Lecture 16: Architectural Considerations

Similar documents
Architectural Considerations. Lecture 16: Prof. Shervin Shirmohammadi SITE, University of Ottawa. Prof. Shervin Shirmohammadi CEG

Lecture 8: Flow Analysis

Lecture 14: Performance Architecture

CSCD 433/533 Advanced Networks Spring Lecture 22 Quality of Service

Lecture 4: Introduction to Computer Network Design

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

Lecture 5: Foundation of Network Management

Types of Network Support for Service Quality p. 62 Capacity reservation p. 64 Differentiated treatment p. 65 Differentiation of service quality

Introduction to Computer Science (I1100) Networks. Chapter 6

CAS CS 556. What to expect? Background? Abraham Matta. Advanced Computer Networks. Increase understanding of fundamentals and design tradeoffs

ETSF10 Internet Protocols Transport Layer Protocols

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Network Analysis: Process Part 1. Lecture 6: Prof. Shervin Shirmohammadi CEG

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Design Technologies. Lecture 17: Prof. Shervin Shirmohammadi CEG

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Internet Protocol (IP) Lecture 2: Prof. Shervin Shirmohammadi CEG

SD-WAN Transform Your Agency

Cisco EXAM Designing for Cisco Internetwork Solutions. Buy Full Product.

Chapter 8. Network Troubleshooting. Part II

Data Center Interconnect Solution Overview

Hands-On Metro Ethernet Carrier Class Networks

Basics (cont.) Characteristics of data communication technologies OSI-Model

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

RSVP Scalability Enhancements

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Enterprise Network Design

S Network service provisioning

Chapter 1. Cisco SONA and the Cisco Enterprise Architecture

THE MPLS JOURNEY FROM CONNECTIVITY TO FULL SERVICE NETWORKS. Sangeeta Anand Vice President Product Management Cisco Systems.

Advanced Computer Networks

Configuration and Management of Networks

Quality of Service in the Internet

JURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN

WAN Technology & Design. Dr. Nawaporn Wisitpongphan

Principles behind data link layer services

Lecture 6: Network Analysis: Process Part 1

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

Metro Ethernet Design and Engineering for CO

Lecture 9. Quality of Service in ad hoc wireless networks

Unifying the Distributed Enterprise with MPLS Mesh

Principles behind data link layer services:

Principles behind data link layer services:

1.264 Lecture 23. Telecom Enterprise networks MANs, WANs

Enterprise Network Design

NETWORK ARCHITECTURE

ISP and IXP Design. Point of Presence Topologies. ISP Network Design. PoP Topologies. Modular PoP Design. PoP Design INET 2000 NTW

Flow-Based Routing: Towards New QoS Models Dr. Riad Hartani Caspian Networks

WAN Edge MPLSoL2 Service

TDDD82 Secure Mobile Systems Lecture 6: Quality of Service

Telecommunication Services Engineering Lab. Roch H. Glitho

Top-Down Network Design

Configuring a Zone-Based Firewall on the Cisco ISA500 Security Appliance

Traffic Management and. QoS Issues for Large High-Speed Networks

MPLS SOLUTION How to Make the Best Choice for Your Business

Networking interview questions

Quality of Service In Data Networks

Hands-On IP Multicasting for Multimedia Distribution Networks

Quality of Service in Ultrabroadband models

TOC: Switching & Forwarding

TOC: Switching & Forwarding

SERVICE DESCRIPTION SD-WAN. from NTT Communications

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

Differentiated services code point (DSCP) Source or destination address

Exam Questions

BW Protection. 2002, Cisco Systems, Inc. All rights reserved.

Quality of Service in the Internet

Lecture 4: Basic Internet Operations

COPYRIGHTED MATERIAL. Introduction. Noman Muhammad, Davide Chiavelli, David Soldani and Man Li. 1.1 QoE value chain

MPLS in the DCN. Introduction CHAPTER

Implementing Cisco Quality of Service 2.5 (QOS)

Differentiated Services

Multicast and Quality of Service. Internet Technologies and Applications

"Charting the Course... Implementing Cisco Quality of Service (QOS) Course Summary

QoS for Real Time Applications over Next Generation Data Networks

Credit-based Network Management

Virtual Communications Express VCE over LTE User Guide

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Networking Issues in LAN Telephony. Brian Yang

ITTC High-Performance Networking The University of Kansas EECS 881 Architecture and Topology

Lecture 10: Protocol Design

CSE 461 Quality of Service. David Wetherall

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Chapter 8: Subnetting IP Networks CCENT Routing and Switching Introduction to Networks v6.0

Enterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies)

Problems with IntServ. EECS 122: Introduction to Computer Networks Differentiated Services (DiffServ) DiffServ (cont d)

QUESTION: 1 You have been asked to establish a design that will allow your company to migrate from a WAN service to a Layer 3 VPN service. In your des

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

Differentiated Services

MCI April Service Requirements for Layer 3 Provider Provisioned Virtual Private Networks (PPVPNs)

Understanding VLANs. Existing Shared LAN Configurations CHAPTER

90 % of WAN decision makers cite their

Chapter 8: Subnetting IP Networks

Introducing Campus Networks

Introduction to Wireless Networking ECE 401WN Spring 2008

Chapter 5. The Network Layer. Network Layer Design Isues. Store-and-Forward Packet Switching 10/7/2010. Implementation of Connectionless Service

Chapter 5. The Network Layer

Prof. Dr. Abdulmotaleb El Saddik. site.uottawa.ca mcrlab.uottawa.ca. Quality of Media vs. Quality of Service

COURSE PROJECT SEM ATTENTION ALL ADVANCED DIPLOMA & BACHELOR STUDENTS

Quality of Service Basics

Transcription:

Lecture 16: Architectural Considerations Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 16-1 Network : high-level, end-to-end structure for the network. Relationships between major architectural components of the network. Addressing and routing Network management Performance Security It is key in integrating requirements and flows into the structure of the a network. You can think of it as the blue print that encompasses all the important components of the network, from a highlevel perspective. Prof. Shervin Shirmohammadi CEG 4185 16-1

Network vs. Design describes relationships, which are generally location independent. Design specifies technologies, protocols, and network devices. Locations play an important role in network design Even the most experienced network designer must first conceptualize a big picture of the network before developing a more detailed design of the components. Broad Generalized Relationships Independent Scope Level of Detail Description Location Design Focused In Depth Technologies Dependant Prof. Shervin Shirmohammadi CEG 4185 16-3 Component Function Addressing / Routing Network Management Performance Security Capability Provides robust and flexible connectivity between devices Provides monitoring, configuring, and troubleshooting Provides resources to support capacity, delay, and RMA Restricts unauthorized access, usage, and visibility within the network. Mechanism Addressing, Routing NMS, NM protocols QoS, SLA, Policies Firewalls, Security policies, filters, Access Control List (ACL). Prof. Shervin Shirmohammadi CEG 4185 16-4

Reference Goal Our objective is to get to a reference architecture that is influenced by our requirements, flows, and goals, as well as the component architectures. Requirements, Flows, and Goals Security Net Mgmt Performance Routing Other Reference Prof. Shervin Shirmohammadi CEG 4185 16-5 Balancing the Reference Depending on the requirements, traffic flows, and goals the reference architecture is either balanced or favored to particular functions. This is an informed decision that is important in the documented part of the network architecture. Example: Consider a network where low delay and jitter performance are a requirement. Routing, Security and N.M. affect these values, so some of them must be sacrificed to meet performance. In this approach each function is developed as its own composite architecture and delay and jitter can be optimized in the performance component architecture and can be prioritized over the other architectures. Prof. Shervin Shirmohammadi CEG 4185 16-6 3

Optimizing the Reference Numerous trade-offs occur between addressing/routing, N.M., performance, security. High security => low performance Security may have to take low profile in parts of the network. N.M. => low security When management is a high priority a separate security component architecture for N.M. may be required. High Resolution N.M. => low Performance Out-of-band N.M. a solution. What about security? Simplicity in addressing/routing => low performance Several performance protocols like DiffServ and RSVP are tightly coupled to the addressing scheme. Prof. Shervin Shirmohammadi CEG 4185 16-7 Architectural Models Three types of architectural models make a good starting point: Topological maps Concentrate mostly on geographical or topological arrangement. LAN/MAN/WAN Access/Distribution/Core Flow-based maps Take advantage of flow information Peer-to-peer Client-server Hierarchical client-server Distributed computing Functional models Focus on one or more functions or features of the network. Service-provider Intranet/extranet single-/multi-tier end-to-end Prof. Shervin Shirmohammadi CEG 4185 16-8 4

Network Regions Characterizing regions by traffic flows allows each region to be applied in a similar fashion to all functions. Common regions Access (edge) Most traffic is generated and terminated here. Access control & traffic shaping Distribution Traffic flows are aggregated and terminated for common services, applications & storage servers Core (backbone) Transits for aggregates of traffic flows Differentiated services External Interfaces, and DMZ (demilitarized zone) Aggregation points for traffic flows external to the network. Prof. Shervin Shirmohammadi CEG 4185 16-9 Topological Models There are popular topological maps LAN/MAN/WAN model Access/distribution/core model LAN / MAN / WAN Concentrates on the boundaries between the WAN / MAN / LAN Access/distribution/core focuses on function rather than location. Focuses on the behaviour of these interface points. Access is closer to the user this is where most traffic flows are sourced and/or sinked. Distribution is where flows are consolidated Core is used for bulk transport WAN Core MAN Dist. MAN Dist. Access LAN Access LAN Access LAN Access LAN Prof. Shervin Shirmohammadi CEG 4185 16-10 5

Flow-based Models These are based on the flow models that were developed during analysis. Like before there are 4 flow models Peer-to-peer No obvious location for peers closer to the core model Client-server Functions, features, and services are focused on the servers therefore architectural features are at these interfaces Hierarchical client-server Similar to client-server Distributed computing Data sources and sinks are obvious locations for architectural features. Prof. Shervin Shirmohammadi CEG 4185 16-11 Functional Models Focus on particular functions in the network. Service-provider Focuses on privacy and security, service delivery, and billing. Intranet/extranet Typical enterprise model focusing on security and privacy. Single-tier/multitier Identifies parts of the network as having single-tier or multi-tier performance End-to-end models Are the most difficult to apply because one has to understand where each function will be located. These models will generally be fairly closely related to the requirements. Prof. Shervin Shirmohammadi CEG 4185 16-1 6

Using the Architectural Models It is generally easier to start from the topological model because they can easily cover the larger scope of the network. On the other hand functional and flow-based models are better for focusing on a particular area of the network. Prof. Shervin Shirmohammadi CEG 4185 16-13 Combining Models (1/) Where client-server or hierarchical client-server models may overlap with the access/distribution/core model. Prof. Shervin Shirmohammadi CEG 4185 16-14 7

Combining Models (/) Core Distributed Computing Model Client- Server Model Hierarchical Client-Server Model Dist. Service- Provider Model Intranet/ Extranet Model End-toend Model Access Prof. Shervin Shirmohammadi CEG 4185 16-15 Recall from lecture 8 Example Central Campus LAN North Campus LAN 40 67 45 F4 Servers (4) 51 Servers () F5 F6 14 60 14 South Campus LAN Storage Servers () F7 88 74 Prof. Shervin Shirmohammadi CEG 4185 16-16 8

Access/Distribution/Code areas Topological Model Central Campus LAN Access Core North Campus LAN 45 40 Servers () 67 Access Servers (4) 51 14 60 14 South Campus LAN Storage Servers () 88 74 Prof. Shervin Shirmohammadi CEG 4185 16-17 Distributed Computing Model Flow-Based Model Central Campus LAN North Campus LAN Distributed Computing Distributed Computing 40 45 Servers () 67 F4 Servers (4) 51 F5 F6 14 60 14 Distributed Computing Storage Servers () F7 88 74 South Campus LAN Prof. Shervin Shirmohammadi CEG 4185 16-18 9

Architectural Considerations: Security Evaluate potential security mechanisms Consider where they apply within the network Determine external and internal relationships. Start simple and work toward more complex solutions: The access / distribution / core architectural model we discussed before can be used as a starting point to apply security points. Security can be added at different points in the architecture. Security is increased from access to distribution to core areas. External Relationships: Security & Addressing NAT is an addressing scheme that helps security. Dynamic addressing interferes with address specific filtering. Security & Network Management Security depends on Network Management Security & Performance These are nearly always at odds. Security zones will affect the performance of that zone Prof. Shervin Shirmohammadi CEG 4185 16-19 Access / Dist / Core & Security Level 3 Firewall Core Packet Filters Level Firewall Distribution Distribution Encryption Level 1 Firewall Access Access Access Intrusion Detection Firewalls User A User B User C Prof. Shervin Shirmohammadi CEG 4185 16-0 10

Security Zones Security Level 1: Lowest Core Security Level 3: Highest Security Level : Medium Distribution Distribution Access Access Access User Devices User Devices User Devices Prof. Shervin Shirmohammadi CEG 4185 16-1 Developing Security Zones More realistically you will need to define security level zones for user devices, services and the network. Security Level 4: Groups A and B Network A Network B Security Level 5: Servers Network E Security Level 1: General Network G Network C Network F Security Level : External Network D Security Level 3: Group D External Network / Internet Prof. Shervin Shirmohammadi CEG 4185 16-11

Architectural Considerations: Performance Start simple BestEffort -> DiffServ -> IntServ From the flow analysis maps you know where performance requirements need to be applied in the network. Recall that the access/distribution/core architectural model separates network based on function. Core -> bulk traffic -> aggregated Distribution -> flows to and from servers and aggregate traffic. Access -> most traffic is sources and sinked here. Performance mechanisms that operate on individual flows (admission control, resource allocation, IntServ, ATM QoS) should be considered for access. Performance mechanisms that operate on aggregated flows (DiffServ, WFQ RED/WRED, and MPLS all fit in here) should be considered for core and distribution. External Relationships: Performance and Addressing Performance is closely coupled with routing through mechanisms like DiffServ & IntServ, and RSVP. These are not simple protocols. Performance and NM Performance relies on NM to configure, monitor, manage, verify, and bill. Performance and Security Security mechanisms will affect negatively performance, especially those security mechanisms that are intrusive. If security mechanisms interrupt, terminate, or regenerate a traffic flow they seriously affect the ability to provide end-to-end QoS. Prof. Shervin Shirmohammadi CEG 4185 16-3 Architectural Considerations: NM Centralized/distributed monitoring Centralized: all monitoring data are sent from one monitoring node using either in-band or out-ofband-monitoring Distributed: local monitoring nodes Less NM traffic In-band/out-of band For a LAN start with one monitoring device per IP subnet. Estimate: Number of user and network devices to be polled Average number of interfaces / device, and the number of parameters to be collected Frequency of polling This combined rate should not be more than 10% of the capacity of the line. For Ethernet keep this at 5%. For a WAN start with a monitoring device per WAN/LAN interface. Local storage vs. archival Data usually kept locally, cached for easy retrieval (within hours). If not used this quickly then archive it. Selective copying of data Consider saving only every N iteration of data. N can range from 100 to 10000. Data Migration Usually occurs at night time from local to archive Metadata Additional information about the data is very useful. Data types time stamps etc. Prof. Shervin Shirmohammadi CEG 4185 16-4 1

Trade-offs Internal: In-band management cheaper than out-of-band but affects the traffic flow performance. Out-of-band is more reliable and allows access to remote devices. Out-of-band can be more secure. Centralized manager is simpler but is a single point of failure. External: Network Management and Addressing Management domain needs to be considered in the network architecture design. Network Management and Performance This is discussed before: how network data affects traffic flow and capacity. Network Management and Security Network management relies on a particular level of security to get access to the managed objects. Prof. Shervin Shirmohammadi CEG 4185 16-5 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback