ITEC 275 Computer Networks – Switching, Routing, and WANs Week 5 Robert D’Andrea Winter 2016

Agenda Learning Activities Network Design Document, logical design, and top-down network design methodology. Hierarchical Network Design, network topology consisting of many interrelated components. This task might be easier to divide and conquer the problem and develop it. Spanning Tree Protocol, fast convergence network routers. VLANs, small bandwidths to switches rather than broadcasting. Redundancy, provides availability, performance, and scalability. VPNs, use a third party communication media securing data.

Documenting Your Design If you are given a Request For Proposal (RFP), respond to the request in the exact format that the RFP specifies If no RFP, you should still write a design document Describe your customer’s requirements and how your design meets those requirements Document the budget for the project Explain plans for implementing the design

Typical RFP Response Topics A network topology for the new design Information on the protocols, technologies, and products that form the design An implementation plan A training plan Support and service information and plan Prices and payment options Qualifications of the responding vendor or supplier Recommendations from other customers Legal contractual terms and conditions

Contents of a Network Design Document Executive summary Project goal Project scope Design requirements Current state of the network New logical and physical design Results of network design testing Implementation plan Project budget

Design Requirements Business goals explain the role the network design will play in helping an organization succeed Technical goals include scalability, performance, security, manageability, usability, adaptability, and affordability

Logical and Physical Design Logical design Topology Models for addressing and naming Switching and routing protocols Security strategies Network management strategies Physical design Actual technologies and devices

Implementation Plan Recommendations for deploying the network design Project schedule which Includes dates and times for service provider installations Any plans for outsourcing (offshore or in country) Training Risks A fallback plan if the implementation should fail A plan for evolving the design as new requirements arise

Possible Appendixes Details found in appendixes Detailed topology maps Device configurations Addressing and naming details Network design testing results Contact information Pricing and payment options More information about the company that is presenting the design Annual reports, product catalogs, press releases Legal contractual terms and conditions

Topology The origin of a topology A branch of mathematics concerned with those properties of geometric configurations that are unaltered by elastic deformations such as stretching or twisting A term used in the computer networking field to describe the structure of a network Did you know that according to topologists, a coffee cup and donut are the same shape? If they were made of clay, for example, consider how easy it would be to mold the one to look like the other, while retaining the most significant characteristics (such as the roundedness and the hole). Just like with coffee and donuts made of clay, in the networking field, during the logical design phase, we are more concerned with the overall architecture, shape, size, and interconnectedness of a network, than with the physical details. For more information regarding topology, coffee, and donuts, see: http://en.wikipedia.org/wiki/Topology

What is a Topology? Definition of Topology A topology is a map of an internetwork that indicates network, segments, interconnection points, and user communities. The purpose of the map is to show the geometry of the network, not the physical geography or technical implementation.

Network Topology Design Themes Hierarchy Redundancy Modularity Well-defined entries and exits Protected perimeters

Network Topology Design Themes Why Use a Hierarchical Model? Reduces workload on network devices Avoids devices having to communicate with too many other devices (reduces “CPU adjacencies”) Constrains on broadcast domains Enhances simplicity and understanding Facilitates changes Facilitates scaling to a larger size

Network Topology Design Themes Why Use a Hierarchical Model? When a network grows without a plan or purpose, they develop into an unstructured format. According to Dr. Peter Welcher, the author of network design and technology articles for Cisco World, the unstructured design becomes a fur-ball network.

Network Topology Design Themes What are the disadvantages of fur-ball topology? Too many CPU adjacencies – the network devices communicate with too many other devices (broadcast packets). Workload required of the CPU on the device can be overloading. Affected devices are routers, workstations, and servers.

Network Topology Design Themes When trying to meet a customers business and technical goals for a corporate network design, it might be necessary to recommend a network topology of many interrelated components. The task is made easier if you can “divide and conquer” the job and develop the design in independent layers. Network design experts can develop a hierarchical network design model in layers to better understand and select the discrete layers.

Network Topology Design Themes

Network Topology Design Themes

Network Topology Design Themes Cisco’s Hierarchical Design Model A core layer of high-end routers and switches that are optimized for availability and speed. Avoid connecting packet filters or network monitors at this layer. A distribution layer of routers and switches that implement policies and segment traffic. This is a demarcation point between access and core layer of the network.

Network Topology Design Themes An access layer that connects users via hubs, switches, routers, and other devices. Switches are usually implemented at the access layer in campus networks to divide up bandwidth domains to meet the demands of applications that need a lot of bandwidth or cannot handle the delay associated with sharing a bandwidth. A network design guideline would be to design the access layer first, then the distribution, and core layer.

Network Topology Design Themes Controlling a Network Diameter Provides low and predictable latency. Predict routing paths Traffic flows Capacity requirements

Network Topology Design Themes

Network Topology Design Themes Mesh Topologies Full-mesh topology provides complete redundancy and good performance. There is only a single link delay between two sites. Costly to implement a full-mesh topology. Partial-mesh topology has fewer connections between sites. To reach another switch or router, traffic flow would experience more traversing of intermediate links.

Network Topology Design Themes Partial-Mesh Full Mesh

Network Topology Design Themes Small and Medium-Sized Companies Recommend a hierarchical model that reflects a hub-and-spoke topology. Usually, corporate headquarters or a data center form the center hub. Links extended from the hub connect to remote offices and telecommuters’ locations.

Hub-and –Spoke Network Topology Design

Hub-and –Spoke Network Topology Design

External Network Topology

Internal Network Topology

Internal Network Topology

Detail Description of External Network Topology

Network Packet How packets travel in a network? The data transmitted from the source computer to a destination computer is broken up into small pieces of data called packets. Each packet contains an IP address and a sequence number. The IP address represents the source computer address and the sequence number the destination computer address. A check sum is created at the source computer and included in the packet. The check sum value is computed from data packet to check its integrity. Through integrity, we mean a check on whether the data received is error free or not. This is because while traveling on network a data packet can become corrupt and there has to be a way at the receiving end to know that data is corrupted or not. This is the reason the checksum field is added to the header. At the source computer, the checksum is calculated and set in the header as a field. At the destination computer, the checksum is again calculated and cross checked with the existing checksum value in the header to see if the data packet is error free or not.

Network Packet

Network Packet What is a protocol? A protocol is a set of rules that governs the communications process between computers on a network. In order for two computers to talk to each other, they must be speaking the same language. When the packets arrive at the destination, they are reorganized. They are placed in the same order they were in during transmission from the source computer. The reorganization of packets is based on the number of the packet.

Network Packet

Network Packet Packet Components Header contains the source and destination IP addresses, protocol, header check sum, and length of packet. Data (payload) is information you want to send to the destination computer. Trailer (footer) contains a couple of bits that tell the destination computer that it has reached the end of the packet.

How packets travel in a network? Network Packet How packets travel in a network? The trailer may also have some type of error checking. The most common error checking used in packets is Cyclic Redundancy Check (CRC). Here is how it works in certain computer networks: It takes the sum of all the 1s in the payload and adds them together. The result is stored as a hexadecimal value in the trailer. The receiving device adds up the 1s in the payload and compares the result to the value stored in the trailer. If the values match, the packet is good. But if the values do not match, the receiving device sends a request to the originating device to resend the packet.

What is Convergence? What is network convergence? Network convergence is the efficient coexistence of telephone, video and data communication within a single network. The use of multiple communication modes in a single network offers convenience and flexibility not possible with separate infrastructures. Network convergence is also called media convergence.

Convergence is Voice, Data, and Video

Scope of Convergence

Scope of Access Control Access Layer Diameter The most likely place for network design violations to occur are at the access layer. Users and network administrators are more likely to add networks to the internetwork and connect remote networks together. This is known as adding a chain. Avoid backdoors. A backdoor connection is a connection between devices in the same layer. A hub is considered a backdoor.

Avoid Chains and Backdoors Core Layer Distribution Layer Access Layer Backdoor Chain

How Do You Know When You Have a Good Design? When you already know how to add a new building, floor, WAN link, remote site, e-commerce service, and so on When new additions cause only local change, to the directly-connected devices When your network can double or triple in size without major design changes When troubleshooting is easy because there are no complex protocol interactions to wrap your brain around Said by Dr. Peter Welcher, consultant and author of many networking articles in magazines, etc.

Flat Network Use A flat network topology is adequate for small networks. Each network device functions the same, and the network is not divided into layers or modules. A flat network is easy to design. Flat network designers are most difficult when there is network growth, and the lack of hierarchy makes trouble shooting more difficult. Said by Dr. Peter Welcher, consultant and author of many networking articles in magazines, etc.

Flat Network Use Said by Dr. Peter Welcher, consultant and author of many networking articles in magazines, etc.

Flat WAN Networks Flat WAN Topologies A WAN for a small company consists of a few sites connected in a loop. Each site has it’s own WAN router, routing protocols can converge quickly, and communication with any other site can recover when a link fails. Caveat: If only one link fails, recovery is possible. If two or more links fail, recovery is more difficult. The flat loop topology goals are low cost and reasonably good availability. Said by Dr. Peter Welcher, consultant and author of many networking articles in magazines, etc.

Flat LAN Networks Flat LAN Topologies In the 1990s, a typical LAN configuration was to connect PCs and servers to one or more hubs. The PCs and servers implemented a media-access control process like token passing or carrier sense multiple access with collision detection (CSMA/CD) to control access to a shared bandwidth. This configuration had the potential to negatively affect delay and throughput for other devices. Today, designers recommend connecting PCs and servers to the data link layer (Layer 2) switches . Said by Dr. Peter Welcher, consultant and author of many networking articles in magazines, etc.

Layer 2 Configuration Characterizing Layer 2 Network Traffic Devices connected in a switched or bridged network are all in the same broadcast domain. Switches forward broadcasting frames out from every port. Routers on the other hand, separate segments into separate broadcast domains. The recommended limit for devices connected to one single broadcast domain is a couple hundred devices. Broadcasted traffic needs to be limited and watched closely on flat loop topologies, otherwise frames can be dropped or lost. Rule of Thumb – limit broadcast traffic to 20% of the traffic on each link. Said by Dr. Peter Welcher, consultant and author of many networking articles in magazines, etc.

CISCO SAFE Security Architecture Cisco SAFE is a security reference architecture that provides prescriptive validated design guides that address how organizations can plan, design, and deploy security solutions that meet the unique requirements of different places in the network, such as campuses, the Internet edge, branches, and data centers. These defense-in-depth blueprints also provide best practices for securing critical data and transactions as they travers the entire networked infrastructure. Said by Dr. Peter Welcher, consultant and author of many networking articles in magazines, etc.

Cisco’s SAFE Security Reference Architecture

Campus Topology Design Use a hierarchical, modular approach Minimize the size of bandwidth domains Minimize the size of broadcast domains Provide redundancy Backup paths Mirrored servers Mirror stored data Multiple ways for workstations to reach a router for off-net communications

Campus Topology Design Cisco SAFE Security Reference Architecture - Used to simplify the complexity of a large internetwork - SAFE is concerned with security Defense-in-depth approach were multiple layers of protection are strategically located through-out the network. See page 134 for major design modules

A Simple Campus Redundant Design Host A LAN X Switch 1 Switch 2 LAN Y Host B

Bridges and Switches use Spanning-Tree Protocol (STP) to Avoid Loops Host A LAN X X Switch 1 Switch 2 LAN Y Host B

What is Spanning Tree Protocol? Spanning Tree Protocol (STP) is a layer 2 protocol that prevents logical loops in switched networks that have redundant links. Redundancy in a network may appear to be harmless and needed to maintain connectivity with other devices. One problem occurs when a broadcast frame is sent on the network. Device A sends an ARP request to find the MAC address of device B. The ARP request is sent as a broadcast. Both switches receive the broadcast and both switches flood the broadcast to all of its other connected ports. The end result is a broadcast storm. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

How does ARP work? If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? A second problem occurs with redundant topologies is a single device will receive multiple copies of the same frame. The third problem occurs within the switch itself. The MAC address table can change rapidly and contain wrong information. What happens when neither switch has learned about devices A and B’s location? Device A sends data to device B. Each switch learns about device A is on port 1, and each records this in its MAC address table. The switches haven’t learned about device B yet. Both switches flood the frame to discover device B on their port 2. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? As a result, the MAC address table is overwritten. The switches previously had device A connected to port 1. Because the table changed rapidly, it might be considered unstable. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? What is ARP ? Address Resolution Protocol (ARP) is used when you try to ping an IP address on your local network, say 192.168.1.40, your system has to turn the IP address 192.168.1.40 into a MAC address. This involves using ARP to resolve the address. Systems keep an ARP look-up table where they store information about what IP addresses are associated with what MAC addresses. When trying to send a packet to an IP address, the system will first consult this table to see if it already knows the MAC address. If there is a value cached, ARP is not used. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? If the IP address is not found in the ARP table, the system will then send a broadcast packet to the network using the ARP protocol to ask "who has 192.168.1.40". Because it is a broadcast packet, it is sent to a special MAC address that causes all machines on the network to receive it. Any machine with the requested IP address will reply with an ARP packet that says "I am 192.168.1.40", and this includes the MAC address which can receive packets for that IP. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? On a Linux system, you can display the ARP table with the command "arp -an". # arp -an | grep 10 ? (10.241.1.114) at 00:25:90:3e:dc:fc [ether] on vlan241 ? (10.252.1.8) at 00:c0:b7:76:ac:19 [ether] on vlan244 ? (10.252.1.9) at 00:c0:b7:76:ae:56 [ether] on vlan244 ? (10.241.1.111) at 00:30:48:f2:23:fd [ether] on vlan241 ? (10.252.1.6) at 00:c0:b7:74:fb:9a [ether] on vlan244 ? (10.241.1.121) at 00:25:90:2c:d4:f7 [ether] on vlan241 If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? Radia Perlman is the “Mother of the Internet”. She developed the STP algorithm. One of her publications is “Interconnections”, which every network engineer should read. Spanning Tree Protocol (STP) is a standard. It is based on IEEE 802.1D, which is one of the oldest standards today. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? The design of STP is hierarchical. At the top of the network is the root device, which could be a bridge or switch. The root device makes all decisions regarding which link should be blocked or allow data to flow. Most switches come with a default setting. Normally, this setting is 38464. How is the root device determined? Manually Hard coded If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol?

What is Spanning Tree Protocol? Replicating links is good for improving reliability and availability. Packets are intended to flow on one link at a time. EtherChannel insures that only one link is active at a time in two or a bundle of connections.

What is Spanning Tree Protocol? What is EtherChannel? EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol?

What is Spanning Tree Protocol? When bridges or switches are connected together to form a redundant configuration, this appears again to be harmless. The problem occurs when the switches broadcast to their neighbors to create their routing tables. There is no broadcasting that occurs on the links connecting adjacent switches, but there is on the remaining switch ports.

What is Spanning Tree Protocol?

What is Spanning Tree Protocol? The selection criteria for selecting a root device is based on the lowest priority of the device. Usually, the root device priority is 38463, which is one less than the manufactures default priority (38464). If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol? The root device makes all decisions about which links will pass traffic. In most cases, the root device will shut down the furthest link. A consideration is made based on the speed of the link. cost If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

What is Spanning Tree Protocol?

What is Spanning Tree Protocol? When new switches are installed, they may all have the same default priority number, 38464. The selection criteria for who is going to be the root device, usually results in a “root war” or fight off. If the root war fails to determine a root device, then the lowest MAC address (usually the oldest) is selected.

What is Spanning Tree Protocol?

What is Spanning Tree Protocol? When a link or node fails, the network topology changes. The root device has to adjust the existing/remaining links to make the new configuration reliable and secure. In doing so, it takes approximately 30 seconds before the first packet is sent again. It takes time for these transitions to finalize.

What is Spanning Tree Protocol? STP is the root part of Ethernet. Latest STP standard is IEEE 802.1S

Bridges (Switches) Running STP Participate with other bridges in the election of a single bridge as the Root Bridge. Calculate the distance of the shortest path to the Root Bridge and choose a port (known as the Root Port) that provides the shortest path to the Root Bridge. For each LAN segment, elect a Designated Bridge and a Designated Port on that bridge. The Designated Port is a port on the LAN segment that is closest to the Root Bridge. (All ports on the Root Bridge are Designated Ports.) Select bridge ports to be included in the spanning tree. The ports selected are the Root Ports and Designated Ports. These ports forward traffic. Other ports block traffic. If all ports have equal distance to the Root Bridge, then the Designated Port is chosen by lowest sender Bridge ID. If the IDs are the same, then the port is chosen by lowest Port ID. In general, STP checks for the best information by using these four criteria in the following order: Lowest Root Bridge ID Lowest path cost to the Root Bridge Lowest sender Bridge ID Lowest Port ID See Top-Down Network Design for more details.

Elect a Root Lowest Bridge ID Wins! Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Port 1 Port 2 LAN Segment 1 100-Mbps Ethernet Cost = 19 LAN Segment 2 100-Mbps Ethernet Cost = 19 Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = 80.00.00.00.0C.BB.BB.BB Bridge C ID = 80.00.00.00.0C.CC.CC.CC LAN Segment 3 100-Mbps Ethernet Cost = 19

Determine Root Ports Lowest Cost Wins! Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Lowest Cost Wins! Port 1 Port 2 LAN Segment 1 100-Mbps Ethernet Cost = 19 LAN Segment 2 100-Mbps Ethernet Cost = 19 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = 80.00.00.00.0C.BB.BB.BB Bridge C ID = 80.00.00.00.0C.CC.CC.CC LAN Segment 3 100-Mbps Ethernet Cost = 19

Determine Designated Ports Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Designated Port Designated Port Port 1 Port 2 LAN Segment 1 100-Mbps Ethernet Cost = 19 LAN Segment 2 100-Mbps Ethernet Cost = 19 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = 80.00.00.00.0C.BB.BB.BB Bridge C ID = 80.00.00.00.0C.CC.CC.CC Lowest Bridge ID Wins! LAN Segment 3 100-Mbps Ethernet Cost = 19 Designated Port

Prune Topology into a Tree! Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Designated Port Designated Port Port 1 Port 2 LAN Segment 1 100-Mbps Ethernet Cost = 19 LAN Segment 2 100-Mbps Ethernet Cost = 19 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 X Bridge B ID = 80.00.00.00.0C.BB.BB.BB Bridge C ID = 80.00.00.00.0C.CC.CC.CC LAN Segment 3 100-Mbps Ethernet Cost = 19 Designated Port Blocked Port

React to Changes Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Designated Port Designated Port Port 1 Port 2 LAN Segment 1 LAN Segment 2 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = 80.00.00.00.0C.BB.BB.BB Bridge C ID = 80.00.00.00.0C.CC.CC.CC LAN Segment 3 Designated Port Becomes Disabled Blocked Port Transitions to Forwarding State

Scaling the Spanning Tree Protocol Keep the switched network small It shouldn’t span more than seven switches Use Bridge Protocol Data Units (BPDU) skew detection on Cisco switches Use IEEE 802.1w Provides rapid reconfiguration of the spanning tree. Also known as RSTP

Rapid Spanning Tree Protocol Bridge port states - Discarding is a port that is neither learning MAC addresses nor forwarding user’s frames. - Learning is a port that is learning MAC addresses to populate the MAC address table, but has not yet forwarded user frames - Forwarding is a port that is learning MAC addresses and forwarding user frames.

Rapid Spanning Tree Protocol Converged switched network Bridge port roles - Root port assigned on a non-root bridge, provides lowest cost path to the root bridge. - Designated assigned on a port attached to a LAN, provides lowest cost path to the root bridge. - Alternate assigned to a port that offers an alternative path in the direction of the root bridge to that provided by the bridge’s root port. Considered a discarded port

Rapid Spanning Tree Protocol - Backup assigned to a port on a designated bridge that acts as a backup path provided by a designated port in the direction of the leaves of the spanning tree. - Disabled assigned to a port that is not operational or is excluded from the active topology by network management. Considered a discarded port.

Rapid Spanning Tree Protocol RSTP converges quicker (5 sec) than STP (30 seconds) to a tree topology where the lowest-cost paths are forwarding frames. RSTP archives rapid transition to the forwarding state on edge ports, root ports, and point-to-point links. Edge and root ports can transition to forwarding without transmitting or receiving messages from other bridges.

Rapid Spanning Tree Protocol Port Modes Full-duplex mode port assumed to be point-to-point. Modern switched networks utilize this mode mostly. Half-duplex mode port considered a shared port by default.

Rapid Spanning Tree Protocol Root Bridge High speed Reliable Centered in network topology A switch with the lowest bridge ID Priority field MAC address the lowest MAC address of a switch or bridge

Selecting a Root Bridge Control which switch becomes the root bridge. Reliable High-speed switch in the center of the topology If switches are to elect the root on their own, you will have little control of the direction that traffic flows and the amount of frame-forwarding delay in your network.

Selecting a Root Bridge Control which switch becomes the root bridge. Control of the root bridge is critical because a slow bridge can become the root bridge. If high-speed ports are accidentally removed from the spanning tree it is possible for low-speed ports to take their place because they are closer to the root bridge.

Selecting a Root Bridge The root bridge is the switch with the lowest bridge ID. There are two parts to the bridge ID. 1. Priority field 2. MAC address of the switch If all priorities are set to their default value, the switch with the lowest MAC address becomes root. Manual control of the root bridge is important to maintain high throughput on switched networks.

Virtual LANs (VLANs) An emulation of a standard LAN that allows data transfer to take place without the traditional physical restraints placed on a network A set of devices that belong to an administrative group Designers use VLANs to constrain broadcast traffic

VLANs versus Real LANs Switch A Switch B To understand VLANs, it helps to think about real (non-virtual) LANs first. Imagine two switches that are not connected to each other in any way. Switch A connects stations in Network A and Switch B connects stations in Network B, When Station A1 sends a broadcast, Station A2 and Station A3 receive the broadcast, but none of the stations in Network B receive the broadcast, because the two switches are not connected. This same configuration can be implemented through configuration options in a single switch, with the result looking like the next slide. Station A1 Station A2 Station A3 Station B1 Station B2 Station B3 Network A Network B

A Switch with VLANs Station A1 Station A2 Station A3 VLAN A Station B1 VLAN B Through the configuration of the switch there are now two virtual LANs implemented in a single switch, instead of two separate physical LANs. This is the beauty of VLANs. The broadcast, multicast, and unknown-destination traffic originating with any member of VLAN A is forwarded to all other members of VLAN A, and not to a member of VLAN B. VLAN A has the same properties as a physically separate LAN bounded by routers. The protocol behavior in this slide is exactly the same as the protocol behavior in the previous slide.

VLANs Span Switches Switch A Station B1 Station B2 Station B3 Switch B Station A1 Station A2 Station A3 Station A4 Station A5 Station A6 VLAN B VLAN A VLANs can span multiple switches. In this slide, both switches contain stations that are members of VLAN A and VLAN B. This design introduces a new problem, the solution to which is specified in the IEEE 802.1Q standard and the Cisco proprietary Inter-Switch Link (ISL) protocol. The problem has to do with the forwarding of broadcast, multicast, or unknown-destination frames from a member of a VLAN on one switch to the members of the same VLAN on the other switch. In this slide, all frames going from Switch A to Switch B take the same interconnection path. The 802.1Q standard and Cisco's ISL protocol define a method for Switch B to recognize whether an incoming frame belongs to VLAN A or to VLAN B. As a frame leaves Switch A, a special header is added to the frame, called the VLAN tag. The VLAN tag contains a VLAN identifier (ID) that specifies to which VLAN the frame belongs. Because both switches have been configured to recognize VLAN A and VLAN B, they can exchange frames across the interconnection link, and the recipient switch can determine the VLAN into which those frames should be sent by examining the VLAN tag. The link between the two switches is sometimes called a trunk link or simply a trunk. Trunk links allow the network designer to stitch together VLANs that span multiple switches. A major design consideration is determining the scope of each VLAN and how many switches it should span. Most designers try to keep the scope small. Each VLAN is a broadcast domain. In general, a single broadcast domain should be limited to a few hundred workstations (or other devices, such as IP phones).

WLANs and VLANs A wireless LAN (WLAN) is often implemented as a VLAN Facilitates roaming Users remain in the same VLAN and IP subnet as they roam, so there’s no need to change addressing information Also makes it easier to set up filters (access control lists) to protect the wired network from wireless users

Workstation-to-Router Communication Proxy ARP (not a good idea) Listen for route advertisements (not a great idea either) ICMP router solicitations (not widely used anymore) Default gateway provided by DHCP (better idea but no redundancy) Use Hot Standby Router Protocol (HSRP) for redundancy

HSRP Hot Standby Router Protocol Active Router Enterprise Internetwork Virtual Router Workstation Standby Router

Week Five What is Multi-homing? Multi-homing is to provide more than one connection for a system to access and offer network services. In an enterprise network, multi-homing provides access to more than one entry into the Internet. Example: WAN backup and ISP redundancy If a server has more than one network layer address.

Multi-homing the Internet Connection ISP 1 ISP 1 Enterprise Paris NY Enterprise Option A Option C ISP 1 ISP 2 ISP 1 ISP 2 Enterprise Paris NY Enterprise Option B Option D

Security Topologies DMZ Enterprise Internet Network Web, File, DNS, Mail Servers

Security Topologies Internet Firewall DMZ Enterprise Network Web, File, DNS, Mail Servers

Network Security Definition of Firewall A firewall is a system or combination of systems that enforces a boundary between two or more networks. Router with ACL Firewall should be placed within the network topology so that all traffic from outside the protected network must pass through the firewall. NAT (Network Address Translation)

Definitions ARP (Address Resolution Protocol) used to find a remote station. Traces IP addresses to MAC addresses. RARP (Reverse Address Resolution Protocol) the protocol within TCP/IP stack that maps MAC addresses to IP addresses. RIP (Routing Information Protocol) is commonly used interior gateway protocol in the Internet. RIP employees hop count as a routing metric. Root bridge is used with STP to stop network loops from occurring. The root bridge is elected to have the lowest bridge ID.

Definitions Static routing occurs when an administrator manually adds routes in each router’s routing table. Dynamic routing is when protocols are used to find and update routing tables on routers. Routing Protocols Distance vector – RIP and IGRP Link state - OSPF Hybrid - EIGRP

Summary When a customer provides an RFP, make sure to follow the prescribed format When not bound by an RFP, develop a design document that describes requirements, the existing network, the logical and physical design, an implementation plan, and the budget Be sure to include an executive summary In some cases, you should also include appendixes with detailed information

Summary Use a systematic, top-down approach Plan the logical design before the physical design Topology design should feature hierarchy, redundancy, modularity, and security

Review Questions Why is it important to document your network design? Why is it important to submit an RFP proposal in the exact format prescribed? What are the major topics in a design document? What are some possible appendixes for a design document?

Review Questions Why are hierarchy and modularity important for network designs? What are the three layers of Cisco’s hierarchical network design? What are the major components of Cisco’s enterprise composite network model? What are the advantages and disadvantages of the various options for multihoming an Internet connection?

This Week’s Outcomes Network Design Document Hierarchical Network Design Spanning Tree Protocol VLANs Redundancy VPNs

Due this week 4-2-1 – Simulator Tutorial and Basic IOS Command Exploration

Next week Read chapter 6 in Top-Down Network Design Read chapter 6 in Designing Cisco Internetwork Solutions 5-1 – Concept questions 4 1-5-1 – Network Design Project 1 Switches

Q & A Questions, comments, concerns?