Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Technology Workbook
Exam 200-310
www.ipspecialist.net
CCDA Workbook
Document Control
Table of Contents
Hierarchy ...................................................................................................................... 51
Summarization .............................................................................................................51
Design Consideration for Effective IP Address Scheme ...............................................52
Subnetting ....................................................................................................................53
Network Address Translation (NAT) .........................................................................53
Routing Protocol Scalability Considerations.................................................................57
Number of Peers ..........................................................................................................57
Convergence Requirements........................................................................................58
Summarization Boundaries and Techniques ............................................................58
Number of Routing Entries.........................................................................................59
Impact of Routing Table of Performance ..................................................................59
Size of the Flooding Domain ......................................................................................59
Topology....................................................................................................................... 59
Routing Protocols Overview...........................................................................................59
Static Routing ..............................................................................................................59
Dynamic Routing Protocols .......................................................................................60
Interior Gateway Protocol ..............................................................................................62
Distance Vector Routing Protocol .............................................................................62
Link-State Routing Protocol .......................................................................................63
Exterior Gateway protocol ..............................................................................................65
Routing Protocol for the Enterprise ..............................................................................66
Open Shortest Path First (OSPF) ...............................................................................67
Enhanced Interior Gateway Routing Protocol (EIGRP) ...........................................68
Border Gateway Protocol............................................................................................69
Interior Border Gateway Protocol (iBGP) Peering....................................................69
Exterior Border Gateway Protocol (eBGP) Peering ..................................................69
Designing a Routing Protocol Deployment ..................................................................70
Routing in Campus core .............................................................................................70
Routing in Distribution Layer ....................................................................................70
Routing in Enterprise Edge Functional Area .............................................................71
Routing in Remote Access and VPN ...........................................................................71
Advanced Routing Strategies ..........................................................................................71
Route Redistribution....................................................................................................71
Route Filtering .............................................................................................................74
Route Summarization .................................................................................................74
Important Routing Design Considerations ...............................................................75
Summary .......................................................................................................................... 75
Chapter 4: Enterprise Network Design..............................................................................76
Basic Campus Network Design.......................................................................................77
Campus Network Design Consideration ...................................................................77
Design Campus Infrastructure Module .....................................................................85
Campus Access Layer Design Consideration ............................................................86
Campus Distribution Layer Design Consideration...................................................93
First Hop Redundancy Protocols (FHRP) .................................................................94
Layer 2/Layer 3 demarcation ......................................................................................95
Virtual Switching System............................................................................................95
Campus Core Layer Design Considerations..............................................................96
Edge Distribution at the campus core .......................................................................96
Cisco Certifications
Cisco Systems, Inc. specializes in networking and communications products and
services. A leader in global technology, the company is best known for its business
routing and switching products that direct data, voice, and video traffic across
networks worldwide.
Figure 1. Cisco Certifications Skill Matrix. Copyright 2013 by Cisco and/or its affiliates.
Cisco certifications are a de facto standard in networking industry, which helps you
boost your career in the following ways:
1. Gets your foot in the door by launching your IT careerBoosts your confidence
level
2. Proves knowledge which helps improve employment opportunities
The Designing for Cisco Internetwork Solutions (DESGN) exam (200-310) is a 75-
minute assessment with 55–65 questions that are associated with the Cisco CCDA®
Design certification. This exam requires a foundation or apprentice knowledge of
network design for Cisco enterprise network architectures. CCDA- certified
professionals can design routed and switched network infrastructures and services
involving LAN/WAN technologies for SMB or basic enterprise campus and branch
networks.
The following topics are general guidelines for the content that are likely to be
included on the exam:
Complete list of topics covered in the CCDA exam can be downloaded here:
https://learningcontent.cisco.com/cln_storage/text/cln/marketing/exam-topics/200-
301-desgn.pdf
IPSpecialist provides full support to the candidates in order for them to pass the exam.
Prior to registration, decide which exam to take, note the exam name and number. For
complete exam details, refer to the “Current Exam List” from the Cisco website.
The following points should be considered for a successful business driven design:
Business Growth. You need to consider the network usage requirement both for
temporary and permanent growth. Network usage has become very dynamic and
difficult to predict due to the rise of different type of devices and access medium used.
Network management and monitoring tools are your best friends in defining the
baseline traffic/network utilization and predicting the future growth.
Modularity. A modular design breaks the entire network into smaller blocks. Each
block components can be easily added or removed without affecting other parts. It
also helps during implementation and troubleshooting of complex networks. With the
expansion of network, new modules can be added to meet the business needs.
“Keep it Simple”. The design should be simple and logical with easily- identifiable
traffic flows. A simple design helps in quickly responding to changes in network
requirements.
Year Event
OSI (Open Systems Interconnect) is the first with international backing, and
1984
support from the International Standards Organization as an official standard
U.S. Internet protocols (TCP/IP) get a major boost when the National Science
foundation forms the NSFNET, linking five supercomputer centers at Princeton
1985
University, Pittsburgh, University of California at San Diego, University of
Illinois at Urbana-Champaign, and Cornell University.
At the end of 1996, the 36 million Web users surpassed the 30 million or so on
1996 France’s Minitel, until now the most popular online system. By decade’s end,
the Web will hit 360 million.
In the UK, on March 31st 2000, home ADSL – asymmetric digital subscriber line
was launched by Telewest. Goldsmith Road in Gillingham, Kent, is the first
2000
street to receive the technology. In 2002, there were fewer than 200,000
broadband users, but just four years later, there were around 13 million.
Online file sharing and personal cloud content management service for
businesses were launched by Box. By 2006, Amazon Web Services introduces its
2005
cloud storage service and gains widespread recognition as the storage supplier
to emerging services such as Dropbox and Pinterest.
Broadband speeds were made faster, reaching 100Mbps easily through Fiber-
2011 optic broadband and new DOCSIS standards. Thus, creating the need for better
routers to match the broadband speed.
The new Wi-Fi standard 802.11ac launches, offering faster speed (over 2Gbps)
2014 compared to 450Mbps of the previous 802.11n standard. Along with this comes
better signal coverage. 802.11ac was ratified in 2014.
Sally would like to transmit a message to Alia. Application layer of both sides need to
communicate with each other, however, the date must pass all the other layers to
successfully present it to Alia. Control information from each layer is added to the
data before it passes to lower layers. This control information is necessary to allow the
data to go through the network properly. Thus, the data at each layer is encapsulated
or wrapped in the information appropriate for that layer.
1. Application (e.g Outlook) running on the source device creates data (email).
This happens at the Application layer.
3. At the Session layer it appends the Session ID. At this point the information
is still one block of data.
4. Next, data goes down to the Transport layer. The Transport layer breaks the
data into blocks of data, which we call, Segments. Each Segment also gets
the Port number to identify which upper layer application needs to receive the
data on the destination device.
5. The Segment is then passed to the Network layer. The Network layer takes the
Segment, which includes the Port number, and appends the source and
destination IP address. At that point the Segment becomes a Packet.
6. The Packet is then passed to the Data Link layer where the source and
destination MAC address and the CRC is added. It is now converted to Frame.
7. The Frame then is sent to the physical device where it is translated into signal,
whether it’s electrical, radio wave, and light. We call it Bits. Signals are
prepared by Network Interface Card (NIC), which are then sent to the
transmission medium.
8. The destination device receives series of bits and interprets them as a Frame. It
then examines the MAC addresses and CRC. It removes MAC addresses and the
CRC, and passes the data up to the Network layer. At this point the IP
addresses within the packet are examined. Packet is forwarded up to the
Transport layer where the Segment is then examined. The Port number is
looked at and the Segment gets forwarded up the to the appropriate application
specified by the Port number. At this point the Session ID is used, any
encryption may be removed, and the data in its original form is presented to
the application that needs to interpret it.
While OSI is a seven-layered standard, TCP/IP is four- layered. The growth and
development of the TCP/IP standard has been largely influenced by OSI model. Much
of the terminologies used in OSI can be applied to TCP/IP.
Network interface (Layer 1): Deals with all physical components of network
connectivity between the network and the IP protocol
Internet (Layer 2): Allows the movement of data between two network devices
over a routed network
Host-to-host (Layer 3): Manages the flow of traffic between two hosts or
devices, ensuring that data arrives at the application on the host for which it is
targeted
There are two separate protocols in TCP/IP: Transmission Control Protocol (TCP) and
Internet Protocol (IP).
The Internet Protocol (IP) standard guides the detailed coordination of packets
sent out over the network. It directs the destination of the packets as well as
the how packets will get there. IP has a method that lets any computer on the
Internet forward a packet to another computer that is one or more intervals
closer to the packet's recipient. It is like a letter delivered from US to Australia
passes through different hops and check posts before reaching destination.
The Transmission Control Protocol (TCP) is ensures that data is transmitted
across Internet-connected networks TCP checks packets for errors and submits
requests for re-transmissions if any are found.
TCP Handshake
A three-way-handshake is a method used in a TCP/IP network to create a connection
between a local host/client and server. It is a three-step method that requires both the
client and server to exchange SYN and ACK (acknowledgment) packets before actual
data communication begins.
Enterprise Architecture
The enterprise network design requirements of current customers have changed a lot
for the last 15 years. The applications have become complex in nature with business
demanding 100% availability of the applications. Some of the applications that have
become integral part of consumer are:
E-mail. A business without email service would be hard to imagine nowadays. With
the introduction of digital certificates, emails have been already considered as
authentic as a person signing on a paper. On a daily basis, millions of emails are
exchanged among users and is considered as the primary medium authentic
communication channel.
E-Commerce. A large number of businesses now has a website that allows Internet
users to buy their goods or services, which translates to 40% of worldwide internet
users having bought products online. This number means that more than 1 billion
online buyers and is projected to continuously grow.
E-Banking. Also known as Internet Banking, refers to the banking services provided
by the banks over the internet. Some of these services include 24/7 access to bills
payment, funds transfer, viewing of account statement, and loans.
The campus network, as defined for the purposes of the enterprise design guides,
consists of the integrated elements with set of services used by a group of users and
end-station devices that all share the same infrastructure. These include the packet-
transport services (both wired and wireless), traffic identification and control (security
and application optimization), traffic monitoring and management, and overall
Return on Investment (ROI). ROI is the performance measure used to evaluate the
efficiency of an investment. The investment proposed to deploy a certain
infrastructure should be justifiable to management and the design proposal should
clearly state the benefits of this architecture in reducing cost and improve efficiency of
the company.
Applications. With time, applications and software servicing the needs of the
customers are becoming complex and hungry of resources. The network should be
capable in supporting the growing need of applications.
Here are some key concepts that you should address when creating a reliable and
versatile network design. The network should be:
Plan Phase
This phase involves developing an architectural strategy, transformational road map,
and designs.
Assessment
This helps determine the IT and network infrastructure’s compliance to best practices
and policies and/or readiness to support a new technology, application, architecture,
or solution, in order to:
Reduce deployment costs and adoption delays
Improve the ability of the operation team to support the new technology
Budget more effectively through accurate identification of incremental
investment requirements
Cisco Smart Services takes companies from architectural vision to business solutions.
Smart Services is a simple four-step process that helps organizations enable
architectures, a high-performing network, and business solutions. These steps include:
1. Align Business and IT Strategy – envision IT architecture
2. Improve Operational Efficiency – optimize infrastructure
3. Increase Business Agility – enable architectures
4. Drive Business Innovation – implement solutions
Design
Design Services creates flexible, resilient, scalable architectural foundation to support
business solutions by developing IT and network infrastructure designs of
applications, operations processes, and network management. They:
Improve network infrastructure performance, security, and scalability
Accelerate adoption of new technologies and improve return on investment
Reduce expensive and time-consuming redesign
Strengthen the proficiency of your deployment team and operations team
Build Phase
Build phase validate, implement, and migrate new solutions and applications.
Validation
Validation Services confirm that solutions meet the requirements for availability,
security, reliability, and performance through assessment and issue resolution in a lab
environment before implementation in the production network.
This helps:
Mitigate risks associated with updating the production network
Accelerate time to market and solution adoption
Reduce costly delays, risks, and rework
Improve availability
Deployment
Deployment Services helps deploy new IT and network solutions or applications.
These services achieve:
Reduced delays, rework, and other problems during implementation
Decreased production network disruption during deployment
Business and technical goals of the new solution
Migration
Migration Services controls costs, improve operational excellence, and mitigate risk
during device, network, and software refreshes. With a systematic, holistic, efficient
approach to upgrading the network infrastructure, the following are met:
More effective budget for network operations costs
Reduced system outages and support issues
Accelerated time to revenue through faster deployment and cutover time
when migrating
Reduced operating expenses
New capabilities with potentially lower total cost of ownership
Manage Phase
Manage Phase optimizes infrastructure, applications, and service management.
Operations Management
These services are geared towards network simplification and in lowering the total
cost of network ownership. Operations Management Services also allows faster
adaptation of advanced technologies without losing visibility and control. These
services:
Solve problems faster and manages risk and growth in your network more
effectively
Pre-empt incidents and reduce the effects of those that cannot be prevented
Accelerate adoption of advanced technologies
Enable a higher quality end-user experience
Product Support
Product Support Services helps increase operational efficiency, lower support costs,
and improve availability risk management through automated network-equipment
inventory management and award-winning support. With these services, companies
achieve:
More effective risk management and planning for equipment upgrades, and
compliance with corporate policies
Identification and resolution of issues and reduction of downtime
Streamlined contract management and faster access to support resources
Solution Support
Solution Support Services increases solution uptime and employee productivity
through priority access to dedicated and focused resources to manage, troubleshoot,
and speed resolution of issues that might arise within complex, multivendor solutions.
They supplement product-level technical support to:
Quickly isolate and resolve issues that may arise within the solution
Improve the performance of IT and network operations
Increase the availability of the applications supported within the solution
Optimization
Optimization Services helps optimize network and IT infrastructure, applications, and
service management. They identify gaps, deliver recommendations, and provide
expert support in order to:
Improve the performance, availability, resiliency, and visibility of your
network and IT services
Prepare the network and IT infrastructure for change and more effectively
manage change
Increase your team’s self-sufficiency
Reduce operating costs and improve return on your investments
Mitigate risks that can compromise the privacy and security of data
time of an e-commerce website can cost millions of dollars of loss. This also damages
company reputation and credibility in the market. Consider a top airlines website is
down for couple of hours can really ruin their business.
Design Approach
One of the core principal of network design is to take a top-to-bottom approach. With
this approach, the process starts with identifying the technology needed and then
design it from top-down. The application layer is the starting point followed by
subsequent layers to facilitate the service enablement.
Bottom-up approach starts from the physical layer then moving up to incorporate
switches, routers, firewalls, and etc. in the design. The design could be quicker to
implement but it may miss some organizational requirements.
The design should always be evaluated to meet the business requirements especially
that there is a difference in approach between the IT/technical team and the
management. For example, IT will look forward to virtualization and consolidation
technologies as it will ease the management and quick fault isolation while
management will look at it from cost saving and quick service provisioning with lesser
time to market.
Design Considerations
The network designer should keep the following design considerations:
Scalability. Network modular and scalable must meet the future needs of business.
Scalable network designs can grow support new applications without impacting the
level of service.
Availability. Network should be reliable and available 24/7. The availability
requirements of a customer vary depending the nature of the business (i.e. an e-
commerce website should be available at all times while a guest complimentary Wi-Fi
system unavailability may not make significant impact on business).
Security. Security of network systems is not an optional item anymore. With the
increased use of cloud applications, mobile devices, and BYOD have changed the
security landscape completely. Planning the location of security devices, filters, and
firewall features is critical to safeguarding network resources.
Manageability. Network should be easy to manage and operate. Network
management tools improve operational efficiency, performance monitoring, and
troubleshooting. A network that is too complex or difficult to maintain cannot
function effectively and efficiently.
A focused and detailed business requirements analysis can help avoid problems like
these. This is the process of discovering, analyzing, defining, and documenting the
requirements that are related to a specific business objective. And it's the process by
which you clearly and precisely define the scope of the project, so that you can assess
the timescales and resources needed to complete it.
This list provides you simple steps to identify customer business requirements:
1. Identify Key Stakeholders
2. Capture Stakeholder Requirements
a. Interviews
b. Workshops
c. One to one meetings
3. Categorize Requirements
a. Functional Requirements – define how a network should function from
the end-user's perspective. They describe the features and functions with
which the end-user will interact directly.
b. Operational Requirements –define operations that must be carried out in
the background to keep the network functional over a period of time.
c. Technical Requirements – define the technical issues that must be
considered to successfully implement the process or create the network
design. Example of technical requirements are,
IPSpecialist.net 26 1 August 2017
CCDA Workbook
i. High availability
ii. Quality of Service (QoS)
iii. Security
iv. Scalability
d. Transitional Requirements – the steps needed to implement the new
product or process smoothly.
4. Document the requirements and get customer sign-off
The key to a successful analysis is identifying what the new system will do for all
appropriate end-users/stakeholders – and to understand what they expect to achieve
from the project. You can use various techniques to gather requirements, but make
sure those requirements are clear, concise, and related to the business.
Once you complete your analysis, record it in a written document. This becomes the
official customer requirement document (CRD) for designing the solution of your
client.
You arranged a couple of workshops with the customer and extracted the following
information:
Customer Information
Customer runs a large Chinese restaurant in the centre of the city for the last 10 years. The
restaurant is quiet famous in the area due to quality food.
Business Requirement
Customer is willing to provide free Wi-Fi service to its customer, which is expected to:
-Increase customer foot traffic
-Increase customer stickiness
-Attract new customer
-Help differentiate from competitors
-Meet customer expectations
Functional Requirements
-On boarding to the Wi-Fi network should be as simple as possible
-A landing page with restaurant promotions should be displayed on first time login
-Solution should deploy the minimum possible on-premises equipment
-As it’s a complimentary service: high availability is not a requirement at this stage
-Customers should be able to play HD videos over the network
-Solution should be able to cater up 50 concurrent users
Technical Requirements
-802.11 ac standard will be used for high throughput
-Cloud based solution will be deployed to avoid any on premise backend equipment
requirement
-Open SSID with a redirection to landing page will be used for simplicity purpose
-Each user will be allocated 2Mbps internet bandwidth
-100 Mbps DSL link will be ordered from the local ISP
Note: Above scenario only demonstrates few requirements as an example. With the full analysis
you should be able to produce the final design.
Price. It is one of the important factors when designing your network. Customers like
designs that use the latest technologies, which are scalable to support future
requirements. However, you will find budget constraints and market competition that
might hold you in proposing such design.
Timelines. Time can also affect your design decision. People opt for cloud services
and virtualization technologies as they provide scalability and quick provision of
resources.
Site Constraints. You need to consider the site conditions to make a design decision.
For example, you need to consider whether a remote site where the only option of
connectivity is microwave or fibre infrastructure will still be available after six months.
In highly humid or hot areas, industrial equipment must be proposed in your design.
Resources. One of the major concerns of an organization is the after sales support
services or operations. One of the reasons Cisco has been successfully penetrating in
all type of customers is because of exceptional after sales support services.
Network Reliability
Consider a scenario where you are willing to send an Apple iPhone 7 from London to
New York to your sister. You have two options:
Option 1: Next day- delivery via a fast courier but does not guarantee if the item
in the package is damaged while transportation.
Option 2: Next week- delivery by local post office with your items covered via
insurance in case of loss of damage. It also sends an email/SMS confirmation to
customer once the item has reached the destination.
UDP is also a protocol used in message transport or transfer. This is not connection-
based, which means that one program can send a load of packets to another and that
would be the end of the relationship. UDP is suitable for applications that need fast,
efficient transmission, such as games& VoIP. UDP's stateless nature is also useful for
servers that answer small queries from huge numbers of clients. UDP performance will
be very poor in an unreliable network.
Network Availability
Availability is the percentage of time, in a specific time interval, during which a
network is used for the purpose that it was originally designed and built for. The
formula most commonly used to calculate this is:
Network Availibility
Network Modularity
Modularity in your network design is often a life- saver. In a modular network,
different modules can be added and/or removed without impacting the other parts of
the network (although this may not be the case in all scenarios). Modularity also plays
a key role when you are scaling your network. The network can be divided into
different functional areas where fault or expansion of a function will not lead to the
redesign of the complete network.
Network Manageability
The ISO network management model's five functional areas are:
Fault Management—Detect, isolate, notify, and correct faults encountered in
the network.
Configuration Management—Configuration aspects of network devices such as
configuration file management, inventory management, and software
management.
Performance Management—Monitor and measure various aspects of
performance so that overall performance can be maintained at an acceptable
level.
Security Management—Provide access to network devices and corporate
resources to authorized individuals.
Accounting Management—Usage information of network resources.
These functional areas should be carefully considered during the design cycle. A
robust model needs to be in place for end-to-end network management. It is
commonly seen that the network management efforts increase with the growth of the
network. However, if you have taken the modular and hierarchal design approach, it
will reduce the overall efforts to manage the network.
Case Study
In this case study, we will learn how a network designer engages with the customer to
collect requirements and propose a solution.
Customer Scenario
Your customer is a government hospital that provides different health care services in
the local area. It has recently deployed a new CRM application to be accessed by
remote users/doctors. Customer is looking for a solution to provide secure access to
remote users.
You are working for an integrator as a network designer. You manager has asked you
to engage with the customer and propose a best-fit solution.
After conducting a couple of workshops with the technical and business users, you
have extracted the following information.
Technical Requirements
SSL web VPN with AES will be used for remote access.
One firewall will be deployed capable of supporting high availability in future.
Existing internet termination gateway is end of life. This firewall will replace
the existing gateway and provide additional capabilities of IPS, NGFW, and Malware
Protection.
Current Internet bandwidth is 25 Mbps.
Existing gateway polices to be replicated to the new appliance.
Now you have clear customer requirements and you are in a position to propose
solution. You have to submit a formal proposal to the customer. A typical proposal
table of contents are listed below. This is just a basic sample and the contents can vary
based on the scope.
1. Executive Summary
This is a short section in your proposal that summarizes the content in order for
readers to rapidly become acquainted with a large body of material without having to
read it all.
2. Customer Requirements
List all the business, functional, and technical requirements of the customer.
3. Proposed Solution
Describe your technical solution and how it meets the customer requirements. It
should include:
a. Technical Solution
b. High Level Diagram
c. Solution Benefits
d. Bill of Material(BOM)
4. Project Plan
5. Customer Pre-requisites& Exclusions
6. Conclusion
7. Appendix
a. Datasheets
b. Customer References
c. Service Level Agreement(SLA)
Summary
In this chapter you have learned the basics of network design. Enterprise architecture
demands for reliability, scalability, and availability at all times due to critical nature of
business applications. Network designers should always follow the top- down
approach starting from the application layer and moving down to physical layer of OSI
model. Business requirements and goals should be well understood to design a
successful network. The Cisco Lifecycle Services portfolio includes a broad range of
services that can helps increase the network’s business value and return on
investment. In the design, you should take into account the different factors like price,
timelines, location and resources constraints while meeting customer expectations.
Network reliability, modularity, manageability and reliability are the basic building
blocks of any network design.
Network Modularity
Network Hierarchy
Network Scalability
Network Resiliency
Network Fault Domains
In creating a reliable and versatile network design, the network should be:
• Self-healing—Always available
Network design should facilitate the continuous availability by providing
redundancy and resiliency at the component and link level. Resiliency is based
on the capacity to enhance physical resiliency as well as how interconnections
are made in the modular campus design.
• Client Band Select: Band selection enables client radios that are capable of dual-band
(2.4 and 5 GHz) operation to move to a less congested 5 GHz AP.
• Auto Dynamic Channel Assignment: When a wireless network is first initialized, all
radios participating require a channel assignment to operate without interference - optimizing
the channel assignments to allow for interference free operation
• Auto Transmit Power Control: The Cisco WLC dynamically controls the access point
transmit power based on real-time wireless LAN conditions.
• Auto Coverage Hole Detection: The controller uses the quality of client signal levels
reported by the APs to determine if the power level of that AP needs to be increased.
• CleanAir: It is a spectrum intelligence solution designed to proactively manage the
challenges of a shared wireless spectrum. It allows you to see all of the users of the shared
spectrum (both native devices and foreign interferers).
Cisco follows a hierarchical network design approach, which addresses the modularity,
scalability and resiliency requirements of an organization.
The campus wired LAN uses a hierarchical design model to break the design up into
modular groups or layers, which allows each layer to implement specific functions. In
this way, the network design, deployment and management of the network become
simpler.
A simple example of modular design in cars is that while many cars come as a basic
model, paying extra will allow for upgrades such as a more powerful engine,
Bluetooth, heated seats, rear camera or special tires: these do not require any change
to other units of the car such as the chassis, steering, electric motor or battery
systems.
IPSpecialist.net 37 1 August 2017
CCDA Workbook
Each module has specific functions and can therefore be designed using the optimal
devices and features to meet the specific requirements of the module.
Consider a university with a number of buildings across the campus. Each building will have
access switches for endpoint connectivity and distribution switches for aggregation. These will
be connected to the main building datacentre core switches.
Depending on the size of the LAN, these services and the interconnection to the WAN
and Internet edge may reside on a distribution layer switch that also aggregates the
LAN access-layer connectivity. This is also referred to as a collapsed core design
because the distribution serves as the Layer 3 aggregation layer for all devices. In the
below schematic, a single building with multiple floors is designed based on two tier
approach.
Access Layer
The access layer is where user device and end-point devices are connected to the
network. The access layer provides both wired and wireless connectivity and contains
features and services that ensure security and resiliency for the entire network.
user devices from taking over the role of other devices on the network, and,
when possible, verifying that each end-user device is allowed on the network.
• Advanced technological capabilities. The access layer provides a set of network
services that support advanced technologies, such as voice and video. The
access layer must provide specialized access for devices using advanced
technologies, to ensure that other devices do not impair traffic from these
devices and also to ensure efficient delivery of traffic.
Distribution Layer
The distribution layer provides connectivity between access and core layers. Also the
layer enforces filtering, quality of service (QoS), summarization, and layer 3 services.
This approach reduces complexity of configuring and operating the distribution layer
because fewer protocols are required. Little or no tuning is needed to provide near-
second or sub-second convergence around failures or disruptions.
Core Layer
The core layer of the LAN is a critical part of the network and the simplest by design.
It provides a limited set of services and is designed to be highly available and always
operational. In the current business environment, the core of the network is always
designed with high availability to provide uninterruptible service during failure. The
core of the network should avoid implementing any complex policy services, and it
should not have any directly attached user devices and server connections. Also, the
core should possess the minimal control plane configuration, combined with highly
available devices that are configured with the correct amount of physical redundancy
to provide nonstop services capability.
The core campus is the backbone that glues together all the elements of the campus
architecture. It is that part of the network that provides for connectivity between end
devices, computing, and data storage services located within the data center— and
other areas and services within the network. It serves as the aggregator for all of the
other campus blocks and ties together the campus with the rest of the network.
Classical Spanning Tree. In this model, access switches are connected with the
distribution switches in layer 2 mode. FHRP are used to provide redundancy and
failover capabilities. The major drawback of this model is relying on STP, which
provides sub-optimal usage of network resources.
Routed. In this model, access switches provide both layer 2 and layer 3
functionality. There is no need for FHRP as the directly connected access switch
becomes the default gateway for the end devices. Routed design simplifies the
network and is much easier to troubleshoot. It also provides better network
resource utilization with traffic load balanced over redundant links. One
disadvantage of such design is that a VLAN cannot be extended across the switches
that may be required by some legacy applications.
Clustering. Switch clustering can be used at access & distribution layers for a
simplified and highly available network design. On an access layers stacking can be
used which let the access switches act as one single switch with each switch acting
as a module. Distribution switches can be clustered by using the technologies like
Cisco Virtual Switching System or a virtual PortChannel (vPC) allows links that are
physically connected to two different Cisco Nexus Series devices to appear as a
single PortChannel to access switches or end devices.
Datacenter
The data center module usually contains internal email and corporate servers that
provide application, file, print, and Domain Name System (DNS) services to internal
users. This is considered as the most critical part of any enterprise architecture. The
purpose of deploying network infrastructure is to provide access to application
services which are hosted in datacentre. Performance and unavailability in a certain
part of the network will only effect specific users while unavailability of the data
center will effect every user in the enterprise. It must be resilient, scalable, and flexible
in order to support data center services that add value, performance, and reliability.
The data center also hosts the management module for monitoring, logging, security,
and other management features within an enterprise.
Enterprise WAN
The WAN module provides connectivity between remote sites and the main site over
various WAN technologies. This module does not include the WAN connections,
which are supplied by the service providers but rather provides the interfaces to the
WANs. Example: WAN interfaces provided by this module are MPLS, Frame Relay,
Asynchronous Transfer Mode (ATM) and leased lines. Although security is not as
critical when all links are enterprise owned, security should be considered in the
network design.
Internet Edge
The Internet edge module connects to the internet via service provider network. It
provides services such as public servers, email, and DNS. The module can be
connected to multiple service providers. The area is quite insecure as it open channel
with the outside world. Firewall, IPS, Web Content Filtering, and Spam control
devices are also deployed here to protect the internal network from external threats.
Enterprise Branch
The enterprise branch module extends the enterprise by providing each location with
resilient network architecture with integrated security. Services can be offered from
branch or central site based on feasibility.
The branch office generally accommodates employees who are located away from the
central site and need access to corporate service. Branch office users must be able to
connect to the central site to access company information. The branch office is
sometimes called the remote site, remote office, or sales office.
Enterprise Teleworker
The enterprise teleworker module provides users in geographically- dispersed
locations, such as home offices or hotels, highly secure access to central-site
applications and network services. These users connect to the enterprise network over
a secure VPN tunnel. All traffic is encrypted to ensure confidentiality and integrity. It
increases the productivity of the employee with an access to corporate services
anytime anywhere.
Network Resiliency
Principles of structured design and the use of modularity and hierarchy are integral to
the design of campus networks but they are not sufficient to create a sustainable and
scalable network infrastructure. Network resiliency means the ability for the system to
remain available for use under both normal and abnormal conditions.
Normal conditions are change windows, and normal or expected traffic flows and
traffic patterns while abnormal conditions are hardware or software failures, extreme
traffic loads, unusual traffic patterns, denial-of-service (DoS) events whether
intentional or unintentional, and any other unplanned event.
As with hierarchy and modularity, resiliency is not just a feature but is a basic
principle that is made real through the use of many related features and design
choices. The coordinated use of multiple features and the use of features to serve
multiple purposes are aspects of resilient design. Just as the way in which we
IPSpecialist.net 48 1 August 2017
CCDA Workbook
implement hierarchy and modularity are mutually interdependent, the way in which
we achieve and implement resiliency is also tightly coupled to the overall design.
Adding resiliency to the design might require the use of new features, but it is often
just a matter of how we choose to implement our hierarchy and how we configure the
basic Layer-2 and Layer-3 topologies.
Network resiliency
This includes overall design topology redundancy, redundant links and devices,
and how the control plane protocols (such as EIGRP, OSPF, PIM, and STP) are
optimally configured to operate in that design.
Device resiliency
Device resiliency, as with network resiliency, can be done through combining
the appropriate level of physical redundancy, device hardening, and supporting
software features
Operational resiliency
The campus, which is either a part of the backbone of the enterprise network or
the form, must be designed to enable standard operational processes,
configuration changes, software and hardware upgrades without disrupting
network services.
Network Scalability
Businesses increasingly rely on their network infrastructure to provide mission-critical
services. As the business grows and evolves, more employees are being hired, more
branch offices being opened, and global markets are tapped. A scalable network is one
that can be adjusted without major modification as time and resources require.
internetworks are typically described as networks that are experiencing constant
growth, which is what many of today’s internetwork require due to the increasing
demand of connectivity of the businesses nowadays. They must be flexible and
expandable. The best-managed scalable internetworks are typically designed following
a hierarchical model.
Features and technologies that can be used to respond to the following key scalability
requirements:
Reliable and Available. This involves being available and dependable at all times.
Failures need to be isolated and recovery must be invisible to the end user.
Responsive. This includes managing the QoS needs for the different protocols
being used without affecting a response at the desktop.
Efficient. Networks must optimize the use of resources, especially bandwidth.
Reducing the amount of overhead traffic, such as unnecessary broadcasts, service
location, and routing updates, results in an increase in data throughput without
increasing the cost of hardware or the need for additional WAN services.
Adaptable. Key scalability must be able to accommodate disparate networks and
interconnect independent network clusters (or islands), as well as to integrate
legacy technologies.
Summary
In this chapter we explored the general design principles and how they contribute to
build a self-defending network. We also learned about modular network design and
the hierarchical and enterprise network modules for designing a hierarchal, modular,
scalable and resilient network.
This chapter contains two sections for the detailed description and development of
the design process of IP addresses roadmap and routing protocols.
This section delivers the design considerations and requirements to plan an efficient
IP address for the enterprise network.
IPv4 uses 32 bits address for the unique identification of network nodes,
whereas IPv6 uses 128 bits.
IPv4 uses dots to separate the individual numbers that range from 0.0.0.0 to
255.255.255.255
IPv6 uses colons instead of dots to separate the numbers and also
uses hexadecimal rather than decimal digits.
IP address classes are used to classify IPv4 address, called as class full IP
addressing. It utilizes defined network and host range.
For efficient usage of IP address, a more proficient scheme “Class Less Inter-
domain Routing” is employed. In which network and host range can be
shaped according to the requirement.
IP addresses are also classified into “public” and “private” addresses.
Modules are classified over which these addresses can be used.
Public IP Address
These addresses are used in:
Internet Connectivity Module
E-Commerce Module
Remote Access and VPN Module
IPSpecialist.net 51 1 August 2017
CCDA Workbook
Private IP Address
Used in enterprise network
Secure and non- internet routable addresses
Static and dynamic IP addressing schemes are used to assign addresses to the
network device.
Static assignments mean assigning a permanent address to a particular device,
used for devices and nodes that belong to infrastructure such as routers etc.
Dynamic assignment of IP address is employed for temporarily connected
devices such as end-devices (users). Dynamic Host Configuration Protocol
(DHCP) is used for this purpose.
Domain Name System (DS) is used to resolve user-friendly name into IP
addresses.
Hierarchy
Hierarchy is the organizational structure in which items are ranked according to levels
of importance. This improves the performance and overall efficiency of network. IP
address hierarchy is decided on the basis of IP address requirement per location,
network topology, geography, and size.
Summarization
Summarization is implemented over specific network nodes to introduce:
Less routing table calculations and re-calculations
Less routing table entries
Increase network stability
Low bandwidth and processing power
Efficiency
Hierarchy and summarization collective implementation bring in a highly efficient
and organized network structure.
In this example, the link failure update that is flooded to each node in the network
section is illustrated. Multiple paths are forwarding the same information to other
section of the network causing multiple similar routing table entries and bandwidth
consumption to carry the same update multiple times.
Estimated expansion
Design process will start after thorough consideration of the above- mentioned
measures and network requirements.
Subnetting
IP addresses follows classes in their addresses, each class has pre-defined amount of
network and host addresses available.
The illustration of the common classes of IP addresses along with their host and
network reserves is as follows:
Class D and E are reserved for Multicast and experimental purposes respectively.
Addresses 127.x.x.x are also reserved for loop back addresses.
Subnetting is a mechanism, which customized network, and host can use addresses by
dividing a network into multiple logical networks. It improves IP address efficient and
secure usage.
The figure below demonstrates the range of private addresses, which are assigned to
private networks for secure and protected communication:
The plan of IP address scheme employed considering the number of host devices employed,
no. of servers, firewalls and security devices, future expansion, and etc. Suggested future IP
address for main and regional offices are up to 20% and 10% for remote offices.
Total IP
Work IP Router Reserve
Location Servers Switches Firewall Address
Stations Phones Interfaces %
Required
San
600 35 600 17 26 12 20 1290
Francisco
Denver 210 7 210 10 4 0 20 441
Houston 155 2 155 10 4 0 20 329
Remote
12 1 12 2 1 0 10 28
Office 1
Remote
15 1 15 3 1 0 10 35
Office 2
Remote
8 1 8 3 1 0 10 21
Office 3
Total=2144
Reserved addresses vary according to the plan expansion of company but generally 20% or 10
% addresses are reserved as an optimal solution.
As IP address follows power of 2. So the employment of IP address would b such that it follows
power of 2 along with the accommodation of required number of IP address.
The implementation and complete IP addressing plan for this enterprise office is illustrate in
following table:
From the above table, the assignment of IP address block can be visualized.
IPv6 Addresses
Internet Protocol Version 6 addresses are the successor of IPv4 addresses. It resolves
the limitation causes by IPv4 addresses exhaustive addresses range. 128- bit address
space is available in IPv6 addresses. 128 bits address space means it can provide the IP
addresses to 43 trillion devices can be assigned IP addresses.
These are the parameters that must be taken into account for a scalable and reliable
Routing Protocol:
Number of Peers
Number of peers or devices significantly affect the choice of routing protocol. A large
company cannot comfortably run on static routing protocol because in each fault in
unwanted network scenario, network administrator has to intervene and reconfigure
the faults. Number of peers should be kept small if static routing is employed. In a
large organization, dynamic routing protocols (RIPv1, RIPv2, OSPF, EIGRP and BGP
are popular of them) are used for the dynamic learning of routes, calculation of best
route to reach a particular destination node and less administrative intervention.
Company ABC has an HO and 5 branch offices in San Jose. ABC has recently deployed a
centralized CRM software at HO, required to be accessable from the branches.
You have been assigned as a network design engineer to work with the customer and propose
a best fit solution for connecting the branch offices with HO.
You have met with the cutomer and collected the following additional information.
RIP is rarely chosen as a preferred routing protocol with the scalability and converegence
requirements of today’s networks. You need to closely analyse your customer bsueiness and
functional requirements for routing protocol selection.
Convergence Requirements
Routing protocol convergence is implied by the state of router at which all the
required topology information is collected and by how the router reach the position at
which it can start forwarding packets to the destination nodes of the network.
Dynamic routing protocols exploit this feature for the learning of complete topology.
Topology
Topology is the arrangement of network element in a network. Some routing
protocols raise a logical topology by which they view network while some routing
protocols require an explicit topological structure to work efficiently. For example,
Open Shortest Path First (OSPF) requires a defined structure of network elements by
locating different areas.
This section deals with the selection and design process of routing protocol to
efficiently cater the requirements of a network employing Internet Protocol version 4
(IPv4) or Internet Protocol version 6 (IPv6).
Static Routing
In static routing, network administrator has to statically modify and monitor each
node for the selection of path taken to reach to a particular destination.
Considering the example given, workstation A and work station B is not connected on
a single node. However, two routers, router A and router B are involved. This means
WS A cannot establish communication path towards WS B unless some sort of
connectivity is configured among the network nodes. Configuring static routes on
nodes that are not in direct connection provides this connectivity.
The best route to reach to a particular destination is learned by the metric associated
with different dynamic routing protocol. Different routing protocol used different
parameter as a metric such as hop count, bandwidth, load, path reliability, path speed,
latency, and etc.
The main difference between static and dynamic routing protocols is summarized in
following table:
Dynamic Routing protocols are used in large organizational networks and can be
broadly classified into two types:
1. Interior Gateway Protocols (IGP)
2. Exterior Gateway Protocols (EGP)
The examples of interior gateway protocol (IGP) and exterior gateway protocol (EGP)
are listed below in the following table:
Protocol Examples
Interior Gateway Protocol Routing Information Protocol (RIP) V1 and V2,
Open Shortest Path First (OSPF),
Integrated Intermediate System–to–Intermediate System
(IS-IS)
Exterior Gateway protocol Border Gateway Protocol (BGP)
Exterior Gateway Protocol (obsolete)
Distance vector protocols periodically send complete routing table to the directly
connected neighbour caused to use high amount of bandwidth. The specified timers
attached results in the longer time to make a common consensus between the nodes,
results in the convergence of overall network very slow.
In these periodic updates, only the best route to reach a specific node is exchanged. As
the router gets only the information provided by the neighbouring node, it has no
means to build the complete topology of the network.
Distance vector routing protocol relies on hop counts (maximum supported hop count
is 15). Network exceeding 15 nodes cannot efficiently work with Distance vector
protocol, thus the protocol works reliably in small network. Hop count is the metric
used for the calculation of best route to reach a specific destination node.
Example: RIP (version 1 and 2)
Figure 29. Distance Vector Routing Protocol Routing Information Exchange mechanism
Routing decision is taken based on the calculation of the shortest path to reach a
particular destination node. For the computation of shortest path, Link state routing
protocol uses a specialised algorithm known as “dijkstra's algorithm”. Each router has
a complete view of the entire network topology because the updates of links are
flooded to the entire network.
The figure below illustrates the packet exchange mechanism of link state routing
updates. Link-State routing protocols update changes in the state of link to the entire
network for example, Link failure or change in bandwidth of the link.
Router A noticed the change in the state of its link i.e. link down and flooded this
information to the entire network. By this way, the entire network learns change in
the network topology. Each node in the network got the updated information. Each
node inside the network can build complete network topology.
Selection of the suitable routing protocol is one the most critical step in network
designing. Range of feature has to be considered before selecting a routing protocol,
for example: day-to-day maintenance, convergence time, configuration steps,
deployment etc.
This table compares some of the important features of Distance vector and Link state
routing protocol, which comes into consideration while selecting an efficient routing
protocol:
In Figure 31, Exterior gateway protocol can be visualized. Exterior gateway protocol is
configured to establish communication between different autonomous systems which
IGP exchange routing information within an autonomous system.
For example:
RIPng (Routing Information Protocol next generation)
Similar feature as Ipv4 (RIPv2): Distance Vector, Split Horizon, 15 hop counts
Different feature: FF02::9 multicast address, multiple RIPng process on the same router
OSPVFv3 (Open Shortest Path version 3)
Similar feature as Ipv4 (OSPFv2): Link-State routing protocol
Different feature: LSA types, uses FF02::5 and FF02::6 as multicast address, no
authentication
EIGRPv6 (Enhanced IGP version 6)
Similar feature as Ipv4 (EIGRP): Advanced distance vector protocol, hello packets, DUAL
algorithm
Different feature: FF02::A multicast address
MP-BGP (Multiprotocol BGP)
Flat routing protocols are those protocols, which propagate routing information
throughout the network. In this routing mechanism, each router appears to be each
others peer or they lie on the same page.
Examples: RIP, EIGRP
OSPF is designed for large enterprise area where Routing Information Protocol (RIP)
cannot feasibility exchange information. OSPF has fast convergence time as compare
to RIP. The distribution of network in terms of different area is the basic concept of
OSPF.
It has one backbone area in which backbone router stay, called as Area 0.
Other areas are known as non- backbone area.
To establish communication among areas, packets have to be exchanged through
backbone area.
All non- backbone areas are connected to backbone area through routers.
The router resides on the boundaries of backbone and non- backbone area are
called area border router (ABR).
ABR provides connection between backbone and non-backbone areas.
Autonomous system boundary router (ASBR) serves as a gateway between OSPF
and other routing protocol. The process of translation and exchange of information
among different routing protocol domains is known as “route redistribution”.
This illustrates the multi-area example of open shortest path first protocol (OSPF):
BGP maintains path information in the routing table unlike distance vector, which use
distance or hops and link-state, which works on best possible route.
This section discusses the selection of protocol for each network module.
It is recommended to choose the same protocol for each layer. If multiple protocols in
each layer are a requirement, then redistribution mechanism must be enabled at
distribution layer.
The selection of routing protocol in this part of network depends upon the physical
topology, IP address plan, and the nodes connected. Static routing, OSPF, EIGRP, and
BGP are typical choices as a routing protocol. The advantages and disadvantages of a
certain routing protocol must be kept in mind while selecting a routing protocol.
OSPF can be used in environment like LAN, NMBA (non-broadcast multiple access
network) and dialup.
EIGRP is best suited for NMBA environments with Split-horizon enabled. For
example, Frame Relay or ATM.
The most popular choice is static routing or border gateway routing (BGP).
Route Redistribution
When multiple routing protocols are running on different sections of the network, the
section cannot communicate with each other. To enable them to communicate with
each other route redistribution mechanism is configured. Route Redistribution is
passing routing knowledge from one routing protocol to another routing protocol.
Route redistribution mechanism is configured on border router only, other router
(internal routers) understand only internal routing protocol which border router
understand both.
Company ABC has recently connected its three sites over MPLS L3 VPN. Routing protocol
between customer edge route(CE) and service provider route (PE) is BGP. ABC is using OSPF
as an IGP and would like to propagate internal routes to the remote sites.
You are working as a consultant for the customer and have been presented with the following
3 options:
Option 1 and 2 are technically feasible solutions, however it requires a lot of administrative
overhead and changes in the exiting network. Best option is to perform mutual redistribution
at the edge(CE) to transport each sites routes to the other site.
Above explained scenario is the most common type of deployment opted by MPLS service
providers.
Route Filtering
Route filtering is the mechanism to prevent advertisement of certain routes to a
specific network section. Route filtering is typically used in border gateway protocol
on global Internet for the filtering of Internet packets into internal corporate network.
Route Summarization
Large networks are subdivided into small sections in order to reduce route traffic and
computation. Routing traffic consumes significant network resources for route
computation and propagation of routing updates. To prevent this scenario, route
summarization is implemented. Route summarization is also called “Route
Aggregation” and “Supernetting”. This process allows nods to maintain routing
updates by summarizing series of routing entries into single entry.
Summary
The selection of IP address block and best routing protocol were discussed in this
chapter. IP address plan scheme must consider various network parameters such as
hierarchy, summarization, and overall efficiency. Scalability of the network must be a
priority while developing IP addresses plan and routing protocol. The selection of best
routing protocol depends on multiple parameters such as the structure of network,
type of devices, network resources available, and etc. It is not advisable to only have
one routing protocol for a particular network. However, combination of dynamic
routing protocol to exchange packets within a Single autonomous system, BGP to
connect multiple autonomous system together, and static routing to glue each
component of the network along with advance routing strategies must be used to
construct a robust, flexible, intelligent, efficient, user desirable and reliable network.
Before diving into details of particular design and planning process of each network
infrastructure, it is essential to consider the basic functionality and difference of each
type of network infrastructure so that distinction can be established.
This table illustrate the general comparison among the three specific network
infrastructure:
Local Area Network (LAN) or LANs module. This interconnects devices of entire
campus building together over a network.
Data Center module. Centralized resources are available at data center.
Virtualization Facilities. Virtualization tools and techniques are enabled in the
network to ensure efficient and smooth running of entire network and to provide
cost effective organizational solutions.
The overall design of campus network is divided into following main sections:s
Campus network design consideration
Campus infrastructure module design consideration
These are the examples of common applications, which can exchange between edge
devices (work stations):
Instant Messaging
IP phone calls
File Sharing
Video conference system
This figure illustrates how exchanges of information between peers or network edge
devices takes place:
Client-Local Server. Client is a node in the network that initiates a session and
request server to grant some resources. Server is a node, which accepts and
fulfils client requests. Local server is one that is locally available to network
node over a same LAN. Typically, 80% of the traffic remains within the local
LAN (80/20 workgroup rule is followed which implies that 80% of the network
traffic remain within the local LAN while only 20% leaves the segment).
The use of localized server in the campus environment is illustrated in the following:
Application Requirements
Network applications require certain parameters for a particular segment of the
network to run smoothly. These are the parameter that must be assessed using a
certain network application:
Type of connectivity
Availability
Cost of the network
Total required throughput
This table suggests the significant parameters for various application requirements,
which need to consider while designing a suitable network structure:
organizational
requirements
Redundancy is added
Availability to provide availability Low to
of the network to high Medium High High
each client all the
time.
Total cost of the
Cost of the network plays a Low to
network significant role in Medium Medium High Medium
applications utilized
by the clients.
Throughput varies
Total with the type of
required application used. Medium Medium High Medium
throughput Some applications to High
does not requires
high capacity
infrastructure etc.
Environmental Characteristics
Environmental characteristics of the location significantly affect the choice of devices
and medium of connection of node in the network. The two most important
characteristics of environment that affects the network design are:
Distance between the node (Nodes Location)
Type of connection used between the nodes (Connection Medium)
The selection of medium to connect nodes is dependent upon how much nodes are
distant apart. Further technical requirements such as signal attenuation or EMI must
be evaluated before selecting a medium type. The medium can be wired or wireless.
Medium must be selected carefully by thoroughly consider various aspect of network
such as expected life of the medium employed, transmission speed, maximum
supported distance, and etc.
Wired Medium
Wired medium deployment issues include cost of the wire, total life expectancy of the
wire, speed supported by the wired medium, attenuation, and EMI. Wired media can
be broadly divided into two categories:
Copper. The two main types of copper cable are Twisted Pair Cable and Coaxial
Cable. However, in network connection and deployments, twisted pair cable
type is mostly used. The interconnection of work stations, servers, devices and
their NIC cards to the access and distribution layer switches are accomplished
through twisted pair copper cables. It is suitable for short distances.
Recommended choice
Category 5e and greater (100 Mbps)
Category 6 (Gigabit Ethernet)
Distance greater than 100 meters works with specialized cable known as “Cisco
Long Reach Ethernet (LRE)”
Limitations
Electromagnetic Interference (EMI), long distances
Optical Fiber. Optical fiber has two main types, single mode (SM), and
multimode (MM).
Single Mode Optical Fiber. Single mode optical fiber carries one mode or
mono mode light. Standard diameter of single mode optical fiber is 2 to
10 micrometer.
Recommended choice
For precise and long distance communications
Limitations
Higher cost than multimode fiber, sensitive to misalignment, and radius
bend,
Recommended choice
Suitable for long distance
Limitations
High cost, highly sensitive to misalignments and bends
Wireless Medium
Mostly, intra-building network can use this approach to connect devices to each
other and to the network. Wireless access points and clients adapter are installed to
configure this functionality. IEEE 802.1g and IEEE 802.1n are the advanced version of
wireless techniques with supported speeds up to 54 Mbps and 300 Mbps respectively
in a 2.4 GHz band.
gigabit Ethernet)
Up to 10 Km (100
Gigabit Ethernet)
Multi Mode Up to 10 Gigabits per Up to 2 Km (Fast Medium
Optical Fiber seconds Ethernet)
Up to 550 m
(Gigabit Ethernet)
Up to 300 m (10
Gigabit Ethernet)
Wireless Up to 300 Gigabits per Up to 500 meters at 1 Medium
Medium seconds Mbps
The requirements and specification involved for each type of network structure are:
Switches are used to interconnect devices rather than hubs to efficiently utilize
network resources with different speed requirement of various nodes. The basic
difference between shared and switch media segments are listed in the following table:
The device, which provide shared media The device, which provide switched media
segment to the network nodes, is HUB. segment to the network nodes, is SWITCH.
Each nodes utilize same speed Each node can utilize different speed
Fixed allocation of bandwidth to each Full allocation of bandwidth to each node
node
The comparison of shared and switched media segments are illustrated below:
The four (4) main modules in campus network design, which will be investigated
thoroughly in this section:
The design and planning of infrastructure module targeted the following parameters
for consideration:
Hierarchy. It is the step taken in the design to construct a manageable network.
Network sections are classified and organized on the basis of certain specification
and parameters.
Modularity. Complete network is section on the basis of specific function in terms
of modules in this approach.
Resiliency. It is the capacity of the network to converge quickly.
Flexibility. It is the capacity of a network to adapt to changes and transitions.
Each layer of the infrastructure should design carefully for future expansion and
flexibility.
The number of queries that needs to be evaluated to build the infrastructure module
of access layer:
The next section discusses the feature that are supported and utilized in access layer
of the campus network:
Each layer 2 switch has supported certain limited devices that result in unavailability
in cases when more end-nodes need to accommodate. This limitation is resolved by
using VLANs in access layer.
VLANs are virtual LAN, a phenomenon of switches by which high scalability and
connectivity is achieved. VLAN configuration supports multiple LAN connections so
that they can communicate with each other as if they lie on single virtual LAN.
Spanning tree protocols are used to manage and control communication between
switches, prevent looping in redundant switch connections and allow fast
convergences.
Spanning tree works on the principle of assigning certain modes to specific switch
ports so that controlled flow of traffic can take place. These ports are allowed to
exchange updates in the form of “Bridge Protocol Data Units (BPDU)” packets across
each other every 2 seconds for quick control and fast convergence in situations of
transition and changes in network links or devices.
Election of Root Bridge. Root Bridge (Switch) is elected based on lowest value of
bridge identifier field. Bridge identifier comprises of 6-octet MAC address of the
switch and 2-octetbridge priority filed. MAC address of each switch device is
unique and bridge priority field is configurable.
Calculation of Best Route. Each switch calculates the best route up to Root
Bridge. This best route calculation is based on lowest cost or fastest link value to
reach Root Bridge. The cost of link can be calculated by:
1
𝐶𝑜𝑠𝑡 𝑜𝑓 𝐿𝑖𝑛𝑘 = 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ
Root Port. The lowest cost port on non-root bridge device is assigned as root port,
which is always in “forwarding state”. Forwarding state can receive as well as send
traffic.
If the cost to reach Root Bridge for each port is equal, then bridge ID
is used as a “Root Port” designator.
If bridge ID’s of two ports are equal, then the tiebreaker is Port ID
itself. The port with lowest port ID is designated as “root port”.
Port ID is combination of two field: Port Priority and Port index, if this
field remain as default then the port number is the criteria for the
selection of root port.
Designated Port. All ports on the “Root Bridge” assigned as designated port.
These ports are always in “forwarding” state.
Non-Designated (Blocking) Port. Ports that are neither designated nor Root are
assigned as “Non-designated Port”. These ports are always in blocking state; they
can only receive BPDUs and cannot send traffic.
The demonstration of STP Port allocation and overall process is shown in the
following figure:
Figure 41. Spanning Tree Protocol (STP) Root Bridge Election and Port Assignments
However, STP has its systematic process of converging switches and follows specific
time ranges before complete convergence (Convergence time of STP is 50 seconds).
The illustration of one instance of complete convergence along with the intermediate
states is shown in the following table:
Although advance version of original spanning tree protocols (STP) are used in access
layer of the campus network such as Common Spanning Tree (CST), per-VLAN
Spanning Tree (PVST+), Rapid Spanning Tree Protocol (RSTP), and Rapid per-VLAN
Spanning Tree Plus (RPVST+).
This table summarizes the difference among various versions of spanning tree
protocols.
STP compatibility issues must be resolved when using multiple vendors STP protocols
by using layer 3 routing. Convergence time is greatly improved in later version of STP
especially in case of link failure and uplink issues.
The various feature set includes in the Cisco STP toolkit are:
BPDU Filtering This feature is used to disable STP will not run of
PortFast enabled feature. BPDU filtering enabled
ports
UplinkFast Uplink fast allows link to Redundant link is put to
immediately response to link failure. forwarding state in case
of link failure. Switch
converge within 3 to 5
seconds
BackboneFast This feature is used case of indirect Convergence time is
failure of link. improved. Convergence
is improved from 50
seconds to 20 seconds.
STP Loop Guard STP loop guard prevents switch to Avoid loops
put redundant blocking ports to
forwarding states which are not
receiving BPDUs.
RootGuard RootGuard is enabled to prevent Designated port state
external switches to become root must configure to allow
port. each external node act
not as root bridge.
Track of late arriving BPDUs are Rate limited (one
BPDU Skew configured by this feature. message/ 60 seconds)
Detection BPRUs are sending after every 2 skew detected messages
seconds by default. are generated to inform
late arriving BPDU
Unildirectional When switch traffic is received by Link physical status is
Link Detection neighbour device but neighbour determined. In case of
(UDLD) traffic cannot reach to switch. detection of
UDLD is layer 2 mechanism unidirectional links
incorporated layer 1 techniques to error message is
detect the state of link. The link is generated.
considered unidirectional when port
does not see its port/device ID in
UDLD packets.
You are working for a Bank as network engineer. You start getting calls in the morning from
different users within the building complaining about
Network slowness
Unrechable appllications
You start investigating and found that the SPT root is pointing to an unknown device in the
conference room. You shutdown the switch port connected to this device and after a few
minutes network starts operating normally.
You physically visited the location and found that one of the user has connected his own
switch to the network to extend the LAN.This switch took over the SPT root situation.
This figure illustrates how links are grouped together to perform ether-channel
functionality:
To bundle multiple physical channels into one logical link, two protocols are used.
Those protocols are Port Aggregation Protocol (PAgP) and Link Aggregation Control
Protocol (LACP).
Desirable mode
Trunks Management
Trunk facilities are required to interconnect switches of access layer and distribution
layer.
In the above layer 2 switched network; each access switch is connected to two distribution
switches for redundancy. As per spanning tree default behaviour, any alternate path will be
blocked to avoid loops.
You have been assigned the task of deisgning this network with optimal use of resources.
HSRP will be used as the first hop redundancy protocol at distribution layer.
Design Highlights:
It is ensured that the STP Root & HSRP primary for particular VLANs are on the same
switch. Suboptimal routing will be observed if root and HSRP primary are on different
distribution switches.
VLAN based loadbalancing is used in the above topology where layer 3 gateway on one
distribution switch will be active for particular set of VLANs only.
If the distribution switches are stackable (3750), Etherchannel can be used to utize all
available links to distribution switches.
If the distribution switches support VPC/VSS (e.g Cisco Nexus/6500), all available
links to distribution switches can be used for active traffic forwarding.
Blocking of redundant path can also be avaoided by converting layer 2 links to layer 3
from access to distribution. Layer 3 loadbalancing techniques can be used to
loadbalance the traffic.
This table illustrates the characteristics that must be thoroughly investigated while
designing distribution layer network segment:
Characteristics Consideration
Performance Performance should be investigated thoroughly because it is the
aggregation layer of access layer and connects high-speed core
devices.
Redundancy Redundant devices and redundant connections should be
implemented at distribution layer.
The following are the recommended practices and protocols that can improve
convergence time and performance of overall network:
– Use virtual ip address. – Can use real router ip – Use virtual ip address.
address, if not, the one with
highest priority become
master.
Traffic type 224.0.0.2 – udp 1985 224.0.0.18 – IP 112 224.0.0.102 udp 3222
(version1)
224.0.0.102-udp 1985
(version2)
Load- – Multiple HSRP group per – Multiple VRRP group per Load-balancing
balancing interface/SVI/routed int. interface/SVI/routed int. oriented- Weighted
functionality algorithm.- Host-
dependent algorithm.
– Round-Robin
algorithm (default).
For example, if you have access switch with two uplinks configured and connected to
two distribution layer switches. Rather than configuring control protocols to decide
which uplink is used in which condition, a single multiple port (Multi-chassis) uplink
switch is connected to distribution layer.
Load balancing per flow is also achieved by VSS. It is the strategy to divert the flow of
traffic to the redundant path destined to reach certain hosts. Ether-channels
automatically redistribute the traffic to the remaining link without waiting for
convergence of STP, HSRP or any other protocol. The special purpose ether-channel to
unify distribution layer switches is known as Virtual Switch Link (VSL).
IPSpecialist.net 96 1 August 2017
CCDA Workbook
The recommended choice of core layer switch is Multi-layer switches, which are
intelligent and flexible. Multi-layer switches have following features, aside from the
size of building having an impact on the overall design of campus core:
This table demonstrates the attacks from the outside world that need to be recognized
to protect inside campus network:
Spanning tree (SPT is the oldest mechasinsm for preventing loop in layer 2
Ethernet networks. Other alternatives to STP are Shortest Path Bridging (SPB),
Transparent Interconnect of Lots of Links (TRILL) & Fabricpath.
Ethernet works on data plane learning and there is no mechanism like TTL to
detect loops as in layer 2. Hence, SPT adopts the link blocking mechanism to
prevent loops.
SPT does not allow multipathing meaning using more than one path to reach a
destination.
Two modes of loadbalancing are available
a. VLAN Based: Assign one layer 3 gateway for some VLANs and another
layer 3 gateway for other VLANs.
i. Gateway 1: VLAN 10,30,50
ii. Gateway 2: VLAN 20,40,60
b. Flow Based: Two or more gateways will be used as active/active for the
same VLAN(GLBP). MultiChassis Link Agrregation(MLAG) should also
be enabled for efficient flow based loadbalancing.
Use MST if you have a large number of VLANs to be deployed and hardware
resources/processing is a concern.
CST is not recommended SPT deployment.
Always enable SPT and port security on the edge ports to protect against any
accidental loops.
VTP configuration and management should be done carefully. VTP transparent
mode is recommended to avoid any operational mistakes. With server/client mode
; minor configuration mistake can bring the complete network down.Use VTP
domain name/password .
Remove any unwanted VLANs from the trunk interfaces.
Keep the layer 2 domain as small as possible. It helps in troubleshooting and
improves the overall performance as less unknown unicast and broadcast
processing.
It is advised to use hardcode the trunk configuration. DTP slows down the
converagance as it negotiates the trunking mode with remote switch.
In a multivendor environment; VRRP should be used as FHRP as it’s an IETF
approved standard.
GLBP should not be used at the Internet Edge if the Firwall in the middle is
performing NAT/PAT for the internal IPs. Edge routers will alwasys see the traffic
coming from a single IP due to NAT/PAT.
A better solution could be to use HSRP with multiple groups. Add two static
default routes on the firewall wiith
a. Route 1: Pointing to HSRP Group 1 Active Router(R1)
b. Route 1: Pointing to HSRP Group 2 Active Router(R2)
SPT root and FHRP should be configured on the distribution layer. They should
not be extended up to the core due to large layer 2 domain size. Imagine all VLANs
from access extending till the core to reach the SPT root and FHRP.
This figure demonstrates the evolution of data center architecture in the last two
decades:
Virtualization
The network devices (hardware) are virtualized to provide seamless connectivity.
Virtualization can be provided in the data center network environment by employing:
Cisco VN-Link Technologies
Virtual SAN
Virtual LAN
Virtual storage and network devices
Virtual server environment
Unified Computing
Unified computing system is a Cisco’s next generation solution to provide data center
platform. The functionality and features supported by unified computing approach
are:
A built cohesive system in which computing, networking, storage, access and
virtualization are integrated
Increased productivity by allowing and provisioning mobility
A standard platform
Integrated various data speeds
Cisco VN-Link Virtualization Support
Cisco extended memory technology
Unified fabric
Unified Fabric is implemented to deploy data center infrastructure. The two
approaches that can be utilized to achieve a cohesive data center network structure
are:
Fiber Channel over Ethernet (FCoE)
Internet Small Computer System Interface (iSCSI)
These two approaches provide reliable 10 Gigabit Ethernet facility for data center.
Firewalls, load balancing, SSL offload, and other services are implemented
Design to support high STP calculations
This table summarizes the basic design considerations and requirements in different
modules of campus network infrastructure:
Module of Cost
Campus Technology Scalability Availability Performance Per
Network Port
Infrastructure
Access Layer Layer 2/ High Medium Medium Low
Layer 3
Distribution Layer 3 Medium Medium Medium Medium
Layer
Core Layer Layer 3 Low High High High
Data Center Layer3 Medium High High High
The first two modules have been discussed in detail in the prior section of this
chapter. Later modules will thoroughly be investigated in the following section. The
most significant information is the knowledge of Wide Area Network (WAN) in this
section. Wide area network (WAN) composition is the most critical portion in
enterprise network design. WAN covers a significantly broad geographical area.
WAN Technologies
To fulfil the requirements of customer or organizational demands and needs, multiple
transport technologies of WAN are available. It is essential to consider various
available WAN options while designing an enterprise network so that the most
suitable and efficient technology can be selected and deployed to satisfy customer
demands.
Time slot is allocated to each node over the connection in terms of channel runs on
shared bandwidth. TDM is an example of circuit switches network.
For example, in North America T1 connection is used in which 24 different time slots
are allocated to different user. These 24 channels collectively share bandwidth of 1.536
Mbps with individual bandwidth of 64kbps. Individual Bandwidth is calculated by:
𝑇𝑜𝑡𝑎𝑙 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ
𝐴𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒𝑑 𝑡𝑜 𝑒𝑎𝑐ℎ 𝑢𝑠𝑒𝑟 = 𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑐ℎ𝑎𝑛𝑛𝑒𝑙𝑠
ADSL Modem along with Customer premises equipment (CPE) is a remote network
connected to service provider’s network through ADSL connection at each side. DSL
Access Multipliers (DSLAM) provides the point of termination to the customer’s ADSL
link.
Global System for Mobile Communication (GSM). GSM holds the following
features:
o Uses TDMA technology
o International Coverage
o 8 simultaneous channel
o RF bands: 900, 1800and 1900 MHz
o Data rate: 9.6 Kbs
General Packet Radio Service (GPRS). GPRS is improved GSM with higher
data rates i.e. 64 to 128 kbps.
SONET and SDH Technology. SONET and Synchronous Digital Hierarchy utilize
circuit switches network. Optical fiber is employed for sonnet and SDH traffic
transportation.
DWDM Technology. Intelligent and efficient use of fiber optic cable is supported in
dense wavelength division multiplexing (DWDM) technology. Flexible and efficient
infrastructure utilization is implemented by using DWDM technology.
Dark Fiber. Leased fiber optic cables are referred to as “dark fiber”. Dark fiber
deployment improves performance and is able to accommodate various transport
features, which is essential for the network to maintain performance and reliability.
Leased WAN. Purchase and pay for the dedicated bandwidth allocated by service
provider.
Advantages: Maintenance is performed by service provider
Disadvantages: Enterprise has to pay for the purchased bandwidth even if
certain portion is not in use
Response Time. This is the amount of time elapsed between client request and
response process. A certain response time at user side is acceptable after that the
customer satisfaction to a certain service is decline. Less response time is highly
appreciable. Response time is also a parameter use to measure “usability” of the
service.
Bit Error Rate. Bit error rate is the indication of loss of data/information packets. It is
represented in exponential to the negative power value.
This table displays the parameter and services, which should be made available to
each client of the network:
These are the layer 3 routing protocols, which can be utilized to transmit and receive
information in the network:
Static Routing
Routing Information Protocol, RIP v1 and v2
Open Shortest Path First, OSPF
Intermediate System to Intermediate System, IS-IS
Enhanced Interior Gateway Routing Protocol, EIGRP
Border Gateway Protocol, BGP
WAN connectivity
Constructing a WAN network is dependent upon various parameters and applications.
A well thought and well suited composition and topology infrastructure is required to
build along with the choice of suitable connectivity methods for each individual device
of the enterprise network. To build flexible, efficient and effective enterprise network,
investigation of quality of service, redundancy, organization-specific, and client-
specific resources allocation, backup links and network resources, and etc. are needed.
WAN Topology
In a WAN network structure, nodes can be connected to follow these topological
compositions:
Spoke to Spoke
Spoke-to-Spoke topology is extension of Hub and Spoke topology. Hub remains the
centralized location, means Spoke 1 communicate with Spoke 2 via central Hub. In
Hub and Spoke topology, each spoke can communicate to Hub only, but in this
extended version, spokes can communicate to each other’s as well.
Point to Point
Point to point topology is simple topology structure in which two nodes are directly
connected to each other over a cable.
Partial Mesh
In partial mesh topology, remote location is prioritized. The remote location that has
high priority will connect to other location via WAN connection and the remote
locations that have low priority are connected via centralized location.
Full Mesh
In Full Mesh topology, each physical location is connected to each other using WAN
connection.
Connectivity Methods
A WAN connectivity method connects each node of the network in respect to their
geographical location to the enterprise central network. Connectivity methods can be
used by external users such as internet hotspots, public access, and etc. By enabling
connectivity methods, network internal resources can be accessed and utilized by
remote employees, teleworker, customers, and partners. The mobility in the network
is achieved by following approaches of connectivity:
DMVPN
GET VPN
Group Encrypted Transport Virtual Private Network (get VPN) is used to provide
simplified solution for integrated application such as voice, data and video with
improved security without the implementation of tunnels.
Layer 2 VPN
Layer 2 protocols such as ATM, and Frame relay are supported in Layer 2 VPN to
establish communication. In layer 2 VPN service providers’ edge router (PE), exchange
information to customer edge router (CE) is in layer 2 format.
Static IPsec
Static IP security (IPsec) allows protected communication between nodes. Secure and
tunnelling services can be created in point to point or site-to-site environment with
IPsec.
GRE
Generic Routing Encapsulation (GRE) tunnels are used to establish point-to-point
tunnel between nodes. In this approach, data packets are encapsulated to make it
compatible with medium protocol so that packet can be exchanged. GRE tunnels
support multicast and IPv6 protocols.
VTI
Virtual Tunnel Interface (VTI) is a virtual interface of existing Virtual Private Network
(VPN). VTI is specialized version, which provides secure VPN tunnel, often called as
IPsec VTI.
Resiliency
Resiliency is the measure of how quickly a network adapts and converges after the
occurrence of unwanted events of network resources unavailability and failure.
Networks must be design to provide all- time resiliency for better experience of
organization and clients.
Service Level Agreements (SLAs). Internet Service Provider (ISP) provides WAN
facilities to each internal network. Service level agreement is a contract between
Internet service provider and organization that pens down the level of service
expected from the service provider.
Backup Links. WAN links requires a redundant approach because of its relatively less
reliable and slow feature as compared to LAN links. Each enterprise edge module
requires a WAN backup link to provide connectivity in situations of link failure. These
backup connections can be made available to each WAN network by using either
dialup or permanent connections.
Software queue. Work on the approach of scheduling data packets into hardware
queue. This scheduling is done based on:
Quality of service requirements
Custom Queuing
Priority Queuing
Weighted Fair Queuing
The important parameters that must be taken into consideration to provide better
connectivity and security all the way through network transactions are:
Internet connectivity
Internet connectivity throughout the entire network is crucial and most popular
service to the end-users.
ACLs and firewall placements
Access control lists and firewalls are filtering tools of network. They are used to
prevent unwanted traffic to extend inside the internal network. Both tools are
placed on the internal network nodes to prevent the overflow of heavy traffic of
external network.
NAT placement
Network address translation (NAT) is a network tool used to map internal private
address of the enterprise network to the external internet world route-able
address.
The size of branch network greatly influences the choice of network resources. This
table demonstrates the resources requirement of network on the basis of their sizes.
These requirements are achieved by enabling high redundancy in the network and
describing capacity of employed link.
Redundancy
Redundant connections as a hardware requirement of an enterprise branch network
are significantly important in designing an enterprise branch. Redundancy at each
level of network is required to connect network segments together.
Connectivity
WAN should be managed according to the needs and demands of branch offices.
WAN connectivity for the branch office must not struck off at any point. Optimized
connectivity is important for secure, reliable, and efficient communication of multiple
branches of an organization.
Hardware
Redundant hardware deployments are also required to establish all- time availability
and connectivity.
Cisco Integrated Services Router Generation 2 ISR G2s is a solution that provides
efficient network device for enterprise branch network such as the Cisco ISR (2600
Series) provides a borderless experience for the customer. It provides flexible LAN and
WAN configurations, multiple security options, voice and data integration, and a
range of high-performance processors.
Service provider
A service provider manages services for the branches. Internet Service Provider
resolves and manages branches issues by providing MPLS VPN connection to the
branch offices. Multilayer Protocol Label Switched Virtual Private network (MPLS
VPN) offers an innovative solution of interconnection.
Link capacity
Link should be designed to cater the requirements of branch-to-branch
communication. Bandwidth and delay are the most important constraints that need to
be addressed while selecting connectivity solution of enterprise branch network.
Bandwidth
The exchange of packets between branch offices requires significant bandwidth
available all time basis. Bandwidth, being the most important resource of any
network, must be designed to allocate properly according to the requirements of
end-devices.
Delay
Delay between the exchanges of information should be minimized for the
important exchange of corporate messages between branch offices. Link extended
to branches must be designed to accommodate different corporate requirements
and exchange of corporate important communication must not be delayed.
Summary
Comprehensive design consideration and implementation of enterprise campus
network, enterprise network, and enterprise branch network is the key to build
absolute functional network architecture. Segment and module wise implementation
of complex network provide ease in manageability and maintenance of the network.
This also adds handle future expansion of both network components and application
requirements of organization. For any enterprise business involved in the design
and/or operation of a campus network, integrated approach—based on solid systems
design principles is recommended. The Cisco Enterprise Campus Design Guide, is
specifically intended to assist the engineering and operations teams develop a
systems-based campus design that will provide the balance of availability, security,
flexibility, and operability required to meet current and future business and
technological needs.
The basic architecture of wireless local area network (Wireless LAN) over an active
enterprise network is illustrated in the following figure:
This section discusses the fundamental concept for development along with different
approaches to build a wireless network. Network switches utilize trunk (802.1q)
mechanism for the exchange of communication packets.
1. Autonomous Deployment
In Autonomous deployment architecture, independent Access Points (APs) are
responsible for the forwarding of RF client traffic to the appropriate VLANs over
wired network.
This table shows the difference between autonomous and unified deployment
architecture:
Wireless Authentication
The first step after the client access the APs in wireless network is authenticating the
integrity of end-devices. A client needs to authenticate itself by redirecting its traffic
to authenticating server. Only then it can get access wireless network after successful
authentication course. In the authentication environment, client is usually called as
“Supplicant”.
Access Points
Access point is a stationary transceiver connected to the wired LAN network of the
enterprise enables end-point devices to connect over a network wirelessly. The modes
of APs in LWAPP and CAPWAP environment are as follows:
Local Mode
Hybrid-REAP Mode
Rogue Detector Mode
Monitor Mode
Sniffer Mode
Bridge Mode
WLAN Controllers
This table demonstrates the terminology used in WLAN controllers:
Terminology Description
Ports Physical entity with various functionality
Controllers have different approaches to manage ports. For
example: Some WLAN controllers support link aggregation
protocol (LAG). LAG allows aggregation of all physical port into
one logical interface (IEEE 802.3ad port aggregation standard is
followed)
Connect WLC to LAN switch
By default set to 802.1q VLAN trunk
Interfaces Logical entity with various parameters associated such as IP
address, default gateway, and etc.
Maps VLAN on wired network
Multiple interfaces are mapped to a single WLAN controller port
At least each interface is associated with one primary port and
optional secondary port (when LAG is not configured)
WLANS Logical entity
Associate SSID to WLAN controller interface
Supports security, quality of service (QoS), radio policies, etc.
Up to 16 WLAN APs can associate to a single WLAN controller
Management Default interface, configure while setup are present in all WLC
Interfaces Management interface and service port must be on different sub
network
Management interface is used in discovery process between AP
and WLAN controller
Consistently exchange information with AP
AP Manager Configured at set-up, static and present in all except 5508 WLC
Interface One or multiple AP interface can be present
Used for layer 3 communication
IP address of AP manager interface is used as a tunnel source
address for CAPWAP packets exchange
Unique IP address
Dynamic Designed by network administrator
Interface Assigned unique IP address to each interface
Up 512 instances of dynamic interfaces are supported by Cisco
WLC
Virtual Supported layer 3 security services, mobility management,
Interface DHCP relay, etc.
Configured with unusual IP address gateway, typically 1.1.1.1 is
used
IP address is not associated in routing table and cannot pinged
Seamless Roaming is introduced by configuring single IP address
on each WLAN controller virtual interface
Service Port Static mapping by the system to the physical service port
Interface Must not overlap with sub network of management interface, AP
manager interface, and dynamic interface
Static IP address or obtain IP address by DHCP dynamically
Reserved for out-of-band management in scenarios of network
failure
Only port which is alive in boot mode also
This table summarizes the comparison between LWAPP and CAPWAP protocols:
The dire need of centralized learning has been resolved by “Cisco Unified Wireless
network” solution. This approach enables access point to intelligently detect
neighbour’s wireless network.
The five element of wireless network that enables efficient and intelligent utilization
of wireless resources are:
Client Devices. Cisco’s software supported and compatible client devices serve
as a client node in Cisco’s unified wireless network.
Access Points. Wireless network is accessed by Access Points (APs). Plug and
play access points introduces enhanced overall productivity by using dynamic
Light-weight access point protocol (LWAPP) and control and provisioning of
wireless access point protocol (CAPWAP).
Network Unification Module. Network Unification Module provides wired
and wireless network integration service. All switching and routing platform
are integrated through this module for reliability, security and seam less
communication services.
World-Class Network Management. Network management is the crucial part
of wireless network. Mobile-end user is supported with same level of security.
Reliability, ease of deployment and management as wired network.
Mobility Services. Unified mobility services such as advanced security, threat
detection, guest access, context-aware mobility service and voce services are
provided in wireless network through this module.
Figure 51. Cisco Unified Wireless Network Architecture Elements and Benefits
The three basic wireless elements are Client devices, Access Points, and Wireless
controller. Other elements such as Mobility services and World-class network
management module are integrated in complex wireless network to provide advance
services.
These are measures that must be taken based on site survey to reduce difficulties in
deployment of wireless network:
Cisco wireless control system (WCS) are used for the detection and optimization of
interference locate and analyzed by the spectrum analysis tool such as “Cognio
Spectrum Expert”
Discover region of multipath distortion help in elimination.
performed
4 Areas which are heavily Helps in APs Marked on the basis of facility
and infrequently used deployment point diagram such as:
are identified identification Coverage area: Areas which
process need wireless network
support
Marking area: According to
customer non-coverage
areas.
The expected density of wireless
devices is identified. Generally
single AP can support seven to
eight wireless phones or about
20 data only devices.
5 Preliminary locations Ease in Numbers of access points are
for access point identification of visualized with Cisco smart
installation are access point Wireless Control System (WCS).
identified deployment in It can import real floor plans
actual site and can analyze the required
number of access devices in a
given floor or area. It considers
the following characteristics in
access point estimate
calculation:
IEEE 802.11 b/g/a/n protocol
Coverage or capacity
Throughput
Square feet
Cisco WCS also provides an
integrated tool for the
estimation of comprehensive
WLAN structure such as Light-
weight APs placement,
configuration and performance
etc. It represents WLAN design
in a graphical view, which is
known as “Heat Map”.
6 Access point Re-surveyed and
installation points are Re-tested
located on real site location of best
possible point for
the deployment
of access points
(APs) are
identified
7 Documentation of the Complete map of Complete list of customer
finding such as data network topology requirement
rate at inner and outer is generated Coverage area
This site survey is considered as manual site survey. These are parameters that need to
be addressed after the survey:
Relate and measure the coverage area for the desired data rate
Move client across the area to calculate the data rate inside and at boundaries
Determine the coverage range on marked areas
Build coverage area on the basis of access points availability
Reduce contentions by setting up non-overlapping channels
Number of Access points. Number and feature offered by an access point must be
properly investigated before installation and that it should follow the demands and
requirements of customer. Over-deployment of access point is the most suggested
practice for uninterruptable connectivity and seamless coverage.
Location of Access Points. The location of access point must be deployed centrally
and in proximity with WLAN client devices.
Power consideration for the Access Points. Power over Ethernet (PoE) is used to
reduce cabling infrastructure. Traditional cabling method can also be used.
This table summarizes the difference between physical and Virtual Controllers:
These are the steps for the establish of communication across network:
1. Between Wireless and Wireless
WLAN client sends information in the form of encrypted packets to access
point
Access point decrypts packets and encapsulates it in CAPWAP header and
forward to WLAN controller
WLAN controller detach CAPWAP header ad forwarded to the appropriate
VLAN node
2. Between Wired and Wireless
Wired network packets are received at WLAN controller
CAPWAP header is encapsulated and WLAN controller forward this
encapsulated data to appropriate access point
Access point detach the CAPWAP header, encrypt data packet and forward
to WLAN client through RF channel
Split Media Access split the functions of Access points and WLAN controller. The
demonstration of individual functions is represented in the following table:
The number of access points, ports availability to integrate wireless and wired
network, power requirements of access points, number of controllers required and the
location of controller should be properly investigated in order to deploy an efficient
branch network.
Hybrid REAP
Hybrid Remote Edge Access Point (H-REAP) is an access point mode configuration
option for branch and remote location connectivity. Few access point configuration
with H-REAP mode and WAN connection can support multiple branch offices
connectivity without deployment f controller at each location.
Cisco provides straightforward and simplified solution for this overwhelmed network
reconfiguration and segregation task. Lightweight access points along with additional
security policies are introduced for the effective and efficient deployment and
integration of guest network.
A newer approach is called “Mesh connection”. This is the smart application of wireless
connectivity among outdoor networks. Cisco offers smart tools to configure effective
mesh. These tools include:
Cisco Wireless Control System (WCS). WCS is smart software for mesh
network management. Complete view of mesh network is analyzed with WCS.
Cisco Wireless LAN Controllers (WLC). Controllers provide service like
mobility, security and management of APs.
Root Access Point (RAP). This AP is connected to the wired network and
connected wirelessly to MAPs. RAP act a root to the wired network.
Mesh Access Point (MAP). These are remote access point provide network
access to wireless clients through RAP access points.
Mesh architecture is employed in which each AP to communicate with all other access
point ensures better performance and reliability especially in case of client’s close
access point failure scenarios. The deployment of mesh AP in a network is illustrated
in the following figure:
Access points and Wireless controllers are the two wireless strategic components that
have to be deployed and configured properly to enable wireless services in a network.
These are the parameters that must be considered for an integrated and incorporated
wireless network setup.
Traffic flows
Mobility is one the most significant benefit introduced by the wireless network. If a
client in wireless network move association with one access point to another access
point, the client is said to be in roaming condition. Mobility services allow association
with AP, new IP address and security credentials. High quality roaming involves
seamless connectivity, but as the process can take notable time client can lose network
connectivity for some time.
Bandwidth Consumption
Bandwidth is supposed to be a very important and expensive resource of the network.
Bandwidth control mechanism must be incorporated in the network otherwise
performance and user experience is affected.
Quality of service has critical importance in a medium that is wireless and mobile at
the same time. Additional QoS techniques must be implemented to satisfy great
challenges of wireless communication. Wireless communication is more susceptible to
loss and delay effect in during communication because in wireless medium signal can
caught by many non-predictable effects unlike wired medium in which signal
corruption and loss due to medium is relatively small.
The network must bind and incorporate standard security policies in network design
in order to build a protected, connected and available network.
Threat Identification
There are three broad classification of threat:
Social Engineering.
Confidential information or device credentials are accessed by manipulating
legitimate users.
Scanning Tools
These are the common scanning tools:
Network Mapper (Nmap)
Vistumbler and inSSIDer
SuperScan
Kismet
Vulnerability Tools
The tools used for vulnerability assessment are:
Nessus
Microsoft Baseline Security Analyzer (MBSA)
Security Administrator’s Integrated Network Tool (SAINT)
Security design integration while designing network is the recommended practice for
secure and protected exchange of communication. Cisco introduces an efficient mean
of security integration on network infrastructure.
Modular security layer is incorporated to the network so that breach at one segment
does not affect other segments of the network.
The SAFE Key organizes security by using two core concepts: Places in the Network
(PINs) and Secure Domains.
PINs reference examples of locations that are found in networks and the infrastructure
needed to create them:
Data center
Branch
Campus
WAN
Internet edge
Cloud
Secure Domains are operational areas used to protect these locations. They are
security concepts that traverse an entire network:
Management
Security intelligence
Compliance
Segmentation
Threat defense
Secure services
Secure Branch
Secure Campus
Secure Edge
Secure Cloud
External Zones
Customers
Key Security Challenge
Securing connections to service o erings is the primary goal when establishing
communications with customers outside of the corporate enterprise. A breach or loss
of data creates an immediate and heightened lack of trust resulting in loss of
commerce.
Remote Workers
Key Security Challenge
Securing remote access for employees connecting to the corporate enterprise from
untrusted sites (such as co ee shops and hotels) is critical for maintaining data
security. Identity-aware access controls, posture assessments, and encryption enforce
a consistent set of policies before allowing access.
http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-
security/landing_safe.html#~overview
The following section considers various parameters for the designing and building of
unified voice-video-data network architecture.
In digital transmission, voice signals are converted into digital streams and received
with great quality because noise effects can effectively compensate in digital
environment.
Several steps are performed with dedicated devices to convert an analog signal into
digital one. This table shows the steps that are performed in the conversion of analog
signal into digital:
This 8 bit code word allows bit rate of 64 kbps. Bit rate
can be calculated by:
infrastructure is not suitable for an integrated network over which each type of data
can transported.
These are the parameters that drives the requirement of evolved network structure
that support communication irrespective of type of data:
Integrated network support to reduce WAN cost
Preference of data communication over other types
PSTN inflexible infrastructure
Inflexible Bandwidth allocation in PSTN network
The aspects and parameters of unified network that ensures unified and integrated
deployment model that are essential to consider and enforce to build a collaborated
and associated network design are:
Network Infrastructure
Voice Security
Unified Communication Deployment Model
VoIP Migration Option
Services support
Deployment of networking devices, etc.
Gatekeeper
Gatekeeper provides call control and other services to H.323 end-points. H.323
gatekeeper is also an optional component and a specific “zone” is assigned to
gatekeeper within which it is allowed to exercise its authority.
These are the various functions and services performed by H.323 gatekeeper:
Address translation
Admission control
Bandwidth control
Zone management
Call control signalling
Call authorization
Call management
Gateway balancing
The maximum number of logical connection in the voice network is given by the
formula:
Only the gatekeeper needs to reconfigure and adjust for addition and removal of
gateways.
H.264
Video encoding standard protocol defines the most effective algorithm for video
compression. Identical approach as ISO/IEC MPEG4 part 10 and Advanced Video
Coding (AVC) is used in this approach for better efficiency and quality.
These are the main consideration and components of VoIP based networks:
Design Models
VoIP can be deployed in various ways according to the size and other requirements of
specific organization.
Single Site
Video Considerations
High definition video transfer is a challenging and tricky job in network designing.
Certain parameters need to be addressed while considering video integration over
network.
This table holds the brief description of each control and transport protocol:
Control gateways.
Protocol
(MGCP)
Gateway: The device that manages translation between audio signals and
packets network.
MGCP utilizes Real time transport protocol over IP to establish audio connections.
MGCP control mechanism is implemented by series of plain text command sent over
UDP port 2427 between the CUCM and MGCP gateway.
These are the following essential parameters to address for the efficient integration:
These are the different policies that can be implemented with QoS:
IPSpecialist.net 156 1 August 2017
CCDA Workbook
Traffic Shaping
Traffic shaping is used in WAN to ensure reliable exchange of packets over
channel. Traffic must be pre shaped or defined before pass from the channel
according to the capacity of the channel. Traffic shaping implementation must
consider the capacity and allow traffic on the basis of calculated capacity to
reduce packet loss.
Traffic Policing
Traffic policing is used to control the maximum rate of traffic sent or received
over an interface. It is configured on the interfaces at the edge of the network
to limit the arte of traffic entering or leaving the network.
Trust Boundaries
Identification of trust boundaries is one of the basic design questions upon
which network lie. Trust boundary defines the perimeter of the network. Trust
boundary is a logical feature of the network. It describes the logical boundary
over which an enterprise can move to utilize the resource.
Delay
Voice quality is directly affected by this mechanism especially in wireless
environment. Each delay mechanism must be calculated and accounted.
Fixed delay
Fixed network delay has three components:
Propagation Delay. Propagation delay is the negligible delay especially in data
networks. It is the delay of signals between sending and receiving end-points. This
delay has notable value only in satellite communication.
Serialization Delay. The delay introduced by the placing of bits on the circuit is
called serialization delay and it effected by the speed of circuit.
Processing Delay. Processing of the traffic also introduced certain effects of delay.
Processing delay includes the following:
Variable Delay
Variable network delays are difficult to predict and calculate. It has three components:
Queuing Delay. Queuing delay is introduced in the network when delay-
sensitive voice packet has to wait for the entire prior packet service. Size of the
current packet which is being serviced and the arrival of traffic greatly impact
queuing delay.
Dejitter buffers are used to rectify the situation introduced by jitter. These
buffers are employed at receiving node to smooth delay variability. Dejitter
buffers always add delay based on the size. It is highly recommended to use
small dejitter buffers.
Loss
The data get corrupted while travelling through medium is implied by Loss. In
wireless transmission, there is a high risk of loss. Voice and video clipping and skips
are introduced due to loss. Interference of other communication channels working on
same frequency, effect of noise, fading effects and Doppler’s effects are causes of loss
in wireless transmission.
Loss in Video. A small amount of packet loss in video results in high degradation of
video quality. These are the factors upon which the quality of video collectively
depends:
Video resolution
Frame rate
Configured data rate
Codec implementation
Specific PC upon which video is running
Capacity
Capacity and bandwidth availability is challenging task in voice and video
enabled network. Bandwidth is the primary issue in network design.
Convergence Time
Convergence time is the time required for network nodes to completely
establish stability in unwanted networking scenarios such as link or device
failure, unavailability of nodes etc. Network design must accommodate
changes and transitions by using redundant and backup devices and links.
Service Placement
Services are delivered and placed according to the needs of enterprise. A
systematic architecture needs to be followed to utilize efficient delivery of
services on demand along with each intermediate device along the way must be
enabled to keep them compatible with these services.
Access Service. Access service allows mobility services, control and identity of
video clients and location services.
Transport Service. Transport service allows transport facilities such as
optimized packet delivery etc.
Bridging Service. Transcoding, recording and conferencing services are
provision and delivered.
Storage Service. Storage service provides allocation and retrieval, distribution
and management services.
Session Control Service. To control the initiation and termination of the
session is provided by this service.
Cost. Cost factor is the most challenging factor in today’s widely used data
infrastructure. Data center modules such as cooling, cabling, housing, powering, etc.
puts additional cost over addition of data center components.
Isolation. Virtualization has enabled complete isolation of user traffic from each
other result in great flexibility.
Access Control. Controlled access of the network must be ensured for the proper
utilization of virtualized resources. Security and authentication policies should be
incorporated at access layer to prevent network from internal attacks and external
threats.
Path Isolation. Paths should be isolated from each other’s traffic to ensure proper
exchange of communication. Proper mapping is considered and addressed properly in
the virtualized environment.
Service Edge. Proper mapping of services with centralized policy enforcement must
be addressed, i.e. services are delivered to the legitimate user or device in the network.
Types of virtualization
Network resources and services can be virtualized in two ways:
Network Virtualization. Multiple virtual portion of network over single
network infrastructure is created in network virtualization. Each portion is
logically isolated, dedicated, and secure with independent policies and routing
decisions.
These are the types of network virtualization technologies:
o Virtual Local Area Network (VLAN)
o Virtual Storage Area Network (VSAN)
o Virtual Private Network (VPN)
o Virtual Routing and Forwarding (VRF)
Device Virtualization: In device virtualization, multiple logical copies of a
single physical device or single logical device by combining multiple physical
devices are created.
Examples of device virtualization are:
o Server Virtualization
o Cisco ASA Firewall Context
Example: Multiple Cisco catalyst 6500 series switches are collected into one virtual
switch that will boost communication mechanism by allowing system capacity of
about 1.4Tbps.
The overview of virtual switching system (VSS) is illustrated in the next page.
Chassis
Virtual Switching system (VSS) has multiple logical switches, each switch called
chassis. Communication between chassis is established through control information
that is enabled by introducing Virtual Switch Link (VSL) between chassis.
Contexts
Context enables the ability to partition single appliance into multiple virtual appliance
with specific policies within its own control and management. Features that are
supported on physical appliance are also supported of virtual context. Following are
the common Cisco devices, which support context features are:
Cisco Adaptive Security Appliance (ASA)
Cisco Intrusion Prevention System (IPS)
Cisco (ACE)
Cisco Nexus 7000 – Virtual Device Context (VDC)
Routing elements
Various layer 3 routing elements are virtualized to follow the advanced
infrastructure of network deployment.
Tunnelling
Tunnel is itself a logical approach to allow secure connectivity for the network
and devices. Tunnelling mechanism can also be virtualized for efficiently utilized
complex tunnel resource up to maximum.
In software defined network approach, tightly connected data plane and control plane
are divided with the introduction of flexible software program called “controllers”. The
decoupling of data and control plane introduce flexible and controlled flow of traffic.
The separation of data and control plane simplified network reconfiguration and
management. It allows flexible addition of network infrastructure and protocols over
the existing network with the help of software. SDN works on the basis of defining
interfaces of different functionality between centralized controller and network
devices.
Southbound API
The program interface required to communicate SDN controller with the network
devices or low-level devices is southbound interface. The network manipulation and
control is achieved by thick interface. The popular standard of southbound API is
“OpenFlow”.
OpenFlow is an open standard solution of southbound API. The decoupled data and
control plane in SDN establish communication through OpenFlow protocol.
OpenFlow enabled network devices or switches contain two logical entities. First
entity contains one or multiple flow tables and is responsible for managing the flow of
traffic. Second component is called OpenFlow client, which is responsible for the
connectivity of the network device and SDN controller.
Northbound API
The interface between controller and higher-level component of network such as
application is Northbound API. Infrastructure of the network can be controlled by this
interface according to the needs and requirements of the application.
Controllers
Centralized SDN controller manages intelligent and innovative networking. Control
mechanism of network is stretched to the SDN controller from devices interconnected
planes. This strategy has enabled centralization and easy management and
enforcement of policies of network through software programs.
Control plane has torn from data layer and placed centrally with role of central
management such as routing decision, mobility and how traffic is forwarded across
node.
Data center and campus core are connected by layer 3 service. The infrastructure of
data centre is design to support various security as well as layer 2 and layer 3 services
at access layer. Core layer of the data centre ensure high availability and high-speed
data transportation along with a highly reliable and resilient layer 3 infrastructures to
prevent network failure situations. Core layer aggregates multiple distribution layer
of data center, over which multiple functionalities are managed such as Layer 2
domains definition, security policies, STP processing, service module integration and
gate way redundancy. Access layer is the layer over which servers are placed. This
layer incorporate layer 2 and layer 3 abilities to support various server management
and administrative requirements.
Redundant and highly- available data center requires the following strategic and
intelligent techniques for the efficient utilization of data center expensive resources:
Sever Load Balancing Technique
Blocking vs Non-Blocking Layer2
Layer2 Extension
Server load balancing can be accomplished by employing redundant server inside the
data center network. This redundancy of data center components also supports in
situations of server or link failure or unwanted network scenarios. High availability of
network, high performance, redundancy and reliability are some of the benefits of
load balancing in data center network.
Popular server load balancing mechanisms are “Equal Cost Multi Path Forwarding
(ECMP)”, “Congestion-Aware Load Balancing (CONGA)” and “Presto” etc.
Generally switches are used in “non-blocking” mode for internal packet switching. This
design methodology is cost-effective and utilizes bandwidth efficiently because it is
nearly impossible that all ports are simultaneously using maximum allocated
bandwidth.
Blocking is introduced in the switches by using advanced STP protocols in data center
to prevent looping.
Layer 2 Extension
Layer 2 technologies can be implemented in data center network segment to support
virtualization techniques, interconnecting multiple data centers together and geo-
clustering.
Summary
Comprehensive expansion of network is required to meet the ever grown needs and
demands of business and corporate world. Integration of innovative technologies
enhances user experience and satisfaction. Building a unified, engaged, reliable and
flexible network design requires holistic approach to satisfy future expansion along
with collaborative exchange of communication, innovative technologies integration
and security policies enforcement. Each layer and level of network is complete
network itself. Implementing policies and rules over each level is essential to construct
a unified and incorporated network structure.
References
Al-shawi, M. (n.d.). CDE Study Guide. Retrieved from Cisco Press:
http://www.ciscopress.com/articles/article.asp?p=2448489&seqNum=6
Balchunas, A. (n.d.). Static vs Dynamic Routing. Retrieved from Router Alley:
http://www.routeralley.com/guides/static_dynamic_routing.pdf
Barker, K., & Valentine, M. (n.d.). Cisco CCENT ICND1 100-101 Exam Cram: Concepts in IP
Addressing. Retrieved from Pearson IT Certification:
http://www.pearsonitcertification.com/articles/article.aspx?p=2168927&seqNum=7
Bigelow, S. (n.d.). Virtualization Networking Services. Retrieved from Tech Target:
http://searchitchannel.techtarget.com/feature/Network-virtualization-explained
Campus and Data Network Design. (n.d.). Retrieved from
http://cdn.ttgtmedia.com/searchNetworkingChannel/downloads/campus_and_data
_center_network_design.pdf
Cisco. (2009, March 15). WAPP Traffic Study. Retrieved from Cisco:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-
wlan/99947-lwapp-traffic-study.html
Cisco. (n.d.). Internet Connectivity Options. Retrieved from Cisco:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_white_paper09186a0
0801281f1.shtml#wp39700
Cisco Networking Academy. (n.d.). Introduction to Routing Dynamically. Retrieved from
Cisco Press: http://www.ciscopress.com/articles/article.asp?p=2180210&seqNum=5
Cisco. (n.d.). Smart Solutions. Retrieved from Cisco:
http://www.cisco.com/web/services/downloads/smart-solutions-maximize-federal-
capabilities-for-mission-success.pdf
Cisco Systems, Inc. (n.d.). Benefits of Centralization in Wireless LANs. Retrieved from Cisco:
https://www.cisco.com/web/AP/wireless/pdf/Benefits_of_centralizedWLan.pdf
Cisco Systems, Inc. (n.d.). Data Center Design Guide. Retrieved from Cisco:
http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2014/CVD-
DataCenterDesignGuide-AUG14.pdf
Cisco Systems, Inc. (n.d.). Enterprise Mobility 7.3 Design Guide. Retrieved from Cisco:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/e
mob73/ch2_Arch.html#RTF5f5265663134313135393138
Cisco Systems, Inc. (n.d.). Introduction to Cisco Network Design. Retrieved from Cisco Press:
http://www.ciscopress.com/articles/article.asp?p=25259
Cisco Systems, Inc. (n.d.). Net Implementation. Retrieved from Cisco:
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-
networks/network-fabric/net_implementation_white_paper0900aecd80707cb6.pdf
Cisco Systems, Inc. (n.d.). Network Virtualization. Retrieved from Cisco:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualizatio
n/PathIsol.html
Cisco Systems, Inc. (n.d.). Virtual Switching System. Retrieved from Cisco:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-
switching-system-1440/prod_qas0900aecd806ed74b.html
Cisco. (n.d.). The Enterprise Campus. Retrieved from Cisco:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/campover.ht
ml#wp737141