Chapter 4

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 64

Chapter 4: Network Design and Implementation

Lesson 1: Network design principles and methodologies.

Network design is becoming more complex due to the increasing development in technology and
the different types of traffic added to the network backbone. As a result, it is necessary to have
methodologies, processes, and architectures in place that support network design plans. Overall,
this will support the company’s business goals.

The following issues have resulted in new network architectures:

 The growth in different types of applications

 The evolution of IT, from basic network connectivity to converged intelligent systems

 Increased business expectations from networks

Network Design Principles

When building a network, choosing the network hardware and software components must be
completed with careful design, planning, deployment, and support. These design principles will
be covered in detail in the sections to follow.

Business Policies and Procedures

Today’s modern organizational models try to leverage internetworking power and the benefits of
the global Internet. This modern approach is different in many ways from the traditional
organizational model that was based on a vertical network design.

Traditional companies have a closed structure and a limited ability to integrate with other
organizations and other companies from an IT standpoint, resulting in limited access to
information. These companies are difficult to both partner and interact with because most of the
processes and applications are done internally. Therefore, companies that adopt this model are
unable to adapt and take advantage of new technologies. It is also quite difficult for them to
create and maintain optimal relationships with their stakeholders (e.g., partners, customers, and
investors).

These disadvantages created the need for a new modern networking organizational model based
on a horizontal network design that allows partnership and collaboration with other entities. It
also provides a more focused expertise over the products and services vital to a company’s
business model. The key issue in network design is the ability to share information, both
internally and externally. The Internet offers a way to accomplish this by giving companies
access to unlimited resources that bring value. This makes stakeholder relationships as important
as the actual products or services offered by a company, which is key to the company’s success.

The power of relationships is a key aspect of corporate information sharing and system
integration. The process of building a system that integrates all of the stakeholders is referred to
by Cisco as an ecosystem. The main objective of this CCDA manual is to learn how to design
this ecosystem, whether this is done internally or with external partners, suppliers, vendors, or
customers. The design of an ecosystem must include a scalable and flexible network
infrastructure that will be able to leverage enterprise networking and the Internet. Creating an
environment that is highly accessible and collaborative, and that can break geographical
boundaries, will promote an efficient integration of all the stakeholders.
Figure 2.1 – Modern Organizational Model

The modern organizational model shown in Figure 2.1 above involves the following four
entities:

 Employees

 Customers

 Vendors and suppliers

 Partners

The most important entity is the employees because they are the most important asset of any
company. This consists of human resources information, data about benefits, job openings, stock
reports, schedules, and expense reporting, all of which depend on the corporate Intranet. This
Intranet provides instant access to the most recent information, services, and application updates
used by all the employees.
The most important customer-related aspects of a company are online support, technical support,
and providing different types of customer services. Depending on the situation, customers might
need to access some of the company’s resources, for example, opening a support ticket.

The vendors and suppliers are involved in the process of ordering, billing, and delivery of the
products the company uses. These processes can be very time and labor intensive, so
organizations can leverage their existing internetworks to create links to their suppliers and
vendors. This lowers costs per transaction and is part of an efficient organizational ecosystem.

The fourth component in the organizational model is strategic partners, with which the company
creates strategic relationships in order to leverage their resources and services to complete in-
house expertise and skills.

This modern organizational model applies to small, medium, and large companies and serves all
their current and future business needs. For example, by externalizing certain services, a
company can lower cost structures, allowing the possibility of increasing employees’ salaries. A
company can also benefit from information sharing with its customers through modern means
(e.g., websites, portals, etc.), or from better communication with its employees through the
Intranet. Companies that use this model are also more flexible in the event of rapid market
changes than companies based on the traditional vertical model are.

The modern horizontal organizational design is built around a modular architecture that uses
technology consistent with the needs of the organization. This modular approach also allows
companies to have a network infrastructure that is better suited for scalable applications.

Organizational Architecture of the Network

When discussing the architectural components of the network, the architecture that Cisco
recommends is divided into multiple layers (Figure 2.2) that make the processes in the
organization easier to expand, implement, and scale.
Figure 2.2 – Organizational Architecture of the Network

Each layer has its own specialized functions or tasks within the organizational process.
Applications and services comprise the top layer and include organizational goals. Applications
and services offer a concrete set of functions that can be accessed by the network, but only by
authorized users (e.g., employees, strategic partners, customers, vendors, and suppliers). This
layer also includes productivity tools (e.g., word processing, databases, browsers, e-mail
services, file transfers, and custom tools).

Intelligence solutions, and structured data and business logic comprise the middle layer. These
elements make the modern network much more intelligent and help support applications and
services in an efficient manner. This level also includes functions such as messaging (e.g., chat,
VoIP, video conferencing, etc.), database structures, and other content networking solutions.

The bottom layer is the foundation of the organizational architecture, the network infrastructure.
This is composed of the network platform, the connections that work together to provide a highly
available, secure, and scalable network.

All of these layers are combined and offer a foundation for all the organizational policies, goals,
and procedures that are put in place by management and then handed to other departments in the
company to support the overall goals and mission of the organization.
Some general considerations regarding the organizational model are that it should mirror the
logical structure of the company, it should be consistent with the organizational processes, and it
should get constant input from the stakeholders. In addition, control and access mechanisms
should be implemented so that the model is manageable. The core application should be
implemented first and the other features should be developed around it.

Organizational Policy

Before designing a network, an important aspect must be considered: all organizations have
policies, at one level or another. Even if the procedures are not written, there is some kind of
understanding at the management level about the goals of the organization.

Organizational policy and procedures are generally a collection of specific guidelines and rules
in written form that are understood, implemented, and maintained at every level of the
organization in order to reach well-defined goals. The organizational policy cycle contains the
following three components, or steps:

1. Set the policy

2. Enforce the policy

3. Maintain and change the policy

Note: Company policies dictate what technologies to use. For example, the decision to use a
specific hardware device or network protocol is derived from a specific business need.

Policies are set by the management (e.g., CEO, CIO, board of directors, etc.). The same entities
monitor the implementation of the policies and measure their impact on the organization. Senior
managers might designate to middle managers the ability to hire and fire individuals based on
their willingness or ability to adhere to the organizational policies and procedures. Maintaining
the policy means reevaluating it based on new technologies, business logic, and security needs.
Security is a key area where policies are often changed because new threats arise constantly.

The policy makers include the following, from top to bottom:


 Board of directors, executives (CEO, CIO, CFO, etc.), and senior management

 Departmental management (unit managers, area managers, supervisors, etc.)

 Employees (people with expertise in various fields who can be relied on to formulate the
procedures)

 External consultants

 Strategic partners

After understanding the company’s policies, a network designer must also understand how
information flows through the organization. This is a complex process, and it differs based on the
size of the company and the number of departments involved in a specific task. For example, a
sales order process initiated by a customer will go through the sales, financial, management, and
distribution departments. This process also generates interaction with strategic partners and
suppliers. Every step of this process might be backed up by specific applications that cover
certain tasks. The network designer must understand how these applications affect the underlying
network infrastructure.

Network Infrastructure Essentials

As mentioned before, a flexible network infrastructure helps the organization and its customers
meet the needs, policies, and procedures to help facilitate information flows. Designing that
network infrastructure involves considering the following essential features recommended by
Cisco:

 Availability: Critical business applications need to have complete access to network


resources on a 24/7 basis. All the components of the network infrastructure should be
redundant and resilient.

 Efficiency: The best equipment and software that is tuned for optimal results should be
provided. This should be accomplished with reasonable costs and investment (the most
efficient network at the lowest cost) by implementing features such as Quality of Service
(QoS); Authentication, Authorization, and Accounting (AAA); and filtering.
 Functionality: The network infrastructure must support the business applications and
services in terms of efficiency and availability.

 Manageability: Management tools (CiscoWorks, etc.) should include technologies


(configuration management, performance monitoring, and fault detection) that improve
the control of the network, such as SNMP.

 Performance: The important applications should get all the bandwidth they need. Scalable
and modular hardware should be used, IOS should be properly configured, and special
technologies should be used when needed (QoS, etc.).

 Scalability: This includes the ability to grow and expand with the organizational goals of
the policies and procedures. Scalability studies might be required, for example, in a
situation where company acquisitions are planned.

Cisco Intelligent Information Network

Cisco Intelligent Information Network (CIIN) represents a multi-phased architecture that injects
intelligence into a network infrastructure. Its single integrated system provides intelligence
across multiple layers and aligns the network infrastructure with the rest of the IT infrastructure,
integrating the network with applications, software, servers, and services. In other words, the
network becomes an active participant in the total delivery of applications and services. Cisco
sees this as an evolving environment (i.e., ecosystem) that responds to constantly changing
business requirements.

Cisco IIN features the following capabilities:

 Integrated system: The network is integrated with applications and services.

 Active delivery: The network fully participates in monitoring, management, optimization


of service delivery, and applications.

 Policy enforcement: The network enforces policies that allow it to reach business goals,
link business processes, and establish rules and procedures.
As mentioned, Cisco IIN is an evolutionary approach comprised of the following three phases:

1. Integrated transport: This involves the convergence of data, voice, and video into a single
transport network. An example of this is Cisco’s Unified Communications platform. As
new applications are delivered, there is an infrastructure in place for integrated transport.
Unified messaging is an example of applications where users integrate voice messaging,
e-mail, text, or voice recording.

2. Integrated services: This represents the merger of common components, such as data
center server capacity or storage, virtualization technologies that allow the integration of
servers, and storage and network components. By virtualizing systems with redundant
resources, the network infrastructure can offer services in case the local network fails, in
addition to enhancing disaster recovery and business continuity.

3. Integrated applications: At this level, the network becomes fully application aware and
can proactively optimize application performance by integrating application message
handling, application security, and application optimization. Cisco calls this integrated
application technology Application Oriented Networking (AON).

Service Oriented Network Architecture

Service Oriented Network Architecture (SONA) is an ongoing architectural framework that


supports emerging technologies, IT strategies, and initiatives. SONA is a three-layer model, as
shown below in Figure 2.3.
Figure 2.3 – SONA Three-layer Model

The bottom layer is comprised of the physical infrastructure, which is also referred to as the
network infrastructure layer. This is where the servers, storage, and clients are located and
includes different modular design areas (e.g., WAN, enterprise edge, branch, campus, data center,
and teleworker).

The core common services comprise the middle layer. These are integrated into an interactive
services layer along with the services management and include the following:

 Real-time communications

 Mobility services

 Storage services

 Application delivery
 Management services

 Virtualization technology

 Transport services

The top layer comprises the applications platform, which includes the following:

 Commercial applications

 In-house developed applications

 Software as a Service (SaaS)

 Composite applications

o Product Lifecycle Management (PLM)

o Customer Relationship Management (CRM)

o Enterprise Resource Planning (ERP)

o Human Capital Management (HCM)

o Supply Chain Management (SCM)

o Procurement applications

o Collaboration applications (instant messaging, IP contact center, video delivery,


etc.)

All of these components work together as an architectural framework. The advantages they offer
include the following:

 Functionality

 Supports enterprise operational requirements

 Scalability
 Expansion and growth of the organizational tasks, as it separates the functions into layers
and components

 Facilitates mergers and acquisitions

 Modularity

 Hierarchical design that allows network resources to be added easily during times of
growth

 Availability of services from any location in the enterprise, at any time

The SONA network is built from the ground up with redundancy and resiliency to prevent
network downtime. The goal of SONA is to provide high-performance, fast response times and
throughput by assuring QoS on an application-by-application basis. The SONA network is
configured in order to maximize the throughput of all critical applications, such as voice and
video. SONA also provides built-in manageability, configuration management, performance
monitoring, fault detection, and analysis tools. SONA provides an efficient design with the goal
of reducing the total cost of ownership (TCO) and maximizing the company’s existing
resources when application demands increase.

PPDIOO Lifecycle Model

In addition to knowing the essential features of a flexible network, a network designer should
also follow a methodology that must guide the entire lifecycle of the design process. In this
regard, Cisco developed the PPDIOO model, which is a six-phase model that every network
implementation will go through during its operational lifetime, as follows:

1. Prepare

2. Plan

3. Design

4. Implement

5. Operate
6. Optimize

The PPDIOO lifecycle model (Figure 2.4) and SONA have one common benefit: they both lower
the TCO. In the early phases of the process, technology requirements are evaluated and
validated, which allows for proper planning in response to changes in the infrastructure and
requirements for resources. It also improves network availability by using a solid network
design, and along the way, network operations are validated. In addition, it makes the company
more agile by establishing business requirements and technology strategies and adjusting them
on a regular basis. Finally, it speeds access to applications and services by improving the
following issues:

 Availability

 Scalability

 Performance

 Reliability

 Security
Figure 2.4 – PPDIOO Lifecycle Model

The network’s lifecycle might not go through these six phases in this particular order without
some type of iterative process. For example, after the implementation phase, you might need to
go back to the planning or design phase and make some changes at that level. It can also be an
iterative process where the flowchart can be modified based on changing technologies, budget,
infrastructure, business needs, or business structure. Unplanned actions can happen, especially in
the operation phase. Each phase is covered in detail below:

1. Prepare Phase: The first phase of PPDIOO is the prepare phase. This is where you
establish the company’s requirements and goals. The IT and the network/security
infrastructure must always be in line with the company’s goals and business
requirements. At this stage, a network strategy and high-level architecture to support that
strategy is developed. Possible technologies that can support that architecture must be
identified. A business case must also be established in order to have a financial
justification for the overall network strategy. Representations from the company’s board
of directors (CIO, COO, etc.) might be involved in this phase.

2. Plan Phase: Planning is the most underutilized phase in the PPDIOO process. This
includes identifying the decision- and policy-makers, and determining the fundamental
network requirements (who needs what services and when). The plan phase is where the
entire information gathering process is completed, and the network and security
requirements are identified, as well as identifying the legislation to which the company or
its customers must adhere (SOX, HIPAA, etc.).

o The network security system lifecycle must be analyzed carefully, including the
company’s needs and risk analysis. The security policies, guidelines, and
processes must be evaluated, along with the security system that is in place or
with possible future security system acquisitions, such as the Cisco Adaptive
Security Appliances (ASAs). Planning also includes the study of best practices
and case studies, and then putting into place the security operations, responses,
monitoring, and compliance.The network management processes also must be
considered in this phase because they are closely related with the network
infrastructure. This includes fault management to detect and correct specific
problems; configuration management that helps in establishing a network baseline
and in developing a configuration tracking process (for networking appliances and
devices); accounting management that keeps track of circuits for billing of
services; performance management to monitor the network’s effectiveness in
delivering packets; and security management (AAA – RADIUS/TACACS+
protocols).

In the plan phase, you will characterize the network and perform an analysis against best-practice
architectures, and look at the operational environment overall. A project plan must be created in
order to help manage the tasks, identify the responsible parties or individuals, set the milestones,
and identify the resources needed for the design and implementation of the project. This
generated project plan must be followed through the remaining phases of the PPDIOO lifecycle.

Note: Remember, security is a top-priority consideration in any phase.

3. Design Phase: The next phase involves designing the network according to the
company’s policies, procedures, business goals, and available budget and technologies.
The design phase also might mean meeting with policy-makers, team leaders, and end-
users in the process of gathering and analyzing data, and auditing all key activities.
Results of the design phase are the basis for the approach taken in the next phase, which
involves implementation. The focus of the CCDA blueprint is comprised of the first three
PPDIOO phases – prepare, plan, and design – among which the design phase is the most
complex. As such, the design phase will be covered in more detail later in this chapter
and in the remaining chapters of the manual.

4. Implement Phase: The competitive nature of business, and the rush to market products
and services, forces many organizations to skip the first three phases of the PPDIOO
lifecycle model and start with the implement phase. Many times, those companies
become stuck in this phase because of a lack of planning and design. The implement
phase involves constructing the network infrastructure with the best affordable
technologies based on all the design specifications.

o The implement phase includes configuration, installment, maintenance, and so on.


This is where the new equipment is installed and configured using the command
line interface (CLI) or graphical tools (SDM, ASDM, etc.). Old devices might be
replaced with new devices, or some components might be upgraded (memory,
operating systems, etc.). The project’s plan must be followed during the
implement phase. Planned network changes should occur here, and they should be
communicated through control channels in meetings and receive the appropriate
approvals.Each step in the implement phase should have a description, detailed
implementation guidelines, a time estimate, and instruction steps for falling back
to a previous state in case something goes wrong. It will also combine additional
reference information, from either RFCs, white papers, case studies, or other
Cisco documentation. Any changes implemented here should be tested before
moving on to step 5 – the operate phase.

5. Operate Phase: The operate phase is the final proof that the network design was
implemented properly. Performance monitoring, fault detection, and operational
parameters will be confirmed in this phase. This will also provide the data used for the
final phase.

o This phase involves maintaining the day-to-day operational maintenance and


health of the network infrastructure. This includes managing the network
components, monitoring, conducting analysis and creating reports, routine
maintenance, managing the upgrades of the systems (hardware, software, of
firmware), managing performance, and identifying and correcting any network
faults or security incidences. This final test of the design process involves
analyzing the actual operations of the implemented network system. Network
management stations (NMSs) should monitor network health parameters, through
SNMP traps (and certain thresholds reached) or other real-time monitoring
solutions.

6. Optimize Phase: Optimizing involves proactive and aggressive management and control
over the network. Problems must be identified quickly so that troubleshooting can take
place to assure fault detection. This phase is crucial because it is often followed by
another planning or design session in order to redesign the implementation, which makes
these phases all the more important. Much time and money might be invested into the
optimize phase if some failures occur in the initial planning and design phases.

o Optimization refers to proactive network management, meaning identifying and


resolving issues before they move throughout the entire network. The optimize
phase might also generate a modified network design if too many problems
appear in the implement and operate phases. Sometimes, you might need to go
back to the design phase in order to solve those problems and implement new
solutions.

The goal of this entire process is constant improvement, and the IT Infrastructure Library (ITIL)
might be used as a basis for network design and administration.

The following section will focus on the primary goals of a network designer in detailing the
design phase and analyzing some design methodologies used in PPDIOO.

Note: A seventh phase, referred to as the retirement phase, is activated when equipment needs
to be taken out of production.

A proven method for network design is necessary because it provides consistency in the design
process, it offers a framework from which to work, and it assures the network designer that no
steps will be left out of the process.

Design Phase Methodology

As with the previous phases, the design phase is based on the requirements of the company as
they align with their technical requirements. The goals of the design phase include the following
parameters:

 High availability

 Assures redundancy

 Failover and fallback mechanisms, both at the software and hardware level under
network-enabled devices

 High availability of dynamic routing protocols

 Scalability (the ability to grow the project based on future growth models)

 Security

 Performance models and goals


In this particular phase, the team involved in the design process might request input from
different areas of the company, from security professionals, or from various department leaders.
The gathered information will be compiled, logical and physical diagrams will be created, and
analysis and reports will be generated based on the conclusions. The initiated project plan will be
modified and updated during the design phase. The project plan also should be finalized in this
phase because the next phase is implantation and no more modifications should be made to the
plan during this phase.

Design phase methodology involves the following three steps:

1. Identify network requirements: This is accomplished with the help of the decision-
makers, the stakeholders, or the steering committee. Proposals for the conceptual
architecture must be defined, followed by another prepare phase.

2. Characterize the existing network: The existing network must be assessed in order to
determine necessary infrastructure to meet the requirements previously defined. This step
will define what resources exist and what resources need to be procured to meet the
goals. The network will be assessed based on functionality, performance, and quality.

3. Design network topology and solutions: The network topology is designed to meet all the
business and technical requirements. A detailed design document will be generated in this
phase, based on the project plan. This will include design solutions, such as network
infrastructure, voice over IP (VoIP), content networking, and intelligent network services
(Cisco NetFlow, etc.).

As mentioned earlier, in the design phase, the focus is on the first three phases of the PPDIOO
process: prepare, plan, and design.

Identify Network Requirements

Step one of the design phase is to define the network requirements. This process can be made for
the company or for their customers and consists of the prepare phase of the PPDIOO lifecycle
model.
In this phase, you will identify current and future applications and their importance in the
organization. For example, e-mail is considered a critical system, but different applications have
different priorities in the organization. The applications and services must be analyzed, along
with the data plane traffic (i.e., traffic that moves from client to client or from client to server, not
traffic destined to network devices).

The next step is to examine how the identified network applications and services map to the
organizational goals. The organizational goals must align with the IT infrastructure, and they
must include improving customer support in the case of service providers or improving service
desk support if internal users are served. The objectives that must be analyzed in this phase
include decreasing the costs and increasing competitiveness in a specific field or industry.

Next, the network designer must define the possible constraints in meeting the organizational
goals. These might include the following:

 Budget constraints

 Personnel constraints (the prepare, plan, and design phases might have less resources
allocated to them than the implement and operate phases do)

 Organizational policy constraints

 Security policy constraints, for example, open source solutions may be preferred to
proprietary solutions (EIGRP)

 Need for external contractors and consultants

 Scheduling constraints (timeframe)

Note: Design is one of the most commonly overlooked and unprovisioned areas in network
construction, and this issue might lead to a waste of time and money in the end.

After defining the constraints, the technical goals must be defined. These should be aligned with
the organizational goals, and they typically consist of the hardware and software that will help
meet the organizational goals. The response and throughput of the network should be improved
while decreasing network failures and downtime that affect corporate productivity. Network
management should be simplified so results and analysis can be obtained quicker and more time
can be allocated to incidents and troubleshooting. Network security, availability, and reliability of
mission-critical applications (e.g., e-mail or database) also should be improved. Outdated
technologies should be updated according to a well-defined plan that includes milestones.
Network scalability also should be improved as system evolution and growth is planned.

The technical goals mentioned above might have some constraints, such as a lack of proper
wiring capacity to support all the applications or a lack of bandwidth (i.e., FastEthernet links
instead of GigabitEthernet links). Another constraint would be having legacy equipment that
does not support newer features to meet the organizational and technical goals, or having legacy
applications that cannot be replaced and need to be accommodated within the network
infrastructure.

The following techniques must be mastered in this process:

Scope assessment: The network designer must decide whether to start with a new network
implementation or build upon an existing network infrastructure. With a new implementation,
step two of the design methodology (characterize the existing network) is skipped. Another
important decision is whether to design the entire enterprise network or just a subset of it (e.g.,
specific departments). This concerns the modular network design concept. The technologies used
also must be determined (LAN, WAN, VoIP, security, etc.). The scope assessment technique is
closely related with analyzing the OSI reference model, because it must be determined whether
the scope will cover just the Physical Layer and Layer 3 technologies (addressing, NAT, routing,
etc.) or also the Application Layer.

Gathering the necessary data: The information for the design phase is generally extracted from
certain documents called RFPs (request for proposal) or RFIs (request for information). An RFP
is a more formal document sent to vendors, suppliers, or strategic partners to ask them for
proposals to help meet a company’s organizational needs with their products or services. On the
other hand, the RFI is a more informal document with the purpose of gathering ideas and
information from vendors and partners about a specific project or a specific area of the
implementation. These different proposals and requests are used for different reasons, including
gathering information from existing and potential customers (initial requirements), and following
up by creating draft documentation that will describe the initial design requirements. This
information must be verified with customers, management, and vendors. This data-gathering
process will be revised as necessary as things change within the organization. All the documents
(RFPs, RFIs, customer queries, etc.) can be modified based on the feedback received from the
stakeholders.

Identifying organizational goals: This technique must always precede the process of establishing
the technical goals and means. A network designer must understand what the management
considers a success and a failure. In addition, the customers’ expectations must be determined,
along with the organizational short-term and long-term goals. Most companies want to use IT
and networking tools to lower their expenses, increase their applications and services, and obtain
a competitive advantage. From a business standpoint, the infrastructure must be as flexible and
as reliable as possible.

Common organizational goals for most companies, despite their size, are as follows:

 Utilizing available resources efficiently

 Maximizing profits and revenue

 Reducing development and production cycles

 Increasing competitiveness

 Improving availability of data

 Enhancing interdepartmental communications

 Boosting customer support and customer satisfaction

 Broadening information infrastructure to stakeholders

Identifying organizational limits: This step usually covers the following categories:

 Budget
 People

 Policies

 Time

Unfortunately, network designers are often forced to find the most affordable solution instead of
the optimal technical solution. This means certain things might need to be compromised, such as
scalability, manageability, performance, or availability. The available budget should include all
the purchases, equipment, licenses, and training. The budget should be the final decision, but in
most cases, it is the primary consideration. Network designers must find areas in which they
should make compromises in order to improve the overall goals of a specific project and obtain
an effective solution.

Another limitation concerns available personnel involved in the project and their expertise.
Additional training might be necessary if the available resources are not very technically skilled.
In addition, you should analyze the number of contractors and the level of outsourcing in the
project. For the implementation and the maintenance phase, adequately trained and technical
staff must exist in order to fulfill the organizational goals.

The organizational limits will be dictated by the organizational policies and procedures. This
includes what vendors are being used, what standards are in place (e.g., open standards), policies
about protocols, and different applications.

The last aspect includes the timeframe, particularly the deadlines that must be met. These
organizational limits can make the network designer’s job either easier or more complicated.
This includes how long it will take to deploy applications and train users. This part is taken care
of by the project manager, who must create milestones for the design and implementation
processes.

Identifying applications and services: The next phase in determining the needs of the customer is
finding out what applications and services will be used. After discussions with key decision-
makers, a detailed analysis must be made that will take into consideration the following aspects:
 Application category (e-mail, productivity, database, security, web browsers,
management, etc.)

 Application choices for each category (low, medium, high, or critical)

 The level of importance of the application or service

All of this information can be identified based on a brainstorming session with the stakeholders
or team leaders in order to determine the necessary applications and their level of importance.

Reaching technical goals: This technique involves isolating and reaching the technical goals. The
network designer should be an expert in determining what these goals should be and how to
achieve them under all the limitations of budget, personnel, time, procedures, and policies. A list
of some common technical goals includes the following:

 Maximize performance and productivity

 Enhance security

 Achieve reliability for critical core applications (99.9% for most organizations)

 Reduce downtime

 Update obsolete hardware and software (depending on the budget constraints)

 Boost network scalability (modular solutions)

 Simplify network management

Identifying technical restraints: A successful design engineer must recognize the technical
obstacles and restraints in the organizational design. This usually falls into the following
categories:

 Limitations of existing equipment (updates might be required)

 Availability of bandwidth (mostly related to WAN connections)

 Compatibility of applications (the use of a single vendor might be required)


 Adequacy of trained personnel (more training might be required)

Characterize the Existing Network

Step two in the design phase is to characterize or classify the network. This is where the network
designer will identify the major features and characteristics of the network, as well as define the
tools used to analyze, audit, and monitor network traffic.

Information gathering always occurs in an early phase in any multi-step process, such as in
application development or designing the security model. The information gathering process
consists of the following three steps:

1. Compile all existing information and documentation.

2. Conduct a network audit.

3. Perform traffic analysis.

Information gathering compiles all the existing information in any form, in any existing
documentation. This must happen first to avoid duplicating work, especially work that has
already been done by somebody else.

The second step is conducting a network audit with as much pre-information as possible. The
network audit might need to be performed by a Certified Information System Auditor (CISA).
Network auditing tools should be used, along with the necessary documentation and network
management tools (e.g., CiscoWorks, Tivoli, and so on) that will give information about the
network’s device inventory, configuration, and status.

The audit must give information about the version of the software used, IOS, management
software (e.g., ASDM, SDM, etc.), the configuration on the devices, Layer 1 and Layer 2
information and topology, interface speeds, CPU and memory utilization, WAN types, and VPN
types. Manual auditing of the network devices will involve using a wide variety of “show”
commands on Cisco devices, such as “show tech-support” that will generate a huge report on
individual systems, “show version”, or “show running-config”.
Other tools that might be used in the auditing phase include the following:

 Packet sniffers (e.g., Wireshark)

 SNMP tools

 Network analysis tools, including the following:

o Network Based Application Recognition (NBAR) from Cisco, an IOS tool that
helps identify well-know applications, protocols, and services

o NetFlow, a very popular solution that runs on Cisco and third-party devices that
consists of reporting tools that record information about traffic patterns that cross
devices

A network checklist is useful in the auditing phase. This should include available topology
segments, IP addressing schemes, or WAN connections.

All the tools presented above can be used in the third step of the information gathering phase,
which is performing traffic analysis. In this phase, the designer should discover the following:

 Network response time

 Available bandwidth

 QoS mechanisms used, especially when using VoIP

 Security features implemented, such as segmenting the network using VLANs

Performing traffic analysis might involve a large team that can find the necessary documentation
to cover the mentioned analysis tests.

Network designers are often in a situation where the network infrastructure is already in place,
and the new design will involve only restructuring or upgrading the existing network
implementation. The network designer must review the existing documentation and diagrams
that the customer has about the network, get input from different IT personnel, perform some
kind of network auditing, define and describe the existing topology, and conduct some traffic
analysis.

Five components that describe the network can be defined as follows:

 Layer 3 topology

 Layer 2 topology

 Network services

 Network applications

 Network modules

The first step in the process is to obtain a Layer 3 topology of a network from the existing
documentation or diagrams. The topology example below in Figure 2.5 shows that the core of the
network (backbone) is comprised of high-end routers. Other network areas include the internal
server zone, the network management area, the WAN connection, the PSTN connection, the
Internet connection, and the DMZ (web servers).
Figure 2.5 – Network Components

Important information that can be gathered at Layer 3 includes routing protocols (e.g., EIGRP,
OSPF, etc.) used in the network core or at the edge, the Internet connection capacity, applications
that are accessed through the Internet, and WAN connection type and capacity (e.g., Frame
Relay, ATM, etc.).

The Layer 2 topology map can be a separate map or it can be built by adding elements to the
existing Layer 3 topology. The recommendation is to isolate and document the network areas
based on shared bandwidth capacity (e.g., GigabitEthernet or FastEthernet) and the switches
used at different layers (e.g., Access Layer, Distribution Layer, and Core Layer). Layer 2
technologies also include the WAN connections (e.g., Frame Relay, ATM, etc.) that might
connect the company branch offices.

The next step is to isolate the network services and map them into a separate document as
follows:

 Domain name services: DNS

 Network management services: SNMP, TFTP

 Security services: TACACS, access lists on the routers, IPSec, NAT

 Routed protocols: IP, IPX

 Routing protocols: EIGRP, OSPF

The fourth aspect includes the applications that run on the network, such as the following:

 File sharing applications (FTP)

 Web applications

 E-mail applications

 Instant messaging

 IP Telephony
 Microsoft Exchange

 Multicast applications

Once the Layer 2 and Layer 3 network topology, the network services, and the applications have
been identified, the gathered information must be divided into logical modules in order to obtain
a modular design. Based on the depicted topology in Figure 2.6 below, the following modules
might be of interest:

 Backbone module

 Network management module

 PSTN access module

 Corporate Internet module

 Public access module

 WAN module

 Internal server farm

 LAN (Access Layer) module


Figure 2.6 – Modular Network Map

The next step is identifying the components and proprieties for each network device (e.g., router,
switch, firewall, etc.). This includes the following:

 Device model

 CPU/memory

 Utilization

 IOS version

 Device configuration

 Routing tables

 Interfaces

 Modules/slots
This information can be obtained from the IT staff, or it can be gathered individually by
accessing the network management station and connecting to each network device in the
topology.

Note: The process of gathering configuration and performance information about a specific
network device is also called device auditing. The Cisco solution for network auditing and
monitoring is called CiscoWorks.

A network designer might also need to use network analysis tools in order to find information
about traffic flows, QoS techniques, security information, traffic profiles, and the way certain
applications and protocols use the available traffic. Some of the tools that can be used in this
regard are the Cisco NetFlow analyzer tool or the Wireshark packet capturing tool (sniffer). The
screenshot below (Figure 2.7) is an example of a Wireshark FTP capture session.

Figure 2.7 – FTP Session Packet Capture

The last step in describing the existing network is to combine the created Layer 2 and Layer 3
topology maps with the discovered services and applications, and create a summary report that
can be presented to key decision-makers and policy-makers within the organization. This
document can include the following:

 Number and type of devices

 IOS version used

 Memory capacity and upgrade recommendations

 Discovered points of congestion and recommendations

 Suboptimal paths and recommendations

 Routed and routing protocols and upgrade recommendations

 Survey of applications and services

 Impact assessment (cost, personnel, time, etc.)

Design Networking Topology and Solutions

The third step of the design phase is designing the networking topology and solutions. An
effective approach for this is a structured design (Figure 2.8) that allows you to develop a
complete system with an optimum design at the lowest cost, while meeting all of the following
customer requirements:

 Performance

 Functionality

 Flexibility

 Capacity

 Availability

 Scalability
Figure 2.8 – Design Network and Topology Solutions

The network designer’s goal in this phase should be to develop a systematic approach that takes
into consideration the business’s needs; the organizational goals, policies, and procedures; the
technical goals and constraints; and the existing and future network infrastructure. This includes
physical models, logical models, and functional models.

The best approach in this phase, and the one recommended by Cisco, is the top-down approach,
which is suitable for a medium-sized network to a large enterprise campus design. Using this
approach ensures that you have an overview of the design before focusing on the design details.
This basically means beginning with Layer 7 of the OSI model and then moving down from the
Application Layer to the Presentation, Session, Transport, Network, Data Link, and Physical
Layers.

The network and physical infrastructure should be adapted to the needs of the network
applications and services. In other words, you should not choose your network devices or your
hardware and software technologies until the requirements for the applications are fully analyzed
and met.

The concepts of SONA and IIN should also be incorporated into the design process and
combined with the business’s needs and organizational requirements. This includes considering
issues such as organizational and technical constraints.

The top-down approach is usually a very time-consuming process and a bit more costly, but it is
preferred over bottom-up solutions, where the design is based on previous experience and you
are just looking for a quick fix or solution. The problem with the bottom-up approach is finding
an inappropriate design in the medium- to long-term in which the organizational requirements
and constraints are not included. This could result in process rollbacks at later phases of the
project.

Note: To learn more about the Cisco approach to top-down network design, refer to the
book Top-Down Network Design, 3rd Edition, published by Cisco Press in 2010.

Figure 2.9 below presents an example of the top-down network approach methodology:
Figure 2.9 – Example of the Top-down Approach

The diagram above starts at the top with applications and services, which includes the
Application, Presentation, and Session Layers. Based on the applications’ requirements and
needs, and the way they map to the organizational goals, you will apply a network infrastructure
and services design to meet the application requirements of the organization. This includes the
data, the type of traffic and network services needed, and the type of design that will meet the
needs of those applications.

Once the goals are met, the network should be modularized using a modular approach, including
the core of the network, the data center, the server farm, the branch, the Distribution and Access
Layers, and the Internet connectivity layer. After the network is modularized, you will then apply
the decisions made for infrastructure and services to different modular areas of the network by
dealing with certain segments of the network at a time.

The next step is to take this modular implementation and create logical subdivisions that will be
addressed on a project-by-project basis. From a project management or steering committee
standpoint, these will be logical subprojects. Different subprojects might exist for the following:

 Choosing the technology, acquisition, and provisioning

 Physical topology design (placing design at different layers)

 Addressing design scheme, including NAT solutions

 Routing selection and design

 Quality of Service design (traffic management)

 Security design

 IP Multicast design (for video and audio streaming)

 IPv6 provisioning design

Design Process: Final Steps


The final steps of the design process within PPDIOO include the following:

Plan the network implementation: This step involves a high degree of documentation and
diagramming. A step-by-step procedure must be established for each aspect of the modular
design. This must be well documented and detailed, must describe every step (with references to
the different documents, diagrams, or reports created), and must include a detailed guideline for
implementation. In case of a pitfall or a design failure, the network designer must have a rollback
plan in place. In addition, project managers and other staff members must be consulted to give
them an estimation of the time required for implementation. Tests must be made at every step in
the process and complex procedures must be broken down into smaller pieces, such as when
implementing complex technologies, for example, IP Telephony.

Pilot and prototype testing: The network designer must be sure to verify the design once it is
completed. This can be accomplished with a prototype or a pilot network involving a sample
implementation that helps test the solution. Depending on the solution, some organizations might
implement both the pilot and the prototype testing, or just one of them.

A pilot site is a live location that serves as a test site before the solution is deployed. This is a
real-world approach to discovering problems before you deploy the network design solution to
the rest of the internetwork. A pilot network tests and verifies the design before the network is
implemented or launched. It can also be a subset of the existing network infrastructure where the
design is tested. The pilot test might take place within a particular module or a particular building
or access area before extending the design to other areas.

A prototype is a subset of the full design tested in an isolated environment, unlike the pilot test,
which is implemented in the production network. The benefit of using a prototype is that it
allows the full testing of the network design before it is deployed, without having any negative
effects on the production network. A prototype test is often used before applying a redesign to an
existing network.

Note: Pilot networks are used when building a network from scratch and prototypes are used in
redesign situations.
The results of the pilot or prototype tests will be documented in a proof of concept section in the
final design document.

A prototype is most often preferable because, generally, some kind of infrastructure already
exists and this makes the network designer’s job much easier. Like in other phases, the
customer’s needs and requirements must always be at the top of the priority list. Prototype or
pilot network implementation has two possible results: it is either successful or it fails the design
goals. If the prototype does not meet all the objectives, it is a failure. A success means it has
proved the concept of the actual network design, including the planning, preparation, and design
phases, which will allow it to move into the implementation phase. Sometimes a success in this
step concludes the network designer’s job, who must then hand over the project to the personnel
or outside consultants handling the implementation of the hardware and software solutions.

A failure in this phase does not mean the entire project failed. It simply means some corrections
must be made to the actual design, after which a prototype test must be repeated until it is
considered a success. Any failures that occur during the testing phase allow you to go back to the
iterative process and correct either the planning, preparation, or design aspects and repeat the
pilot/prototype tests to correct any weakness that might have a negative effect in the
implementation process.

Fully document the design: The design document is the final document that will be created, and
it is a complementary document to the planning document. The design document should include
the following components:

 Introduction (description of project goals)

 Design requirements, including organizational and technical constraints

 Existing network infrastructure (logical Layer 3 topology diagram, physical topology


diagram, audit and analysis results, routing protocols, applications and services summary,
device list, configuration, and description of any identified issues)

 Design section (specific design information, logical topology design, physical topology
design, IPv4 and IPv6 design, routing protocols, and security configurations)
 Proof of concept (the conclusion of the pilot/prototype testing phase)

 Implementation plan (useful in the next phase of the PPDIOO process, presenting the
steps that must be followed by the implementation team in order to implement the new
system or the network upgrade successfully)

 Appendix (white paper, case studies, additional information, and configuration)

An example of a design document structure is presented below:

1. Introduction

2. Requirements for the Design

3. Existing Infrastructure

o Layer 1 Topology

o Layer 2 Topology

o Layer 3 Topology

o Audit Results

o Recommendations

4. Intelligence Services

o Applications

o Services

o Analysis

o Recommendations

5. Solution Design

o Design Summary

o Design Details
o Implementation Details

o Recommendations

6. Prototype Network

o Prototype Details

o Prototype Results

o Recommendations

7. Implementation Plan

This document might be cross-referenced with other documents used during the design process
in order to describe fully the proposed solution.

In summary, the design steps presented below can be structured as an eight-step methodology:

1. Recognize customer needs

2. Describe the existing network

3. Design networking and topology solutions

4. Plan the network implementation

5. Construct a prototype network

6. Fully document the design

7. Implement the design

8. Verify, monitor, and modify as needed

From a technical standpoint, in the eight-step design methodology (Figure 2.10), step six (fully
document the design) and step seven (implement the design) represent the separation between
the network designers and the network engineers that take care of the implementation. In the
CCDA context, only the first six steps are of interest to network designers. Steps seven
(implement the design) and eight (verify, monitor, and modify as needed) should be of interest to
implementation engineers.

Figure 2.10 – Eight-Step Design Methodology

Designing Network Management

After the implementation phase, each network needs to be maintained at proper parameters by
monitoring and management tools and processes. This section will cover the basic techniques
used to deploy solid network management solutions.

Network Management Essentials

Simple Network Management Protocol

The network management system is usually based on the Simple Network Management Protocol
(SNMP), which is a TCP/IP Application Layer protocol that uses IP within UDP. SNMP is used
to share management information between network devices, usually between a management
workstation and routers, switches, or other devices, as illustrated in Figure 2.11 below.
Figure 2.11 – Network Management Using SNMP

SNMP has evolved over the years and has now reached version 3 (SNMPv3). Network designers
should demand that every environment uses SNMPv3, instead of the older unsecured SNMP
versions 1 and 2, because of the advanced security features it provides. SNMP is used by
network administrators and engineers to accomplish the following:

 Control network performance

 Troubleshoot

 Plan scalable enterprise solutions and intelligent services

SNMP accesses detailed information in Management Information Bases (MIBs) and it uses
SNMP agents. The MIB is an object-oriented hierarchical database system stored locally on the
network device. An example of a MIB entry is 1.3.6.1.2.1.2.2.1.20.0, with 1 being the root of the
MIB tree and 0 being the final leaf.
The SNMP agent is used to send and receive information from the device to the Network
Management Station (NMS), and vice versa. In order to do that, different types of SNMP
messages are used. The NMS will run some kind of network management software (e.g.,
CiscoWorks) that retrieves and displays the SNMP information in a Graphical User Interface
(GUI) format. The displayed information is used for controlling, troubleshooting, and planning.

Another SNMP concept is represented by community strings, which is the access control
method. A community is a password that controls what group of people has access to certain
information on the device.

The managed device contains the SNMP agent and the MIB that stores all the information.
Different types of messages are used in order to get information from the NMS to/from the
managed device (i.e., the monitored device), as shown below in Figure 2.12.

Figure 2.12 – SNMP Messages


The first message is called the Get Request. This is sent to the managed device when the NMS
wants to get a specific MIB variable from the SNMP agent that runs on that device. The Get
Next Request information is used to return the next object in the list after the Get Request
message returns a value. The Get Bulk message works only in SNMPv3 environments, and it can
be used to retrieve a large chunk of data (e.g., an entire table), reducing the need to have to use
many Get Request and Get Next Request messages. This in turn reduces the overhead on
bandwidth utilization on the link.

The Set Request message is sent by the NMS and is used to set a MIB variable on the agent. The
Get Response message is the response from the SNMP agent to the NMS Get Request, Get Next
Request, or Get Bulk messages.

A Trap is used by the SNMP agent to transmit unsolicited alarms to the NMS when certain
conditions occur (e.g., device failures, state changes, or parameter modifications). Different
thresholds can be configured on the managed device for different parameters (e.g., disk space,
CPU utilization, memory utilization, or bandwidth utilization), and Traps are sent when the
defined thresholds are reached. SNMPv3 introduced another message called the Inform Request.
This is similar to a Trap message and is what a managed device will send to the NMS as an
acknowledgement to other messages.

Note: SNMPv3 is defined by the following RFCs: RFC 2571, RFC 2572, RFC 2573, RFC
2574, and RFC 2575.

SNMPv3 provides the following security levels:

 NoAuthNoPriv: No authentication and no privacy mechanisms

 AuthNoPriv: Authentication (MD5, SHA) but no privacy mechanisms

 AuthPriv: The highest level of security; uses authentication (MD5, SHA) and privacy
(DES)

Remote Network Monitoring


Remote Network Monitoring (RMON) is actually a management information base that allows
you to monitor LAN traffic in the network environment proactively. It tracks individual data
packets, and the number and size of those packets, as well as broadcast packets, network
utilization, errors, and statistics.

RMON agents run on various network devices, such as routers, switches, or servers. If you do
not want to run RMON on those specific devices because of the overhead, you can configure
special RMON workstations as probes on specific network segments. RMON offers the
possibility to diagnose faults within the LAN, which allows network tuning and planning for
growth and utilization.

RMON is implemented in two versions, RMON 1 and RMON 2. RMON 2 is the most recent
version and it offers more functionalities. RMON 1 operates only at the Physical and Data Link
Layers, so it must be used only to probe, tune, plan, and search for faults on hubs (at the Physical
Layer) and switches (at the Data Link Layer). RMON 2 provides much more functionality and
can be used for Network Layer (Layer 3) applications, as well as for Layers 4 through 7. RMON
2 can also monitor database servers, exchange servers, e-mail, and web traffic.

Note: RMON is documented in RFC 1757.

NetFlow

A better solution to RMON in a Cisco environment is to use the proprietary solution called
NetFlow. NetFlow is a monitoring and measurement technology that is superior to a simple
SNMP/RMON solution, providing much more detail on the data that passes through a specific
interface. NetFlow scales to a large number of interfaces and this makes it a great enterprise
solution.

NetFlow is also a great solution for service providers because it supports customer service
programs, and uses popular data warehousing and data mining solutions that are critical for
competitive vendor offerings (e.g., flexible accounting and billing that can consider application
usage, the time of day, the bandwidth utilization, or QoS elements). NetFlow is also a great tool
for network scalability planning and overall analysis, as it can help lower the organization’s
TCO.

The NetFlow management architecture (Figure 2.13) consists of the following components:

 NetFlow data export service

 NetFlow flow collector service

 NetFlow data analysis

Figure 2.13 – NetFlow Management Architecture

Data export service is at the top of the three-tier NetFlow architecture. This is where the data
warehousing and data mining solutions occur. It captures the accounting statistics for traffic on
the networking devices and it uses UDP to export data. This is a three-part process, which
includes the following:

 Data switching

 Data export

 Data aggregation

The data is then exported to the second tier, the NetFlow flow collector service. At this level,
using servers and workstations, you can complete actions such as data collection, data filtering,
aggregation, data storage, and file system management using existing or third-party file systems.
Network data analysis is at the lowest tier, at the Access Layer. At this level, you can use network
planning tools, overall network analysis tools, and accounting and billing tools, and you can
export data to various database systems or Excel spreadsheets.

Cisco Discovery Protocol

Cisco Discovery Protocol (CDP) is a proprietary Cisco protocol that operates at Layer 2 (Data
Link) between Cisco devices. Its main job is to summarize information it discovers about
directly connected routers, switches, or other Cisco devices. The Cisco devices themselves do
not forward any CDP frames to their other neighbors because their role is to share device
information only between directly connected devices.

CDP is media and protocol independent, and it operates with TCP/IP, IPX, or AppleTalk. It can
also run across different media types, such as LANs, ATM, and Frame Relay networks. Running
CDP on external Internet connections is not recommended due to security issues (i.e., you should
not expose information about your devices to outside users). In addition, it should not be
configured on links going to non-Cisco devices because it is unnecessary.

Running the “show cdp neighbor” command on a device will give CDP-related information such
as the following:

 MAC address of the directly connected neighbor

 Local interface connecting to that particular neighbor

 Information about the device type (router, switch, or other)

 Device platform/mode

 Port numbers

FCAPS Network Management Model

This section discusses the International Organization for Standardization (ISO) network
management model, called FCAPS, which represents the following:

 Fault management
 Configuration management

 Accounting management

 Performance management

 Security management

Fault Management

The first functional area of the FCAPS model is fault management. This area deals with error
conditions that can cause administrators and users to lose functionality, resulting in not being
able to use certain network resources. This is a key area for network management.

Fault management activities include finding abnormal network operations, and isolating and
correcting the faults that occur. This is accomplished in the following five steps:

1. Detect the problem.

2. Diagnose the fault.

3. Bypass and recover.

4. Resolve the situation.

5. Track and manage the problem.

The two main components of fault management (Figure 2.14) are as follows:

 The event generators (devices that generate the events, such as routers, switches, access
servers, hosts, etc.)

 Event collectors (devices that receive SNMP/Syslog messages from the event
generators); event collectors, also called event management systems (EMSs), can be
third-party servers or CiscoWorks machines
Figure 2.14 – Fault Management

The events sent from the event generators to the event collectors can be one of the following:

 State events, sent when a network device changes its state (a link goes down due to a
configuration change, changes in the routing protocols, etc.)

 Performance events (disk space usage, link errors thresholds, high CPU utilization, etc.).

Once the event generator produces events, they are collected and processed by the EMS
(CiscoWorks). This follows a five-step process outlined below:

1. Event collection

2. Event normalization (normalizing Syslog events based on their timestamps)

3. Event filtering (ignoring low priority events)

4. Event correlation

5. Event reporting (in a text or GUI format)

Configuration Management

The configuration management area of FCAPS is the process of collecting different information
on the network, driving consistency throughout all the network devices, tracking changes in the
network, and ensuring network documentation is up to date (e.g., from Cisco.com or other
standardization organizations), using the most recent versions.

The configuration management process also includes tracking and storing software versioning of
all the network devices, and making sure the most recently updated IOS and the most recent
software builds are used for all of the systems. It also allows the availability of improving all the
devices, with the overall goal of configuration management to lower the time and cost overhead.
For example, by building an efficient configuration management system within CiscoWorks, you
can lower the TCO of the network infrastructure because fewer administrators will be required to
work on those specific tasks.

Configuration management includes activities such as documentation, configuring control


settings in the Cisco IOS, object mapping (ensuring objects are properly managed and
associated), overall data collection for configuration information (configuration files on a server
that can be downloaded via TFTP) and change configuration, and ensuring the TCO is lowered
by being able to track all the network devices’ configuration changes. These activities are then
stored in a database or presented in a GUI format within CiscoWorks.

CiscoWorks ensures that the organization complies with the newest standards by keeping up with
the software versioning and updates, ensuring standard IP addressing and naming convention
(DNS) schemes are used, and ensuring that an efficient DHCP process is in place. In addition, by
using CiscoWorks, you can ensure that the organization uses standard configurations that are
compatible with other companies and that configuration upgrades are in place. Moreover, a step-
by-step procedure should exist for making configuration changes on the network devices. This
can be accomplished using CiscoWorks templates to make the process easier.

Accounting Management

The accounting management area usually uses AAA services. There are a few different
approaches regarding accounting management, for example, intra-organization management or
inter-organization management.
If the AAA services are implemented within the company, you need to make sure people are who
they claim to be when they try to access an object or do something on a device. Then you must
authorize what they can do with those objects or devices. After that, you must account for what
activities they engage in, sometimes for billing purposes.

Account management helps manage resources between the individuals in the company, security
groups, different departments, and business entities to track expenditures, for example, or for
security auditing. It can also be used for helping departments stick to their budgets and ensuring
that everyone has enough resources for their types of networking activities (e.g., IP Telephony,
multimedia applications, or video-conferencing). The overall goal of accounting is to measure
and regulate network utilization. As mentioned, the accounting process will have a different
purpose when used inside the company than when used between companies (e.g., an ISP
scenario).

An ISP would use the accounting management aspect to offer flexible billing plans to their
customers and to track the usage of network resources on a customer-by-customer basis. This
allows network administrators to retrieve, display, and create bills for their customers.

IP accounting is based on the source or destination IP addresses, or on the IP precedence value in


the IP header, when using QoS technologies in order to attain granularity. Other aspects of IP
accounting include the data type, the number or size of the packets, MAC addresses, and
violations to access control list settings using event logging.

The accounting management process is typically carried out with a RADIUS or TACACS+
server, especially for the authentication and authorization parts. The NetFlow solution mentioned
earlier also provides powerful accounting services with its NetFlow collector, accounting, and
billing applications.

An example of using the accounting management solution would be within a VPN remote access
module on the enterprise edge to account for and to audit the company dial-up connections and
the sessions on the WAN and ISDN links.

Performance Management
The performance management area is usually managed by a system administrator or by a
network administrator/engineer. Nevertheless, the network designer should ensure that the
organization has performance management techniques in place so that overall management
guidelines are followed.

The goal of performance management is to keep the network uncongested 24/7, with all the
devices accessible. Another goal is to reduce overhead and downtime (a recommended target to
achieve is 99.9% network uptime). An important part of performance management is to provide
service-level management (SLM) or service-level agreements (SLAs) established with the
customers. This is a proven methodology to ensure that you can deliver the promised services to
the organization, to individual departments, to business services, and to customers (in the case of
ISPs).

Part of performance management is to identify trends in network operations, such as the usage of
bandwidth, application usage, and other support services and intelligent services, as well as
performing a “what-if” analysis. This means finding the optimal level of operations for the
company. Another step in this process is creating baselines of activity within the organization
with the help of system engineers, as a point of reference in order to analyze deviations from
normal network behavior (e.g., peak activity for bandwidth and applications). This aspect is
related to a concept called exception management, which creates a baseline of activity
(thresholds of normal activity) and figures out when exceptions (violations of the thresholds) will
occur and what those exceptions will be (e.g., peak CPU utilization or exhaustion of other
resources).

Performance management also includes QoS management. This is important, especially for an
ISP that offers solutions such as IP Telephony, multicasting, or video-conferencing. The
implemented QoS techniques should be managed, including the way packets are prioritized as
they travel through the network. This includes concepts such as Committed Access Rate (CAR)
or Class Based Weighted Fair Queuing (CBWFQ), using queuing mechanisms to achieve QoS.

When a violation in performance is detected, the network staff must be able to fix that particular
issue as quickly as possible and with little impact on the users in the organization.
Security Management

The last area of FCAPS is security management. The goal of security management is to ensure
that you have access control to network resources, and you can prevent intentional or accidental
changes to a particular object or device and unauthorized access to sensitive corporate
information.

Some of the protocols and tools that can be used within security management on the routers,
switches, and other devices include the following:

 Telnet and SSH for connecting to the devices (SSH is preferred due to its encryption
abilities)

 SNMP for management and monitoring of the device parameters (SNMPv3 is preferred
due to its authentication and privacy features)

 HTTP and HTTPS for web access to the device

 RADIUS and TACACS+ for authentication and authorization

 AAA

More information about assessing the security within the network design will be presented in
Chapter 8.

SLA Resources

Many companies, vendors, and service providers must provide service-level contracts (SLCs) to
their partners or customers. A service-level agreement (SLA) is a component of the overall
service level contract.

The SLC designates connectivity and the performance level that the service provider guarantees
to its customesr and the organization guarantees to its end-users. The SLA defines specific
parameters and performance measurements between devices (e.g., routers, servers, workstations,
or other equipment).
The main resource regarding Cisco SLA concepts is the Cisco SLA
portal www.cisco.com/go/saa, where the following white papers containing information about
implementing SLCs can be found:

 Service-Level Management: Best Practices

 Deploying Service-Level Management in an Enterprise

 Service-Level Management: Defining and Monitoring Service Levels in the Enterprise

Summary

Network design includes the following features:

 Availability

 Efficiency

 Functionality

 Manageability

 Performance

 Scalability

The Cisco Intelligent Information Network (IIN) is a complete architecture that consists of the
following phases:

 Integrated transport: Voice, data, and video converged into a single transport

 Integrated services: Services such as VoIP or storage networking that rely on the
underlying network transport mechanism

 Integrated applications: Applications (e.g., Cisco IP Communicator) leverage services


(e.g., VoIP) that rely on network transport

The Cisco architectural approach to designing an IIN is the SONA framework, which contains
the following layers:
 Network infrastructure layer

 Infrastructure services layer

 Application layer

SONA offers the following benefits to network design:

 Functionality

 Scalability

 Availability

 Performance

 Manageability

 Efficiency

Cisco categorizes the network lifecycle into six phases identified within the PPDIOO concept.
The components of PPDIOO are as follows:

This phase involves determining the network’s requirements, formulating


1. Prepare a network strategy, and suggesting a conceptual architecture of the
network.

This phase compares the existing network with the proposed network to
2. Plan help identify tasks, responsibilities, milestones, and resources required to
implement the design.

3. Design This phase clearly articulates the detailed design requirements.

4. Implement This phase integrates equipment into the existing network (without
disrupting the existing network) to meet design requirements.

This phase entails the day-to-day network operation, while responding to


5. Operate
any issues that arise.

This phase gathers feedback from the Operate phase, potentially to make
6. Optimize adjustments in the existing network. Changes might be implemented to
address ongoing network support issues.

PPDIOO’s lifecycle approach offers the following benefits:

 Reduces total cost of ownership (TCO)

 Improves network availability

 Allows business networks to respond quickly to changing needs

 Accelerates access to network applications and services

Designing a network in conjunction with the PPDIOO approach involves the following steps:

1. Identify customer requirements: To identify customer requirements, the following


information must be obtained:

 Network applications

 Network services

 Business goals

 Constraints imposed by the customer

 Technical goals
 Constraints imposed by technical limitations

2. Characterize the existing network: To identify characteristics of the current network, the
following tasks must be completed:

 Collect existing network documentation (with the understanding that the documentation
might be somewhat dated and unreliable) and interview organizational representatives to
uncover information not available in the documentation.

 Conduct a network audit to identify information such as network traffic types, congestion
points, and suboptimal routes.

 Supplement the information collected in the two previous tasks by performing a network
traffic analysis with tools such as Cisco Discovery Protocol (CDP), Network Based
Application Recognition (NBAR), NetFlow, Network General Sniffer, Wireshark, or
Remote Monitoring (RMON) probes.

3. Design the network topology: Using information collected in steps one and two, network
design can be completed. Although designing a network can be a daunting task, Cisco’s
recommended top-down design approach assists the network designer by breaking down
the design process into smaller and more manageable steps. The term top-down refers to
beginning at the top of the OSI reference model (i.e., the Application Layer) and working
your way down through the underlying layers.

Using a top-down design strategy, as opposed to a bottom-up design strategy (i.e., where the
design begins at the Physical Layer of the OSI model and works its way up), provides the
following benefits:

 Does a better job of including specific customer requirements


 Offers a more clearly articulated “big picture” of the desired network for both the
customer and the network designer

 Lays the foundation for a network that not only meets existing design requirements but
also provides for scalability to meet future network enhancements

When using the OSI reference model in the top-down design approach, the network designer
should determine what design decisions, if any, are required for each of the seven layers. For
example, when considering the Application Layer, the network designer might determine that
voice applications such as the Cisco IP Contact Center and the Cisco Unity converged messaging
system are applications needed for the design.

Network Layer design decisions might include the selection of a routing protocol (e.g., Enhanced
Interior Gateway Routing Protocol [EIGRP] or Open Shortest Path First Protocol [OSPF]). In
addition, when analyzing the Network Layer, the network designer might need to determine an
appropriate IP addressing scheme for the network (e.g., the use of private versus public IP
addresses and subnet masks to be used) to provide for future network scalability.

Physical Layer and Data Link Layer design decisions might involve the selection of LAN/WAN
technologies (e.g., GigabitEthernet, FastEthernet, Frame Relay, ATM, or PPP) to provide media
transport.

With the multitude of design decisions required in larger networks, network designers often
benefit from network design tools such as the following:

 Network modeling tools: Generates suggested configurations based on input information,


which can then be further customized (e.g., adding redundancy or support for additional
sites)

 Strategic analysis tools: Enables a network designer to experiment with various “what-if”
scenarios and observe resulting network effects

 Decision tables: Records design decisions based on network requirements


 Simulation and verification tools/services: Verifies design decisions in a simulated
environment to reduce the need to implement a pilot network

Even with the availability of simulation tools, some network designs still benefit from building a
small prototype network to serve as a proof of concept. An alternative to prototype networks,
which are usually implemented in an isolated environment, is building a pilot network, within a
specific network module.

After the implementation phase, each network must be maintained at proper parameters by
monitoring and management tools and processes. Basic techniques related to network
management include:

 SNMP

 RMON

 NetFlow

 CDP

FCAPS is an ISO network management model that comprises the following elements:

 Fault management

 Configuration management

 Accounting management

 Performance management

 Security management

Lesson 2: Network cabling and physical infrastructure.

In order to connect different physical devices, we need cables. Similarly, when designing a
network connectivity for a building, we need to select the most suitable type of cable depending
on the location, operation environment, distance and other factors. Let us first start by exploring
the most common types of cables used in cabling infrastructure and they are:

1. Unshielded Twisted Pair (UTP)

2. Shielded Twisted Pair (STP)

3. Fiber Optics

Unshielded Twisted Pair (UTP)

UTP cables are the most common cables used in both horizontal cabling and backbone cabling in
office, homes and indoor areas where there is no signal interference. The most popular types of
UTP are Cat 5e and Cat 6/a.

Pro tip: When deploying either Cat 5e or Cat 6/a, you should keep in mind, that depending on the
standards followed by your organisation, you shall use all cables from the same brand in order
to avoid degrading the performance.

Shielded Twisted Pair (STP)

STP cables are made up of a conducting foil encasing the twisted pair. The shielding layer is
used to block the electromagnetic interferences that is emitted from near by devices. Hence,
STPs are mainly used in an outdoor environment. One of their advantage is the fact that they are
enable to transmit data at a faster rate in comparison to UTP in areas where signal interference is
present.

Important notes to consider when deploying STP

 Should be properly grounded otherwise the noise cancelling feature is greatly


compromised.

 Both end of the connection shall use STP, otherwise the performance is significantly
degraded.

UTP Vs. STP


There are few difference between STP and UTP that would govern the choice of the cable you
decide to deploy in your network and they are:

 If noise is generated from power lines, radar systems or other high power electromagnetic
signals causes imbalance in the current flowing which interfere with the signal, in this
case, it is recommend that you select STP over UTP.

 STP is larger in size compared to UTP.

 STP is more expansive than UTP.

 STP is more fragile than UTP.

Fibre Optics

There are two main types of fiber optics cables that are widely used in network infrastructure
today, namely the Single-mode and Multi-mode. The difference between Single-mode and Multi-
mode fiber patch cables are:

 Single-mode fiber patch cables: Suitable for long distance transmitting and mainly used
for connections over large areas. Single-mode fiber cables have a higher bandwidth in
comparison to the Multi-mode cables which delivers twice the throughput.

 Multi-mode fiber patch cables: Suitable for transmitting data and voice signals over
shorter distance. Their main usage is designated for audio and visual applications in
LAN. They have higher throughput than the single-mode but can transmit over a shorter
distances.

Network Configuration Definition

Network configuration focuses on managing a network and its devices by applying the right set
of policies, controls, and configurations. It encompasses activities from device discovery to
configuration backups for efficient network administration.

What are the types of network configuration?


Network administrators maintain a well-organized information repository of the network devices
with details, such as device location or network address and device settings, as part of
configuration management. This configuration database works as a guiding source for admins
while making updates and changes in the network.

Generally, network topologies denote various types of network configuration. Network


topology refers to the systematic arrangement of nodes or devices in a network that allows them
to exchange information.

Network topologies are of two types—physical and logical. Physical topology depicts the
linkages between physical devices via cables, wires, etc., in a network. In contrast, logical
topology denotes how information is transferred through a network. The way devices interact in
a network is also a part of the logical topology.

Some of the popular physical network topologies are as follows:

o Bus: Every node or device in the network is connected in a linear order with a
unidirectional data flow. Bus topology is cost-effective, but it can break down quickly
when there’s high network traffic.

o Ring: Nodes are connected circularly, while data can flow in one or both directions as per
needs. Ring networks are easy to set up and expand, but troubleshooting is often
challenging.

o Star: A central server or node manages all other nodes with point-to-point
communication. Star topology is commonly used in local area networks because of
benefits such as centralized control, better security, and easy configuration. However, the
entire network can crumble if the central server fails.

o Mesh: Nodes are linked in a web-like structure with point-to-point connections with
every other node in the network. Data transmits through routing (shortest-path approach)
and flooding methods (broadcast approach). Mesh networks are highly reliable but
expensive to set up and maintain.
o Tree: Nodes are interconnected in hierarchical order with at least three levels. Tree
network is an extension of star topology and is used in wide area networks (WANs).

o Hybrid: Hybrid combines two or more topologies. Organizations looking for flexibility
in their IT infrastructure prefer hybrid networks.

Network configuration key areas

Device discovery and management: Configuration management discovers devices in your


network and stores their critical details such as port configuration and interface details in a
network inventory. Having up-to-date inventory also helps you generate reports quickly using
filters such as device type, device vendor, and device location. Centralized inventory makes
management easy.

Configuration backup and restore: A network disaster can happen at any time, so an
organization should regularly take network backups to stay future-ready. Regular backups allow
you to quickly recover from unexpected scenarios such as equipment failure by uploading the
most stable versions of your device settings.

Change management: Maintaining accurate change records helps you identify the network
engineers behind a particular configuration modification in your network. While this doesn’t
necessarily reduce network problems, it can accelerate the error resolution process.
Standardization of change management practices, a crucial part of configuration management,
ensures modifications across the network are well documented, prompt, and traceable.

Policy management and compliance audits: Before making configuration changes, network
administrators must formulate robust network policies to demonstrate compliance with various
security standards such as PCI DSS and DISA STIG. Network security policy creation and
regular compliance audits of device settings are vital in configuration management.

Network automation: Automation of network administration tasks such as device backups,


firmware updates, and access rights modification is among the configuration management best
practices. This boosts your network teams’ productivity in addition to eliminating repetitive tasks
and human errors.

Why is it important to back up network configurations?

Network device backups using automation tools help you quickly roll back to the previous stable
configurations in scenarios like equipment failure, human errors, and power loss. With regular
backups, you can drastically cut down on network downtime or business interruptions during
peak hours. Further, you can avoid configuring network devices from scratch after a recent
failure using backup files or archived data. Likewise, keeping track of all the configuration
changes becomes simpler with data backups, allowing you to solve network errors at the user end
quickly.

How to automate configuration management using software

Manual configuration management activities are often error-prone, slow, and costly. Automation
tools can streamline network management operations by allowing your network teams to execute
multiple tasks from a single interface. Automation tools can also strengthen your overall network
security by restricting unauthorized access to sensitive configuration files or data through access
control.

Outlined below are some ways to automate configuration management activities:

o Robust network assessment: Automation tools can perform device discovery to


populate your network inventory with crucial device details like IP address, serial
number, etc. This saves your IT staff from hours of manual work compiling and storing
device information. Storing critical device data such as end-of-life information allows
your network administrators to identify and replace damaged devices quickly, helping
avoid costly network downtime. Ultimately, such tools streamline network assessment
activities with bulk data collection, analysis, reporting, and visualization.

o Easy configuration backup and restoration: Network configuration backup means


safely storing critical network device information, so you can quickly recover from
network failure or disaster with minimum service disruption. With network backup
software, instead of visiting network devices individually to save their most recent
configurations or settings, you can schedule automated backups for all of them. You can
also organize backups in the archive by applying filters such as device type and quickly
restore them in case of interruptions. Such tools provide timely alerts for failed backup
schedules, allowing you to fix errors rapidly.

o Real-time configuration change alerts for improved security: The frequency of


configuration changes across dynamic networks is often high. Continuous monitoring of
such changes is crucial to minimize their impact on other systems or processes. With
network automation tools, you can receive real-time alerts or notifications of every
change in your network with details such as change time, persons involved, etc. Real-
time monitoring also ensures every corrective action taken complies to your internal and
external policies.

o Baseline configuration and drift management: A baseline configuration is the most


optimal setting of a device. Applying baseline configurations to network devices helps
ensure they run without performance issues. Network automation tools simplify baseline
configuration management by allowing administrators to set up, view, and compare
baseline configurations with the current configuration of devices. This makes tracking
new changes in device settings and reversing unauthorized alterations simpler. Admins
can also compare running and startup configurations to identify unsaved changes.

o Network vulnerability detection: Network automation tools can scan firmware


vulnerabilities in your network devices and subsequently fix them via upgrades. For
example, you can detect common vulnerabilities and exposures (CVEs) in iOS and Cisco
network devices and rectify them via patches and updates using automation tools.

Lesson 3: Configuring and managing network devices.

You might also like