Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Backup Options & Sample WAN Designs. 2 Chapter Topics  WAN Backup Design Options  Sample WAN Designs.

Published byHortense Townsend Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Backup Options & Sample WAN Designs. 2 Chapter Topics  WAN Backup Design Options  Sample WAN Designs."— Presentation transcript:

1 1 Backup Options & Sample WAN Designs

2 2 Chapter Topics  WAN Backup Design Options  Sample WAN Designs

3 3 Dial Backup Routing  Dial-up WAN technologies continue to see use today SOHO WAN connectivity Backup purposes  Designer can ensure connectivity between sites in the event of the failure of the main circuit  Configure routers to monitor the main circuit If there is a failure, the backup line initializes and provides WAN connectivity Terminate the backup when main circuit comes back online

4 4 Dial Backup Example

5 5 How Dial Backup Works  Use Figure 7-1 as a reference: Failure between Routers A & C Router C has an interface configured for backup  This device is notified of the circuit failure between A & C Router C selects the backup ISN interface to establish a connection with B Routing Protocol recalculates the paths to route traffic When connectivity between A & C is reestablished, link between B & C is terminated

6 6 Permanent Secondary WAN Link  This design features more than just the advantage of a redundant backup It also provides additional bandwidth Secondary link can be used for load sharing Use floating static routes and routing protocols to ensure that the link is actually a valid path

7 7 Permanent Secondary WAN Link  Cost of this design is often prohibitive for organizations design might also require more robust networking equipment and expertise providing a permanent backup connection for every main link is not financially practical in some situations

8 8 Shadow PVC  service provider provisions the network with a secondary PVC possible that a service provider will not charge for this additional circuit as long as the load on it remains below a defined level  Much expertise is required when configuring a shadow PVC must ensure the load on the secondary virtual circuit is kept to a minimum

9 9 Internet  “Best Effort,” arrangement No bandwidth guarantees  Security is a significant concern.  Many options for implementing the Internet as a backup option IP routing without constraints GRE tunnels IPSec tunnels

10 10 Internet  Both GRE and IPSec methodologies rely upon tunneling to transmit data over the public Internet Network-layer tunneling involves one Layer 3 protocol transporting another Layer 3 protocol over the network  usually in a secure fashion

11 11 GRE  Defined by IETF RFC 2784  Tunnels IP over other IP networks  Suits small- to medium-sized Internet backup solutions that do not require the greatest degree of security  Suits solutions that use protocols incompatible with IPSec.

12 12 GRE

13 13 GRE  Functions of GRE – Figure 7-2 Network designates packets for transmission across the backup GRE tunnel packets already contain additional information by way of encapsulation  ingress router further encapsulates the packets with a new GRE header router places the packets into a tunnel  packets now feature a destination address of the egress router

14 14 GRE packets arrive at the egress, and this router strips away the GRE encapsulation information Network equipment forwards the packets, which now contain the original IP headers and destination address information

15 15 IPSec  Also provides for tunneling IP over IP networks provides security for these transfers functions at the network layer encapsulates and authenticates IP packets between IPSec routers

16 16 IPSec  Features and benefits Data confidentiality.  Cisco routers encrypt packets prior to their transmission across the network. Data integrity.  Receivers can authenticate packets sent from an IPSec sender.  Ensures that the data has not been altered during transmission.

17 17 IPSec Data origin authentication.  Receivers can authenticate the source of IPSec packets. Antireplay attacks.  Cisco routers can detect and reject replay attempts. Simple deployment for network implementers.  Intermediate systems, such as the backbone (ISP) systems, do not require changes.

18 18 IPSec Completely transparent to the applications running in the network. Utilizes Internet Key Exchange (IKE)  Automation of security key management. Interoperates with the public-key infrastructure (PKI). Compatible with GRE if necessary.

19 19 Sample WAN Designs

20 20 WAN Technologies for Remote Access  This network needs WAN remote-access solutions to accommodate remote users of the network and small offices that do not require constant access.

21 21 WAN Technologies for Remote Access  The designer in this example has gained the following information: The branch-office users should be able to access the central site network seamlessly—as if the users are in that actual network. The remote users need to access the network sporadically to check for e-mail notifications and transfer reports that are typically under 200 KB in size. The branch-office locations require more consistent file transfer access and interactive traffic transfers. Low to medium volume is expected. Two of the branch offices often need to share data directly with each other. This data is mission critical compared to other traffic sent by the branch offices. The client has indicated no performance specifics for the network.

22 22 Possible Solution  Permanent connections between the remote offices and the central site using Frame Relay PVCs  Nonpermanent dial-up connections are appropriate for the remote access users.

23 23 Packet-Switched Network Designs  With regards to the scenario, designer must decide upon the specific Frame Relay topology  Packet-switched networks have three basic designs Star topology Partial-mesh topology Full-mesh topology

24 24 Star Topology  Specifies a core router that serves as the hub for the WAN connections hub-and-spoke topology  Core router connects to each of the branch offices branch offices can only communicate with each other if they pass their communications through the core (hub) router  Simplified and centralized management

25 25 Star Topology  Not without its problems and disadvantages The central hub router represents a single point of failure in the design. If this router fails, WAN communications across all the branch offices are affected. Overall performance of the WAN relies upon a single point. This single point is the hub router; all traffic must pass through this potential bottleneck in the design.

26 26 Partial-Mesh Topology  Virtual circuits that connect many but not all the routers  Reduces the number of routers in the topology that require direct connections to each other  Design might have several “core” or hub routers that act as collection points for non-meshed routers to reach each other

27 27 Partial-Mesh Topology  Advantages to the partial mesh topology include Improved performance Improved redundancy Fewer virtual circuits than full-mesh designs  Disadvantages of a partial mesh topology include Potentially a greater number of virtual circuits than a star topology A greater level of expertise

28 28 Full-Mesh Topology  Each node connects to every other node in the network design  The greatest level of redundancy and performance  Approach is nearly impossible in very large networks due to cost concerns

29 29 Full-Mesh Topology  Advantages of a full-mesh topology include Best possible redundancy Best possible performance when configured properly  Disadvantages include Large costs due to the number of virtual circuits required. There is one for every connection between routers. They typically require large numbers of packet and broadcast replications for transmission to all locations in the network. Configuring routers in full-mesh environment is quite complex—especially in environments with no multicast support.

30 30 Solution

31 31 A WAN Connecting Enterprise Sites  Central site might consist of two facilities that are geographically disparate Must connect these two sites using WAN technology to make them appear as one seamless network Users must be able to access the resources of each site as if they were one site

32 32 A WAN Connecting Enterprise Sites  Designer might recommend the provision of a high-speed point-to- point connection using Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH) Speeds at 155 Mbps or much greater, up to 10 Gbps Costs of this technology depend almost entirely on the bandwidth required and the distance between the two sites

Download ppt "1 Backup Options & Sample WAN Designs. 2 Chapter Topics  WAN Backup Design Options  Sample WAN Designs."

Similar presentations

Nilesh Agre Wedashree Jalukar Neelima Shahi Group Members.

Nilesh Agre Wedashree Jalukar Neelima Shahi Group Members.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
1 Data Link Protocols Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,

1 Data Link Protocols Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.
WAN Technologies Dial-up modem connections Cheap Slow

WAN Technologies Dial-up modem connections Cheap Slow
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Ch.6 - Switches CCNA 3 version 3.0.

Ch.6 - Switches CCNA 3 version 3.0.
Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.
Virtual Private Networking Karlene R. Samuels COSC513.

Virtual Private Networking Karlene R. Samuels COSC513.
LAN Risanuri Hidayat. LAN-Local Area Network A LAN is a high-speed data network that covers a relatively small geographic area. It typically connects.

LAN Risanuri Hidayat. LAN-Local Area Network A LAN is a high-speed data network that covers a relatively small geographic area. It typically connects.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
WAN Technologies. Objectives WAN Technologies Overview WAN Technologies WAN Design.

WAN Technologies. Objectives WAN Technologies Overview WAN Technologies WAN Design.
Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0.

Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Similar presentations

Ads by Google