Network Design
– Basics –
September 17, 2006
u wx672@cs2.swfc.edu.cn
¤ 13577067397
Overview of Internetworking Devices
Hubs
Bridges
Switches
Routers
Created by Neevia Document Converter trial version http://www.neevia.com
Hubs
Physical Layer devices: essentially repeaters
operating at bit levels: repeat received bits on one
interface to all other interfaces
Hubs can be arranged in a hierarchy (or multi-tier
design), with backbone hub at its top
Shaowen Yao, School Of Software, YNU
Created by Neevia Document Converter trial version http://www.neevia.com
Hubs (more)
Each connected LAN referred to as LAN segment
Hubs do not isolate collision domains: node may collide
with any node residing at any segment in LAN
Hub Advantages:
simple, inexpensive device
Multi-tier provides graceful degradation: portions
of the LAN continue to operate if one hub
malfunctions
extends maximum distance between node pairs
(100m per Hub)
Shaowen Yao, School Of Software, YNU
Created by Neevia Document Converter trial version http://www.neevia.com
Bridges
Link Layer devices: operate on Ethernet
frames, examining frame header and
selectively forwarding frame based on its
destination
Bridge isolates collision domains since it
buffers frames
When frame is to be forwarded on
segment, bridge uses CSMA/CD to access
segment and transmit
Shaowen Yao, School Of Software, YNU
Created by Neevia Document Converter trial version http://www.neevia.com
Bridges vs. Routers
both store-and-forward devices
routers: network layer devices (examine network layer
headers)
bridges are Link Layer devices
routers maintain routing tables, implement routing
algorithms
bridges maintain filtering tables, implement
filtering, learning and spanning tree algorithms
Shaowen Yao, School Of Software, YNU
Created by Neevia Document Converter trial version http://www.neevia.com
Ethernet Switches
layer 2 (frame) forwarding,
filtering using LAN
addresses
Switching: A-to-B and A’-
to-B’ simultaneously, no
collisions
large number of interfaces
often: individual hosts,
star-connected into switch
Ethernet, but no
collisions!
Shaowen Yao, School Of Software, YNU
Created by Neevia Document Converter trial version http://www.neevia.com
Ethernet Switches (more)
Dedicated
Shared
Shaowen Yao, School Of Software, YNU
Switching Overview
All switching and routing equipment perform two basic operations:
Switching data frames: store-and-forward operation
Maintenance of switching operations: switches build and maintain
switching tables and search for loops. Routers build
and maintain routing tables.
Layer 2 and Layer 3 Switching
With Layer 2 switching, frames are switched based on MAC
address information.
With Layer 3 switching, frames are switched based on
network-layer information.
Switches vs. Routers
Switches Routers
layer 2 layer 3
simpler complex
faster slower
the central component of interconnects
a single network two or more networks
Intersubnet Communication
11
00
1
0
11
00
Primergy
00
11
1
0
11
00
Switch A Router A Switch B
Layer 2 switch Layer 3 switch Layer 2 switch
Server Y
Subnet 2
11
00
0
1
11
00
Client X
Subnet 1
Can relieve this bottleneck with layer 3 switches.
Layer 3 Switching
“inspect the first packet at layer 3 and send the rest at layer
2”
high speed router — ASIC chips make this possible
Internetworking Model
Hierarchical models
Flat (meshed) network architectures
Hierarchical Network Model
Core
High−speed switching
Distribution
Access
Policy−based connectivity
Local and remote workgroup access
The Core Layer
is a high-speed switching backbone
should be designed to switch packets as fast as possible
should not perform any packet manipulation, such as access
lists and filtering, that would slow down the switching of
packets.
The Distribution Layer
is the demarcation point between the access and core layers
is to provide boundary definition
is the place at which packet manipulation can take place
The distribution layer can be summarized as the layer that provides
policy-based connectivity.
The Distribution Layer
In the campus environment
In the campus environment, the distribution layer can include
several functions, such as the following:
Address or area aggregation
Departmental or workgroup access
Broadcast/multicast domain definition
Virtual LAN (VLAN) routing
Any media transitions that need to occur
Security
The Distribution Layer
In the non-campus environment
In the non-campus environment, the distribution layer can be
a redistribution point between routing domains
the demarcation between static and dynamic routing protocols
the point at which remote sites access the corporate network
The Access Layer
is the point at which local end users are allowed into the
network
This layer may also use access lists or filters to further
optimize the needs of a particular set of users.
In the campus environment, access-layer functions can include the
following:
Shared bandwidth
Switched bandwidth
MAC layer filtering
Microsegmentation
In the non-campus environment, the access layer can give remote
sites access to the corporate network via some wide-area
technology, such as Frame Relay, ISDN, or leased lines.
The three layers (core, distribution, and access) does NOT have to
exist in clear and distinct physical entities. The layers are defined
to aid successful network design and to represent functionality that
must exist in a network.
The instantiation of each layer
can be in distinct routers or switches
can be represented by a physical media
can be combined in a single device
can be omitted altogether
The way the layers are implemented depends on the needs of the
network being designed. Note, however, that for a network to
function optimally, hierarchy must be maintained.
Evaluating Backbone Services
Path Optimization
Traffic Prioritization
Load Balancing
Alternative Paths
Switched Access
Encapsulation (Tunneling)
Backbone Services
Path Optimization
routing protocols — RIP, OSPF, IGRP, BGP, EGP. . .
routers distribute routing update messages
routing algorithms
Backbone Services
Traffic Prioritization — Priority Queuing
Traffic can be classified according to various criteria
protocol and subprotocol type
cost-based
Backbone Services
Traffic Prioritization — Custom Queuing
Priority queuing
introduces a fairness
problem
Custom queuing is
designed to address
this problem
reserves bandwidth
for a specific protocol
to ensure a minimum
level of service for all
Backbone Services
Traffic Prioritization — Weighted Fair Queuing
sharing the bandwidth among clients in TDM fashion
(round-robin)
assign a different set of weights to clients
Backbone Services
Load balancing
The easiest way to add bandwidth in a backbone network is to
implement additional links.
Routers provide built-in load balancing for multiple links and
paths.
Within IP, routers provide load balancing on both a
per-packet and a per-destination basis.
Backbone Services
Alternative Paths
Routers must offer sufficient reliability so that they are not
the weak link in the internetwork chain.
End-to-end reliability is not ensured simply by making the
backbone fault tolerant.
What does it take to make the backbone reliable?
Routers hold the key to reliable internetworking
duplicating every major system on each router and possibly
every component?
links must be redundant. Still not enough. . .
Dual links must terminate at multiple routers unless all
backbone routers are completely fault tolerant (no single
points of failure).
A completely redundant network is expensive, so network designers
implement partially redundant internetworks.
Backbone Services
Switched access
One model for a reliable backbone consists of
dual links
dedicated links, and
one switched link for idle hot backup
Under normal operational conditions, you can load balance over
the dual links, but the switched link is not operational until one of
the dedicated links fails.
Backbone Services
Encapsulation (Tunneling)
Encapsulation takes packets or frames from one network system
and places them inside frames from another network
system.
Cisco’s Generic Routing Encapsulation (GRE)
GRE tunneling involves three types of protocols:
Passenger The protocol is encapsulated (IP, CLNP, IPX,
AppleTalk, DECnet Phase IV, XNS, VINES and
Apollo).
Carrier GRE protocol provides carrier services.
Transport IP carries the encapsulated protocol.
Figure: Using a single protocol backbone
Evaluating Distribution Services
Backbone Bandwidth Management
Area and Service Filtering
Policy-Based Distribution
Gateway Service
Interprotocol Route Redistribution
Media Translation
Distribution Services
Backbone Bandwidth Management
To optimize backbone network operations, routers offer several
performance tuning features, including
priority queuing: One can adjust the output queue length on
priority queues. If a priority queue overflows, excess
packets are discarded.
routing protocol metrics: One can adjust routing metrics to
increase control over the paths that the traffic takes
through the internetwork.
local session termination: allows routers to act as proxies for
remote systems that represent session endpoints. It
can save WAN bandwidth, solve session timeout
problems, and provides faster response to users.
Distribution Services
Area and Service Filtering
Both area and service filtering are implemented using access lists.
Access lists can be used to permit or deny messages from
particular network nodes and messages sent using particular
protocols and services.
Area or network access filters are used to enforce the selective
transmission of traffic based on network address. You can
apply these on incoming or outgoing ports.
Service filters use access lists applied to protocols (such as
IP’s UDP), applications such as the Simple Mail Transfer
Protocol (SMTP), and specific protocols.
Distribution Services
Policy-Based Distribution
policy: A policy within this internetworking context is a rule
or set of rules that governs end-to-end distribution of
traffic to (and subsequently through) a backbone
network.
The purpose is to reduce backbone traffic.
Distribution Services
Gateway Service
Inter-connect different type of networks (different routed
protocols).
Distribution Services
Interprotocol Route Redistribution
Routers can also act as gateways for routing protocols.
Information derived from one routing protocol, such as the IGRP,
can be passed to, and used by, another routing protocol, such as
RIP. This is useful when running multiple routing protocols in the
same internetwork.
Distribution Services
Media Translation
Media translation techniques translate frames from one
network system into frames of another. e.g.
Source-route translational bridging translates between Token
Ring and Ethernet frame formats.
Such translations are rarely 100 percent effective because one
system might have attributes with no corollary to the other.
Evaluating Local-Access Services
Value-Added Network Addressing
Network Segmentation
Broadcast and Multicast Capabilities
Naming, Proxy, and Local Cache Capabilities
Media Access Security
Router Discovery
Evaluating Local-Access Services
Value-Added Network Addressing
Address schemes for LAN-based networks, such as NetWare and
others, do not always adapt perfectly to use over multisegment
LANs or WANs. One tool routers implement to ensure operation
of such protocols is protocol-specific helper addressing.
Consider the use of helper addresses in Novell IPX
internetworks.
Novell clients send broadcast messages when looking for a
server.
If the server is not local, broadcast traffic must be sent
through routers.
Helper addresses and access lists can be used together to
allow broadcasts from certain nodes on one network to be
directed specifically to certain servers on another network.
Multiple helper addresses on each interface are supported, so
broadcast packets can be forwarded to multiple hosts.
Evaluating Local-Access Services
Network Segmentation
The splitting of networks into more manageable pieces is an
essential role played by local-access routers. In particular,
local-access routers implement local policies and limit unnecessary
traffic. Examples of capabilities that allow network designers to use
local-access routers to segment networks include
IP subnets,
DECnet area addressing, and
AppleTalk zones.
By distributing hosts and clients carefully, you can use this simple
method of dividing up a network to reduce overall network
congestion.
Example
you can set up a series of LAN segments with different subnet
addresses; routers would be configured with suitable interface
addresses and subnet masks. In general, traffic on a given segment
is limited to local broadcasts, traffic intended for a specific end
station on that segment, or traffic intended for another specific
router.
Evaluating Local-Access Services
Broadcast and Multicast Capabilities
Broadcast
Routers inherently reduce broadcast proliferation by default.
However, routers can be configured to relay broadcast traffic if
necessary. (e.g. value-added network addressing)
The key is controlling broadcasts and multicasts using routers.
Evaluating Local-Access Services
Broadcast and Multicast Capabilities
Multicast
IP multicast feature allows IP traffic to be propagated from
one source to any number of destinations.
a multicast group identified by a single IP destination group
address (224.x.x.x).
IP multicast provides excellent support for such applications
as video and audio conferencing, resource discovery, and stock
market traffic distribution.
IGMP Internet Group Management Protocol is used by IP
hosts to report their multicast group memberships to
an immediately neighboring multicast router. The
membership of a multicast group is dynamic.
Evaluating Local-Access Services
Naming, Proxy, and Local Cache Capabilities
Three key router capabilities help reduce network traffic and
promote efficient internetworking operation:
name service support — to resolve names to addresses (e.g.
NetBIOS, DNS, IEN-116, AppleTalk Name Binding Protocol
(NBP))
proxy services — A router can also act as a proxy for a name
server. (e.g. NetBIOS name caching to reduce broadcasts)
local caching of network information — Local caches store
previously learned information about the network so that new
information requests do not need to be issued each time the
same piece of information is desired. (e.g. ARP cache)
Evaluating Local-Access Services
Media Access Security
Keep local traffic from inappropriately reaching the backbone
Keep backbone traffic from exiting the backbone into an
inappropriate department or workgroup network
These two functions require packet filtering.
Perhaps the most powerful of these filtering mechanisms is the
access list.
Evaluating Local-Access Services
Router Discovery
Router Discovery: Hosts must be able to locate routers when they
need access to devices external to the local network.
When more than one router is attached to a host’s
local segment, the host must be able to locate the
router that represents the optimal path to the
destination. This process of finding routers is called
router discovery.
router discovery protocols:
ES-IS, IRDP, ARP, RIP-RIP
Choosing Internetworking Reliability Options
Redundant Links Versus Meshed Topologies
Redundant Power Systems
Fault-Tolerant Media Implementations
Backup Hardware
Case Study
Figure: Typical nonredundant internetwork design.
two levels of hierarchy: a corporate office and remote offices.
Redundant Links Versus Meshed Topologies
Typically,
WAN links are the least reliable components in an
internetwork
WAN links are much more slower than the LANs they connect
However, because they are capable of connecting
geographically diverse sites, WAN links often make up the
backbone network, and are therefore critical to corporate
operations.
The combination of potentially suspect reliability, lack of speed,
and high importance makes the WAN link a good candidate for
redundancy.
Figure: Internetwork with dual links to remote offices.
Advantages of adding redundant links:
it provides a backup link
load balancing
The primary disadvantage of duplicating WAN links to each
remote office is cost.
Figure: Evolution from a star to a meshed topology.
A meshed topology has three distinct advantages over a redundant
star topology:
A meshed topology is usually slightly less expensive (at least
by the cost of one WAN link).
A meshed topology provides more direct (and potentially
faster) communication between remote sites, which translates
to greater application availability. This can be useful if direct
traffic volumes between remote sites are relatively high.
A meshed topology promotes distributed operation, preventing
bottlenecks on the corporate router and further increasing
application availability.
A redundant star is a reasonable solution under the following
conditions:
Relatively little traffic must travel between remote offices.
Traffic moving between corporate and remote offices is delay
sensitive and mission critical. The delay and potential
reliability problems associated with making an extra hop when
a link between a remote office and the corporate office fails
might not be tolerable.
Redundant Power Systems
backbone-in-a-box: the connection of many networks to a router
being used as a connectivity hub.
It should be protected by dual power systems.
connect one power system to the local power grid, and
the other to an uninterruptable power supply.
Advantage of meshed network:
If the power fails in the corporate office, links between the
remote offices would still be able to communicate with each
other.
Wherever possible, redundant components should use power
supplied by different circuits. Several key servers and links to those
servers can be duplicated.
Fault-Tolerant Media Implementations
media components failures include
network interface controller failures,
lobe or attachment unit interface (AUI) cable failures,
transceiver failures,
hub failures, and
all failures associated with media components (for example,
the cable itself, terminators, and other parts).
reduces the effect of a hub failure
if you have 100 stations attached to a single switch, move some of
them to other switches.
Backup Hardware
Figure: Redundant FDDI router configuration.
Identifying and Selecting Internetworking Devices
Network designers have four basic types of internetworking devices
available to them:
Hubs (concentrators)
Bridges
Switches
Routers
Network designers are moving away from bridges and primarily
using switches and routers to build internetworks.
Benefits of Switches (Layer 2 Services)
An individual Layer 2 switch might offer some or all of the
following benefits:
Bandwidth — allocating dedicated bandwidth to each switch
port. Each switch port represents a different network
segment. This technique is known as microsegmenting.
VLANs — LAN switches can group individual ports into
switched logical workgroups called VLANs, thereby restricting
the broadcast domain to designated VLAN member ports.
Communication between VLANs requires a router.
Automated packet recognition and translation — This
capability allows the switch to translate frame formats
automatically, such as Ethernet MAC to FDDI SNAP.
Benefits of Routers (Layer 3 Services)
Broadcast and multicast control
Broadcast segmentation
Security
Quality of service (QoS)
Multimedia
Backbone Routing Options
In designing a backbone for your organization, you might consider
several options. These options are typically split into the following
two primary categories:
Multiprotocol routing backbone
Single-protocol backbone
Multiprotocol routing backbone: The environment that multiple
network layer protocols are routed throughout a
common backbone without encapsulation (a.k.a
native mode routing)
Two routing strategies adopted:
Integrated routing involves the use of a single routing protocol
(e.g. a link state protocol) that determines the least
cost path for different routed protocols.
Ships in the night approach involves the use of a different routing
protocol for each network protocol. For instance,
Novell IPX traffic is routed using a proprietary
version of RIP
IP is routed with IGRP
DECnet Phase V traffic is routed via ISO
CLNS-compliant IS-IS
Each of these network layer protocols is routed independently,
with separate routing processes handling their traffic and
separate paths calculated.
Mixing routers within an internetwork that supports different
combinations of multiple protocols can create a confusing
situation, particularly for integrated routing.
In general, integrated routing is easier to manage if all the
routers attached to the integrated routing backbone support
the same integrated routing scheme. Routes for other
protocols can be calculated separately.
As an alternative, you can use encapsulation to transmit
traffic over routers that do not support a particular protocol.
Single-Protocol Backbone all routers are assumed to support a
single routing protocol for a single network protocol.
all other routing protocols are ignored.
If multiple protocols are to be passed over the
internetwork, unsupported protocols must be
encapsulated within the supported protocol or
they will be ignored by the routing nodes.
Why implement a single-protocol backbone?
If relatively few other protocols are supported at a limited
number of isolated locations, it is reasonable to implement a
single protocol backbone. However,
encapsulation does add overhead to traffic on the network.
If multiple protocols are supported widely throughout a large
internetwork, a multiprotocol backbone approach is likely to
work better.
General Guideline
you should
support all the network layer protocols in an internetwork with
a native routing solution, and
implement as few network layer protocols as possible.
Types Of Switches
LAN Switches: The switches within this category can be further
divided into Layer 2 switches and multilayer switches.
ATM Switches: ATM switching and ATM routers offer greater
backbone bandwidth required by high-throughput
data services.
ATM Switches
perform cell relay
ATM switches can be segmented into the following four
distinct types that reflect the needs of particular applications
and markets:
Workgroup ATM switches
Campus ATM switches
Enterprise ATM switches
Multiservice access switches
Workgroup ATM switches have Ethernet switch ports and an
ATM uplink to connect to a campus ATM switch.
Campus ATM switches are generally used for small-scale ATM
backbones (for example, to link ATM routers or LAN
switches).
Enterprise ATM Switches are sophisticated multiservice devices
that are designed to form the core backbones of
large, enterprise networks.
They are used to interconnect campus ATM
switches.
ATM Switches
Multiservice Access Switches
ATM switches will be used to support multiple MAN and
WAN services (e.g. Frame Relay switching, LAN interconnect,
or public ATM services) on a common ATM infrastructure.
Enterprise ATM switches will often be used in these public
network applications because of their emphasis on high
availability and redundancy, their support of multiple
interfaces, and capability to integrate voice and data.
Switches and Routers Compared
Role of Switches and Routers in VLANs
VLANs address the following two problems:
Scalability issues of a flat network topology — A VLAN
consists of a single broadcast domain and solves the scalability
problems of large flat networks by breaking a single broadcast
domain into several smaller broadcast domains or VLANs.
Simplification of network management by facilitating network
reconfigurations (moves and changes)
Switches and routers each play an important role in VLAN design.
Switches are the core device that controls individual VLANs,
while
routers provide interVLAN communication.
Figure: Role of switches and routers in VLANs.
Switches and Routers Compared
Examples of Campus Switched Internetwork Designs
If you need advanced internetworking services,
routers are necessary.
Broadcast firewalling
Hierarchical addressing
By using switches, you will
Communication between dissimilar LANs
have
Fast convergence
High bandwidth
Policy routing
Improved
performance QoS routing
Low cost Security
Easy configuration Redundancy and load balancing
Traffic flow management
Multimedia group membership (IGMP)
Some of these router services will be offered by
switches in the future.
4 phases to evolve shared-media networks to switching
internetworks
Phase 1 is the microsegmentation phase in which network designers
retain their hubs and routers, but insert a LAN switch to
enhance performance.
Figure: Using switches for microsegmentation.
4 phases to evolve shared-media networks to switching
internetworks
Phase 2 is the addition of high-speed backbone technology and routing
between switches.
4 phases to evolve shared-media networks to switching
internetworks
Phase 3 routers are distributed between the LAN switches in the
wiring closet and the high-speed core switch.
The network backbone is now strictly a
high-speed transport mechanism with all
other devices, such as the distributed
routers, at the periphery.
4 phases to evolve shared-media networks to switching
internetworks
Phase 4 It involves end-to-end switching with integral VLANs and
multilayer switching capability.
By this point, Layer 2 and Layer 3 integrated
switching is distributed across the network and
is connected to the high-speed core.