: gateway address and address for connecting Ethernet servers and hosts [ Address planning [ Use the same last number for all gateway addresses, for example, ".254" for gateway
All rights reserved
Page 22
Designing Models for Naming

l
Name the devices in the form of AA-B-YYYY-X to facilitate the management. [ AA: device level and name, usually the name of the region [ B: name of equipment supplier [ YYYY: equipment model [ X: identity numbered by 1, 2... if the previous three items are the same
l
Examples: [ Name of the first switch 3526E in Beihai: BH-H3-S3526E-1 [ Name of the router AR4640 at Chongkou: ChongKB-H3-AR4640
All rights reserved
Page 23
l The description for each port in use should
indicate and the peer connection and bandwidth. Naming format: name of peer device bandwidth
l Example: description to ZD-H3-NE16E-2
8MThis indicates the standby router NE16E with 8 Mbps bandwidth at the peer end.
All rights reserved
Page 24

l Naming of logical interface
[ For MP, Ethernet sub-interface, and VLAN interface, assign meaningful numbers for their names. [ For MP-group A/B/C, "A" indicates the slot number; "B" indicates card number, which is fixed; "C" is set to a digit that indicates the information of the peer device, for example, an identification digit of peer loopback interface address, or OSPF area number of peer device. [ Strictly keep Ethernet sub-interface number consistent with the VLAN information. [ Make a uniform plan for the use of numbers for global VLAN interfaces, for example, 100 and 200 for the VLAN of VPN, and 1000 for NM VLAN.

All rights reserved
Page 26
Comparison Among Routing Protocols

Distance vector or link state Interior routing/ext erior routing Classful/ classles s Measureme nt method Expandabilit y Convergence time Resource consumption Security support and routing certificatio n None Easiness of setting, configuration, and troubleshootin g Easy
RIPv1
Distance vector
Interior
Classful
Hop count
15 hops
Maybe a long time (if no load balance) Maybe a long time (if no load balance)
Memory: High; CPU: High; Bandwidth: Low Memory: High; CPU: High; Bandwidth: Low
RIPv2
Distance vector
Interior
Classless
Hop count
15 hops
Yes
Easy
OSPF
Link state
Interior
Classless
Reference bandwidth/p hysical link bandwidth
Several hundred areas, each area supporting several hundred routers Several hundred areas, each area supporting several hundred routers
Maybe a long time (if no load balance)
Memory: High; CPU: High; Bandwidth: Low
Yes
Medium
IS-IS
Link state
Interior
Classless
Configured path, delay, cost, and error
Fast (Use of LSA)
Yes
Medium
BGP
Path vector
Exterior
Classless
Path attributes and other configurable parameters
1,000 routers
Fast (Use of update and keepalive message and route withdrawal)
Yes
Medium
All rights reserved
Page 27
Principles for Selection of Routing Protocols

Selection of Distance Vector Protocol and Link State Protocol
l Distance vector protocol
[ Simple, flat network topology, no need of hierarchy design [ Simple hub-and-spoke topology [ Network manager is unfamiliar with link state protocols and unable to shoot troubles in link state database [ No need to consider convergence time in the worst case
l Link state protocol
[ Hierarchical large network [ Network administrator has rich knowledge about link state protocol [ Fast convergence is of much importance

Measurement method
l Measurement result affects scalability l Traditional distance vector protocol uses only hop counts l Routing protocol of new generation considers delay, bandwidth,
and reliability
Hierarchical and non-hierarchical routing protocols

l With non-hierarchical routing protocol, all routers must perform the
same tasks
l With hierarchical routing protocol, routers of different roles perform
different tasks
All rights reserved
Page 29

Interior and Exterior Routing Protocols
l Interior routing protocol runs within an enterprise network or autonomous
system
l Exterior routing protocol runs between autonomous systems
Classful and Classless Routing Protocols

l Classful protocol Discontinuous subnets invisible to each other Not support variable length subnet mask (VLSM) l Classless protocol Support discontinuous subnet and VLSM Support reasonable subnet arrangement for aggregation

Dynamic, Static, and Default Routing Protocols
l Static routing protocol
[ Manual configuration, suitable for stub network [ No protocol messages occupy bandwidth [ Easy fault removal [ User has higher control over path selection [ Difficult to manage in large networks [ Routing details are not known
l Default route
[ Simple; suitable for the network with only one ingress and egress link [ Routing details are not known

Routing Protocol Expandability
l Whether there is any limit on measurement l Convergence speed upon network changes l Frequency and triggering method of route update and Link
State Advertisement
l Information transmission upon route update l Bandwidth occupation by route update l Advertisement range of route update l CPU occupation by routing protocols l Whether it supports default and static routes l Whether it supports route aggregation
Selection of Routing Protocol in Hierarchical Network

l Selection of routing protocol for core layer
[ Support of redundancy links and load sharing [ Recommended: OSPF, IS-IS [ Not recommended: RIP
l Selection of routing protocol for convergence layer
[ Recommended: OSPF, IS-IS, RIPv2

l Selection of routing protocol for access layer
[ Recommended: OSPF, RIPv2, static routing protocol [ IS-IS is not suitable for access layer
All rights reserved
Page 33
Redistribution Among Routing Protocols

Necessity
l l
A router runs more than one routing protocol Routing protocols need share routing information
Redistribution Principle
l l
Determine boundary of routing areas One-way distribution and two-way distribution

One-way distribution refers to distribution of routing information from one
protocol to another protocol, and use of static or default route in the reverse direction.
Two-way distribution refers to distribution of routing information from one
protocol to another protocol or vice versa.

Use route filter l l
Avoid re-advertisement of routes learnt from a protocol back to it Measures of different protocols are different.
All rights reserved Page 34

All rights reserved
Page 35
Developing Network Security

Security Policy
l Access policy
[ Access rights hierarchy

l Responsibility policy
[ Responsibility of users, operators, and administrators

l Authentication policy
[ Password mechanism
l Privacy policy
[ Reasonable privacy monitor, email monitor, and keystroke records

l Purchase of computer technologies
[ Computer network configuration, audit, and security policies


Security Policy
l Physical security
[ Physical isolation of key network resources [ Certification and authorization [ Certificate and authenticate the validity of user identity [ Limit the range of network resources available for certified users by right control
l Data encryption
[ Encrypt original data to prevent data from being read by third-parties [ Choose a balanced solution between security and performance
l No encryption for internal networks
[ Encrypt VPN users and private networks connecting with Internet


Security Policy
l Data packet filter
[ Protect network resources from unauthorized use, theft, damage, and attack
l Firewall
[ Physical equipment Deploy devices to perform security policies at the border of two or more networks Configure ACL router, dedicated hardware, and software on PC and Unix systems [ Firewall types Static packet filter ! Check packets one by one; fast forwarding; simple configuration Dynamic firewall ! Trace sessions and make intelligent admission and discard decisions

Security Policy
l Intrusion Detecting system (IDS)
[ Usage Detect malicious attacks Take performance statistics and analyze exceptional cases [ Type Host IDS: running on a single host and detecting only this host Network IDS: detecting the stream of the whole network
All rights reserved
Page 39

All rights reserved
Page 40
Developing Management Network System

Traditional Network Management Model
FCAPS in TMN model
Configuration management
Fault management
Security management
accounting management
Performance management
All rights reserved
Page 41

NM Development Trend
l More powerful and flexible NM functions l Distributed deployment and processing l Intellectualized and automated gateway l Integrated and customized management of large networks l More applications of Web-based NM technologies l In-depth analysis of network data l Platform and modularization of NMS l NMS redundant backup l Evolution from IPv4 to IPv6
All rights reserved
Page 42

IPv4-IPv6 Dual Stack NM
IPV6 IPv4-IPv4 route IPV4 IPV6
IPV6 IPV4
IPV4 Dual stack host


IPv6 NM
SNMPv6
IPv6 network
All rights reserved
Page 44

NMS Model
Integrated NM
Data management
Northbound interface
Data operation
External system NMS Southbound interface

Inband or outband NM
Terminal interface
Data collection, alarm, and control NE


Inband Management
Other NMS
IP/ATM Core
N2000 NMS Firewall Aggregation Layer Aggregation Layer N2000 Local Terminal
Backup
Technology Support (Local Console Configuration) Access Devices
All rights reserved
Page 46

Outband Management
Other NMS
DCN
N2000 NMS Firewall
Backup
IP/ATM Core
Aggregation Layer Aggregation Layer
N2000 Local Terminal
Access Devices
Technology Support (Local Console Configuration)
All rights reserved
Page 47

Two-level NM
Provincial terminal Provincial OSS NMS
Municipal terminal
Municipal OSS NMS
Municipal NE
All rights reserved
Page 48

Centralized NM
Provincial terminal Intelligent NMS
Municipal terminal
Regional IN NE
SCP/SMP
All rights reserved
Page 49

Integrated NM
Municipa l terminal Municipa l terminal
Provincial NMS A
Provincial traffic NMS
Provincial NMS B
Municipal OMC
Municipal OSS
Municip al NE
IN NMS
Municip al NE
All rights reserved
Page 50

External Interface
Provincial NM terminal
OSS
DCN/Group/Internet
All rights reserved
Page 51

Independent NM
Provincial terminal Provincial NMS Provinci al NE
Municipal terminal
Municipal NMS
Municipa l NE
All rights reserved
Page 52

Service Model of NM Network
Network infrastructure
User
NMS
Service NE
User domain
" PSTN terminal " Mobile terminal " Third party access
Network domain " Internal systems " External interfaces " DMZ " Public security service " " " " "
NM domain Provincial NMS sub-domain Simens NMS sub-domain Ericsson NMS sub-domain Municipal NMS sub-domain ##
Cross-subdomain NM network data arrangement
NM network service domain
" Public service for external system connection Page 53
All rights reserved

Architecture of NM Network
Service module 7 Service module 8 Service module 6
Service module 1
Service module 5
Service module 2 Service module 3
Service module 4
Barring backdoor connection


Implementation of NM Network
Provincial NM sub-domain by Huawei Provincial NM sub-domain by Ericsson Provincial traffic NM sub-domain Trusted channel MPLS/IP Security domain Municipal NM sub-domain by Huawei Municipal NM sub-domain by Ericsson Municipal traffic NM sub-domain
Public external interface area
Public security service domain Cross-sub-domain data exchange area
Security area Risk area

Internet External risk
DMZ
Server Network access authentication Terminal gateway

Dedicated terminal
PUPV/IP base PUPV/IP base risk area

Third party access area Third party access area Third party access area
Internal risk
Dedicated terminal Dedicated terminal
DCN
All rights reserved
Page 55

Active authentication Service system 1 Service system 2 Service system 3 Service system 4 gateway
MA5200F
Standby authentication gateway
MA5200F
Standby WPN data exchange area Active WPN data exchange area
IDS
Internet Public external
Network domain
interface area
DCN
Municipal node 1
MA5200F
Municipal node N
Provincial branch Municipal branch

MA5200F
All rights reserved
Page 56
Thank You
www.huawei.com

ODD010001 Overview of IP Network Planning ISSUE1 - 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ODD010001 Overview of IP Network Planning ISSUE1 - 1

Uploaded by

Copyright:

Available Formats

Internal

ODD010001 Overview of IP Network Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Principles of Network Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Principles of Network Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Basic Principles of Network Planning

[ Equipment [ Network topology

[ Equipment performance [ Scalability [ IP address and routing protocol planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Basic Principles of Network Planning

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Flow of Network Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

[ Redundancy and reliability of key modules (power and control board)

[ Real time Traffic < Throughput / 2

[ If the ports can meet the requirements

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Principles of Network Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Designing a Network Topology

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Designing a Network Topology

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Designing a Network Topology

iManagerTM N2000/NMS Network management platform

Core layer Convergence layer Access layer

10G/2.5G/RPR MPLS VPN Quidway NetEngine 16E/08E/05

Quidway NetEngine 5000E/80E/40E Quidway NetEngine 40/20

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Designing a Network Topology

Provincial IP network Metropolitan IP network

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Designing a Network Topology

Backbone network 2 (carrier-class services)

Backbone network 2 (network access and data services)

Carrier-class service plane

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Designing a Network Topology

loss caused by equipment failure

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Designing a Network Topology