Ccda Cisco Certified Design Associate Technology Workbook Exam 200-310

Cisco Certified Design Associate(CCDA)
Technology Workbook
Exam 200-310
www.ipspecialist.net
CCDA Workbook
Document Control
Proposal Name : CCDA Workbook

Document Version : 1.0
Document Release Date : 1 August 2017
Reference : CCNA_WB_CCDA
IPSpecialist.net 2 1 August 2017

CCDA Workbook
Table of Contents
About this Workbook ...........................................................................................................7

Cisco Certifications ...............................................................................................................7
How does Cisco certifications help? ................................................................................8
Cisco Certification Tracks.................................................................................................8
About the CCDA Exam .........................................................................................................9
How to become CCDA? ........................................................................................................9
Chapter 1: Network Design Methodologies ........................................................................11
Business Driven Design ....................................................................................................11
Brief History of Computer Networks..............................................................................12
OSI Reference Model .......................................................................................................14
TCP/IP Reference Model .................................................................................................18
Enterprise Architecture ..................................................................................................20
Cisco Life Cycle Approach ...............................................................................................21
Plan Phase ....................................................................................................................22
Build Phase ...................................................................................................................23
Manage Phase ..............................................................................................................24
Network Design Methodology .......................................................................................24
Design Approach .........................................................................................................25
Design Considerations ................................................................................................26
Identifying Customer Requirements..........................................................................26
Factors affecting your design......................................................................................28
Network Design Building Blocks................................................................................29
Summary .......................................................................................................................... 35
Chapter 2: Network Design Objectives..............................................................................36
General Design Guidelines .............................................................................................36
Enterprise Campus Design..............................................................................................37
Network Modularity and Hierarchy...............................................................................37
Access Layer.................................................................................................................40
Distribution Layer ........................................................................................................41
Core Layer.....................................................................................................................41
Datacenter....................................................................................................................45
Enterprise WAN ..........................................................................................................46
Internet Edge ...............................................................................................................46
Enterprise Branch........................................................................................................46
Enterprise Teleworker.................................................................................................46
Network Resiliency..........................................................................................................47
Network Scalability .........................................................................................................48
Network Fault Domains .................................................................................................49
Summary.......................................................................................................................... 49
Chapter 3. Addressing and Routing Protocols in an Existing Network ..........................50
Design Consideration for IP Addressing Schemes........................................................50
Concept of Scalable Addressing ......................................................................................51

CCDA Workbook
Hierarchy ...................................................................................................................... 51
Summarization .............................................................................................................51
Design Consideration for Effective IP Address Scheme ...............................................52
Subnetting ....................................................................................................................53
Network Address Translation (NAT) .........................................................................53
Routing Protocol Scalability Considerations.................................................................57
Number of Peers ..........................................................................................................57
Convergence Requirements........................................................................................58
Summarization Boundaries and Techniques ............................................................58
Number of Routing Entries.........................................................................................59
Impact of Routing Table of Performance ..................................................................59
Size of the Flooding Domain ......................................................................................59
Topology....................................................................................................................... 59
Routing Protocols Overview...........................................................................................59
Static Routing ..............................................................................................................59
Dynamic Routing Protocols .......................................................................................60
Interior Gateway Protocol ..............................................................................................62
Distance Vector Routing Protocol .............................................................................62
Link-State Routing Protocol .......................................................................................63
Exterior Gateway protocol ..............................................................................................65
Routing Protocol for the Enterprise ..............................................................................66
Open Shortest Path First (OSPF) ...............................................................................67
Enhanced Interior Gateway Routing Protocol (EIGRP) ...........................................68
Border Gateway Protocol............................................................................................69
Interior Border Gateway Protocol (iBGP) Peering....................................................69
Exterior Border Gateway Protocol (eBGP) Peering ..................................................69
Designing a Routing Protocol Deployment ..................................................................70
Routing in Campus core .............................................................................................70
Routing in Distribution Layer ....................................................................................70
Routing in Enterprise Edge Functional Area .............................................................71
Routing in Remote Access and VPN ...........................................................................71
Advanced Routing Strategies ..........................................................................................71
Route Redistribution....................................................................................................71
Route Filtering .............................................................................................................74
Route Summarization .................................................................................................74
Important Routing Design Considerations ...............................................................75
Summary .......................................................................................................................... 75
Chapter 4: Enterprise Network Design..............................................................................76
Basic Campus Network Design.......................................................................................77
Campus Network Design Consideration ...................................................................77
Design Campus Infrastructure Module .....................................................................85
Campus Access Layer Design Consideration ............................................................86
Campus Distribution Layer Design Consideration...................................................93
First Hop Redundancy Protocols (FHRP) .................................................................94
Layer 2/Layer 3 demarcation ......................................................................................95
Virtual Switching System............................................................................................95
Campus Core Layer Design Considerations..............................................................96
Edge Distribution at the campus core .......................................................................96

CCDA Workbook
Important Layer 2 Design Considerations.................................................................97

Enterprise Campus Data Center Design Considerations .............................................99
Cisco Enterprise Data Center Architecture Framework ..........................................99
Virtualization...............................................................................................................99
Unified Computing ....................................................................................................100
Unified fabric..............................................................................................................100
Enterprise Data Center Infrastructure .....................................................................100
Design a Basic Enterprise Network...............................................................................102
Layer 3 Protocols and Redistribution .......................................................................108
WAN connectivity......................................................................................................108
WAN Topology ..............................................................................................................108
Hub and Spoke ...........................................................................................................108
Spoke to Spoke ...........................................................................................................109
Point to Point .............................................................................................................109
Partial Mesh................................................................................................................109
Full Mesh .....................................................................................................................110
Connectivity Methods ....................................................................................................110
DMVPN........................................................................................................................ 110
GET VPN....................................................................................................................... 111
MPLS Layer 3 VPN .......................................................................................................111
Layer 2 VPN..................................................................................................................111
Static IPsec ...................................................................................................................111
GRE ............................................................................................................................... 111
VTI ................................................................................................................................ 111
Resiliency.......................................................................................................................... 111
Connections to the Data Center ................................................................................113
Connectivity to Edge Module.....................................................................................113
Design Enterprise Tele-worker ..................................................................................113
Design a Basic Enterprise Branch Network ..................................................................114
Enterprise Branch Network Design Consideration ..................................................114
Redundancy.....................................................................................................................114
Connectivity ................................................................................................................115
Hardware .....................................................................................................................115
Service provider...........................................................................................................115
Link capacity................................................................................................................115
Summary.......................................................................................................................... 116
Chapter 5: Consideration for Expanding an Existing Network .......................................117
Fundamentals of Wireless Network ..............................................................................117
Basic Wireless Infrastructure .....................................................................................118
Wireless Authentication.............................................................................................119
Access Points...............................................................................................................119
WLAN Controllers .....................................................................................................120
LWAPP and CAPWAP Fundamentals .......................................................................121
Elements of Cisco Unified Wireless Network Architecture........................................122
Design Considerations for Wireless Network Architecture........................................123
Radio Frequency (RF) Site Survey .............................................................................123
Design Considerations for Campus Wireless Networks .........................................126
Physical and Virtual Controllers ...............................................................................127

CCDA Workbook
Centralized and Decentralized Designs ...................................................................128

Split Media Access and Local Media Access Designs ..............................................130
Design Considerations for Branch Wireless Networks............................................132
Design Considerations for Guest Services in Wireless Networks ...........................133
Design Considerations for Outdoor Wireless Networks.........................................134
Integration Considerations and Requirements for Controller-Based Wireless
Networks ......................................................................................................................... 137
Traffic flows.................................................................................................................137
Bandwidth Consumption...........................................................................................137
Lightweight Access Point (AP) and Controller Connectivity..................................137
Quality of Service (QoS) ............................................................................................138
Secure Branch..............................................................................................................141
Secure Campus ...........................................................................................................142
Secure Data Center ....................................................................................................142
Secure Edge.................................................................................................................143
Secure Cloud ...............................................................................................................143
External Zones............................................................................................................144
High-Level Considerations for Collaboration Applications........................................145
Quality of Service (QoS) ............................................................................................155
Traffic Shaping ...........................................................................................................156
Traffic Policing ...........................................................................................................156
Trust Boundaries ........................................................................................................156
Delay............................................................................................................................ 156
Capacity....................................................................................................................... 158
Convergence Time .....................................................................................................158
Service Placement ......................................................................................................158
Concepts of Virtualization within a Network Design .................................................158
Design Considerations of Virtual Network ..............................................................159
Types of virtualization ...............................................................................................159
Identification of Network Elements that can be virtualized ......................................160
Virtual Switching System (VSS)................................................................................160
Chassis ......................................................................................................................... 161
Virtual Device Context (VDC) ...................................................................................161
Contexts....................................................................................................................... 161
Routing elements .......................................................................................................162
Tunnelling...................................................................................................................162
Virtual Routing and Forwarding (VRFs) ..................................................................162
Concepts of Network Programmability with in a Network Design ...........................162
Application Program Interfaces (APIs).....................................................................163
Controllers ..................................................................................................................164
Application Centric Infrastructure (ACI).................................................................164
Data Center Components ..............................................................................................165
Server Load Balancing Basics ....................................................................................166
Blocking vs. Non-Blocking Layer 2 ...........................................................................167
Layer 2 Extension .......................................................................................................167
Summary......................................................................................................................... 168
References .......................................................................................................................... 169

CCDA Workbook
About this Workbook

This workbook covers all the information you need to pass the Cisco CCDA 200-310
exam. The workbook is designed to take a practical approach of learning with real life
examples and case studies.
 Covers complete CCDA blueprint

 Summarized content
 Case Study based approach
 Ready to practice labs on IPS Virtual Racks
 Pass guarantee
 Mind maps
Cisco Certifications
Cisco Systems, Inc. specializes in networking and communications products and
services. A leader in global technology, the company is best known for its business
routing and switching products that direct data, voice, and video traffic across
networks worldwide.
Cisco also offers one of the most comprehensive vendor-specific certification

programs in the world, the Cisco Career Certification program. The program has six (6)
levels, which begins at the Entry level and then advances to Associate, Professional,
and Expert levels. For some certifications, the program closes at the Architect level.
Figure 1. Cisco Certifications Skill Matrix. Copyright 2013 by Cisco and/or its affiliates.

CCDA Workbook
How does Cisco certifications help?
Cisco certifications are a de facto standard in networking industry, which helps you
boost your career in the following ways:
1. Gets your foot in the door by launching your IT careerBoosts your confidence
level
2. Proves knowledge which helps improve employment opportunities
As for companies, Cisco certifications is a way to:
1. Screen job applicants

2. Validate the technical skills of the candidate
3. Ensure quality, competency, and relevancy
4. Improve organization credibility and customers loyalty
5. Meet the requirement in maintaining organization partnership level with
OEMs
6. Helps in Job retention and promotion
Cisco Certification Tracks
Figure 2. Cisco Certifications Track

CCDA Workbook
About the CCDA Exam

 Exam Number: 200-310
 Associated Certifications: CCDA
 Duration: 90 minutes (55-65 questions)
 Exam Registration: Pearson VUE
The Designing for Cisco Internetwork Solutions (DESGN) exam (200-310) is a 75-
minute assessment with 55–65 questions that are associated with the Cisco CCDA®
Design certification. This exam requires a foundation or apprentice knowledge of
network design for Cisco enterprise network architectures. CCDA- certified
professionals can design routed and switched network infrastructures and services
involving LAN/WAN technologies for SMB or basic enterprise campus and branch
networks.
The following topics are general guidelines for the content that are likely to be
included on the exam:
 Design Methodologies 15%

 Design Objectives 20%
 Addressing and Routing Protocols in an Existing Network 20%
 Enterprise Network Design 20%
 Considerations for Expanding an Existing Network 25%
Complete list of topics covered in the CCDA exam can be downloaded here:
https://learningcontent.cisco.com/cln_storage/text/cln/marketing/exam-topics/200-
301-desgn.pdf
How to become CCDA?

Step 1: Pre-requisites
Any valid Cisco CCENT, CCNA Routing and Switching, or any CCIE certification can
act as a prerequisite.
Step 2: Prepare for the CCDA Exam

Exam preparation can be accomplished through self-study with textbooks, practice
exams, and on-site classroom programs. This workbook provides you all the
information and knowledge to help you pass the CCDA Exam. Your study will be
divided into two distinct parts:
 Understanding the technologies as per exam blueprint

 Implementing and practicing the technologies on Cisco hardware
IPSpecialist provides full support to the candidates in order for them to pass the exam.

CCDA Workbook
Step 3: Register for the exam

Certification exams are offered at locations throughout the world. To register for an
exam, contact the authorized test delivery partner of Cisco, contact Pearson VUE, who
will administer the exam in a secure, proctored environment.
Prior to registration, decide which exam to take, note the exam name and number. For
complete exam details, refer to the “Current Exam List” from the Cisco website.
Other important details to note are the following:
1. Your personal information prior to exam registration

a. Legal name (from government issued ID)
b. Cisco Certification ID (i.e. CSCO00000001) or Test ID number
c. Company name
d. Valid email address
e. Method of payment
2. If you have already taken a Cisco exam before, please locate your Cisco
Certification ID (i.e. CSCO00000001) before continuing with your registration
to avoid duplicate records and delays in receiving proper credit for your exams.
3. A valid email is required during exam registration. Cisco requires this in order
to send email reminders when a candidate's certification is about to expire,
confirm the mailing address before shipping out the certificate, and to inform
candidates if their certificate was returned due to an incorrect address.
4. Pearson VUE is the authorized test delivery partner of Cisco. You may register
online, by telephone, or by walk in (where available).
How much does an exam cost?

Computer-based certification exam prices (written exam) depend on scope and exam
length. You may refer to the "Exam Pricing" page on the Cisco website for complete
details.
Step 4: Getting the Results

After completing an exam at an authorized testing centre, you will get immediate
online notification of your pass or fail status, a printed examination score report that
indicates your status, as well as your exam results by section.
Congratulations! You are now CCDA Certified.

CCDA Workbook
Chapter 1: Network Design Methodologies
Business Driven Design

Network planning and design is an iterative process of topological design, network
sizing, and capacity planning, in order to ensure that a new network or service meets
the business needs of the end user.
Business-driven network design is the method of developing solutions in order to

directly meet the requirements of businesses. This is achieved through a model-driven
approach, which starts off with the business strategy, demands, and objectives. All
these are then transformed into an IT solution. Due to the alignment of the business
layer and the technology layer, it is possible to propagate changes of the business
automatically to the technology systems that leads to increased flexibility and shorter
turnaround times when changing the business and adapting the technology systems.
Imagine a building designed by an architect for a hospital, which is completely

different from a building designed for residential purposes. Each part of the design has
to be evaluated to meet the business requirements of the customer. Sizes of the
foundation, rooms, pantry, flooring, air-conditioning, electricity, water, and etc. are
planned accordingly. Future plans for expansion should also be accounted for and the
design should be flexible and adaptable to customer changing needs. Modularity and
simplicity play an important role in accommodating the future requirements.
The following points should be considered for a successful business driven design:
Business Growth. You need to consider the network usage requirement both for
temporary and permanent growth. Network usage has become very dynamic and
difficult to predict due to the rise of different type of devices and access medium used.
Network management and monitoring tools are your best friends in defining the
baseline traffic/network utilization and predicting the future growth.
Real Life Scenario

Suppose you worked with a large airport where the wireless network was designed to cater the
needs of corporate employees only. The design was entirely based on coverage area. Later, the
management decided to open the Wi-Fi Internet for passengers on a different SSID in order to
improve customer experience. It turned out to be a bad decision as a large number of
complaints were received due to poor performance. The wireless network was not designed to
cater the high-density requirements of passengers.
Modularity. A modular design breaks the entire network into smaller blocks. Each
block components can be easily added or removed without affecting other parts. It
also helps during implementation and troubleshooting of complex networks. With the
expansion of network, new modules can be added to meet the business needs.

CCDA Workbook
“Keep it Simple”. The design should be simple and logical with easily- identifiable
traffic flows. A simple design helps in quickly responding to changes in network
requirements.
Adaptability to New Technologies and Trends. A number of new technological

evolutions have changed the design landscape. Big data, cloud computing, Internet of
Things (IoT), software-defined networks, mobile devices, BYOD, virtualization, are all
very new trends that should be carefully planned and designed to meet the business
requirements.
Real Life Scenario

Decision to host your applications with cloud provider as compared to in-house datacentre
will completely change the design landscape. Business will drive the decision to proceed with
an on-premises vs. cloud service. It depends on a number of factors. Some of the questions to
ask yourself are:
 Where should the data be located?
 Are we compliant to country laws and regulations by hosting a data with third party?
 How to ensure the security compliance?
 What is the cost/benefit analysis/TCO?
 What are the timelines to deploy this service?
 Management, operations and support of the infrastructure
 Do we have enough CAPEX to invest for an on-premises solution?
Brief History of Computer Networks

Exchange of data in computers is made possible through the use of a cable or wireless
link called a computer network or data network. The best-known computer network is
the Internet.
Below is a timeline of the history of computer networks:
Year Event
George Stibitz, internationally- recognized as one of the fathers of the first

modern digital computer, sent commands to the Complex Number Computer
1940
in New York by using a teletype, the first computing machine ever used
remotely.
American Airlines partners with IBM to implement the SABRE reservation

system and online transaction processing. Using telephone lines, SABRE links
1964
2,000 terminals in 65 cities to a pair of IBM 7090 computers and is able to
deliver data on any flight in less than three seconds.

CCDA Workbook
The Advanced Research Projects Agency Network (ARPANET), an early packet

switching network was launched. It was the first network to implement the
1980 protocol suite TCP/IP. Access to the ARPANET is expanded in 1981. In 1982, the
internet protocol suite (TCP/IP) was introduced as the standard networking
protocol on the ARPANET.
Low-level links between computers and peripherals was established such as

protocols like Ethernet or Token Ring. Being only a part of the solution in the
workplace, a hodge-podge of third party “network operating systems,”
including Novell Netware, and built-in solutions like Apple’s AppleTalk were
1982
created in order to enable workers to do higher-level tasks such as sending e-
mail, exchanging files, and sharing printers.
But in the 1990s, Internet protocols will replace them all.
OSI (Open Systems Interconnect) is the first with international backing, and
1984
support from the International Standards Organization as an official standard
U.S. Internet protocols (TCP/IP) get a major boost when the National Science
foundation forms the NSFNET, linking five supercomputer centers at Princeton
1985
University, Pittsburgh, University of California at San Diego, University of
Illinois at Urbana-Champaign, and Cornell University.
1990 World Wide Web was born

Upon the change of policy of the National Science Foundation (NSF) the
1991 Internet was a publicly accessible network with no commercial restrictions for
the first time.
At the end of 1996, the 36 million Web users surpassed the 30 million or so on
1996 France’s Minitel, until now the most popular online system. By decade’s end,
the Web will hit 360 million.
In the UK, on March 31st 2000, home ADSL – asymmetric digital subscriber line
was launched by Telewest. Goldsmith Road in Gillingham, Kent, is the first
2000
street to receive the technology. In 2002, there were fewer than 200,000
broadband users, but just four years later, there were around 13 million.
Online file sharing and personal cloud content management service for
businesses were launched by Box. By 2006, Amazon Web Services introduces its
2005
cloud storage service and gains widespread recognition as the storage supplier
to emerging services such as Dropbox and Pinterest.

CCDA Workbook
Broadband speeds were made faster, reaching 100Mbps easily through Fiber-
2011 optic broadband and new DOCSIS standards. Thus, creating the need for better
routers to match the broadband speed.
The new Wi-Fi standard 802.11ac launches, offering faster speed (over 2Gbps)
2014 compared to 450Mbps of the previous 802.11n standard. Along with this comes
better signal coverage. 802.11ac was ratified in 2014.
OSI Reference Model

In the OSI, or Open System Interconnection model, controls are passed from one layer
to the next. As a networking framework that has seven layers, control starts at the
application layer, then to the bottom layer, and back up at the hierarchy. The steps to
be used to transfer data are prescribed by the OSI.
Type No. Layer Function Unit Example Memorizin

Protocols g Phrase
Host 7 Application Provides services to Data HTTP, FTP, All
Layer the software through Telent, DNS,
(Upper which the user SNMP, IMAP,
Layers) requests network LDAP, POP,
services NTP
6 Presentatio Responsible for data Data ASCII, JPEG, People
n representation and TIFF, GIF
code formatting
5 Session Establishes, Data NetBIOS Seem
maintains, and
manages the
communication
between computers
Media 4 Transport Segme TCP, UDP To
Layer Provides for reliable nt SCTP
(Lower transmission of data
Layers) segments,
disassembly and
assembly of the data
before and after
transmission
3 Network Packet IP, ICMP, Need
Defines the IGMP, IPX,
processes in routing IPSec
data across the
network, and the
structure and use of
logical addressing
2 Datalink Frame Ethernet, Data
Divided into two Frame- relay,
separate layers: the PPP
Media Access
Control (MAC),

CCDA Workbook
which controls how

devices connected
gain access; and the
Logical Link Control
(LLC), which
controls error
checking, possible
fixes, and packet
synchronization.
1 Physical Bits RJ45, 802.3, V, Processing
Defines the HUB, Repeater
electrical and
physical
specifications for the
networking media
that carry the data
bits across a network
Figure 3. OSI Model
Flow of data from one machine to another machine

Let us take an example of how the data flows when the traffic is sent from one recipient
to another recipient.
Sally would like to transmit a message to Alia. Application layer of both sides need to
communicate with each other, however, the date must pass all the other layers to
successfully present it to Alia. Control information from each layer is added to the
data before it passes to lower layers. This control information is necessary to allow the
data to go through the network properly. Thus, the data at each layer is encapsulated
or wrapped in the information appropriate for that layer.
1. Application (e.g Outlook) running on the source device creates data (email).
This happens at the Application layer.
2. The message was supposed to be encrypted which happens at the

Presentation Layer.
3. At the Session layer it appends the Session ID. At this point the information
is still one block of data.
4. Next, data goes down to the Transport layer. The Transport layer breaks the
data into blocks of data, which we call, Segments. Each Segment also gets
the Port number to identify which upper layer application needs to receive the
data on the destination device.
5. The Segment is then passed to the Network layer. The Network layer takes the
Segment, which includes the Port number, and appends the source and
destination IP address. At that point the Segment becomes a Packet.

CCDA Workbook
6. The Packet is then passed to the Data Link layer where the source and
destination MAC address and the CRC is added. It is now converted to Frame.
7. The Frame then is sent to the physical device where it is translated into signal,
whether it’s electrical, radio wave, and light. We call it Bits. Signals are
prepared by Network Interface Card (NIC), which are then sent to the
transmission medium.
8. The destination device receives series of bits and interprets them as a Frame. It
then examines the MAC addresses and CRC. It removes MAC addresses and the
CRC, and passes the data up to the Network layer. At this point the IP
addresses within the packet are examined. Packet is forwarded up to the
Transport layer where the Segment is then examined. The Port number is
looked at and the Segment gets forwarded up the to the appropriate application
specified by the Port number. At this point the Session ID is used, any
encryption may be removed, and the data in its original form is presented to
the application that needs to interpret it.

CCDA Workbook
Figure 4. OSI Data Flow

CCDA Workbook
Figure 5. OSI Mind map
TCP/IP Reference Model

In the 1960s, the Department of Defense’s (DoD) Advanced Research Projects Agency
(ARPA) built a nationwide packet data network called TCP/IP. TCP/IP has a reference
model very similar to OSI reference model. When the OSI standard was published,
TCP/IP was already in development, thus allowing interaction between the developers
of OSI and TCP/IP standards.
While OSI is a seven-layered standard, TCP/IP is four- layered. The growth and
development of the TCP/IP standard has been largely influenced by OSI model. Much
of the terminologies used in OSI can be applied to TCP/IP.
The four (4) basic layers of TCP/IP network are:
 Network interface (Layer 1): Deals with all physical components of network
connectivity between the network and the IP protocol
 Internet (Layer 2): Allows the movement of data between two network devices
over a routed network
 Host-to-host (Layer 3): Manages the flow of traffic between two hosts or
devices, ensuring that data arrives at the application on the host for which it is
targeted
 Application (Layer 4): Acts as final endpoints at either end of a communication

session between two network hosts

CCDA Workbook
No. OSI Model TCP/IP Model No.

7 Application
6 Presentation Application 4
5 Session
4 Transport Transport 3
3 Network Internet 2
2 Datalink
Network Access 1
1 Physical
Figure 6. OSI Vs TCP/IP Reference Model
There are two separate protocols in TCP/IP: Transmission Control Protocol (TCP) and
Internet Protocol (IP).
 The Internet Protocol (IP) standard guides the detailed coordination of packets
sent out over the network. It directs the destination of the packets as well as
the how packets will get there. IP has a method that lets any computer on the
Internet forward a packet to another computer that is one or more intervals
closer to the packet's recipient. It is like a letter delivered from US to Australia
passes through different hops and check posts before reaching destination.
 The Transmission Control Protocol (TCP) is ensures that data is transmitted
across Internet-connected networks TCP checks packets for errors and submits
requests for re-transmissions if any are found.
TCP Handshake
A three-way-handshake is a method used in a TCP/IP network to create a connection
between a local host/client and server. It is a three-step method that requires both the
client and server to exchange SYN and ACK (acknowledgment) packets before actual
data communication begins.
TCP 3-Way handshake works as follows:
 Client sends a TCP SYN packet to Server

 Server sends a SYN-ACK
 Client sends ACK
 TCP socket connection is ESTABLISHED.

CCDA Workbook
Figure 7. TCP 3-Way Handshake
Enterprise Architecture
The enterprise network design requirements of current customers have changed a lot
for the last 15 years. The applications have become complex in nature with business
demanding 100% availability of the applications. Some of the applications that have
become integral part of consumer are:
E-mail. A business without email service would be hard to imagine nowadays. With
the introduction of digital certificates, emails have been already considered as
authentic as a person signing on a paper. On a daily basis, millions of emails are
exchanged among users and is considered as the primary medium authentic
communication channel.
E-Commerce. A large number of businesses now has a website that allows Internet
users to buy their goods or services, which translates to 40% of worldwide internet
users having bought products online. This number means that more than 1 billion
online buyers and is projected to continuously grow.
Real Life Scenario

In 2013, the website of Amazon, one the largest seller of online services, went down for 40
minutes. This has cost the retailer a loss of around 5 million dollars.
E-Banking. Also known as Internet Banking, refers to the banking services provided
by the banks over the internet. Some of these services include 24/7 access to bills
payment, funds transfer, viewing of account statement, and loans.
Video Conferencing. This is another communication channel that has become an

integral part of personal and businesses. Skype, Google Hangout, Viber, Watsapp, etc.
are all being used by millions of people all over the world.
The campus network, as defined for the purposes of the enterprise design guides,
consists of the integrated elements with set of services used by a group of users and
end-station devices that all share the same infrastructure. These include the packet-
transport services (both wired and wireless), traffic identification and control (security
and application optimization), traffic monitoring and management, and overall

CCDA Workbook
systems management and provisioning. These basic functions are implemented in

such a way as to provide and directly support the higher-level services provided by the
IT organization for use by the end user community. These functions include:
 High Availability Services
 Access and Mobility Services
 Application Optimization and Protection Services
 Virtualization Services
 Security Services
 Operational and Management Services
Drivers Effecting Network Design

Following are the major drivers which dictates the over network architecture of an
enterprise:
Return on Investment (ROI). ROI is the performance measure used to evaluate the
efficiency of an investment. The investment proposed to deploy a certain
infrastructure should be justifiable to management and the design proposal should
clearly state the benefits of this architecture in reducing cost and improve efficiency of
the company.
Compliance to Regulations and Standards. With companies bound to comply with

local and international regulations, compliance to these standards provides better
quality, efficiency, trust, and helps manage risks in an enterprise. It could also be a
competitive differentiation for the company. Every industry has their own set of
standards (i.e. the credit card industry must comply with PCI standard).
Enhance Productivity. Companies invest in latest technologies to improve

productivity in which network stability and efficiency plays an important role
especially for organizations that aim to provide products and services globally.
Applications. With time, applications and software servicing the needs of the
customers are becoming complex and hungry of resources. The network should be
capable in supporting the growing need of applications.
Here are some key concepts that you should address when creating a reliable and
versatile network design. The network should be:
 Self-healing— Continuously on and available.

 Self-defending— Protecting the organization and its users.
 Self-optimizing— Adapting to changing needs, beyond the limits of basic
standards.
 Self-aware— Driving change through insight into network activity.
Cisco Life Cycle Approach

The Cisco Lifecycle Services portfolio includes a broad range of services that helps
increase a company network’s business value and return on investment by harnessing
the network as a powerful business platform.

CCDA Workbook
Figure 8. Cisco Life Cycle Approach
Plan Phase
This phase involves developing an architectural strategy, transformational road map,
and designs.
Strategy and Analysis

Theses services help effectively support new and future business requirements by
creating architectural strategies and roadmaps for transforming network architecture
and operations management. These enables:
 Architecture transformation and network operations, and engineering
management efforts
 Accelerated development of a cost effective strategy with a measurable ROI
 Successful transformation of infrastructure, management, people, and
processes
Assessment
This helps determine the IT and network infrastructure’s compliance to best practices
and policies and/or readiness to support a new technology, application, architecture,
or solution, in order to:
 Reduce deployment costs and adoption delays
 Improve the ability of the operation team to support the new technology
 Budget more effectively through accurate identification of incremental
investment requirements

CCDA Workbook
Cisco Smart Services takes companies from architectural vision to business solutions.
Smart Services is a simple four-step process that helps organizations enable
architectures, a high-performing network, and business solutions. These steps include:
1. Align Business and IT Strategy – envision IT architecture
2. Improve Operational Efficiency – optimize infrastructure
3. Increase Business Agility – enable architectures
4. Drive Business Innovation – implement solutions
Design
Design Services creates flexible, resilient, scalable architectural foundation to support
business solutions by developing IT and network infrastructure designs of
applications, operations processes, and network management. They:
 Improve network infrastructure performance, security, and scalability
 Accelerate adoption of new technologies and improve return on investment
 Reduce expensive and time-consuming redesign
 Strengthen the proficiency of your deployment team and operations team
Build Phase
Build phase validate, implement, and migrate new solutions and applications.
Validation
Validation Services confirm that solutions meet the requirements for availability,
security, reliability, and performance through assessment and issue resolution in a lab
environment before implementation in the production network.
This helps:
 Mitigate risks associated with updating the production network
 Accelerate time to market and solution adoption
 Reduce costly delays, risks, and rework
 Improve availability
Deployment
Deployment Services helps deploy new IT and network solutions or applications.
These services achieve:
 Reduced delays, rework, and other problems during implementation
 Decreased production network disruption during deployment
 Business and technical goals of the new solution
Migration
Migration Services controls costs, improve operational excellence, and mitigate risk
during device, network, and software refreshes. With a systematic, holistic, efficient
approach to upgrading the network infrastructure, the following are met:
 More effective budget for network operations costs
 Reduced system outages and support issues
 Accelerated time to revenue through faster deployment and cutover time
when migrating
 Reduced operating expenses
 New capabilities with potentially lower total cost of ownership

CCDA Workbook
Manage Phase
Manage Phase optimizes infrastructure, applications, and service management.
Operations Management
These services are geared towards network simplification and in lowering the total
cost of network ownership. Operations Management Services also allows faster
adaptation of advanced technologies without losing visibility and control. These
services:
 Solve problems faster and manages risk and growth in your network more
effectively
 Pre-empt incidents and reduce the effects of those that cannot be prevented
 Accelerate adoption of advanced technologies
 Enable a higher quality end-user experience
Product Support
Product Support Services helps increase operational efficiency, lower support costs,
and improve availability risk management through automated network-equipment
inventory management and award-winning support. With these services, companies
achieve:
 More effective risk management and planning for equipment upgrades, and
compliance with corporate policies
 Identification and resolution of issues and reduction of downtime
 Streamlined contract management and faster access to support resources
Solution Support
Solution Support Services increases solution uptime and employee productivity
through priority access to dedicated and focused resources to manage, troubleshoot,
and speed resolution of issues that might arise within complex, multivendor solutions.
They supplement product-level technical support to:
 Quickly isolate and resolve issues that may arise within the solution
 Improve the performance of IT and network operations
 Increase the availability of the applications supported within the solution
Optimization
Optimization Services helps optimize network and IT infrastructure, applications, and
service management. They identify gaps, deliver recommendations, and provide
expert support in order to:
 Improve the performance, availability, resiliency, and visibility of your
network and IT services
 Prepare the network and IT infrastructure for change and more effectively
manage change
 Increase your team’s self-sufficiency
 Reduce operating costs and improve return on your investments
 Mitigate risks that can compromise the privacy and security of data
Network Design Methodology

With the blast of technologies like Cloud Applications and Internet of Things(IoT),
efficiency and reliability of today’s network are highly critical. Single minute of down

CCDA Workbook
time of an e-commerce website can cost millions of dollars of loss. This also damages
company reputation and credibility in the market. Consider a top airlines website is
down for couple of hours can really ruin their business.
Real Life Scenario

“Delta Air Lines said the computer outage it suffered in August, which cancelled thousands of
flights, cost the carrier $100 million in revenue.” -USA Today, 26 September 2016
Design Approach
One of the core principal of network design is to take a top-to-bottom approach. With
this approach, the process starts with identifying the technology needed and then
design it from top-down. The application layer is the starting point followed by
subsequent layers to facilitate the service enablement.
Bottom-up approach starts from the physical layer then moving up to incorporate
switches, routers, firewalls, and etc. in the design. The design could be quicker to
implement but it may miss some organizational requirements.
Figure 9. Design Approach
The design should always be evaluated to meet the business requirements especially
that there is a difference in approach between the IT/technical team and the
management. For example, IT will look forward to virtualization and consolidation
technologies as it will ease the management and quick fault isolation while
management will look at it from cost saving and quick service provisioning with lesser
time to market.
The top-down approach can be summarized as follows:

 Analysis of business goals and objectives.
 Translation of business requirements into technical and functional
requirements
 Development of the logical and physical design

CCDA Workbook
 Review, documentation, and optimization of the design to achieve the business

goals
Design Considerations
The network designer should keep the following design considerations:
Scalability. Network modular and scalable must meet the future needs of business.
Scalable network designs can grow support new applications without impacting the
level of service.
Availability. Network should be reliable and available 24/7. The availability
requirements of a customer vary depending the nature of the business (i.e. an e-
commerce website should be available at all times while a guest complimentary Wi-Fi
system unavailability may not make significant impact on business).
Security. Security of network systems is not an optional item anymore. With the
increased use of cloud applications, mobile devices, and BYOD have changed the
security landscape completely. Planning the location of security devices, filters, and
firewall features is critical to safeguarding network resources.
Manageability. Network should be easy to manage and operate. Network
management tools improve operational efficiency, performance monitoring, and
troubleshooting. A network that is too complex or difficult to maintain cannot
function effectively and efficiently.
Identifying Customer Requirements

Every new activity, new product, and new project is created in response to a business
need. Despite spending tremendous time and resources, a situation where there's a
mismatch between what has been designed and what is actually needed could still
exist.
A focused and detailed business requirements analysis can help avoid problems like
these. This is the process of discovering, analyzing, defining, and documenting the
requirements that are related to a specific business objective. And it's the process by
which you clearly and precisely define the scope of the project, so that you can assess
the timescales and resources needed to complete it.
This list provides you simple steps to identify customer business requirements:
1. Identify Key Stakeholders
2. Capture Stakeholder Requirements
a. Interviews
b. Workshops
c. One to one meetings
3. Categorize Requirements
a. Functional Requirements – define how a network should function from
the end-user's perspective. They describe the features and functions with
which the end-user will interact directly.
b. Operational Requirements –define operations that must be carried out in
the background to keep the network functional over a period of time.
c. Technical Requirements – define the technical issues that must be
considered to successfully implement the process or create the network
design. Example of technical requirements are,
CCDA Workbook
i. High availability
ii. Quality of Service (QoS)
iii. Security
iv. Scalability
d. Transitional Requirements – the steps needed to implement the new
product or process smoothly.
4. Document the requirements and get customer sign-off
Figure 10. Identifying Customer Requirements Process
The key to a successful analysis is identifying what the new system will do for all
appropriate end-users/stakeholders – and to understand what they expect to achieve
from the project. You can use various techniques to gather requirements, but make
sure those requirements are clear, concise, and related to the business.
Once you complete your analysis, record it in a written document. This becomes the
official customer requirement document (CRD) for designing the solution of your
client.
Real Life Scenario

You are working for a system integrator as a junior network design engineer. Your manager
has recently asked you to work with a customer who is willing to deploy a Wi-Fi network. You
will be working with the customer to extract the business, functional and technical
requirements.
You arranged a couple of workshops with the customer and extracted the following
information:
Customer Information
Customer runs a large Chinese restaurant in the centre of the city for the last 10 years. The
restaurant is quiet famous in the area due to quality food.

CCDA Workbook
Business Requirement
Customer is willing to provide free Wi-Fi service to its customer, which is expected to:
-Increase customer foot traffic
-Increase customer stickiness
-Attract new customer
-Help differentiate from competitors
-Meet customer expectations
Functional Requirements
-On boarding to the Wi-Fi network should be as simple as possible
-A landing page with restaurant promotions should be displayed on first time login
-Solution should deploy the minimum possible on-premises equipment
-As it’s a complimentary service: high availability is not a requirement at this stage
-Customers should be able to play HD videos over the network
-Solution should be able to cater up 50 concurrent users
Technical Requirements
-802.11 ac standard will be used for high throughput
-Cloud based solution will be deployed to avoid any on premise backend equipment
requirement
-Open SSID with a redirection to landing page will be used for simplicity purpose
-Each user will be allocated 2Mbps internet bandwidth
-100 Mbps DSL link will be ordered from the local ISP
Note: Above scenario only demonstrates few requirements as an example. With the full analysis
you should be able to produce the final design.
Factors affecting your design

One of the benefits of the top-down approach is to consider all the relevant factors
into consideration affecting your design approach. A network designer should both
consider these constraints as well as the customer business goals. Selecting the state of
the art technology is not always the best solution to propose in every situation.
Some of the factors affecting design decision are:
Price. It is one of the important factors when designing your network. Customers like
designs that use the latest technologies, which are scalable to support future
requirements. However, you will find budget constraints and market competition that
might hold you in proposing such design.
Timelines. Time can also affect your design decision. People opt for cloud services
and virtualization technologies as they provide scalability and quick provision of
resources.
Site Constraints. You need to consider the site conditions to make a design decision.
For example, you need to consider whether a remote site where the only option of
connectivity is microwave or fibre infrastructure will still be available after six months.
In highly humid or hot areas, industrial equipment must be proposed in your design.

CCDA Workbook
Resources. One of the major concerns of an organization is the after sales support
services or operations. One of the reasons Cisco has been successfully penetrating in
all type of customers is because of exceptional after sales support services.
Network Design Building Blocks

A network design should clearly show how the different components are integrated
and working together in order to achieve the business goals. A successful design keeps
in consideration all technical and non-technical factors including business objectives,
desired outcome, and functional, technical and transitional requirements.
Following building blocks should always be considered while designing a network:
Network Reliability
Consider a scenario where you are willing to send an Apple iPhone 7 from London to
New York to your sister. You have two options:
 Option 1: Next day- delivery via a fast courier but does not guarantee if the item
in the package is damaged while transportation.
 Option 2: Next week- delivery by local post office with your items covered via
insurance in case of loss of damage. It also sends an email/SMS confirmation to
customer once the item has reached the destination.
Which service will you choose?

The obvious answer is option 2. Reliability is another important factor in the network
design. An unreliable data network can affect your customer experience due to poor
performance. TCP and UDP provide most of the data and VoIP transportation over IP
network. They have very different behaviours in terms of packet transport. TCP is
connection-oriented protocols, which provides acknowledgement of packet delivery
and re-transmits the packet in case of lose. With an unreliable network: there will be
too many re-transmissions of packets: leading to poor performance.
UDP is also a protocol used in message transport or transfer. This is not connection-
based, which means that one program can send a load of packets to another and that
would be the end of the relationship. UDP is suitable for applications that need fast,
efficient transmission, such as games& VoIP. UDP's stateless nature is also useful for
servers that answer small queries from huge numbers of clients. UDP performance will
be very poor in an unreliable network.

CCDA Workbook
Figure 11.. TCP vs UDP

CCDA Workbook
Network Availability
Availability is the percentage of time, in a specific time interval, during which a
network is used for the purpose that it was originally designed and built for. The
formula most commonly used to calculate this is:
Availability (%) = Uptime/Total Time
Total Time = Downtime + Uptime
Network Availibility
Availability(%) Down time
99.9 8.76 hours
99.95 4.38 hours
99.99 52.56 min
99.999 5.26 min
99.9999 31.5 sec

Figure 12. Availability % Chart
Availability of the network can be increased by deploying highly available components

and links. Depending upon the nature of the business, percentage availability of the
network will be decided (i.e. e-commerce website availability requirements will be far
higher than a remote branch office).
Network Modularity
Modularity in your network design is often a life- saver. In a modular network,
different modules can be added and/or removed without impacting the other parts of
the network (although this may not be the case in all scenarios). Modularity also plays
a key role when you are scaling your network. The network can be divided into
different functional areas where fault or expansion of a function will not lead to the
redesign of the complete network.
A modular network provides the following benefits:

 Simplicity
 Manageability
 Flexibility
 Scalability
CCDA Workbook
Examples of the few functional modules are:

 Access
 Distribution
 Core
 Datacentre
 WAN Edge
 Internet Edge
 Branch
 Teleworker
Figure 13. Network Modularity
Network Manageability
The ISO network management model's five functional areas are:
 Fault Management—Detect, isolate, notify, and correct faults encountered in
the network.
 Configuration Management—Configuration aspects of network devices such as
configuration file management, inventory management, and software
management.
 Performance Management—Monitor and measure various aspects of
performance so that overall performance can be maintained at an acceptable
level.
 Security Management—Provide access to network devices and corporate
resources to authorized individuals.
 Accounting Management—Usage information of network resources.
These functional areas should be carefully considered during the design cycle. A
robust model needs to be in place for end-to-end network management. It is

CCDA Workbook
commonly seen that the network management efforts increase with the growth of the
network. However, if you have taken the modular and hierarchal design approach, it
will reduce the overall efforts to manage the network.
Case Study
In this case study, we will learn how a network designer engages with the customer to
collect requirements and propose a solution.
Customer Scenario
Your customer is a government hospital that provides different health care services in
the local area. It has recently deployed a new CRM application to be accessed by
remote users/doctors. Customer is looking for a solution to provide secure access to
remote users.
You are working for an integrator as a network designer. You manager has asked you
to engage with the customer and propose a best-fit solution.
After conducting a couple of workshops with the technical and business users, you
have extracted the following information.
Customer Business Requirements

The CRM application contains customer PI information. Some of the information is
required to be accessible by remote users/doctors for timely review/ feedback/
approval in order to improve the overall efficiency of the hospital. In the exiting setup,
customer has to wait till the next business day for review/ feedback/ approval.
Customer Functional Requirements

 Secure connection by remote users
 Customer has limited budget
 High availability is not a requirement at this stage but is in the future
 There are approx. 20 remote users at this stage and is expected to grow at
10%/year.

CCDA Workbook
 Users will be connecting from different platforms (mobile, windows, mac). It

should be a clientless solution to avoid installation and support issues.
 Users should only be able to access the CRM server in the DMZ. No others
resources should be accessible.
Technical Requirements
 SSL web VPN with AES will be used for remote access.
 One firewall will be deployed capable of supporting high availability in future.
 Existing internet termination gateway is end of life. This firewall will replace
the existing gateway and provide additional capabilities of IPS, NGFW, and Malware
Protection.
 Current Internet bandwidth is 25 Mbps.
 Existing gateway polices to be replicated to the new appliance.
Now you have clear customer requirements and you are in a position to propose
solution. You have to submit a formal proposal to the customer. A typical proposal
table of contents are listed below. This is just a basic sample and the contents can vary
based on the scope.
*For the Cisco Proposal Templates visit: https://salesconnect.cisco.com/
*******************************Typical Proposal Format*****************************
1. Executive Summary
This is a short section in your proposal that summarizes the content in order for
readers to rapidly become acquainted with a large body of material without having to
read it all.
2. Customer Requirements
List all the business, functional, and technical requirements of the customer.
3. Proposed Solution
Describe your technical solution and how it meets the customer requirements. It
should include:
a. Technical Solution
b. High Level Diagram

CCDA Workbook
c. Solution Benefits
d. Bill of Material(BOM)
4. Project Plan
5. Customer Pre-requisites& Exclusions
6. Conclusion
7. Appendix
a. Datasheets
b. Customer References
c. Service Level Agreement(SLA)
Summary
In this chapter you have learned the basics of network design. Enterprise architecture
demands for reliability, scalability, and availability at all times due to critical nature of
business applications. Network designers should always follow the top- down
approach starting from the application layer and moving down to physical layer of OSI
model. Business requirements and goals should be well understood to design a
successful network. The Cisco Lifecycle Services portfolio includes a broad range of
services that can helps increase the network’s business value and return on
investment. In the design, you should take into account the different factors like price,
timelines, location and resources constraints while meeting customer expectations.
Network reliability, modularity, manageability and reliability are the basic building
blocks of any network design.

CCDA Workbook
Chapter 2: Network Design Objectives

In this chapter, we will be exploring the following design objectives in detail:
 Network Modularity
 Network Hierarchy
 Network Scalability
 Network Resiliency
 Network Fault Domains
General Design Guidelines

Networks have become an integral part of our day- to- day jobs with users relying on
the continuous availability of service to transport and data and voice services.
Designing network is not a one-design-fits-all proposition. The scale of network design
can be as simple as a single switch and wireless AP at a small remote site or a large,
distributed, multi-building complex with high-density wired port and centralized
wireless requirements. Network designs platform choices for these deployments are
often driven by needs for network capacity, the device and network capabilities
offered, and also the need to meet any compliance requirements that are important to
the organization.
In creating a reliable and versatile network design, the network should be:
• Self-healing—Always available
Network design should facilitate the continuous availability by providing
redundancy and resiliency at the component and link level. Resiliency is based
on the capacity to enhance physical resiliency as well as how interconnections
are made in the modular campus design.
• Self-defending—Provide security to company and users

It presents a clear view of the various components that can be used throughout
the network to not only monitor traffic but to allow the network itself to
become more proactive in preventing and mitigating network attacks. Layered
security at strategic points on the network to create a thick framework of
security. Each device is sharing intelligence through standardized protocols and
coordinating responses based on predefined policies.
• Self-optimizing—Adapting to changing needs

Next generation network design adapts to changing need of an organization.
• Self-Aware-Visibility to network traffic and activity

Network activity should drive change through analyzing the traffic that they
transport and how it relates to an organization’s mission.

CCDA Workbook
Real World Scenario

An enterprise has deployed a wireless network with Cisco access points (AP) and wireless LAN
controllers(WLC) that follows the self-healing and self-optimizing features supported by Cisco
WLAN.
• Client Band Select: Band selection enables client radios that are capable of dual-band
(2.4 and 5 GHz) operation to move to a less congested 5 GHz AP.
• Auto Dynamic Channel Assignment: When a wireless network is first initialized, all
radios participating require a channel assignment to operate without interference - optimizing
the channel assignments to allow for interference free operation
• Auto Transmit Power Control: The Cisco WLC dynamically controls the access point
transmit power based on real-time wireless LAN conditions.
• Auto Coverage Hole Detection: The controller uses the quality of client signal levels
reported by the APs to determine if the power level of that AP needs to be increased.
• CleanAir: It is a spectrum intelligence solution designed to proactively manage the
challenges of a shared wireless spectrum. It allows you to see all of the users of the shared
spectrum (both native devices and foreign interferers).
Cisco follows a hierarchical network design approach, which addresses the modularity,
scalability and resiliency requirements of an organization.
Enterprise Campus Design

A local area network (LAN) is a group of computers and associated devices that share
a common communications line or wireless link to an application or service. Typically,
a LAN encompasses computers and peripherals connected to a server within a distinct
geographic area such as an office, building or a commercial establishment. A campus
network can have a single or hundreds of switches depending upon the number of
users and size of the campus.
The campus wired LAN uses a hierarchical design model to break the design up into
modular groups or layers, which allows each layer to implement specific functions. In
this way, the network design, deployment and management of the network become
simpler.
Network Modularity and Hierarchy

An important concept to adopt in building a hierarchical network is the modular
design approach. Modularity divides a complex system into smaller, manageable ones
making growth much easier to handle. Modularity also ensures that a failure at a
certain part of the network can be isolated so that it will not bring down the entire
network. The expansion of a network is improved by implementing a modular design.
For example, adding a new network segment or a new application to the network will
not require re-addressing all the hosts on the network if the network has been
implemented in a modular design.
A simple example of modular design in cars is that while many cars come as a basic
model, paying extra will allow for upgrades such as a more powerful engine,
Bluetooth, heated seats, rear camera or special tires: these do not require any change
to other units of the car such as the chassis, steering, electric motor or battery
systems.
CCDA Workbook
The advantages of modular design are:

 Scalable to support future growth.
 Enable faster, easier and more efficient customization.
 Modules can be modified or replaced without effecting rest of the architecture.
 Keep the design simple to understand and implement.
 Enables quick and easy upgrades
 Flexible to adapt change of user and traffic requirements.
 Easy to identify, troubleshoot and isolate issues.
Figure 14. Modular Network
Hierarchical campus architecture includes the following main modules:

• Access layer— provides direct access to the network
• Distribution layer— aggregates access layers and provides connectivity to
services
• Core layer— provides connectivity between distribution layers for large LAN
environments
• Data Center– holds the applications and services which often support functions
for manufacturing, marketing, HR, research and development, payroll, and
other core business functions.
• Enterprise WAN
• Internet Edge
• Enterprise Branch
• Enterprise Teleworker
Each module has specific functions and can therefore be designed using the optimal
devices and features to meet the specific requirements of the module.

CCDA Workbook
Real World Scenario

How many layers should a network have?
It depends upon the type of site you are deploying the infrastructure. Larger network designs
require a dedicated distribution layer for network-based services versus sharing connectivity
with access layer devices. Some of the reasons to have a dedicated distribution layer are:
-Performance and throughput requirements
-Resiliency: the network can be divided into sub-domains, which prevents single point of
failure or large failure domains.
-Easier operations and fault isolation.
-In case of multiple buildings connecting to a central site, it is always cost- effective to connect
the access switches with distribution switch within the building and connect redundant fiber
from distribution to core. Dispersion of the LAN access switches across many buildings in a
larger campus facility would require more fiber optic interconnects back to a single collapsed
core.
Consider a university with a number of buildings across the campus. Each building will have
access switches for endpoint connectivity and distribution switches for aggregation. These will
be connected to the main building datacentre core switches.
Three Tier Design:

CCDA Workbook
Depending on the size of the LAN, these services and the interconnection to the WAN
and Internet edge may reside on a distribution layer switch that also aggregates the
LAN access-layer connectivity. This is also referred to as a collapsed core design
because the distribution serves as the Layer 3 aggregation layer for all devices. In the
below schematic, a single building with multiple floors is designed based on two tier
approach.
Two Tier Design:
Access Layer
The access layer is where user device and end-point devices are connected to the
network. The access layer provides both wired and wireless connectivity and contains
features and services that ensure security and resiliency for the entire network.
• Device connectivity. The access layer provides high-bandwidth device

connectivity. This layer must support bursts of high-bandwidth traffic when
users perform routine tasks (such as sending large emails or opening a file from
an internal web site) in order to make the network a transparent part of an
end-user’s day-to-day job.
• Because many types of end-user devices connect at the access layer, personal
computers, IP phones, wireless APs, and IP video surveillance cameras, the
access layer can support many logical networks, delivering performance,
management, and security.
• Resiliency and security services. The access-layer design must ensure that the
network is available for all users who need it, whenever they need it. As the
connection point between the network and client devices, the access layer must
help protect the network from malicious attacks. This protection includes
ensuring that users have access only to authorized services, preventing end-

CCDA Workbook
user devices from taking over the role of other devices on the network, and,
when possible, verifying that each end-user device is allowed on the network.
• Advanced technological capabilities. The access layer provides a set of network
services that support advanced technologies, such as voice and video. The
access layer must provide specialized access for devices using advanced
technologies, to ensure that other devices do not impair traffic from these
devices and also to ensure efficient delivery of traffic.
Distribution Layer
The distribution layer provides connectivity between access and core layers. Also the
layer enforces filtering, quality of service (QoS), summarization, and layer 3 services.
 Scalability. The distribution layer serves as an aggregation point for multiple

access-layer switches. The distribution layer makes the network more efficient
since it requires less memory. This in turn, lowers operating costs aside from
creating fault domains that compartmentalize failures or network changes, and
by processing resources for devices elsewhere in the network. The distribution
layer also increases network availability by containing failures to smaller
domains.
 Reduce complexity and increase resiliency. The campus wired- LAN has the
option to use a simplified distribution layer, in which a distribution-layer node
consists of a single logical entity that can be implemented using a pair of
physically separate switches operating as one device or using a physical stack of
switches operating as one device. Resiliency is provided by physically-
redundant components like power supplies, supervisors, and modules, as well
as stateful switchover to redundant logical control planes.
This approach reduces complexity of configuring and operating the distribution layer
because fewer protocols are required. Little or no tuning is needed to provide near-
second or sub-second convergence around failures or disruptions.
Core Layer
The core layer of the LAN is a critical part of the network and the simplest by design.
It provides a limited set of services and is designed to be highly available and always

CCDA Workbook
operational. In the current business environment, the core of the network is always
designed with high availability to provide uninterruptible service during failure. The
core of the network should avoid implementing any complex policy services, and it
should not have any directly attached user devices and server connections. Also, the
core should possess the minimal control plane configuration, combined with highly
available devices that are configured with the correct amount of physical redundancy
to provide nonstop services capability.
The core campus is the backbone that glues together all the elements of the campus
architecture. It is that part of the network that provides for connectivity between end
devices, computing, and data storage services located within the data center— and
other areas and services within the network. It serves as the aggregator for all of the
other campus blocks and ties together the campus with the rest of the network.

CCDA Workbook
Access Distriution Core

Layer 2 switching Redundancy and load balancing Fast switching
High availability Aggregation of access switches High reliability
Port security Aggregation of WAN connecitons Redundancy
Broadcast suppression QoS Fault tolerance
Policy enforcement e.g

Filtering by source or destination
address
QoS classification and Filtering on input or output ports
marking and trust Hiding internal network numbers Low latency
boundaries by route filtering
Static routing
QoS mechanisms, such as priority-
based queuing
Rate limiting/policing Summarization Simplicity

Address Resolution Protocol
Broadcast or multicast domain
(ARP) inspection
Virtual access control lists Routing between virtual LANs
(VACLs) (VLANs)
Media translations (for example,

Spanning tree
between Ethernet and Fiber)
Redistribution between routing

Power over Ethernet (PoE)
domains (for example, between
and auxiliary VLANs for VoIP
two different routing protocols)
Network Access Control
(NAC)
Figure 15. Hierarchical Network Design- 1

CCDA Workbook
Figure 16. Hierarchical Network Design-2
Access – Distribution Design

There are multiple ways to connect access layer with distribution layer.
 Classical Spanning Tree. In this model, access switches are connected with the
distribution switches in layer 2 mode. FHRP are used to provide redundancy and
failover capabilities. The major drawback of this model is relying on STP, which
provides sub-optimal usage of network resources.
Figure 17. Classical Spanning Tree

CCDA Workbook
 Routed. In this model, access switches provide both layer 2 and layer 3
functionality. There is no need for FHRP as the directly connected access switch
becomes the default gateway for the end devices. Routed design simplifies the
network and is much easier to troubleshoot. It also provides better network
resource utilization with traffic load balanced over redundant links. One
disadvantage of such design is that a VLAN cannot be extended across the switches
that may be required by some legacy applications.
Figure 18. Routed Access Layer
 Clustering. Switch clustering can be used at access & distribution layers for a
simplified and highly available network design. On an access layers stacking can be
used which let the access switches act as one single switch with each switch acting
as a module. Distribution switches can be clustered by using the technologies like
Cisco Virtual Switching System or a virtual PortChannel (vPC) allows links that are
physically connected to two different Cisco Nexus Series devices to appear as a
single PortChannel to access switches or end devices.
Figure 19. Clustered Design Physical Layout

CCDA Workbook
Figure 20. Clustered Design Logical Layout
Feature Classical STP Routed Access Clustering

Access Distribution Spanning Tree (PVST+, Rapid-
Control Plane Protocols PVST+ or MST) EIGRP or OSPF PAgP, LACP
STP Required for network
redundancy and to prevent
Spanning Tree L2 loops No No
Spanning Tree and FHRP Routing Protocol or Static Multi-Chassis Etherchannel
Network Recovery (HSRP, GLBP, VRRP) Routing (MEC)
VLAN span across the Supported (requires L2
network spanning tree loops) No Supported
Layer 2/3 Demarcation Distribution Access Distribution
First Hop Redundancy HSRP, GLBP, VRRP requiredNot Required Not Required
Access to Distribution Per
Flow Load Balancing No Yes - ECMP Yes - MEC
Convergence 900 msec to 50 seconds 50 to 600 msec 50 to 600 msec
Figure 21. Access-Distribution Design Models Comparison
Datacenter
The data center module usually contains internal email and corporate servers that
provide application, file, print, and Domain Name System (DNS) services to internal
users. This is considered as the most critical part of any enterprise architecture. The
purpose of deploying network infrastructure is to provide access to application
services which are hosted in datacentre. Performance and unavailability in a certain
part of the network will only effect specific users while unavailability of the data
center will effect every user in the enterprise. It must be resilient, scalable, and flexible
in order to support data center services that add value, performance, and reliability.
The data center also hosts the management module for monitoring, logging, security,
and other management features within an enterprise.

CCDA Workbook
Enterprise WAN
The WAN module provides connectivity between remote sites and the main site over
various WAN technologies. This module does not include the WAN connections,
which are supplied by the service providers but rather provides the interfaces to the
WANs. Example: WAN interfaces provided by this module are MPLS, Frame Relay,
Asynchronous Transfer Mode (ATM) and leased lines. Although security is not as
critical when all links are enterprise owned, security should be considered in the
network design.
Internet Edge
The Internet edge module connects to the internet via service provider network. It
provides services such as public servers, email, and DNS. The module can be
connected to multiple service providers. The area is quite insecure as it open channel
with the outside world. Firewall, IPS, Web Content Filtering, and Spam control
devices are also deployed here to protect the internal network from external threats.
Enterprise Branch
The enterprise branch module extends the enterprise by providing each location with
resilient network architecture with integrated security. Services can be offered from
branch or central site based on feasibility.
The branch office generally accommodates employees who are located away from the
central site and need access to corporate service. Branch office users must be able to
connect to the central site to access company information. The branch office is
sometimes called the remote site, remote office, or sales office.
Enterprise Teleworker
The enterprise teleworker module provides users in geographically- dispersed
locations, such as home offices or hotels, highly secure access to central-site
applications and network services. These users connect to the enterprise network over
a secure VPN tunnel. All traffic is encrypted to ensure confidentiality and integrity. It
increases the productivity of the employee with an access to corporate services
anytime anywhere.

CCDA Workbook
Putting it all together

The below schematic shows the different modules integrated together:
Figure 22. Enterprise Campus Network Design
o Access layer is provides connectivity to end devices

o Distribution layer provides intermediate connectivity between access
and core layers
o Core layer provides fast switching of data traffic
o Data center hosts all corporate services for internal users
o Public services host the services for external users
o Internet edge provides secure connectivity to world wide web
o Enterprise edge connects to Enterprise branches over MPLS
o Enterprise teleworker connects to corporate network via VPN over the
public Internet
Network Resiliency
Principles of structured design and the use of modularity and hierarchy are integral to
the design of campus networks but they are not sufficient to create a sustainable and
scalable network infrastructure. Network resiliency means the ability for the system to
remain available for use under both normal and abnormal conditions.
Normal conditions are change windows, and normal or expected traffic flows and
traffic patterns while abnormal conditions are hardware or software failures, extreme
traffic loads, unusual traffic patterns, denial-of-service (DoS) events whether
intentional or unintentional, and any other unplanned event.
As with hierarchy and modularity, resiliency is not just a feature but is a basic
principle that is made real through the use of many related features and design
choices. The coordinated use of multiple features and the use of features to serve
multiple purposes are aspects of resilient design. Just as the way in which we
CCDA Workbook
implement hierarchy and modularity are mutually interdependent, the way in which
we achieve and implement resiliency is also tightly coupled to the overall design.
Adding resiliency to the design might require the use of new features, but it is often
just a matter of how we choose to implement our hierarchy and how we configure the
basic Layer-2 and Layer-3 topologies.
The resiliency can be divided into following categories:
 Network resiliency
This includes overall design topology redundancy, redundant links and devices,
and how the control plane protocols (such as EIGRP, OSPF, PIM, and STP) are
optimally configured to operate in that design.
 Device resiliency
Device resiliency, as with network resiliency, can be done through combining
the appropriate level of physical redundancy, device hardening, and supporting
software features
 Operational resiliency
The campus, which is either a part of the backbone of the enterprise network or
the form, must be designed to enable standard operational processes,
configuration changes, software and hardware upgrades without disrupting
network services.
Network Scalability
Businesses increasingly rely on their network infrastructure to provide mission-critical
services. As the business grows and evolves, more employees are being hired, more
branch offices being opened, and global markets are tapped. A scalable network is one
that can be adjusted without major modification as time and resources require.
internetworks are typically described as networks that are experiencing constant
growth, which is what many of today’s internetwork require due to the increasing
demand of connectivity of the businesses nowadays. They must be flexible and
expandable. The best-managed scalable internetworks are typically designed following
a hierarchical model.
Features and technologies that can be used to respond to the following key scalability
requirements:
 Reliable and Available. This involves being available and dependable at all times.
Failures need to be isolated and recovery must be invisible to the end user.
 Responsive. This includes managing the QoS needs for the different protocols
being used without affecting a response at the desktop.
 Efficient. Networks must optimize the use of resources, especially bandwidth.
Reducing the amount of overhead traffic, such as unnecessary broadcasts, service
location, and routing updates, results in an increase in data throughput without
increasing the cost of hardware or the need for additional WAN services.
 Adaptable. Key scalability must be able to accommodate disparate networks and
interconnect independent network clusters (or islands), as well as to integrate
legacy technologies.

CCDA Workbook
Network Fault Domains

It is important that the requirement for network reliability and availability is carefully
planned during early network design phase. Network fault domains and rapid recovery
plans must be defined in order to prevent catastrophic network failures and network
outages. Deploying a strong campus network foundation with redundant system
components and a resilient network design becomes highly effective for non-stop
borderless services operation and business communication since every tier of the LAN
network design is classified as a fault domain. However, this introduces a new set of
challenges, such as higher cost and the added complexity of managing more systems.
Network reliability and availability can be simplified using several Cisco high
availability technologies that offer complete failure transparency to end users and
applications during planned or unplanned network outages.
Network fault domains in this reference architecture can be identified in comparison

to failure conditions that are difficult to predict. Improper network design or non-
resilient network systems can lead to more faults that not only degrade the user
experience, but may severely impact application performance, such as the failure to
capture critical physical security video information. The fault levels can range from
network interruption to disaster, which can be triggered by the system, humans, or
even by nature.
Network failures can be classified in two ways:

 Planned Failure. A planned network outage occurs when any network system
is administratively planned to be “down” for a scheduled event (software
upgrade, etc.).
 Unplanned Failure. Any unforeseen failures of network elements can be
considered as unplanned failures. Such failures can include internal faults in
the network device caused by hardware or software malfunctions, which
includes software crashes, line card or link transceiver failures, etc.
Summary
In this chapter we explored the general design principles and how they contribute to
build a self-defending network. We also learned about modular network design and
the hierarchical and enterprise network modules for designing a hierarchal, modular,
scalable and resilient network.

CCDA Workbook
Chapter 3. Addressing and Routing Protocols in an

Existing Network
To support consistent and reliable communication establishment, Network design
must incorporate intelligent Internet Protocol (IP) address and efficient routing
protocol in a network. IP addresses are used in internetwork to assign unique
identification to each node and devices. On the other hand, routing protocols are
employed to maintain mechanism of exchange of packets between these nodes. The
selection of IP address and routing protocol should strictly consider efficient network
design by employing intelligent networking strategies.
This chapter contains two sections for the detailed description and development of
the design process of IP addresses roadmap and routing protocols.
Design Consideration for IP Addressing Schemes

Internet Protocol (IP) addresses are the unique identification assigned to each node in
the IP network by which individual node can identified, acknowledged, and
communicated. Efficient implementation of an IP addressing plan is essential for
network processing and performance perspective. For addressing, either IPv4 (32 bits
address) or IPv6 (128 bits address) is employed.
This section delivers the design considerations and requirements to plan an efficient
IP address for the enterprise network.
The fundamental concepts of IP addresses are described as:
 IPv4 uses 32 bits address for the unique identification of network nodes,
whereas IPv6 uses 128 bits.
 IPv4 uses dots to separate the individual numbers that range from 0.0.0.0 to
255.255.255.255
 IPv6 uses colons instead of dots to separate the numbers and also
uses hexadecimal rather than decimal digits.
 IP address classes are used to classify IPv4 address, called as class full IP
addressing. It utilizes defined network and host range.
 For efficient usage of IP address, a more proficient scheme “Class Less Inter-
domain Routing” is employed. In which network and host range can be
shaped according to the requirement.
 IP addresses are also classified into “public” and “private” addresses.
Modules are classified over which these addresses can be used.
Public IP Address
These addresses are used in:
 Internet Connectivity Module
 E-Commerce Module
 Remote Access and VPN Module
CCDA Workbook
Private IP Address
 Used in enterprise network
 Secure and non- internet routable addresses
 Static and dynamic IP addressing schemes are used to assign addresses to the
network device.
 Static assignments mean assigning a permanent address to a particular device,
used for devices and nodes that belong to infrastructure such as routers etc.
 Dynamic assignment of IP address is employed for temporarily connected
devices such as end-devices (users). Dynamic Host Configuration Protocol
(DHCP) is used for this purpose.
 Domain Name System (DS) is used to resolve user-friendly name into IP
addresses.
Concept of Scalable Addressing

The basic requirement of enterprise network nowadays is ease of use and cost-
effective expansion. Scalability must be carefully analyzed and implemented in a
network design to support efficient organizational growth.
Following are the parameters that directly influence scalability:
Hierarchy
Hierarchy is the organizational structure in which items are ranked according to levels
of importance. This improves the performance and overall efficiency of network. IP
address hierarchy is decided on the basis of IP address requirement per location,
network topology, geography, and size.
Implementation of IP address hierarchy is a recommended practice in network design

due to the following factors:
 IP Address Effect on Routing. Routing protocols are selected based on IP

addressing implemented on the network. Stability of routing protocol is directly
affected by the IP address. Class- full and classless routing protocols are
interlinked with the fixed length subnet masking (FLSM) and variable length
subnet masking (VLSM).
 Modular and Scalable Solution. Hierarchy enables modularity, which in turn

allows simplified scalability to the network.
 Support Route Aggregation. Route aggregation facility introduces less

processing and bandwidth requirements. Contagious and well- planned IP
addressing scheme can utilize this feature to reduce computational overhead.
Summarization
Summarization is implemented over specific network nodes to introduce:
 Less routing table calculations and re-calculations
 Less routing table entries
 Increase network stability
 Low bandwidth and processing power

CCDA Workbook
Efficiency
Hierarchy and summarization collective implementation bring in a highly efficient
and organized network structure.
The figure below demonstrates the approach of hierarchy and summarization:
Figure 23. Implementation of Hierarchy and Summarization
In this example, the link failure update that is flooded to each node in the network
section is illustrated. Multiple paths are forwarding the same information to other
section of the network causing multiple similar routing table entries and bandwidth
consumption to carry the same update multiple times.
When summarization process is implemented on the border router of network it helps

in the following ways:
 Resources are prevented to waste
 Efficiency is improved because bandwidth wastage is reduced
Design Consideration for Effective IP Address Scheme

Designing the IP address for a specific organization requires careful analysis of needs
and demands of organization including following measures for the consideration:
 Identification of various locations in the organization
 Requirement of devices per location
 Identification of IP address type for each location and device (static or
dynamic)
 Requirement of sub-networks

CCDA Workbook
 Estimated expansion
Design process will start after thorough consideration of the above- mentioned
measures and network requirements.
Recommended Reserve for Expansion

Expansion must be taken as a challenging reality in any network design. It is
recommended to keep a reserve of up to 20% of IP addresses.
Subnetting
IP addresses follows classes in their addresses, each class has pre-defined amount of
network and host addresses available.
The illustration of the common classes of IP addresses along with their host and
network reserves is as follows:
Figure 24. IP Address Range with supported networks and host
Class D and E are reserved for Multicast and experimental purposes respectively.
Addresses 127.x.x.x are also reserved for loop back addresses.
Subnetting is a mechanism, which customized network, and host can use addresses by
dividing a network into multiple logical networks. It improves IP address efficient and
secure usage.
Network Address Translation (NAT)

NAT is deployed to access public (internet) network. Enterprise addresses are “Private
Addresses” which are not routable on public (internet) network. Private addresses are
modified to public address by mapping so that it can able to route over public
network.

CCDA Workbook
The figure below demonstrates the range of private addresses, which are assigned to
private networks for secure and protected communication:
Figure 25. IPv4 Range of Private Address
NAT deployment can be employed in these ways:

 One Private Address to One Public Address. This mechanism is employed for
servers that are visible to public network. Static public IP address is mapped
with internal server private address for efficient and fast communication.
 Many Private Addresses to One Public Address. This method is used for
client devices.
Combination of both techniques is employed in network for reliable communication.
Real Life Scenario

Consider a network topology of an enterprise that has a main office in San Francisco. Two
regional offices in Houston and Denver are directly connected to the main office (San
Francisco) and the three remote offices; Remote office 1 and Remote office 2 are connected to
Denver regional office while Remote office 3 connected to Houston regional offices
The overall network topology illustration is shown in the following figure:

CCDA Workbook
The plan of IP address scheme employed considering the number of host devices employed,
no. of servers, firewalls and security devices, future expansion, and etc. Suggested future IP
address for main and regional offices are up to 20% and 10% for remote offices.
The overall addressing plan is illustrated in the following table:
Total IP
Work IP Router Reserve
Location Servers Switches Firewall Address
Stations Phones Interfaces %
Required
San
600 35 600 17 26 12 20 1290
Francisco
Denver 210 7 210 10 4 0 20 441
Houston 155 2 155 10 4 0 20 329
Remote
12 1 12 2 1 0 10 28
Office 1
Remote
15 1 15 3 1 0 10 35
Office 2
Remote
8 1 8 3 1 0 10 21
Office 3
Total=2144
The IP address requirement of the Head Office is analyzed as 1290 (600+35+600+17+26+12=

1290 IP address are required). This means an address block that contains 1290 + 20% more IP
addresses for future expansion are required to assign to head office. Similarly Denver and
Houston regions requires a address block that has 441 IP address for assigning different
network devices and 20% more IP address for future growth.

CCDA Workbook
IP address Requirement along with reserve address can be calculated as:
Total IP address Required = IP address + % IP address for future expansion
Reserved addresses vary according to the plan expansion of company but generally 20% or 10
% addresses are reserved as an optimal solution.
Therefore, Total required IP addresses to deploy in this scenario are 2144.
As IP address follows power of 2. So the employment of IP address would b such that it follows
power of 2 along with the accommodation of required number of IP address.
The implementation and complete IP addressing plan for this enterprise office is illustrate in
following table:
Number of IP address Number of Allocated

Location Address Block
Required IP address
172.16.0.0 to
Main office 1290 2048
172.16.7.225/21
Denver Region
Denver Office 441 512 ----
Remote Office 1 32 64 ----
Denver Region 172.16.8.0 to
---- 1024
Total 172.16.13.255/23
Houston Region
Houston Office 329 512 ----
Houston Region 172.16.12.0 to
---- 1024
Total 172.16.15.255/22
From the above table, the assignment of IP address block can be visualized.
IPv6 Addresses
Internet Protocol Version 6 addresses are the successor of IPv4 addresses. It resolves
the limitation causes by IPv4 addresses exhaustive addresses range. 128- bit address
space is available in IPv6 addresses. 128 bits address space means it can provide the IP
addresses to 43 trillion devices can be assigned IP addresses.
Benefits of IPv6 Addresses Mind Map

CCDA Workbook
Figure 26. Advantages of IPv6 Address
This table demonstrates various type of IPv6 addresses:

IPv6 Address Type Description
Link Local Address  IP address assigned to the link of local
network
 Unicast Address
 Prefix: FE80::/10
 Used in neighbour discovery and
stateless auto reconfiguration process
Unique Local Address  Designed to used in local network
 Unicast Address
 Prefix: FC00::/7
 Globally unique IPv6 addresses are
created by pseudorandom selection of
global ID
Global Aggregatable Address  Aggregation of routing prefixes is
supported
 Used to reduce routing table entries
Routing Protocol Scalability Considerations

Routing Protocols is designed to exchange information between network nodes.
These are the parameters that must be taken into account for a scalable and reliable
Routing Protocol:
Number of Peers
Number of peers or devices significantly affect the choice of routing protocol. A large
company cannot comfortably run on static routing protocol because in each fault in
unwanted network scenario, network administrator has to intervene and reconfigure
the faults. Number of peers should be kept small if static routing is employed. In a
large organization, dynamic routing protocols (RIPv1, RIPv2, OSPF, EIGRP and BGP

CCDA Workbook
are popular of them) are used for the dynamic learning of routes, calculation of best
route to reach a particular destination node and less administrative intervention.
Real Life Scenario
Company ABC has an HO and 5 branch offices in San Jose. ABC has recently deployed a
centralized CRM software at HO, required to be accessable from the branches.
You have been assigned as a network design engineer to work with the customer and propose
a best fit solution for connecting the branch offices with HO.
You have met with the cutomer and collected the following additional information.
Expansion: A maximum of 3 more branches in the next 5 Years.
Type of last mile connectivity provided by Service Provider: L2 Ethernet
No of employees in each branch: 5-10
Technical team skill level: low
Desired type of deployment: Simple/Dynamic adoption to changes/Classless routing

support/Open standard
Which routing protocol will you recommend to company ABC?

Answer:
Company ABC should deploy Routing Information Protocol (RIP) v 2 because it supports:
 dynamic routing
 classless support
 adaption to network changes
 standard based protocol
 simple deployment
RIP is rarely chosen as a preferred routing protocol with the scalability and converegence
requirements of today’s networks. You need to closely analyse your customer bsueiness and
functional requirements for routing protocol selection.
Convergence Requirements
Routing protocol convergence is implied by the state of router at which all the
required topology information is collected and by how the router reach the position at
which it can start forwarding packets to the destination nodes of the network.
Dynamic routing protocols exploit this feature for the learning of complete topology.
Routing protocols selection criteria is mostly based on convergence time because it is

extremely important for router to establish relation with its neighbour and with
complete network for the reliable flow of packets.
Summarization Boundaries and Techniques

Network locations over which summarization mechanism introduces efficiency must
be located to fully utilize this strategy. Block or sections of network helps to
implement summarization.
These are the levels of hierarchy over which summarization is implemented:

CCDA Workbook
First Level. Locations are identified as a network block.

Second Level. Large location is divided into multiple smaller network group, it
is implemented of first level summarization group.
Third Level. It is applied on second level summarization group to improve
network performance and stability.
Number of Routing Entries

Routing entries should be utilized efficiently in a network to reduce bandwidth
consumption and CPU processing. Optimization of routing table is the best practice
implemented by “IP super-netting” techniques.
Impact of Routing Table of Performance

Performance is directly affected by the size of the routing table. If multiple paths can
reach a particular route, router has to make calculation of each path over routing
table. This excessive calculation slows down overall performance of the network.
Size of the Flooding Domain

Flooding is generally used in routing protocols to update and synchronize neighbours
and network elements.
Topology
Topology is the arrangement of network element in a network. Some routing
protocols raise a logical topology by which they view network while some routing
protocols require an explicit topological structure to work efficiently. For example,
Open Shortest Path First (OSPF) requires a defined structure of network elements by
locating different areas.
Routing Protocols Overview

Routing protocol characterizes how nodes establish communication with each other
so that smooth, fast, and reliable exchange of packets among different devices in the
network can take place. Routing protocol for a particular network must be selected
carefully so that network can accommodate transitions and expansion. The selection
of routing protocol is mostly affected by the IP addresses used in the network, overall
network topology, connectivity demands, scalability, convergence time, and resource
consumption by the routing protocol.
This section deals with the selection and design process of routing protocol to
efficiently cater the requirements of a network employing Internet Protocol version 4
(IPv4) or Internet Protocol version 6 (IPv6).
Routing protocols can broadly be divided into two main categories:

 Static Routing Protocols
 Dynamic Routing Protocols
Static Routing
In static routing, network administrator has to statically modify and monitor each
node for the selection of path taken to reach to a particular destination.

CCDA Workbook
In the following figure, static routing protocol is implemented. If workstation (WS) A

wants to communicate to WS B, their traffic starts from WS A, cross through router A
and router B until it reaches to workstation B. This is how the exchange of packets
takes place.
Figure 27. Example of Static Routing
Considering the example given, workstation A and work station B is not connected on
a single node. However, two routers, router A and router B are involved. This means
WS A cannot establish communication path towards WS B unless some sort of
connectivity is configured among the network nodes. Configuring static routes on
nodes that are not in direct connection provides this connectivity.
Dynamic Routing Protocols

In dynamic routing protocols, the nodes themselves learn and figure out the best
possible path to reach a particular destination. Administrator overhead of configuring
each node in the network is reduced. Dynamic routing protocol introduces efficient
use of network resources especially in event of transitions.
In the following figure, dynamic routing protocol is implemented because it is very

difficult for the network administrator to manually configure each node in a large
network where number of device are exchanging packets to each other.

CCDA Workbook
Figure 28. Dynamic Protocol
The best route to reach to a particular destination is learned by the metric associated
with different dynamic routing protocol. Different routing protocol used different
parameter as a metric such as hop count, bandwidth, load, path reliability, path speed,
latency, and etc.
The main difference between static and dynamic routing protocols is summarized in
following table:
Static Routing Protocol Dynamic Routing Protocol

Manual configuration of routes Dynamic learning of routes
Not Adaptive to changes Adaptive to changes
Suitable for small network Suitable for large network
Administrative distance value is 1 Administrative distance value is greater
than 1
Low CPU processing High CPU processing
Low Bandwidth consumption High Bandwidth consumption
Dynamic Routing protocols are used in large organizational networks and can be
broadly classified into two types:
1. Interior Gateway Protocols (IGP)
2. Exterior Gateway Protocols (EGP)
Interior Gateway Protocol versus Exterior Gateway protocol

Interior gateway routing protocols or intra-AS routing protocol deals with the
exchange of routing information within an autonomous system. Exterior gateway

CCDA Workbook
protocol or inter-AS routing protocol exchange information between autonomous

systems.
Autonomous System. A collection of devices that operate common routing protocols

and falls under single administration is known as Autonomous System or single
Routing domain. An example of this would be a service provider’s network or a
company’s internal network.
The examples of interior gateway protocol (IGP) and exterior gateway protocol (EGP)
are listed below in the following table:
Protocol Examples
Interior Gateway Protocol Routing Information Protocol (RIP) V1 and V2,
Open Shortest Path First (OSPF),
Integrated Intermediate System–to–Intermediate System
(IS-IS)
Exterior Gateway protocol Border Gateway Protocol (BGP)
Exterior Gateway Protocol (obsolete)
Interior Gateway Protocol

Interior gateway protocols are classified into two types:
1. Distance Vector Routing Protocol
2. Link-State Routing Protocol
Distance Vector Routing Protocol

Routing table is populated based on information collected from the connected nodes.
These protocols are often called as “Routing by Rumour” as the routing table
maintenance is based upon the information provided by the directly connected
neighbour. If the neighbour forwarded wrong information, the router would update
wrong information in its routing table without confirmation.
Distance vector protocols periodically send complete routing table to the directly
connected neighbour caused to use high amount of bandwidth. The specified timers
attached results in the longer time to make a common consensus between the nodes,
results in the convergence of overall network very slow.
In these periodic updates, only the best route to reach a specific node is exchanged. As
the router gets only the information provided by the neighbouring node, it has no
means to build the complete topology of the network.
Distance vector routing protocol relies on hop counts (maximum supported hop count
is 15). Network exceeding 15 nodes cannot efficiently work with Distance vector
protocol, thus the protocol works reliably in small network. Hop count is the metric
used for the calculation of best route to reach a specific destination node.
Example: RIP (version 1 and 2)

CCDA Workbook
Figure 29. Distance Vector Routing Protocol Routing Information Exchange mechanism
This figure illustrates the mechanism of how routing information is exchanged

between nodes in Distance Vector Routing Protocol. Incoming routes received at
Router A is forwarded to Router A’s directly connected neighbour i.e. Router B and
Router C. Router A exchanged its complete routing table to its neighbour. Router B
and Router C updated routing information they have received and forwarded it to
their directly connected neighbours i.e. Router D and Router E respectively.
Link-State Routing Protocol

Routing table is maintained on the basis of information collected from all routers in
the network by exchanging hello packets. These hello packets are technically called
Link State Advertisement (LSA). LSAs carry the information regarding the state of the
Link or interface, which are forwarded to each node of the network.
Routing decision is taken based on the calculation of the shortest path to reach a
particular destination node. For the computation of shortest path, Link state routing
protocol uses a specialised algorithm known as “dijkstra's algorithm”. Each router has
a complete view of the entire network topology because the updates of links are
flooded to the entire network.
Convergence time of the network is improved by enabling updating of change in the

state of link. This also reduces overall bandwidth usage because only information
regarding transition is exchanged.
Furthermore, the complex structure of Link state routing protocol requires

exceptional intelligence in design and deployment process. The calculation of best
route for each destination causes additional CPU processing.
CCDA Workbook
Example: OSPF and IS-IS
The figure below illustrates the packet exchange mechanism of link state routing
updates. Link-State routing protocols update changes in the state of link to the entire
network for example, Link failure or change in bandwidth of the link.
Router A noticed the change in the state of its link i.e. link down and flooded this
information to the entire network. By this way, the entire network learns change in
the network topology. Each node in the network got the updated information. Each
node inside the network can build complete network topology.
Figure 30. Link-State Routing Protocol information exchange mechanism
Another popular large network protocol is Enhanced Interior Gateway Routing

Protocol (EIGRP). EIGRP is a combination of distance vector and Link state routing
Protocol, called as Enhanced Distance Vector Routing Protocol.
Selection of the suitable routing protocol is one the most critical step in network
designing. Range of feature has to be considered before selecting a routing protocol,
for example: day-to-day maintenance, convergence time, configuration steps,
deployment etc.
This table compares some of the important features of Distance vector and Link state
routing protocol, which comes into consideration while selecting an efficient routing
protocol:
Feature Distance Vector Routing Link State Routing

Protocol Protocol
Update Periodically Triggered
Access Directly Connected Nodes All Nodes
Deployment Easy Complex

CCDA Workbook
Convergence Slow Fast

Configuration Simple Complex
Bandwidth usage High Low
CPU usage Low High
Routing loops More Susceptible Less Susceptible
Exterior Gateway protocol

The protocol used to exchange information between autonomous systems is Exterior
gateway protocol. Inter-AS routing protocols typically required complex
implementation and configuration. Border gateway routing protocol (BGP) is
currently in use as an only EGP (other variations of EGP are obsolete).
Example: EGP (obsolete) and BGP
Figure 31. Exterior Gateway Routing Protocol
In Figure 31, Exterior gateway protocol can be visualized. Exterior gateway protocol is
configured to establish communication between different autonomous systems which
IGP exchange routing information within an autonomous system.
IP version 6 routing protocols are generally similar to IP version 4. IP version 6 use

updated versions of IP version 4 protocols.
For example:
 RIPng (Routing Information Protocol next generation)
Similar feature as Ipv4 (RIPv2): Distance Vector, Split Horizon, 15 hop counts
Different feature: FF02::9 multicast address, multiple RIPng process on the same router
 OSPVFv3 (Open Shortest Path version 3)
Similar feature as Ipv4 (OSPFv2): Link-State routing protocol
Different feature: LSA types, uses FF02::5 and FF02::6 as multicast address, no
authentication
 EIGRPv6 (Enhanced IGP version 6)
Similar feature as Ipv4 (EIGRP): Advanced distance vector protocol, hello packets, DUAL
algorithm
Different feature: FF02::A multicast address
 MP-BGP (Multiprotocol BGP)

CCDA Workbook
Multiprotocol extension of BGPv4 (IPv4 BGP), Address Family Identifier (AFI)
Routing Protocols Mind Map
Figure 32. Brief summary of Routing Protocol
Difference between Hierarchical and Flat Routing Protocol

Hierarchical routing protocol segments network into small components. Large
networks can be sub divided into multiple smaller components.
Example: OSPF, IS-IS
EIGRP can also support hierarchical routing protocol, if manual summarization is

implemented on the router.
Flat routing protocols are those protocols, which propagate routing information
throughout the network. In this routing mechanism, each router appears to be each
others peer or they lie on the same page.
Examples: RIP, EIGRP
Routing Protocol for the Enterprise

The following section discusses protocols that best fit the enterprise environment.
Enterprise internal network requires efficient network to meets the requirements of
company’s internal operations. Static routing protocols and RIP only work well with
small network portion, as they cannot bear the requirement of large networks. The
recommended protocols for the said environment are:
1. OSPF (Link-State Routing Protocol)

2. EIGRP (Advanced Distance Vector Routing Protocol)

CCDA Workbook
Open Shortest Path First (OSPF)

The OSPF is an open standard routing protocol to exchange IPV4 and IPV6 packets.
OSPF V2 (defined in RFC 2328) is implemented to route IPV4 traffic while OSPF V3
(define in RFC 5340) is implemented to route IP v6 traffic.
OSPF is designed for large enterprise area where Routing Information Protocol (RIP)
cannot feasibility exchange information. OSPF has fast convergence time as compare
to RIP. The distribution of network in terms of different area is the basic concept of
OSPF.
OSPF deployment carries the following topology restrictions:
 It has one backbone area in which backbone router stay, called as Area 0.
 Other areas are known as non- backbone area.
 To establish communication among areas, packets have to be exchanged through
backbone area.
 All non- backbone areas are connected to backbone area through routers.
 The router resides on the boundaries of backbone and non- backbone area are
called area border router (ABR).
 ABR provides connection between backbone and non-backbone areas.
 Autonomous system boundary router (ASBR) serves as a gateway between OSPF
and other routing protocol. The process of translation and exchange of information
among different routing protocol domains is known as “route redistribution”.
OSPF hold the following features:
 OSPF is a link-state routing protocols

 Calculation of shortest path using dijkstra's algorithm
 Hello packets are exchanged to establish and maintain adjacencies
 Reliance on cost of the link for best route computation
 LSA update in case of change of state of link
 Holds the complete view of network topology
 Support Variable Length Subnet Mask
 Utilization of IP address space more efficiently
 Supports route summarization
 Fast convergence
 Ease of scalability
This illustrates the multi-area example of open shortest path first protocol (OSPF):

CCDA Workbook
Figure 33. Open shortest Path First (OSPF)
Enhanced Interior Gateway Routing Protocol (EIGRP)

EIGRP is a Cisco propriety protocol. EIGPR (Enhanced distance vector protocol) is a
modified version of IGRP (pure distance vector protocol). It is designed to support
distance vector routing protocol and some features of link-state routing protocol as
well.
EIGRP holds the following features:

 Use DUAL (Diffusing Update Algorithm) as a route calculation mechanism.
 DUAL supports the ability to maintain backup routes (in case of failure of link) in
the topology table. This backup route is known as “feasible successor” in EIGRP
terminology.
 A route must hold “feasibility condition” to populate as a feasible route in the
routing table.
 Feasibility condition says that: the reported distance (RD) from the neighbouring
router must be lower than the current feasible distance (FD).
 Hello packets are exchanged to establish and maintain adjacencies
 Triggered updates are exchanged
 Routes are propagated to directly connected neighbour
 Routers has no information of complete network topology
 By default, uses minimum Bandwidth and cumulative delay for the calculation of
metric. But it is recommended to fully utilize the resource of EIGRP by
incorporating worst reliability between source and destination node, worst loading
between source and destination and the smallest maximum transmission unit
(MTU) in metric calculation.
 Both automatic and manual route summarization is supported.

CCDA Workbook
Border Gateway Protocol

Currently, Border gateway protocol is the only protocol used for the communication
among Autonomous system. BGP is a type of exterior gateway protocol. It is generally
referred as Path vector protocol and often classified as distance vector protocol.
Inter autonomous routing takes into account high-level agreement policies to

establish communication across each other. Generally, BGP is called as routing
protocol for Internet because it is used to route traffic across the Internet. Strategic
policies and certain agreements at different levels are required to establish
communication between autonomous system and Internet service providers (ISPs).
BGP maintains path information in the routing table unlike distance vector, which use
distance or hops and link-state, which works on best possible route.
BGP has following features:

 BGP uses “path” parameter as a metric to reach destination.
 BGP incorporates other parameters for the best route calculation. These
parameters are called “Path attributes”.
 BGP routing updates use unique autonomous system number for the
identification.
The connectivity of one autonomous System to multiple ISP autonomous systems is

called multi-homing.
BGP can be sub divided into two domains:
Interior Border Gateway Protocol (iBGP) Peering

Border gateway protocol running between routers of same autonomous system is
called interior border gateway protocol (iBGP).
iBGP holds the following:

 iBGP neighbors does not need to be directly connected to each other as long
as they know how to reach each other.
 iBGP are primarily used to carry eBGP information through autonomous
system because these routing tables are too large and cannot manageable by
IGPs.
 Routes received from iBGP peers cannot be readvertise to iBGP peer, but
can be advertise to eBGP peers
Exterior Border Gateway Protocol (eBGP) Peering

This is the border gateway protocol that runs between router of different
autonomous systems.
EGP holds the following:

 eBGP routers must be directly connected to each other.
 Paths received from eBGP peers can be advertise to both eBGP and iBGP
peers.
 eBGP routes have preferred over iBGP routes.

CCDA Workbook
BGP has following practical advantages:

 Policy-based routing (PBR) can be applied
 IBGP protocol is used for the propagation of QoS parameters in QoS Policy
Propagation on BGP (QPPB)
 In Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPN), the
multiprotocol version of BGP is used to carry MPLS VPN information
Designing a Routing Protocol Deployment

Routing protocol is designed for each module and section of the campus network,
from core to access layer and enterprise edge, remote modules, and etc.
This section discusses the selection of protocol for each network module.
Routing in Campus core

The core is the most critical layer in the network. The protocol running on core layer
should be fast enough to provide efficient connectivity throughout and it must
support redundancy and load-sharing capabilities. Both EIGRP and OSPF converge
very quickly but the selection of routing protocol relies on network structure, IP
addressing, involved equipment etc. Static routing cannot be a suitable option for core
layer because in this protocol failure in any section requires administrative
intervention.
EIGRP and OSPF are restricted by these factors:

EIGRP is only applicable on Cisco- licensed devices. A non-Cisco device does not
understand EIGRP protocol.
OSPF follows the complex hierarchical network topology and strict IP addressing plan
Routing in Distribution Layer

This is the upper layer from core. The selection of routing protocol in this layer is
affected by routing protocol running at core layer, IP addressing and the physical
network topology.
It is recommended to choose the same protocol for each layer. If multiple protocols in
each layer are a requirement, then redistribution mechanism must be enabled at
distribution layer.

CCDA Workbook
Routing in Enterprise Edge Functional Area

Access to network resources to local and remote used is provided through enterprise
edge functional area. Routing protocols that are running on enterprise edge functional
area section referred to as “Edge Routing Protocols”.
The selection of routing protocol in this part of network depends upon the physical
topology, IP address plan, and the nodes connected. Static routing, OSPF, EIGRP, and
BGP are typical choices as a routing protocol. The advantages and disadvantages of a
certain routing protocol must be kept in mind while selecting a routing protocol.
OSPF can be used in environment like LAN, NMBA (non-broadcast multiple access
network) and dialup.
EIGRP is best suited for NMBA environments with Split-horizon enabled. For
example, Frame Relay or ATM.
Routing in Remote Access and VPN

Remote access and VPN functionality is provided to allow remote users to access to
the corporate network resources through dialups and IP security (IPsec) VPN. The
decision routing protocol for this module is influenced by the overall redundancy
requirement of the network and the number of exit points.
The most popular choice is static routing or border gateway routing (BGP).
The condition in which specific routing protocol fits well are:

Static routing fits well where only a single exit point exists and in IPsec VPN.
BGP works well when there are multiple exit point exists and when multi-
homing is desired.
Advanced Routing Strategies

In complex corporate networks, it is essential that a network function smoothly.
Multiple protocols running on each layer should be supported each other to provide
high- speed connectivity throughout with minimum processing overhead and
bandwidth allocation. These features can be incorporated in the network by
employing advanced strategies such as route re-distribution, route filtering and route
summarization.
Route Redistribution
When multiple routing protocols are running on different sections of the network, the
section cannot communicate with each other. To enable them to communicate with
each other route redistribution mechanism is configured. Route Redistribution is
passing routing knowledge from one routing protocol to another routing protocol.
Route redistribution mechanism is configured on border router only, other router
(internal routers) understand only internal routing protocol which border router
understand both.

CCDA Workbook
It is broadly enabled in two forms:

One-Way Route Redistribution. This is when redistribution is allowed in one
direction and restricted in other.
Two-Way Route Redistribution. This is when redistribution is implemented
on both directions.
This figure represents one-way and two-way route redistribution technique:
Figure 34. One-way and Two-way Route Redistribution Examples
Route redistribution should be planned carefully or it will result in routing loops. In

case of redundant connections, redistribution path are forwarded back to the same
domain causing routing loop. To prevent this condition, route filtering along with
route redistribution is used.

CCDA Workbook
Real World Scenario
Company ABC has recently connected its three sites over MPLS L3 VPN. Routing protocol
between customer edge route(CE) and service provider route (PE) is BGP. ABC is using OSPF
as an IGP and would like to propagate internal routes to the remote sites.
You are working as a consultant for the customer and have been presented with the following
3 options:
1) Replace OSPF with BGP to propagate internal routes to remote sites.

2) Ask the service provider to replace BGP with OSPF as PE-CE protocol.
3) Perform mutual redistribution at the edge for roue propogation.
Option 1 and 2 are technically feasible solutions, however it requires a lot of administrative
overhead and changes in the exiting network. Best option is to perform mutual redistribution
at the edge(CE) to transport each sites routes to the other site.
Redistrubution type: Mutual

OSPF to BGP: Propogation of intenal routes to MPLS network/remote site.

CCDA Workbook
BGP to OSPF: Redistribution of remote site routes to internal network.
Above explained scenario is the most common type of deployment opted by MPLS service
providers.
Route Filtering
Route filtering is the mechanism to prevent advertisement of certain routes to a
specific network section. Route filtering is typically used in border gateway protocol
on global Internet for the filtering of Internet packets into internal corporate network.
Combination of route filtering and route redistribution is applied to prevent routing

loops and suboptimal routing.
Route Summarization
Large networks are subdivided into small sections in order to reduce route traffic and
computation. Routing traffic consumes significant network resources for route
computation and propagation of routing updates. To prevent this scenario, route
summarization is implemented. Route summarization is also called “Route
Aggregation” and “Supernetting”. This process allows nods to maintain routing
updates by summarizing series of routing entries into single entry.
This illustration shows a simple example of route summarization:
Figure 35. Example of Route Summarization
The advantages of Route summarization are:

 Reduced routing traffic

CCDA Workbook
 Router computation in one section does not effect other section

 Reduced bandwidth utilization
 Improved convergence
 Reduced size of routing table
Important Routing Design Considerations
 EIGRP supports routing traffic over unequal costs parth by default.

 Unequal load sharing in OSPF and ISIS can be achieved via MPLS traffic
engineering.
 Redistribution should always be used in combination with route filtering
techniques., specially the two-way mutual redistribution.
 Avoid redistribution scenarios to keep the network simple.
 Only change the routing protocols default timers when required.
 Use Bidirection Forwarding Detection(BFD) to improve failure detecton and
propogation.
 Route summarization can create routing loops and sub-optimal routing.
 Desiger must consider the Mean time between failure (MTBF) and Mean time
to repair (MTTR) requirements of the network.
 Trianglular topologies converge mush faster than rectangular topologies. Ring
topology takes the most time to converge.
 Two level redundndacy is normally sufficient to maintain the network up time
requirements. More than two level of redundancy increases complexity.
Summary
The selection of IP address block and best routing protocol were discussed in this
chapter. IP address plan scheme must consider various network parameters such as
hierarchy, summarization, and overall efficiency. Scalability of the network must be a
priority while developing IP addresses plan and routing protocol. The selection of best
routing protocol depends on multiple parameters such as the structure of network,
type of devices, network resources available, and etc. It is not advisable to only have
one routing protocol for a particular network. However, combination of dynamic
routing protocol to exchange packets within a Single autonomous system, BGP to
connect multiple autonomous system together, and static routing to glue each
component of the network along with advance routing strategies must be used to
construct a robust, flexible, intelligent, efficient, user desirable and reliable network.

CCDA Workbook
Chapter 4: Enterprise Network Design

This chapter presents the consideration, design, and implementation solution for the
network infrastructure of an enterprise environment. Enterprise network is a network
of connected devices in one geographical area or it can be distributed in areas distant
apart. It is a backbone network over which each device of the organization can
communicate at every location. Being the basic fabric of network, Enterprise network
architecture requires careful planning, designing, and implementation of network
resources so that the infrastructure can establish exchange of information throughout
network life and can quickly adapt to changes and transitions when required.
In this chapter specific considerations regarding basic campus network, enterprise

network and branch network deployment are discussed. The technologies, topologies,
devices, protocols, and overall planning are examined in detail as well.
This chapter is broadly divided into following sections:

 Basic Campus Network Design
 Basic Enterprise Network Design
 Basic Branch Network Design
Before diving into details of particular design and planning process of each network
infrastructure, it is essential to consider the basic functionality and difference of each
type of network infrastructure so that distinction can be established.
This table illustrate the general comparison among the three specific network
infrastructure:
Campus Enterprise Branch

Collection of nodes within The communication Distributed branches of
a single LAN or multiple backbone connects organization that are
LANs connected within a associated devices of geographically distant from
limited geographical area. organization at every each other use branch
location. Multiple LANs network approach to
and WANs are involved. provide secure and reliable
connectivity.
Connection
Gigabit Ethernet or 10 LANs: Ethernet Secure and Reliable
Gigabit Ethernet connection is critical to
WANs: Private lines or connect various branches
Public switched services together
Range
1 km up to 5 km Devices at Remote location Remote networks locations
can connect to central can interconnected
network

CCDA Workbook
Basic Campus Network Design

Campus network involves local area network (LAN) or multiple LANs connected
together generally in close proximity. Fundamentally, each campus network is
designed to include following sections:
 Local Area Network (LAN) or LANs module. This interconnects devices of entire
campus building together over a network.
 Data Center module. Centralized resources are available at data center.
 Virtualization Facilities. Virtualization tools and techniques are enabled in the
network to ensure efficient and smooth running of entire network and to provide
cost effective organizational solutions.
Example: Colleges or universities hold a campus network structure by which

administrative buildings, different departments, libraries, academic halls and other
building associated with the institution within specific geographical location are
connected. This network must connect to a resource center where centralized
resources are available to each device in the network as well as to the outside world so
that internet services can be utilized inside campus.
The overall design of campus network is divided into following main sections:s
 Campus network design consideration
 Campus infrastructure module design consideration
Campus Network Design Consideration

Network design of a campus initially takes into account higher-level parameters of the
overall design. Design consideration is influenced by the following parameters:
 Network application characteristics
 Infrastructure device characteristics
 Environmental characteristics
Network Application Characteristics

The application requirements of a network influence the design of the network. These
are the four general types of network application in campus environment:
 Peer-Peer. Peer- to- peer model is the establishment of communication
between/among two or more network edge devices. It is a unique model in
which each node can start and terminate a session. Each node is allowed to
work as either Server or Client in this model.
These are the examples of common applications, which can exchange between edge
devices (work stations):
 Instant Messaging
 IP phone calls
 File Sharing
 Video conference system

CCDA Workbook
This figure illustrates how exchanges of information between peers or network edge
devices takes place:
Figure 36. Peer-Peer Exchange of packets
 Client-Local Server. Client is a node in the network that initiates a session and
request server to grant some resources. Server is a node, which accepts and
fulfils client requests. Local server is one that is locally available to network
node over a same LAN. Typically, 80% of the traffic remains within the local
LAN (80/20 workgroup rule is followed which implies that 80% of the network
traffic remain within the local LAN while only 20% leaves the segment).
This structure is used in organization where specialized applications are

required for specific segment. Servers with special application are placed in the
segment to distribute traffic load from the organization core network.

CCDA Workbook
The use of localized server in the campus environment is illustrated in the following:
Figure 37. Client to local server application model
 Client-Data Center. In Client to Data center application, the 20/80 rule

applies. This means 20% of the total traffic remain in the local LAN while 80%
leaved the segment to the central servers etc. Data center may hold multiple
centralized server of the organization to provide better and reliable
communication.

CCDA Workbook
The establishment of communication between clients or network devices to the

centralized data center is illustrated as follows:
Figure 38. Client-data center application
 Client-Enterprise Edge Server. Client to enterprise edge application is the

exchange of information between campus client and public servers. Enterprise
edge is that portion of network that connects the internal campus network to
the external internet network. Security and availability are significant issues
regarding client- enterprise edge devices communication setup.
Campus network requires connection to the outer (internet) network in order to

exchange packets over internet. The portion of the network that performs this task for
the campus network is Enterprise-Edge network, which can be visualised in the next
figure.

CCDA Workbook
Figure 39. Client-enterprise edge
Application Requirements
Network applications require certain parameters for a particular segment of the
network to run smoothly. These are the parameter that must be assessed using a
certain network application:
 Type of connectivity
 Availability
 Cost of the network
 Total required throughput
This table suggests the significant parameters for various application requirements,
which need to consider while designing a suitable network structure:
Parameters Description Peer Client Client Client

To to to to
Peer Local Data Enterprise
Server Center Edge
Server
LAN switching are
Type of trending at the data
connectivity link layer to satisfy Switched Switched Switched Switched
CCDA Workbook
organizational
requirements
Redundancy is added
Availability to provide availability Low to
of the network to high Medium High High
each client all the
time.
Total cost of the
Cost of the network plays a Low to
network significant role in Medium Medium High Medium
applications utilized
by the clients.
Throughput varies
Total with the type of
required application used. Medium Medium High Medium
throughput Some applications to High
does not requires
high capacity
infrastructure etc.
Environmental Characteristics
Environmental characteristics of the location significantly affect the choice of devices
and medium of connection of node in the network. The two most important
characteristics of environment that affects the network design are:
 Distance between the node (Nodes Location)
 Type of connection used between the nodes (Connection Medium)
The selection of medium to connect nodes is dependent upon how much nodes are
distant apart. Further technical requirements such as signal attenuation or EMI must
be evaluated before selecting a medium type. The medium can be wired or wireless.
Medium must be selected carefully by thoroughly consider various aspect of network
such as expected life of the medium employed, transmission speed, maximum
supported distance, and etc.
These are the medium types available for a campus structure:

 Wired Medium
 Wireless Medium
Wired Medium
Wired medium deployment issues include cost of the wire, total life expectancy of the
wire, speed supported by the wired medium, attenuation, and EMI. Wired media can
be broadly divided into two categories:
 Copper. The two main types of copper cable are Twisted Pair Cable and Coaxial
Cable. However, in network connection and deployments, twisted pair cable
type is mostly used. The interconnection of work stations, servers, devices and
their NIC cards to the access and distribution layer switches are accomplished
through twisted pair copper cables. It is suitable for short distances.

CCDA Workbook
Recommended choice
Category 5e and greater (100 Mbps)
Category 6 (Gigabit Ethernet)
Distance greater than 100 meters works with specialized cable known as “Cisco
Long Reach Ethernet (LRE)”
Limitations
Electromagnetic Interference (EMI), long distances
 Optical Fiber. Optical fiber has two main types, single mode (SM), and
multimode (MM).
 Single Mode Optical Fiber. Single mode optical fiber carries one mode or
mono mode light. Standard diameter of single mode optical fiber is 2 to
10 micrometer.
Recommended choice
For precise and long distance communications
Limitations
Higher cost than multimode fiber, sensitive to misalignment, and radius
bend,
 Multi Mode Optical Fiber. Multimode Optical Fiber (MM) carries

multiple modes or multiple wavelength light waves simultaneously
through a fiber. The standard diameter of MM optical fiber is 50 to 62.5
micrometers.
Recommended choice
Suitable for long distance
Limitations
High cost, highly sensitive to misalignments and bends
Wireless Medium
Mostly, intra-building network can use this approach to connect devices to each
other and to the network. Wireless access points and clients adapter are installed to
configure this functionality. IEEE 802.1g and IEEE 802.1n are the advanced version of
wireless techniques with supported speeds up to 54 Mbps and 300 Mbps respectively
in a 2.4 GHz band.
This table summarizes the specific parameter of each medium type:
Medium Type Bandwidth Distance Price

Twisted Pair Up to 10 Gigabit per seconds Up to 100 meter Inexpensive
Copper Cable
Single Mode Up to 10 Gigabits per  Up to 80 Km (Fast Expensive
Optical Fiber seconds and higher speeds Ethernet)
 Up to 100 Km
(Gigabit Ethernet)
 Up to 80 Km (10

CCDA Workbook
gigabit Ethernet)

Up to 10 Km (100
Gigabit Ethernet)
Multi Mode Up to 10 Gigabits per  Up to 2 Km (Fast Medium
Optical Fiber seconds Ethernet)
 Up to 550 m
(Gigabit Ethernet)
 Up to 300 m (10
Gigabit Ethernet)
Wireless Up to 300 Gigabits per Up to 500 meters at 1 Medium
Medium seconds Mbps
Selection of Medium based on requirement of Network Structure

The structure of network and location of network nodes influences the choice of
medium. These are the compositional structure of network for which a suitable
medium type can be selected:
 Intra-building structure
 Inter-building structure
 Distant remote building structure
The requirements and specification involved for each type of network structure are:
Network Description Medium Requirement

structure
Intra- Specific geographical area or same  Client workstations are
building building is associated in Intra- connected through twisted
structure building connectivity pair cables or WLANs.
 Access layer to distribution

layer is mostly connected
through optical fiber.
Inter- Central network (core) is connected Optical fiber is the suitable
building to multiple building.choice to connect building’s
structure Geographically in the same or core layer together to establish
limited location is supported in high-speed secure connection.
Intra-building structure.
Distant Areas are geographically distant but  Wired medium such as
remote must lie in a single MAN. optical fiber, microwave
building and copper lines can be
structure deployed.
 WAN links can be used

according to the
requirement.

CCDA Workbook
Infrastructure Device Characteristics

Selection of infrastructure device is one of the most critical steps in network
construction. The demands and needs of users and overall network topology should
keep in mind while deciding infrastructure devices.
Switches are used to interconnect devices rather than hubs to efficiently utilize
network resources with different speed requirement of various nodes. The basic
difference between shared and switch media segments are listed in the following table:
Shared Media Segment Switched Media Segment
The device, which provide shared media The device, which provide switched media
segment to the network nodes, is HUB. segment to the network nodes, is SWITCH.
Each nodes utilize same speed Each node can utilize different speed
Fixed allocation of bandwidth to each Full allocation of bandwidth to each node
node
The comparison of shared and switched media segments are illustrated below:
Figure 40. Comparison between shared and switched media segments
Design Campus Infrastructure Module

Network design should be scalable and reliable. For this purpose, full flat network
design is not preferred. Network is sectioned into various modules according the
certain requirements and function. The designed network is a collection of various
network infrastructure modules, which is independently designed to fulfil certain
network requirements.
The four (4) main modules in campus network design, which will be investigated
thoroughly in this section:

CCDA Workbook
 Campus Access Layer Design Consideration

 Campus Distribution Layer Design Consideration
 Campus Core Layer Design Considerations
 Campus Data Center Design Consideration
The design and planning of infrastructure module targeted the following parameters
for consideration:
 Hierarchy. It is the step taken in the design to construct a manageable network.
Network sections are classified and organized on the basis of certain specification
and parameters.
 Modularity. Complete network is section on the basis of specific function in terms
of modules in this approach.
 Resiliency. It is the capacity of the network to converge quickly.
 Flexibility. It is the capacity of a network to adapt to changes and transitions.
Each layer of the infrastructure should design carefully for future expansion and
flexibility.
Campus Access Layer Design Consideration

Access layer is the layer by which network is accessed by the network edge devices.
Access layer design must cater requirement of connected nodes.
The number of queries that needs to be evaluated to build the infrastructure module
of access layer:
 Current host requirements

 Future host requirements
 Configuration type of switches
 Number of available ports
 Interconnecting medium
 Layer 2 devices requirement
 Redundancy requirement
 Capacity required to connect to distribution layer
 Deployment of VLANs
 Deployment of spanning tree
 Added security features requirement
The next section discusses the feature that are supported and utilized in access layer
of the campus network:
Layer 2 protocols and VLANs

Access devices and nodes are interconnected together by layer 2 switches. Layer 2
switches support layer 2 compatible protocols. Segments of LANs are interconnected
on an aggregated access layer through layer 2 devices in campus access network.
Each layer 2 switch has supported certain limited devices that result in unavailability
in cases when more end-nodes need to accommodate. This limitation is resolved by
using VLANs in access layer.

CCDA Workbook
VLANs are virtual LAN, a phenomenon of switches by which high scalability and
connectivity is achieved. VLAN configuration supports multiple LAN connections so
that they can communicate with each other as if they lie on single virtual LAN.
Spanning Tree Protocol (STP) is supported on layer 2 switches. To prevent re-

forwarding of same packet to the sender nodes, Spanning tree protocols are utilized in
campus access layer. The situation is often called “Loop” in networking environment.
Spanning tree protocols are used to manage and control communication between
switches, prevent looping in redundant switch connections and allow fast
convergences.
Spanning tree works on the principle of assigning certain modes to specific switch
ports so that controlled flow of traffic can take place. These ports are allowed to
exchange updates in the form of “Bridge Protocol Data Units (BPDU)” packets across
each other every 2 seconds for quick control and fast convergence in situations of
transition and changes in network links or devices.
STP process is illustrated in following steps:
 Election of Root Bridge. Root Bridge (Switch) is elected based on lowest value of
bridge identifier field. Bridge identifier comprises of 6-octet MAC address of the
switch and 2-octetbridge priority filed. MAC address of each switch device is
unique and bridge priority field is configurable.
 Calculation of Best Route. Each switch calculates the best route up to Root
Bridge. This best route calculation is based on lowest cost or fastest link value to
reach Root Bridge. The cost of link can be calculated by:
1
𝐶𝑜𝑠𝑡 𝑜𝑓 𝐿𝑖𝑛𝑘 = 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ
Assignment of Various Ports

Specific port modes are assigned to each port of the switches connected in the
network. These ports include:
 Root Port. The lowest cost port on non-root bridge device is assigned as root port,
which is always in “forwarding state”. Forwarding state can receive as well as send
traffic.
 If the cost to reach Root Bridge for each port is equal, then bridge ID
is used as a “Root Port” designator.
 If bridge ID’s of two ports are equal, then the tiebreaker is Port ID
itself. The port with lowest port ID is designated as “root port”.
 Port ID is combination of two field: Port Priority and Port index, if this
field remain as default then the port number is the criteria for the
selection of root port.

CCDA Workbook
 Designated Port. All ports on the “Root Bridge” assigned as designated port.
These ports are always in “forwarding” state.
 Non-Designated (Blocking) Port. Ports that are neither designated nor Root are
assigned as “Non-designated Port”. These ports are always in blocking state; they
can only receive BPDUs and cannot send traffic.
The demonstration of STP Port allocation and overall process is shown in the
following figure:
Figure 41. Spanning Tree Protocol (STP) Root Bridge Election and Port Assignments
However, STP has its systematic process of converging switches and follows specific
time ranges before complete convergence (Convergence time of STP is 50 seconds).
The illustration of one instance of complete convergence along with the intermediate
states is shown in the following table:
States of Description of State Maximum time taken to move to the

STP next state (Maximum age)
Blocking Listen to BPDUs  It takes a maximum of 20 second for the
Listening Send and Receive blocking state transition to Listening
BPDUs, Elect root bridge, state.
select root and  After this process, election of Root
designated ports Bridge and selection of ports are made
Learning Send and Receive BPDUs and by default, 15 seconds are recorded
Forwarding Send and Receive BPDUs as maximum delay between listening and
and Traffic learning states.
 After this stage, port is transitioned to
forwarding state with by default delay
parameter of maximum 15 seconds.

CCDA Workbook
 If port is not chosen as a designated or

root port at listening stage, then it is
transitioned back to blocking state.
Although advance version of original spanning tree protocols (STP) are used in access
layer of the campus network such as Common Spanning Tree (CST), per-VLAN
Spanning Tree (PVST+), Rapid Spanning Tree Protocol (RSTP), and Rapid per-VLAN
Spanning Tree Plus (RPVST+).
This table summarizes the difference among various versions of spanning tree
protocols.
Original CST PVST PVST+ RSTP RPVST+

STP
IEEE IEEE Cisco Cisco proprietary IEEE 802.1w Cisco
802.1d 802.1q proprietary proprietary
Create One Create 802.1q trunk Modified Incorporated
spanning spanning single methods is used version of PVST+ and
tree for tree instance of to create instance original SRP RSTP features
VLAN instances spanning of single to provide
is created tree for spanning tree for better
for the each each VLAN convergence
network VLAN
regardless
of
number
of VLANs
STP compatibility issues must be resolved when using multiple vendors STP protocols
by using layer 3 routing. Convergence time is greatly improved in later version of STP
especially in case of link failure and uplink issues.
Cisco STP Toolkit

Cisco STP toolkit contains extensive features to modify and improve the performance
of original spanning tree protocol.
The various feature set includes in the Cisco STP toolkit are:
Tool Description Advantages

PortFast Switch immediately put port in to  Improved
forwarding state skipping the convergence time
listening and learning states.  Prevents potential
loops
BPDU Guard BPDU Guard is enabled to provide Port state is changed
guarding facilities to the switch. In into (errdisable state)
case of loops detection a specialized and error message is
message is reported reported in case of
disabled port

CCDA Workbook
BPDU Filtering This feature is used to disable STP will not run of
PortFast enabled feature. BPDU filtering enabled
ports
UplinkFast Uplink fast allows link to Redundant link is put to
immediately response to link failure. forwarding state in case
of link failure. Switch
converge within 3 to 5
seconds
BackboneFast This feature is used case of indirect Convergence time is
failure of link. improved. Convergence
is improved from 50
seconds to 20 seconds.
STP Loop Guard STP loop guard prevents switch to Avoid loops
put redundant blocking ports to
forwarding states which are not
receiving BPDUs.
RootGuard RootGuard is enabled to prevent Designated port state
external switches to become root must configure to allow
port. each external node act
not as root bridge.
Track of late arriving BPDUs are Rate limited (one
BPDU Skew configured by this feature. message/ 60 seconds)
Detection BPRUs are sending after every 2 skew detected messages
seconds by default. are generated to inform
late arriving BPDU
Unildirectional When switch traffic is received by Link physical status is
Link Detection neighbour device but neighbour determined. In case of
(UDLD) traffic cannot reach to switch. detection of
UDLD is layer 2 mechanism unidirectional links
incorporated layer 1 techniques to error message is
detect the state of link. The link is generated.
considered unidirectional when port
does not see its port/device ID in
UDLD packets.
Real World Scenario
You are working for a Bank as network engineer. You start getting calls in the morning from
different users within the building complaining about
Network slowness
Unrechable appllications
You start investigating and found that the SPT root is pointing to an unknown device in the
conference room. You shutdown the switch port connected to this device and after a few
minutes network starts operating normally.
You physically visited the location and found that one of the user has connected his own
switch to the network to extend the LAN.This switch took over the SPT root situation.

CCDA Workbook
How can you avoid this situation in future?
1. Configure bdpuguard and bpdufilter to all access ports.

2. Configure port security to shutdown the port if more than 1 MAC address is detected
on an access port.
Ether channels. Redundant physical connection between switches can be summed up

as a single virtual connection, known as “Ether channel”. This strategy is used in
networks to provide improved features such as fault tolerance and high-speed links for
the traffic flow. Generally, up to 8 channels can be aggregated in single Ether channel.
This figure illustrates how links are grouped together to perform ether-channel
functionality:
Figure 42. Illustration of Ether-channels
To bundle multiple physical channels into one logical link, two protocols are used.
Those protocols are Port Aggregation Protocol (PAgP) and Link Aggregation Control
Protocol (LACP).
Port Aggregation Protocol (PAgP)

PAgP is Cisco proprietary protocol to perform channel aggregation. The two modes in
PAgP which perform port aggregation are:
 Auto mode

CCDA Workbook
 Desirable mode
Link Aggregation Control Protocol (LACP)

LACP is IEEE 802.3ad specified protocol used to bundle up to 8 physical links into 1
link. Two modes are utilized to perform link aggregation:
 Active mode
 Passive mode
Trunks Management
Trunk facilities are required to interconnect switches of access layer and distribution
layer.
The recommendations to use trunk services more efficiently in a network are:

 Manual configuration of unused VLAN from trunk interfaces to avoid
broadcasting.
 For switch-to-switch connection, dynamic trunking protocol (DTP) must be
enabled along with no negotiate to prevent DTP negotiation.
 Transparent mode within VLAN trunking protocol (VTP) should enable to reduce
operational errors.
 Trunking should be disabled on access layer (host) devices to increase PortFast
speed and improved security measure in the network.
Real World Scenario
In the above layer 2 switched network; each access switch is connected to two distribution
switches for redundancy. As per spanning tree default behaviour, any alternate path will be
blocked to avoid loops.
You have been assigned the task of deisgning this network with optimal use of resources.
HSRP will be used as the first hop redundancy protocol at distribution layer.
You have proposed the below design,

CCDA Workbook
Design Highlights:
 It is ensured that the STP Root & HSRP primary for particular VLANs are on the same
switch. Suboptimal routing will be observed if root and HSRP primary are on different
distribution switches.
 VLAN based loadbalancing is used in the above topology where layer 3 gateway on one
distribution switch will be active for particular set of VLANs only.
 If the distribution switches are stackable (3750), Etherchannel can be used to utize all
available links to distribution switches.
 If the distribution switches support VPC/VSS (e.g Cisco Nexus/6500), all available
links to distribution switches can be used for active traffic forwarding.
 Blocking of redundant path can also be avaoided by converting layer 2 links to layer 3
from access to distribution. Layer 3 loadbalancing techniques can be used to
loadbalance the traffic.
Campus Distribution Layer Design Consideration

Designing a campus distribution layer is the most critical step in campus network
design because the distribution layer is where access and core layer integrates
together.
This table illustrates the characteristics that must be thoroughly investigated while
designing distribution layer network segment:
Characteristics Consideration
Performance Performance should be investigated thoroughly because it is the
aggregation layer of access layer and connects high-speed core
devices.
Redundancy Redundant devices and redundant connections should be
implemented at distribution layer.

CCDA Workbook
Infrastructure Multiple infrastructure and management services should

Services configure and enable o distribution layer devices such as high
availability, quality of services (QoS), security and policy
enforcement etc.
The following are the recommended practices and protocols that can improve
convergence time and performance of overall network:
First Hop Redundancy Protocols (FHRP)

Devices used in construction of campus distribution layer must be redundant to
provide better convergence and traffic flow in situation of failure. Various versions of
the first hop redundancy protocols can be utilized through the following examples:
 Hot Standby Router Protocol (HSRP). HSRP exemplifies “ready to take

the router’s place”. Routers are configured in such a way that if default
gateway router fails, other router automatically and immediately takes its
place.
 Gateway Load Balancing Protocol (GLBP). Along with the redundant
router functionality, load balancing can also be provided by using gateway
load balancing protocol.
 Virtual Router Redundancy Protocol (VRRP). Automatic selection of IP
routes can be implemented using VRRP. This protocol improves the overall
reliability and availability of routing paths.
Features HSRP VRRP GLBP

Router role -1 active router. -1 master router. -1 AVG (Active Virtual
-1 standby router. -1 or more backup routers. Gateway).
-1 or more listening routers. -up to 4 AVF routers on
the group (Active
Virtual Forwarder)
passing traffic.- up to
1024 virtual routers
(GLBP groups) per
physical interface.
– Use virtual ip address. – Can use real router ip – Use virtual ip address.
address, if not, the one with
highest priority become
master.
Scope Cisco proprietary IEEE standard Cisco proprietary

Election Active Router: Master Router: (*) Active Virtual Gateway:
1-Highest Priority 1-Highest Priority 1-Highest Priority
2-Highest IP (tiebreaker) 2-Highest IP (tiebreaker) 2-Highest IP
(tiebreaker)
Optimization
features
Tracking yes yes yes

CCDA Workbook
Preempt yes yes yes

Timer yes yes yes
adjustments
Traffic type 224.0.0.2 – udp 1985 224.0.0.18 – IP 112 224.0.0.102 udp 3222
(version1)
224.0.0.102-udp 1985
(version2)
Timers Hello – 3 seconds,Hold-10 Advertisement – 1 second Hello – 3 seconds,Hold-

seconds 10 seconds
Load- – Multiple HSRP group per – Multiple VRRP group per Load-balancing
balancing interface/SVI/routed int. interface/SVI/routed int. oriented- Weighted
functionality algorithm.- Host-
dependent algorithm.
– Round-Robin
algorithm (default).
Requires appropriate Requires appropriate Clients are transparently

distribution of Virtual GW distribution of Virtual GW updated with virtual
IP per Clients for optimal IP per Clients for optimal MAC according to load-
load-balancing.(generally load-balancing.(generally balancing algorithm
through DHCP) through DHCP) through ARP requesting
a unique virtual gateway
Layer 2/Layer 3 demarcation

In a typical hierarchical network, distribution layer provides a demarcation point
between layer 2 and layer 3 domains. Distribution layer is one in which both layer 2
and layer 3 protocols are aggregated to join both access layer and core layer over
intermediate layer.
Virtual Switching System

Multiple physical switches can be combined as one single logical device. This strategy
is known as Virtual Switching System. This is important when multiple access layers
switches needs to connect to various distribution layer switches.
For example, if you have access switch with two uplinks configured and connected to
two distribution layer switches. Rather than configuring control protocols to decide
which uplink is used in which condition, a single multiple port (Multi-chassis) uplink
switch is connected to distribution layer.
Load balancing per flow is also achieved by VSS. It is the strategy to divert the flow of
traffic to the redundant path destined to reach certain hosts. Ether-channels
automatically redistribute the traffic to the remaining link without waiting for
convergence of STP, HSRP or any other protocol. The special purpose ether-channel to
unify distribution layer switches is known as Virtual Switch Link (VSL).
CCDA Workbook
The characteristics of Virtual switching system are:
 Reduced configuration errors

 Eliminated use of first hop redundancy protocols
 UDLD protocol is used to examine the integrity of link
 Default timers for PAgP and LACP protocols are set
 Loop guard disable methodology is used
 Bundle ether-channel in the power of 2 in order to optimize traffic flow in load
balancing scenarios
 Trunks are configured using desirable-desirable or auto-desirable mode at both
ends
Campus Core Layer Design Considerations

Core layer design is significantly influenced by high availability and high performance
factors. Core layer aggregates distribution layer, and connects to data center and
enterprise edge modules. For this reason, high-speed connection is the basic
requirement of each core layer device. Among the basic requirements of core layer
design are high availability of core networks and redundancy in case of link failure.
The recommended choice of core layer switch is Multi-layer switches, which are
intelligent and flexible. Multi-layer switches have following features, aside from the
size of building having an impact on the overall design of campus core:
Edge Distribution at the campus core

Edge distribution switches filter unwanted or outside traffic to propagate into campus
internal network. Multilayer devices are used as edge distribution switch to provide
greater security and connectivity.
This table demonstrates the attacks from the outside world that need to be recognized
to protect inside campus network:
Type of attack Description Risks Prevention

Unauthorized Edge distribution devices Outside Filtering
access serve as a gateway to the unidentified mechanism
inner campus network and traffic can cause must enabled
outer internet network. trouble for
Access to the internal internal network
network must be provided on
the basis of concrete
verification mechanism.
IP spoofing IP address of client is used by Server responds Difficult to
an unauthorized person with to the pseudo- detect and can
hacking intention is IP client. DOS cause serious
spoofing. attacks use IP problems
spoofing
technique.
Network The approach by which basic Network Intelligent

CCDA Workbook
reconnaissance network topology is intruders used Filtering

discovered by sending this approach to mechanism
collective packets to the learn the basic must enabled
network and receive the topology of the
responses back from the network
network.
Packet sniffers Traffic within network is Information Multi layer
monitored and captured in packets are at switches can be
this approach to harm the threat used to reduce
network. this risk
Important Layer 2 Design Considerations
 Spanning tree (SPT is the oldest mechasinsm for preventing loop in layer 2
Ethernet networks. Other alternatives to STP are Shortest Path Bridging (SPB),
Transparent Interconnect of Lots of Links (TRILL) & Fabricpath.
 Ethernet works on data plane learning and there is no mechanism like TTL to
detect loops as in layer 2. Hence, SPT adopts the link blocking mechanism to
prevent loops.
 SPT does not allow multipathing meaning using more than one path to reach a
destination.
 Two modes of loadbalancing are available
a. VLAN Based: Assign one layer 3 gateway for some VLANs and another
layer 3 gateway for other VLANs.
i. Gateway 1: VLAN 10,30,50
ii. Gateway 2: VLAN 20,40,60
b. Flow Based: Two or more gateways will be used as active/active for the
same VLAN(GLBP). MultiChassis Link Agrregation(MLAG) should also
be enabled for efficient flow based loadbalancing.
 Use RSTP or RPVST+ for fast covergance.

CCDA Workbook
 Use MST if you have a large number of VLANs to be deployed and hardware
resources/processing is a concern.
 CST is not recommended SPT deployment.
 Always enable SPT and port security on the edge ports to protect against any
accidental loops.
 VTP configuration and management should be done carefully. VTP transparent
mode is recommended to avoid any operational mistakes. With server/client mode
; minor configuration mistake can bring the complete network down.Use VTP
domain name/password .
 Remove any unwanted VLANs from the trunk interfaces.
 Keep the layer 2 domain as small as possible. It helps in troubleshooting and
improves the overall performance as less unknown unicast and broadcast
processing.
 It is advised to use hardcode the trunk configuration. DTP slows down the
converagance as it negotiates the trunking mode with remote switch.
 In a multivendor environment; VRRP should be used as FHRP as it’s an IETF
approved standard.
 GLBP should not be used at the Internet Edge if the Firwall in the middle is
performing NAT/PAT for the internal IPs. Edge routers will alwasys see the traffic
coming from a single IP due to NAT/PAT.
 A better solution could be to use HSRP with multiple groups. Add two static
default routes on the firewall wiith
a. Route 1: Pointing to HSRP Group 1 Active Router(R1)
b. Route 1: Pointing to HSRP Group 2 Active Router(R2)

CCDA Workbook
 SPT root and FHRP should be configured on the distribution layer. They should
not be extended up to the core due to large layer 2 domain size. Imagine all VLANs
from access extending till the core to reach the SPT root and FHRP.
Enterprise Campus Data Center Design Considerations

Recent advancement in technologies allow network design to design a powerful and
solid data center design which provides better utilization of server. These highly
consolidated services of data centers are achieved by using virtualization tools that
introduces higher return on investment (ROI) and lower total cost of ownership
(TCO) to the customers.
This figure demonstrates the evolution of data center architecture in the last two
decades:
Figure 43. Evolution of Data Center basic design
Cisco Enterprise Data Center Architecture Framework

This framework is consisting of three (3) main considerations. The considerations
followed to deploy data center architecture are:
Virtualization
The network devices (hardware) are virtualized to provide seamless connectivity.
Virtualization can be provided in the data center network environment by employing:
 Cisco VN-Link Technologies
 Virtual SAN
 Virtual LAN
 Virtual storage and network devices
 Virtual server environment

CCDA Workbook
Unified Computing
Unified computing system is a Cisco’s next generation solution to provide data center
platform. The functionality and features supported by unified computing approach
are:
 A built cohesive system in which computing, networking, storage, access and
virtualization are integrated
 Increased productivity by allowing and provisioning mobility
 A standard platform
 Integrated various data speeds
 Cisco VN-Link Virtualization Support
 Cisco extended memory technology
Unified fabric
Unified Fabric is implemented to deploy data center infrastructure. The two
approaches that can be utilized to achieve a cohesive data center network structure
are:
 Fiber Channel over Ethernet (FCoE)
 Internet Small Computer System Interface (iSCSI)
These two approaches provide reliable 10 Gigabit Ethernet facility for data center.
Enterprise Data Center Infrastructure

Data center Infrastructure design also follows a three-layer flexible modular network
approach.
Data Center Access Layer

The design structure of data center access layer is influenced by Layer 2 and layer 3
connectivity methods. Access layer switches of the data center must provide high
performance, low latency switching and support dense port requirements.
Access layer supports the following functionality:

 VLAN and trunking at each switches to provides access layer connectivity and
form adjacencies
 Managed loops by spanning tree protocols
 Access layer also provides port density for data center
 Single homed as well as dual home servers are supported at access layer
 Dual homing is enabled using VLANs and trunks techniques
Data Center Distribution Layer

Layer 2 in combination with layer 3 is implemented on distribution layer to provide
connectivity between access and core layers. This boundary line between layer 2 and
layer 3 is implemented on Multi-layer distribution switches.
Distribution layer performs the following functions:

 Aggregated traffic from data center access layer and connects to data center core
layer
 Implemented control and application and security services

CCDA Workbook
 Firewalls, load balancing, SSL offload, and other services are implemented
 Design to support high STP calculations
Data Center Core Layer

High-speed connectivity is the basic requirement of data center core layer. Core layer
is a centralized layer on which multiple data center distribution layer can connect.
High speed and reliability is implemented at backbone layer of data center by using
layer 3 devices.
Mind Map of Complete Campus Network Design
Figure 44. Mind Map of Complete Campus Design
This table summarizes the basic design considerations and requirements in different
modules of campus network infrastructure:
Module of Cost
Campus Technology Scalability Availability Performance Per
Network Port
Infrastructure
Access Layer Layer 2/ High Medium Medium Low
Layer 3
Distribution Layer 3 Medium Medium Medium Medium
Layer
Core Layer Layer 3 Low High High High
Data Center Layer3 Medium High High High

CCDA Workbook
Design a Basic Enterprise Network

Enterprise network includes network segment and modules similar to Enterprise
campus design with an advance facility of Wide Area Network (WAN) connection.
Remote locations are connected to centralized organization building in basic
Enterprise network. Connectivity to the remote location is investigated in this section
along with the selection and specification of various enterprise supported protocols,
topologies, connectivity method, resiliency, interconnection to data center and edge
connectivity methods.
The six (6) main modules in enterprise network design are:

 Enterprise Campus Network Design
 Enterprise Data Center Network Design
 Enterprise Edge Network Design
 Service Provider Network
 Enterprise Branch Network Design
 Enterprise Teleworker Network Design
The first two modules have been discussed in detail in the prior section of this
chapter. Later modules will thoroughly be investigated in the following section. The
most significant information is the knowledge of Wide Area Network (WAN) in this
section. Wide area network (WAN) composition is the most critical portion in
enterprise network design. WAN covers a significantly broad geographical area.
Fundamental Objectives of WAN Design

 Fulfil organization goals and policies
 Wise selection of technology for current and future requirements
 Cost effective
WAN Composition Basic Requirements

WAN is deployed to connect private (enterprise) network to the outside (internet)
world. Without WAN connectivity, it is not possible for today’s internet- dependent
environment to even run and progress businesses. WAN is the most essential element
of modern network design model.
The basic requirements for establishing WAN network include:

 ISP to Enterprise-edge module connection
 ISP and Public Switched Telephone Network (PSTN) carrier across Enterprise
Site connection
 ISP to Enterprise Site connection
WAN Technologies
To fulfil the requirements of customer or organizational demands and needs, multiple
transport technologies of WAN are available. It is essential to consider various
available WAN options while designing an enterprise network so that the most
suitable and efficient technology can be selected and deployed to satisfy customer
demands.
This is a brief overview of various WAN transport technology options:

CCDA Workbook
Time Division Multiplexing. Point-to-Point connection is supported with specific

bandwidth allocation for the transmission. This is kind of static allocation of resources
to the customer and charged according to the guaranteed resources whether uses or
not.
Time slot is allocated to each node over the connection in terms of channel runs on
shared bandwidth. TDM is an example of circuit switches network.
For example, in North America T1 connection is used in which 24 different time slots
are allocated to different user. These 24 channels collectively share bandwidth of 1.536
Mbps with individual bandwidth of 64kbps. Individual Bandwidth is calculated by:
Total bandwidth of T1 connection= 1.536 Mbps

Number of channels running over each T1= 24 channels
𝑇𝑜𝑡𝑎𝑙 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ
𝐴𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒𝑑 𝑡𝑜 𝑒𝑎𝑐ℎ 𝑢𝑠𝑒𝑟 = 𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑐ℎ𝑎𝑛𝑛𝑒𝑙𝑠
𝐴𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒𝑑 𝑡𝑜 𝑒𝑎𝑐ℎ 𝑢𝑠𝑒𝑟 = 1.53624𝑀𝑏𝑝𝑠
𝐴𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒𝑑 𝑡𝑜 𝑒𝑎𝑐ℎ 𝑢𝑠𝑒𝑟 = 64 𝐾𝑏𝑝𝑠
Similarly, T2 TDM circuit aggregated 4 T1 Connection and T3 TDM aggregates 28 T1

and allows (28*24= 672) 672 channels to run simultaneously over a link.
Corresponding European standard of T1 is E1 connection, which supports 32 64-Kbps
channels with a total bandwidth of 2.04 Mbps (32*64 000= 2.04 Mbps).
Integrated Services Digital Network (ISDN). End-End digital connectivity along

with simultaneous voice and data transmission is supported in ISDN technology. ISDN
connectivity increases bandwidth and reduces call setup time. Also, compared to
analog dialup, ISDN offers low latency, and lower signal to noise ratios.
Frame Relay. Frame relay is a type of Packet-switched network. In frame relay

transmission use these two type of connections for the transportation of traffic:
 Permanent Virtual Circuits (PVC):Permanent connections are used.
 Switches Virtual Circuits (SVC):Virtual connections are used for the
transmission of data.
Multi-Protocol Label Switching. MPLS is a type of destination- based routing. In

MPLS, a destination path is created based on labels, QoS, and other layer-1 attributes
associated with each frame. Each packet with the same end-pint and requirements are
simply forwarded to created path without routing strategies and decision
implementation at each packets. Efficient and intelligent switching in MPLS
minimized routing decision. MPLS also has a capability of carrying multiple different
type of traffic such as IP packets, ATM, SONET and Ethernet frames.

CCDA Workbook
Metro Ethernet. Ethernet technology is extended to metropolitan and wide area

network in Metro Ethernet transport technology.
Metro Ethernet offerings include:

 Faster data speed
 Flexible and scalable bandwidth assignments
 Simplified management
 Easily adaptable for customers (already using LANs)
Digital Subscriber Line (DSL) Technology. Transport mechanism is enabled over

traditional telephone line in DSL technology. The most popular variant of xDSL is
ADSL (Asymmetric DSL). ADSL can be used for short-range WAN connectivity (less
than 18000 ft). The distinguishing features of ADSL are:
 It uses frequencies higher than human range
 Uninterruptable telephone services even if ADSL fails
 Volume of data flow in one direction is greater than other direction
The implementation of ADSL is illustrated in the following figure:
Figure 45. Asynchronous DSL Connection
ADSL Modem along with Customer premises equipment (CPE) is a remote network
connected to service provider’s network through ADSL connection at each side. DSL
Access Multipliers (DSLAM) provides the point of termination to the customer’s ADSL
link.
Cable Technology. Cable distribution system is utilized for the transportation of

network traffic in this WAN technology. It is the best option where cable television is
widely deployed. Universal broadband Router (uBR) is commonly known as cable
modem termination system (CMTS) can connect with PSTN or internet by forwarding
data upstream.
The features of uBR are:

 Supports voice, modem ad fax over TCP/IP

CCDA Workbook
 Support small business, branch offices, or telecommuters

 Designed to installed at the distribution hub of cable operator/ customer premises
Wireless Technology. Wireless implementation of WAN technology includes the

following:
 Bridged Wireless. This transport technology is used to connect discrete
networks through wireless routers and switches over a single local area network
(LAN). Mostly used in hard-to-wire locations interconnection.
 Mobile Wireless. Mobile wireless is mostly employed in cellular
communication. The specific technology of mobile wireless includes:
Global System for Mobile Communication (GSM). GSM holds the following
features:
o Uses TDMA technology
o International Coverage
o 8 simultaneous channel
o RF bands: 900, 1800and 1900 MHz
o Data rate: 9.6 Kbs
 General Packet Radio Service (GPRS). GPRS is improved GSM with higher
data rates i.e. 64 to 128 kbps.
 Universal Mobile Telecommunication Service (UMTS). UMTS is 3rd

generation broadband technology with data rates up to 2 Mbps.
 Wireless Local Area Network (WLAN). WLAN is designed to access LAN

wirelessly. WLAN is often deployed in intra-building environment.
SONET and SDH Technology. SONET and Synchronous Digital Hierarchy utilize
circuit switches network. Optical fiber is employed for sonnet and SDH traffic
transportation.
DWDM Technology. Intelligent and efficient use of fiber optic cable is supported in
dense wavelength division multiplexing (DWDM) technology. Flexible and efficient
infrastructure utilization is implemented by using DWDM technology.
Dark Fiber. Leased fiber optic cables are referred to as “dark fiber”. Dark fiber
deployment improves performance and is able to accommodate various transport
features, which is essential for the network to maintain performance and reliability.

CCDA Workbook
Mind map of WAN Technologies
Figure 46. Comparison of WAN technologies
WAN Link categories

WAN links are divided into three categories:
 Private WAN. Privately- owned transmission mechanism is used to interconnect

distant LANs. Configuration, monitoring and maintenance of connection done by
owner.
Advantages: Secure, high transmission quality
Disadvantages: Maintenance, monitoring and reconfiguration are difficult
 Leased WAN. Purchase and pay for the dedicated bandwidth allocated by service
provider.
Advantages: Maintenance is performed by service provider
Disadvantages: Enterprise has to pay for the purchased bandwidth even if
certain portion is not in use
 Shared WAN. Transmission medium is shared by many users in shared WAN.

Advantages: Provider is responsible for maintenance
Disadvantages: Security and performance are low

CCDA Workbook
WAN Design Requirement

WAN should be designed to provide certain services at each level of communication
over network. WAN network should design according to the requirement of
organization and client. For this purpose, traditional methodology of design phases
such as Plan, Prepare, Design, Implement, Operate and Optimize phases (PPDIOO)
must follow. Network design should be investigated and analyzed so that it can
effectively provide the services and applications according to the organizational needs.
It should be able to adapt to transitions and future expansion such as future
technological advancement can be easily incorporated to the existing network while
remaining cost effective.
Response Time. This is the amount of time elapsed between client request and
response process. A certain response time at user side is acceptable after that the
customer satisfaction to a certain service is decline. Less response time is highly
appreciable. Response time is also a parameter use to measure “usability” of the
service.
Throughput. Successful movement of sender data to the recipients is measure in

terms of throughput.
Bit Error Rate. Bit error rate is the indication of loss of data/information packets. It is
represented in exponential to the negative power value.
Reliability. Reliability involves measure of downtime of a network. Highly redundant

and dedicated network is required to increase reliability.
This table displays the parameter and services, which should be made available to
each client of the network:
Requirements for Different Application Type
Services Data File Data-Interactive Real Time Voice Real Time

Transfer Application Video
Response time According to Within a second Round trip of Minimum

size f the file less than 250 delay and
seconds of jitter
delay with low
jitter
Throughput High Low Low High
Bit error rate Medium Low Low Medium
Reliability Reasonable Low Low Minimum

CCDA Workbook
Design consideration of Enterprise WAN

This section covers various design consideration of enterprise WAN deployment.
Layer 3 Protocols and Redistribution

Layer 3 Protocols are utilized to establish communication between network nodes.
The selection and choice of protocol depends upon various network features such as
overall network topology, size of the network, approach used in the composition of
network, IP addresses and etc.
These are the layer 3 routing protocols, which can be utilized to transmit and receive
information in the network:
 Static Routing
 Routing Information Protocol, RIP v1 and v2
 Open Shortest Path First, OSPF
 Intermediate System to Intermediate System, IS-IS
 Enhanced Interior Gateway Routing Protocol, EIGRP
 Border Gateway Protocol, BGP
Redistribution is the technique to translate a routing protocol into another routing

protocol. If one module in the network is using OSPF and another section is using
EIGRP, they cannot communicate to each other unless an advanced routing strategy of
“redistribution” is applied on each network sections.
WAN connectivity
Constructing a WAN network is dependent upon various parameters and applications.
A well thought and well suited composition and topology infrastructure is required to
build along with the choice of suitable connectivity methods for each individual device
of the enterprise network. To build flexible, efficient and effective enterprise network,
investigation of quality of service, redundancy, organization-specific, and client-
specific resources allocation, backup links and network resources, and etc. are needed.
WAN Topology
In a WAN network structure, nodes can be connected to follow these topological
compositions:
Hub and Spoke

In Hub and Spoke topology, multiple remote smokes are connected to a centralized
location called as Hub.

CCDA Workbook
Spoke to Spoke
Spoke-to-Spoke topology is extension of Hub and Spoke topology. Hub remains the
centralized location, means Spoke 1 communicate with Spoke 2 via central Hub. In
Hub and Spoke topology, each spoke can communicate to Hub only, but in this
extended version, spokes can communicate to each other’s as well.
Point to Point
Point to point topology is simple topology structure in which two nodes are directly
connected to each other over a cable.
Partial Mesh

CCDA Workbook
In partial mesh topology, remote location is prioritized. The remote location that has
high priority will connect to other location via WAN connection and the remote
locations that have low priority are connected via centralized location.
Full Mesh
In Full Mesh topology, each physical location is connected to each other using WAN
connection.
Connectivity Methods
A WAN connectivity method connects each node of the network in respect to their
geographical location to the enterprise central network. Connectivity methods can be
used by external users such as internet hotspots, public access, and etc. By enabling
connectivity methods, network internal resources can be accessed and utilized by
remote employees, teleworker, customers, and partners. The mobility in the network
is achieved by following approaches of connectivity:
DMVPN

CCDA Workbook
Dynamic Multipoint Virtual Private Network (DMVPN) is an approach used to build a

secure virtual private network (VPN). DMVPN is Cisco’s solution to allow remote
location to establish secure communication over public network.
GET VPN
Group Encrypted Transport Virtual Private Network (get VPN) is used to provide
simplified solution for integrated application such as voice, data and video with
improved security without the implementation of tunnels.
MPLS Layer 3 VPN

MPLS Layer 3 VPN is enabled at the edges of MPLS network based on peer model.
This model enables the ISP’s MPLS edge router (PE) and customer edge router (CE) to
exchange layer 3 protocols information with each other. Each device in the network
does not need to be updated in case of expansion. Only Service Provider’s Edge (PE)
needs to be updated.
Layer 2 VPN
Layer 2 protocols such as ATM, and Frame relay are supported in Layer 2 VPN to
establish communication. In layer 2 VPN service providers’ edge router (PE), exchange
information to customer edge router (CE) is in layer 2 format.
Static IPsec
Static IP security (IPsec) allows protected communication between nodes. Secure and
tunnelling services can be created in point to point or site-to-site environment with
IPsec.
GRE
Generic Routing Encapsulation (GRE) tunnels are used to establish point-to-point
tunnel between nodes. In this approach, data packets are encapsulated to make it
compatible with medium protocol so that packet can be exchanged. GRE tunnels
support multicast and IPv6 protocols.
VTI
Virtual Tunnel Interface (VTI) is a virtual interface of existing Virtual Private Network
(VPN). VTI is specialized version, which provides secure VPN tunnel, often called as
IPsec VTI.
Resiliency
Resiliency is the measure of how quickly a network adapts and converges after the
occurrence of unwanted events of network resources unavailability and failure.
Networks must be design to provide all- time resiliency for better experience of
organization and clients.
The parameters to which networks can improve resiliency are:
Service Level Agreements (SLAs). Internet Service Provider (ISP) provides WAN
facilities to each internal network. Service level agreement is a contract between

CCDA Workbook
Internet service provider and organization that pens down the level of service
expected from the service provider.
Backup Links. WAN links requires a redundant approach because of its relatively less
reliable and slow feature as compared to LAN links. Each enterprise edge module
requires a WAN backup link to provide connectivity in situations of link failure. These
backup connections can be made available to each WAN network by using either
dialup or permanent connections.
The primary options for WAN backup are described below:
Backup Options Utilization
Dialup services such as ISDN is used. When a primary

Dial Backup Routing circuit has failed, dial backup circuit takes its place until
complete restoration of primary circuit.
Permanent connection is provided to each remote location

to the centralized network. This type of deployment is
expensive but improves overall performance of the
Permanent Secondary network.
WAN Link  Static and permanent link backup is reliable.
 If load balancing is enabled on parallel equal cost link,
improved bandwidth is another advantage.
IPsec Virtual Private Network (VPN) can also be used to
IPsec provide backup link. In case of link failure, WAN traffic can
be redirected to the central location using Internet to
prevent information loss.
Internet as a backup connection is an alternate option in

link failure scenarios. Since bandwidth is not properly
Internet as a Backup guaranteed and considered, this alternative is the “best
effort”. Cooperation of Internet Service Provider and
Enterprise itself is necessary to utilize this option.
Quality of Service (QoS). Quality of service is the measure of performance of the

network. Ideally, each packet that is transmitted must reach its destination but in
large, complex and congested network, this is not possible all the time. The approach
of prioritizing traffic based on certain classification is widely used to transmit
important data packets.
The two commonly- used methods to classify traffic type are:

1. Network-Based Application Recognition (NBAR). NBAR enables intelligent
classification services on the network by which data packet are classified such that
available resources can be utilized efficiently.
2. Committed access rate (CAR). Flexible precedence of a particular type of packet
is selected using CAR.

CCDA Workbook
Management of congestion of traffic

Network packets are organized in queues for better management and classification.
Hardware or software queues can be used to arrange packets.
Hardware queue. Hardware queue is sometimes referred to as transmit queue (TX

Queue). It uses the first in, first out approach to transmit each packet one by one.
Software queue. Work on the approach of scheduling data packets into hardware
queue. This scheduling is done based on:
 Quality of service requirements
 Custom Queuing
 Priority Queuing
 Weighted Fair Queuing
Connections to the Data Center

Data center is a network location that houses the pool of resources for the enterprise.
It has computational, storage, and network resources that can be accessible to each
end-user in the organization. Connection between the data center and enterprise
network must be efficient, high-speed, and efficient to accommodate multiple users at
a time and to provide seamless resource allocation to each user.
Connectivity to Edge Module

Edge network module is the segment of the network that aggregates external
(internet) traffic and internal traffic. Appropriate measure should take to provide
effective connectivity across the enterprise and the internet.
The important parameters that must be taken into consideration to provide better
connectivity and security all the way through network transactions are:
 Internet connectivity
Internet connectivity throughout the entire network is crucial and most popular
service to the end-users.
 ACLs and firewall placements
Access control lists and firewalls are filtering tools of network. They are used to
prevent unwanted traffic to extend inside the internal network. Both tools are
placed on the internal network nodes to prevent the overflow of heavy traffic of
external network.
 NAT placement
Network address translation (NAT) is a network tool used to map internal private
address of the enterprise network to the external internet world route-able
address.
Design Enterprise Tele-worker

Seamless, accessible, and managed network is deployed between teleworker and a
central organizational network. The solution to fulfil the requirements is achieved by
“Cisco Virtual Office Solution”.

CCDA Workbook
Design a Basic Enterprise Branch Network

Multiple enterprise campus can be interconnected to form a enterprise branch
network along with the specific consideration is given to the WAN connectivity to
each location to one another.
Enterprise Branch Network Design Consideration

Enterprise branch network should be designed to provide effective connectivity to
each site to each other. This is achieved by building a thoughtful individual network of
each branch initially. The next level is provisioning of each branch to efficiently
interconnect to central branch office and to each other. WAN interconnection is
employed at this level. The most critical step in branch network is providing
redundant and efficient network resources so that each individual network of
enterprise branch can smoothly connect to each other all the time and can share
organizational information seamlessly.
The size of branch network greatly influences the choice of network resources. This
table demonstrates the resources requirement of network on the basis of their sizes.
Size of the Branch Specification

Office Size Devices and Interfaces Design
Required Requirement
Small Office Up to 50  Integrated Switching in the Single tier
user ISR or multiservice router design
 Trunked interface between
ISR to the access point or
switches
 Ether-channel between ISR
and access switches
Medium Office Between 50  High port density external Dual tier
and 100 access switch design
users  Layer 3 trunks
 ISR module
Large Office Between  Higher LAN switching Three tier
100 and capabilities design
200 users  Multiple distribution layers
 High port density switches
(stacked switch)
These requirements are achieved by enabling high redundancy in the network and
describing capacity of employed link.
Redundancy
Redundant connections as a hardware requirement of an enterprise branch network
are significantly important in designing an enterprise branch. Redundancy at each
level of network is required to connect network segments together.

CCDA Workbook
A brief description of portions and segments of branch network infrastructure where

redundancy is crucial is found below:
Connectivity
WAN should be managed according to the needs and demands of branch offices.
WAN connectivity for the branch office must not struck off at any point. Optimized
connectivity is important for secure, reliable, and efficient communication of multiple
branches of an organization.
Hardware
Redundant hardware deployments are also required to establish all- time availability
and connectivity.
The considerations while selecting network hardware are:

 Port densities
 Packet throughput
 Expansion capabilities
 Redundancy Capabilities
Cisco Integrated Services Router Generation 2 ISR G2s is a solution that provides
efficient network device for enterprise branch network such as the Cisco ISR (2600
Series) provides a borderless experience for the customer. It provides flexible LAN and
WAN configurations, multiple security options, voice and data integration, and a
range of high-performance processors.
Service provider
A service provider manages services for the branches. Internet Service Provider
resolves and manages branches issues by providing MPLS VPN connection to the
branch offices. Multilayer Protocol Label Switched Virtual Private network (MPLS
VPN) offers an innovative solution of interconnection.
Link capacity
Link should be designed to cater the requirements of branch-to-branch
communication. Bandwidth and delay are the most important constraints that need to
be addressed while selecting connectivity solution of enterprise branch network.
 Bandwidth
The exchange of packets between branch offices requires significant bandwidth
available all time basis. Bandwidth, being the most important resource of any
network, must be designed to allocate properly according to the requirements of
end-devices.
 Delay
Delay between the exchanges of information should be minimized for the
important exchange of corporate messages between branch offices. Link extended
to branches must be designed to accommodate different corporate requirements
and exchange of corporate important communication must not be delayed.

CCDA Workbook
Summary
Comprehensive design consideration and implementation of enterprise campus
network, enterprise network, and enterprise branch network is the key to build
absolute functional network architecture. Segment and module wise implementation
of complex network provide ease in manageability and maintenance of the network.
This also adds handle future expansion of both network components and application
requirements of organization. For any enterprise business involved in the design
and/or operation of a campus network, integrated approach—based on solid systems
design principles is recommended. The Cisco Enterprise Campus Design Guide, is
specifically intended to assist the engineering and operations teams develop a
systems-based campus design that will provide the balance of availability, security,
flexibility, and operability required to meet current and future business and
technological needs.

CCDA Workbook
Chapter 5: Consideration for Expanding an Existing

Network
Advancement of smart and innovative technologies improves user experience and
provides cost-effective and reliable communication solutions to business and
organizations. Wireless technology, security policies implementations, software
defined technologies, virtualization, and collaboration of voice and video over data
network has introduced upright solutions for user satisfaction, offer high availability,
increase organizational association, and enhance employee productivity.
Network upgrade is required to integrate newer technologies over an existing wired

network design. Requirements and deployment methodologies for the
implementation of wireless network design, security policies, and consideration,
Software and programmable network resources integration and collaboration of voice
and videos over existing network infrastructure to unify overall network design will
inspect in this chapter. The devices, modules, security, application services, and
technologies integration requirements to associate advanced network solution will be
examined as well.
Fundamentals of Wireless Network

Wireless communication has introduced a reliable communication solution for the
organization and enterprise. Mobility and efficiency is introduced by using wireless
technology. Additional network components are required to integrate wireless
network over existing functional network structure such as wireless access point (AP)
by which wireless client gain access to the network and WLAN controllers by which
control and management of wireless communication is performed.
The basic architecture of wireless local area network (Wireless LAN) over an active
enterprise network is illustrated in the following figure:
Figure 47. Illustration of Basic Wireless Network

CCDA Workbook
This section discusses the fundamental concept for development along with different
approaches to build a wireless network. Network switches utilize trunk (802.1q)
mechanism for the exchange of communication packets.
Basic Wireless Infrastructure

The main options for the deployment of wireless network are:
1. Autonomous Deployment
In Autonomous deployment architecture, independent Access Points (APs) are
responsible for the forwarding of RF client traffic to the appropriate VLANs over
wired network.
Figure 48. Autonomous Deployment Approach
2. Cisco Unified Wireless Network Deployment

In this architecture, WLAN controllers are responsible for the forwarding RF client
traffic to the appropriate VLANs over wired network.
Figure 49. Cisco Unified Wireless Network Deployment Approach
This table shows the difference between autonomous and unified deployment
architecture:
Parameters Autonomous Deployment Unified Deployment

Controller Not required Controller-based
architecture
Management Distributed Central
Access Point Configuration Exhaustive configuration of Not required
AP is required
Access Point (AP) Fat Access Point architecture Thin Access Point
Architecture architecture

CCDA Workbook
Wireless Authentication
The first step after the client access the APs in wireless network is authenticating the
integrity of end-devices. A client needs to authenticate itself by redirecting its traffic
to authenticating server. Only then it can get access wireless network after successful
authentication course. In the authentication environment, client is usually called as
“Supplicant”.
Figure 50. Authentication Process in Wireless Network
Authentication process is performed in order to securely get access to wireless

network. EAP (Extensible Authentication Protocol) with various variations is used to
authenticate the client and provide secure connection to end-nodes (clients).
The process of authenticating a client starts when an end-device wants to obtain

network resources by accessing internet. The first block, the authenticator block
(consist of WLAN controller with 802.1x and authenticator server with EAP/RADIUS
protocols), prevent client access until successful authentication is carried out. After
authentication secure and protected information flow between client and network is
established.
Access Points
Access point is a stationary transceiver connected to the wired LAN network of the
enterprise enables end-point devices to connect over a network wirelessly. The modes
of APs in LWAPP and CAPWAP environment are as follows:
 Local Mode
 Hybrid-REAP Mode
 Rogue Detector Mode
 Monitor Mode
 Sniffer Mode

CCDA Workbook
 Bridge Mode
WLAN Controllers
This table demonstrates the terminology used in WLAN controllers:
Terminology Description
Ports  Physical entity with various functionality
 Controllers have different approaches to manage ports. For
example: Some WLAN controllers support link aggregation
protocol (LAG). LAG allows aggregation of all physical port into
one logical interface (IEEE 802.3ad port aggregation standard is
followed)
 Connect WLC to LAN switch
 By default set to 802.1q VLAN trunk
Interfaces  Logical entity with various parameters associated such as IP
address, default gateway, and etc.
 Maps VLAN on wired network
 Multiple interfaces are mapped to a single WLAN controller port
 At least each interface is associated with one primary port and
optional secondary port (when LAG is not configured)
WLANS  Logical entity
 Associate SSID to WLAN controller interface
 Supports security, quality of service (QoS), radio policies, etc.
 Up to 16 WLAN APs can associate to a single WLAN controller
Management  Default interface, configure while setup are present in all WLC
Interfaces  Management interface and service port must be on different sub
network
 Management interface is used in discovery process between AP
and WLAN controller
 Consistently exchange information with AP
AP Manager  Configured at set-up, static and present in all except 5508 WLC
Interface  One or multiple AP interface can be present
 Used for layer 3 communication
 IP address of AP manager interface is used as a tunnel source
address for CAPWAP packets exchange
 Unique IP address
Dynamic  Designed by network administrator
Interface  Assigned unique IP address to each interface
 Up 512 instances of dynamic interfaces are supported by Cisco
WLC
Virtual  Supported layer 3 security services, mobility management,
Interface DHCP relay, etc.
 Configured with unusual IP address gateway, typically 1.1.1.1 is
used
 IP address is not associated in routing table and cannot pinged
 Seamless Roaming is introduced by configuring single IP address
on each WLAN controller virtual interface

CCDA Workbook
Service Port  Static mapping by the system to the physical service port
Interface  Must not overlap with sub network of management interface, AP
manager interface, and dynamic interface
 Static IP address or obtain IP address by DHCP dynamically
 Reserved for out-of-band management in scenarios of network
failure
 Only port which is alive in boot mode also
LWAPP and CAPWAP Fundamentals
Control and Provisioning of Wireless Access Point (CAPWAP) and Light-Weight

Access Pont Protocol (LWAPP) are the protocols used to access and control wireless
Access Points (APs) and WLAN controllers to establish wireless communication.
 LWAPP. LWAPP defines how communication has been established between

access point and controller. LWAPP can communication on both layer 2 and
layer 3. LWAPP communication can be classified into two main types:
LWAPP Control Channels: Control and management messages are exchanged
between access points and controller. UDP port number 12223 is utilized.
LWAPP Encapsulated Data: Encapsulated data messages from clients are
forwarded to clients by using UDP port 12222.
 CAPWAP. A collection of Wireless access point is accessed through CAPWAP.

CAPWAP only works on layer 3. CAPWAP traffic is encrypted with datagram
transport layer security (DTLS). DTLS is derived from Secure Socket Layer
(SSL) protocol, which ensures secure communication.
This table summarizes the comparison between LWAPP and CAPWAP protocols:
Characteristics LWAPP CAPWAP

RFC description RFC 5412 RFC 5415
Layer supported Layer 2 and Layer 3 Layer 3
Controller software Prior to 5.2 version of 5.2 and later versions of
controller software controller software
Encryption policy (control Advanced Encryption Datagram transport layer
traffic) Standard (AES) security (DTLS)
Encryption policy (data traffic) No Datagram transport layer
security (DTLS)
Port utilized UDP port 12222 and UDP 5246 and 5247
12223
Maximum Transmission Unit Supported
(MTU) Discovery process Not supported Can also MTU detect
changes

CCDA Workbook
Elements of Cisco Unified Wireless Network Architecture

In the traditional deployment approach, each access point (AP) in a Wireless LAN
(WLAN) is configured as single node having service set identifier (SSID), Radio-
Frequency channel, and RF power block. There were no functionality to detect
adjacent WLAN channel is part of same network or neighbour network.
The dire need of centralized learning has been resolved by “Cisco Unified Wireless
network” solution. This approach enables access point to intelligently detect
neighbour’s wireless network.
Cisco’s unified solution provides a centralized and organized management of wireless

network resources. The components of wireless network works in coordination to
provide unified and end-end services. Each element is connected such that a well-
supported, organized and comprehensive network design is evolved.
The five element of wireless network that enables efficient and intelligent utilization
of wireless resources are:
 Client Devices. Cisco’s software supported and compatible client devices serve
as a client node in Cisco’s unified wireless network.
 Access Points. Wireless network is accessed by Access Points (APs). Plug and
play access points introduces enhanced overall productivity by using dynamic
Light-weight access point protocol (LWAPP) and control and provisioning of
wireless access point protocol (CAPWAP).
 Network Unification Module. Network Unification Module provides wired
and wireless network integration service. All switching and routing platform
are integrated through this module for reliability, security and seam less
communication services.
 World-Class Network Management. Network management is the crucial part
of wireless network. Mobile-end user is supported with same level of security.
Reliability, ease of deployment and management as wired network.
 Mobility Services. Unified mobility services such as advanced security, threat
detection, guest access, context-aware mobility service and voce services are
provided in wireless network through this module.

CCDA Workbook
Mind Map of Cisco Unified Wireless Network Architecture
Figure 51. Cisco Unified Wireless Network Architecture Elements and Benefits
The three basic wireless elements are Client devices, Access Points, and Wireless
controller. Other elements such as Mobility services and World-class network
management module are integrated in complex wireless network to provide advance
services.
Design Considerations for Wireless Network Architecture

Wireless Local Area Network (WLAN) employs radio waves for the transportation of
information packets. Wireless access points integrate wired network and Wireless
stations such as wireless supported personal computer (PCs) and personal digital
assistant (PDAs) to set up communication over network.
The design consideration employed to build a consistent wireless network

infrastructure are:
Radio Frequency (RF) Site Survey

Design process of the wireless network starts with surveying the site. The data
collected from the site location is very important step in the development of designing
WLAN network infrastructure. Customer business requirements must be kept in mind
while performing site survey.
Site survey is performed to locate the following issues:

 RF Signal reach-ability
 Multipath distortion
 Hidden node problem
 Near and far issues
 Number of wireless infrastructure devices

CCDA Workbook
These are measures that must be taken based on site survey to reduce difficulties in
deployment of wireless network:
 Cisco wireless control system (WCS) are used for the detection and optimization of
interference locate and analyzed by the spectrum analysis tool such as “Cognio
Spectrum Expert”
 Discover region of multipath distortion help in elimination.
RF site survey is a comprehensive process. Systemic approach is used to perform site

survey and list down its finding in appropriate way significantly help in next level
design process.
This table demonstrates a step-wise site survey procedure:
Steps Address Benefit Offerings

1 Definition of customer Translation of  The number of devices with
requirement in design customer wireless support
language is performed. requirement into  Integration requirements of
Client requirement in network language existing WLAN and RF
terms of devices equipment
required, location of  Services desired by the
site where these devices customer such as data, voice,
need to deployed and video, etc.
service desired are  Identification of peak
described periods such as meeting
period in the conference
room, etc.
 Quality of roaming is
identified
 Number of rooms, floors,
and geographical area is
identified
 Level of support and level of
required redundancy is
identified
2 Obtain a facility Areas are
diagram to locate RF identified where
obstacle points. preventive
Coverage area on the measures need to
basis of customer be performed
requirement is also
predicted in this step
3 Visual inspection is Areas are
performed to identify identified where
RF barriers such as preventive
metal racks, etc. measures
according to the
condition is

CCDA Workbook
performed
4 Areas which are heavily Helps in APs Marked on the basis of facility
and infrequently used deployment point diagram such as:
are identified identification  Coverage area: Areas which
process need wireless network
support
 Marking area: According to
customer non-coverage
areas.
The expected density of wireless
devices is identified. Generally
single AP can support seven to
eight wireless phones or about
20 data only devices.
5 Preliminary locations Ease in Numbers of access points are
for access point identification of visualized with Cisco smart
installation are access point Wireless Control System (WCS).
identified deployment in It can import real floor plans
actual site and can analyze the required
number of access devices in a
given floor or area. It considers
the following characteristics in
access point estimate
calculation:
 IEEE 802.11 b/g/a/n protocol
 Coverage or capacity
 Throughput
 Square feet
Cisco WCS also provides an
integrated tool for the
estimation of comprehensive
WLAN structure such as Light-
weight APs placement,
configuration and performance
etc. It represents WLAN design
in a graphical view, which is
known as “Heat Map”.
6 Access point Re-surveyed and
installation points are Re-tested
located on real site location of best
possible point for
the deployment
of access points
(APs) are
identified
7 Documentation of the Complete map of  Complete list of customer
finding such as data network topology requirement
rate at inner and outer is generated  Coverage area

CCDA Workbook
boundaries, log signal  Interference sources

reading and location  Equipment placement
data.  Power consideration
 Wiring requirements
 Total number of access point
deployed
 Recommendation for spare
devices in situations of
emergency
 Total number of antenna
and mounting devices
 Propose network
components
 Diagram representing the
overall network map with
each facility
This site survey is considered as manual site survey. These are parameters that need to
be addressed after the survey:
 Relate and measure the coverage area for the desired data rate
 Move client across the area to calculate the data rate inside and at boundaries
 Determine the coverage range on marked areas
 Build coverage area on the basis of access points availability
 Reduce contentions by setting up non-overlapping channels
Cisco Efficient Tools for Survey Purposes

The Cisco’s tools that provide competent measures of required parameters are:
 AirMagnet Survey Pro. Manual site survey is performed based on access
point. This smart survey tool can achieve the design and deployment of
effective wireless network.
 Cisco Aironet Site Survey Utility. This is another free and efficient tool to
conduct site survey for wireless network deployment.
Design Considerations for Campus Wireless Networks

These are the considerations that must be taken into account to develop a campus
wireless network:
Number of Access points. Number and feature offered by an access point must be
properly investigated before installation and that it should follow the demands and
requirements of customer. Over-deployment of access point is the most suggested
practice for uninterruptable connectivity and seamless coverage.
Location of Access Points. The location of access point must be deployed centrally
and in proximity with WLAN client devices.
Power consideration for the Access Points. Power over Ethernet (PoE) is used to
reduce cabling infrastructure. Traditional cabling method can also be used.

CCDA Workbook
Number of Wireless Controllers. Controllers’ requirement must fulfil access point

connection. The number of controller must be provision to accommodate APs in the
network along with redundancy requirement satisfied.
Location of Wireless Controllers. Wireless controller should be placed in a

controlled and secure environment. Wireless Local Area Network (WLAN) controllers
are the integral part of wireless communication network. WLAN Controllers can be
integrated in enterprise distribution layer or core layer. WLAN controller deployment
must be redundant to provide uninterruptable communication and prevent inter-
controller roaming.
On the basic of functionality, controllers can be broadly characterised into two

domains:
 Physical and Virtual Controller
 Centralized and De-Centralized Controller
Physical and Virtual Controllers

Controller can be a hardware device physically placed in the network or virtualized in
the network environment.
The characteristics of both categories are described below:

 Physical Controllers. Physical controller devices are used to control and
communicate with access points. The controller devices are placed in
enterprise core layer and connect to multiple access point at the same time.
 Virtual Controller. Later versions of Cisco 8.2 software support virtualized
controller services. Virtual Wireless LAN Controllers (vWLC) is a software
application running on the industry standard virtualized infrastructure
supported hardware. It is the best choice for small and medium sized network
deployments.
This table summarizes the difference between physical and Virtual Controllers:
Characteristics Physical Controller Virtual Controllers

Physical devices connected Software running on
Placement in the network at core layer wireless supported client
devices
Control Provides high level control Provides management to
to data as well as control control plane data only
traffic
Scalability Hardware integration is Scalable without addition
require to expand of dedicated hardware APs
Cost-Effective No Yes
Suitable for Network Large and complex Small and medium sized
network network

CCDA Workbook
Centralized and Decentralized Designs

On the basis of structure of deployment, controllers can be placed in two general
formats:
Centralized Controller Design

Centralized controller deployment introduces flexibility and effective maintenance in
WLAN network. One or more centrally- deployed controller is connected with WLAN
access points (APs) in this architecture. All traffic must be processed and must pass
through a central controller device. Automatic and easy expansion of network can be
achieved by deploying centralized controller model. Central controller is placed in
network core layer.
The overview of centralized controller design is illustrated in the following figure:
Figure 52. Overview of Centralized WLAN Controller Deployment Model
De-Centralized Controller Design

Decentralized or distributed controller architecture introduces efficiency in isolated
coverage area and complex management and expansion of WLAN network. In
distributed architecture, multiple controllers are placed in distribution layer of WLAN
network.

CCDA Workbook
The overview of de-centralized controller deployment approach is illustrated in the

following figure:
Figure 53. Overview of De-Centralized WLAN Controller deployment model
Mind Map of Centralized and Decentralized Design
Figure54. Centralized and Decentralized deployment designs of WLAN Controllers

CCDA Workbook
Cisco unified network solution offers follows additional controller deployment

architecture:
Split Media Access and Local Media Access Designs

Split media access and local media access is another method for employing controller
services to WLAN network.
Split Media Access. Media Access Control deployment solution provides a
centralized and controlled solution. In this model, access point cannot
independently establish communication and rely on controller, known as
“light-weight”.
These are the steps for the establish of communication across network:
1. Between Wireless and Wireless
 WLAN client sends information in the form of encrypted packets to access
point
 Access point decrypts packets and encapsulates it in CAPWAP header and
forward to WLAN controller
 WLAN controller detach CAPWAP header ad forwarded to the appropriate
VLAN node
2. Between Wired and Wireless
 Wired network packets are received at WLAN controller
 CAPWAP header is encapsulated and WLAN controller forward this
encapsulated data to appropriate access point
 Access point detach the CAPWAP header, encrypt data packet and forward
to WLAN client through RF channel
This figure illustrates the communication process in centralized controller

environment:
Figure 55. Illustration of Split Media Access controller setup
Split Media Access split the functions of Access points and WLAN controller. The
demonstration of individual functions is represented in the following table:
Wireless Access Point Wireless Controller

802.11 Beacons, probe response 802.11 MAC management Association
requests and action

CCDA Workbook
802.11 control Packet acknowledgment 802.11e resource reservation

and transmission
802.11e Frame queuing and packet 802.11i authentication and key
prioritization management
802.11i MAC layer data encryption and
decryption
Local Media Access. Complete functionality is supported at the access point.

A decentralized design best fits for small and medium sized organizations. In
this architecture, control and data traffic is separated by terminating all traffic
of client at the wired port of access point. This methodology allows direct
connection to the network while connection between AP and controller is
down. This strategy is also called “local Media Access Control”.
This illustrates Local Media Access Control (decentralized) architecture:
Figure 56. Illustration of local media access control environment
In Local Media Access, the functions of AP and controller are:
Wireless Access Point Wireless Controller

802.11 Beacons, probe response 802.11 proxy association requests and
actions
802.11 control Packet acknowledgment 802.11e resource reservation
and transmission
802.11e Frame queuing and packet 802.11i authentication and key
prioritization management
802.11i MAC layer data encryption and
decryption
802.11 MAC management: Association
requests and actions

CCDA Workbook
Design Considerations for Branch Wireless Networks

Branch networks require more efficient networks as compare to a campus network.
This is because corporate messages need to be more bandwidth- efficient and reliable
to establish secure and seamless exchange of communication.
The number of access points, ports availability to integrate wireless and wired
network, power requirements of access points, number of controllers required and the
location of controller should be properly investigated in order to deploy an efficient
branch network.
Centralized location of deployment of controller is not reliable in branch network, as

the latency of traffic must not exceed 300msec round trip time (RTT). If centralized
controller is used, Hybrid-REAP mode must be enabled in access point is best choice.
Hybrid REAP
Hybrid Remote Edge Access Point (H-REAP) is an access point mode configuration
option for branch and remote location connectivity. Few access point configuration
with H-REAP mode and WAN connection can support multiple branch offices
connectivity without deployment f controller at each location.
Two modes are available in H-REAP:

 Standalone Mode. When controller is not reachable to access points, the
device goes into standalone mode. In standalone mode, device performs
authentication service by itself. Standalone mode H-REAP supports for
authentication:
 WPA-PSK
 WPA2-PSK
 Connected Mode. Controller is reachable to access points in “connected
mode”. The controller performs authentication services. Connected mode H-
REAP supports for authentication:
 WiFi Protected Access Pre Shared Key (WPA-PSK)
 WiFi Protected Access 2 Pre Shared Key (WPA2-PSK)
 Virtual Private Network (VPN)
 Layer 2 Tunnelling Protocol (L2TP)
 Extensible Authentication Protocol (EAP)
 Web Authentication

CCDA Workbook
Mind Map of Supported Features of H-REAP
Figure 57. Hybrid-REAP supported Feature
The model of branch WLAN deployment is demonstrated in the following figure:
Figure 58. Branch Network deployment using H-REAP
Design Considerations for Guest Services in Wireless Networks

Providing guest services over a wireless network is a significantly challenging task.
Integrity of internal network must remain intact while providing network resources to
the guest device. This is accomplished by restricting guest traffic to a specific sub-
network and VLAN.
Providing network resources to guest must be achieved with separation of internal

traffic from guest traffic along with providing access to the all location wherever guest
network wants to access. This requirement requires daunting exercise of selection and
segregation of sub networks and VLANS across entire WLAN network.

CCDA Workbook
Cisco provides straightforward and simplified solution for this overwhelmed network
reconfiguration and segregation task. Lightweight access points along with additional
security policies are introduced for the effective and efficient deployment and
integration of guest network.
This is Cisco Guest network is implemented in WLAN network:

 Only access layer switches reconfiguration for integration of guest network is
required to segregate subnets and VLANs
 Certain number of access attempts is defined to introduce high security
 Path isolation is achieved using layer 2 tunnel mechanisms.
 Guest traffic is directed or tunnelled to demilitarized zone (DMZ), a zone which
splits private and public networks, by which guest users gain access to the network
using guest WLAN controller
 Secure connection of guest network over network infrastructure is established
Design Considerations for Outdoor Wireless Networks

The traditional approaches for outdoor wireless network design are:
 Point to point
 Point to multipoint
A newer approach is called “Mesh connection”. This is the smart application of wireless
connectivity among outdoor networks. Cisco offers smart tools to configure effective
mesh. These tools include:
Cisco Wireless Control System (WCS). WCS is smart software for mesh
network management. Complete view of mesh network is analyzed with WCS.
Cisco Wireless LAN Controllers (WLC). Controllers provide service like
mobility, security and management of APs.
Root Access Point (RAP). This AP is connected to the wired network and
connected wirelessly to MAPs. RAP act a root to the wired network.
Mesh Access Point (MAP). These are remote access point provide network
access to wireless clients through RAP access points.

CCDA Workbook
The various design architecture of WLAN outdoor network is demonstrated in the

following figure:
Figure 59. Point to Point Deployment Model

CCDA Workbook
Point to multi-point deployment model is shown in the following figure:
Figure 60. Point to multi-point architecture
Mesh architecture is employed in which each AP to communicate with all other access
point ensures better performance and reliability especially in case of client’s close
access point failure scenarios. The deployment of mesh AP in a network is illustrated
in the following figure:
Figure 61. Demonstration of Mesh architecture

CCDA Workbook
Integration Considerations and Requirements for Controller-Based

Wireless Networks
Integration of wireless network component over enterprise existing wired network is
the essential requirement of network expansion. The requirements and consideration
for the integration development will be discussed in this section.
Access points and Wireless controllers are the two wireless strategic components that
have to be deployed and configured properly to enable wireless services in a network.
These are the parameters that must be considered for an integrated and incorporated
wireless network setup.
Traffic flows
Mobility is one the most significant benefit introduced by the wireless network. If a
client in wireless network move association with one access point to another access
point, the client is said to be in roaming condition. Mobility services allow association
with AP, new IP address and security credentials. High quality roaming involves
seamless connectivity, but as the process can take notable time client can lose network
connectivity for some time.
Bandwidth Consumption
Bandwidth is supposed to be a very important and expensive resource of the network.
Bandwidth control mechanism must be incorporated in the network otherwise
performance and user experience is affected.
Real World Scenario

In a wireless network, multiple client devices are using the network and one user start
downloading a very large file. In this situation other users (end points) start facing network
unavailability or very slow network. This implies that one end point, which is downloading
large files, consumes high bandwidth of the network and eventually other clients get very slow
speed or no network resources at all.
You can resolve the issue by setting the bandwidth contract per user in the WLC.
Bandwidth allocation mechanism to each point is utilized by configuring access point

with specific amount of network bandwidth distributed to each client node. This will
enhance the performance of WLAN network by sharing network resources and
capacity to each client.
Lightweight Access Point (AP) and Controller Connectivity

Lightweight access point does not configure directly. After installation and connection
of access point (AP) to the existing network, it has been gone through a controller
discovery process with the help of CAPWAP message exchange by following these
steps:
 CAPWAP supported AP scan wireless controller using CAPWAP
 After 60 seconds of unavailability of controller, the access point re-scan
controller using LWAPP.
 After 60 second, in situation of unavailability of Wireless controller, restart the
process with CAPWAP.

CCDA Workbook
 Continue the process until wireless controller is discovered.
Wireless Controller Selection

The selection process is accomplished after wireless controller discovery mechanism.
After the discovery and selection process, it is determined that which access point is
connected to which Wireless Controller (WLC). WLC responds with the following
embedded messages:
 Controller sysName
 Controller type
 Controller access point capacity and its current access point load
 Master controller status
 AP manager IP addresses
Quality of Service (QoS)

Quality of Service (QoS) is the ability of a network to prioritize network resources
allocation. QoS priority is based on the basis of application and services. By enabling
this feature, network administrator can manage and control network bandwidth,
improve performance, reduce packet drops, and prioritize traffic.
Quality of service has critical importance in a medium that is wireless and mobile at
the same time. Additional QoS techniques must be implemented to satisfy great
challenges of wireless communication. Wireless communication is more susceptible to
loss and delay effect in during communication because in wireless medium signal can
caught by many non-predictable effects unlike wired medium in which signal
corruption and loss due to medium is relatively small.
Security Controls Integration Considerations

Identification of potential security threats and implementation of security policies in
the enterprise network is the most critical and challenging yet most significant step.
Integration of security control policies is essential in enterprise network to ultimately
attain following goals:
 Only authorize use of network is allowed
 Prevent externals to get access to internal network
 Prevent internally generated deliberate attack or unintentional breach
 Attach layers of security to provide different type of access to different users
 Protection of data from being stolen, misuse and corruption
The network must bind and incorporate standard security policies in network design
in order to build a protected, connected and available network.
Identification of Potential Risks

Identification is the first step in elimination of threat in the network design. The type
of risk should be classified so that proper implementation of security policies can be
achieved.

CCDA Workbook
Threat Identification
There are three broad classification of threat:
1. Reconnaissance. It is the first step in which targeted network data is collected.

2. Gaining System Access. Gaining access to the targeted system resource is
accomplished in this step.
Getting access to the system can utilize these two ways:

Exploitation of the System.
Knowledge of system vulnerable points, services or software is used.
Social Engineering.
Confidential information or device credentials are accessed by manipulating
legitimate users.
Social engineering can be done by following:

 Physical access to information
 Psychological approach
3. Denial of Service (DoS). This is an indirect way of attacking system. In DoS,
system is attacked in such a way that it becomes inoperative by overloading its
bandwidth or CPU resources.
Scanning Tools
These are the common scanning tools:
 Network Mapper (Nmap)
 Vistumbler and inSSIDer
 SuperScan
 Kismet
Vulnerability Tools
The tools used for vulnerability assessment are:
 Nessus
 Microsoft Baseline Security Analyzer (MBSA)
 Security Administrator’s Integrated Network Tool (SAINT)
Security design integration while designing network is the recommended practice for
secure and protected exchange of communication. Cisco introduces an efficient mean
of security integration on network infrastructure.
Cisco SAFE Architecture

Cisco provides network designers a tool for proper analysis and assessment of network
security according to the business requirement from internal and external threats in
this approach. SAFE can help you simplify your security strategy and deployment. This
Cisco security reference architecture features easy-to-use visual icons that help you
design a secure infrastructure for the edge, branch, data center, campus, cloud, and
WAN. The framework encompasses operational domains such as management,
security intelligence, compliance, segmentation, threat defense, and secure services.

CCDA Workbook
Figure 6210. SAFE key
Modular security layer is incorporated to the network so that breach at one segment
does not affect other segments of the network.
The SAFE Key organizes security by using two core concepts: Places in the Network
(PINs) and Secure Domains.
PINs reference examples of locations that are found in networks and the infrastructure
needed to create them:
 Data center
 Branch
 Campus
 WAN
 Internet edge
 Cloud
Secure Domains are operational areas used to protect these locations. They are
security concepts that traverse an entire network:
 Management
 Security intelligence
 Compliance
 Segmentation
 Threat defense
 Secure services

CCDA Workbook
Figure 6311. Secure Domains
Secure Branch
Key Security Challenge

Branches are typically less secure than their campus and data center counterparts.
Economics often dictate that it is cost prohibitive to duplicate all the security controls
typically found at larger locations when scaling to hundreds of branches. However,
this makes them prime targets and more susceptible to a breach. In response, it is
important to include vital security capabilities while ensuring cost e ective designs in
the branch.
Top Threats Mitigated

 Endpoint malware (e.g., POS malware)
 Unauthorized/malicious client activity
 Wireless infrastructure exploits (e.g., rogue AP, MitM)
 Exploitation of trust
Figure 6412. Secure branch - technologies used

CCDA Workbook
Secure Campus

Campuses contain large user populations with a variety of device types and
traditionally little internal security controls. Due to the large number of security zones
(subnets and VLANs), secure segmentation is di cult. Because of the lack of security
control, visibility, and guest/ partner access, campuses are prime targets for attack.

 Phishing
 Web-based exploits
 Unauthorized network access • BYOD — Larger attack surface/increased risk of
data loss
 Malware propogation
 Botnet infestation
Figure 6513. Secure campus - technologies used
Secure Data Center

Data centers contain the majority of information assets and intellectual property.
These are the primary goal of all targeted attacks, and thus require the highest level of
e ort to secure. Data centers contain hundreds to thousands of both physical and
virtual servers, segmented by application type, data classi cation zone, and other
methods. Creating and managing proper security rules to control access to
(north/south) and between (east/west) resources can be exceptionally difficult.

 Data ex ltration (data loss)
 Unauthorized network access (e.g., application compromise,
 Botnet infestation (e.g., scrumping)
 Malware propagation
 Data loss, privilege escalation, reconnaissance)

CCDA Workbook
Figure 66. Secure data center - technologies used
Secure Edge

The Internet Edge is the highest risk PIN because it is the primary ingress point for
public tra c and the primary egress point to the Internet. Simultaneously, it is the
critical resource that businesses need in today’s Internet-based economy.

 Webserver vulnerabilities
 Data loss
 DDoS
 Man-in-the-Middle
Figure 67. Secure edge - technologies used
Secure Cloud

The majority of cloud security risk stems from loss of control, lack of trust, shared
access, and shadow IT. Service Level Agreements (SLAs) are the primary tool for
businesses to dictate control of security capabilities selected in cloud-o ered services.
Independent certi cation and risk assessment audits should be used to improve trust.

CCDA Workbook

 Webserver vulnerabilities
 Virus and malware
 Loss of access
Figure 68. Secure cloud - technologies used
External Zones
Customers
Securing connections to service o erings is the primary goal when establishing
communications with customers outside of the corporate enterprise. A breach or loss
of data creates an immediate and heightened lack of trust resulting in loss of
commerce.
Remote Workers
Securing remote access for employees connecting to the corporate enterprise from
untrusted sites (such as co ee shops and hotels) is critical for maintaining data
security. Identity-aware access controls, posture assessments, and encryption enforce
a consistent set of policies before allowing access.
Third-Party Vendors and Partners

Insecure access by partners and vendors can quickly compromise business operations.
Implement granular access controls, anomaly detection, and SLAs to block
unauthorized access and exploitation of trust.

 Endpoint malware
 Unauthorized/malicious client activity
 Exploitation of trust
Figure 69. External zones - technologies used

CCDA Workbook
Please refer to following URL for detailed explanation about SAFE,
http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-
security/landing_safe.html#~overview
High-Level Considerations for Collaboration Applications

Voice and video collaboration over an existing data network unifies the entire network
architecture. The building block of unified architecture is packet- based exchange of
communication. Collaboration of voice and video traffic over data network requires
special devices and protocols at each level for the transformation into data network.
Voice, streaming, and interactive video are popular techniques of communication

among organization and corporate partners, which must be incorporated and
integrated in the data network. Organizations are employing the collective approach
for better and reliable communication exchange
Integration of Voice and Video Architecture

Collective architecture approach is essential to construct a reliable and committed
network. Each technology introduces certain measurements for the integration to
build compatible network architecture. F
The following section considers various parameters for the designing and building of
unified voice-video-data network architecture.
Analog and Digital Signalling

Voice communication is based on sound waves, which is in turn is converted into
analog signals in telephone communication. Analog signals are greatly affected by line
noise and get corrupted especially in long distance communication.
In digital transmission, voice signals are converted into digital streams and received
with great quality because noise effects can effectively compensate in digital
environment.
Public Switched Telephone Network

Voice communication is transported over public switched telephone network (PSTN).
PSTN is a collection of voice-oriented devices and networks that support voice
exchange between telephones. Entire PSTN networks are evolved as digital network
structure except link between central (local) offices to end-user. Conversion of analog
to digital is performed by PSTN network for the communication of voice over
network.
Several steps are performed with dedicated devices to convert an analog signal into
digital one. This table shows the steps that are performed in the conversion of analog
signal into digital:

CCDA Workbook
Step Equipment Process

Filtering Coder and Identify voice signal based on the frequency of sound
Decoder waves (300 Hz – 3400 Hz) and filter out the signals that
(Codec) does not fall on sound frequency range.
Sampling Sampler/ Pulse Sampling is the process of digitizing continuous signal
Amplitude by introducing multiplication of constant amplitude
modulator pulse train signal with analog signal. The process is
(PAM) called pulse amplitude modulation (PAM).
Pulse train should be adjusted to satisfy standard

sampling theorem:
𝑆𝑎𝑚𝑝𝑙𝑖𝑛𝑔 𝑓𝑟𝑒𝑞𝑢𝑒𝑛𝑐𝑦 ≥ 2 ∗ 𝐹𝑟𝑒𝑞𝑢𝑒𝑛𝑐𝑦 𝑜𝑓 𝑎𝑛𝑎𝑙𝑜𝑔 𝑠𝑖𝑔𝑛𝑎𝑙
Digitizing Pulse Code Signal is made compatible to transport over PSTN is

Modulator perform in this step. Binary code ward is assigned to
(PCM) each sample at this step. Two steps are executed in this
step:
(1) Quantization and Coding: Each sample is assigned

a unique binary code word and distributed over specific
quantization levels.
Example: standard word size is 8-bit. Which means an 8

bit code word is assigned to each sample. This 8 bit
8
ulilizes 256 (2 = 256) possible quantization levels.
This 8 bit code word allows bit rate of 64 kbps. Bit rate
can be calculated by:
𝐵𝑖𝑡 𝑟𝑎𝑡𝑒 = 𝑆𝑎𝑚𝑝𝑙𝑖𝑛𝑔 𝐹𝑟𝑒𝑞𝑢𝑒𝑛𝑐𝑦 ∗ 𝑆𝑖𝑧𝑒 𝑜𝑓 𝐶𝑜𝑑𝑒𝑤𝑜𝑟𝑑
(2) Companding: Companding is the process of

compressing and expanding of signal at input and
output side respectively using logarithmic scale. This
process is performed to smooth out the signal to
quantization ratio and utilization of small amplitude
values of voice signal.
Two types of algorithm can be used in companding:

A-Law (used in Europe)
μ-Law (used in North America and Japan)
Voice and Video over IP

Voice transportation over PSTN network works well but it is not feasible to use one
network infrastructure for voice and other for data communication. The growth of
communication technologies especially video communication (both streaming and
interactive) is not efficiently transmitted over PSTN network. PSTN network inflexible

CCDA Workbook
infrastructure is not suitable for an integrated network over which each type of data
can transported.
These are the parameters that drives the requirement of evolved network structure
that support communication irrespective of type of data:
 Integrated network support to reduce WAN cost
 Preference of data communication over other types
 PSTN inflexible infrastructure
 Inflexible Bandwidth allocation in PSTN network
Unified communication solutions provide flexible voice integration over IP network,

rich media, virtualized servers, and network devices with security policies and other
features.
The aspects and parameters of unified network that ensures unified and integrated
deployment model that are essential to consider and enforce to build a collaborated
and associated network design are:
 Network Infrastructure
 Voice Security
 Unified Communication Deployment Model
 VoIP Migration Option
 Services support
 Deployment of networking devices, etc.
Voice and Video Standard

Voice and video communication are running by different standards as data
communication. These are the voice and video standard, which are used in voice, and
video enabled architecture:
H.323. H.323 is standard by International Telecommunications Union (ITU), which

supports multimedia transport mechanism over packet-switched network. H.323
standard is a broad standard, which supports standalone devices (IP telephony,
voice gateways, etc.), embedded personal computer technology, and point-point
and pit-multipoint conferences.
H.323 reference following ITU standards as well:

 H.225 (used for H.323 session establishment and packetization)
 H.245 (control functionalities and provision is provided)
The components of H.323 protocol are:

Terminal. Terminal provide the function of end-points that offer real time,
two-way communication establishment with other end-points (H.323 terminal,
MCU and gateways)

CCDA Workbook
Gateway. This component is optional in H.323 protocol. Various translation

services are provided by this component such as translation between H.323 and
non-H.323 end-points so that they can communicate to each other.
 Terminal to terminal communication (no gateway and additional protocol

is required)
 Terminal to H.323 Gateways (H.245 or Q.931 protocol is required)
Gatekeeper
Gatekeeper provides call control and other services to H.323 end-points. H.323
gatekeeper is also an optional component and a specific “zone” is assigned to
gatekeeper within which it is allowed to exercise its authority.
These are the various functions and services performed by H.323 gatekeeper:
 Address translation
 Admission control
 Bandwidth control
 Zone management
 Call control signalling
 Call authorization
 Call management
 Gateway balancing
The illustration of gatekeeper services under specific conditions is:

CCDA Workbook
Figure 70. H.323 gateways and Gatekeepers illustration
The maximum number of logical connection in the voice network is given by the
formula:
𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑙𝑜𝑔𝑖𝑐𝑎𝑙 𝑐𝑜𝑛𝑛𝑒𝑐𝑡𝑖𝑜𝑛𝑠 = [𝑁 ∗ (𝑁

‒ 1)]
2
*where N is the number of gateways in the voice network
Adding a gateway or removing gateways from the network needs reconfiguration of

each gateway in the network. The resolve this, Cisco has provided gatekeeper solution.
Only the gatekeeper needs to reconfigure and adjust for addition and removal of
gateways.
Multipoint Control Units (MCU). MCU incorporates two functional components

in H.323.
Multipoint Controller. It is not a standalone device. It resides on MCU, terminal
or gateways. It supports conference of multiple end points.
Multipoint Processor. Process and mix multiple streams of multimedia and
retransmit to the intended endpoints
Gateway at both sides of the network is required in data network to support

compatibility of voice and data traffic across the network. Dedicated hardware
such as digital signal processor (DSP) is used as a voice-IP and IP-voice converter.

CCDA Workbook
H.264
Video encoding standard protocol defines the most effective algorithm for video
compression. Identical approach as ISO/IEC MPEG4 part 10 and Advanced Video
Coding (AVC) is used in this approach for better efficiency and quality.
Video resolution quality is improved by encoding and transmitting 2 interlaced 30

frames per second and 60 fields per seconds, for each frame. This improved video
quality and enhances user experience.
Voice over IP (VoIP)

Voice over IP refers to the exchange of voice packets over Internet Protocol (IP)
enabled network. VoIP integration requires additional component for the
compatibility and association.
These are the main consideration and components of VoIP based networks:
Infrastructure. VoIP infrastructure is based on data link layer and network

layer switches and voice enabled router for the interconnection of IP and PSTN
networks.
Call Processing. Call processing component must be included in the network

infrastructure to support voice calls control and management. Cisco Unified
Communication Manager (CUCM) is flexible software based solution for the
call-processing component.
Applications. VoIP network support various application services such as

unified messaging, voice mail, interactive voice response etc.
Client Devices. IP based clients such as IP phones and software application

that support IP network.
The overview of VoIP enable network is illustrated in the following figure:

CCDA Workbook
Figure 71. Basic Components of VoIP Network
Design Models
VoIP can be deployed in various ways according to the size and other requirements of
specific organization.

CCDA Workbook
The deployment methods of VoIP network are:
 Single Site
Figure 72. Single-Site VoIP Deployment Model
Single-site deployment model works well for small organizations. Centralized

multisite and distributed multisite model, on the other hand, are deployed for large
and remote enterprises.
Video Considerations
High definition video transfer is a challenging and tricky job in network designing.
Certain parameters need to be addressed while considering video integration over
network.
Some of the common considerations in locating video collaboration network are:

 Streaming or interactive (real-time) video
 Media sources and viewers
 Bandwidth consideration
 Service level tolerance
 Usage patterns
 Future requirements
Call Control and Transport Protocol
For the controlled transportation of voice communication, various protocols are
employed, which are illustrated in the following figure:

CCDA Workbook
Figure 73. Various Multimedia Control and Transport Protocol
This table holds the brief description of each control and transport protocol:
Protocol Reference Call Control Mechanism

Protocol
H.323 H.225 H.255 Call Signalling Channel: Uses Q.931 to
H.245 establish connection between two end-points.
RAS Signalling H.245 Control Channel: A reliable control
RTCP channel is provided by this protocol that supports
opening and closing of logical channels,
preference request, capabilities exchange, etc. are
provided.
Registration Admission and Status (RAS): RAS
signalling method is used only whenH.323
protocol is enabled. RAS performs registration,
admission, bandwidth changes, status and
disengagement procedures between end points
and gatekeeper.
Real Time Transport and Control Protocol:
Provides control and management mechanism of
communication packets using RTP.
Real Time Real Time  RTP uses UDP/IP protocol for the
Transport Transport and transportation of data that enable fast
Protocol Control Protocol transmission of voice packets.
(RTP) (RTCP)  RTP introduces bandwidth and voice traffic
overhead because constant header is added on
each voice packet.
Skinny Client The control protocol used for the communication
Control between IP phones and Cisco Unified
Protocol Communication Manager (CUCM). SSCP uses
(SCCP) TCP/IP for efficient communication.
Session SIP is ASCII-based application layer protocol used
Initiation to establish, maintain and terminate calls between
Protocol (SIP) two or more end-points.
Media MGCP is a client-Server protocol used by the call
Gateway agents such as CUCM to centrally control media

CCDA Workbook
Control gateways.
Protocol
(MGCP)
Components and Control of Session Initiation Protocol (SIP):

The components of SIP are:
 User Agent (UA). User agents (UA) are an entity that initiates and terminates a
session.
 SIP Proxy Server. An intermediate device that receives SIP request from clients
and forward this to later devices on behalf of client.
 Redirect Server. The redirect server provides client with information about the
next hop or hops.
 Registrar Server. The registrar server process request of user agent clients (UAC)
for registration of their current location.
Components and Control of Skinny Client Control Protocol (SCCP):
Figure 74. Illustration of SCCP control mechanism
Components and Control of Media Gateway Control Protocol (MGCP):

The components of MGCP are:
 End-Points: The voice ports on gateways are end points in MGCP architecture.
 Call Agents: The devices that administer the gateways are call agents.

CCDA Workbook
 Gateway: The device that manages translation between audio signals and
packets network.
MGCP utilizes Real time transport protocol over IP to establish audio connections.
MGCP control mechanism is implemented by series of plain text command sent over
UDP port 2427 between the CUCM and MGCP gateway.
Figure 75. MGCP Control Function
Identification of the Requirements of Voice and Video Technologies

Voice and video integration requires many parameters to consider while designing
and employing network resources. The delivery of voice and video packets are
challenging over data network infrastructure.
These are the following essential parameters to address for the efficient integration:
Quality of Service (QoS)

Quality of service has strategic importance in network implementation. It must be
incorporated in the network to effectively utilize network resources on the basis of
defined priorities to support business requirements. QoS techniques are implemented
over a network to reduce channel or medium congestion and alleviate packet losses.
In a collective network of integrated technologies, additional importance is given to

enhance quality of services because each technique introduces specific QoS measure
on the network. WAN requirement of QoS is different as Voice and Video QoS
requirement. Specific policies for each technology are implemented to fabricate well-
designed network architecture.
These are the different policies that can be implemented with QoS:
CCDA Workbook
Traffic Shaping
Traffic shaping is used in WAN to ensure reliable exchange of packets over
channel. Traffic must be pre shaped or defined before pass from the channel
according to the capacity of the channel. Traffic shaping implementation must
consider the capacity and allow traffic on the basis of calculated capacity to
reduce packet loss.
Traffic Policing
Traffic policing is used to control the maximum rate of traffic sent or received
over an interface. It is configured on the interfaces at the edge of the network
to limit the arte of traffic entering or leaving the network.
Trust Boundaries
Identification of trust boundaries is one of the basic design questions upon
which network lie. Trust boundary defines the perimeter of the network. Trust
boundary is a logical feature of the network. It describes the logical boundary
over which an enterprise can move to utilize the resource.
Delay
Voice quality is directly affected by this mechanism especially in wireless
environment. Each delay mechanism must be calculated and accounted.
There are two general types of delay:

 Fixed delay
 Variable delay
Fixed delay
Fixed network delay has three components:
 Propagation Delay. Propagation delay is the negligible delay especially in data
networks. It is the delay of signals between sending and receiving end-points. This
delay has notable value only in satellite communication.
 Serialization Delay. The delay introduced by the placing of bits on the circuit is
called serialization delay and it effected by the speed of circuit.
Serialization delay can be calculated by the following formula:
𝑆𝑒𝑟𝑖𝑎𝑙𝑖𝑧𝑎𝑡𝑖𝑜𝑛 𝐷𝑒𝑙𝑎𝑦 = 𝑃𝑎𝑐𝑘𝑒𝑡

𝐿𝑒𝑛𝑔𝑡ℎ
𝐵𝑖𝑡 𝑅𝑎𝑡𝑒
 Processing Delay. Processing of the traffic also introduced certain effects of delay.
Processing delay includes the following:
Coding, Compression, Decoding and Decompression Delays. This type of delay is

reduced by introducing hardware or software solutions such as DSP.
Packetization Delay. This delay is introduced in the process of collection of enough

samples to fill payload. Partial packets are forwarded to reduce this type of delay.

CCDA Workbook
Variable Delay
Variable network delays are difficult to predict and calculate. It has three components:
 Queuing Delay. Queuing delay is introduced in the network when delay-
sensitive voice packet has to wait for the entire prior packet service. Size of the
current packet which is being serviced and the arrival of traffic greatly impact
queuing delay.
Real World Scenario

1500 byte data packet is being serviced on 64 kbps links when a voice packet arrived.
The voice packet must wait until the entire data packet is transmitted. This will
produce a delay greater than 200 msec in the transmission of voice packet which is
unbearable for delay-sensitive voice packets
Recommendation: Link Fragmentation and Interleaving (LFI) is employed to prevent this
situation of voice packet delay. LFI fragments large packets into smaller and interleaves
them with smaller voice packets. This mechanism ensures that voice packets will not
experience long delays in queue.
 Jitter and Dejitter Buffers. Jitter is introduced in the network by improper

queuing, network congestion or improper configuration. Jitter is the reception
of packets with uneven spacing between them. When unevenly spaced packets
are collected at the receiver node, organization and management of those
packets become very challenging and difficult.
Dejitter buffers are used to rectify the situation introduced by jitter. These
buffers are employed at receiving node to smooth delay variability. Dejitter
buffers always add delay based on the size. It is highly recommended to use
small dejitter buffers.
Loss
The data get corrupted while travelling through medium is implied by Loss. In
wireless transmission, there is a high risk of loss. Voice and video clipping and skips
are introduced due to loss. Interference of other communication channels working on
same frequency, effect of noise, fading effects and Doppler’s effects are causes of loss
in wireless transmission.
Loss can be incorporated sue to following in unified network:

 Interference of same frequency RF channels
 Noise
 Fading
 Congested links
 Improper network Qos Configuration
 Poor packet buffer management
 Routing problems
Voice and video get different effects in packets loss condition:

Loss in Voice. Standard codec algorithms improves voice packet loss scenario. Cisco
DSP algorithm enabled codec correct up to 30 msec of loss packet information.

CCDA Workbook
Loss in Video. A small amount of packet loss in video results in high degradation of
video quality. These are the factors upon which the quality of video collectively
depends:
 Video resolution
 Frame rate
 Configured data rate
 Codec implementation
 Specific PC upon which video is running
Capacity
Capacity and bandwidth availability is challenging task in voice and video
enabled network. Bandwidth is the primary issue in network design.
Convergence Time
Convergence time is the time required for network nodes to completely
establish stability in unwanted networking scenarios such as link or device
failure, unavailability of nodes etc. Network design must accommodate
changes and transitions by using redundant and backup devices and links.
Service Placement
Services are delivered and placed according to the needs of enterprise. A
systematic architecture needs to be followed to utilize efficient delivery of
services on demand along with each intermediate device along the way must be
enabled to keep them compatible with these services.
Medianet framework is utilized to support proper delivery of various

multimedia services. It includes the following:
Access Service. Access service allows mobility services, control and identity of
video clients and location services.
Transport Service. Transport service allows transport facilities such as
optimized packet delivery etc.
Bridging Service. Transcoding, recording and conferencing services are
provision and delivered.
Storage Service. Storage service provides allocation and retrieval, distribution
and management services.
Session Control Service. To control the initiation and termination of the
session is provided by this service.
Concepts of Virtualization within a Network Design

Virtualization is an innovative strategy to multiply network resources cost- effectively.
In virtualization, multiple copies of network expensive resources is generated and
distributed across each end-node whenever required. Reliable, efficient, and cost-
effective utilization of resources are achieved by enabling this facility in the network.
The set of drivers which supports the idea of virtualization are:

CCDA Workbook
Cost. Cost factor is the most challenging factor in today’s widely used data
infrastructure. Data center modules such as cooling, cabling, housing, powering, etc.
puts additional cost over addition of data center components.
Flexibility. There is an advantage in utilizing functional network infrastructure to

accommodate dense users so that full utilization of resources can achieve.
Isolation. Virtualization has enabled complete isolation of user traffic from each
other result in great flexibility.
Number of Devices. Virtualization enriches physical component with more network

resources. Especially when physical component is only handling single task,
management turns into very inefficient. Virtualization enables less number of physical
resources with high amount of networking job.
Design Considerations of Virtual Network

These are the parameters that must be considered while building virtualized network:
Access Control. Controlled access of the network must be ensured for the proper
utilization of virtualized resources. Security and authentication policies should be
incorporated at access layer to prevent network from internal attacks and external
threats.
Path Isolation. Paths should be isolated from each other’s traffic to ensure proper
exchange of communication. Proper mapping is considered and addressed properly in
the virtualized environment.
Service Edge. Proper mapping of services with centralized policy enforcement must
be addressed, i.e. services are delivered to the legitimate user or device in the network.
Types of virtualization
Network resources and services can be virtualized in two ways:
 Network Virtualization. Multiple virtual portion of network over single
network infrastructure is created in network virtualization. Each portion is
logically isolated, dedicated, and secure with independent policies and routing
decisions.
These are the types of network virtualization technologies:
o Virtual Local Area Network (VLAN)
o Virtual Storage Area Network (VSAN)
o Virtual Private Network (VPN)
o Virtual Routing and Forwarding (VRF)
 Device Virtualization: In device virtualization, multiple logical copies of a
single physical device or single logical device by combining multiple physical
devices are created.
Examples of device virtualization are:
o Server Virtualization
o Cisco ASA Firewall Context

CCDA Workbook
o Cisco ACE Context

o Virtual Switching System
Identification of Network Elements that can be virtualized

Virtualization is the advance technique by which improved utilization of network
resources can be achieved. Better performance, high availability, ease in management
and control are some of the advantages of virtualization of network resources.
Network physical components as well as logical resources can be virtualized in
modern network deployments.
Virtual Switching System (VSS)

Collection of multiple physical switches into one virtual switch is known as the virtual
switching system (VSS). This strategy greatly helps from a management perspective.
Example: Multiple Cisco catalyst 6500 series switches are collected into one virtual
switch that will boost communication mechanism by allowing system capacity of
about 1.4Tbps.
The overview of virtual switching system (VSS) is illustrated in the next page.

CCDA Workbook
Figure 76. Virtual Switching System (VSS) illustration
Chassis
Virtual Switching system (VSS) has multiple logical switches, each switch called
chassis. Communication between chassis is established through control information
that is enabled by introducing Virtual Switch Link (VSL) between chassis.
Virtual Device Context (VDC)

Virtual device context technique divides single physical switch into multiple logical
switch devices. Cisco Nexus 7000 – Virtual Device Context (VDC) are the switches that
support virtualization facility.
Contexts
Context enables the ability to partition single appliance into multiple virtual appliance
with specific policies within its own control and management. Features that are
supported on physical appliance are also supported of virtual context. Following are
the common Cisco devices, which support context features are:
 Cisco Adaptive Security Appliance (ASA)
 Cisco Intrusion Prevention System (IPS)

CCDA Workbook
 Cisco (ACE)
 Cisco Nexus 7000 – Virtual Device Context (VDC)
Routing elements
Various layer 3 routing elements are virtualized to follow the advanced
infrastructure of network deployment.
Tunnelling
Tunnel is itself a logical approach to allow secure connectivity for the network
and devices. Tunnelling mechanism can also be virtualized for efficiently utilized
complex tunnel resource up to maximum.
Virtual Routing and Forwarding (VRFs)

Virtual Routing and Forwarding technique enable multiple instances of routing
and forwarding on a single router. VRF is layer 3 features. One physical Router
will act as multiple virtual routers by enabling VRF. IP addresses utilization is
maximized using VRFs because IP address is only visible with each instance.
Virtual Local Area Network (VLANs)

Virtual Local area networks (VLANs) are commonly used virtualized resources in
switches. In VLAN, one physical Layer 2 switch (LAN) is split into multiple logical
layer 2 switches (VLAN). Each logical VLAN has separate MAC table entries, separate
spanning tree protocols and separate broadcast domains. For the communication of
multiple VLANs, trunk mechanism is required to enable between switches.
Virtual Local Area Network (VLAN) communication is illustrated in the following

figure:
Figure 77. Virtual LANS Exchange of Communication
Concepts of Network Programmability with in a Network Design

Network programmability is evolutionary concept in the world of network. It opens
doors for easy and cost-effective management and expansion of network components.
The basic idea of network programmability has continuously evolved from much

CCDA Workbook
earlier until it was developed to a strategic and innovative concept of “Software

Defined Network (SDN)”.
In software defined network approach, tightly connected data plane and control plane
are divided with the introduction of flexible software program called “controllers”. The
decoupling of data and control plane introduce flexible and controlled flow of traffic.
The separation of data and control plane simplified network reconfiguration and
management. It allows flexible addition of network infrastructure and protocols over
the existing network with the help of software. SDN works on the basis of defining
interfaces of different functionality between centralized controller and network
devices.
Application Program Interfaces (APIs)

Application program Interfaces (APIs) are interfaces defined for various
interactions in programmable environment. The communication between
centralize controller and other layers is realized through southbound API while
communication between controller and different applications is achieved through
northbound API.
Southbound API
The program interface required to communicate SDN controller with the network
devices or low-level devices is southbound interface. The network manipulation and
control is achieved by thick interface. The popular standard of southbound API is
“OpenFlow”.
OpenFlow is an open standard solution of southbound API. The decoupled data and
control plane in SDN establish communication through OpenFlow protocol.
OpenFlow enabled network devices or switches contain two logical entities. First
entity contains one or multiple flow tables and is responsible for managing the flow of
traffic. Second component is called OpenFlow client, which is responsible for the
connectivity of the network device and SDN controller.
Northbound API
The interface between controller and higher-level component of network such as
application is Northbound API. Infrastructure of the network can be controlled by this
interface according to the needs and requirements of the application.
The realization of both Southbound and Northbound APIs is demonstrated on the

next page.

CCDA Workbook
Figure 78. Southbound and Northbound Application Program Interfaces
Controllers
Centralized SDN controller manages intelligent and innovative networking. Control
mechanism of network is stretched to the SDN controller from devices interconnected
planes. This strategy has enabled centralization and easy management and
enforcement of policies of network through software programs.
Application Centric Infrastructure (ACI)

Application Centric Infrastructure (ACI) is the layer where network devices such as
routers, switches, and APs reside. In software-defined network, network devices
remained intact at their position only their control and management portion is
decoupled and centralized in the SDN controller. The SDN controller manages the
logic of the network devices through an abstract interface.
Control plane has torn from data layer and placed centrally with role of central
management such as routing decision, mobility and how traffic is forwarded across
node.

CCDA Workbook
This is an illustration of the overall demonstration of SDN network:
Figure 79. Overview of Software Defined Networks
Data Center Components

Data center houses expensive network resources with the requirement of high
availability and bandwidth resource for server-server communication.
The basic architecture of data center is illustrated on the next page.

CCDA Workbook
Figure 80. Data Center Architecture Overview
Data center and campus core are connected by layer 3 service. The infrastructure of
data centre is design to support various security as well as layer 2 and layer 3 services
at access layer. Core layer of the data centre ensure high availability and high-speed
data transportation along with a highly reliable and resilient layer 3 infrastructures to
prevent network failure situations. Core layer aggregates multiple distribution layer
of data center, over which multiple functionalities are managed such as Layer 2
domains definition, security policies, STP processing, service module integration and
gate way redundancy. Access layer is the layer over which servers are placed. This
layer incorporate layer 2 and layer 3 abilities to support various server management
and administrative requirements.
Redundant and highly- available data center requires the following strategic and
intelligent techniques for the efficient utilization of data center expensive resources:
 Sever Load Balancing Technique
 Blocking vs Non-Blocking Layer2
 Layer2 Extension
Server Load Balancing Basics

Today’s data centers incorporate hundreds of thousands of servers. Efficient
utilization of data of the server is overwhelming task along with the preservation of
high availability of server and prevention of traffic congestion for smooth
communication establishment.

CCDA Workbook
Server load balancing is the method of providing improved availability and

performance of software application running on servers. In server load balancing
traffic is prevented to route from congested connection along with the enabling the
mechanism in which traffic is distributed over redundant network connection to
prevent overcrowding of traffic and reduced individual server functionality.
Server load balancing can be accomplished by employing redundant server inside the
data center network. This redundancy of data center components also supports in
situations of server or link failure or unwanted network scenarios. High availability of
network, high performance, redundancy and reliability are some of the benefits of
load balancing in data center network.
Load balancing can be implemented in following ways:

 Hardware Load Balancer
 Software Load Balancer
 Virtual Load Balancer
 Elastic or Cloud-based Load Balancer
Popular server load balancing mechanisms are “Equal Cost Multi Path Forwarding
(ECMP)”, “Congestion-Aware Load Balancing (CONGA)” and “Presto” etc.
Blocking vs. Non-Blocking Layer 2

The switches used in data center network are designed smartly to provide specialized
and improved services. Switch design must provide the exceptional requirements for
data center availability, reliability and redundancy.
Generally switches are used in “non-blocking” mode for internal packet switching. This
design methodology is cost-effective and utilizes bandwidth efficiently because it is
nearly impossible that all ports are simultaneously using maximum allocated
bandwidth.
Blocking is introduced in the switches by using advanced STP protocols in data center
to prevent looping.
Complex spanning tree protocols free or non-blocking mechanism is achieved by

using advance Cisco technology, Virtual Port Channel (vPC) enabled switches.
Layer 2 Extension
Layer 2 technologies can be implemented in data center network segment to support
virtualization techniques, interconnecting multiple data centers together and geo-
clustering.
Virtualization introduces a method in which resources can be treated as global pool

irrespective of their physical geographical location in data centers for efficient and
reliable utilization of costly resources. Virtual machines are moved between data
center to allocate desired resources. These techniques enable fast movement and
access to data center resources.

CCDA Workbook
Layer 2 switching is implemented over layer 3 as a extended layer 2 to support efficient

and compatible communication.
Summary
Comprehensive expansion of network is required to meet the ever grown needs and
demands of business and corporate world. Integration of innovative technologies
enhances user experience and satisfaction. Building a unified, engaged, reliable and
flexible network design requires holistic approach to satisfy future expansion along
with collaborative exchange of communication, innovative technologies integration
and security policies enforcement. Each layer and level of network is complete
network itself. Implementing policies and rules over each level is essential to construct
a unified and incorporated network structure.

CCDA Workbook
References
Al-shawi, M. (n.d.). CDE Study Guide. Retrieved from Cisco Press:
http://www.ciscopress.com/articles/article.asp?p=2448489&seqNum=6
Balchunas, A. (n.d.). Static vs Dynamic Routing. Retrieved from Router Alley:
http://www.routeralley.com/guides/static_dynamic_routing.pdf
Barker, K., & Valentine, M. (n.d.). Cisco CCENT ICND1 100-101 Exam Cram: Concepts in IP
Addressing. Retrieved from Pearson IT Certification:
http://www.pearsonitcertification.com/articles/article.aspx?p=2168927&seqNum=7
Bigelow, S. (n.d.). Virtualization Networking Services. Retrieved from Tech Target:
http://searchitchannel.techtarget.com/feature/Network-virtualization-explained
Campus and Data Network Design. (n.d.). Retrieved from
http://cdn.ttgtmedia.com/searchNetworkingChannel/downloads/campus_and_data
_center_network_design.pdf
Cisco. (2009, March 15). WAPP Traffic Study. Retrieved from Cisco:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-
wlan/99947-lwapp-traffic-study.html
Cisco. (n.d.). Internet Connectivity Options. Retrieved from Cisco:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_white_paper09186a0
0801281f1.shtml#wp39700
Cisco Networking Academy. (n.d.). Introduction to Routing Dynamically. Retrieved from
Cisco Press: http://www.ciscopress.com/articles/article.asp?p=2180210&seqNum=5
Cisco. (n.d.). Smart Solutions. Retrieved from Cisco:
http://www.cisco.com/web/services/downloads/smart-solutions-maximize-federal-
capabilities-for-mission-success.pdf
Cisco Systems, Inc. (n.d.). Benefits of Centralization in Wireless LANs. Retrieved from Cisco:
https://www.cisco.com/web/AP/wireless/pdf/Benefits_of_centralizedWLan.pdf
Cisco Systems, Inc. (n.d.). Data Center Design Guide. Retrieved from Cisco:
http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2014/CVD-
DataCenterDesignGuide-AUG14.pdf
Cisco Systems, Inc. (n.d.). Enterprise Mobility 7.3 Design Guide. Retrieved from Cisco:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/e
mob73/ch2_Arch.html#RTF5f5265663134313135393138
Cisco Systems, Inc. (n.d.). Introduction to Cisco Network Design. Retrieved from Cisco Press:
http://www.ciscopress.com/articles/article.asp?p=25259
Cisco Systems, Inc. (n.d.). Net Implementation. Retrieved from Cisco:
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-
networks/network-fabric/net_implementation_white_paper0900aecd80707cb6.pdf
Cisco Systems, Inc. (n.d.). Network Virtualization. Retrieved from Cisco:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualizatio
n/PathIsol.html
Cisco Systems, Inc. (n.d.). Virtual Switching System. Retrieved from Cisco:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-
switching-system-1440/prod_qas0900aecd806ed74b.html
Cisco. (n.d.). The Enterprise Campus. Retrieved from Cisco:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/campover.ht
ml#wp737141

CCDA Workbook
Computer network. (n.d.). Retrieved from Wikipedia:

https://en.wikipedia.org/wiki/Computer_network
Data Encapsulation in the OSI Model. (n.d.). Retrieved from Utilize Windows:
http://www.utilizewindows.com/data-encapsulation-in-the-osi-model/
Doyle, L. (n.d.). Managing the Branch Network. Retrieved from Network Computing:
http://www.networkcomputing.com/networking/managing-branch-
network/2072085960
Dynamic Routing. (n.d.). Retrieved from Comptechdoc:
http://www.comptechdoc.org/independent/networking/guide/netdynamicroute.ht
ml
Foukas, X. M., & Kontovasilis, K. (n.d.). Software Defined Networking Concepts. Retrieved
from http://homepages.inf.ed.ac.uk/mmarina/papers/sdn-chapter.pdf
IP Design Guide. (n.d.). Retrieved from http://www.wi.fh-
flensburg.de/fileadmin/dozenten/Riggert/IP-Design-Guide.pdf
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&u
act=8&ved=0ahUKEwihpKO8lozQAhVDkRQKHeAzA_IQFggnMAA&url=https%3A%2F
%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fsolutions%2FCVD%
2FOct2016%2FCVD-Campus-LAN-WLAN-Design-
2016OCT.pdf&usg=AFQjCNHwUZXUr3QCKIzXFtBEfV-
HJ7OiVw&sig2=lSO526GEgDoomeEfiSFolA&bvm=bv.137132246,d.d24
Mahapatra, S. (n.d.). Load Balancing Mechanics in Data Center Networks.
Martinussen, B. (n.d.). Cisco Connect. Retrieved from Cisco:
http://www.cisco.com/web/europe/ciscoconnect2013/pdf/DC_3_SDN.pdf
Network Management System. (n.d.). Retrieved from Cisco:
http://www.cisco.com/c/en/us/support/docs/availability/high-availability/15114-
NMS-bestpractice.html
Networking the Web. (n.d.). Retrieved from Computer History:
http://www.computerhistory.org/timeline/networking-the-web/
Open Networking Foundation. (n.d.). Software- Defined Networking. Retrieved from Open
Networking Foundation:
https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-
papers/wp-sdn-newnorm.pdf
TCP vs UDP. (n.d.). Retrieved from Diffen: http://www.diffen.com/difference/TCP_vs_UDP
Teare, D. (n.d.). Structuring and Modularizing the Network with Cisco Enterprise
Architecture. Retrieved from Cisco Press:
Types of Networks & OSI layers, Reference table. (n.d.). Retrieved from The Technical Stuff:
http://www.thetechnicalstuff.com/types-of-networks-osi-layersrefernce-table/
Wilkins, S. (n.d.). CCDA DESGN 640-864. Retrieved from Cisco Press:
Cisco Systems, Inc. (n.d). Design Zone for Security.From Cisco:

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-
security/safe-poster-components.pdf
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-
security/safe-architecture-guide-secure-campus.pdf

CCDA Workbook

CCDA Workbook
About this Workbook

This workbook covers all the information you need to pass the Cisco
CCDA 200-310 Exam. Everything you need to prepare and quickly
pass the tough certification exams the first time.

Ccda Cisco Certified Design Associate Technology Workbook Exam 200-310

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Ccda Cisco Certified Design Associate Technology Workbook Exam 200-310

Caricato da

Copyright:

Formati disponibili

Cisco Certified Design Associate(CCDA)

Proposal Name : CCDA Workbook

IPSpecialist.net 2 1 August 2017

About this Workbook ...........................................................................................................7

IPSpecialist.net 3 1 August 2017

IPSpecialist.net 4 1 August 2017

Important Layer 2 Design Considerations.................................................................97

IPSpecialist.net 5 1 August 2017

Centralized and Decentralized Designs ...................................................................128

IPSpecialist.net 6 1 August 2017

About this Workbook

 Covers complete CCDA blueprint

Cisco also offers one of the most comprehensive vendor-specific certification

IPSpecialist.net 7 1 August 2017

How does Cisco certifications help?

As for companies, Cisco certifications is a way to:

1. Screen job applicants

Cisco Certification Tracks

Figure 2. Cisco Certifications Track

IPSpecialist.net 8 1 August 2017

About the CCDA Exam

 Design Methodologies 15%

How to become CCDA?

Step 2: Prepare for the CCDA Exam

 Understanding the technologies as per exam blueprint

IPSpecialist.net 9 1 August 2017

Step 3: Register for the exam

Other important details to note are the following:

1. Your personal information prior to exam registration

How much does an exam cost?

Step 4: Getting the Results

Congratulations! You are now CCDA Certified.

IPSpecialist.net 10 1 August 2017

Chapter 1: Network Design Methodologies

Business Driven Design

Business-driven network design is the method of developing solutions in order to

Imagine a building designed by an architect for a hospital, which is completely

Real Life Scenario

IPSpecialist.net 11 1 August 2017

Adaptability to New Technologies and Trends. A number of new technological

Real Life Scenario

Brief History of Computer Networks

Below is a timeline of the history of computer networks:

George Stibitz, internationally- recognized as one of the fathers of the first

American Airlines partners with IBM to implement the SABRE reservation

IPSpecialist.net 12 1 August 2017

The Advanced Research Projects Agency Network (ARPANET), an early packet

Low-level links between computers and peripherals was established such as

But in the 1990s, Internet protocols will replace them all.

1990 World Wide Web was born

IPSpecialist.net 13 1 August 2017

OSI Reference Model

Type No. Layer Function Unit Example Memorizin

IPSpecialist.net 14 1 August 2017

which controls how

Figure 3. OSI Model

Flow of data from one machine to another machine

2. The message was supposed to be encrypted which happens at the

IPSpecialist.net 15 1 August 2017

IPSpecialist.net 16 1 August 2017

Figure 4. OSI Data Flow

IPSpecialist.net 17 1 August 2017

Figure 5. OSI Mind map

***Typical Proposal Format*