1 / 23

Goals

Goals. Design an IP addressing scheme Design the internal routing model Design the Internet connectivity model. (Skill 1). Designing an IP Addressing Scheme. IP addressing scheme One of most important aspects of network design Influenced by several factors

chika
Download Presentation

Goals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Goals • Design an IP addressing scheme • Design the internal routing model • Design the Internet connectivity model

  2. (Skill 1) Designing an IP Addressing Scheme • IP addressing scheme • One of most important aspects of network design • Influenced by several factors • Use of public or private IP addresses • Number of physical locations • Number of hosts per physical location • Total number of hosts in all locations • Estimated broadcast traffic at each physical location • IP summarization

  3. (Skill 1) Designing an IP Addressing Scheme (2) • Public IP addressing • Requires lease of a block of valid public IP addresses capable of supporting all hosts on internal network • Advantages • Direct access to Internet for all internal hosts • Reduced complexity • Disadvantages • Cost • Possible reduction of security

  4. (Skill 1) Designing an IP Addressing Scheme (3) • Private IP addressing • Can use any valid private IP address block • Advantages • Does not need a block of public IP addresses • Direct Internet access is not available to client (increases security and makes firewall configuration easier) • Disadvantage • Must use Network Address Translation (NAT) device to connect clients to Internet

  5. (Skill 1) Designing an IP Addressing Scheme (4) • Number of physical locations provides a base from which to figure the number of subnets required • Number of hosts per physical location and total number of hosts in entire network • Number of hosts not equivalent to number of users • Hosts also include workstations, servers, router ports, managed network devices, SMNP-enabled devices, and network printers • Total number of hosts helps you determine the number of private network addresses required • Number of hosts per physical location helps determine how many subnets are needed in that physical location

  6. (Skill 1) Figure 6-1 Calculating a base number of required subnets

  7. (Skill 1) Figure 6-2 Summarization example

  8. (Skill 2) Designing the Internal Routing Model • Designing internal routing model • Major component of network design • Major steps • Designing the topology • Specifying the routing protocol configuration

  9. (Skill 2) Designing the Internal Routing Model (2) • Designing the topology • Primarily concerned with meeting certain goals of the organization • Reliability • Redundancy • Performance

  10. (Skill 2) Designing the Internal Routing Model (3) • Specifying the routing protocol configuration • Each routing protocol has its own idiosyncrasies • Supported protocols • Routing Information Protocol (RIP) • Open Shortest Path First (OSPF) protocol

  11. (Skill 2) Designing the Internal Routing Model (4) • Routing Information Protocol (RIP) • Simple, easy to enable and configure, but not very secure or efficient • Improving efficiency • Modifying default timers • Enabling Silent RIP on all interfaces that do not contain other RIP routers (keeps RIP from advertising to systems on that subnet) • Defining neighbors (disables RIP broadcasting, sends updates by unicast which is more efficient, and improves security)

  12. (Skill 2) Designing the Internal Routing Model (5) • Open Shortest Path First (OSPF) protocol • More efficient • Routing design is more important and complex than with RIP • Primary component: area designations, used to reduce processor and memory use on router • Keep OSPF areas limited to under 100 routers, or significantly less if area is very active (links unstable, SPF computations common, many paths in network)

  13. (Skill 2) Figure 6-4 A large network in a single OSPF area

  14. (Skill 3) Designing the Internet Connectivity Model • Designing an Internet connectivity model • Primary concerns • Access method • Security • Access methods • Direct connectivity model • Network address translation (NAT) model

  15. (Skill 3) Designing the Internet Connectivity Model (2) • Direct connectivity model • Uses a public IP address for all hosts allowed Internet access • Advantages • Reduced packet manipulation, which can improve perceived performance • Internal hosts can easily publish resources to external clients (can also be a disadvantage) • Disadvantage: Firewall configuration much more critical and time consuming

  16. (Skill 3) Designing the Internet Connectivity Model (3) • Network address translation (NAT) model • Uses a private IP address for all internal hosts and a NAT device to translate the private IP addresses into public IP addresses for Internet access • Advantages • General increase in basic security • Includes optimization characteristics that can improve perceived speed of access • Disadvantages • Slight decrease in performance • Higher cost

  17. (Skill 3) Designing the Internet Connectivity Model (4) • Methods of firewall deployment • Single firewall, no DMZ • Single firewall, with DMZ • Dual firewall, with DMZ

  18. (Skill 3) Designing the Internet Connectivity Model (5) • Single firewall, no DMZ • Advantage • Requires fewer firewall ports • Disadvantages • Requires significant firewall configuration if you have publicly accessible servers • May impact internal production network

  19. (Skill 3) Figure 6-6 A single firewall design with no DMZ

  20. (Skill 3) Designing the Internet Connectivity Model (6) • Single firewall, with DMZ • Preferable to single firewall without DMZ if you have publicly accessible servers • Segregates traffic to external resources • Advantages • Provides for slightly enhanced security • Does not impact internal network • Minimal cost; fairly easy to configure • Disadvantages • Relies on single firewall (easier to hack)

  21. (Skill 3) Figure 6-7 A single firewall design with a DMZ

  22. (Skill 3) Designing the Internet Connectivity Model (7) • Dual firewall, with DMZ • Advantages • Provides two points of security • Using products from two different vendors makes it more difficult for an unauthorized user to hack • Disadvantages • Most expensive of three methods • Requires higher level of administrative overhead

  23. (Skill 3) Figure 6-8 A dual firewall design with a DMZ

More Related