CCDA 2nd October 2008.

Cisco SERVICE ORIENTED NETWORK ARCHITECTURE (SONA) Shifts the view of a network from a pure traffic transport-oriented view to a service/application-oriented view. Cisco Vision: real-time infrastructure that integrates the network and applications as one system. The network is the single common element that connects and enables all components of the IT infrastructure. Intelligent Information Network (IIN): strategy that addresses how the network is integrated with business & business priorities. Offers end-end functionality & centralized, unified control that promotes true business transparency & agility. Features of IIN: o Integration of networked resources & information assets that have been largely unlinked. (Data Voice Video) o Intelligence across multiple products & infrastructure layers. (Virtualization) o Active participation of the network in the delivery of services & applications. (Networked-enabled application) 3 phases of this methodology: 1. Integrated Transport. 2. Integrated Service. 3. Intergrated Application. SONA is an architectural framework that illustrates how to build integrates systems and guides the evolution of enterprises toward more intelligent networks. Consists of: 1. Networked Infrastructure Layer 2. Interactive Service Layer 3. Application Layer NETWORK DESIGN METHODOLOGY P Prepare: Make sound financial decisions P Plan: Can the network support the proposed system? D Design: Products, Service, Support aligned to requirements I Implement: Integrate without disruption or causing vulnerability O Operate: Manage, resolve, repair, replace O Optimize: Adapt to changing business requirements. Benefits of Life-Cycle Approach to Network Design: Lowering total cost of network ownership. Increasing network availability Improving business agility Accelerating access to applications and services

Design Methodology: is a documented, systematic way of doing something. It includes 3 basic steps: Identify Customer requirements Characterize the existing network and sites. Design the network topology and solutions. The process when the design is complete includes; Plan the implementation Implement and verify the design Monitor and optionally redesign. 1. Identifying Customers Requirements. Assessing the scope of a Network Design Project. New network or modification of an existing one. Whether the entire enterprise is affected or only a subset/ single segment. Addresses a single function or entire functionality. Determining requirements includes: 1. Extracting initial requirements from customer 2. refining these with other data that has been collected from the organization. Planned applications & network services: Application type Application Level of Importance Comments Infrastructure services i. Security ii. QoS iii. Network Management iv. High Availability v. IP Multicast vi. Voice vii. Mobility. Organizational goals are more important than technical goals. Examples of certain organizational goals: Increase competitiveness Reduce costs Improve customer service Add new services. Typical Organizational constraints: Budget Personnel Policies

 Schedule Technical Goals Improve network performance Improve security and reliability of mission-critical applications and data Decrease expected downtime and related expense. Modernize outdated technologies Improve scalability of the network Simplify network management. Performance is a general term that includes responsiveness, throughput, and resource utilization. Technical Constraints: Existing equipment Bandwidth availability Application compatibility Lack of qualified personnel. 2. Characterizing the existing network and Sites. Customer input Network audit Traffic Analysis Information about existing networks: Topology Service Applications. Auditing of existing tools are required: a. List of network devices b. Hardware & software device specs c. Configurations of network devices d. Output of various auditing tools e. Link, CPU, memory utilization of network devices. f. List of unused resources. 3. Analyzing Network Traffic & Applications. Verifies the set of applications & protocols used in the network. Some important packet-sniffing tools: NBAR: recognizes a wide variety of applications which use TCP & UDP NetFlow: provides access to detailed recording information from their data networks. Essential to make a network Health Checklist Make a Summary report

 Create a draft design document Using the Top-Down Approach to Network Design Adapts the physical infrastructure to the needs of the applications With the bottom-up approach, need to redesign the network is high. Thoroughly analyze the customers requirements. Initiate design from the top of the OSI Model. Decision tables in Network Design 1. Determine the network building block about which decisions will be made 2. collect possible options for each decision 3. create a table of the possible options and the given requirements 4. Match the given requirements with the specific properties 5. select the most appropriate option - one with most matches. Structured Designing: Identify the applications Identify the applications logical connectivity requirements Split the network functionally to develop the n/w infrastructure Design each functional layer separately. The most common approach to physically structuring a network module; is a 3 layer hierarchical structure: core, distribution & access layers. Network Designing Tools: 1. Network Modeling tools. 2. Strategic Analysis tools. 3. Decision tables. 4. simulation & verification tools or services. Pilot Network tests & verifies the design before the n/w is launched, normally used when the design is for a completely new network. Prototype Network tests & verifies a redesign in an isolated n/w.

STRUCTURING & MODULARIZING THE NETWORK

The hierarchical network model provides a framework that n/w designers can use to help ensure that the n/w is easy & flexible to implement & troubleshoot. Consists of the Access, Distribution, Core layers. These hierarchical layers are not implemented as distinct physical entities.

The Hierarchical Network Design Layers: 1. Access Layer provides remote & local workgroup or user access to the n/w. 2. Distribution Layer provides policy based connectivity. 3. Backbone Layer - provides high-speed transport to satisfy the connectivity and transport needs of the Distribution Layer devices. The ACCESS LAYER: Role of: Incorporates switched LAN devices with ports that provide connectivity for workstations and servers. For WAN, provides access to corporate network across some wide-area technology Access is granted only to authenticated users or devices. Access can be provided to the end users as part of either a L2 switching environment or multilayer switching environment. VLANs may be used to segment switched LANs. Recommended to connect Access switched to distribution switches via Layer 3 links rather than with trunks. (RSTP provides faster STP converging after topology changes) Support convergence, high availability, security, QoS & IP multicast Services: QoS Trust boundary, broadcast suppression, IGMP snooping. The DISTRIBUTION LAYER: i. Separation between Access & Core Layers. ii. Connection point between diverse access sites & the core layer. Need to use Bandwidth efficiently since it controls activity at the core layer. Concentrates multiple low-speed access links into high-speed core links. Aggregates WAN connections at the edge of the campus Route summarization to improve routing performance Terminates broadcast domains. Allows media transition (eg.: from Ethernet to ATM)

Policy Based Connectivity: Filtering by source or destination Filtering based on i/p o/p ports Hiding internal nos. by route filtering

Providing specific static routes rather than dynamic routes. Security QoS mechanisms.

The CORE LAYER: High speed backbone that should be designed to switch packets as quickly as possible. Provide high level of availability ,reliability & redundancy. Should not perform any kind of manipulation Should be manageable & provide load balancing. The Access, Distribution & Core Layers can appear within each module of the Cisco Enterprise Architecture. Eg: Remote Location ACCESS Regional Office DISTRIBUTION Head Office CORE CISCO ENTERPRISE AECHITECTURE Divide the n/w into functional modules The Access, Distribution & Core layers can appear in of the above functional layers. The 1st layer comprises of the following 6 major functional areas: i. Enterprise Campus: combines a core infrastructure of intelligent switching & routing with tightly integrated productivity-enhancing technologies. ii. Enterprise Edge: offers connectivity to voice, video & data services outside the enterprise. iii. Service Provider: offers convergence of voice, video & data services over a single Cisco Unified Communications Network. iv. Enterprise Branch: allows enterprises to extend head-office applications & services to remote locations. v. Enterprise Data Center: Supports requirements for consolidation, business continuance and security. vi. Enterprise Teleworker: allows enterprises to securely deliver voice & data services to remote small or home offices over a standard broadband access The SONA Enterprise Edge & the WAN & MAN modules are represented as one functional area in the CEA. An enterprise campus site is a large site that is often the corporate HQs or a major office. Regional offices, SOHOs & mobile workers might have to connect to a central campus for data & info. For management purposes, an out-of-band network connection to all network components is recommended.

Enterprise Campus guidelines: 1. Select modules within the campus that act as buildings with access & distribution layers. 2. Determine the locations & the no. of access switches and their uplinks to distribution layer switches. 3. Select appropriate distribution layer switches; at least 2 distribution layer switches 4. Consider 2 uplink connections from each access layer switch to the 2 distribution layer switches. 5. Connect all servers in the farm to at least 2 distribution switches for full redundancy. 6. Design the Campus Core layer switches & provide for traffic volume between modules. 7. Interconnect all modules with the Campus Core in a redundant manner ENTERPRISE EDGE MODULE. The Enterprise Edge modules perform security functions when Enterprise Resources connect across public networks and the internet. Consists of 4 Major Modules: E-Commerce Module Internet Connectivity Module Remote Access & VPN Module WAN & MAN & Site-Site VPN Module. E-Commerce Module: Deploy E-Commerce applications Devices used: 1. Web Servers primary interface for e-commerce navigation 2. Application Servers host various applications 3. Database servers contain transaction info 4. Firewalls provide security 5. NIDS/NIPS responds to attacks against the network 6. Multilayer switch with IDS/IPS security monitoring 7. Host-Based IPS real time reporting & prevention of attacks Internet Connectivity Module: Provides internal users with connectivity to Internet Services. Accepts VPN traffic from remote users and remote sites & forwards it to Remote Access VPN Module Doesnt serve e-commerce applications Major components used in this: 1. SMTP mail servers relay between internet & intranet mail servers 2. DNS servers relay internal DNS request to the external DNS(Internet)

3. FTP,HTTP (Public Servers) provide public info about the organization 4. Firewalls network level protection, stateful filtering of traffic 5. Edge Routers basic filtering & mult-layer connectivity to the Internet Remote Access & VPN Module Initiates VPN connections to remote sites Terminates dial-in connections Components used in this module are: 1. Dial-in Access concentrators terminate dial-ins, authenticate users 2. Cisco Adaptive Security Appliance terminate IPSec tunnels 3. Firewalls network protection, security, stateful filtering 4. NIDS provide layer 4 7 monitoring of key network segments WAN and MAN & Site-Site VPN Mode: Route traffic between remote & central sides Doesnt include the WAN Connections or links, only provides interfaces to WAN Enterprise Edge Guidelines: 1. Create E-Commerce Module which allows customers to access predefined servers & services yet restricts all other operations 2. Determine the connections from the corporate network into the Internet & assign them to the Internet connectivity Module 3. Design a Remote Access & VPN module if the organization requires 4. Determine which part of the edge is used exclusively for permanent connections to remote locations & assign it to the WAN & MAN module SERVICE PROVIDER MODULES: Internet Service Provider Module Represents enterprise IP connectivity to an ISP network for basic access to the Internet Can connect 2 or more ISPs to provide redundant connections to the Internet PSTN Module Represents non permanent WAN Connections Represents dial-up infrastructure to backup existing WAN Links Frame Relay/ATM Module: Represents permanent connectivity with the remote locations FR capable of connecting multiple remote sites across a single physical link (E3 34.368Mbps European, T3 44.736Mbps North American) ATM has higher switching & speed as compared to FR Leased lines can also be used for permanent connectivity SONET American, SDH Eeuropean, standard transmission over optical links Cable technology uses co-ax TV cables

 DSL, uses phone lines, connects between a telephone switching station and Home Wireless bridging technology interconnects remote LANs using p2p transmission REMOTE ENTERPRISE MODULES 1. Enterprise Branch Module: Uses a simplified version of the Campus Infrastructure module design Remote sites or branch offices. 2. Enterprise Data Center Similar to the Campus Server Farm Includes the following components: i. At Network layer gigabit Ethernet, 10Gb Ethernet ii. At interactive service layer includes fabric, computer, security services iii. At the management layer tools 3. Enterprise Teleworker Module Provides access to users in geographical dispersed locations (mobile users) Cisco Teleworker provides easy solutions to the mobile clients SERVICES WITHIN MODULAR NETWORS Interactive Services: Forwarding is the fundamental activity within an internetwork Interactive services add intelligence to the network infrastructure, beyond simply moving a datagram between 2 pts. Security Services: Security is an infrastructure service that increases the networks integrity by protecting network resources & users from internal & external threat Layered-security is also known as defense-in-depth Internal Security: o If enterprise edge fails, the enterprise campus becomes vulnerable. o Physical security is not good enough o Applications require indirect access to the enterprise campus Methods of increasing security at each level of the enterprise campus: 1. Building Access Layer: Filtering based on MAC, Port Authentication 2. Building Distribution: filtering based on Access-lists. 3. Campus Core: since high speed switching is involved, no security. 4. Server Farm: use host-based & network-based IDSs & IPSs, private VLANS 5. Security servers are also provided with syslog functions using One Time Password(OTP) and Authenticating, Authorization & Accounting (AAA). IDS & IPS When an IDS detects an attack, it either uses corrective action or informs the administrator who can take corrective action

HIDS works by intercepting OS & application calls as well as after-the-fact analysis of local log files HIDS is more effective from preventing attacks, NIDS only informs on detecting intrusions Network-based IPS detect, classify and stop threats like viruses etc. Host-based IPS protect server and desktop computing systems External Security: o The enterprise edge is like a wall & is the first line of defense at which potential outside attacks can be stopped. o Some common attack methods are: 1. IP Spoofing: hacker uses a trusted computer to launch an attack. Uses either a trusted internal IP or external IP add 2. Password attacks: using a packet sniffer to determine usernames & Passwords is used. 3. DoS attacks: focus on making a service unavailable for normal use 4. Application layer attacks: exploit certain well-known weaknesses in common s/w programs to gain access to a comp.

DoS: o Not targeted at gaining access to a n/w or its info o Focus on making services unavailable for normal use by exhausting some resource limitation on the n/w o Locks out users from accessing services from servers o Implemented using ICMP and TCP o Exploit weakness in the overall architecture rather than a loop-hole in the s/w Application Layer attacks: o Explointing well-known weaknesses in software commonly found on servers such as SMTP, HTTP and FTP. o Unfortunately, these applications use ports that are allowed through a firewall. High-Availability Services: To ensure mission-critical applications, high availability is an essential component of an enterprise environment. Redundant topologies should be implemented with care since they are expensive to deploy and maintain Unless all devices are completely fault-tolerant, redundant links should terminate at different devices Server Farm & Campus Core modules require higher availability. Types of redundancy o Device redundancy o Redundant physical connections o Route redundancy o Link redundancy

o Power redundancy End to end high availability is possible only when redundancy is deployed throughout the internetwork High Availability in the Server Farm Some common ways of connecting include the following: 1. Single Attachment: When a host/server knows the address of the router while sending data to another n/w; which fails, then this method is not recommended. ARP, RDP, RIP, HSRP, GLBP, VRRP are some router discovery methods for finding alternate solutions. 2. Attachment through a redundant transreceiver: Useful when h/w or s/w doesnt support redundant attachments 3. Attachments through NICs: some environments support a redundant attachment through dual NICs 4. Fast Ether Channel/ Gigabit Ether Channel ports: they bundle multiple Ethernet ports into a single logical transmission path between a router & a switch. STP treats this EtherChannel as one logical link. Router Discovery 1. Explicit Configuration: configuring default gateway 2. ARP: send ARP frame to find a remote session 3. RDP: ICMP allows the RDP to learn a routers IP address 4. Routing Protocol: RIP can be run in passive mode to only learn about IPs 5. HSRP: creates a virtual router that has its own IP & MAC add 6. GLBP: allows packet sharing between redundant routers in a group. uses single virtual IP & multiple virtual MAC adds 7. VRRP: election protocol that dynamically assigns responsibility for one or more virtual routers to the VRRP routers on a LAN Designing Route Redundancy: To minimize effect of link failures To minimize the effect of an internetworking device failure Redundant routes might also be used for load balancing when all routes are up. When a packet is process-switched, load-balancing over equal-cost paths occur on a per-packet basis When packets are fast-switched, load-balancing over equal-cost paths is on a perdestination basis Possible ways to make the connection redundant include the following: o Parallel physical links between switches & routers o Backup LAN & WAN links Possible ways to make the network redundant: o Full mesh to provide complete redundancy & good performance o Partial Mesh, which is less expensive & more scalable.

The common approach when designing route redundancy is to implement partial redundancy by using partial mesh instead of full mesh and backup links to the alternate devices.

Designing Link Redundancy: Redundant media are often deployed in WAN environments Back-up links can always be on or become active when a primary link goes down Examples of Back-up links: o A leased line can be parallel with a back-up IPsec connection over the Internet. Channel Aggregation: a router can bring up multiple channels as bandwidth requirements increase. Voice Services: To ensure successful implementation of voice applications, network designers must consider the enterprise services & infrastructure & its config. Voice Implementations: 1. VoIP: Uses voice-enabled routers to convert analog voice into IP packets PBX is connected to a voice-enabled router that is an entry point to VoIP These routers can also terminate IP phones using Section Initiation Protocol 2. IP telephony: Traditional phones are replaced with IP phones A server for call control & signaling is also used Since the phone itself performs voice-IP conversion, no voice enabled routers are required within the enterprise n/w Components of IP Telephony; 1. IP Phones: Used to place calls in an IP telephony n/w Perform voice-IP coding and compression using special hardware Offer services such as user-directory lookups & Internet Access Power to the phones are supplied through LAN connections or ext. power 2. Switched with Inline Power(PoE): Enable modular wiring closet infrastructure to provide centralized power for Cisco IP Telephony networks These switches provide special power to the ports where IP phones are connected. Switches also perform special QoS tasks. 3. Call Processing Manager: Provides central call control and config management for IP phones

Provides core functionality to initialize IP telephony devices & to perform call setup and call routing throughout the network.

4. Voice Gateway: Voice-to-IP coding and compression, PSTN Access, IP packet routing, backup call processing, & voice services. Modular Approach in Voice Network Design: Voice affects the various modules of the enterprise network as follows: Access: IP phones and end-user computers are attached to Layer 2 switches here. Distribution: Aggregates Building Access layer switches and provides redundant uplinks to the Campus Core layer Core: All enterprise network modules are attached to it. Server Farm: Includes multilayer switches with redundant connections Enterprise Edge: Extends IP telephony from the Enterprise Campus to remote locations via WANs, the PSTN and the Internet. Design Considerations for Voice Performance Availability Features Capacity Power Wireless Services: Since WLANs are typically connected to the wired network, all the modules within the enterprise infrastructure must be considered to ensure the success of a wireless deployment. Centralized WLAN components: 1. End-User Devices: Generally a PC having a wireless NIC. 2. Wireless APs: Typically in the Access layer, function similar to a hub 3. Wireless LAN Controller(WLC): provides management & support for wireless services such as roaming. Typically the core layer. 4. Existing switched & routed wired network: Wireless APs connect to the Enterprise network. Application Networking services: As voice & video become more important applications these days, new ANS are implemented. NETWORK MANAGEMENT PROTOCOLS & FEATURES:

1. SNMP has become the de facto standard for use in network management solutions and is tightly connected with remote monitoring (RMON) Network Management Architecture: 1. Network Management System (NMS): System that executes applications that monitor & control managed devices. Provide the bulk of the processing and memory resources 2. Network Management Protocol: Facilitates the exchange of management info between the NMS & the managed devices 3. Managed devices: Device managed by an NMS 4. Management Agents: Collects and stores management info including SNMP & RMON agents 5. Management Info: Data that is of interest usually stored in MIBs. SNMP is the simplest network Management protocol. MIB is a detailed definition of the info on a n/w device RMON is an extension of MIB Simple Network Management Protocol: Is the foundation of the network management architecture. Defines how info is exchanged between network management applications & management agents. Manager: o Periodically polls the SNMP agents that reside on managed devices for the data o Due to latency there is a trade-off between polling frequency and bandwidth usage. Protocol: o Uses UDP at the transport layer to send & retrieve management info Managed device: o Device managed by the manager (router) Management Agents: o Reside on the managed devices o Generate traps to inform the manager about certain events Management Information Base (MIB): o Its a database of the objects about the device o Community strings control access to the MIB SNMPv1 Get Request: used by manager to request a specific MIB variable from the agent

Get Next Request: Used after initial Get Req to retrieve next object instance. Set Request: Used to set a MIB variable on an agent Get Response: used by an agent to respond to a Get Req or Get Next Req message Trap: used by agent to transmit an unsolicited alarm to the manager

SNMPv2 Is a revised protocol that includes performance manager to manager communication improvements to SNMP The following are the changes introduced in version 2: o GetBulk message type: used for retrieving large amounts of data o InformRequest: Used to alert SNMP Manager of a specific condition Addition of new data types with 64-bit counters

SNMPv3 Since ver 1 & 2 didnt have any security or authentication features, hence ver 3. Ver 3 has the following 3 security levels: 1. NoAuthNoPriv: Without authentication & without privacy 2. AuthNoPriv: With authentication but without privacy 3. AuthPriv: With authentication as described earlier and privacy

MIB Collection of managed objects Stores info, which is collected by the local management agent Has a tree-like structure in which similar objects are grouped under the same branch of the MIB tree A Cisco routers MIB tree contains several defined standard managed objects: o Interface group o IP group o ICMP group

MIB-II Is an extension of MIB-I MIB-II is still a device-centric solution, i.e. its focus is on individual devices Is a poll-based, i.e data is stored in managed devices and a management system must request it via management protocol Cisco MIB Contain 3 sub-trees: Local, Temporary and CiscoMgmt.

MIB Polling Guidelines:

 Restrict polling to only those variables necessary for analysis Analyze and use the data collected, do not collect data if it is not analyzed Increase polling intervals over low bandwidth links Deploy management domains Leverage non-polling mechanisms such as SNMP traps, RMON & syslog RMON Allows packet and traffic patterns on LAN segments to be monitored RMON tracks the following items: o Number of packets o Packet sizes o Broadcasts o Network utilization o Errors and conditions like Ethernet collisions o Statistics for hosts Without RMON, a MIB could be used to check the devices network performance Since RMONs collect a lot of data, dedicated probes are often used on routers and switches instead of enabling RMON agents on these devices.

RMON1 Works on the Data Link layer and provide aggregate LAN traffice stats & analysis for remote LAN segments

RMON1 groups are as follows: Statistics: packets sent, bytes sent, CRCs, runts, collisions etc. History: store periodic statistical samples for later retrieval Alarm: set specific thresholds for managed objects Host: stats associated with each host discovered on the n/w Host Top N: stats of a host that top a list observed by a variable Matrix: stats for conversations between two sets of addresses Filters: rules for data packet filters Packet Capture: contain data packets that match rules that set in the Filters group Events: control the notification of events from this device Token-Ring: contains the following: o Ring Station: detailed stats on individual stations o Ring Station Order: ordered list of stations currently on the ring o Ring Station Configuration: config info & insertion data on each station o Source Routing: Stats on source routing such as Hop Counts RMON2 Was developed to extend functionality to the upper-layer protocols

Provides full network visibility to from the network layer through to the application layer RMON2 groups include: o Protocol Directory: list of protocols that the device supports o Protocol Distribution: contains traffic stats for each supported protocol o Address Mapping: n/w layer to MAC layer mappings o Network Layer Host: contains stats for n/w layer traffic o Network Layer Matrix: n/w layer traffic stats for conversations between hosts o Application Layer Host: stats for application layer traffic o Application Layer Matrix: application layer traffic for conversations between hosts o User History Collection: contains periodic samples of user-specified variables o Probe Configuration: standard way of remotely configuring probe parameters

NetFlow Is a unidirectional sequence of packets between source and destination. Is a measurement technology that measures flows that pass through Cisco devices. Can be exported to network management applications to further process info Key components are Netflow cache & Netflow export It basis for a set of network applications: 1. network traffic accounting 2. usage-based network billing 3. network planning 4. network monitoring 5. provides measurement base for QoS applications can be configured to export data to a flow collector Netflow allows several key customer applications: 1. Accounting & Billing 2. Network Planning & Analysis 3. Network Monitoring 4. Application Monitoring & Profiling 5. User Monitoring & Profiling 6. Netflow Data warehousing & Data Mining Netflows info gathering benefits include much more than SNMP with RMON MIB

CDP (Cisco Discovery Protocol) CDP info is sent only between connected Cisco Devices CDP frames are never forwarded

Provides the following info: 1. Device ID 2. Local Interface 3. Holdtime 4. Capability List 5. Platform 6. Port ID CDP should not be run on interfaces like that connected to the internet For security reasons, block SNMP access to CDP data from outside your network and from subnets other than the management station subnet.

Syslog Accounting: Syslog system message provides a means for the system and its running processes to report system state info to a network manager Cisco devices produce a syslog message as a result of network events Seq no: timestamp: % facility severity MNEUMONIC: description Are sent to console session by default If collected data will not be analyzed, do not collect it

DESIGNING BASIC CAMPUS & DATA CENTER NETWORKS Campus Design Considerations:
Multilayer approach to campus network design combines data-link layer & multilayer switching to achieve robust, highly available campus networks.

Designing an Enterprise Campus: Network Application Characteristics: o Organizational requirements, services & applications e.g: b/w & delay Environmental Characteristics: o Geography and transmission media used e.g.: buildings, space, power Infrastructure device Characteristics: o Trade-offs between data-link & multilayer switching o High availability & high throughput are requirements that might require consideration throughout the infrastructure o Most Campuses use Data-Link in Access Layer & Multilayer in Distribution and Core Layers. Network Applications & Characteristics: Types of Application Communication: o Peer-Peer o Client Local Server o Client Server Farm o Client Enterprise Edge server PEER-PEER Applications include applications in which the majority of the n/w traffic passes from one n/w edge device to another through the organizations n/w. Typical Peer Peer applications include: o Instant Messaging o IP Phone Calls o File Sharing o Video Conference Systems CLIENT LOCAL SERVER 80% traffic is local to the LAN & 20% leaves the segment

The n/w is split into several isolated segments, having its own servers known as local servers Data exchange between LANs happens over the Campus Backbone

CLIENT SERVER FARM APPLICATIONS Locating servers centrally rather than the workgroup is technically feasible & reduces support costs. To achieve this, servers are kept in a Server Farm High-end LAN switches with the fastest LAN technologies, are deployed in such an environment Use the 20/80 rule CLIENT ENTERPRISE EDGE APPLICATIONS: Use servers on the Enterprise Edge to exchange data between the organization & its public servers Application Requirements 1. Connectivity 2. Throughput 3. High Availability 4. Total Network Cost Environmental Characteristics & Considerations 1. Network Geography Considerations: Is determined by the location of the Enterprise Campus Nodes and the distance between them Intrabuilding Structure: Access & the Distribution layer are located typically in the same building Access layer switches usually connect to the Building Distribution switches over optical fibre Interbuilding Structure: Provides connectivity between individual campus buildings central switches Distant Remote Building Structure: While connecting buildings at distances that exceed a few kms, the most imp factor is the physical media (within the same MAN) Transmission Media Considerations: Signal attenuation & electromagnetic interference must be considered. Copper is used in UTP and twisted pairs Hackers can Eavesdrop on electromagnetic signals transmitted by copper cables.

For distances longer than 100m, Cisco proprietary, Long Reach Ethernet (LRE) is used, especially for WANs Multimode(MM) & Single Mode (SM) Optical Fibre cables are used MM is optical fibre that carries multiple light waves or modes concurrently, each at a slightly different angle MM is used for relatively short distances due to MM dispersion Typical diameter of MM is 50 or 62.5 micrometers Typical diameter is 2 & 10 micrometers Allows for higher transmission speeds @ much higher costs Allow much longer distances between devices and not affected by EM waves Optical fiber requires a precise technique for cable coupling Building Wireless, Access points (AP) are required The wireless throughput is significantly less than its maximum data rate due to the half-duplex nature of radio frequency technology

Infrastructure Device Characteristics & Considerations: Switched technology provides dedicated network bandwidth for each device on the network. Switched n/w can support n/w infrastructure services like QoS, security, etc. The difference between layer 2 & 3 switching is that type of info used inside the frame to determine the correct o/p interface. While deciding which type of switch to use, the following can be considered: Infrastructure capabilities Size of the n/w segments Convergence time Cost Convergence time: STP takes about 30 50 secs to converge in case of an n/w outage To eliminate STP convergence issues, all links connecting core switches should be routed links not VLAN trunks For multilayer switches, convergence is within secs depending on the routing protocol Multilayer Switching & Cisco Express Forwarding: MLS based on n/w flows allows switching at layer2, 3 & 4 Network Flow is an unidirectional sequence of packets between a source & destination Components of MLS are as follows: 1. MLS Route Processor 2. MLS Switching Engine 3. MLS Protocol MLS allows communication between two devices that are in different VLANs, that are connected to the same MLS-RE, and that share a common MLS-RP

Cisco Express Forwarding (CEF) uses 2 components to optimize the lookup of the info required to route packets Forwarding Information Base (FIB) used for layer 3 routing CEF creates a FIB by maintaining a copy of the forwarding info contained in the IP routing table Adjacency Table contains layer 2 frame header info, including next-hop addresses, for all FIB entries After a packet is processed and the route is determined from the FIB the Layer 2 next-hop and header info is retrieved from the Adjacency Table

IP Multicast : o Enables networks to send data to a group of destinations in the most efficient way o Identified by the Class D IP Add: 224.0.0.0 to 239.255.255.255 o IP multicast involves some new protocols: 1. IGMP is used between hosts & local routers 2. CGMP is used as IGMP was a layer 3 protocol and switches would flood out data off all ports 3. Protocol Independent Multicast Routing Protocol (PIM) is used by routers that forward multicast packets Cisco routers do not support Multicast OSPF Multicast-enabled routers use PIM to dynamically create distribution trees that control the path that IP multicast traffic takes through the n/w The following 2 types of distribution exist: 1. Source Tree: created for each source sending to each multicast group 2. Shared Tee: is a single tree that is shared between all sources for each multicast group Forwarding multicast traffic away from the source, rather than to the receiver is called Reverse Path Forwarding (RPF). RPF prevents looping PIM operates in one of the 2 modes: 1. Sparse Mode: uses shared tree & therefore requires a RP to be defined. 2. Dense Mode: uses source trees QoS Considerations in LAN switches: QoS mechanisms are techniques used to manage network resources Congestion on the Uplink port is unavoidable when all Access ports are using max b/w while communicating QoS mechanisms include: Classification & marking: partitioning traffic into multiple priority levels, or classes of service. Marking is the process of changing the priority or class of service (CoS) setting within a frame or packet to indicate classification

Congestion Management: Queuing: Separates traffic into various queues or buffers Queuing techniques ensure that traffic from the critical applications is appropriately Congestion Management: Scheduling: the order in which queues are serviced Policing & Shaping: identify some traffic that violates some threshold levels reduces a stream of data to a predetermined rate/level QoS in Distribution & Core switches must be provided in both directions of flow Load Sharing in Layer 2 Switches: Cannot perform intelligent load sharing Put all Uplink connections into trunks Load Sharing in Layer 3 Switches: Can perform load sharing based on IP adds.

Enterprise Campus Design

Campus Infrastructure: Building Access Building Distribution Campus Core Server Farm Edge Distribution Enterprise Campus Requirements include cost, reliability, scalability, performance Building Access Layer Design Considerations: No of users & host ports for current as well as future applications Modular or fixed switch config Available ports for end user connectivity at the walls of the building Access switches not located in the wiring closet Cabling in the wiring closet and for uplink connectivity Data link layer performance of the node Level of redundancy Required link capacity to the Building Distribution switches Deployment of VLANs & STP Requirement of port security, multicast traffic management & QoS

Best-practice recommendations for optimal Building Access Layer: Manage VLANs & STP Manage trunks between switches Manage default Port Aggregation Protocol settings

Consider implementing routing

1. Managing VLANs & STPs Limit VLANs to a single wiring closet whenever possible Avoid using STP if possible especially for load balancing If STP is required, use RSTP with per-VLAN(PVST) Spanning Tree Plus o If a n/w includes non-Cisco switches, isolate the different STP domains with layer 3 routing to avoid STP compatibility issues o Use STP in layer 2 designs to protect against user-side loops The Cisco STP Toolkit consists of the following: i. Port Fast BPDU Guard BPDU Filtering ii. UplinkFast iii. BackboneFast iv. STP Loop Guard v. RootGuard vi. BPDU Skew Detection vii. Unidirectional Link Detection(UDLD)

2. Managing trunks between switches: Usually connected between the Building Access & Building Distribution Trunk Mode & Encapsulation Manually Pruning VLANs VTP Transparent Mode Trunking on ports 3. Managing Port Aggregation Protocol Settings PAgP and LACP are protocols handling auto EtherChannel formation 4. Implementing Routing in the Building Access Layer At times implementing the right routing protocol, better convergence results are achieved as compared to layer 2 or 3 boundary designs Building Distribution Layer Design Considerations Implements many policies based on access lists & QoS settings Some of the considerations have to be made. No. of devices each Building Distribution switch can handle Required type and level of redundancy No. of uplinks needed Speed needed of the uplinks to be to the Building Core switches

Available cabling options Delivery of high performance for all its applications

Following n/w characteristics need special attention: 1. Performance Should provide wire-speed performance on all ports 2. Redundancy Redundant building layer switches & redundant connections to the Campus Core should be implemented Supports fast convergence and avoids routing black holes 3. Infrastructure Services: Should not only support fast, multilayer switching but also high availability, QoS, security, & policy enforcement Best practice recommendations: 1. Use first-hop redundancy protocols 2. Deploy layer 3 routing protocols between the Building Distribution switches & Campus core switches 3. If reqd, Building Distribution switches should support VLANs that span multiple Building Access layer switches. 1. Using First-Hop Redundancy Protocols: Failure of layer2 makes convergence time depend on default gateway redundancy & failover time Building Distribution switches provide first-hop redundancy Allows a network to recover from a failure of the device acting as a default gateway for end nodes on a physical segment Cisco Deployments: HSRP IETF: VRRP GLBP supports load balancing on uplinks from access to distribution layer 2. Deploying Layer 3 Routing Protocols between Building Distribution & Campus Core Switches. Convergence based on the up/down state of a point-to-point physical link is faster than timer-based non-deterministic convergence Build redundant triangles not squares to take advantage of equal-cost redundant paths for best deterministic convergence Establish routing protocol peer relationships only on links that you want to use as transit links Summarize routes from the Building Distribution layer into the Campus Core layer 3. Supporting VLANs that span multiple Building Access Layer Switches Use of RPVST+ version of STP

Provide a layer 2 link between 2 Building Distribution switches to avoid unexpected traffic paths & multiple convergence events HSRP & RPVST+ root on the same Building Distribution to avoid using the interdistribution switch link for transit

Campus Core Design Consideration: High-performance wire-rate multilayer switching dives the Campus Core Design Campus Core switches are primarily focused on wire-speed forwarding on all interfaces and are differentiated by the level of performance achieved per port Recommended practice: o Deploy dedicated Campus Core layer to connect 3 or more buildings in the Enterprise Campus Not all campus implementations need a Campus Core Issues to consider in a Campus Core design: i. Performance needed in the Campus Core n/w ii. No. of high-capacity ports for Building Distribution layer aggregation & connection to the Server Farm Module/Enterprise Edge module iii. High availability & redundancy requirements (use of 2 Switches)

Large Campus Design: Consists of dual multilayer switches Some of their best practice features include: i. Reduced multilayer switch peering ii. Topology with no spanning-tree loops iii. Improved n/w infrastructure service support Small & Medium Campus Design Options: Small may have fewer than 200 end devices Building Distribution & Campus Core layers can be combined into a single layer Medium-size have 200 to 1000 end devices If redundancy is reqd, redundant multilayer switches connect to the Building Access switches Edge Distribution at the Campus Core Edge Distribution multilayer switches filter & route traffic into the Campus Core, aggregate Enterprise Edge connectivity & provide advanced services Security is of more importance, hence the following considerations: o Unauthorized Access o IP Spoofing o Network reconnaissance Server Placement

Centralized servers are typically grouped into a Server Farm located in the Enterprise Campus Servers can be directly attached to Building Access or Building Layer switches Servers can be directly connected to the Campus Core Servers in a Server Farm Module: o Connected to the Campus Core using multi-Layer switches o These switched keep all the server-to-server traffic off the Campus Core Server Farm Design Guidelines: o Prevention of Switch Oversubscription must be avoided o Switch Oversubscription occurs when a switch allows more ports in the chassis than the switchs h/w can transfer o Servers capabilities must also be evaluated

Server Connectivity Options i. Dual-NIC redundancy ii. Unique VLANs can be created for multiple policy domains iii. ACLs can be applied on the interfaces of multilayered switches

Enterprise Data Center Design Considerations

o Deployment of Virtual Machine Software which allows multiple applications to run on a single server, independent of each other & OS o Removal of storage from the server consolidating it in storage pools o Creation of pools that can be pooled & provisioned on demand o Consolidation of I/O resources Cisco Enterprise Data Center Architecture Framework Has the following layers o Networked Infrastructure Layer: Meets the b/w, latency, & protocol requirements for usertoserver, server-toserver & server-to-storage connectivity & communications in a modular n/w o Interactive Services Layer: Provides the infrastructure services that ensure that fast & the secure alignment of resources with application requirements A variety of legacy & emerging systems & technologies are provided for: i. N-Tier Applications ii. Web Applications iii. Blade Servers iv. Clustering High Performance computing grid v. SOA & web service vi. Mainframe Computing

Following phases are used by organizations to evolve their data center infrastructure: i. Consolidation ii. Virtualization iii. Automation Enterprise Data Infrastructure o Distribution Layer in the Data Center is known as the Aggregation Layer o N/w devices are often deployed in redundant pairs to avoid single point of failure o Data Center Access Layer: o Provides layer2, layer3 & mainframe connectivity o Layer 2 provides low latency, better sharing of resources o A mixture of both layer2 & 3 switches using one rack unit & modular platforms results in a flexible solution o Data Center Aggregation Layer: o Uplinks from Access Layer to the Data Center Core Layer o Security & Application service devices provide layer4 through Layer7 services o Deployed as a module in the aggregation layer o Typically provides layer 3 connectivity from the data center to the core maintains redundancy o Data Center Core Layer: o Following should be considered while implementing: 1. 10 Gigabit Ethernet Density 2. Administrative Domains & Policies 3. Anticipation of future development o Data Center connects to the Campus Core using Layer 3 links. o Data Center n/w addresses are summarized into the Campus Core & the Campus Core injects a default route into the data center n/w o Key Data Center Core layer characteristics include the following: 1. A distributed forwarding architecture 2. Low Latency switching 3. 10 Gigabit Ethernet scalability 4. Scalable IP multicast support Density & Scalability of Servers Challenges faced while using Rack Units with High Speed switches: 1. Cable Bulk 2. Power 3. Cooling

DESIGNING REMOTE CONNECTIVITY

Enterprise Edge WAN Technologies o WAN is a data communications n/w that covers a relatively broad geographic area o Typically uses transmission facilities provided by service providers o All WAN connections are concentrated in a single functional area: the Enterprise Edge o Primary goals of a WAN: 1. Service Level Agreement (SLA) 2. Cost of Investment & usage o Following are the objectives of an effective WAN design: o Reflect good goals, characteristics & policies of an organization o Selected WAN technology should be sufficient for current & future application requirements o Associated costs of investment & usage should stay within the budget limit WAN Interconnections: The intent is to provide the following connections: 1. Connectivity between the Enterprise Edge Module & Internet Service Provider 2. Connectivity between Enterprise sites across the ISP network 3. Connectivity between Enterprise sites across the SP or PSTN carrier n/w Packet-Switched Network Topologies: STAR TOPOLOGY o Features a single internetworking hub that provides access from remote networks into the core router o Simplifies management & minimized tariff costs

o Has the following disadvantages: o Central router(hub) is the single point of failure o Limits overall performance for access to centralized resources o Topology is not scalable FULLY MESHED TOPOLOGY o Each node is directly connected to every other node o Has some of the following issues: o Large no. of virtual circuits required o Problems associated with the requirement for large no. of packets o Config complexity of routers that must handle the absence of multicast support in non broadcast environments PARTIALLY MESHED TOPOLOGY o Reduces the no. of routers that have direct connections to all other nodes within that region o Provides the best approach for regional topologies in terms of no. of virtual circuits, redundancy & performance. WAN Transport Technologies 1. Time Division Multiplexing (TDM): o Digital multiplexing in which pulses representing bits from 2 or more channels are interleaved, on a time basis. o Base channel b/w is 64kbps, also known as digital signal level 0 (DSO) o DSO is also the b/w reqd for uncompressed digitized phone conversation. o T1 circuit has 24 channels each @ 64 kbps = 1.544 Mbps. o T3 circuit has 672 channels each @ 64kbps = 44.736 Mbps. o E1 has 30 channels = 2.048 Mbps o E3 has 480 channels = 34.368 Mbps. 2. ISDN o Offers increased b/w, reduced call setup time, reduced latency, & lower signal to noise ratios, compared to analog dialup. 3. Frame Relay o Uses multiple virtual circuits (VCs) using a derivative of HDLC encapsulation between connected devices o PVCs (Permanent) or SVCs (Switched) 4. Asynchronous Transfer Mode(ATM) o Uses cell-switching technology to transmit fixed-sized (53-byte) cells.

o Can be processed asynchronously, queued, and multiplexed over the transmission path o Provides support for QoS classes to meet delay & loss requirements. 5. MPLS o Is an IETF standard architecture that combines the advantages of Layer 3 routing with the benefits of Layer 2 switching o Nodes are attached to each packet which is used to determine how to process the data o A label identifies a flow of packets also called a Forwarding Equivalence Class (FEC). o FECs are determined by the source or destination IP add or port nos, IP, IP precedence, layer 2 circuit identifier o MPLS network nodes called Label Switched Routers (LSR) use the label to determine the packets next hop o A Label Switched Path (LSP) must be defined for each FEC before packets can be sent o OSPF or EIGRP is also used within the MPLS n/w to exchange routing info o The MPLS Label is a 32-bit field placed between a packets data link layer header and its IP header o Services provided by MPLS: 1. Traffic engineering 2. QoS 3. Fast ReRoute (FRR) 4. MPLS VPNs 5. Multi-Protocol Support 6. Metro Ethernet o Uses Ethernet technology to deliver cost-effective, high-speed connectivity for MAN & WAN applications o Deliver voice, video & data networking o Supports high-performance networks in the metropolitan area, meeting the increasing need for faster data speeds and more stringent QoS requirements 7. DSL Technologies o Delivers high-b/w over traditional copper lines o ADSL operates @ frequencies between 100KHz to 1.1MHz o SDSL traffic in either direction travels at the same speed over a single copper twisted pair o Unlike ADSL, SDSL does not allow concurrent PSTN Telephony services on the same line ADSL Architecture & Design:

o Consists of Customer Premises Equipment (CPE), Network Access Provider (NAP), Network Service Provider (NSP) o In PPPoA architecture, CPE acts as an Ethernet to WAN router, & the PPP session is established between the CPE & the Layer 3 Access Concentrator o In PPPoE architecture, CPE acts as an Ethernet to WAN bridge, & the PPP session is established between the end users PC or PPPoE router & the layer 3 access concentrator 8. Long Reach Ethernet Technology (LRE) o Cisco-Proprietary o Allows greater distances than traditional Ethernet and is a WAN access technology o Uses coding & digital modulation techniques from the DSL world in conjunction with Ethernet, the most popular LAN protocol. o Provides p2p transmission over a twisted pair of copper lines, can deliver a symmetrical, full-duplex raw data rate of upto 15 Mbps for a distance of 1 mile. 9. Cable Technology o Uses co-axial media over cable distribution systems o The components involved are the Universal Broadband Router (uBR), Cable Access Router (Cable Modem) o Cable modems can communicate with the CMTS but not with the other cable modems 10. Wireless Technologies o Bridged Wireless: o Designed to connect 2 or more networks o A series of wireless bridges or routers connect discrete, distant sites into a single LAN o Mobile Wireless: o Includes cellular voice & data applications o Global System for Mobile (GSM): Digital mobile radio standard that uses TDMA Allows 8 simultaneous calls on the same frequency in 3 different b/ws: 900, 1800, 1900 MHz. Transfer rate is 9.6 Kbps Has international roaming capability. o General Packet Radio Service (GPRS): Extends capability of GSM and supports intermittent & bursty data transfer Speeds offered are in the range of 64 128 Kbps o Universal Mobile Telephone Service (UMTS): Called the 3rd Generation broadband (3G).

Packet-based transmission of text, digitized voice, video & multimedia @ rates of upto 2 Mbps. o Code Division Multiple Access: Spread-spectrum technology that assigns a code to each conversation o WLAN o IEEE 802.11g 54Mbps in the 2.4Ghz band o IEEE 802.11b 11Mbps in the 2.4Ghz band o IEEE 802.11a 54Mbps in the 5GHz band 11. Synchronous Optical Network & Synchronous Digital Hierarchy (SONET/SDH) o Circuit-based b/w-efficient technology o Establishes high-speed circuits using TDM frames in ring topologies over an optical infrastructure. o Bitrates soar from 155 to 622 Mbps to a max of 10 Gbps. o Support 2 IP encapsulations for user interfaces: ATM & Packet over SONET/SDH (POS) o Failure of a single link or n/w element does not lead to failure of the entire n/w o Optical Carrier rates (OC): o OC-1 = 51.85 Mbps o OC 3 = 155.52 Mbps o OC 12 = 622.08 Mbps o OC 24 = 1.244 Gbps o OC 48 = 2.488 Gbps o OC 192 = 9.952 Gbps o OC 255 = 13.21 Gbps 12. Dense Wavelength Division Multiplexing (DWDM) o Increases b/w on an optical medium o Increases b/w on a single strand of fiber by using multi-channel signaling o Maximizes the use of installed fiber cable and allows new services to be provisioned efficiently over existing infrastructure 13. Dark Fiber o Refers to fiber-optic cables leased from a Service provider & connected to a companys own infrastructure o Edge devices connect directly over the site to site dark fiber using a Layer 2 encapsulation WAN Transport Technology Pricing & Contract Considerations o Higher the b/w, more time it may take to install o Metro Ethernet: costs when provisioning for fiber access

o Frame Relay & ATM: combination of an Access Circuit charge & per b/w o MPLS VPNs competes with Frame Relay & ATM o Time needed to contract a WAN service is a month WAN DESIGN 1. Analyzing Customer Requirements: o Type of applications, traffic volume, traffic patterns 2. Characterizing the existing network & sites o Technology used, location of hosts, servers, terminals and other end nodes o Due to further expansions, detailed evaluation of current options is important 3. Designing the network topology & solutions o Develop the overall network topology & its appropriate services Planning & Designing WAN networks involves a no. of trade-offs: 1. Application aspects of the requirements driven by the performance analysis 2. Technical aspects of the requirements dealing with the geographic regulations & the effectiveness of the selected technology 3. Cost aspects of the requirements: equipments & media o WAN connections are typically characterized by the cost of leasing WAN infrastructure & transmission media from an SP. Application requirements of a WAN design 1. RESPONSE TIME: o Time between user request and host systems command execution or delivery o Delay & jitter are used for multimedia applications 2. THROUGHPUT o Amt of data moved from one place to another in a given time period successfully o Time based ACLs can be used for such applicatons 3. PACKET LOSS o Packet-loss is expressed as a Bit Error Rate (BER), which is a percentage of bits that have errors, relative to the total no. of bits rcd in a transmission 4. RELIABILITY o Imply that some services require high level of h/w & topological redundancy Technical Requirements:

Maximum Offered Traffic o WAN resources have finite capacity o End-users require minimum application response times over a WAN link, whereas the n/w managers maximize the link utilization. Bandwidth o Reqd b/w is proportional to the datas complexity for a given level of system performance o b/w is inexpensive in the LAN where connectivity is typically limited only by hardware, implementation, & ongoing maintenance costs Evaluating the Cost-Effectiveness of WAN Ownership WAN environment, the following usually represents fixed costs: o Equipment purchases o Circuit & service provisioning o Network Management tools & platforms From an ownership perspective: 1. Private. o Uses private transmission systems to connect to distant LANs o Higher levels of security & transmission quality 2. Leased. o Leased WAN uses dedicated b/w from a carrier company o Provider provisions the circuit & provides the maintenance 3. Shared. o Shares the physical resources with many users Optimizing Bandwidth in a WAN 1. Data Compression o Compression allows higher throughput because it squeezes packet size and can be sent through a transmission resource in a given time period o Compression can be of an entire packet, only payload or the header o Success of these solutions can be measured using compression ratio & platform latency o Data compression algorithms use 2 types of encoding techniques: a. Statistical Compression: fixed, non-adaptive encoding method, is best for single application where the data is consistent & predictable

b. Dictionary Compression: is the Lempl-Zev algorithm, which is based on a dynamically encoded dictionary that replaces a continuous stream of characters with codes. o Real-Time Transport Protocol & Compression (RTP): is used for carrying packetized audio & video traffic over an IP n/w. o Compression (cRTP) provides significant bandwidth savings o h/w assisted data compression accelerated compression rates by offloading the tasks from the main CPU to specialized circuits Bandwidth Combination o Multilink PPP (MLP) logically connects multiple links between two systems, to provide extra bandwidth Window Size o Max. no. frames that a sender can transmit before it must wait for an acknowledgement o Current window: no. of frames that can be sent at the current time o Less than or equal to window size o Helps achieve high throughput on a WAN link o TCP Selective Acknowledgements help overcome limitations of the TCP acknowledgements

Queuing to Improve Link Utilization o Cisco has developed QoS mechanisms to avoid temporary congestions and provide preferential treatment for critical applications o QoS does not create b/w; it optimizes the use of existing b/w o Congestion Management includes the following 2 methods: a. Queuing: separates traffic into various queues or buffers b. Scheduling: decides from which queue traffic is to be sent next o There are two types of Queues: a. Hardware Queues: Uses a FIFO strategy which is necessary for the interface drivers to transmit packets one by one. b. Software Queues: Schedules packets into the hardware queue based on the QoS requirements Weighted Fair Queuing (WFQ): o Handles problems inherent in queuing schemes on a FIFO basis o Sorts different traffic flows into separate streams o Algorithm solves the problem of round trip delay variability Priority Queuing

o Establishes four interface output queues, each serving a different level of priority o These include high, low, medium, normal o Higher priority queues are emptied faster than low priority ones Custom Queuing o o o o Handles queues in a round robin fashion Establishes 16 interface o/p queues that are configurable Specifies the transmission window size of each queue in bytes. PQ & CQ perform extra processing

Custom Based Weighted Fair Queuing o Allows one to define a traffic class and assign characters to it o Extends standard WFQ functionality to provide support for user defined traffic classes o Queue packet limit is the max no. of packets allowed to accumulate in the queue for the class Low-Latency Queuing o Combination of PQ & CBWFQ o Allows delay sensitive data such as voice to be dequeued and sent first Congestion Avoidance o Tail Drop: packets arriving at the tail of the queue are dropped due to congestion o Congestion Avoidance techniques allow packets from streams identified as being eligible for early discard to be dropped when the queue is getting full o Works well with TCP o Random Early Detection (RED) is used to drop packets when the queue is getting full and TCP then slows traffic, thus avoiding congestion o Policing drops excess traffic & Shaping delays excess traffic o Traffic shaping attempts to adjust the transmission rates of packets that match a certain criterion o It helps to reduce the bursty nature of transmitted data o Token Bucket analogy is used in policing & shaping Using WAN Technologies Remote Access Network Design

Data Link layer WAN technologies from remote sites to Enterprise Edge network Low to Medium volume data file transfer & interactive traffic Increasing need to support voice services Remote-Access technology selections include dialup, DSL, cable, hot-spot wireless service o Dial on Demand Routing is a technique whereby a router can dynamically initiate a close circuit switched session when transmitting end-station demands o It establishes a circuit on the arrival of interesting traffic o o o o VPN Design VPNs can be grouped according to their applications: 1. ACCESS VPNs: o Provide access to a corporate intranet over a shared infrastructure o The 2 architectures involved are client-initiated and Network Access Server (NAS) initiated connections 2. INTRANET VPN: o Link remote offices by extending the corporate network across a shared infrastructure o Typically based on extending the basic remote-access VPN to other corporate offices across the Internet 3. EXTRANET VPN: o Extend connectivity to business partners, suppliers, & customers across the Internet or an SPs n/w VPN Connectivity Options: 1. Overlay VPNs o Provides virtual p2p links between customer sites o Implemented with some traditional layer1 & 2 technologies o They are more difficult to operate and have higher maintenance costs o Every individual virtual circuit must be provisioned o Optimum routing between customer sites requires a full mesh of virtual circuits between sites o b/w must be provisioned on a site to site basis 2. VPDNs o Enable an enterprise to configure secure n/ws that rely on an ISP for connectivity o Customers use a providers dial in infrastructure for their private connections o Works with any technology o Following are 2 types of tunnels:

o Voluntary tunnels: client dials into SP n/w, PPP session is established, user logs on to SP n/w, then runs VPN s/w o Compulsory tunnels: doesnt give client influence over tunnel, SP establishes tunnel after PPP dial in 3. Peer to Peer VPNs 1. Provider actually participates in customer routing 2. Need to use public IP adds in the private customer n/w 3. Modern MPLS VPNs alleviate most of the p2p drawbacks Benefits of VPN 1. Flexibility 2. Scalability 3. Lower n/w communication cost WAN Backup Strategies Dial Backup Routing Switched service provides backup service for another type of circuit The backup line provides WAN connectivity until the primary circuit is restored

Permanent Secondary WAN Link Deploying another permanent WAN link provides the following: o Provides a backup link o Floating Static route is one that appears in the routing table only when the primary route goes away o Also provides increased b/w o Cost is the primary disadvantage of duplicating WAN links to each remote office o Routers use various switching modes: Process, Fast, Other Modes

Shadow PVC The SP provides a secondary PVC while the Shadow PVC doesnot exceed a certain rate while the primary PVC is available

The Internet as a WAN backup Technology IP Routing without Constraints

Company must fully co-operate with the ISP and announce its networks

Layer 3 Tunneling with GRE and IPSec GRE o Cisco developed protocol o Designed for general tunneling of protocols o Enables simple and flexible deployment of basic IP VPNs o Generally used to tunnel IP n/w with IP n/w over an IP backbone IPSec o Both a tunnel encapsulation as well as a security protocol Data confidentiality Data Integrity Data Origin Authentication Anti-Replay Easy Deployment Internet Key Exchange (IKE) Public Key Infrastructure (PKI) Routing Protocols cannot be run over IPSec tunnels as there is no standard for IPSec to encrypt broadcast or multicast packets used by IP routing protocols Digital Certificate contains information to identify a user or device; also contains a copy of the devices public key