460 likes | 1.25k Views
Prototyping the Campus Network. Designing and Supporting Computer Networks – Chapter 7. Objectives. Describe the purpose for and procedures to build a prototype of the network design Create test plans to perform simulated or prototype test of important design elements
E N D
Prototyping the Campus Network Designing and Supporting Computer Networks – Chapter 7
Objectives • Describe the purpose for and procedures to build a prototype of the network design • Create test plans to perform simulated or prototype test of important design elements • Perform proof-of-concept tests on LAN design elements • Identify risks and weaknesses in the design based on the proof-of-concept test conclusions
7.1.1 Purpose of a Prototype and Pilot Testing • Two ways to TEST a network • Prototype network: are separate from the existing network • Pilot network: using a portion of an existing network to test a new functionality or capability • Can experience real-world network traffic • Network response can be tested in unplanned and unpredictable situations
7.1.2 Creating a Test Plan • Create a test plan before beginning the testing process • Create a test plan document containing descriptions of the design and topology, test procedures, and anticipated results
7.1.3 Verifying the Design Meets Goals and Requirements Methods to verify a design meets the identified business criteria: • Prototyping—demonstrates the network design meets the business goals and technical requirements • Assures that they selected the functions that align with the business goals • Basic connectivity tests—achieved when the network is operational and devices are sending and receiving data • Show cdp neighbors • Show arp
7.1.3 Verifying the Design Meets Goals and Requirements Methods to verify a design meets the identified business criteria: • Functionality testing—determine the types of tests that are run on the network • Choosing a Testing Method
7.1.4 Validating LAN Technologies & Devices Tools and methods used to validate that the design is working as anticipated: • Cisco IOS commands • IP utilities and tools • Protocol analyzers • Network simulation tools
7.1.5 Test the Redundancy and Resiliency of the network • Overcoming device and link failures • Redundant links • Load balancing • Networking Staff needs to introduce link failures in the topology and observe the amount of disruption in network service • How long does it take for the network to resume normal functionality??
7.1.6 Identify Risks or Weaknesses in the Design • Prototypes and simulations can be used to identify risks and weaknesses inherent in the network • Add a switch to the server block connecting the server farm to each core switch • Provide a redundant firewall router connecting to a second ISP, the core switches and the DMZ
7.1.6 Identify Risks or Weaknesses in the Design • Single points of failure - In areas where there is either limited or no redundancy to provide connectivity, there is a risk that a single device or link failure can impact the entire area. • Large failure domains - If a single point of failure such as a non-redundant Internet connection, can adversely affect a large portion of the network, the risk that such a failure will have a major impact on the business increases. • Possible bottlenecks - Some areas may be vulnerable to congestion if traffic volumes increase, creating a risk that response time will seriously degrade. • Limited scalability - Areas or devices can present scalability problems if the network grows faster than anticipated. The lack of scalability can require a network redesign or costly upgrade. • Existing staff capabilities - Prototypes sometimes indicate that the network configurations are too complex for the existing staff to support and troubleshoot. In cases like this, a risk exists until staff receives the appropriate training or a new support strategy is in place.
7.1.6 Identify Risks or Weaknesses in the Design • What is missing from this configuration on the switch?? • The default gateway
7.2.1 Identify Goals and Requirements Met by Lan Design • Testing new design—determine how to test various elements • Determining what needs to be tested—which network functions need to be included in the prototype test • Conversion from a flat network to a modular three-layer hierarchy • Creation of separate VLANs and IP subnets to support the different types of traffic and classes of users • Implementation of redundant topology • Configuration of ACLS
7.2.2 Creating the Test Plan • List test outcomes that support business goals • Provide a checklist of success criteria • As a component of every test, document the operation
7.2.3 Validating the Choice of Devices and Topologies • Develop methodologies for comparing devices and topologies • Demonstrate differences between flat and hierarchical topologies when link failures occur • Modular hierarchical design permits • Access Layer modules to be added without affecting existing users • Easier to provide redundant links to ensure higher availability
7.2.4 Validating the Choice of routing Protocol • Stadium network will use EIGRP • Proprietary, but they are only using Cisco devices • It is easy to use • Scales well • Load balances across the R3 to R1 and R3 to R2 Links
7.2.5 Validating the IP Addressing Scheme • Apply and test an appropriate addressing scheme using a simulation tool • This will help determine if the addressing structure enables efficient routesummarizationandcan support the necessary scalability • Configure the simulated network with the same number of networking devices as the planned network
7.2.6 Identify Risks and Weaknesses Compare and analyze risks or weaknesses associated with choosing LAN devices, topologies, and addressing: • Lack of redundancy at the access layer of the network • Single ISP for Internet connectivity • Limited bandwidth areas to the WAN AND the internet • Limited fiber connectivity from the wiring closet
7.3.1 Identifying Server Farm Goals and Requirements • Identify the business goals and technical requirements supporting server relocation to a data center including a server farm. • Requirements for nearly 100% uptime and availability can be better accomplished if the servers are located in a central data center
7.3.2 Creating the Test Plan • What needs to be tested?? • Build a Prototype network
7.3.2 Creating the Test Plan • Test the Prototype network • Basic connectivity tests to ensure network is configured correctly • Create a Network Baseline • Record baseline measurements of the prototype network • Test results are compared to this baseline to see how the test conditions increase processor use or decrease available bandwidth
7.3.3 Validating Device & Topology Selection • LAN simulation with specific protocols • RSTP • converges faster • Rapid connection following failure of a switch or Port • Allows the switch port to transition directly to the forwarding state when recovering from a failure • Per VLAN Rapid Spanning Tree +
7.3.3 Validating Device & Topology Selection RSTP defines the following port roles: • Root--A forwarding port elected for every non-root switch that gives the least-cost path to the root switch. • Designated--A forwarding port elected for every switched LAN segment based on the best bridge protocol data unit (BPDU). This port is the least-cost path to the root switch from the LAN segment. • Alternate--An alternate path to the root switch for a non-root switch that is different from the path that the root port takes. This port is blocked for forwarding traffic. • Backup--A backup path that provides a redundant, but less desirable, connection to a segment to which another port on the non-root switch already connects. This port is blocked. (Backup ports can only exist where two ports are connected together in a loopback by a point-to-point link or bridge with two or more connections to a shared LAN segment.) • Disabled--A port that has no role within the operation of spanning tree.
7.3.4 Validating the Security Plan Prototype the server farm, validating security and availability: • Availability requirements—redundant links, RSTP for layer 2 and EIGRP for layer 3 • Multilayer security—Access Layer, employing port security • Firewall—software provided • ACL design—test both the design and the placement
7.3.5 Verify Design Meets Business Goals • What does the number 10 represent in this code? • The identifier of the VLAN that is associated with the encapsulated subinterface
7.3.5 Verify Design Meets Business Goals • The users on the 192.168.10.192 network are not allowed Internet access. The network design calls for an extended ACL to be developed and tested. Where should the ACL be placed for the least effect on other network traffic? • Inbound on FA0/1 of R3 • Remember extended ACLs are placed as close to the source as possible.
7.3.6 Identify Risks and Weaknesses • Compare/analyze risks or weaknesses associated with choosing server farm devices, topologies, and addressing • Identified weaknesses: • ACL at Distribution Layer prevent unauthorized traffic from entering the server farm but not effective at filtering the traffic within the VLANs • Recommendations: • Supports server farm and data center growth • Use Multilayer switches at Access Layer to provide more flexibility in separating and filtering traffic from users outside the data center
Summary • The decision to create a prototype or pilot network depends on the type of testing required and the potential disruption to the existing network. • Before beginning any testing, a test plan should be developed. • Prototypes and simulations can be used to identify risks and areas of weakness in the network design.