Difference between revisions of "CCDA - en/Enterprise LAN design"

From Teknologisk videncenter
Jump to: navigation, search
m (Created page with " =Materials= *Network design chapter 3 (Loads PDF) ==Reading plan== Unless you are preparing for the CCDA certification, you don't...")
 
m (Distribution Layer)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
 
=Materials=
 
=Materials=
 
*[[Media:Netværksdesign_I_-_Chapter_3.pdf|Network design chapter 3]] (Loads PDF)
 
*[[Media:Netværksdesign_I_-_Chapter_3.pdf|Network design chapter 3]] (Loads PDF)
Line 54: Line 53:
 
*Wire Speed on all ports.
 
*Wire Speed on all ports.
 
*Link redundancy.
 
*Link redundancy.
*Use [[FHRP]] for example [[HSRP]] or [[GLBP]] is using OSI layer 2 links to Access Switches.
+
*Use [[FHRP]] for example [[HSRP]] or [[GLBP]] if using OSI layer 2 links to Access Switches.
 
*Use OSI Lag 3 links between Distribution and Core layer for faster convergens and load balancing.
 
*Use OSI Lag 3 links between Distribution and Core layer for faster convergens and load balancing.
 
*Use distributionsswitches to connect [[VLAN]] on more than one Access Switches.
 
*Use distributionsswitches to connect [[VLAN]] on more than one Access Switches.
Line 99: Line 98:
 
[[Image:CCDA3 Collapsed Core.png|thumb|left|500px|Medium sized network (Collapsed Core)]]
 
[[Image:CCDA3 Collapsed Core.png|thumb|left|500px|Medium sized network (Collapsed Core)]]
 
|}
 
|}
== Små netværk og opkobling af mindre filialer ==
+
== Small network and connection of small branches ==
Mindre netværk og mindre filialer er ofte koblet op til hovedkontoret med en mindre Router. Routeren fjerner Broadcast trafik fra WAN forbindelsen.
+
Smaller network and branches are usually connected to the HQ using a small Router. The Router removes Broadcast traffic from the WAN connection.
 
{|
 
{|
 
|
 
|
[[Image:CCDA3 Small LAN.png|thumb|left|500px|Opkobling af mindre netværk (Remote Site LAN)]]
+
[[Image:CCDA3 Small LAN.png|thumb|left|500px|Connection of small Network. (Remote Site LAN)]]
 
|}
 
|}
== Server Farm modul ==
+
== Server Farm module ==
Server Farm modulet eller data centeret giver højhastigheds adgang til servere for Campuset. Servere tilsluttes Switche med 1 eller 10 Gbps Ethernet. I visse tilfælde anvendes [[EtherChannel]]
+
The Server Farm module or Data Center gives high speed access to servers in the Campus. The Servers are connected to Switches with 1, 10 or 40 Gbps Ethernet. I some cases [[EtherChannel]] are used.
 
{|
 
{|
 
|
 
|
 
[[Image:CCDA3 ServerFarm.png|thumb|left|500px|Serverfarm]]
 
[[Image:CCDA3 ServerFarm.png|thumb|left|500px|Serverfarm]]
 
|}
 
|}
=== OPkobling af Servere ===
+
=== Connection of Servers ===
 
*Single NIC
 
*Single NIC
 
*Dual NIC [[EtherChannel]]
 
*Dual NIC [[EtherChannel]]
*Content Switching (Flere servere er frontend)
+
*Content Switching (Two or more servers acts as frontend)
 
== Enterprise Data Center infrastructure ==
 
== Enterprise Data Center infrastructure ==
 
{|
 
{|
Line 120: Line 119:
 
[[Image:CCDA3 Enterprise Data Center.png|thumb|left|500px|Enterprise Data Center]]
 
[[Image:CCDA3 Enterprise Data Center.png|thumb|left|500px|Enterprise Data Center]]
 
|}
 
|}
Data Centeret ('''DC''') giver high performance/low latency lag 2 switching og supporterer servere med enkelte og dobbelte netkort. Det foretrukne design er lag 2 i access laget og lag 3 i distributionslaget. Blade Chassiss<ref>http://www.sun.com/servers/blades/products.jsp</ref> med integrerede Switche er blevet en populær løsning.
+
Data Centeret ('''DC''') gives high performance/low latency Layer 2 switching and supporters servers with single or dual NIC'st. Best practice design is Layer 2 in the access layer and Layer 3 in the Distribution Layer. Blade Chassiss<ref>http://www.sun.com/servers/blades/products.jsp</ref> with integrated Switches is a popular solution.
  
Data center Aggregation Layer (Distribution Layer) aggregerer - samler trafikken - og
+
Data center Aggregation Layer (Distribution Layer) aggregates the traffic - and
*Kan ''Load Balance'' trafikken mellem flere servere
+
*''Load Balance''s the traffic between several servers.
*Kan offloade servere med ''SSL'' trafik ved at terminere krypteringen i enheder.
+
*Can offload servers using ''SSL'' traffic by terminating encryption/decryption in dedicated units, offloading the servers.
*Har ''Firewalls'' til at kontrollere adgangen.
+
*Incorporate Firewalls and Intrusion Detaction Services - [[IDS]] - to limit access.
*Har ''Intrusion Detection Services'' [[IDS]]
 
 
== Campus LAN Quality of Service ==
 
== Campus LAN Quality of Service ==
Klassifikation og mærkning af [[QoS]] foregår i Access Laget og Enterprise Edge (ud mod verden) og indføre [[QoS]]politikker i Distributions laget.
+
Classification and marking of [[QoS]] are responsibilities of the Access layer and the Enterprise Edge and incorporation QoS polices in the Ristribution Layer.  
  
 
{|
 
{|
Line 134: Line 132:
 
|[[Image:CCDA3 102.png  |thumb|left|500px|IEEE802.1p/802.1Q CoS]]
 
|[[Image:CCDA3 102.png  |thumb|left|500px|IEEE802.1p/802.1Q CoS]]
 
|-
 
|-
|[[Image:CCDA3 103.png  |thumb|left|500px|Klassificer og marker så tæt på afsenderen som muligt]]
+
|[[Image:CCDA3 103.png  |thumb|left|500px|Classify and mark packets as close to the source as possible.]]
 
|}
 
|}
= Multicast trafik=
+
= Multicast traffic=
Internet Group Management Protocol - [[IGMP]] - er en protokol som anvendes mellem ''hosts'' og den lokale Lag 3 switch. Hostene anvender [[IGMP]] stil at melde sig ind og ud af Multicast grupper - altså hvilke multicast datastrømme de ønsker at lytte til.  
+
Internet Group Management Protocol - [[IGMP]] - is a protocol sused between ''hosts'' and the local Layer 3 switch. The hosts uses [[IGMP]] to join or leave Multicast groups.  
  
Når der anvendes Multicast i Campus er det vigtigt at overveje hvorledes Lag 2 Switche - Access lag - behandler Multicast. For at undgå lag 2 Switche sender multicast trafik ud af alle porte kan der anvendes [[IP_Multicast#Multicast_traffic_considerations|CGMP]] eller [[IP_Multicast#Multicast_traffic_considerations|IGMP Snooping]].
+
When Multicast are used in the Campus network it is important to consider how Layer 2 swithces handles Multicast. To avoid Layer 2 switches Broadcasts Multicast traffic use [[IP_Multicast#Multicast_traffic_considerations|CGMP]] or [[IP_Multicast#Multicast_traffic_considerations|IGMP Snooping]].
  
 
= references =
 
= references =

Latest revision as of 10:37, 18 September 2016

Materials

Reading plan

Unless you are preparing for the CCDA certification, you don't need to read the following subjects

  • 10BASE5 and 10BASE2
  • Token Ring
  • Repeaters
  • HUB
  • Bridges
  • 5-4-3 rule

LAN media

Enterprise campus

Best Pratice for Hierarchical Layers

Access Lag

  • Limit VLAN's to the rack closet
  • Use RPVST+ if it is necessary to use VTP
  • Configure VLAN Dynamic Trunking Protocol (DTP) to Desirable/Desirable with negotiation disabled.
  • Prune VLAN manuelly to reduce broadcasts.
  • Use VTP is transparant mode. No common VLAN database necessary.
  • Disable Trunking on access ports. More swcurity and will make Portfast work faster.
  • Consider using Routing in the Access Layer to get fast convergence and load-balancing.
A1(config-if)#<input>do show run int fa0/1</input>
interface FastEthernet0/1
 description Accessport USER
 no ip address
end

A1(config-if)#<input>switchport host</input>
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

A1(config-if)#<input>do show run int fa0/1</input>
interface FastEthernet0/1
 description Accessport USER
 <notice>switchport mode access</notice>
 no ip address
 <notice>spanning-tree portfast</notice>
end

Distribution Layer

Distribution layer
  • Wire Speed on all ports.
  • Link redundancy.
  • Use FHRP for example HSRP or GLBP if using OSI layer 2 links to Access Switches.
  • Use OSI Lag 3 links between Distribution and Core layer for faster convergens and load balancing.
  • Use distributionsswitches to connect VLAN on more than one Access Switches.
  • Summarize Routes from Distribution to Core layer reducing Routing overhead.
  • Byg Layer 3 triangles, not squares, as shown on the diagram below.
Use triangles not squares

Core Layer

Dependent on the size of the network you could inplement a Core Layer. In Campus size network the Core Layer function is high-speed Layer 3 switching between the switch blocks.

Core Layer in Campus sized network
  • Use Layer 3 Switches in the Core Layer

Network in big buildings

The Network in big buildings er segmented i floors and/or departments.

Access and Distribution Layer example in big building

Enterprise Campus Network

A campus network connects to or more building in a limited geographical area. An Enterprise consists of two or more Campuses.

  • Each building is assigned IP address spans allowing route summarization.
  • Each campus is assigned IP address span allowing Campus Route summarization to reduce routing overhead.
    • Design a logical IP address paln for example 10.campus.building.X or similar.

Edge distribution

  • Edge distribution is the interface between a Campus and the surrounding world.
    • Other Campuses in the same Enterprise
    • VPN
    • Internet

Edge Distribution protects Campus against:

  • IP Spoofing (Edge Distribution Layer protects Core layer from announcing illegal IP addresses)
  • Unauthorized access to the Core.
  • Network Reconnaissance (Blocking trafic used by Crackers to recognder kan benyttes til at reconnoiter the network)
  • Packet sniffers - (Separate Broadcast zones and limit traffic which can be sniffed)

Medium size networks

Medium sized network consists of 200 to 1000 network units. Distribution and Corelayer are often integrated in the same units. Called Collapsed Core.

Medium sized network (Collapsed Core)

Small network and connection of small branches

Smaller network and branches are usually connected to the HQ using a small Router. The Router removes Broadcast traffic from the WAN connection.

Connection of small Network. (Remote Site LAN)

Server Farm module

The Server Farm module or Data Center gives high speed access to servers in the Campus. The Servers are connected to Switches with 1, 10 or 40 Gbps Ethernet. I some cases EtherChannel are used.

Serverfarm

Connection of Servers

  • Single NIC
  • Dual NIC EtherChannel
  • Content Switching (Two or more servers acts as frontend)

Enterprise Data Center infrastructure

Enterprise Data Center

Data Centeret (DC) gives high performance/low latency Layer 2 switching and supporters servers with single or dual NIC'st. Best practice design is Layer 2 in the access layer and Layer 3 in the Distribution Layer. Blade Chassiss[1] with integrated Switches is a popular solution.

Data center Aggregation Layer (Distribution Layer) aggregates the traffic - and

  • Load Balances the traffic between several servers.
  • Can offload servers using SSL traffic by terminating encryption/decryption in dedicated units, offloading the servers.
  • Incorporate Firewalls and Intrusion Detaction Services - IDS - to limit access.

Campus LAN Quality of Service

Classification and marking of QoS are responsibilities of the Access layer and the Enterprise Edge and incorporation QoS polices in the Ristribution Layer.

ISL CoS
IEEE802.1p/802.1Q CoS
Classify and mark packets as close to the source as possible.

Multicast traffic

Internet Group Management Protocol - IGMP - is a protocol sused between hosts and the local Layer 3 switch. The hosts uses IGMP to join or leave Multicast groups.

When Multicast are used in the Campus network it is important to consider how Layer 2 swithces handles Multicast. To avoid Layer 2 switches Broadcasts Multicast traffic use CGMP or IGMP Snooping.

references

  1. http://www.sun.com/servers/blades/products.jsp
Retrieved from "http://mars.merhot.dk/w/index.php?title=CCDA_-_en/Enterprise_LAN_design&oldid=35089"