1. CSE 550 Computer Network Design Dr. Mohammed H. Sqalli COE, KFUPM Spring 2007 (Term 062)

2. CSE-550-T062 Lecture Notes - 22 Outline Analyzing Business Goals Analyzing Business Constraints Analyzing Technical Goals

3. CSE-550-T062 Lecture Notes - 23 Customer’s Requirements - Understanding the Customer - A good network design must recognize the customer’s requirements - need to make sure your design meets THEIR needs and not just YOURS! The “Customer” may be your own firm, the “who” you are designing the network for Need an overview of a customer’s requirements The best designed network will fail miserably without the support of people

4. Analyzing Business Goals

5. CSE-550-T062 Lecture Notes - 25 Working with the Client Before we look at the technical details, we first start at the business goals Start with researching your client’s business what industry they are in their market their suppliers their products their services their competitive advantages

6. CSE-550-T062 Lecture Notes - 26 Need to understand the organizational structure of the company departments lines of business vendors partners field or remote offices This will help locating major user communities and characterizing traffic flow Working with the Client

7. CSE-550-T062 Lecture Notes - 27 When you understand the corporate structure, you will also identify who the key decision makers are, who will have the final say on your network design proposal You need to understand what the overall goals of the network design project are – It should be clearly stated by the client Working with the Client

8. CSE-550-T062 Lecture Notes - 28 Questions to Ask Why are they embarking on this new network design project? What will the new network be used for? How does the customer think the new network will improve their business? What is the criteria to be used to judge the network? – What goals must be met for the customer to be satisfied?

9. CSE-550-T062 Lecture Notes - 29 Success Criteria What makes the network design a success? Success could be based on: Operational savings (employees are more productive) Ability to increase revenue or build partnership You need to know what “Success” mean for the different “stakeholders”: company executives managers end users network administrators system programmers any other person or group who has a stake in the network design project

10. CSE-550-T062 Lecture Notes - 210 Failure Consequences What happens if the network design project fails? What happens if the project does not meet specifications? How visible is the project to upper-level management? Will success (or possible failure) of the project be visible to executives? To what extent could unforeseen behavior of the new network disrupt business operations?

11. CSE-550-T062 Lecture Notes - 211 Changes in Enterprise Networks Modern companies are based on an open and collaborative environment: Provides access to information and services for many constituents: customers, vendors, suppliers, and employees Network Organization Model (Cisco) Interactive partnership with suppliers Ability to share information saves time and money for the company and for its partners Security issues should be considered

12. CSE-550-T062 Lecture Notes - 212 Changes in Enterprise Networks - Networks Must Make Business Sense - Network designers must choose solutions that solve a business manager’s problem Networks applications have become mission critical But, companies are reducing operational costs Increase individual productivity as head count remains constant or shrinks in many companies Increased use of IP telephony to save money and reduce need for specialized engineers Network design practices must keep up with these changes

13. CSE-550-T062 Lecture Notes - 213 Changes in Enterprise Networks - The Need to Support Mobile Users - Users expect network performance to be uniform, regardless of user and data locations Security and reliability are also needed Challenge for designers: Develop secure, resilient, and manageable solutions that allow users to work efficiently from any location Build secure networks combining both wired and wireless infrastructures

14. CSE-550-T062 Lecture Notes - 214 Changes in Enterprise Networks - Importance of Network Security and Resiliency - Security: top of the list requirement for many companies Availability goal is linked to goals for security: A network can’t be available if security breaches disable the network devices and applications Quick network recovery is also very crucial Networks must be resilient: Diversity and complexity of networks makes this more difficult (pose many security and stability risks) Need for business continuity during and after a disaster (redundancy and well-planned disaster recovery strategy) Vulnerabilities analysis: customer need to determine which network capabilities are critical and which facilities provide them Geographical diversity of mission-critical capabilities could be a lifesaver for companies in case of disasters

15. CSE-550-T062 Lecture Notes - 215 Typical Business Goals Increase revenue and profit Expand into new markets Reduce costs Improve corporate communications Increase competitive advantages Increase employee productivity Shorten product-development cycles Offer new customer services Open the network to key constituents Modernize outdated technologies Improve network security and reliability

16. CSE-550-T062 Lecture Notes - 216 Scope of Network Design Project Small …………... Large Small, e.g., allow few people in a sales office to access the enterprise network via a VPN Large, e.g., entire enterprise network New network vs. Existing one Customer defines the scope Discuss with the customer the scope and any related concerns Project schedules should match the scope Gather all requirements about sites, links, and devices Use the 7 layers of the OSI reference model, if needed Terms that can be used: segment, LAN, building network, campus network, remote access, WAN, enterprise network (internetwork)

17. CSE-550-T062 Lecture Notes - 217 Customer’s Network Applications Current and new applications must be identified: Name of application: defined by the customer Type of application: User applications: email, web browsing, calendar, medical imaging, videoconferencing, IP telephony, sales order entry, computer-aided design, distance learning, e-commerce, financial modeling, HR management, etc. System applications: user authentication and authorization, host naming and name resolution, dynamic host addressing, network management, etc. New application? (Yes, No) Criticality: Extremely critical (1), somewhat critical (2), not critical (3) Comments: e.g., plans to stop using an application in the future

18. Analyzing Business Constraints

19. CSE-550-T062 Lecture Notes - 219 Politics and Policies It is a mistake to ignore non-technical issues Politics Listen rather than talk Learn about hidden agendas, previous network design failures and reasons for that, etc. Are there people who want the project to fail? Find out the advocates and opponents Will any jobs be eliminated? Learn about the company’s business style: Tolerance to risk (conservative vs. state-of-the-art network) What is the meaning of testing a design (e.g., VoIP)?

20. CSE-550-T062 Lecture Notes - 220 Politics and Policies Policies Learn about any “forbidden technologies” Determine if the company has standardized on any protocol Any policy regarding open vs. proprietary solutions Any approved vendors or platforms Any distributed authority for network design and implementation (e.g., purchases, applications) Who the decision-makers for the project are Any policy related to legal, regulatory, or contractual requirements, e.g., accounting, security, and privacy

21. CSE-550-T062 Lecture Notes - 221 Budgetary and Staffing Constraints Your design must fit the budget Include allocations for equipment purchases, licenses, maintenance, support, testing, training, staffing, consulting, and outsourcing expenses Analyze in-house expertise (abilities of networking staff) Recommend training or outsourcing? Determine who controls the network budget, and how much control they have A common network design goal is to contain costs Limited budgets often force designers to select the most affordable solution instead of the best one Develop a return on investment (ROI) analysis, and make a business case

22. CSE-550-T062 Lecture Notes - 222 Project Scheduling Review with customer timeframe of the project Final due date Intermediate and major milestones Include circuit disconnect or circuit capacity changes in the schedule Document changes to help in troubleshooting Point out any concerns you have about the schedule

23. CSE-550-T062 Lecture Notes - 223 Business Goals Checklist Use a checklist to determine what information has to be gathered: customer’s industry and competition, corporate culture, business goals, mission critical operations, criteria for success and ramifications of failure, scope, network applications, policies, politics, budget, schedule, and staff expertise and training Gather as much as possible the information needed Document what is missing Don’t stall the project to gather every detail The design methodology will still work even if some data is missing after you do your analysis

24. Analyzing Technical Goals

25. CSE-550-T062 Lecture Notes - 225 Analyzing Technical Goals Now that we have discussed the Business Goals, let us examine the Technical Goals that we need to understand and should reflect in the design of a network You need to match your network design to fit the customers technical needs

26. CSE-550-T062 Lecture Notes - 226 Technical Goals & Constraints Scalability Availability Network Performance Utilization, Throughput, Accuracy, Efficiency, Delay, and Response Time Security Manageability Usability Adaptability Affordability

27. CSE-550-T062 Lecture Notes - 227 Scalability Scalability - how much growth a network design must support Need to examine the network needs in the next few years – 1, 2, and 5 years Key points to understand How many more sites will be added? How extensive will the networks be at each new site? How many more users will be added? How many more servers will be added?

28. CSE-550-T062 Lecture Notes - 228 Scalability - Expanding Access to Data - Making more data available to users (Business goal)  Scaling and upgrading enterprise networks (Technical goal): Connect separated departmental LANs Solve LAN/WAN bottleneck problems caused by increased traffic Provide centralized servers (e.g., server farms) Merge different networks (e.g., SNA with IP) Add new sites to support new offices and telecommuters Add new sites and services to support secure communication with different constituents

29. CSE-550-T062 Lecture Notes - 229 Scalability - Constraints - Certain technologies may not scale well Broadcast traffic affects the scalability of the network Example: flat network topology with L2 switches + applications and protocols that send many broadcast frames Scalability goals are revisited in the design process (iterative)

30. CSE-550-T062 Lecture Notes - 230 Availability Availability is the amount of time a network is available to users Can be expressed as percent uptime (per year, month, etc.) 165 hours in 168 hours/week = 98.21% Redundancy is a solution to a goal of high availability Redundancy means adding duplicate links or devices to avoid downtime → Higher cost Availability is also associated with resiliency Good resiliency → Good availability Availability is also tied to disaster recovery

31. CSE-550-T062 Lecture Notes - 231 Availability Network management tools provide immediate alerts upon failures and information to make a quick fix Cost of downtime For each critical application, document how much money is lost per hour (or per minute) of downtime Help decide on the level of redundancy needed

32. CSE-550-T062 Lecture Notes - 232 Availability - Specifying Requirements - Specify availability with precision: 99.70% – 30 minutes outage per week 99.95% – 5 minutes outage per week A timeframe should also be specified with the percent uptime: 30 minutes outage in a workday may not be acceptable 30 minutes outage in a weekend might be ok A time unit should also be specified: 99.70% – 30 minutes outage at once (intolerable) 99.70% – 10.70 seconds outage every hour (tolerable) Five Nines Availability (99.999%) For all vs. some processes All the time vs. sometime Harder to achieve for a complex internetwork Very costly

33. CSE-550-T062 Lecture Notes - 233 Network Performance There are several measures to look at: Utilization Throughput Accuracy Efficiency – A key measure Protocol Frame Size, Protocol Overhead, and Routing Protocol Overhead Delay Response Time

34. CSE-550-T062 Lecture Notes - 234 Network Performance Goals Analysis of network performance goals is tightly tied to: Analysis of the existing network - Help determine what changes should be made to meet these goals Scalability goals – Understanding of plans for network growth are necessary before analysis of performance goals

35. CSE-550-T062 Lecture Notes - 235 Network Performance - Utilization Utilization is the percent of total available capacity (bandwidth) in use Utilization is a measurement of the bandwidth used during a time period A customer’s goal could be for the maximum average network utilization allowed on a segment For WANs, optimum average network utilization is ~70% Some technologies can reduce utilization on WANs (e.g., compression)

36. CSE-550-T062 Lecture Notes - 236 Network Performance - Utilization For shared Ethernet LANs, average utilization should not exceed 37% to avoid excessive collision rates At ~37% utilization (with 50 stations), Ethernet frames experience more delay that token ring frames 37% rule does not apply with small number of stations Full duplex improves performance, mainly for servers (no collisions) Upgrading from half-duplex to full duplex and replacing hubs with switches is a common goal for some customers, and is straightforward Average utilization will be exceeded during bursts If utilization > 70% → Time to upgrade !

37. CSE-550-T062 Lecture Notes - 237 Network Performance - Throughput Throughput is defined as the quantity of error-free data successfully transferred between nodes per unit of time Throughput should increase as offered load increases (theoretically) Offered load is the data that all nodes have to send at a particular moment of time Throughput depends on network access method, the load on the network, and the error rate Throughput is the maximum rate at which a device can forward packets without dropping any packets, expressed in packets per second (PPS)

38. CSE-550-T062 Lecture Notes - 238 Network Performance - Throughput Vendors publish PPS ratings of their products: PPS values for small frames are much higher than PPS values for large frames Many devices can forward packets at the theoretical maximum (calculated by dividing bandwidth by packet size, including headers, preambles, and interframe gaps) Examples (100-Mbps Ethernet stream): Frame size (in Bytes): 64 → Max 148,800 PPS Frame size (in Bytes): 128 → Max 84,450 PPS Frame size (in Bytes): 1518 → Max 8120 PPS PPS value for a multiport device is much higher Example: 400 million PPS for Cisco’s Catalyst 6500 switch

39. CSE-550-T062 Lecture Notes - 239 Network Performance - Goodput Goodput refers to the Application layer throughput Most users are more concerned about goodput Possible to increase throughput but not goodput (if extra data transmitted is overhead or retransmissions) Goodput is measured in KBps or MBps Some applications can benefit more from a maximized goodput, e.g., file transfer, and database applications Goodput constrained by many factors, including: End-to-end error rates Protocol functions, e.g., handshaking Lost packets Workstation and server performance factors, e.g., memory performance

40. CSE-550-T062 Lecture Notes - 240 Network Performance - Accuracy Accuracy is a measure to ensure that the data received at the destination is the same as the data sent by the source Accuracy = # of error-free frames transmitted / Total number of frames Data errors are caused by power surges, or spikes, poor physical connections, failing devices, and electrical machinery noise Frames with errors must be retransmitted → Negative effect on throughput

41. CSE-550-T062 Lecture Notes - 241 Network Performance - Accuracy For WANs, Accuracy can be expressed in Bit Error Rate (BER), typically: 1 in 10 5 for analog links 1 in 10 6 for copper links 1 in 10 11 for fiber-optic links If error rate > specified BER → Accuracy is unacceptable For LANs, a good threshold to use is that there should not be more than one bad frame per 10 6 bytes of data On shared Ethernet, errors are often the result of collisions

42. CSE-550-T062 Lecture Notes - 242 Network Performance - Efficiency We measure how effective an operation is in comparison to the cost in effort, time, etc. Efficiency specifies how much “overhead” is needed to send traffic across the network - the traffic has our data in it Example: Shared Ethernet is inefficient when the collision rate is high Overhead is due to several factors, including: Network Protocol Frame Size Network Protocol Overhead Routing Protocol Overheads

43. CSE-550-T062 Lecture Notes - 243 Efficiency - Network Protocol Frame Sizes - Using a large frame: Maximizes the amount of useful application data compared to header data Improves application layer throughput Uses bandwidth more efficiently than small frames

44. CSE-550-T062 Lecture Notes - 244 Efficiency - Network Protocol Frame Sizes - Maximum frame size is a tradeoff with the BER Larger frames are more likely to be hit by an error → retransmission → time and effort wasted → reduces efficiency Because errors exist, frame sizes are limited to maximize efficiency and provide fairness

45. CSE-550-T062 Lecture Notes - 245 Efficiency - Network Protocol Overhead - Data is packaged in protocol frames that contain overhead data Large frame headers are one cause for inefficiency Some protocol frames have more overhead than others: Ethernet - 38 bytes per frame IP - 20 bytes per frame TCP - 20 bytes per frame IPX - 30 bytes per frame ATM - 5 bytes per cell

46. CSE-550-T062 Lecture Notes - 246 Efficiency - Network Protocol Overhead - Token Ring w/ LLC Ethernet w/ LLC 802.2 – Logical Link Control header used with Ethernet and Token Ring

47. CSE-550-T062 Lecture Notes - 247 Efficiency - Routing Protocol Overheads - Each routing protocol also uses up network bandwidth IP RIP - every 30 seconds sends 532 byte packets IP IGRP - every 90 seconds sends 1,488 byte packets

48. CSE-550-T062 Lecture Notes - 248 Network Performance - Efficiency - Summary - You want to use a protocol that has a large frame size, and one that also needs only small header information in each frame You want an efficient Routing Protocol This allows us to transfer more data at a higher efficiency across our network!

49. CSE-550-T062 Lecture Notes - 249 Network Performance - Delay Interactive applications require minimal delay when receiving a data stream Delay must be constant for voice and video applications Otherwise, we get delay variations (jitter) causing disruptions in voice quality and jumpiness in video streams Rule of thumb: Jitter must be < 1-2% of Delay ATM supports traffic that is sensitive to delay and jitter Applications using the Telnet protocol are also sensitive to delay Delay can be caused by physics, and by network devices that move the data within a network (use buffers to minimize this effect)

50. CSE-550-T062 Lecture Notes - 250 Network Performance - Types of Delay Any signal experiences a propagation delay: Intercontinental satellite hop: 270 ms Terrestrial cable connections: 1ms ( per 200km) Serialization delay: Time to put data onto a transmission line 1024-byte packet on a 1.544 Mbps T1 line: 5ms Packet-switching delay: latency due to forwarding data by switches and routers High-end switches: 5-20 μs for 64-byte Ethernet frames. Depends on the type and number of features enabled, such as: QoS, NAT, IPSec, filtering, etc. Customer requirements drive these Includes queuing delay

51. CSE-550-T062 Lecture Notes - 251 Network Performance - Queuing Delay Queuing delay is the number of packets in a queue on a packet-switching device As utilization increases, more packets must wait in the queue before being put on the wire Queue size increases exponentially Queue depth = Utilization / (1-Utilization)

52. CSE-550-T062 Lecture Notes - 252 Network Performance - Response Time Response time is a network performance goal that users care about most Users recognize the amount of time to receive a response from the network system Users begin to get frustrated when response time is more than ~100ms (.1 seconds) for interactive applications For bulk applications, 10-20 seconds (or even more) is usually acceptable

53. CSE-550-T062 Lecture Notes - 253 Security Security design is getting to be one of the most important aspects of network design Increased threats from inside and outside the enterprise network Network design must ensure against: Disruption of business activity Inappropriate access, damage, or loss of business data and other assets Planning is the first step in security design Identify network assets that must be protected Analyze security risks Develop requirements Tradeoffs to consider with security design Cost (not to exceed the cost to recover from security incidents) Users’ productivity and ease of use Redundancy (security devices may become bottlenecks)

54. CSE-550-T062 Lecture Notes - 254 Security - Identify Network Assets The network designer must identify: Network assets that must be protected Value of these assets Expected cost associated with the loss of these assets Assets that are critical to the business’ mission Network assets include: Hardware - networking devices including firewalls Software & Applications Data - e.g., engineering blueprints, competitive analysis documents Network user’s time - e.g., getting rid of a virus Intellectual property, Trade secrets, and Company’s reputation Integrity and confidentiality of data must be protected from hackers

55. CSE-550-T062 Lecture Notes - 255 Security - Analyze Security Risks Analyze potential threats, their likelihood, and severity Risk management is a continuous process: Building a security policy Secure network design Risk assessment includes: Analysis of the danger of not taking any action Ask the customer about the risks of not implementing security: How sensitive is the customer’s data? What would be the cost of: Accessing data Stealing trade secrets Someone changing data Network being down due to a security breach

56. CSE-550-T062 Lecture Notes - 256 Security - Analyze Security Risks A compromised network device presents one of the biggest risks that must be managed: Data can be intercepted Other devices can be compromised (due to trust among devices) User passwords can be compromised Configurations of the device can be altered Hackers may be disguised as customers, repair technicians, etc. to gain network access Hackers may use wireless devices to gain access to the corporate network even from outside the company’s buildings Attacks may come from internal users as well: errors, downloads from untrusted sites, and malicious acts

57. CSE-550-T062 Lecture Notes - 257 Security - Analyze Security Risks Reconnaissance attacks: Provide information about potential targets and their weaknesses Carried out in preparation of a more focused attack against a target Denial-of-Service (DoS) attacks: Target the availability of a network, host, or application Make it impossible for legitimate users to gain access Simple to conduct May cause significant downtime

58. CSE-550-T062 Lecture Notes - 258 Security - Develop Security Requirements Security problems should not disrupt an organization’s ability to conduct business This is the most basic requirement for every organization Protect assets from being incapacitated, stolen, altered, or harmed Develop and select procedures and technologies to ensure: Data confidentiality Data integrity System and data availability

59. CSE-550-T062 Lecture Notes - 259 Security - Develop Security Requirements More specific requirements include: Let outsiders access data on public servers Authorize and authenticate remote and mobile users Detect intruders and isolate the amount of damage they do Authenticate routing-table updates Protect data transmitted to remote sites across a VPN Physically secure hosts and internetworking devices Logically secure hosts and internetworking devices with user accounts and access rights Protect applications and data from software viruses Train users and managers on security risks and how to avoid security problems Implement copyright or other legal methods of protecting products and Intellectual property

60. CSE-550-T062 Lecture Notes - 260 Manageability Document your client’s manageability plans, if they exist Only equipment supporting the management functions required by a customer are considered There are different ways to manage a network and different things to manage ISO defines 5 functional areas in the network management model (FCAPS): Fault management Configuration management Accounting management Performance management Security management

61. CSE-550-T062 Lecture Notes - 261 Usability Usability refers to the ease-of-use with which network users can access the network and services Focus is on making the network users’ job easier Plan to maximize usability by deploying: User-friendly, host naming schemes and easy-to-use configuration methods that use dynamic protocols, such as DHCP Usability might include a need for mobility: Recognize the need for wireless and VPN solutions Some network design components may have a negative affect on usability Example: strict security policies

62. CSE-550-T062 Lecture Notes - 262 Adaptability Ensure that the network can implement new technologies in the future Try to avoid incorporating elements that would make it hard to implement new technologies in the future A good network design can adapt to new technologies and changes Changes can come from, new protocols, new business practices, etc. A flexible network can also adapt to changing traffic patterns and quality of service (QoS) requirements Another aspect: How quickly internetwork devices must adapt to problems and to upgrades

63. CSE-550-T062 Lecture Notes - 263 Affordability Affordability is sometimes called cost-effectiveness Network should carry the maximum amount of traffic for a given cost Financial costs include: Nonrecurring equipment costs Recurring network operating costs For campus networks: Low cost is often more important than availability and performance For enterprise networks: Availability is usually more important than low cost

64. CSE-550-T062 Lecture Notes - 264 Affordability Monthly charges for WAN circuits are the most expensive aspect. These can be reduced by having a good WAN design: Use of a routing protocol that minimizes WAN traffic Consolidate parallel leased lines carrying voice and data Improve efficiency of WAN circuits (e.g., compression) Use technologies that support oversubscription (e.g., cell and frame switching) Another expensive aspect of running a network is the cost of hiring, training, and maintaining personnel to operate and manage the network. This can be reduced by: Select devices that are easy to configure, operate, maintain, and manage Select a network design that is easy to understand and troubleshoot Develop a good network documentation Select applications and protocols that are easy to use

65. CSE-550-T062 Lecture Notes - 265 Network Design Tradeoffs Availability (Redundancy) vs. Cost Performance vs. Cost Security vs. Cost Security vs. Ease-of-use Scalability vs. Availability Throughput vs. Delay (different application) Qualified Personnel vs. Cost (training) Qualified Personnel vs. Features (less) To Analyze tradeoffs, ask you customer to: Identify a single driving network design goal Prioritize the other goals Add up how much (%) they want to spend on each goal Different groups may have different priorities and views Document groups’ goals and overall goals

66. CSE-550-T062 Lecture Notes - 266 Summary Analyzing Business Goals Analyzing Business Constraints Analyzing Technical Goals Scalability Availability Network Performance: Utilization, Throughput, Accuracy, Efficiency, Delay, and Response Time Security Manageability Usability Adaptability Affordability Network Design Tradeoffs

67. CSE-550-T062 Lecture Notes - 267 References P. Oppenheimer, “Top-Down Network Design,” Cisco Press, 2nd edition, 2004 Dr. Khalid Salah (ICS, KFUPM), CSE 550 Lecture Slides, Term 032