Top-down network design

Top-Down Network Design

Third Edition

Priscilla Oppenheimer

Priscilla Oppenheimer

Cisco Press

800 East 96th Street

Indianapolis, IN 46240

Top-Down Network Design, Third Edition

Priscilla Oppenheimer

Copyright© 2011 Cisco Systems, Inc.

Published by:

Cisco Press

800 East 96th Street

Indianapolis, IN 46240 USA

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,

electronic or mechanical, including photocopying, recording, or by any information storage and retrieval

system, without written permission from the publisher, except for the inclusion of brief quotations in a

review.

Printed in the United States of America

First Printing August 2010

Library of Congress Cataloging-in-Publication data is on file.

ISBN-13: 978-1-58720-283-4

ISBN-10: 1-58720-283-2

Warning and Disclaimer

This book is designed to provide information about top-down network design. Every effort has been

made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.

The information is provided on an “as is” basis. The author, Cisco Press, and Cisco Systems, Inc. shall have

neither liability nor responsibility to any person or entity with respect to any loss or damages arising from

the information contained in this book or from the use of the discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately

capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a

term in this book should not be regarded as affecting the validity of any trademark or service mark.

ii Top-Down Network Design

Corporate and Government Sales

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or spe￾cial sales, which may include electronic versions and/or custom covers and content particular to your busi￾ness, training goals, marketing focus, and branding interests. For more information, please contact:

U.S. Corporate and Government Sales 1-800-382-3419 [email protected]

For sales outside the United States please contact: International Sales [email protected]

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book

is crafted with care and precision, undergoing rigorous development that involves the unique expertise of

members from the professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we

could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us

through email at [email protected]. Please make sure to include the book title and ISBN in your

message.

We greatly appreciate your assistance.

iii

Publisher: Paul Boger Manager, Global Certification: Erik Ullanderson

Associate Publisher: Dave Dusthimer Business Operation Manager, Cisco Press: Anand Sundaram

Executive Editor: Mary Beth Ray Technical Editors: Keith Nabozny, Joe Wilson

Managing Editor: Sandra Schroeder Copy Editor: Bill McManus

Senior Development Editor: Christopher Cleveland Book Designer: Louisa Adair

Senior Project Editor: Tonya Simpson Proofreader: Apostrophe Editing Services

Editorial Assistant: Vanessa Evans

Composition: Mark Shirar

Indexer: Tim Wright

About the Author

Priscilla Oppenheimer has been developing data communications and networking sys￾tems since 1980 when she earned her master’s degree in information science from the

University of Michigan. After many years as a software developer, she became a technical

instructor and training developer and has taught more than 3000 network engineers from

most of the Fortune 500 companies. Her employment at such companies as Apple

Computer, Network General, and Cisco gave her a chance to troubleshoot real-world net￾work design problems and the opportunity to develop a practical methodology for enter￾prise network design. Priscilla was one of the developers of the Cisco Internetwork

Design course and the creator of the Designing Cisco Networks course. Priscilla teaches

network design, configuration, and troubleshooting around the world and practices what

she preaches in her network consulting business.

About the Technical Reviewers

Keith Nabozny is a technology consultant with HP, an adjunct professor at Macomb

Community College, and a graduate of Oakland University in Rochester, Michigan. He

has three Cisco professional certifications and is a Certified Information Systems

Security Professional (CISSP). Keith has supported large corporate clients for the past

14 years in operations, implementation, and engineering roles. He is currently supporting

the firewalls of a major manufacturer with locations around the world. Most recently he

taught network design and troubleshooting classes at Macomb Community College.

Keith and his family live in Southeast Michigan.

Joe Wilson, MSCS, PMC, CISSP No. 100304, is a senior network design engineer for

TelcoCapital Systems, LLC. TelcoCapital is a leading provider of Cisco Unified

Communications solutions for small and medium-sized enterprises. Joe is completing his

dissertation toward a PhD in information technology at Capella University (Minneapolis,

MN), with specializations in college teaching and IT security and assurance. Joe has

worked in information technology for the past 20 years and is a retired systems engineer

from The Boeing Company in Seattle, Washington, where he designed airborne NMS

solutions for commercial aircraft. While working for AT&T Broadband Network

Solutions as a broadband systems engineer, Joe designed commercial broadband net￾works using advanced communications technologies such as ATM, SONET, DWDM, and

Gigabit Ethernet. Joe has been a CISSP since 2006 and has distinguished himself as a

trusted partner in providing secure communications solutions and services to public and

private organizations. Joe teaches courses in the Cisco Networking Academy program at

DeVry University in Federal Way, Washington.

iv Top-Down Network Design

Dedication

To my parents, Dr. Stephen T. Worland, PhD, and Mrs. Roberta Worland, MS. They gave

me an appreciation for knowledge, logic, and analysis, and taught me that “where there’s a

will, there’s a way.”

Acknowledgments

I would like to thank Mary Beth Ray, executive editor at Cisco Press, for giving me the

opportunity to update this book and for marshaling the people and resources needed to

complete the project. I would especially like to thank Christopher Cleveland, Tonya

Simpson, and Bill McManus for their hard work on the book. I am also grateful for the

work of the technical editors, Keith Nabozny and Joe Wilson. In many ways, updating a

book is even harder than writing it in the first place, and I couldn’t have done it without

the help of Chris, Tonya, Bill, Keith, and Joe.

I also wish to thank the technical editors for the first two editions, Matthew Birkner,

Blair Buchanan, Dr. Peter Welcher, Dr. Alex Cannara, David Jansson, and Hank Mauldin.

Their terrific contributions are still evident in the third edition.

I would like to thank other networking professionals who have inspired me over the

years, including Joseph Bardwell and Anita Lenk from Connect802, Laura Chappell and

her terrific Wireshark University, Howard Berkowitz, Paul Borghese, John Neiberger,

Leigh Anne Chisholm, Marty Adkins, Matthias David Moore, Tom Lisa, Scott Vermillion,

and many more.

I am grateful for my colleagues and students in Ashland, Oregon, who have inspired and

entertained me, including Dr. Lynn Ackler, Jeff McJunkin, Andrew Krug, Brandon Kester,

Stephen Perkins, Daniel DeFreeze, Christina Kaiserman, Nicole Colbert, Corey Smith,

Stefan Hutchison, Jesse Williamson, Jonathan McCoy, Jennifer Comstock, Linda

Sturgeon, Kathleen Marrs, Vinnie Moscaritolo, Louis Kowolowski, and Robert Luaders

for his ideas regarding the design scenarios.

I’d like to thank Gary Rubin, Rob Stump, and Kip Peterson from Advanced Network

Information for the many opportunities they’ve given me over the years, in particular the

terrific opportunity to work at Cisco. To my colleagues at Cisco, Patrick Stark, our man￾ager, Lisa Bacani, Walt Sacharok, Dax Mickelson, David Daverso, and Paul Azzi; you are

terrific!

Finally, I would like to thank Alan Oppenheimer, who throughout this project acted as my

technical advisor, therapist, chef, and best friend. I’m glad he doesn’t mind that it was

finally time to remove AppleTalk.

v

Contents at a Glance

Introduction xxii

Part I Identifying Your Customer’s Needs and Goals 1

Chapter 1 Analyzing Business Goals and Constraints 3

Chapter 2 Analyzing Technical Goals and Tradeoffs 25

Chapter 3 Characterizing the Existing Internetwork 59

Chapter 4 Characterizing Network Traffic 87

Part II Logical Network Design 117

Chapter 5 Designing a Network Topology 119

Chapter 6 Designing Models for Addressing and Numbering 167

Chapter 7 Selecting Switching and Routing Protocols 199

Chapter 8 Developing Network Security Strategies 233

Chapter 9 Developing Network Management Strategies 263

Part III Physical Network Design 281

Chapter 10 Selecting Technologies and Devices for Campus Networks 283

Chapter 11 Selecting Technologies and Devices for Enterprise Networks 319

Part IV Testing, Optimizing, and Documenting Your Network

Design 351

Chapter 12 Testing Your Network Design 353

Chapter 13 Optimizing Your Network Design 367

Chapter 14 Documenting Your Network Design 393

Glossary 407

Index 435

vi Top-Down Network Design

Contents

Introduction xxii

Part I Identifying Your Customer’s Needs and Goals 1

Chapter 1 Analyzing Business Goals and Constraints 3

Using a Top-Down Network Design Methodology 3

Using a Structured Network Design Process 5

Systems Development Life Cycles 6

Plan Design Implement Operate Optimize (PDIOO) Network Life Cycle 7

Analyzing Business Goals 8

Working with Your Client 8

Changes in Enterprise Networks 10

Networks Must Make Business Sense 10

Networks Offer a Service 11

The Need to Support Mobile Users 12

The Importance of Network Security and Resiliency 12

Typical Network Design Business Goals 13

Identifying the Scope of a Network Design Project 14

Identifying a Customer’s Network Applications 16

Analyzing Business Constraints 19

Politics and Policies 19

Budgetary and Staffing Constraints 20

Project Scheduling 21

Business Goals Checklist 22

Summary 23

Review Questions 23

Design Scenario 24

Chapter 2 Analyzing Technical Goals and Tradeoffs 25

Scalability 25

Planning for Expansion 26

Expanding Access to Data 26

Constraints on Scalability 27

Availability 27

Disaster Recovery 28

Specifying Availability Requirements 29

vii

Five Nines Availability 30

The Cost of Downtime 31

Mean Time Between Failure and Mean Time to Repair 31

Network Performance 32

Network Performance Definitions 33

Optimum Network Utilization 34

Throughput 35

Throughput of Internetworking Devices 36

Application Layer Throughput 37

Accuracy 38

Efficiency 39

Delay and Delay Variation 40

Causes of Delay 41

Delay Variation 43

Response Time 44

Security 44

Identifying Network Assets 45

Analyzing Security Risks 46

Reconnaissance Attacks 47

Denial-of-Service Attacks 48

Developing Security Requirements 48

Manageability 49

Usability 50

Adaptability 50

Affordability 51

Making Network Design Tradeoffs 52

Technical Goals Checklist 54

Summary 55

Review Questions 56

Design Scenario 56

Chapter 3 Characterizing the Existing Internetwork 59

Characterizing the Network Infrastructure 59

Developing a Network Map 60

Characterizing Large Internetworks 60

Characterizing the Logical Architecture 62

Developing a Modular Block Diagram 64

Characterizing Network Addressing and Naming 64

viii Top-Down Network Design

Characterizing Wiring and Media 65

Checking Architectural and Environmental Constraints 68

Checking a Site for a Wireless Installation 69

Performing a Wireless Site Survey 70

Checking the Health of the Existing Internetwork 71

Developing a Baseline of Network Performance 72

Analyzing Network Availability 73

Analyzing Network Utilization 73

Measuring Bandwidth Utilization by Protocol 75

Analyzing Network Accuracy 76

Analyzing Errors on Switched Ethernet Networks 77

Analyzing Network Efficiency 79

Analyzing Delay and Response Time 80

Checking the Status of Major Routers, Switches, and Firewalls 82

Network Health Checklist 83

Summary 84

Review Questions 84

Hands-On Project 85

Design Scenario 85

Chapter 4 Characterizing Network Traffic 87

Characterizing Traffic Flow 87

Identifying Major Traffic Sources and Stores 87

Documenting Traffic Flow on the Existing Network 89

Characterizing Types of Traffic Flow for New Network Applications 90

Terminal/Host Traffic Flow 91

Client/Server Traffic Flow 91

Peer-to-Peer Traffic Flow 93

Server/Server Traffic Flow 94

Distributed Computing Traffic Flow 94

Traffic Flow in Voice over IP Networks 94

Documenting Traffic Flow for New and Existing Network

Applications 95

Characterizing Traffic Load 96

Calculating Theoretical Traffic Load 97

Documenting Application-Usage Patterns 99

Refining Estimates of Traffic Load Caused by Applications 99

Estimating Traffic Load Caused by Routing Protocols 101

ix

Characterizing Traffic Behavior 101

Broadcast/Multicast Behavior 101

Network Efficiency 102

Frame Size 103

Windowing and Flow Control 103

Error-Recovery Mechanisms 104

Characterizing Quality of Service Requirements 105

ATM QoS Specifications 106

Constant Bit Rate Service Category 107

Real-time Variable Bit Rate Service Category 107

Non-real-time Variable Bit Rate Service Category 107

Unspecified Bit Rate Service Category 108

Available Bit Rate Service Category 108

Guaranteed Frame Rate Service Category 108

IETF Integrated Services Working Group QoS Specifications 109

Controlled-Load Service 110

Guaranteed Service 110

IETF Differentiated Services Working Group QoS Specifications 111

Grade of Service Requirements for Voice Applications 112

Documenting QoS Requirements 113

Network Traffic Checklist 114

Summary 114

Review Questions 114

Design Scenario 115

Summary for Part I 115

Part II Logical Network Design 117

Chapter 5 Designing a Network Topology 119

Hierarchical Network Design 120

Why Use a Hierarchical Network Design Model? 121

Flat Versus Hierarchical Topologies 122

Flat WAN Topologies 122

Flat LAN Topologies 123

Mesh Versus Hierarchical-Mesh Topologies 124

Classic Three-Layer Hierarchical Model 125

Core Layer 127

Distribution Layer 127

x Top-Down Network Design

Access Layer 128

Guidelines for Hierarchical Network Design 128

Redundant Network Design Topologies 130

Backup Paths 131

Load Sharing 132

Modular Network Design 133

Cisco SAFE Security Reference Architecture 133

Designing a Campus Network Design Topology 135

Spanning Tree Protocol 135

Spanning Tree Cost Values 136

Rapid Spanning Tree Protocol 137

RSTP Convergence and Reconvergence 138

Selecting the Root Bridge 139

Scaling the Spanning Tree Protocol 140

Virtual LANs 141

Fundamental VLAN Designs 142

Wireless LANs 144

Positioning an Access Point for Maximum Coverage 145

WLANs and VLANs 146

Redundant Wireless Access Points 146

Redundancy and Load Sharing in Wired LANs 147

Server Redundancy 148

Workstation-to-Router Redundancy 150

Hot Standby Router Protocol 152

Gateway Load Balancing Protocol 153

Designing the Enterprise Edge Topology 153

Redundant WAN Segments 153

Circuit Diversity 154

Multihoming the Internet Connection 154

Virtual Private Networking 157

Site-to-Site VPNs 158

Remote-Access VPNs 159

Service Provider Edge 160

Secure Network Design Topologies 162

Planning for Physical Security 162

Meeting Security Goals with Firewall Topologies 162

xi

Summary 163

Review Questions 165

Design Scenario 165

Chapter 6 Designing Models for Addressing and Numbering 167

Guidelines for Assigning Network Layer Addresses 168

Using a Structured Model for Network Layer Addressing 168

Administering Addresses by a Central Authority 169

Distributing Authority for Addressing 170

Using Dynamic Addressing for End Systems 170

IP Dynamic Addressing 171

IP Version 6 Dynamic Addressing 174

Zero Configuration Networking 175

Using Private Addresses in an IP Environment 175

Caveats with Private Addressing 177

Network Address Translation 177

Using a Hierarchical Model for Assigning Addresses 178

Why Use a Hierarchical Model for Addressing and Routing? 178

Hierarchical Routing 179

Classless Interdomain Routing 179

Classless Routing Versus Classful Routing 180

Route Summarization (Aggregation) 181

Route Summarization Example 182

Route Summarization Tips 183

Discontiguous Subnets 183

Mobile Hosts 184

Variable-Length Subnet Masking 185

Hierarchy in IP Version 6 Addresses 186

Link-Local Addresses 187

Global Unicast Addresses 188

IPv6 Addresses with Embedded IPv4 Addresses 189

Designing a Model for Naming 189

Distributing Authority for Naming 190

Guidelines for Assigning Names 191

Assigning Names in a NetBIOS Environment 192

Assigning Names in an IP Environment 193

The Domain Name System 193

xii Top-Down Network Design

Dynamic DNS Names 194

IPv6 Name Resolution 195

Summary 195

Review Questions 196

Design Scenario 197

Chapter 7 Selecting Switching and Routing Protocols 199

Making Decisions as Part of the Top-Down Network Design Process 200

Selecting Switching Protocols 201

Switching and the OSI Layers 202

Transparent Bridging 202

Selecting Spanning Tree Protocol Enhancements 203

PortFast 204

UplinkFast and BackboneFast 204

Unidirectional Link Detection 205

LoopGuard 206

Protocols for Transporting VLAN Information 207

IEEE 802.1Q 207

Dynamic Trunk Protocol 208

VLAN Trunking Protocol 208

Selecting Routing Protocols 209

Characterizing Routing Protocols 209

Distance-Vector Routing Protocols 210

Link-State Routing Protocols 212

Routing Protocol Metrics 214

Hierarchical Versus Nonhierarchical Routing Protocols 214

Interior Versus Exterior Routing Protocols 214

Classful Versus Classless Routing Protocols 214

Dynamic Versus Static and Default Routing 215

On-Demand Routing 216

Scalability Constraints for Routing Protocols 216

Routing Protocol Convergence 217

IP Routing 218

Routing Information Protocol 218

Enhanced Interior Gateway Routing Protocol 219

Open Shortest Path First 221

Intermediate System-to-Intermediate System 224

Border Gateway Protocol 225

xiii

Using Multiple Routing Protocols in an Internetwork 225

Routing Protocols and the Hierarchical Design Model 226

Redistribution Between Routing Protocols 227

Integrated Routing and Bridging 229

A Summary of Routing Protocols 230

Summary 231

Review Questions 231

Design Scenario 232

Chapter 8 Developing Network Security Strategies 233

Network Security Design 233

Identifying Network Assets 234

Analyzing Security Risks 234

Analyzing Security Requirements and Tradeoffs 235

Developing a Security Plan 235

Developing a Security Policy 236

Components of a Security Policy 237

Developing Security Procedures 237

Maintaining Security 237

Security Mechanisms 238

Physical Security 238

Authentication 239

Authorization 239

Accounting (Auditing) 240

Data Encryption 240

Public/Private Key Encryption 241

Packet Filters 243

Firewalls 244

Intrusion Detection and Prevention Systems 244

Modularizing Security Design 245

Securing Internet Connections 245

Securing Public Servers 246

Securing E-Commerce Servers 247

Securing Remote-Access and VPNs 248

Securing Remote-Access Technologies 248

Securing VPNs 249

Securing Network Services and Network Management 250

Securing Server Farms 251

xiv Top-Down Network Design