Branch-Based Network Architecture

Transcription

1 1 Branch-Based Network Architecture Session 2 1

2 Objective Provide the key factors to design a cost-effective, branch-based network 3 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 4 2

3 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 5 Some Typical Customer Examples Retail Financial Hospital Government 6 3

4 Banking Example Automatic teller machines Transactions PBX Branch alarm systems Main branch call centers ATM (SDLC) or ATM (SDLC) Alarm 7 Application Examples Terminal emulation Enterprise Resource Planning (ERP) Transaction and DB (checking, transfers, ATM, and queries) Mail and file transfer Web integration Patient care 8 4

5 Technology Evolution Mainframe Mainframe 37X5 Mainframe CIP Server Terminal Controller Modems Cluster Control SDLC Front End Processor X.25 Gateway PAD 3745 NPSI Local Access X.25 PAD PAD Frame Relay SMDS ATM Cluster Control Cluster Control 3174 Token Ring Async Terms Client Async 12/2400 Leased Bisync Leased SDLC Multidrop X.25 Usage Based Local Dial-Up Frame Relay, ISDN ATM, SMDS, XDSL 9 Today s Multiservice Networks Partner1 Order Language Config Language SDH/ATM/FR Backbone Internet Multiple Access Technologies Cable ADSL D/C D/C Frame ATM FUNI ISDN POTS ATM, Frame Relay, IP, Voice Services Mobile Wireless ATM 10 5

6 Network Evolution Applications Applications Transport Services Application Security Resource Controls Controls Transport Services Manageability Controls 11 Component Class Network Application Services Transport Network Firewalls Router Policy Servers LAN Switch DNS/DHCP FR/ATM Switch 2 Data Link Bridge 1 Physical Hub Stat Mux Multiplexer 12 6

7 Routers Multiple Protocols Multiple Media IP Novell AppleTalk NetBIOS SRB SDLC ISDN X.25 OSI Banyan XNS DECnet SMDS Frame Relay Token Ring FDDI Ethernet Private 19.2, 56, 64 kbps T1, E1, T3, E3 Circuit POTS, BRI, PRI Sw 56, H0, T1, T3 Packet X.25, Frame Relay SMDS, ATM 13 Definition of a Flow Traffic generated from a source to a destination Depending on the protocol, traffic from sourcedestinationsource may be asymmetric or symmetric 14 7

8 Know Your Flows Application and network bandwidth Batch and burst requirement Application packet size Application priority Latency Transactions/packets per second Packet destination type: unicast, multicast or broadcast Congestion behavior Data size and overhead New York 512 Kbps Port Boston 256 Kbps Port Dallas 128 Kbps Port Atlanta 128 Kbps Port 15 Traffic Definition Types Unicast (one to one only) Multicast (one to many) Broadcast (one to all) 16 8

9 Multicasting Data Is Replicated at the Last Possible Point by the Network Saves bandwidth Permits simultaneous replication Offloads sending host Creates trees and branches Requires address management 17 Application Example: Voice Compression 64 Bandwidth (Kbps) Unacceptable Business Quality (Cellular) Toll Quality * PCM * ADPCM 32 (G.723) * ADPCM 24 (G.725) * * ADPCM 16 (G.726) LDCELP 16 (G.728) * * LPC 4.8 CS-ACELP 8 (G.729) Quality 18 9

10 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 19 Network Design Criteria Bandwidth management QoS, compression, bandwidth on demand, tariff management, capacity planning Security Authentication, encryption, firewall High availability Redundancy, backup Scalability Hierarchical design Manageability Qos Compression Bandwidth on Demand Tariff Management Authentication Encryption Firewall Redundancy Backup Hierarchical Design Network Management 20 10

11 Hierarchical Network Design Core Distribution Access Best Way to Design for Scalability and Manageability 21 WAN Hierarchical Logical Design Fully Redundant Efficient Traffic Forwarding Central WAN Core FR,ATM, T3/E3,T1/E1 Core Regional Regional Regional Route Summarization Use Separate Areas/ A.S. SAP Filtering Enable BW Features Branch Branch Branch Branch Branch Branch Branch Branch Branch Branch Branch Distribution Static or Default Routes Compression SOHO SOHO SOHO SOHO SOHO Mobile Mobile Mobile Mobile Mobile Access 22 11

12 Core High speed for traffic forwarding Keep it simple, but redundant Not oversubscribed Don t fully mesh more complex and inefficient 23 Distribution Access aggregation and oversubscription Address summarization for dedicated and backup lines (ISDN, dial, etc.) Limit number of access lines/pvcs per router Know your flows in order to provision backbone uplinks and access links Bandwidth management Core Distribution 24 12

13 Access Core Bandwidth management (QoS, compression Services Media encapsulation and conversion (X.25, STUN, SNA, Access ATM 25 Topology Design Star topologies Fully-meshed topologies Partially-meshed topologies 26 13

14 Start Topologies Advantages: Simple management and tariff costs Disadvantages: Core router limits performance, single point of failure and not scalable 27 Fully-Meshed Topologies Advantages: High redundancy and supports all net protocols Disadvantages: Large number of VCs, large number of packet/broadcast replication 28 14

15 Partially-Meshed Topologies Combination of full and star topology Best mix to provide scalability, limited number of VCs, redundancy and performance 29 Broadcast/Multicast Issues Multicast is treated as broadcast in packet based nets Broadcast/multicast need to replicate over every VC on a physical line Different levels of broadcast with different protocols Broadcast/Multicast Scalability and Performance Will Vary Based on Topology and Media Selection 30 15

16 Some WAN Connectivity Options Leased Line 56kbps and Above Optimizes Speed Minimizes Variable Performance Easier Management Highest Cost Frame Relay 56kbps to T3/E3 kbps Variable Performance More Performance Management Lowest Cost ATM T1/E1 and Above Bandwidth Flexibility Cell Overhead Cloud Redundancy Highest Bandwidth/$ 31 The Internet Protocol (IP) 32 16

17 SNA, DECnet,, AppleTalk Legacy protocols Still have many applications in use today Ships in the night or encapsulated in another protocol (I.e., SNA over IP) All use bridging or proprietary routing protocols 33 Integrating Legacy into IP Permits legacy protocols only where required Any to any host communication Reduces complexity of design and operations in the core and distribution Uses efficient IP routing protocols for high availability Uses more cost-effective IP tools 34 17

18 Addressing FDDI Network Network FDDI Token Ring Network Network 5 Network 2 35 Addressing Issues Efficient use of address space Growth Ease of administration Address efficiency vs. routing efficiency (summarization) Static vs. dynamic addressing Each routing/network protocol uses its own scheme (IP, IPX, DECnet) 36 18

19 Queuing Comparison FIFO queuing Weighted-fair queuing Priority queuing Custom queuing Critical for Multiservice Traffic 37 Agenda Introduction Network Design Routing and Switching Security Scalability Management Examples Q&A 38 19

20 The Basics Routing and Switching What Is Routing? OSPF BGP What Is Switching? Packet Forwarding Layer 3 Switch 39 Router/Switch Functions Routing = building maps and giving directions Switching = moving packets between interfaces 40 20

21 Routing Protocol Goals Optimal path selection Loop-free routing Fast convergence Limited design administration Minimize update traffic Scalable support hierarchical topology Easy to configure 41 Routing Protocol Choices Static routes Dynamic Internal Gateway Protocols (EIGRP, OSPF, RIPv1, RIPv2, etc.) External Gateway Protocols (BGP4) Multicast (PIM, DVMRP, mbgp) On-Demand Routing (ODR) 42 21

22 When to Use OSPF Required dynamic routing Hierarchical networks Address aggregation Fast convergence No periodic updates efficient for low-speed WANs The Best for Designing a New Network, Requires a Hierarchical Design 43 On-Demand Routing Hub-spoke model Hub dynamically maintains routes No routing protocol required in stub Works well when only limited access or non- dedicated links Dynamic Routing Protocol PSTN ISDN ODR 44 22

23 BGP for External Connectivity A Peering AS 100 AS 101 B D E AS 102 NOT an IGP, external gateway protocol Incremental update C 45 When to Use BGP Connecting to external entities owned or operated by you (other AS) Only require connectivity information for best optimal path decision Keeps internal routing information separate from external routing information Use It when You Have Multihomed Internet or Partner Connections 46 23

24 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 47 Scalability Performance Growth and new applications Media costs Traffic flows and geographic concentration Bandwidth efficiency Load distribution and balancing 48 24

25 Understanding Vendor Thresholds Hardware and/or software architectures and configurations vary Often less than media speed for one or more interfaces in network device Work with vendor to understand limitations, threshold behavior, and tuning capabilities 49 High Availability Understand application performance and timeouts Queuing and flow control mechanisms (transport and application-based) Redundancy and load balancing issues (if possible to implement and how) Fast network convergence (level 2 or 3) 50 25

26 Scalability and Redundancy for Servers Redundant servers (clusters) Traffic director (centralized) Distributed director (distributed) Content caching Replication and multicasting of contents 51 Application Scalability Know the applications and flows Test with developers for LAN and WAN testing (Ethernet, Frame Relay and Dial) Test redundancy and high availability Understand chatter 52 26

27 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 53 Security Issues What is my corporate security policy? Traffic issues Operational issues (network equipment configuration and service denial) What is your sensitive data? What is your cost of loss of data or service? How do I verify my security policy? 54 27

28 Security AAA Server Customer Network ACL ACL HQ Network NMS Authenticated/Encrypted Connection Authenticated/ Encrypted Tunnel Firewall Internet NAS ACL AAA Server NetFlow Collector 55 Network Configuration Password enabled or AAA for remote access and 16 levels of administrators Directory services Authentication for routing exchange Filtering authorized NOC stations Firewalling services and NOC Logging and reporting Active audits 56 28

29 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 57 Administration Configuration management Change management Inventory management Provisioning Policy management Capacity planning 58 29

30 Operation Directory services Logging and data collection Availability management SLA monitoring and reporting Fault management 59 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 60 30

31 Examples Banking Financial Retail 61 Banking Applications Automatic teller machines SDLC, bisync, security video Transactions Deposits, wire, foreign exchange Branch alarm systems Main branch call centers 62 31

32 Banking Requirements Availability Security Multiprotocol QoS 63 Banking IP Transport PBX /7500 At Central Site Redundant Routers (HSRP) VoIP Termination Router ISDN/Dial Backup IP ISDN/Dial WAN Connect Options Frame Relay: Multi VCs Leased Line ISDN (Backup) CRTP ATM (SDLC) or ATM (BSC) Alarm WFQ CQ WRED IP Precedence CAR 3600 Voice/PBX Video SDLC or BSC LAN 64 32

33 Banking WAN Switched PBX ATM/FR ATM, FR, Leased AutoRoute OptiClass ForeSight IGX 8400 ATM/FR/ Leased Use ATM or Leased to Interconnect Multiple IGX Concentrators, Using Public FR Will Mean No AutoRoute; up to 255 Remote Connections per IGX 8400 WAN Connect Options MultiFlex Trunk: ATM Mode MultiFlex Trunk: Channelized Serial Port: Public FR Serial Port: Leased Serial Port: PPP (No Voice) ATM (SDLC) or ATM (SDLC) Alarm MC3810 Voice/PBX Video SDLC LAN 65 Financial: Applications Stock trading traditional Stock trading Internet Stock ticker services (RT) Securities exchange Confirmations desk 66 33

34 Financial: Requirements Security Redundancy (high availability) Predictable and low delay Multicast High BW QoS to offer different service levels 67 Financial: Designs Multicast Confirmations Desk Firewall A HSRP B PBX Internet Redundant Connections HSRP Web Servers Home/Remote Trading Branch NASDAQ CSCO NASDAQ CSCO Ticker Services Foreign Offices Trading Floor 68 34

35 Health Care: Applications Electronic medical records Textual/multimedia; capture, track, archive, retrieve Teleradiology Filmless imaging system; capture, track, archive, retrieve Telemedicine (distant patient care) Remote diagnosis/surgery Specialist to specialist consultation Continuing education 69 Health Care: Requirements Security Bandwidth Redundancy QoS RSVP, WFQ, IP precedence 70 35

36 Health Care: Designs EMR Server MA GN MRI Center Admin/ Finance Nurse Call Center CRTP PBX Storage Array Archive Station Dry Process Print PSTN ISDN Partner Facility RSVP IP Precedence Clinic Physician Office Remote Clinic WFQ Radiologist Office Home Health Kidney Dialysis Center 71 Retail PBX Central Site or Corp HQ Redundant Routers (HSRP) Voice Termination Router High Speed Backup Backup Site Redundant Routers (HSRP) Voice Termination Router High Speed Backup Local Database Server Alarm ISDN/Dial Point of Sale Store or Outlet Voice/PBX Video LAN Regional Site or Store Redundant Routers Voice Termination Router Multiple Computer Site Connectivity WAN Connect Options Frame Relay, ATM, VPN Leased Line POTS or ISDN (Backup) 72 36

37 Agenda Introduction Network Design Routing and Switching Scalability Security Management Examples Q&A 73 References Internetworking Design Basics and Designing Packet Services on CCO Technology and products sessions for : WAN, Access, Cisco IOS, Security, Voice, Network Management and General 74 37

38 Objective Provide the key factors to design a cost-effective, Branch-based network 75 Please Complete Your Evaluation Form Session 76 38

39 77 39