Network Strategies

CH#8= Network Structure Models

Zabihullah Atal
MIT, MCSE Server Infrastructure, MCSE Messaging, MCSE Cloud Platform and Infrastructure.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Chapter Objectives
1. Hierarchical Network Models
2. Enterprise Architecture Model
3. High Availability Network Services

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
7.1 Hierarchical Network Models
PREPARED BY ZABIHULLAH ATAL
KARDAN UNIVERSITY
Hierarchical Network Models
• Hierarchical models use layers to simplify the tasks for internetworking.
Each layer can focus on specific functions, allowing you to choose the
right systems and features for each layer. Hierarchical models apply to
both LAN and WAN design.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Benefits of the Hierarchical Model
• The benefits of using hierarchical models for your network design include
the following:
■ Cost savings
■ Ease of understanding
■ Modular network growth
■ Improved fault isolation
■ Simplifies the Designing tasks, required to build a network that meets
current requirements and can grow to meet future requirements

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Hierarchical Network Design
A traditional hierarchical LAN design has three layers:
• The core layer provides fast transport between distribution switches
within the enterprise campus.
• The distribution layer provides policy-based connectivity.
• The access layer provides workgroup and user access to the network.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Hierarchical Network Design Has Three Layers:
1. Core
2. Distribution
3. Access

Each layer provides necessary functionality to the enterprise campus network. You do not
need to implement the layers as distinct physical entities. Smaller networks can “collapse”
multiple layers to a single device with only an implied hierarchy.
Maintaining an explicit awareness of hierarchy is useful as the network grows.
PREPARED BY ZABIHULLAH ATAL
KARDAN UNIVERSITY
Core Layer
• The core layer is the network’s high-speed switching backbone that is
crucial to corporate. Core Layer have the following characteristics:
■ Fast transport
■ High reliability
■ Redundancy
■ Fault tolerance
■ Low latency and good manageability
■ Avoidance of CPU-intensive packet manipulation caused by security,
inspection, quality of service (QoS) classification, or other processes
■ Limited and consistent diameter

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Core Layer Recommendation
• When a network uses routers, the number of router hops from edge
to edge is called the diameter. As noted, it is considered good
practice to design for a consistent diameter within a hierarchical
network. The trip from any end station to another end station across
the backbone should have the same number of hops.
• Limiting the internetwork’s diameter provides predictable
performance and ease of troubleshooting.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Distribution Layer
• The network’s distribution layer is the isolation point between the
network’s access and core layers. The distribution layer can have many
roles, including implementing the following functions:
■ Redundancy and load balancing
■ Aggregation of LAN wiring closets
■ Routing between virtual LANs (VLAN)
■ QoS

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Access Layer
• The access layer provides user access to local segments on the network.
The access layer is characterized by switched LAN segments in a campus
environment. Functions of the access layer include the following:
■ Layer 2 switching
■ High availability
■ Port security
■ Broadcast suppression
■ Rate limiting/policing
■ Address Resolution Protocol (ARP) inspection
■ Spanning tree
■ Power over Ethernet (PoE)
■ VLANs

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Virtual Switching System (VSS) for Distribution layer

• Another solution for providing redundancy between the access and

distribution switching is the Virtual Switching System (VSS). VSS solves the
STP looping problem by converting the distribution switching pair into a
logical single switch. It removes STP.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
The key benefits of VSS include:
• Layer 3 switching can be used toward the access layer, enhancing nonstop
communication.
• Scales system bandwidth up to 1.44 Tbps.
• Simplified management of a single configuration of the VSS distribution switch
• Uses existing Catalyst 6500 switches; no new chassis are needed.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Virtual Switching System (VSS) Topology
• With VSS, the physical topology changes as each access switch has a single upstream
distribution switch versus having two upstream distribution switches. VSS is
configured only on Cisco 6500 switches using the VSS Supervisor 720-10G.

As shown in Figure, the two switches are connected via a 10GE link called virtual switch link (VSL), which makes
them seem as a single switch. The key benefits of VSS include
PREPARED BY ZABIHULLAH ATAL
KARDAN UNIVERSITY
7.2 Enterprise Architecture Model
PREPARED BY ZABIHULLAH ATAL
KARDAN UNIVERSITY
Enterprise Architecture Model
• The Enterprise Architecture model facilitates the design of larger,
more scalable networks. The architecture divides the network into
functional network areas and modules. These areas and modules of
the Enterprise Architecture are:
■ Enterprise campus area
■ Enterprise data center module
■ Enterprise Edge Module
■ Enterprise branch module
■ Enterprise teleworker module

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
The following Figure shows the Enterprise Architecture model. The enterprise campus area
e-commerce, VPN, and WAN modules that connect the enterprise to the service provider’s
facilities. The SP edge area provides Internet, public switched telephone network (PSTN),
and WAN services to the enterprise.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Cisco Enterprise Architecture Model
Enterprise Campus Module
• The enterprise campus consists of the following submodules:
■ Campus core
■ Building distribution
■ Building access
■ Server farm/data center

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Cisco Enterprise Architecture Model
Enterprise Edge Area
• As shown in the following Figure the enterprise
edge consists of the following submodules:
■ E-commerce networks and servers
■ Internet connectivity and demilitarized zone
(DMZ)
■ VPN and remote access
■ Enterprise WAN

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Enterprise Edge Area
E-Commerce Module
• Devices located in the e-commerce submodule include:
■ Web and application servers: Primary user interface for e-commerce
navigation.
■ Database servers: Contain the application and transaction
information.
■ Firewall and firewall routers: Govern the communication between
users of the system.
■ Network intrusion prevention systems (IPS): Provide monitoring of
key network segments in the module to detect and respond to attacks
against the network.
■ Multilayer switch
PREPARED BY ZABIHULLAH ATAL
KARDAN UNIVERSITY
Enterprise Edge Area
Internet Connectivity Module
• The Internet submodule of the enterprise edge provides services such as public
servers, email, and DNS. Connectivity to one or several Internet service providers
(ISP) is also provided. Components of this submodule include
■ Firewall and firewall routers: Provide protection of resources, stateful filtering of traffic, and VPN
termination for remote sites and users
■ Internet edge routers: Provide basic filtering and multilayer connectivity
■ FTP and HTTP servers: Provide for web applications that interface the enterprise with the world via
the public Internet
■ SMTP relay servers: Act as relays between the Internet and the intranet mail servers.
■ DNS servers: Serve as authoritative external DNS server for the enterprise and relay internal
requests to the Internet

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Connecting the enterprise to the Internet
• Two models connect the enterprise to the Internet.
1. Single circuit between the enterprise and the SP
2. Multihoming or Multi Circuit Between the enterprise and the ISP

1. Single circuit as shown in Figure.

The drawback is that you have no redundancy
or failover if the circuit fails.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
2. Multihoming or Multi Circuit Between the enterprise and the ISP

You can use multihoming solutions to provide

redundancy or failover for Internet service.
Figure shows four Internet multihoming options:
■ Option 1: Single router, dual links to one ISP
■ Option 2: Single router, dual links to two ISPs
■ Option 3: Dual routers, dual links to one ISP
■ Option 4: Dual routers, dual links to two ISPs

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Enterprise Edge Area
VPN/Remote Access
• The VPN/remote access module of the enterprise edge provides remote-access
termination services, including authentication for remote users and sites.
Components of this submodule include:
■ Firewalls: Provide stateful filtering of traffic, authenticate trusted remote sites, and provide
connectivity using IPsec tunnels
■ Dial-in access concentrators: authenticate individual users.
■ Cisco Adaptive Security Appliances (ASA): Terminate IPsec tunnels and authenticate individual
remote users, and provide firewall and intrusion prevention services
■ Network intrusion prevention system (IPS) appliances

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
VPN/Remote Access Architecture

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Cisco Enterprise Architecture Model
Service Provider Edge Module
• The SP edge module, shown in Figure, consists of
SP edge services such as the following:
■ Internet services
■ PSTN services
■ WAN services
Enterprises use SPs to acquire network services.
ISPs offer enterprises access to the Internet.
For voice services, PSTN providers offer access to
the global public voice network. For the enterprise
network,

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Cisco Enterprise Architecture Model
Remote Modules
• The remote modules of the Cisco Enterprise Architecture model are
consist on the:
• Enterprise Branch (remote offices or sales offices)
• Enterprise Data Center (disaster recovery and business continuance services for
the enterprise.)
• Enterprise Teleworker Modules (small office or a mobile user)

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Enterprise Teleworker Solution Enterprise Teleworker Solution

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
7.3 High Availability Network Services
PREPARED BY ZABIHULLAH ATAL
KARDAN UNIVERSITY
High Availability Network Services
• When designing a network topology for a customer who has critical
systems, services, or network paths, you should determine the probability
that these components will fail and design redundancy where necessary.
Consider incorporating or including one of the following types of
redundancy into Network design:
■ Workstation-to-router redundancy in the building access layer
■ Server redundancy in the server farm module
■ Route redundancy within and between network components
■ Link media redundancy in the access layer

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
High Availability Network Services
Workstation-to-Router Redundancy and LAN
H/A Protocols
• When a workstation has traffic to send to a station that is not local, the
workstation should have many possible ways to discover the address of a
router on its network segment, including the following:
■ ARP
■ Dynamic Routing Protocols (RIPv2, OSPF, EIGRP, Etc.)
■ HSRP
■ VRRP
■ GLBP
■ VSS

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Workstation-to-Router Redundancy and LAN H/A Protocols
Hot Standby Router Protocol (HSRP),
• The Cisco HSRP provides a way for IP workstations that support
only one default router to keep communicating on the
internetwork even if their default router becomes unavailable.
HSRP works by creating a virtual router that has its own IP and
MAC addresses. The workstations use this virtual IP address as
their default router.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
HSRP Explanation
HSRP routers on a LAN communicate among themselves to designate two
routers as active and standby. The active router sends periodic hello
messages. The other HSRP routers listen for the hello messages. If the
active router fails and the other HSRP routers stop receiving hello
messages, the standby router takes over and becomes the active router.
Because the new active router assumes both the phantom’s IP and MAC
addresses,
End nodes see no change. They continue to send packets to the phantom
router’s MAC address, and the new active router delivers those packets.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Workstation-to-Router Redundancy and LAN H/A Protocols
Virtual Router Redundancy Protocol (VRRP)
• VRRP is a router redundancy protocol. VRRPv3 for both IPv4 and IPv6
networks.
• VRRP specifies an election protocol that dynamically assigns
responsibility for a virtual router to one of the VRRP routers on a LAN.
The VRRP router controlling the IP addresses associated with a virtual
router is called the master, and forwards packets sent to these IP
addresses. The election process provides dynamic fail over in the
forwarding responsibility should the master become unavailable. This
allows any of the virtual router IP addresses on the LAN to be used as
the default first hop router by end hosts.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Workstation-to-Router Redundancy and LAN H/A Protocols
Gateway Load Balancing Protocol (GLBP)
• GLBP protects data traffic from a failed router or circuit, it provides for load balancing between the
redundant routers. It load balances by using a single virtual IP address and multiple virtual MAC
addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router
group participate in forwarding packets. GLBP members communicate between each other through
hello messages sent every three seconds to the multicast address 224.0.0.102, User Datagram Protocol
(UDP) port 3222. GLBP benefits include
■ Load sharing: GLBP can be configured in a way that traffic from LAN clients can be shared by multiple
routers.
■ Multiple virtual routers: GLBP supports up to 1024 virtual routers (GLBP groups) on each physical
interface of a router.
■ Preemption: GLBP enables you to preempt an active virtual gateway with a higher priority backup.
■ Authentication: Simple text password authentication is supported.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
High Availability Network Services
Server Redundancy
• Server Redundancy mean High Availability of the organization critical
servers or resources. Some environments need fully redundant (mirrored)
file and application servers. It is recommended that we deploy redundant
or multiple servers for critical roles in Organization and connect it through
multiple path and interfaces to ensure resources or servers high availability.
• To provide high availability in the server farm module, you have the following options:
■ Single attachment: For single interface and link (HSRP, GLBP) to dynamically find
alternate router.
■ Dual attachment: This solution increases availability by using redundancy network
interface cards (NIC). Its also known as NIC Teaming
■ Fast EtherChannel (FEC) and Gigabit EtherChannel (GEC) port bundles

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
High Availability Network Services
Route Redundancy
• Designing redundant routes has two purposes:
• Balancing Loads
• Increasing Availability

A full-mesh network provides complete redundancy and also

provides good performance because every router connect with
each other through multiple paths.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
High Availability Network Services
Route Redundancy (Cont.)
• A full-mesh network can be expensive to implement in WANs because of the
required number of links. We can use a partial-mesh rather than a full-mesh
topology.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
High Availability Network Services
Link Media Redundancy
• In mission-critical applications, it is often
necessary to provide redundant media.
• In switched networks, switches can have
redundant links to each other. This
redundancy is good because it minimizes
downtime.
• WAN links are often critical pieces of the
internetwork, WAN environments often
deploy redundant media. According to figure we can install backup links so that
they become active when a primary link goes down or
becomes congested.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
Summary the four main redundancy models.

PREPARED BY ZABIHULLAH ATAL

KARDAN UNIVERSITY
PREPARED BY ZABIHULLAH ATAL
KARDAN UNIVERSITY